)]}' { "log": [ { "commit": "bb7db92ee6e788b576e22ece70914e0321a785f7", "tree": "1f4fee21a390625bd9766d0394e3076cf7e34d48", "parents": [ "547b33f2b38dba41f2c171f8730ff5093b267eaf" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Thu Apr 30 12:43:10 2020 +0200" }, "message": "Add all dependencies for Kubernetes worker\n\nAdds Kubelet, CNI plugins, containerd, runc and gVisor using a\npre-baked list of dependencies generated using scripts/gazelle-deps/sh.\n\nThis moves all dependencies of gVisor, Kubernetes, runc, etc into the\nsame \u0027namespace\u0027 of Bazel external repositories, giving us ease of\naccessing code as libraries, and benefits when it comes to version\nauditing.\n\nThe gazelle-deps.sh script is a temporary solution that will be replaced\nASAP, see T725.\n\nThis unblocks T486.\n\nThis is an alternative to D389.\n\nTest Plan: `bazel build //core:image` runs and picks up the new binaries\n\nX-Origin-Diff: phab/D487\nGitOrigin-RevId: a28a25071fa2ae76b272d237ce9af777485065ff\n" }, { "commit": "9374393a16b9400866003cd972f9c4711c94869c", "tree": "d201cb040a78e99baac99e6473c249d790be6b24", "parents": [ "8c8e677b05f92d948f3c864451751b7ca45a8462" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Mar 13 14:20:29 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Mar 13 14:20:29 2020 +0100" }, "message": "test_boot is now a medium-sized test\n\nWe upped the timeout to 120, but Bazel had a lower timeout.\n\nGitOrigin-RevId: 8e9581b20760746e75edc990229be78ddf7992bb\n" }, { "commit": "8fba0f84d52095ff933b442f2acaec315e2eb1da", "tree": "f8b168b9f2395ada0ea11980800836daee009dd5", "parents": [ "8efe51e0fd63e9df72cd61ab610ffe0a6dd27834" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jan 22 18:46:25 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Jan 22 18:46:25 2020 +0100" }, "message": "Review comments for TPM attestation\n\nLots of comments and an updated boot test. Generously increase the timeout to eliminate random CI failures.\n\nTest Plan: Boot test works\n\nBug: T499\n\nX-Origin-Diff: phab/D319\nGitOrigin-RevId: cf17fe7c599f670ff8b6f0ac60486f2a04f13a5a\n" }, { "commit": "1a5a667667849db21b533405245239445947b7fb", "tree": "fe1574ae959b3dcbd462af740f0f384ae8346479", "parents": [ "cdb8c78eb7d29e6595053c455141007cb1c13a83" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 18 10:09:43 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 18 10:09:43 2020 +0100" }, "message": "core/internal/network: use DHCP router/gateway\n\nThis makes us actually set up a default route now. We also stop using github.com/insomniacslk/dhcp types, and instead use our type for the DHCP status. Finally, we also comment the DHCP client a bit better.\n\nThis fixes T651.\n\nTest Plan: lacking a regression test, working on one now.\n\nBug: T651\n\nX-Origin-Diff: phab/D403\nGitOrigin-RevId: caead83016cfe2f1783fad33e8d71723a3a32057\n" }, { "commit": "cdb8c78eb7d29e6595053c455141007cb1c13a83", "tree": "db17ef01058c8185887e26e31131d62c168a23c7", "parents": [ "6c8d5f9319706be576563b990c875afc0d60d02d" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 17 12:34:02 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 17 12:34:02 2020 +0100" }, "message": "Revamp DHCP, add basic context management\n\nThis started off as a small change to make the network service DHCP client a bit nicer, and ended up basically me half-assedly starting to add context within Smalltown.\n\nIn my opionion a simple OnStart/OnStop lifecycle management for services will stop working once we have to start handling failing services. I think taking inspiration from Erlang\u0027s OTP and implementing some sort of supervision tree is the way to go. I think this also ties nicely together with Go\u0027s context system, at least partially. Implementing the full supervision tree system is out of scope for this change, but at least this introduces .Context() on the base service struct that service implementations can use. Currently each service has its own background context, but again, this should tie into some sort of supervision tree in the future. There will be a design document for this.\n\nI also rejigger the init code to have a context available immediately, and use that to acquire (with timeout) information about DHCP addresses from the network service.\n\nI also fix a bug where the network service is started twice (once by init, once by the smalltown node code; now the smalltown node code takes in a dependency injected network service instead).\n\nI also fix a bug where OnStop would call OnStart. Whoops.\n\nTest Plan: no new functionality, covered by current tests\n\nBug: T561\n\nX-Origin-Diff: phab/D396\nGitOrigin-RevId: adddf3dd2f140b6ea64eb034ff19533d32c4ef23\n" }, { "commit": "2fb13a89a00a1d0bf2e87f10516dcb5d7c0691dc", "tree": "4a5c4b3b14afdd6d10192d2e6144d62051c92d9d", "parents": [ "aa6b7346a87a5512fbdd5b39db766000c0e10415" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:41:37 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Tue Feb 11 12:41:37 2020 +0100" }, "message": "third_party: slurp in edk2, kubernetes, mkfs.xfs\n\nThis finishes the move from core/build/* into third_party/.\n\nWhile at first this might look like wasted bandwidth, this separation\nwill make much more sense in the future, where different parts (not only\nthe Smalltown core) might depend on shared external dependencies. In\naddition, having everything in third_party laid out in a similar fashion\nlends itself to writing more general rules. Already there is quite a bit\nof deduplicaiton that we could remove for reliability and readability.\n\nThis does not fix the problem of the big honkin\u0027 genrule for mkfs.xfs -\nwhile I think we should fix it sooner than later by building a real\ntoolchain, that time is not yet now. But at least we\u0027ve moved things out\nof the way so that we can then drop in a better mkfs.xfs, once it is\nbuilt so.\n\nTest Plan: build file mangling, CI should cover this\n\nX-Origin-Diff: phab/D391\nGitOrigin-RevId: fb99c6a6270c5c6a56eeb4f18a41323ffebbc655\n" }, { "commit": "aa6b7346a87a5512fbdd5b39db766000c0e10415", "tree": "8b7665934b854d4d2ee18e90a289752f8cd85942", "parents": [ "5e0bd2d43ab72cf4091e7689d02f95e07b1c1010" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Dec 12 02:55:02 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Dec 12 02:55:02 2019 +0100" }, "message": "Attestation \u0026 Identity \u0026 Global Unlock \u0026 Enrolment\n\nThis changes the node startup sequence significantly. Now the following three startup procedures replace the old setup/join mechanic:\n* If no enrolment config is present, automatically bootstrap a new cluster and become master for it.\n* If an enrolment config with an enrolment token is present, register with the NodeManagementService.\n* If an enrolment config without an enrolment token is present, attempt a normal cluster unlock.\n\nIt also completely revamps the GRPC management services:\n* NodeManagementService is a master-only service that deals with other nodes and has a cluster-wide identity\n* NodeService is only available in unlocked state and keyed with the node identity\n* ClusterManagement is now a master-only service that\u0027s been spun out of the main NMS since they have very different authentication models and also deals with EnrolmentConfigs\n\nThe TPM support library has also been extended by:\n* Lots of integrity attestation and verification functions\n* Built-in AK management\n* Some advanced policy-based authentication stuff\n\nAlso contains various enhancements to the network service to make everything work in a proper multi-node environment.\n\nLots of old code has been thrown out.\n\nTest Plan: Passed a full manual test of all three startup modes (bootstrap, enrolment and normal unlock) including automated EnrolmentConfig generation and consumption in a dual-node configuration on swtpm / OVMF.\n\nBug: T499\n\nX-Origin-Diff: phab/D291\nGitOrigin-RevId: d53755c828218b1df83a1d7ad252c7b3231abca8\n" }, { "commit": "dcb3a56fe915f2359a5832c685aa2789027ee5fb", "tree": "acaa864bedaa306005830dc7d5aa1e3b0562139d", "parents": [ "f8323f1010f4d1714570197f438888d081056846" ], "author": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 13:44:44 2020 +0100" }, "committer": { "name": "Serge Bazanski", "email": "serge@nexantic.com", "time": "Mon Feb 03 13:44:44 2020 +0100" }, "message": "Remove spurious \u0027@//\u0027 root workspace references\n\nTest Plan: covered by tests\n\nX-Origin-Diff: phab/D364\nGitOrigin-RevId: 4425fa5756468685dfafaf87186bf12f7da455e8\n" }, { "commit": "83dc285944ad65d429bb2641a7348366e7028c40", "tree": "e81cc19c682a21084ec5ab700e61fe4396c81f8d", "parents": [ "2ab141d7fb88b7d939a286a219a000bedcf5f2e5" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 21:57:08 2020 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Tue Jan 07 21:57:08 2020 +0100" }, "message": "Teach Gazelle about k8s import paths in @kubernetes\n\nThis prevents \"gazelle update\" from attempting to add its\ngo_repository equivalent to the auto-generated BUILD file.\n\nWe still need to keep the entries in Go.mod and Gazelle\nwill generate unused go_repository rules for them, because\n`go mod tidy` would break otherwise (and we cannot use a\nreplace directive or a symlink, because replacing requires\na Go.mod file, which the Kubernetes repo does not have,\nand symlinks are not a thing for external dependencies).\n\nThis was broken in master since D271.\n\nTest Plan:\nRan `scripts/gazelle.sh`, `bazel build :gopath`,\nand then the script again. This previously broke and now works.\n\nX-Origin-Diff: phab/D310\nGitOrigin-RevId: 79c1b2836e86df6baddbc1a1dd770e6c0dd84133\n" }, { "commit": "a4516f9887e43b774e49c22db93cdf289dc9cfb1", "tree": "8a0761a3480074b01d5584a1cd5c111a69f76594", "parents": [ "6e8f69c53a2c82f5a760ab2e8152218cc86f3430" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 04 20:27:05 2019 +0000" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Wed Dec 04 20:27:05 2019 +0000" }, "message": "Add minimal functionality test for k8s control plane\n\nBasic functionality test that sends the bootstrap RPC call,\nwaits for the k8s control plane to come up and runs a simple\nkubectl command (that is expected to fail).\n\nAdds reflection to the server to make grpc_cli easier to use.\n\nTest Plan:\nRan `:launch` (because we modified its config) and `:test_boot`,\nsaw a nicely booted k8s cluster:\n\n{P90}\n\nX-Origin-Diff: phab/D275\nGitOrigin-RevId: fe01e3f3ed09877aa76c15946664c9d9bdc4751b\n" }, { "commit": "6e8f69c53a2c82f5a760ab2e8152218cc86f3430", "tree": "1556b56e0a0cdb5108c301dc88710b5b2d74ba1b", "parents": [ "b7a18fd9be7732e9ed9b29f33b7f545916da207b" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 18 10:44:24 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Mon Nov 18 10:44:24 2019 +0100" }, "message": "Initial Kubernetes Control Plane\n\nThis adds a minimum viable Kubernetes Control Plane consisting of a\nkube-apiserver, kube-controller-manager and kube-scheduler. It contains\ntwo small CAs for Kubernetes Identity management based on shared\ncertificates and contains changes for exposing etcd via UNIX socket\nso that the apiserver can talk to it.\n\nTest Plan:\nTested by manually calling Setup() and observing subsequent logs and\nconnecting to the API server.\n\nBug: T485\n\nX-Origin-Diff: phab/D271\nGitOrigin-RevId: e56f3e50eb9d33ea291289faa1aac3bebdeb3346\n" }, { "commit": "f79bfac498914c90395c577f4a2f70956d9a5c56", "tree": "bf9eb32f936f07a6228262c7b7a2e2b145c1423f", "parents": [ "60a85b669e05f788bc63663568102a23c78d6195" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 18 11:16:39 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Mon Nov 18 11:16:39 2019 +0100" }, "message": "Increase test_boot timeout to 60s\n\nUnbreaks master ()\n\nTest Plan: N/A\n\nGitOrigin-RevId: 4b3eb37ba37ff93e86e1739ab662299d6a280b51\n" }, { "commit": "7670e67e72d6d4aaac174b91f4465a67479e1026", "tree": "e76d204e13a52816182f86599f22c6ce95eebeb6", "parents": [ "383d4bb84b7b5062b859f81db10e3f16bd427739" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 13:49:53 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Fri Nov 15 13:49:53 2019 +0100" }, "message": "Improve core/scripts:launch ergonomics\n\n- Disable qemu monitor multiplexing. We don\u0027t need the monitor for most\n debugging tasks, and disabling it means we can kill the VM using Ctrl-C.\n\n- Strip metacharacters and DOS newlines from qemu serial output.\n This makes logs easier to read in the CI, and prevents it from\n messing with terminal settings locally.\n\n- Copy swtpm_data to a temporary directory to ensure we never override\n the build inputs (which can happen in a local run without sandbox).\n\n Re-running the target no longer triggers rebuilds for swtpm_data.\n\n- Remove local tag from :launch - it works fine in the sandbox.\n\nTest Plan:\nRan the test multiple times, no rebuilds occurred:\n\n bazel test core/scripts:test_boot\n\nX-Origin-Diff: phab/D264\nGitOrigin-RevId: 70d52e8a4cf24747d18fbaffeddb6e30bcdf61da\n" }, { "commit": "383d4bb84b7b5062b859f81db10e3f16bd427739", "tree": "9430d87be1ea0716b4075d5d19a358c2e3630383", "parents": [ "68c58755e0a56e1b1c565d80f99056ec4948fbec" ], "author": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "committer": { "name": "Leopold Schabel", "email": "leo@nexantic.com", "time": "Thu Nov 14 22:53:58 2019 +0100" }, "message": "Run \"bazel test //...\" in CI\n\nThis will build all buildable targets and test all testable targets.\n\nThe hardcoded Harbormaster rules have been removed in Phabricator.\n\nAdds a simple test for booting Smalltown.\n\nBUILD files that are injected into repositories have been renamed to\nBUILD.repo to ensure that Bazel does not recognize them as local BUILD\nfiles and attempt to build them.\n\nTest Plan: Covered by CI :)\n\nBug: T483\n\nX-Origin-Diff: phab/D262\nGitOrigin-RevId: 3512a5e13430001f4e6f91d21ac503564c8fb085\n" }, { "commit": "0d7c91e331022831a974c2e34d32bb5b89ddc89c", "tree": "5b822873c015053f4b697d60c33fa3b1ef9a3a4b", "parents": [ "043daa57020dd36e074488dcb432114a548a3d2a" ], "author": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "committer": { "name": "Hendrik Hofstadt", "email": "hendrik@certus.one", "time": "Wed Oct 23 21:44:47 2019 +0200" }, "message": "Implement monorepo layout\n\nImplemented the nexantic monorepo.\n\nSmalltown code was moved to `core`. From now on all code will live in top level directories named after the projects with the exception for general purpose libraries which should go to `\u003clang\u003elibs`.\n\nGeneral build and utility folders are underscore prefixed.\n\nThe repo name will from now on be rNXT (nexantic). I think this change makes sense since components in this repo will not all be part of Smalltown, the Smalltown brand has been claimed by Signon GmbH so we need to change it anyway and the longer we wait the harder it will be to change/move it.\n\nTest Plan: Launched Smalltown using `./scripts/bin/bazel run //core/scripts:launch`\n\nX-Origin-Diff: phab/D210\nGitOrigin-RevId: fa5a7f08143d2ead2cb7206b4c63ab641794162c\n" } ] }