github.com/QubesOS/qubes-infrastructure commits

version 4.1.14

cfa124646b937b58bf759de35ffa3b08d91e3d7e authored 10 months ago by Marek Marczykowski-Górecki <[email protected]>

Update builder-cleanup script for builderv2

Use proper lock location, but also split cleanups in
builder-version-specific parts

dbe8186a926d15bb92cbfc0b910aca66dbe482b5 authored 10 months ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.13

4444dedc8914483445d20885aa6d4e7da657a665 authored 10 months ago by Marek Marczykowski-Górecki <[email protected]>

Include builder-cleanup service in builderv2 VMs too

Most of it is related to builderv1, but some parts like removing old
tarballs apply to buildev2 ...

59556a073043e1a8c59080861cc88470e28b8190 authored 10 months ago by Marek Marczykowski-Górecki <[email protected]>

Update known-good commit hashes and qubes-builder submodule

1e895c1b03e9de73f4b84c0171dc0ba6373b57ed authored 10 months ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.12

179dd13a9f241a1843376c5c6d1f3f08684504ae authored 10 months ago by Marek Marczykowski-Górecki <[email protected]>

Use nftables on R4.2

bbf9d6e23f4b7532635b78aedf1d0df6222f5a7e authored 10 months ago by Marek Marczykowski-Górecki <[email protected]>

Update builder-cleanup script

- do not remove hash files for tarballs
- do remove uncompressed tarballs in builderv2

d6188fd10b75b13d70ea6fce1cafc33d6fe2a7e4 authored 10 months ago by Marek Marczykowski-Górecki <[email protected]>

Update submodules

6676f88c5e56b855d024ef9f6e4e4d48f6f4c32d authored 12 months ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.11

1432bf024d765ed6d44c143e062382c49c89dace authored 12 months ago by Marek Marczykowski-Górecki <[email protected]>

Allow qubes.Filecopy call to DispVM too

Just updated qubes-builderv2 uses it to deploy (possibly updated)
qubesbuilder.* service files.

24b06c9b91ef300a492ea41df92f8474e658460a authored 12 months ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.10

33d5fca7b5a086d3b41d467a97c70962d625463b authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

builderv2: support maintainers for configs

9f284845aacdfcc365a1faa73b2bf4d4de3c2422 authored over 1 year ago by Frédéric Pierret (fepitre) <[email protected]>

version 4.1.9

d407323b5e317f7de7cf477b58fd0267d37e3fc3 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Update github.com host key

https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

ed07f0a56a0df6d5a16af5563931bc5cbb7dff91 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Update submodules and known-good commit hashes

5b504c45654e2be2092b3d8addbe07e6955161a2 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Remove duplicate package to be installed

Newer salt (Fedora 38) complains and fails about providing list with duplicates.

1266ab63f53417359a82a7edfa21884c64cb8e17 authored over 1 year ago by Frédéric Pierret (fepitre) <[email protected]>

version 4.1.8

2faaecc057c4d2bd76d6854e079335378d983b43 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Add dependencies for arch packages

b7e526eedbd44e5eba5cf05783d0957d8b588685 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.7

e81e794720b2b7d6818aecb264a6fcd538928dcb authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Typo fix

fd04de2f70c8fb174a1c0a614e069fb434e15d73 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.6

a2c61e8679aa1248bee54ee81a3cf0d9f733f979 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Allow admin.vm.CreateDisposable call to builder-dvm explicitly too

... not only to dom0 (meaning "default dispvm"). Updated builder use
explicit target.

934e624efa55b3480562459ef07b22383cbe77c0 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.5

4ea2f645e83fd3fd8a97f5bb7596ae3b0a292b74 authored over 1 year ago by Marek Marczykowski-Górecki <[email protected]>

Make openqa client conf conditional

0f3221b0376bff5692a2e3dcd0110c535088ee85 authored over 1 year ago by Frédéric Pierret (fepitre) <[email protected]>

Create openqa config file instead of feeding github.yml

644c45da819a07d2451e8e90f8911013ed0e8c8c authored over 1 year ago by Frédéric Pierret (fepitre) <[email protected]>

Allow to pass iso-base-url for notify-issues

929532e011c7573be9ce56a3218212be77a686cd authored over 1 year ago by Frédéric Pierret (fepitre) <[email protected]>

version 4.1.4

b02e82686a325cd020e14e2915eea009c7e37ebc authored almost 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Set openqa entries only if they are defined

a83abc3ce378143e3a2e37214f304ba182c5ce18 authored almost 2 years ago by Frédéric Pierret (fepitre) <[email protected]>

Update default template to Fedora 37

4969fdbd0d0b57eb9d49f727351a3d86bf6b953c authored almost 2 years ago by Frédéric Pierret (fepitre) <[email protected]>

Support for setting builder-github openqa values

160cc3f3a9e4ee2e099fffc4e21195e64bcff2c5 authored almost 2 years ago by Frédéric Pierret (fepitre) <[email protected]>

Support for setting encryption in remote hosts

f090325bd2a8d41dd90a425e8ab4fc9eda00e40b authored almost 2 years ago by Frédéric Pierret (fepitre) <[email protected]>

version 4.1.3

fe14848a0907e8d4199cf4e109136b509e1411fe authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Switch webhooks to builderv2-github version

It does a bit preprocessing of comments to accommodate stricter
validator of builderv2-github, b...

3f60122a8f59471042ddad8448ebb44942fda9d1 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Add SSH proxy last

Avoid immediately removing it by the other ~/.ssh/config state.

59859101ce78317dc183299148ebed4a2355f5d4 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Install sequoia-sqv in template

8f1202e9f4db9c22010c7018f63b2380cf5547fb authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.2

019b1e9154dc7676b77171ec7271951b34ee384f authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Unbreak openssl's ripemd160

It's necessary to generate metalinks (one of the alternative hashes used
there).
See https://git...

ece1d7c63e639aa2246051c94935ea3eb62a1d8b authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.1

1ec5f4a48e9660c3845281863b7f56070efe0729 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Move qubesbuilder.ProcessGithubCommand to the new policy too

549443b6a52427865e917d21ef4eeea6196f3538 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Fix typo in qrexec policy

0e619f4144841c9abdd7e2729295811d6af6f96f authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Fix example pillar

07d74f0303dfafeba3a14327c73f1cd3a80f98a3 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Fix setting split-gpg autoaccept time

9f423ae7ef7dc7c9cf380b370deb43bff58ad1bb authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Install mkmetalink in build VM for builderv2

builderv2 generates metalinks locally instead of on the server, install
mkmetalink locally too.
...

11b7fb2ea4380054915b9c88ad57e6938b050338 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

version 4.1.0

838261b317e631d3e2ed99119df5676f1d65cb36 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Rename FORMULA file

builderv2 doesn't support FORMULA.(PACKAGE_SET) anymore - it was
redundant encoding of package t...

80af22af95f8fbb5cc9087677619f26c37d894aa authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Configure very long autoaccept key access period for builderv2

builderv2 has much better isolation on its own

d1adf19382d28a95dca052dc39fa79fd295e6182 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Add support for deploying builderv2 too

Add 'builderv2: True' to the pillar for specific build env. All
instances in such VM will use bu...

8b0f3257cc51681a477fb7b0ebbaf0c632261a95 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

ci: build with builderv2 for R4.2

e29c063e6f94489b9dde62712a71f3e6a5ca7292 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Add .qubesbuilder

41c4259d6c99cfcb1a76d766add482ec3db3b5d8 authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Bump qubes-builder commit sha

a5cc11992d5601a4f145c20afbca5d14a3bdcfbc authored about 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Fix calling safe-checkout-sha

The original version never really worked ('[--' was passed literally as
the first argument). cmd...

d329ed23821dfda55757380487fafadc07e5de43 authored over 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Update submodules

58dbdbf225ebe01b8babefbeefdc8cc32e2a1fd1 authored over 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Update default template to fedora-36

QubesOS/qubes-issues#7128

88cc26f846564dc945ede2873975271ddcbc4f39 authored over 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Convert policy to new format

8cfe1cd41e7bb57ee36e44edea8c39924045b5b8 authored over 2 years ago by Marek Marczykowski-Górecki <[email protected]>

Drop Travis CI

7cfac8d9ef7e808dd1e976fe23fd111e2861a5a7 authored over 2 years ago by Frédéric Pierret (fepitre) <[email protected]>

spec: add BR make

QubesOS/qubes-issues#6982

e51fe47c9d5945930f3244a5a24c436f5be2e12a authored about 3 years ago by Frédéric Pierret (fepitre) <[email protected]>

version 2.0.16

98a460595b8d655e277847a9c5a63ec76840c90f authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

Download initial sources for builder plugins only

This is all that's needed to download further components on demand. This
both makes the state ru...

4cd5a3f3d6a0397167318b46b3c824683f8f2933 authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

Fix 'require' formatting

It needs to be a list, even if just a single value.

150c79b2006f3986c3b3d4ce0ffaaf814a48f730 authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

version 2.0.15

d06d81134e323bcd12c9a3a9a461765b01f6fb45 authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

builder-cleanup: remove both compressed and uncompressed kernel sources

The uncompressed files can be quite big, remove them too. While at it,
fix removing compressed t...

07f52cf276349938bfe8f2bfbb9c252b3ce1d6cf authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

Improve dependencies for Salt states

safe-checkout-sha no longer requires that the GPG keyring has been
populated.

c01df0da1c18459dcb07f1c1856e39a4d4099e33 authored over 3 years ago by Demi Marie Obenour <[email protected]>

Avoid escaping builder name

It isn’t escaped anywhere else either.

17692ae88ab4d0adb565ec15dd2dbe8271f449a4 authored over 3 years ago by Demi Marie Obenour <[email protected]>

Update the SHA for qubes-builder

There have been security fixes to the builder since the previous SHA.

7077631fbe926feaee692647765e76f67d45e340 authored over 3 years ago by Demi Marie Obenour <[email protected]>

version 2.0.14

74ca9ec18a035e7734d3b26f06577ccdd0bfb077 authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

Update submodules

845c597606e892faab50fbd15a53bf476c8b6c41 authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

version 2.0.13

e89d3a118084349d34c4917a87ec9aa0cd5bc267 authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

Don't remove old packages from 'current' repo

Keep the packages to ease reproducible builds.
Previously keeping them on the server was enough,...

e4704c70ea11bb3731d2fcea9d229d2dd5df519a authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

Revert "Check that builder names are valid"

Builder list comes from trusted pillar. Imposing limits here is going
to annoy the admin only, w...

6fc912c5bb0f92a34f42ccfdf71100a4569ce44d authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

Update default template names

cd0f37c3332bdbd8864652b5d628a2647d9823b4 authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

Update submodules

0ebc2632dfd8bfc647482d6ed2e8c7a4183ee4e7 authored over 3 years ago by Marek Marczykowski-Górecki <[email protected]>

version 2.0.12

a70264eee98d095a522ab65c6ac69187b9a7b83f authored almost 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Fix safe-checkout-sha script

Do not fail on existing directory (which would cause clean code to
remove it).
And also, do not ...

e977b2b8bafce902cf030967896e3dcc91e1d9a6 authored almost 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Mass replace: ‘/var/run’ → ‘/run’

The former is deprecated in systemd.

Part of QubesOS/qubes-issues#6315.

004cdbaa2de767906f31a48382499402b5d533ee authored almost 4 years ago by Demi Marie Obenour <[email protected]>

Merge remote-tracking branch 'origin/pr/18'

* origin/pr/18:
Update submodule to fix metadata signing

166b80835659d0e2fce35a57d81c56d41b585a0e authored about 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Merge remote-tracking branch 'origin/pr/20'

* origin/pr/20:
Add .gitlab-ci.yml

18c38db8491a5ba57bf60795095024567bddbd8e authored about 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Remove git@

088ac11ace123ca3d2a213d5e28b6bdb0625bf09 authored about 4 years ago by Demi Marie Obenour <[email protected]>

Remove unneeded curly braces

1482f81f2b57e40ca3103d19e4b04be369e127ef authored about 4 years ago by Demi Marie Obenour <[email protected]>

Tell Salt that the script creates the builder dir

6af50c8a33fc0ed56c1d4406e060fbeee37396e1 authored about 4 years ago by Demi Marie Obenour <[email protected]>

Check that builder names are valid

As they are interpolated into YAML with no escaping, a bad builder name
would be very bad.

ab1c9952ed436d8b31246c7b8883311e3d9c478f authored about 4 years ago by Demi Marie Obenour <[email protected]>

Respond to code review from @marmarek:

- ssh:// → https://
- fix inverted logic in checkout script
- change directory for all git comma...

1230ca7fa5a5f197ea494a76513a7fc6c32e9444 authored about 4 years ago by Demi Marie Obenour <[email protected]>

Safely checkout qubes-builder

Verifying that a git commit has a valid tag pointing to it is complex.
Instead, just checkout a ...

d6ddc64a10998fc0e285fec092f7ec827bda5b37 authored about 4 years ago by Demi Marie Obenour <[email protected]>

Add .gitlab-ci.yml

fd2780cc5cd8ff8150482feb20862f770a331468 authored about 4 years ago by Frédéric Pierret (fepitre) <[email protected]>

Update submodule to fix metadata signing

a8566f268851fae72dfb8d9a3e57407feb2d5a62 authored about 4 years ago by Demi Marie Obenour <[email protected]>

version 2.0.11

4489cef46f9aed4c3d9309a0ee8b5b59cadd185c authored about 4 years ago by Marek Marczykowski-Górecki <[email protected]>

ssh-proxy: use socat instead of nc

socat is installed in the template by default, nc is not.

1fa1d1bff59356ca314bf65f033f4c68666a7f67 authored about 4 years ago by Marek Marczykowski-Górecki <[email protected]>

version 2.0.10

6214abac16b03636a713a1035e778f3ae4f23df3 authored about 4 years ago by Marek Marczykowski-Górecki <[email protected]>

webhooks: refactor with newer app

2254fc39a0491f279e20a8ad6a37494cdf32ed85 authored about 4 years ago by Frédéric Pierret (fepitre) <[email protected]>

version 2.0.9

09c71b9c7f3d647feb040d3d9cfd567ed878cc89 authored over 4 years ago by Marek Marczykowski-Górecki <[email protected]>

update qubes-builder submodule

370d8f5ba8bde26a683c55a738aba2d734ed7ffb authored over 4 years ago by Marek Marczykowski-Górecki <[email protected]>

builder-cleanup: cleanup apt archive too

a0fa6d0f653a35a5e694252787b9a14fc6a51d05 authored over 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Update travis

d1347c8b654e5ddd920340ac857ee97dc782546d authored over 4 years ago by Frédéric Pierret (fepitre) <[email protected]>

version 2.0.8

eeb9f7868d54b88f648d2a5092c840c035b5698d authored over 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Change cleanup service to weekly schedule

The releases/builds are too dynamic for monthly cleanup - it accumulates
to almost full disk of ...

dfc9b0f090db0b4416d56092f1bc471fa50990f3 authored over 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Remove old kernel sources too

Those pile up pretty quickly (new version ~each week).

826fd6ae9e4fead96443b790413ec49d2cb98d06 authored over 4 years ago by Marek Marczykowski-Górecki <[email protected]>

version 2.0.7

c89f897d05a97d2b5f0c365cb15090b4a8c65a23 authored over 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Update Github hook IPs

594b34ca10d528d47b847f340a83666f44575d28 authored over 4 years ago by Frédéric Pierret (fepitre) <[email protected]>

Allow another VM as netvm for sys-net

bd8d60692a332201600f68025aa050e133bbeb69 authored over 4 years ago by Frédéric Pierret (fepitre) <[email protected]>

version 2.0.6

6bdf63349aa2d49490243b5cf4db2aead45bd1b3 authored over 4 years ago by Marek Marczykowski-Górecki <[email protected]>

Ecosyste.ms: OpenCollective

github.com/QubesOS/qubes-infrastructure