scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-05 04:48:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,171 Commits 1 Branch 0 Tags
live
Commit Graph

143 Commits

Author SHA1 Message Date
OutBack Dingo
efebfe11ff Revert "feat: (almost) entirely remove suid (#606)" 
This reverts commit 5f7a6d2a6f.
 2024-12-05 13:19:08 +07:00
RoyalOughtness
e48216909f fix: missing module map files for zfs (#630) 2024-12-01 13:16:55 -08:00
RoyalOughtness
e3e985af67 chore: remove unused ujust commands (#620) 2024-11-30 00:53:43 -08:00
RoyalOughtness
08683193ae fix: various server usability fixes (#618) 2024-11-30 00:26:37 -08:00
Shubham Sharma
ed740c391a docs: Add steps to build images locally using bluebuild. (#622) 2024-11-29 23:19:18 -08:00
RoyalOughtness
1fbede8921 fix: gnome user extensions toggle doesn't require run0 (#624) 2024-11-28 00:45:03 -08:00
RoyalOughtness
55bbadfc0d fix: add back nvidia-modprobe suid-bit (#621) 2024-11-27 13:34:15 -08:00
RoyalOughtness
5f7a6d2a6f feat: (almost) entirely remove suid (#606) 2024-11-26 15:06:03 -08:00
RoyalOughtness
241ba8a93e fix: policy.json needs to be in /usr/etc (#607) 2024-11-22 16:06:54 -08:00
RoyalOughtness
a3b90c83fd fix: add back missing ujust completions (#605) 2024-11-22 11:32:14 -08:00
RoyalOughtness
261936654f chore: copy config from upstream and remove dep (#593) 2024-11-21 17:23:06 -08:00
spaceoden
5172baa133 fix: motd when no image tag is in use (#602) 2024-11-21 11:51:00 -08:00
spaceoden
f24e3432a6 fix: dns-selector: correct set_browser_policy prompt to match code (#597) 2024-11-18 10:03:59 -08:00
RoyalOughtness
944a9e80b9 fix: motd for securecore images (#600) 2024-11-18 09:37:42 -08:00
spaceoden
45b74a9be8 fix: remove sushi and gnome photos from yafti (#596) 2024-11-18 09:24:44 -08:00
spaceoden
b99f3bc7d1 feat: audit-secureblue: add suggestions for new perm checks (#586) 2024-11-18 01:40:35 -08:00
spaceoden
e8505c2eff fix: set variables to intended default if empty response is recieved (#599) 2024-11-18 00:46:40 -08:00
spaceoden
2e990be137 feat: harden-flatpak: add optional parameter to apply it to specific app (#567) 2024-11-17 15:57:24 -08:00
RoyalOughtness
d9765487dd fix: shorten faq link so that it fits inside the default ptyxis width (#590) 2024-11-15 17:15:05 -08:00
RoyalOughtness
de16e2d859 fix: skip rebasing if image is already signed (#587) 2024-11-15 15:30:49 -08:00
RoyalOughtness
150b2c2b25 feat: numerous fixes and improvements (#580) 2024-11-15 12:13:44 -08:00
spaceoden
f8c909409f feat: audit-secureblue: add recommendations to warnings (#566) 2024-11-15 10:55:41 -08:00
spaceoden
897731d571 feat: audit-secureblue: add checks for device=all and absence of host-os:ro (#565) 2024-11-14 18:34:13 -08:00
Root
db3d24a835 feat: implement just dns-selector and add to post install (#571) 2024-11-14 17:39:54 -08:00
Mystrain
d5595b4860 fix: comment description whitespace 2024-11-14 12:48:29 -08:00
RoyalOughtness
ab60fbbd1e fix: ensure podman auto updates for system as well as uesr (#573) 2024-11-13 14:15:25 -08:00
Mystrain
cd6f696142 feat: add ujust debug-info (#569) 2024-11-12 16:16:23 -08:00
mintpilo
033b39e964 chore: add cleanup for chrony state (#561) 
From GrapheneOS: ntsdumpdir gradually creates stale state.

Co-authored-by: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
 2024-11-12 09:13:56 -08:00
mintpilo
a4a3b2f0cb chore: Update chrony.conf (#558) 2024-11-11 16:59:18 -08:00
RoyalOughtness
e86816d052 chore: switch to bluebuild's justfile module with validation (#556) 2024-11-11 16:11:37 -08:00
RoyalOughtness
a6025e2c4b breakfix: Revert "feat: audit-secureblue: check for filesystem=host:ro and device=all (#535)" (#550) 
This reverts commit d376dd0180.
 2024-11-11 11:20:56 -08:00
spaceoden
d376dd0180 feat: audit-secureblue: check for filesystem=host:ro and device=all (#535) 2024-11-11 09:04:12 -08:00
mintpilo
290d1ec895 fix: remove redundant pkexec line in kargs commands (#539) 
Co-authored-by: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
 2024-11-10 17:28:25 -05:00
Bruno
29927c2db0 docs: fix dead links, add missing items (#544) 
* docs: fix dead links, update descriptions

* docs: more emphasis on "unstable", less on "additional"

* docs: return an original word

* docs: grammar and brevity

* docs: verbosity
 2024-11-10 17:23:45 -05:00
secretmango
c8eff2ca0b fix: remove duplicate blocked udf filesystem (#530) 
fix: remove duplicate blocked udf filesystem (#530)
 2024-11-07 10:18:10 -05:00
RoyalOughtness
d9774b993b fix: audit script breaks without flatpaks present (#520) 
* fix: audit script breaks without flatpaks present

* Update 70-secureblue.just
 2024-11-03 18:21:30 -08:00
RoyalOughtness
de8a761523 fix: set server default zone back to FedoraServer (#509) 2024-11-01 14:21:59 -07:00
RoyalOughtness
c22504449f fix: misspelling 2024-10-30 23:05:33 -07:00
RoyalOughtness
ea9620f017 fix: typo in just 2024-10-30 23:04:42 -07:00
Root
396afbd7a2 feat: add karg option to disable SMT on any CPU (#502) 
* feat: add option to disable SMT in kargs

* fix: improvements

* fix: context

* fix: wording

* fix: wording

* fix: wording

* fix: var name

---------

Co-authored-by: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
 2024-10-30 21:03:16 -07:00
spaceoden
60a5bb4a99 feat: Update 70-secureblue.just to include signed image test in audit script (#498) 
Co-authored-by: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
 2024-10-30 21:01:59 -07:00
spaceoden
74867bdc40 feat: Update 70-secureblue.just to include ipc perm check in audit script (#495) 
Co-authored-by: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
 2024-10-30 21:01:05 -07:00
spaceoden
f14f58f9d8 feat: Remove gnome-software and plasma-discover. Add Warehouse to yafti system apps (#496) 2024-10-30 21:00:03 -07:00
RoyalOughtness
750d7bdd70 chore: remove all quotes from kargs for consistency 2024-10-30 20:58:19 -07:00
qoijjj
fd1c1b1875 feat: Fedora 41 (#503) 
* feat: migrate to f41

* exclude yafti until it's available for f41

* build fixes

* use correct wayblue f41 branch tag

* fix: add yafti back

* feat: include google-noto-fonts-all for universal font coverage

* fix: typo

* chore: use negativo for all nvidia stuff, then remove the repo

* add debug line

* fix nvidia builds

* fix file path

* prep for 41

* remove redundant systemctl commands

* remove dkmshelper

* include minimal server components for nvidia

* fix typo

* prep for f41

* fix nvidia server modules

* various fixes

* more fixes

* fix (again)

* move gstreamer packages

* more gstreamer refactoring

* include additional removal
 2024-10-30 14:07:46 -07:00
qoijjj
16ef609a71 fix: quotation clashes in just script 2024-10-26 19:39:04 -07:00
qoijjj
b66a70eb60 fix: force enable autoupdate across the board by default 2024-10-26 17:17:35 -07:00
mkkvcs
a6b58f042b feat: Enable and prefer temporary addresses (#481) 2024-10-23 17:02:38 -07:00
Rubiginosa
2688625ead fix: Add check for sysctl runtime state (#469) 
* Add check for sysctl runtime state

* improve variable naming
 2024-10-23 14:19:21 -07:00
Rubiginosa
3f240dd334 feat: add check for container policy (#471) 
Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-10-23 13:55:29 -07:00