scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-24 22:15:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
436 Commits 1 Branch 0 Tags
28cb192d438e3c342cdf0be99642dfbb11da3a1c
Commit Graph

436 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
EinoHR
116e53a9e6 fix: always get version tags (#134) 
---------

Co-authored-by: Scott Ames <scott@ames.sh>
 2023-08-07 06:47:51 -06:00
EinoHR
a2b805669e feat: ISO build action (#133) 
* feat: base iso release workflow
* does not produce a functional ISO yet
needs boot_menu

* chore(dev): start iso workflow on iso push

* fix: rename release-iso to release-please

* refactor: use github-cli to create release

* fix: remove job dependencies

* chore: basic boot menu

* fix: add permission to create release

* fix: delegate tag for auto-iso releases,..
delete old version when rerunning

* fix: multiline string for multine cmds

* fix: specify gh repo in old release delete

* fix: only create release if doesn't exist

* fix: boot menu double user field

* fix: clobber iso

* chore: neutral defaults for boot menu

* feat: run iso when iso-related changes pushed

* docs: README section for ISO
 2023-08-04 06:53:26 -06:00
jh-devv
48c8250e1a fix: capitalize first character of comment (#132) 2023-08-02 13:42:35 +00:00
plata
3355dc59b3 chore: autostart.desktop add line break at EOF 2023-08-02 15:46:52 +03:00
plata
ff6e40f014 chore: justom.just add line break at EOF 2023-08-02 15:41:52 +03:00
Waffleophagus
fb6dc4da90 fix: remove GNOME Games, is deprecated 2023-07-31 12:59:56 +00:00
Jorge O. Castro
b6070a7261 Merge pull request #126 from Waffleophagus/template 
Updating Gamescope to pull from the most recent package.
 2023-07-30 23:16:19 -04:00
Waffleophagus
7fcc4ab5d1 Revert "Per the updating tools, it appears that org.gnome.Games is end of life and will no longer get updates." 
This reverts commit 0f80d3054b.
 2023-07-30 21:03:33 -05:00
Waffleophagus
0f80d3054b Per the updating tools, it appears that org.gnome.Games is end of life and will no longer get updates. 2023-07-30 21:01:22 -05:00
Waffleophagus
93cc478514 Updating Gamescope to pull from the most recent package. 2023-07-30 20:55:36 -05:00
ER
a70013277e fix: lowercase image name for signing 2023-07-27 15:46:31 +03:00
gerblesh
140e99278b fix: remove old signing config, using the one from the config repo instead (#124) 2023-07-24 19:08:25 -04:00
Jorge O. Castro
1a3581124b Merge pull request #121 from gerblesh/image-signing 
refactor: fix jq, rename cosign.yaml and cosign.pub
 2023-07-24 08:59:04 -04:00
gerblesh
7a74af7342 fix: remove remnants from earlier image signing method 2023-07-24 00:26:03 -07:00
gerblesh
958b616eb8 style: prepend the entry in the JSON rather than append 2023-07-23 23:31:15 -07:00
gerblesh
28735a25ae Merge branch 'template' into image-signing 2023-07-23 19:45:43 -07:00
Jorge O. Castro
b6eb19c105 Merge pull request #122 from ublue-os/revert-117-image-signing 
Revert "refactor: clean up image signing to line up more with upstream"
 2023-07-23 16:25:57 -04:00
Jorge O. Castro
0447b185c9 Revert "refactor: clean up image signing to line up more with upstream" 2023-07-23 16:25:37 -04:00
gerblesh
cf41e52129 refactor: fix jq, rename cosign.yaml and cosign.pub 2023-07-23 12:10:12 -07:00
Jorge O. Castro
ebdc55ccec Merge pull request #117 from gerblesh/image-signing 
refactor: clean up image signing to line up more with upstream
 2023-07-23 12:55:55 -04:00
gerblesh
e85e8f6304 style: format whitespace 2023-07-22 23:40:33 -07:00
gerblesh
211a7b05a8 feat: add signature rather than replace to allow rebasing back to uBlue main 2023-07-22 23:38:42 -07:00
gerblesh
23d8b2dddb refactor: clean up image signing to line up more with upstream 2023-07-22 22:07:25 -07:00
Jorge O. Castro
50c6629181 Merge pull request #116 from gerblesh/image-signing 
feat: add support for image signing
 2023-07-21 15:52:38 -04:00
gerblesh
7502accfd3 docs: remove unneeded verification section 2023-07-21 12:31:05 -07:00
gerblesh
723847b803 docs: include more detailed steps in installation section 2023-07-21 10:04:34 -07:00
gerblesh
8c57efe7a9 docs: update Installation in README 2023-07-21 09:54:14 -07:00
gerblesh
978bd6193c fix: fix build arguments 2023-07-21 09:11:59 -07:00
gerblesh
d2c98237f4 feat: add support for image signing 2023-07-20 22:35:59 -07:00
Jorge O. Castro
de8c36ed5b Merge pull request #114 from jeffwindsor/jeffwindsor-readme-links-patch 
Fix broken "Make Your Own" link
 2023-07-20 08:52:50 -04:00
Jeff Windsor
338941f0e5 Missed a link at the bottom 2023-07-19 22:16:49 -07:00
Jeff Windsor
67f7849284 Fix broken "Make Your Own" link 
looks like the page moved under the tinker section

I also validated and updated the other references to the `ublue.it` domain to `universal-blue.org`
 2023-07-19 22:04:54 -07:00
dependabot[bot]
76f3b1ca4c build(deps): bump mikefarah/yq from 4.34.1 to 4.34.2 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.34.1 to 4.34.2.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.34.1...v4.34.2)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-17 12:26:03 +03:00
ER
45d81133db docs: instructions for manually adding repo files 2023-07-08 17:01:41 +03:00
EinoHR
3fff8bc61c fix: PRs that change only .md or .txt files can't be merged 2023-07-08 16:53:49 +03:00
Jorge O. Castro
e69e6bfcc1 Merge pull request #108 from ublue-os/dependabot/github_actions/sigstore/cosign-installer-3.1.1 
build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1
 2023-07-03 15:10:10 -04:00
dependabot[bot]
0b7bd4f872 build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-03 01:47:27 +00:00
ER
fe13ef1236 fix: images built aren't versioned properly #86 2023-06-30 18:44:42 +03:00
dependabot[bot]
d5a35ca31b build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.0.5...v3.1.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-30 12:09:00 +03:00
Tulili
da1b3f9ca2 feat: integrate bling repo (#105) 
includes everything from the bling repository to this repository (COPY)
and removes features now ingested from bling

---------

Co-authored-by: ER
 2023-06-30 09:02:23 +00:00
dependabot[bot]
3037449a0f build(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.0.4...v3.0.5)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-01 16:27:45 +00:00
dependabot[bot]
da63a1f1fb build(deps): bump mikefarah/yq from 4.33.3 to 4.34.1 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.33.3 to 4.34.1.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.33.3...v4.34.1)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-01 16:23:55 +00:00
Tulili
a01549d081 feat: nix uninstaller for ublue-os systems (#93) 2023-06-01 15:58:43 +00:00
JosSamLoh
2582585ecd refactor: Shorten FEDORA_VERSION line (#90) 2023-06-01 15:50:23 +00:00
ER
1bf1785f2a docs: better inline docs in containerfile 
* explaining ARG default values
 2023-05-31 16:41:49 +00:00
plata
dd89cb7299 chore: use ./recipe.yml as default in Containerfile 2023-05-31 16:05:08 +00:00
Arcitec
3920ba9ab5 fix: remove RPMs after installing RPMs, to guarantee cleanup 
This is necessary because the `rpm-ostree install` command lacks any way to exclude "recommended dependency" packages. It installs everything and the kitchen sink.

Therefore, installing something will often pull in a bunch of unwanted dependencies. The best we can do with the current situation is to run the removal after the install, so that users can remove those unwanted components manually and can be sure that they're actually removed.
 2023-05-24 17:20:31 +00:00
Arcitec
ac40e75534 docs: explain the new "build.sh" location and mention "autorun.sh" 2023-05-20 08:07:46 +00:00
Arcitec
e8b5be6e83 fix!: optimize container layers and reduce image size 
Every individual RUN, COPY and ADD action creates an extra container layer, so there was plenty of room for improvement in our Containerfile.

This optimization gets rid of 4 useless layers from our final container image, and shrinks the final OCI download size as follows:

- Removing the "mkdir /tmp/scripts" layer. It's not necessary to manually create the target directory for the container copy action.

- Removing the manual "chmod +x" for the scripts, and putting that step inside "build.sh" instead.

- Removing the manual copying of "build.sh", by instead placing it at "scripts/build.sh" so that it's automatically copied together with all the other scripts in one layer instead.

- Removing the separate "chmod +x build.sh && run build script" step by merging it with the "cleanup temp files and then finalize the container" step, so that we don't create a pointless extra filesystem layer just for the build.sh script execution.

These changes also reduce the size of the final image, because we're cleaning up the image in the exact same step that we run the "build.sh". If we didn't combine these steps, we'd still be keeping a useless extra layer with all the /tmp/ and /var/ junk files that were left over after the build.

Most seriously, the "/var/cache" folder contained copies of ALL RPM FILES that build.sh installed via "rpm-ostree install". This meant that we were generating a very big layer with a lot of junk data that shipped in the final image.

Our build now only generates 7 layers (instead of 11), and users will have a much smaller OCI download since we aren't shipping the cached RPM "build leftovers" or temp files via useless extra layers anymore.
 2023-05-20 08:07:46 +00:00
dependabot[bot]
878ea2f6bf build(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.0.3...v3.0.4)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-16 17:17:48 +00:00