scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-03 11:58:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
929 Commits 1 Branch 0 Tags
3b927dc8ed07ca0e97fc8b09cf41359effd1a0ba
Commit Graph

929 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
qoijjj
3b927dc8ed fix: check only the first string token when searching lsattr 2024-08-10 03:56:35 -07:00
qoijjj
872cb784ef feat: add ujust command to lock bash environment files to mitigate LD… (#365) 2024-08-09 16:14:44 -07:00
qoijjj
3e9bfa81a9 fix: remove chsh removal script since it has been removed upstream 2024-08-08 17:45:03 -07:00
qoijjj
0104d6a697 fix: revert container policy hardening migration to /etc until upstream migrates 2024-08-08 17:28:44 -07:00
qoijjj
2deefb4d54 fix: revert /etc migration only for signing module 2024-08-08 17:18:15 -07:00
fiftydinar
378caba43f docs: clarify disablement of GNOME user extensions better (#364) 2024-08-08 15:59:25 -07:00
qoijjj
3fb96ece10 chore: move /usr/etc to /etc per upstream rpm-ostree recommendation 2024-08-08 15:48:30 -07:00
qoijjj
ed02255f57 docs: more cleanup 2024-08-08 00:01:50 -07:00
qoijjj
4888f639e5 chore: enable semantic commits 2024-08-07 23:58:23 -07:00
qoijjj
7b8f12d5c0 docs: cleanup 2024-08-07 23:57:59 -07:00
SnuggleCovenant
4c85413563 remove gnome videos (totem) from yafti.yml (#363) 
the totem app is abandoned
 2024-08-07 14:53:34 -07:00
fiftydinar
e1a130f6f9 feat: Disable user Gnome extensions & user-installation of them (#361) 2024-08-06 17:14:30 -07:00
qoijjj
d68cf29895 docs: add xwayland toggle note to FAQ 2024-08-06 14:34:08 -07:00
qoijjj
78b531846d chore: fix build by isolating silverblue-only package 2024-08-06 10:39:05 -07:00
qoijjj
2318f83a9a chore: ensure package consistency across images 2024-08-06 10:01:13 -07:00
qoijjj
f75215cfdf fix: set permissions for xwayland file in ujust command 2024-08-03 12:19:43 -07:00
spaceoden
c21a697252 Update 60-custom.just.readme.md to put new kargs in the correct section (#357) 
the new kargs were added to set-kargs-hardening, not set-kargs-hardening-unstable
 2024-08-02 13:01:52 -07:00
qoijjj
9f56f2ff06 feat: set additional kargs to override suboptimal defaults 2024-08-01 22:43:23 -07:00
qoijjj
ce67bf3e80 docs: remove postinstall step now handled by yafti 2024-08-01 11:27:06 -07:00
qoijjj
084fe1a40c fix: remove usbguard-dbus due to insufficient systemd sandboxing (#352) 2024-07-31 14:20:49 -07:00
qoijjj
eea350af56 fix: remove comments from harden-flatpak ujust command to fix just parsing 2024-07-30 16:26:34 -07:00
qoijjj
a9be430e64 docs: readme language improvements 2024-07-30 16:09:37 -07:00
qoijjj
b36cc78dfb docs: clarify readme language 2024-07-30 15:35:27 -07:00
spaceoden
7c0976da7e feat: add to harden-flatpak logic that applies the highest supported hwcap (#346) 2024-07-30 15:31:43 -07:00
qoijjj
c1ed731e7d docs: formatting 2024-07-30 13:32:56 -07:00
qoijjj
0a285cde7b docs: remove stuff that doesn't belong in the postinstall instructions 2024-07-30 13:31:25 -07:00
qoijjj
b31aff0994 fix: prevent bluefin yafti from starting 2024-07-30 00:22:30 -07:00
qoijjj
298bbda019 fix: ujust command typos 2024-07-30 00:03:25 -07:00
qoijjj
7132b12816 docs: add note about VM network connectivity 2024-07-29 23:23:52 -07:00
qoijjj
b9fc6e4826 feat: remove xwayland by default (#347) 2024-07-29 23:02:10 -07:00
qoijjj
16b01248cf docs: remove ublue-specific language from the contributing doc 2024-07-29 16:29:37 -07:00
Root
9a843f3861 docs: add docs to JIT disable in Gnome (#345) 
* Add docs to JIT disable in Gnome

* Properly add env file in ujust
 2024-07-29 09:57:15 -07:00
qoijjj
1352428c1b docs: remove no longer relevant section 2024-07-28 23:12:26 -07:00
qoijjj
0b908d7994 fix: typo in docs 2024-07-28 23:11:48 -07:00
qoijjj
9156eecb98 docs: fix link in readme 2024-07-28 23:06:46 -07:00
Root
1a55f1549b feat: add ujust to toggle Gnome JS JIT (#344) 
* Add ujust to toggle Gnome JS JIT

* Disable Gnome JIT by default
 2024-07-28 21:48:48 -07:00
qoijjj
abcdd4e3ac chore: remove chsh 2024-07-28 21:39:58 -07:00
qoijjj
45c9506980 feat: switch to hardened-chromium (#343) 
* fix: selinux policy for chrome suid sandbox

* feat: switch to hardened-chromium
 2024-07-28 21:12:45 -07:00
HryshcIlya
e500f078ef refactor(iso-script): improve flexibility and add new images (#336) 
* refactor(iso-script): improve flexibility and add new images

- Add associative array for image configurations
- Include new images: aurora, cosmic, server-zfs
- Dynamically generate desktop options
- Simplify logic for adding parameters to image name
- Improve handling of specific desktop options (dx, asus, surface)
- Enhance code modularity for easier future modifications
- Update VARIANT selection logic for all images

BREAKING CHANGE: The script now uses a new configuration structure for image options, which may require updates to any external dependencies or documentation referencing the old script structure. New images have been added and VARIANT selection has been modified for existing images.

* fix(iso-script): enable ASUS support for Silverblue and Kinoite
 2024-07-28 21:11:13 -07:00
Tommy
be1effa83d Remove net.ipv4.conf.*.secure_redirects = 0 (#315) 
squash
 2024-07-27 12:38:16 -07:00
HryshcIlya
1106f0e897 docs: update URLs to reflect new file structure (#333) 
* docs: update URLs to reflect new file structure

This commit updates various documentation and configuration file URLs to match the new directory structure for the secureblue project. These changes ensure that links resolve correctly and point to the appropriate files after the recent reorganization.

* chore: delete file vanadium_comparison.readme.md

---------

Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-07-26 21:22:31 -07:00
qoijjj
5de5250eb3 docs: add cosmic images to the experimental section 2024-07-26 15:24:19 -07:00
MkKvcs
a70ee206a9 feat: add cosmic images (#334) 2024-07-26 15:23:34 -07:00
HryshcIlya
98eebd7b59 docs: fix links in README.md (#326) 2024-07-25 09:13:01 -07:00
qoijjj
c16debbdd4 Revert "feat: switch to hardened-chromium (#332)" 
This reverts commit 721ad757b5.
 2024-07-25 00:15:25 -07:00
qoijjj
721ad757b5 feat: switch to hardened-chromium (#332) 2024-07-24 23:35:23 -07:00
qoijjj
0ccc7cd11b chore: fix server image build issues 2024-07-23 08:48:09 -07:00
qoijjj
761e8b3610 chore: remove optional packages that are available via brew 2024-07-23 08:16:36 -07:00
qoijjj
5746615794 fix: include only setools-console on server images 2024-07-23 07:43:58 -07:00
qoijjj
f2d82a1e9f fix: remove usbguard-notifier from server images 2024-07-23 07:01:36 -07:00