scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-17 10:35:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
500 Commits 1 Branch 0 Tags
3deb21814d1e573a4eaa0ebacbc928c13ff907cf
Commit Graph

500 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
qoijjj
3deb21814d fix: build yml syntax 2024-01-01 16:59:38 -08:00
qoijjj
c4b5927646 Fix new image verification step for wayblue images 2024-01-01 16:57:54 -08:00
qoijjj
f6fb99d63b Merge branch 'ublue-os:template' into live 2023-12-31 14:00:42 -08:00
RJ Trujillo
52e6a456ad feat(ci): Verify base image with cosign before building (#211) 
* feat(ci): Verify base image with cosign before building

Validates the integrity of the base image being built from via cosign
before continuing to build. Ensures we only build with signed images

* fix(ci): Extract base image name from base image URL for verification
 2023-12-31 10:41:45 +00:00
qoijjj
8c80e1d283 add sed parameter and fix order 2023-12-30 14:32:02 -08:00
qoijjj
e10b65e0b7 wayfire related cleanup 2023-12-30 11:52:58 -08:00
qoijjj
7cb48cf75d add wayfire 2023-12-29 23:58:34 -08:00
qoijjj
8a6b21bb75 add preinstallation recommendations 2023-12-24 17:33:09 -08:00
qoijjj
aa2e49fa37 Remove lazurite from the images list in the readme 2023-12-24 17:16:31 -08:00
qoijjj
a094c342d0 Remove lazurite images that were added prematurely before full wayland support (#147) 
Remove lazurite images that were added prematurely before full wayland support (#147)
 2023-12-24 17:12:45 -08:00
qoijjj
25cd9abc40 Add push to GHCR steps for staging builds 2023-12-24 14:55:20 -08:00
qoijjj
1150a8a367 Add staging builds 2023-12-24 14:03:43 -08:00
Sadoon Al-Bader
24caa87dab chromium: Disable VAAPI and enable wayland 2023-12-24 13:59:11 -08:00
qoijjj
cc69b3bd0f Add back kwalletmanager 2023-12-23 15:15:09 -08:00
qoijjj
69f00ae44f fix kargs for bluefin 2023-12-22 14:10:25 -08:00
qoijjj
681f3455f5 Add bluefin images 2023-12-22 10:28:35 -08:00
qoijjj
c36b38d0cd Update lazurite-packages.yml 2023-12-21 18:11:09 -08:00
qoijjj
ebed822af6 various lazurite fixes 2023-12-21 17:26:46 -08:00
qoijjj
e2b23fb272 Add lazurite images 2023-12-21 16:21:30 -08:00
qoijjj
4feb586953 Add lazurite images 2023-12-21 16:20:31 -08:00
qoijjj
efee9d59a5 Merge branch 'template' into live 2023-12-18 12:11:50 -08:00
qoijjj
a111e47b84 set suid on bubblewrap from fedora 2023-12-18 12:10:51 -08:00
dependabot[bot]
b597ecd833 build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#208) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-18 17:59:24 +00:00
dependabot[bot]
be8810523e build(deps): bump mikefarah/yq from 4.40.4 to 4.40.5 (#207) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.4 to 4.40.5.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.40.4...v4.40.5)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-18 17:51:00 +00:00
qoijjj
b9c058a537 Merge branch 'template' into live 2023-12-17 12:44:03 -08:00
Menno Finlay-Smits
d124a99d38 feat: Check that cosign.pub matches private key (#193) 
This avoids images which can't be updated due to `invalid signature`
errors because cosign.pub doesn't match the private key actually used
for signing. The error is caught early in the build process as there's
no point creating an image if cosign.pub is wrong.

Co-authored-by: mjs <mjs@users.noreply.github.com>
 2023-12-17 10:31:35 +00:00
qoijjj
38999d4123 Add userns-enabled variant to give the users choice on the tradeoff between userns and non-userns 2023-12-16 13:11:41 -08:00
qoijjj
b4c41e6b13 Clarify chromium instead of firefox in the readme 2023-12-15 17:29:37 -08:00
qoijjj
ab909d5991 Add additional details 2023-12-15 17:22:43 -08:00
qoijjj
4ed2b34b16 Clarify the readme line about degoogling 2023-12-15 17:02:44 -08:00
qoijjj
2d938de8f2 Add an explanation for JITless chromium to the readme 2023-12-15 17:00:35 -08:00
qoijjj
897fd315be Remove readme line that's no longer accurate 2023-12-15 16:59:37 -08:00
qoijjj
e1c0af99d8 Merge branch 'ublue-os:template' into live 2023-12-13 14:14:39 -08:00
qoijjj
1cf19d4dbd Add kargs password prompt for yafti 2023-12-13 11:39:20 -08:00
plata
f432ff4acc fix: do not format just files in CI (#205) 2023-12-13 19:10:52 +00:00
qoijjj
5dd011c078 Disable io_uring, see inline comment for details 2023-12-11 10:49:16 -08:00
qoijjj
9b5a4302d2 Fix readme error 2023-12-11 10:47:19 -08:00
qoijjj
822f4f0277 Update ld.so.preload according to #119 
https://github.com/secureblue/secureblue/issues/119
 2023-12-11 09:04:49 -08:00
qoijjj
d5f3a6b4bd Merge branch 'template' into live 2023-12-10 15:07:37 -08:00
dependabot[bot]
9aa7bb2740 build(deps): bump mikefarah/yq from 4.40.3 to 4.40.4 (#201) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.3 to 4.40.4.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.40.3...v4.40.4)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-10 15:58:59 +00:00
qoijjj
6de5711665 Added clarifications in the readme 2023-12-10 01:29:33 -08:00
qoijjj
0c3aa1ade3 Add more hardening details to the readme 2023-12-10 00:48:53 -08:00
qoijjj
f24704397a move jitless flag for chromium to the correct location for fedora 2023-12-10 00:47:48 -08:00
qoijjj
c579b02d12 Add additional details to hardening 2023-12-10 00:26:06 -08:00
qoijjj
bee997577b Add cups back to the image and disable it by default. Include a just command to enable it if the user chooses. 2023-12-10 00:03:13 -08:00
qoijjj
6c13b8293b chronyd hardening 2023-12-09 23:30:23 -08:00
qoijjj
a3ddde977b Hardened chromium config 2023-12-09 23:22:53 -08:00
qoijjj
a68efdc6bd Merge branch 'template' into live 2023-12-09 23:22:39 -08:00
David Personette
525412fcf2 Fix: release-iso.yml to not fail if no images are returned (#202) 
Builds started failing once #195 was merged. This fixed the release-iso workflow for me.
 2023-12-10 06:24:26 +00:00
qoijjj
3d8642b0ad Add note about chromium to readme 2023-12-08 14:17:44 -08:00