scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2026-01-08 21:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,057 Commits 1 Branch 0 Tags
4a73e0ccce60f652dcbc10e94de2856b4634ddcf
Commit Graph

1057 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
qoijjj
183b0234c2 Merge branch 'template' into live 2024-01-04 22:33:14 -08:00
Jorge O. Castro
ceba328fb5 Merge pull request #213 from ublue-os/just-import 
chore: migrate justfile to import
 2024-01-04 18:47:07 -05:00
Jorge O. Castro
ee9b4bff3e Merge branch 'template' into just-import 2024-01-04 18:44:06 -05:00
qoijjj
357b784ddb fix: image names 2024-01-03 11:05:54 -08:00
qoijjj
b1a7f3f679 add: framework variants 2024-01-03 10:56:56 -08:00
qoijjj
3deb21814d fix: build yml syntax 2024-01-01 16:59:38 -08:00
qoijjj
c4b5927646 Fix new image verification step for wayblue images 2024-01-01 16:57:54 -08:00
qoijjj
f6fb99d63b Merge branch 'ublue-os:template' into live 2023-12-31 14:00:42 -08:00
RJ Trujillo
52e6a456ad feat(ci): Verify base image with cosign before building (#211) 
* feat(ci): Verify base image with cosign before building

Validates the integrity of the base image being built from via cosign
before continuing to build. Ensures we only build with signed images

* fix(ci): Extract base image name from base image URL for verification
 2023-12-31 10:41:45 +00:00
xyny
f35d3c2544 fix: add single quotes for paths 2023-12-31 10:39:17 +00:00
qoijjj
8c80e1d283 add sed parameter and fix order 2023-12-30 14:32:02 -08:00
qoijjj
e10b65e0b7 wayfire related cleanup 2023-12-30 11:52:58 -08:00
qoijjj
7cb48cf75d add wayfire 2023-12-29 23:58:34 -08:00
xyny
d6806f9327 chore: migrate justfile to import 
https://github.com/ublue-os/config/issues/178
 2023-12-27 10:20:53 +00:00
qoijjj
8a6b21bb75 add preinstallation recommendations 2023-12-24 17:33:09 -08:00
qoijjj
aa2e49fa37 Remove lazurite from the images list in the readme 2023-12-24 17:16:31 -08:00
qoijjj
a094c342d0 Remove lazurite images that were added prematurely before full wayland support (#147) 
Remove lazurite images that were added prematurely before full wayland support (#147)
 2023-12-24 17:12:45 -08:00
qoijjj
25cd9abc40 Add push to GHCR steps for staging builds 2023-12-24 14:55:20 -08:00
qoijjj
1150a8a367 Add staging builds 2023-12-24 14:03:43 -08:00
Sadoon Al-Bader
24caa87dab chromium: Disable VAAPI and enable wayland 2023-12-24 13:59:11 -08:00
qoijjj
cc69b3bd0f Add back kwalletmanager 2023-12-23 15:15:09 -08:00
qoijjj
69f00ae44f fix kargs for bluefin 2023-12-22 14:10:25 -08:00
qoijjj
681f3455f5 Add bluefin images 2023-12-22 10:28:35 -08:00
qoijjj
c36b38d0cd Update lazurite-packages.yml 2023-12-21 18:11:09 -08:00
qoijjj
ebed822af6 various lazurite fixes 2023-12-21 17:26:46 -08:00
qoijjj
e2b23fb272 Add lazurite images 2023-12-21 16:21:30 -08:00
qoijjj
4feb586953 Add lazurite images 2023-12-21 16:20:31 -08:00
qoijjj
efee9d59a5 Merge branch 'template' into live 2023-12-18 12:11:50 -08:00
qoijjj
a111e47b84 set suid on bubblewrap from fedora 2023-12-18 12:10:51 -08:00
dependabot[bot]
b597ecd833 build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#208) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-18 17:59:24 +00:00
dependabot[bot]
be8810523e build(deps): bump mikefarah/yq from 4.40.4 to 4.40.5 (#207) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.4 to 4.40.5.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.40.4...v4.40.5)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-18 17:51:00 +00:00
qoijjj
b9c058a537 Merge branch 'template' into live 2023-12-17 12:44:03 -08:00
Menno Finlay-Smits
d124a99d38 feat: Check that cosign.pub matches private key (#193) 
This avoids images which can't be updated due to `invalid signature`
errors because cosign.pub doesn't match the private key actually used
for signing. The error is caught early in the build process as there's
no point creating an image if cosign.pub is wrong.

Co-authored-by: mjs <mjs@users.noreply.github.com>
 2023-12-17 10:31:35 +00:00
qoijjj
38999d4123 Add userns-enabled variant to give the users choice on the tradeoff between userns and non-userns 2023-12-16 13:11:41 -08:00
qoijjj
b4c41e6b13 Clarify chromium instead of firefox in the readme 2023-12-15 17:29:37 -08:00
qoijjj
ab909d5991 Add additional details 2023-12-15 17:22:43 -08:00
qoijjj
4ed2b34b16 Clarify the readme line about degoogling 2023-12-15 17:02:44 -08:00
qoijjj
2d938de8f2 Add an explanation for JITless chromium to the readme 2023-12-15 17:00:35 -08:00
qoijjj
897fd315be Remove readme line that's no longer accurate 2023-12-15 16:59:37 -08:00
qoijjj
e1c0af99d8 Merge branch 'ublue-os:template' into live 2023-12-13 14:14:39 -08:00
qoijjj
1cf19d4dbd Add kargs password prompt for yafti 2023-12-13 11:39:20 -08:00
plata
f432ff4acc fix: do not format just files in CI (#205) 2023-12-13 19:10:52 +00:00
qoijjj
5dd011c078 Disable io_uring, see inline comment for details 2023-12-11 10:49:16 -08:00
qoijjj
9b5a4302d2 Fix readme error 2023-12-11 10:47:19 -08:00
qoijjj
822f4f0277 Update ld.so.preload according to #119 
https://github.com/secureblue/secureblue/issues/119
 2023-12-11 09:04:49 -08:00
qoijjj
d5f3a6b4bd Merge branch 'template' into live 2023-12-10 15:07:37 -08:00
dependabot[bot]
9aa7bb2740 build(deps): bump mikefarah/yq from 4.40.3 to 4.40.4 (#201) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.3 to 4.40.4.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.40.3...v4.40.4)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-10 15:58:59 +00:00
qoijjj
6de5711665 Added clarifications in the readme 2023-12-10 01:29:33 -08:00
qoijjj
0c3aa1ade3 Add more hardening details to the readme 2023-12-10 00:48:53 -08:00
qoijjj
f24704397a move jitless flag for chromium to the correct location for fedora 2023-12-10 00:47:48 -08:00