scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-01 10:57:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,154 Commits 1 Branch 0 Tags
5f7a6d2a6fdd2852a4ab1a86de3578cac9ffb96a
Commit Graph

46 Commits

Author SHA1 Message Date
RoyalOughtness
5f7a6d2a6f feat: (almost) entirely remove suid (#606) 2024-11-26 15:06:03 -08:00
RoyalOughtness
a3b90c83fd fix: add back missing ujust completions (#605) 2024-11-22 11:32:14 -08:00
RoyalOughtness
261936654f chore: copy config from upstream and remove dep (#593) 2024-11-21 17:23:06 -08:00
RoyalOughtness
150b2c2b25 feat: numerous fixes and improvements (#580) 2024-11-15 12:13:44 -08:00
RoyalOughtness
ab60fbbd1e fix: ensure podman auto updates for system as well as uesr (#573) 2024-11-13 14:15:25 -08:00
RoyalOughtness
e86816d052 chore: switch to bluebuild's justfile module with validation (#556) 2024-11-11 16:11:37 -08:00
RoyalOughtness
de8a761523 fix: set server default zone back to FedoraServer (#509) 2024-11-01 14:21:59 -07:00
qoijjj
fd1c1b1875 feat: Fedora 41 (#503) 
* feat: migrate to f41

* exclude yafti until it's available for f41

* build fixes

* use correct wayblue f41 branch tag

* fix: add yafti back

* feat: include google-noto-fonts-all for universal font coverage

* fix: typo

* chore: use negativo for all nvidia stuff, then remove the repo

* add debug line

* fix nvidia builds

* fix file path

* prep for 41

* remove redundant systemctl commands

* remove dkmshelper

* include minimal server components for nvidia

* fix typo

* prep for f41

* fix nvidia server modules

* various fixes

* more fixes

* fix (again)

* move gstreamer packages

* more gstreamer refactoring

* include additional removal
 2024-10-30 14:07:46 -07:00
qoijjj
b66a70eb60 fix: force enable autoupdate across the board by default 2024-10-26 17:17:35 -07:00
qoijjj
f0d3f635b1 fix: brew import for wayblue images 2024-10-18 14:17:59 -07:00
qoijjj
f0bab7f5b2 feat: nvidia-open images, major streamlining, bugfixes, and polish (#461) 2024-10-17 18:20:58 -07:00
qoijjj
f3e7e29bf2 feat: ship subresource filter 🎉 2024-10-09 16:39:05 -07:00
qoijjj
de054f68d3 feat: disable sssd daemons by default 2024-10-05 12:22:51 -07:00
qoijjj
1a395452ba chore: fix typo 2024-10-05 01:32:37 -07:00
qoijjj
e52f013007 fix: include missing script in gui-scripts 2024-10-05 00:51:04 -07:00
qoijjj
ef31725665 fix: disable nfs daemons instead of removing packages due to postuninstall bug in nfs-utils 2024-10-05 00:09:53 -07:00
qoijjj
7d8c9dcf98 feat: disable auxiliary services by default 2024-10-04 23:50:14 -07:00
qoijjj
24a005ce99 chore: disable avahi-daemon by default 2024-10-04 23:07:27 -07:00
qoijjj
c1a6df74e6 fix: clashing quotes 2024-09-30 13:58:39 -07:00
qoijjj
4a1dd61a31 fix: import brew justfile 2024-09-30 13:07:27 -07:00
qoijjj
989389e8da chore: switch rechunked images to hardened_malloc-light and demote them to experimental 2024-09-29 00:13:44 -07:00
qoijjj
c68039132a fix: add brew justfile due to upstream move 2024-09-20 23:41:28 -07:00
Ivo Damjanović
fefc64baba feat: stop overwriting 60-custom.just for better compatibility with upstream bluebuild and downstream user builds (#409) 
* feat: create addjustconfig.sh to include custom commands at buildtime

* fix: 60-custom.just.readme.md to 61-custom.just.readme.md

* fix: Rename 60-custom.just to 61-custom.just

* feat: add just config script to enabled scripts

* fix: rename to 70-secureblue.just

* fix: Rename 61-custom.just.readme.md to 70-secureblue.just.readme.md

* fix: rename to 70-secureblue.just
 2024-08-29 11:53:56 -07:00
qoijjj
d5be94b441 fix: ensure all relevant firstboot files are removed 2024-08-28 15:04:26 -07:00
qoijjj
185f539364 fix: securecore build 2024-08-26 00:32:31 -07:00
qoijjj
967c7551ad feat: sgid reduction (#392) 
* feat: also remove sgid bit

* Update yafti.yml

* Update yafti.yml
 2024-08-23 14:13:22 -07:00
qoijjj
c526c770ba feat: additional setuid reduction and removal of unused packages (#388) 
* feat: additional setuid reduction and removal of unused packages

* leave packages but keep suid removal
 2024-08-23 00:00:54 -07:00
qoijjj
c711b3c398 feat: include brew autoupdate services 2024-08-22 22:38:00 -07:00
qoijjj
8c9d2e341c chore: remove patch merged upstream 2024-08-20 11:33:20 -07:00
qoijjj
9d929fb087 chore: adjust patch in response to upstream changes 2024-08-19 15:20:41 -07:00
qoijjj
5d4d755b96 chore: remove unusable toggle-nvk just command 2024-08-18 22:04:23 -07:00
qoijjj
4c04c11b90 fix: typo in justfile script 2024-08-18 20:21:41 -07:00
qoijjj
357ce2934e feat: add tpm2 unlock improvements 2024-08-18 20:00:33 -07:00
qoijjj
78198f4e5a feat: patch brew installation just command to not require wheel 2024-08-18 18:35:56 -07:00
Ivo Damjanović
94eca70c71 fix: container policy hardening script for cosmic images (#367) 2024-08-10 20:54:31 -07:00
qoijjj
0104d6a697 fix: revert container policy hardening migration to /etc until upstream migrates 2024-08-08 17:28:44 -07:00
qoijjj
3fb96ece10 chore: move /usr/etc to /etc per upstream rpm-ostree recommendation 2024-08-08 15:48:30 -07:00
qoijjj
78b531846d chore: fix build by isolating silverblue-only package 2024-08-06 10:39:05 -07:00
qoijjj
2318f83a9a chore: ensure package consistency across images 2024-08-06 10:01:13 -07:00
qoijjj
b31aff0994 fix: prevent bluefin yafti from starting 2024-07-30 00:22:30 -07:00
qoijjj
abcdd4e3ac chore: remove chsh 2024-07-28 21:39:58 -07:00
qoijjj
45c9506980 feat: switch to hardened-chromium (#343) 
* fix: selinux policy for chrome suid sandbox

* feat: switch to hardened-chromium
 2024-07-28 21:12:45 -07:00
qoijjj
c16debbdd4 Revert "feat: switch to hardened-chromium (#332)" 
This reverts commit 721ad757b5.
 2024-07-25 00:15:25 -07:00
qoijjj
721ad757b5 feat: switch to hardened-chromium (#332) 2024-07-24 23:35:23 -07:00
qoijjj
23fde33ad6 feat: disable geoclue by default 2024-07-22 17:38:27 -07:00
qoijjj
0c1551df09 chore: bump dependencies and migrate to bluebuild 1.6 2024-07-21 14:33:53 -07:00