scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-25 14:35:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,160 Commits 1 Branch 0 Tags
8e4bffea830697828e2d69117b5bec9113e6463c
Commit Graph

1160 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
RoyalOughtness
8e4bffea83 docs: clarify note about flatpak/bwrap suid bit (#625) 2024-11-29 23:59:51 -08:00
Shubham Sharma
ed740c391a docs: Add steps to build images locally using bluebuild. (#622) 2024-11-29 23:19:18 -08:00
RoyalOughtness
1fbede8921 fix: gnome user extensions toggle doesn't require run0 (#624) 2024-11-28 00:45:03 -08:00
RoyalOughtness
55bbadfc0d fix: add back nvidia-modprobe suid-bit (#621) 2024-11-27 13:34:15 -08:00
RoyalOughtness
5253aa2eee docs: add note about the wheel user (#616) 2024-11-26 16:18:09 -08:00
RoyalOughtness
548dfeed94 docs: add note about recommendation (#617) 2024-11-26 15:54:05 -08:00
RoyalOughtness
5f7a6d2a6f feat: (almost) entirely remove suid (#606) 2024-11-26 15:06:03 -08:00
RoyalOughtness
64d0419fa0 docs: add wheel group note (#613) 2024-11-26 12:18:46 -08:00
RoyalOughtness
42e6d811b3 fix: add back malcontent ui libs (#609) 
As there's no reason not to include them
 2024-11-25 11:51:05 -08:00
RoyalOughtness
5c64aa0a6d chore: remove negativo gstreamer-plugins-bad (#608) 
as it pulls in an excessive number of dependencies
 2024-11-23 23:28:09 -08:00
RoyalOughtness
241ba8a93e fix: policy.json needs to be in /usr/etc (#607) 2024-11-22 16:06:54 -08:00
RoyalOughtness
a3b90c83fd fix: add back missing ujust completions (#605) 2024-11-22 11:32:14 -08:00
RoyalOughtness
261936654f chore: copy config from upstream and remove dep (#593) 2024-11-21 17:23:06 -08:00
spaceoden
5172baa133 fix: motd when no image tag is in use (#602) 2024-11-21 11:51:00 -08:00
spaceoden
f24e3432a6 fix: dns-selector: correct set_browser_policy prompt to match code (#597) 2024-11-18 10:03:59 -08:00
RoyalOughtness
85ca395515 feat: improved installation mechanism (#564) 2024-11-18 09:50:57 -08:00
RoyalOughtness
944a9e80b9 fix: motd for securecore images (#600) 2024-11-18 09:37:42 -08:00
spaceoden
45b74a9be8 fix: remove sushi and gnome photos from yafti (#596) 2024-11-18 09:24:44 -08:00
spaceoden
b99f3bc7d1 feat: audit-secureblue: add suggestions for new perm checks (#586) 2024-11-18 01:40:35 -08:00
graphenelover
c89ed738f9 docs: command correction for gpasswd (#538) 2024-11-18 01:14:50 -08:00
spaceoden
e8505c2eff fix: set variables to intended default if empty response is recieved (#599) 2024-11-18 00:46:40 -08:00
spaceoden
2e990be137 feat: harden-flatpak: add optional parameter to apply it to specific app (#567) 2024-11-17 15:57:24 -08:00
RoyalOughtness
ee71b84dcd chore: set trivy to also scan for misconfig (#592) 2024-11-17 13:13:18 -08:00
RoyalOughtness
d9765487dd fix: shorten faq link so that it fits inside the default ptyxis width (#590) 2024-11-15 17:15:05 -08:00
RoyalOughtness
de16e2d859 fix: skip rebasing if image is already signed (#587) 2024-11-15 15:30:49 -08:00
RoyalOughtness
8f376c66eb docs: add trivy badge (#585) 2024-11-15 14:54:52 -08:00
RoyalOughtness
ba5969e572 fix: grant trivy write access to security-events (#584) 2024-11-15 14:06:03 -08:00
RoyalOughtness
8d20457896 feat: add trivy scanning (#581) 2024-11-15 13:16:46 -08:00
RoyalOughtness
150b2c2b25 feat: numerous fixes and improvements (#580) 2024-11-15 12:13:44 -08:00
spaceoden
f8c909409f feat: audit-secureblue: add recommendations to warnings (#566) 2024-11-15 10:55:41 -08:00
RoyalOughtness
b0373417c0 feat: add link validation (#579) 2024-11-14 22:32:07 -08:00
spaceoden
897731d571 feat: audit-secureblue: add checks for device=all and absence of host-os:ro (#565) 2024-11-14 18:34:13 -08:00
Root
db3d24a835 feat: implement just dns-selector and add to post install (#571) 2024-11-14 17:39:54 -08:00
Mystrain
d5595b4860 fix: comment description whitespace 2024-11-14 12:48:29 -08:00
RadioAddition
770902be30 docs: add FAQ entry for upstream chromium bug (#574) 2024-11-14 12:36:10 -08:00
RoyalOughtness
ab60fbbd1e fix: ensure podman auto updates for system as well as uesr (#573) 2024-11-13 14:15:25 -08:00
RoyalOughtness
2c5142597e chore: add pull request build (#557) 2024-11-12 22:51:26 -08:00
RoyalOughtness
986f3fe109 chore: only lint justfiles if justfiles are modified (#570) 2024-11-12 16:59:23 -08:00
Mystrain
cd6f696142 feat: add ujust debug-info (#569) 2024-11-12 16:16:23 -08:00
RoyalOughtness
1b4b8bed49 docs: improve package installation instructions (#568) 2024-11-12 09:51:16 -08:00
mintpilo
033b39e964 chore: add cleanup for chrony state (#561) 
From GrapheneOS: ntsdumpdir gradually creates stale state.

Co-authored-by: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
 2024-11-12 09:13:56 -08:00
RoyalOughtness
95e7b5a768 chore: add pull request justfile linting (#562) 2024-11-11 21:32:22 -08:00
mintpilo
a4a3b2f0cb chore: Update chrony.conf (#558) 2024-11-11 16:59:18 -08:00
RoyalOughtness
1a0e631f5e fix: move brew validation after brew is installed (#559) 2024-11-11 16:49:07 -08:00
RoyalOughtness
e86816d052 chore: switch to bluebuild's justfile module with validation (#556) 2024-11-11 16:11:37 -08:00
RoyalOughtness
702184e3d5 chore: create SECURITY.md (#555) 2024-11-11 15:55:27 -08:00
RoyalOughtness
d88efdfbb5 chore: remove build dependency on yq (#554) 2024-11-11 15:31:45 -08:00
RoyalOughtness
fdf48b2d32 feat: pin github actions to specific commits, following codacy suggestions 2024-11-11 13:27:14 -08:00
RoyalOughtness
a6025e2c4b breakfix: Revert "feat: audit-secureblue: check for filesystem=host:ro and device=all (#535)" (#550) 
This reverts commit d376dd0180.
 2024-11-11 11:20:56 -08:00
spaceoden
d376dd0180 feat: audit-secureblue: check for filesystem=host:ro and device=all (#535) 2024-11-11 09:04:12 -08:00