scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-02 03:18:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
812 Commits 1 Branch 0 Tags
c6724ec997c97e3da91b09c41624b1fb6b986efd
Commit Graph

812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
qoijjj
c6724ec997 fix: temporarily pinning 40-20240617 due to upstream breakage (https://github.com/fedora-silverblue/issue-tracker/issues/543) 2024-06-18 12:42:37 -07:00
Tommy
456cac1804 Blacklist reiserfs (#290) 
No one will fix it anytime soon
 2024-06-18 11:49:11 -07:00
qoijjj
c38d505e24 fix: use sigstore attachments for davincibox 2024-06-17 00:45:12 -07:00
qoijjj
791f8846bb feat: add davincibox container signing policy 2024-06-17 00:12:53 -07:00
Tommy
91b823b195 Use /bin/false everywhere in kernel module blacklist (#288) 
Signed-off-by: Tommy <contact@tommytran.io>
 2024-06-16 20:51:20 -07:00
qoijjj
c254835126 fix: add container signing exception for build-container installer while waiting for upstream fix 2024-06-16 11:22:15 -07:00
friendly-rabbit-35
062237545e fix: remove Chromium policies that are deprecated and not applicable (#286) 
* Remove deprecated and inapplicable Chromium policies

* Remove mentions of deleted Chromium policies from docs
 2024-06-15 23:02:42 -07:00
qoijjj
1d41d846c6 fix: gnome console terminal replacement due to recurring dependency issues 
console can still be used in place of terminal by layering
 2024-06-14 07:44:07 -07:00
qoijjj
fb98c74e4e docs: update based on latest policy 2024-06-11 19:07:55 -07:00
qoijjj
8a74542573 chore: remove policies for whom the default setting requires user consent 
For parity with Vanadium
 2024-06-11 18:02:31 -07:00
qoijjj
8fed632ba8 docs: fix broken link 2024-06-10 22:13:54 -07:00
Tommy
cfe7314af1 Disable fs.binfmt_misc.status (#282) 2024-06-08 18:02:50 -07:00
qoijjj
8589c5742e chore: remove redundant package installed by module already 2024-06-06 09:42:40 -07:00
qoijjj
d747acdfac chore: remove python3-pip as it causes hardlinking issues 
and can be installed by layering
 2024-06-05 23:25:10 -07:00
qoijjj
df2daf1736 chore: drop swappiness sysctl in favor of the default 
Fedora uses zram so this adds no benefit unless the user manually created a swapfile. In that case the user can manually set this if desired.
 2024-06-04 08:53:52 -07:00
qoijjj
b17446c3bb chore: add debugfs=off (working again) back to unstable kargs 2024-06-02 22:01:43 -07:00
qoijjj
3cc114c80a chore: add additional modules to blacklist 2024-06-02 21:43:57 -07:00
qoijjj
c283e2677d chore: document module blacklist and fix typos 2024-06-02 21:36:42 -07:00
qoijjj
6382e93570 docs: add donation link to readme 2024-06-02 16:00:33 -07:00
qoijjj
5c969d40c1 docs: update donation page 2024-06-02 15:58:17 -07:00
qoijjj
6a91fc8a94 docs: add initial DONATE page 2024-06-02 15:40:59 -07:00
qoijjj
f7d7e2e299 fix: flag removal sed command 2024-06-02 14:21:47 -07:00
qoijjj
87ad303f5d chore: fix tabs/spaces 2024-06-02 14:18:12 -07:00
qoijjj
2fcb97e5f7 feat: remove unnecessary flag set upstream 2024-06-02 13:43:35 -07:00
qoijjj
b897d2a87f docs: add details for new chromium flags 2024-06-02 13:38:04 -07:00
qoijjj
44b433ff9d feat: audio and network sandboxes in chromium policies 2024-06-02 13:35:32 -07:00
qoijjj
d473326673 feat: set strict chromium extension content and install verification 2024-06-02 13:25:45 -07:00
qoijjj
fdc05bb33a fix: move chromium script to gui-scripts 2024-06-01 23:13:58 -07:00
qoijjj
cdbc3ab677 fix: typo 2024-06-01 23:09:18 -07:00
qoijjj
f38bf8818a fix: point chromium config script at /etc 2024-06-01 22:37:14 -07:00
qoijjj
3cb9143591 chore: update chromium.conf to reflect upstream fixes 2024-06-01 22:23:35 -07:00
qoijjj
c627d6baa4 fix: remove broken upstream logic in chromium.conf 2024-05-28 12:24:13 -07:00
qoijjj
ddaef7ca3f fix: temporary chromium changes awaiting upstream PRs 2024-05-28 11:35:45 -07:00
qoijjj
d34c8e5892 fix: wrong quotes in script 2024-05-28 11:20:08 -07:00
qoijjj
4ec0bb93b7 feat: move chromium flags to a script to append to upstream 2024-05-28 10:06:24 -07:00
qoijjj
83da62112d docs: minor clarification 2024-05-24 00:24:25 -07:00
qoijjj
3b40dc0b41 feat: disable all vscode telem by default for dx images 2024-05-23 12:56:18 -07:00
qoijjj
fcad88df91 docs: update vanadium comparison 2024-05-22 23:05:45 -07:00
qoijjj
d3f6ae206e feat: set distrobox/toolbox to default to signed images (#280) 2024-05-18 15:08:52 -07:00
qoijjj
51327c6599 chore: use common registry config file name 2024-05-16 21:11:34 -07:00
qoijjj
b9baa5a978 chore: set maximize_build_space to true 2024-05-16 16:07:52 -07:00
qoijjj
ef6feeaaf4 fix: build.yml recipe directory 2024-05-16 15:11:36 -07:00
qoijjj
f42df43ee5 chore: bump github action to 1.5.0 2024-05-16 15:07:17 -07:00
qoijjj
c4b73ca409 feat: add back container policy hardening 2024-05-16 13:18:12 -07:00
qoijjj
459acc2fb5 fix: use separate signing module for shared cosign pubkey across secu… (#279) 
* fix: use separate signing module for shared cosign pubkey across secureblue images

* fix: use secureblue-signing

* fix script

* fix script (again)
 2024-05-16 12:11:02 -07:00
qoijjj
03b8337762 docs: add additional readme details 2024-05-15 16:44:01 -07:00
qoijjj
709cf50b3e docs: readme: add detailed logo 2024-05-15 09:42:12 -07:00
qoijjj
aa65f59471 docs: readme: add discord icon 2024-05-15 09:31:05 -07:00
qoijjj
f673ae01f3 fix: reference repos in /etc instead of /usr/etc 2024-05-14 15:57:11 -07:00
qoijjj
76db56ccc1 fix: mirror script 2024-05-14 15:51:09 -07:00