scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-12-15 18:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
434 Commits 1 Branch 0 Tags
dfb6abffa168d0dd227dc9d3a5a8bd9274f63c57
Commit Graph

434 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
xyny
dfb6abffa1 docs: improve modules section in config readme (#209) (#217) 2024-01-24 10:10:17 -07:00
dependabot[bot]
5cf7429540 build(deps): bump ublue-os/isogenerator from 2.3.0 to 2.3.1 (#227) 
Bumps [ublue-os/isogenerator](https://github.com/ublue-os/isogenerator) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ublue-os/isogenerator/releases)
- [Changelog](https://github.com/ublue-os/isogenerator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ublue-os/isogenerator/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: ublue-os/isogenerator
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-15 16:04:37 +00:00
fiftydinar
df4f3301ae feat: Add akmods module (#212) 
* feat: Add kmods installer module

Credits: @C0dePlayer

This is not ideal as it does not support custom kernels & it involves editing Containerfile.

I believe there is no other way but to make users edit Containerfile for those files to be even pulled of.

I would like this to be through the recipe only, so I will put this as a draft until some better ideas come.

* Update Containerfile

Related to this:

d76cca4f3a/modules/akmods/README.md

* Clarify change of akmod version better

Part of adding support for Surface & Asus images.
 2024-01-14 17:24:03 +00:00
fiftydinar
80b3ac0ffd feat: Bump ISO generator to v2.3.0 (#221) 
Installs secure boot/akmod key on all images
 2024-01-12 11:23:15 +00:00
dependabot[bot]
6b2584ff0c build(deps): bump AdityaGarg8/remove-unwanted-software from 1 to 2 (#219) 
Bumps [AdityaGarg8/remove-unwanted-software](https://github.com/adityagarg8/remove-unwanted-software) from 1 to 2.
- [Release notes](https://github.com/adityagarg8/remove-unwanted-software/releases)
- [Commits](https://github.com/adityagarg8/remove-unwanted-software/compare/v1...v2)

---
updated-dependencies:
- dependency-name: AdityaGarg8/remove-unwanted-software
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 18:32:57 +00:00
dependabot[bot]
4963395cd1 build(deps): bump EyeCantCU/cosign-action from 0.2.1 to 0.2.2 (#220) 
Bumps [EyeCantCU/cosign-action](https://github.com/eyecantcu/cosign-action) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/eyecantcu/cosign-action/releases)
- [Changelog](https://github.com/EyeCantCU/cosign-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eyecantcu/cosign-action/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: EyeCantCU/cosign-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 18:25:34 +00:00
Jorge O. Castro
ceba328fb5 Merge pull request #213 from ublue-os/just-import 
chore: migrate justfile to import
 2024-01-04 18:47:07 -05:00
Jorge O. Castro
ee9b4bff3e Merge branch 'template' into just-import 2024-01-04 18:44:06 -05:00
RJ Trujillo
52e6a456ad feat(ci): Verify base image with cosign before building (#211) 
* feat(ci): Verify base image with cosign before building

Validates the integrity of the base image being built from via cosign
before continuing to build. Ensures we only build with signed images

* fix(ci): Extract base image name from base image URL for verification
 2023-12-31 10:41:45 +00:00
xyny
f35d3c2544 fix: add single quotes for paths 2023-12-31 10:39:17 +00:00
xyny
d6806f9327 chore: migrate justfile to import 
https://github.com/ublue-os/config/issues/178
 2023-12-27 10:20:53 +00:00
dependabot[bot]
b597ecd833 build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#208) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-18 17:59:24 +00:00
dependabot[bot]
be8810523e build(deps): bump mikefarah/yq from 4.40.4 to 4.40.5 (#207) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.4 to 4.40.5.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.40.4...v4.40.5)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-18 17:51:00 +00:00
Menno Finlay-Smits
d124a99d38 feat: Check that cosign.pub matches private key (#193) 
This avoids images which can't be updated due to `invalid signature`
errors because cosign.pub doesn't match the private key actually used
for signing. The error is caught early in the build process as there's
no point creating an image if cosign.pub is wrong.

Co-authored-by: mjs <mjs@users.noreply.github.com>
 2023-12-17 10:31:35 +00:00
plata
f432ff4acc fix: do not format just files in CI (#205) 2023-12-13 19:10:52 +00:00
dependabot[bot]
9aa7bb2740 build(deps): bump mikefarah/yq from 4.40.3 to 4.40.4 (#201) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.3 to 4.40.4.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.40.3...v4.40.4)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-10 15:58:59 +00:00
David Personette
525412fcf2 Fix: release-iso.yml to not fail if no images are returned (#202) 
Builds started failing once #195 was merged. This fixed the release-iso workflow for me.
 2023-12-10 06:24:26 +00:00
dependabot[bot]
f981550009 build(deps): bump mikefarah/yq from 4.40.2 to 4.40.3 (#200) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.2 to 4.40.3.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.40.2...v4.40.3)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-28 17:37:16 +00:00
qoijjj
d0af9ce748 fix: typo (#199) 2023-11-26 07:57:43 +00:00
ArtikusHG
9b3db9c3ac feat: add just syntax checker (#194) 
* feat: add just syntax checker

* fix: create empty file to pass just syntax check

* fix: use relative path to pass just syntax check

* fix: justfiles cannot be empty to pass the syntax check

* fix: format justfiles

* docs: 100-bling.just explain purpose

---------

Co-authored-by: xyny <60004820+xynydev@users.noreply.github.com>
 2023-11-22 15:26:27 +00:00
RJ Trujillo
fefcf238a3 Merge pull request #195 from ublue-os/gh-iso-r-fix 
fix: use -R flag to select repo on iso-deleting `gh` commands
 2023-11-22 05:54:11 -07:00
xyny
9000df9224 fix: use -R flag to select repo on iso-deleting gh commands 2023-11-22 12:23:15 +00:00
xyny
a5b47ac306 feat: delete all previous ISOs when re-releasing (#185) 2023-11-20 16:20:24 +00:00
dependabot[bot]
6b4e4ab3fc build(deps): bump mikefarah/yq from 4.40.1 to 4.40.2 (#192) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.1 to 4.40.2.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.40.1...v4.40.2)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-20 12:43:11 +00:00
dependabot[bot]
16792c3f17 build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#188) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-18 12:43:01 +00:00
dependabot[bot]
68e5b85020 build(deps): bump mikefarah/yq from 4.35.1 to 4.40.1 (#189) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.35.1 to 4.40.1.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.35.1...v4.40.1)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-18 12:39:31 +00:00
Lordus Kordus
f368282b9d chore(ci): Build at 16:30 UTC (#187) 
Nvidia images are now being built at 15:30 UTC. Startingpoint images should be built one hour after that.
 2023-11-10 20:38:39 +00:00
fiftydinar
2b0f8fc7eb chore: Bump to Fedora 39 (#186) 
* Bump release-iso workflow to Fedora 39

* Pin isogenerator version

It is recommended in order to avoid some unexpected changes to the maintainer.

* Update other recipe & containerfile to reflect Fedora 39 change
 2023-11-08 16:22:25 +00:00
dependabot[bot]
0645f7ca23 build(deps): bump ASzc/change-string-case-action from 5 to 6 (#178) 
Bumps [ASzc/change-string-case-action](https://github.com/aszc/change-string-case-action) from 5 to 6.
- [Release notes](https://github.com/aszc/change-string-case-action/releases)
- [Commits](https://github.com/aszc/change-string-case-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: ASzc/change-string-case-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-05 11:17:01 +00:00
plata
0adc287b55 docs (README): run 'rpm-ostree rebase' without sudo (#183) 2023-11-02 10:16:01 +00:00
plata
26491cc6b7 chore: update bling list (#181) 
* chore: update bling list

* Review comments
 2023-11-01 12:24:30 +00:00
gerblesh
e4114fd656 fix: specify image name in policy.json (#176) 
There was talk on the discord about not being able to pull in images with podman because the signing policy included *every* image inside of the user's ghcr account. Which means that images not signed with the same key won't be able to be pulled down
 2023-10-06 09:49:56 +00:00
gerblesh
d9b145981a Merge pull request #170 from ublue-os/module-working-dir 
docs: module working directory, style guides
 2023-10-01 08:45:10 -07:00
gerblesh
37ce0fda36 Merge branch 'template' into module-working-dir 2023-10-01 08:40:16 -07:00
gerblesh
82358d29db Merge pull request #172 from ublue-os/fix-default-config 
chore: rm deprecated fonts bling from recipe
 2023-10-01 07:30:04 -07:00
gerblesh
aea72dfac1 Merge branch 'template' into module-working-dir 2023-10-01 07:27:36 -07:00
gerblesh
1cefd2ca95 Merge branch 'template' into fix-default-config 2023-10-01 07:25:58 -07:00
gerblesh
0df5ec02c5 Merge pull request #171 from ublue-os/167-ublue-update-fails-on-unsigned-image 
fix: ublue-update failure when signing image
 2023-10-01 07:24:58 -07:00
xynydev
29a0cd13b3 chore: rm deprecated fonts bling from recipe 2023-10-01 17:13:20 +03:00
xynydev
8596d5381e fix: ublue-update failure when signing image 2023-10-01 17:06:30 +03:00
xynydev
1691ad8d4f docs: yaml not yml, directions qualifier 2023-10-01 16:36:45 +03:00
xynydev
2fb7aefbb6 docs: correct title casing in style guide 2023-10-01 16:21:23 +03:00
xynydev
7e08a383c9 docs: grammar recommendations 2023-10-01 15:32:14 +03:00
xynydev
1d9e6f20ff docs: chore: remove ":" from Example configuration 
this change should be propagated to bling
 2023-10-01 15:27:26 +03:00
xynydev
4645605c6b docs: how to refer to modules in module READMEs 2023-10-01 15:26:26 +03:00
xynydev
8b48f8c765 docs: module working directory, style guides 2023-10-01 15:24:06 +03:00
Kyle Gospodnetich
4c2d9285a1 chore(ci): Maximize build space (#165) 2023-09-29 04:57:24 +00:00
gerblesh
1f32893fd6 fix: remove image-info.json from base image if it exists (#162) 
* fix: remove image-info.json from base image if it exists

This just makes it so if the user forgets to run the signing script and somehow installs `ublue-update`, `ublue-update` won't try to rebase them to the base image they chose

* docs: clearer comment for image-info remove line

---------

Co-authored-by: xyny <60004820+xynydev@users.noreply.github.com>
 2023-09-25 16:07:59 +00:00
Kyle Gospodnetich
e3cafd0cb6 Merge pull request #163 from ublue-os/just-fix 
fix: accommodate new justfile organization
 2023-09-25 08:33:14 -07:00
xynydev
9f728a120b fix: accommodate new justfile organization 2023-09-25 18:12:56 +03:00