scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-08 14:23:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
775 Commits 1 Branch 0 Tags
fcad88df913f8b604106be5aefadb403fdff256d
Commit Graph

55 Commits

Author SHA1 Message Date
qoijjj
c4b73ca409 feat: add back container policy hardening 2024-05-16 13:18:12 -07:00
qoijjj
459acc2fb5 fix: use separate signing module for shared cosign pubkey across secu… (#279) 
* fix: use separate signing module for shared cosign pubkey across secureblue images

* fix: use secureblue-signing

* fix script

* fix script (again)
 2024-05-16 12:11:02 -07:00
qoijjj
f673ae01f3 fix: reference repos in /etc instead of /usr/etc 2024-05-14 15:57:11 -07:00
qoijjj
76db56ccc1 fix: mirror script 2024-05-14 15:51:09 -07:00
qoijjj
3b9ae540ac feat: always use https mirrors for layering 2024-05-14 15:30:17 -07:00
qoijjj
d3169a1132 feat: harden container policy.json 2024-05-14 13:29:34 -07:00
qoijjj
9d6b7c60ff feat: opt out of homebrew analytics by default 2024-05-13 17:23:29 -07:00
qoijjj
cdbe5e9719 fix: include wget script 2024-05-09 19:44:52 -07:00
qoijjj
f3ec42e58e feat: add necessary init script, then add additional selinux tooling with alerts disabled by default 2024-04-07 20:37:23 -07:00
qoijjj
3be6988aa4 revert: feat: add additional selinux tooling, until bluebuild supports this package 2024-04-06 19:38:33 -07:00
qoijjj
b8db54dd62 feat: add additional selinux tooling 2024-04-06 13:45:03 -07:00
qoijjj
29eee4b804 fix: create parent dirs for upower on server images 2024-03-13 13:39:21 -07:00
qoijjj
83ad8d1377 improve: move upower workaround to scripts 2024-03-13 12:48:58 -07:00
qoijjj
6686d9ecc9 chore: remove deprecated images 2024-03-11 18:04:13 -07:00
qoijjj
67180c5a02 fix: update addchromiumdesktopfile.sh to reflect upstream changes 2024-03-07 22:08:39 -08:00
qoijjj
e34d5d7a0d chore: remove unused files from migration 2024-02-26 10:25:48 -08:00
qoijjj
1568df0fad fix: use improved workaround for nvidia optimus on gnome 2024-02-15 19:46:21 -08:00
qoijjj
5dc1f9198f improve: only set nvidia power management for nvidia laptop images 2024-01-25 23:00:00 -08:00
qoijjj
2a68fafeb3 fix: build for server images 2024-01-25 22:05:16 -08:00
qoijjj
06f6aa788d fix: switch to a resolved drop-in 2024-01-22 13:43:25 -08:00
qoijjj
a374ce5ae9 feat: opportunistic DNSSEC and DNSOverTLS 2024-01-22 13:10:21 -08:00
qoijjj
af121aa652 feat: cinnamon images with wayland session, improvements for nvidia optimus laptops 2024-01-21 16:02:25 -08:00
qoijjj
eaffb60cb5 fix: build failure 2024-01-09 18:13:08 -08:00
qoijjj
7d63ce5804 fix: firewall config name for server, and file permissions 2024-01-09 17:36:42 -08:00
qoijjj
f99da857c7 improve: various configs and file permissions 2024-01-09 13:14:21 -08:00
qoijjj
7c552f85cf use file override instead of script for ssh firewall rule 2024-01-09 01:05:04 -08:00
qoijjj
192d3bb6f7 enable ssh for server variants 2024-01-09 00:47:59 -08:00
qoijjj
e768d4a0f6 fix: coreos images to allow image signing 2024-01-08 01:25:09 -08:00
qoijjj
e511f85c6b fix: dirname in script 2024-01-08 00:54:56 -08:00
qoijjj
38ff34f90a cleanup server packages 2024-01-08 00:33:00 -08:00
qoijjj
65906a2c5d ensure policy.json exists 2024-01-08 00:06:03 -08:00
qoijjj
88d39b3c17 for create containers dir 2024-01-07 23:51:35 -08:00
qoijjj
b2cd52d28e include wget for server images 2024-01-06 20:04:09 -08:00
qoijjj
8c80e1d283 add sed parameter and fix order 2023-12-30 14:32:02 -08:00
qoijjj
7cb48cf75d add wayfire 2023-12-29 23:58:34 -08:00
qoijjj
69f00ae44f fix kargs for bluefin 2023-12-22 14:10:25 -08:00
qoijjj
681f3455f5 Add bluefin images 2023-12-22 10:28:35 -08:00
qoijjj
a111e47b84 set suid on bubblewrap from fedora 2023-12-18 12:10:51 -08:00
qoijjj
38999d4123 Add userns-enabled variant to give the users choice on the tradeoff between userns and non-userns 2023-12-16 13:11:41 -08:00
qoijjj
bee997577b Add cups back to the image and disable it by default. Include a just command to enable it if the user chooses. 2023-12-10 00:03:13 -08:00
34n0
3685fa6daa feat: 🔒 harden and enable pam faillock, password encryption & quality suggestions 2023-12-08 13:40:46 -08:00
qoijjj
0ddc0e65d3 Add server versions 2023-12-05 14:33:21 -08:00
qoijjj
d69f1c8a24 Switch to non-koji chromium 2023-12-04 19:22:08 -08:00
qoijjj
acfb2827c7 Add bubblejail 2023-11-29 19:55:32 -08:00
qoijjj
0167df08d9 Remove podman and all dependent packages 2023-11-29 19:43:02 -08:00
qoijjj
b05f0e2098 Switch to a more reliably updated build tag for chromium 2023-11-29 13:22:42 -08:00
qoijjj
cb11fbcaae Rebase secureblue with a new, clean commit history 2023-11-26 16:42:27 -08:00
gerblesh
e4114fd656 fix: specify image name in policy.json (#176) 
There was talk on the discord about not being able to pull in images with podman because the signing policy included *every* image inside of the user's ghcr account. Which means that images not signed with the same key won't be able to be pulled down
 2023-10-06 09:49:56 +00:00
xynydev
8596d5381e fix: ublue-update failure when signing image 2023-10-01 17:06:30 +03:00
gerblesh
5838d0fce4 feat: create /usr/share/ublue-os/image-info.json inside signing.sh (#157) 
* feat: create /usr/share/ublue-os/image-info.json inside signing.sh

* chore: remove debug call to cat, fix formatting
 2023-09-22 09:22:38 +00:00