scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-01 02:47:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,079 Commits 1 Branch 0 Tags
fd1c1b1875b7a7f4d374d9e4630b87e75891e92e
Commit Graph

99 Commits

Author SHA1 Message Date
qoijjj
fd1c1b1875 feat: Fedora 41 (#503) 
* feat: migrate to f41

* exclude yafti until it's available for f41

* build fixes

* use correct wayblue f41 branch tag

* fix: add yafti back

* feat: include google-noto-fonts-all for universal font coverage

* fix: typo

* chore: use negativo for all nvidia stuff, then remove the repo

* add debug line

* fix nvidia builds

* fix file path

* prep for 41

* remove redundant systemctl commands

* remove dkmshelper

* include minimal server components for nvidia

* fix typo

* prep for f41

* fix nvidia server modules

* various fixes

* more fixes

* fix (again)

* move gstreamer packages

* more gstreamer refactoring

* include additional removal
 2024-10-30 14:07:46 -07:00
qoijjj
16ef609a71 fix: quotation clashes in just script 2024-10-26 19:39:04 -07:00
qoijjj
b66a70eb60 fix: force enable autoupdate across the board by default 2024-10-26 17:17:35 -07:00
mkkvcs
a6b58f042b feat: Enable and prefer temporary addresses (#481) 2024-10-23 17:02:38 -07:00
Rubiginosa
2688625ead fix: Add check for sysctl runtime state (#469) 
* Add check for sysctl runtime state

* improve variable naming
 2024-10-23 14:19:21 -07:00
Rubiginosa
3f240dd334 feat: add check for container policy (#471) 
Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-10-23 13:55:29 -07:00
mintpilo
58e1c3b07f fix: typo that would cause additional kargs to not be applied, and make read lines look nicer (#473) 
So sorry...
 2024-10-18 22:15:08 -07:00
mintpilo
0caa1fb436 feat: consolidate kargs scripts, and docs polishing (#457) 2024-10-18 20:00:13 -07:00
qoijjj
9e94c11aeb fix: various build fixes 2024-10-18 14:57:52 -07:00
qoijjj
f0d3f635b1 fix: brew import for wayblue images 2024-10-18 14:17:59 -07:00
Edward Miller
e7c0f0c320 feat: add filesystems to blacklist (#451) 
Co-authored-by: Edward Miller <symbiogenisis@outlook.com>
Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com>
 2024-10-18 12:05:47 -07:00
qoijjj
7e5a9d49e2 feat: add new karg to audit script 2024-10-17 18:44:35 -07:00
qoijjj
4a73e0ccce fix: missing backslash in ujust command 2024-10-17 18:43:04 -07:00
qoijjj
f0bab7f5b2 feat: nvidia-open images, major streamlining, bugfixes, and polish (#461) 2024-10-17 18:20:58 -07:00
mintpilo
287f0970b5 fix: Replace Extensions Manager with Extensions (#445) 2024-10-11 13:21:07 -07:00
qoijjj
f3e7e29bf2 feat: ship subresource filter 🎉 2024-10-09 16:39:05 -07:00
Rubiginosa
f2bd5e84f6 feat: Add blacklist check for currently loaded modules (#440) 
* Add blacklist check for currently loaded modules

* Remove redundant bluetooth check

* Correct misuse of SYSCTL test string

* return check for flatpak bluetooth

* fix variable name

* fix array size check
 2024-10-09 11:45:07 -07:00
Rubiginosa
59f7b10415 fix: misuse of SYSCTL_TEST_STRING (#442) 2024-10-07 13:18:41 -07:00
qoijjj
de054f68d3 feat: disable sssd daemons by default 2024-10-05 12:22:51 -07:00
qoijjj
bff9eb66fe chore: bluefin/aurora deprecation timeline announcement 2024-10-05 11:57:04 -07:00
qoijjj
1a395452ba chore: fix typo 2024-10-05 01:32:37 -07:00
qoijjj
e52f013007 fix: include missing script in gui-scripts 2024-10-05 00:51:04 -07:00
qoijjj
ef31725665 fix: disable nfs daemons instead of removing packages due to postuninstall bug in nfs-utils 2024-10-05 00:09:53 -07:00
qoijjj
7d8c9dcf98 feat: disable auxiliary services by default 2024-10-04 23:50:14 -07:00
qoijjj
24a005ce99 chore: disable avahi-daemon by default 2024-10-04 23:07:27 -07:00
Rubiginosa
7ae972e095 feat: Add audit-secureblue checks for flatpak bluetooth and ptrace access (#438) 
* Add check for bluetooth and ptrace

* Add check for flatpak bluetooth and ptrace access
 2024-10-04 10:18:14 -07:00
Rubiginosa
5deb22e35b feat: Add audit-secureblue check for system bluetooth and ptrace 2024-10-04 10:12:22 -07:00
qoijjj
c1a6df74e6 fix: clashing quotes 2024-09-30 13:58:39 -07:00
qoijjj
4a1dd61a31 fix: import brew justfile 2024-09-30 13:07:27 -07:00
qoijjj
989389e8da chore: switch rechunked images to hardened_malloc-light and demote them to experimental 2024-09-29 00:13:44 -07:00
Rubiginosa
c1ec422eab feat: add check for D-Bus access (#432) 2024-09-28 20:29:13 -07:00
qoijjj
c68039132a fix: add brew justfile due to upstream move 2024-09-20 23:41:28 -07:00
Bruno
66d8b731e6 fix: check for gnome-shell instead of gsettings in one test (#424) 2024-09-11 09:56:52 -07:00
Rubiginosa
8333bcf2f5 feat: add check for hardened_malloc flatpak preload (#412) 
* updated has_permission to use regex matching

* added flatpak check for hardened_malloc

* changed hasPermission to maintain old behavior for strings
 2024-09-10 10:33:14 -07:00
Rubiginosa
b5f5d2afa0 feat: refactor flatpak audit for readability and extensibility (#414) 
* refactored flatpak audit to be more extensible

* fixed old typo

* added warning string array for flatpak audit
 2024-08-30 15:28:56 -07:00
Bruno
79471e2141 fix: audit script improvements (GHNS test, order of tests) (#415) 
* only test GHNS if kdeglobals exist

* place faster tests before the slower flatpak audit
 2024-08-30 13:45:15 -07:00
qoijjj
2a3c5fe79e fix: typo in rpm-ostreed.conf 2024-08-29 22:23:12 -07:00
Bruno
e143c48e26 chore: several audit script improvements 2024-08-29 21:01:40 -07:00
Ivo Damjanović
fefc64baba feat: stop overwriting 60-custom.just for better compatibility with upstream bluebuild and downstream user builds (#409) 
* feat: create addjustconfig.sh to include custom commands at buildtime

* fix: 60-custom.just.readme.md to 61-custom.just.readme.md

* fix: Rename 60-custom.just to 61-custom.just

* feat: add just config script to enabled scripts

* fix: rename to 70-secureblue.just

* fix: Rename 61-custom.just.readme.md to 70-secureblue.just.readme.md

* fix: rename to 70-secureblue.just
 2024-08-29 11:53:56 -07:00
qoijjj
b442fccee6 feat: add back Recommends=false to rpm-ostreed.conf 
due to upstream reversion
 2024-08-28 15:22:02 -07:00
qoijjj
d5be94b441 fix: ensure all relevant firstboot files are removed 2024-08-28 15:04:26 -07:00
qoijjj
73ed50b4d4 feat: remove unused binaries from setcaps function 2024-08-27 16:54:28 -07:00
qoijjj
a329524441 fix: justfile typo 2024-08-26 10:44:49 -07:00
qoijjj
e41d963841 feat: multiple securecore improvements 2024-08-26 09:45:20 -07:00
qoijjj
185f539364 fix: securecore build 2024-08-26 00:32:31 -07:00
qoijjj
8eb959669a feat: begin server->securecore migration 2024-08-25 23:27:36 -07:00
qoijjj
967c7551ad feat: sgid reduction (#392) 
* feat: also remove sgid bit

* Update yafti.yml

* Update yafti.yml
 2024-08-23 14:13:22 -07:00
qoijjj
c526c770ba feat: additional setuid reduction and removal of unused packages (#388) 
* feat: additional setuid reduction and removal of unused packages

* leave packages but keep suid removal
 2024-08-23 00:00:54 -07:00
qoijjj
c711b3c398 feat: include brew autoupdate services 2024-08-22 22:38:00 -07:00
qoijjj
1b5e539ec2 fix: audit script cleanup 2024-08-22 12:03:22 -07:00