* prometheus: fix ptest by changing 'go check' -> 'go test'
* prometheus: backport patch to fix test in tsdb/chunks
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* Add prototype SELinux auto configure
* Add 'force_enforcing' option for SELinux
* Fix setools-console tools.
* Enable SELinux by default (permissive mode) on all images.
Drop build system unit test as it breaks with SELinux enabled on core-efi.
* selinux-policy: Update to 2.20210908.
* Update to 2.20220106.
Implement policy for systemd-homed and systemd-userdbd.
* Fix RPM changelog date.
* Finalize systemd-homed policy.
* Change SELinux enablement to not affect CONFIG_LSM.
* Document build settings
* Update cgmanifest
* Update toolkit/docs/formats/imageconfig.md
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
* audit: Remove override so auditd starts by default.
* Add IsValid() call for SELinux inKkernelCommandLine
* Add unit test for missing selinux package
* Fix debug output for selinux setfiles
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
* Update tools to build packages with dependencies hydrated
Hydrated build is a new approach where all the dependencies are hydrated from pre-built RPMs. This provides two advantages.
1. Faster build. As no package need to wait for its dependency's build to complete, all packages will be fired to build in parallel. (Practically with slight delay as firing of pre-built nodes takes place before).
2. Failure of any dependency build will not cause failure to the current package, as the dependency is fetched from cached RPMs.
Introduced a new flag HYDRATED_BUILD to enable this feature. Also it is pre-requisite to run `make hydrate-toolchain` and `make hydrate-rpms` with appropriate tar files before using this option.
This is achieved by replacing the BUILD to RUN node edge with BUILD to PREBUILT node edge (clone of the RUN node) nodes (if there is a corresponding RPM hydrated already).
* Fix go fmt check failures
* Fix typos
* Introduce graphscrubber
graphscrubber is for preprocessing the build graph to scheduler.
Currently it is only doing hydrated build related work. Ideally all the
graph optimization related jobs to be moved from scheduler to
graphscrubber.
* go fmt tidy
* Remove unnecessary functions from graphscrubber
* Fix Make rule to build graphscrubber before using it
* Use inline hydrated-build flag
* Update documentaion for HYDRATED_BUILD flag
* Update changes recommended in PR discussion
* go tidy
* Remove unnecessary arguments from graphPreprocessor
* Update toolkit/tools/graphPreprocessor/graphPreprocessor.go
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
* Update toolkit/tools/graphPreprocessor/graphPreprocessor.go
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
* Update toolkit/tools/graphPreprocessor/graphPreprocessor.go
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
* retrugger checks
* Update toolkit/scripts/pkggen.mk
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
* Update toolkit/scripts/pkggen.mk
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
* Update toolkit/scripts/pkggen.mk
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
* Update toolkit/scripts/pkggen.mk
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
* retrugger checks
* retrugger checks
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
* cherry-pick make menuconfig issue fix from PR#1964 into main
* un-dash-roll affected packages since there is no 2.0 release yet
* address faulty merge in curl.spec
* readd lua to pkggen
KDB seems to work easier than KGDB over Hyper-V VM serial ports.
The same kernel command line parameters used to enable KGDB are used
to enable KDB too. All the KDB commands are enabled at compile time, but
the run time availability of these features can be restricted by using the
kdb.cmd_enable command line parameter.
Switching back and forth between KDB to KGDB/gdb mode is also supported
(when debugging a machine where KGDB was working before this change).
Co-authored-by: Daniel Mihai <dmihai@microsoft.com>
Don't overwrite $TERM env-var in container images, the terminal (provided by dockerd or whatever) will set it correctly. the current setting causes issues in e.g. vim where some operations (like ctrl+left/ctrl+right) completely butcher the file being edited.
Cameron E Baird
rlmenge
Neha Agarwal
Max Brodeur-Urbas
Christopher Co
Pawel Winogrodzki
Muhammad Falak R Wani
Andy Caldwell
Chris PeBenito
Bala
Dan Mihai
Jon Slobodzian
Thomas Crain
Henry Li
nicolas guibourge
Kate Goldenring