Граф коммитов

57 Коммитов

Автор SHA1 Сообщение Дата
Max Brodeur-Urbas 68fdd50ff4
[dev] enabling rook (#1540)
* rook building successfully

* importing runtime dependencies

* cleaning up rook.spec

* enabling patterns-ceph-containers without select dependencies

* updating licenses for added packages

* licensing corrections for added packages

* applied lint diffs

* ignoring meta package in cgmanifest

* updating licenses-map metadata

* correcting releases

* adding source link, correcting changelog

* added vendor tar instructions

* removing opensuse csi references from rook

* removed rook build flags, remove patterns-ceph source, removed rook test binary

* updating signatures.json

* correcting capitalization of source attribution

* Corrected changelog comment

Co-authored-by: maxbrodeururbas <maxbr@microsoft.com>
2021-11-10 11:49:30 -08:00
Pawel Winogrodzki 4ce26ace71
Extending source attribution check. (#1583) 2021-10-26 11:09:47 -07:00
Pawel Winogrodzki 9c0766ef34
[dev] Adding proper spec source attribution for CentOS specs (#1569) 2021-10-21 14:50:35 -07:00
Pawel Winogrodzki 5a5915de00
[dev] Adding spec file checks (#1559) 2021-10-20 17:04:50 -07:00
Pawel Winogrodzki 514a5fcc54
[dev] `ca-certificates`: removing Mozilla CAs in favour of Microsoft ones (#1437) 2021-10-07 12:51:39 -07:00
Andrew Phelps ebbc32b6cc
Update golang to version 1.17.1 (#1404)
* update golang to 1.17.1

* linting

* update flannel and cri-tools versions

* typo

* provides go
2021-09-18 12:00:19 -07:00
Pawel Winogrodzki 91b4807e7f
[dev] Migrating CoreUI into Core. (#1348)
* Removed `cgmanifest.json` duplicates and put everything in alphabetical order.
2021-09-01 01:55:15 -07:00
jslobodzian 17b0e93e71
Merge 1.0 to dev branch
This merge brings the latest SELinux and many packages and CVE fixes from the 1.0 branch.
2021-08-19 13:46:51 -07:00
Thomas Crain 90f361f753 Merge branch '1.0' from April Update 2021-04-30 18:07:37 -05:00
Jon Slobodzian b7ed62e4ed Merge branch '1.0-dev' into joslobo/merge-for-april-update 2021-04-29 21:34:03 -07:00
Pawel Winogrodzki e00cc4dc7b
Moving licenses script to toolkit and updating its functionality. (#885) 2021-04-26 10:39:50 -07:00
Christopher Co 67cf4f9b65
grub-efi-binary-signed: define new grub2-efi-binary subpackage (#855)
* grub-signed: Commonize on one spec

Use macros to swap spec contents based on build architecture. We will
still create an SRPM per arch, each with a unique name, so there is no
risk of SRPM name collision.

* grub-signed: Define new grub2-efi-binary subpackage

New subpackage will contain the signed grubx64.efi/grubaa64.efi binary.
This package name is identical to the unsigned version and we will
prefer to use this signed version if built.

* grub-signed: rename files

* grub2: bump spec version to match signed version

* Update github action checks

CG manifest, license file, and spec entanglement checks are failing
due to the grub-efi-binary-signed naming change. Update the checks to
account for the new name.

* grub2-signed: rename source0 to match subpackage

Source0 previous pointed to grub2-efi-unsigned rpm which technically
can work but it would be better to use the grub2-efi-binary package
instead because grub2-efi-binary package is ultimately the package we
will be replacing. We can also perform checks to make sure the output
rpm matches the inputs, modulo the signed binary.

Signed-off-by: Chris Co <chrco@microsoft.com>
2021-04-21 20:37:29 -07:00
Christopher Co 8a5fdab5d0
shim: Introduce shim package (#866)
* shim: Introduce shim package

Shim package contains a signed shim bootloader which is signed with the
Microsoft UEFI CA cert to allow it to load on many different platforms
that support UEFI Secure boot. If UEFI Secure Boot is enabled, this shim
binary will verify that next stage bootloaders (i.e., grub and kernel)
are signed with the CBL-Mariner secure boot key.

* shim: add extra versioning info to source0

Renamed Source0 tarball naming to prevent future tarball naming
collisions.

* CI: ignore shim during cgmanifest check

shim package's Source0 is a signed binary created by us.

* licenses-map: Add shim to table

* shim: prefer install over cp

* licenses: Add shim to data file

Fixes error thrown by spec license checker

* shim: Add comment explaining why only x86_64 shim

Signed-off-by: Chris Co <chrco@microsoft.com>
2021-04-21 20:29:33 -07:00
Christopher Co e6c89b3300
kernel-signed: define a new kernel subpackage (#785)
* kernel-signed: define a new kernel subpackage

This spec purpose is to take an input kernel rpm and input secure-boot-signed
kernel binary from the same build and generate a new "kernel" rpm with the
signed kernel binary + all of the other original kernel files, triggers,
scriptlets, requires, provides, etc.

We need to ensure the kernel modules and kernel binary used are from the exact
same build because at build time the kernel modules are signed with an
ephemeral key that the kernel enrolls in its keyring. We enforce kernel
module signature checking when we enable security features like kernel
lockdown so our kernel can only load those specific kernel modules at runtime.

Additionally, to complete the UEFI Secure Boot chain, we must PE-sign the
kernel binary. Ideally we would enable secure-boot signing tools like pesign
or sbsign to be callable from inside the rpmbuild environment, that way we can
secure-boot sign the kernel binary during the kernel's rpmbuild. It is best
practice to sign as soon as possible. However there are issues getting that
secure boot signing infrastructure in place today. Hence we sign the
resulting kernel binary and "repackage" the kernel RPM (something rpm itself
actively tries to make sure you never do...generally for good reasons).

To achive this repackaging, this spec creates a new subpackage named
"kernel". To retain all of the initial kernel package behaviors, we make sure
the subpackage has the same requires, provides, triggers, post steps, and
files as the original kernel package.

This specific repackaging implementation leaves room for us to enable the
more ideal secure-boot signing flow in the future without introducing any
sort of breaking change or new packaging. Users still install a "kernel"
package like they normally would.

Maintenance Notes:
- This spec's "version" and "release" must reflect the unsigned version that
was signed. An important consequence is that when making a change to this
spec or the normal kernel spec, the other spec's version version/release must
be increased to keep the two versions consistent.

- Make sure the kernel subpackage's Requires, Provides, triggers, post/postun
scriptlets, and files match the normal kernel spec's. The kernel subpackage
should contain the same content as the input kernel package but replace the
kernel binary with our signed kernel binary. Since all the requires, provides,
etc are the same, this new kernel package can be a direct replacement for the
normal kernel package and RPM will resolve packages with kernel dependencies
correctly.

To populate the input sources:
  1. Build the unsigned packages as normal
  2. Sign the desired binary
  3. Place the unsigned package and signed binary in this spec's folder
  4. Build this spec

* kernel-signed: refactor into one common spec file

The only differences between kernel-signed-x86_64 and
kernel-signed-aarch64 spec files were primarily the architecture
type in the spec name and input Source0 rpm. We can use a macro to set
these and reduce down to one spec file

* Update checks to consider kernel-signed

* kernel-hyperv: match release number

Ideally we keep kernel-headers version/release in sync with kernel and
kernel-hyperv package version/release. This allows the user to install
kernel-headers on any Mariner system by using
   dnf install kernel-headers-$(uname -r)

Signed-off-by: Chris Co <chrco@microsoft.com>
2021-04-20 17:51:09 -07:00
Thomas Crain 4859da4e1b Merge branch '1.0' into thcrain/pain (March Update) 2021-04-13 15:40:16 -05:00
Thomas Crain eae5b4006f Merge branch '1.0' into thcrain/ever-given 2021-04-06 22:39:22 -05:00
Christopher Co 840b30503e
installkernel: Add custom installkernel package (#816)
Add a custom installkernel script to easily install the Linux kernel
onto a running Mariner system. This script will get called automatically
by the Linux kernel's "make install" command.

Signed-off-by: Chris Co <chrco@microsoft.com>
2021-03-31 13:15:46 -07:00
Jon Slobodzian 1a3281d2a1 Merge 1.0-dev to 1.0 for March Update 2021-03-30 19:28:34 -07:00
Thomas Crain aab304ca58
Update PR template with new files (#807) 2021-03-29 09:25:50 -07:00
Andrew Phelps bd6df2caf6
update workflows to use golang 1.15 (#791) 2021-03-25 10:24:25 -07:00
Thomas Crain e5c1ee74ef
Add GitHub Action for LICENSE-MAP.md checking (#766) 2021-03-24 16:46:25 -07:00
Christopher Co 44d226165e
diskutils: Add partprobe after partition creation (#725)
* diskutils: Add partprobe after partition creation

There can be a timing issue where partition creation finishes but the
devtmpfs files are not populated in time for partition initialization.
So to deal with this, we call partprobe here to query and flush the
partition table information, which should enforce that the devtmpfs
files are created when partprobe returns control.

* diskutils: invoke partprobe with flock

Added flock because "partprobe -s" apparently doesn't always block.
flock is part of the util-linux package and helps to synchronize access
with other cooperating processes. The important part is it will block
if the fd is busy, and then execute the command. Adding a 5 second timeout
to prevent us from possibly waiting forever.

* diskutils: Update timeout variable name

* diskutils: clarify debug log message

* Add parted to documentation and quickstart runner

Signed-off-by: Chris Co <chrco@microsoft.com>
2021-03-18 11:32:51 -07:00
Jon Slobodzian 8e3f3aef60 Merge branch '1.0-dev' into 1.0 for February update 2021-02-22 19:40:02 -08:00
Pawel Winogrodzki 16c8e8df23
Addressing a few issues highlighted by "SpellCheck". (#626) 2021-02-10 12:56:45 -08:00
Thomas Crain 6eddfe439e
Fix handling of double-percent in cgmanifest check (#616) 2021-02-09 16:42:24 -08:00
Mateusz Malisz 1e813b86c8 Add title filter 2021-02-02 13:52:09 -08:00
Mateusz Malisz 2ec6d13dcb Add automated build trigger for release PR 2021-02-02 11:17:11 -08:00
Daniel McIlvaney e7d0c185f4 Attended installer supports new read-only root flows 2021-01-28 14:08:13 -08:00
Pawel d2197ac791 Updating entangled specs check. 2021-01-12 10:29:37 -08:00
Thomas Crain 6dffb4a58b
Add workflow to check entangled specs (#531) 2021-01-11 13:17:56 -08:00
Thomas Crain a6cdc0240a
Add workflow to check entangled specs (#528) 2021-01-11 13:08:04 -08:00
Thomas Crain df38104c98
Upgrade python-urllib3 and python-requests to fix CVE-2019-11236, CVE-2020-26137 (#504)
Co-authored-by: Rachel <rachelmenge@microsoft.com>
2020-12-31 13:34:54 -08:00
Daniel McIlvaney 42ff7786ce
Add status badge, update quickstart workflow (#377) 2020-11-13 14:40:30 -08:00
Thomas Crain 541801186b
Upgrade python-markupsafe and python-zope-interface for setuptools compatibility (#367) 2020-11-11 16:23:50 -08:00
Andrew Phelps 498f926e43
merge 1.0 into dev (#299)
* Update trademark section of the readme

Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>

* Update building.md (#104)

* add wants=sshd-keygen.service to sshd (#58)

* add wants=sshd-keygen.service to sshd

Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>

* modify signatures.json and bump release for pr

Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>

* Fix libffi normal package build (#116)

* Fix libffi normal package build

* Add comment explaining the purpose of the sed call

* Upgrade golang to 1.13.15 (#93)

* Adding a small build tip to the quick start instructions. (#123)

* Add cloud-init-vmware-guestinfo package (#124)

* Add cloud-init-vmware-guestinfo package

* Updating 'ca-certificates' nssckbi.h header and unifying changelog entries with package version (#125)

* Updating changelog to be consistent with package version.

* Fixing missed update to 'nssckbi.h'.

* Updating manifests.

* Updating signatures.

* Markdown lint-induced clean-up of doc files. (#122)

* Makrdownlint-induced clean-up.

* Removing redundant lines.

* Removing redundant lines 2.

* Add  IMA feature to the kernel, add config for it (#135)

* Add  IMA feature to the kernel, add config for it

- Add IMA measurement configs to the x86_64, and aarch64 kernel configs (IMA_APPRAISE currently disabled).
- Add KernelCommandLine config field to control IMA, and allow additional configs to be passed.

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
Co-authored-by: Christopher Co <christopher.co@microsoft.com>

* Update tpm2 tools to 4.2, tss to 2.4.0 (#134)

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* Enable Mellanox kernel configs

* Update tpm2-abrmd to 2.3.3 (#144)

* Update tpm2-abrmd to 2.3.3

* Create quickstart.yml (#119)

This patch adds a GitHub Action to verify our Quickstart instructions

* Nopatch httpd CVE-1999-0236, CVE-1999-1412 (#148)

* Nopatch httpd CVE-1999-0236, CVE-1999-1412

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* Nopatch groff CVE-2000-0803 (#149)

* Nopatch groff CVE-2000-0803

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* Nopatch apparmor CVE-2016-1585 (#150)

* Nopatch apparmor CVE-2016-1585

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* Nopatch qemu CVE-2016-7161 (#152)

* Nopatch qemu CVE-2016-7161

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* Nopatch lua CVE-2020-15889 (#153)

* nopatch lua CVE-2020-15889

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* Nopatch unzip CVE-2008-0888 (#154)

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* full: Always install the default kernel (#132)

Currently, when installing CBL-Mariner via ISO, the ISO will
install the standard kernel package or the kernel-hyperv package
depending on if installing on HyperV VM or not.

The HyperV kernel is still under evaluation so use the standard kernel
package across the board.

* Support downloading preview SRPMs (#160)

Replace SRPM_URL* with SRPM_URL_LIST

* Patch CVE-2020-14342 in cifs-utils

* Replace mariner-repos's %post script as %posttrans

- After looking at here, it shows that %post script for a new version runs before the %preun script for an old version. Which means, after an upgrade, the keys would be removed by the older version: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#ordering

* Update pkggen_core_aarch64.txt

* Update pkggen_core_x86_64.txt

* Update toolchain_aarch64.txt

* Update toolchain_x86_64.txt

* Add a more verbose changelog

* Remove chrony-wait as a boot service dependency (#166)

* Remove chrony-wait as a boot service dependency

* Add cgmanifest entry for chrony

* Address changelog and prep section comments

* initramfs: Regenerate initrd using host-only mode on file-based trigger (#170)

* initramfs: Always use host-only mode

kdump currently uses the host system's initrd when enrolling a crash kernel
and initrd. There is a limitation where the kdump initrd must be generated
with dracut in "host-only" mode.

The -k option forces a host-only initrd build.
The -q option suppresses verbose output

If mkinitrd is called without <image> and <kernel-version> parameters, it will
default to calling dracut in "host-mode" mode on every kernel version it can
find in /boot.

If mkinitrd is called with <image> and <kernel-version> parameters, it will
default to calling dracut in "generic host" mode for rebuilding the specific
initrd. Therefore we need to make sure to add the -k option when invoking
mkinitrd with an explicit <image> and <kernel version>

* Reword comment block

* Fix kernel specs' %postun scripts (#164)

* Fix `kernel.spec`'s `%postun` script

* Fix `kernel-signed-aarch64`'s `%postun` script

* Fix kernel-signed-x64.spec's %postun script

* Fix kernel-hyperv.spec's %postun script

* Adding new 'preview' repository. (#146)

* Adding new 'preview' repository.

* Addressing comments.

* Fix kernel aarch64 package build break due to missing CONFIG_IMA_KEXEC (#171)

* Fix kernel aarch64 package build break due to missing CONFIG_IMA_KEXEC (#171)

* Update fontconfig to 2.13.91 (#175)

* Extending 'strongswan' test timeout. (#173)

* Fix CVE-2020-14342 patch to not depend on PATH

* installutils: Supply blank /etc/machine-id file (#147)

From https://www.freedesktop.org/software/systemd/man/machine-id.html:
For operating system images which are created once and used on multiple
machines, for example for containers or in the cloud, /etc/machine-id
should be an empty file in the generic file system image. An ID will be
generated during boot and saved to this file if possible.

* installutils: Remove root password expiry when no root user is specified in imageconfig file (#161)

* Add SELinux packages to Mariner. (#100)

* Add SELinux packages to Mariner.

This commit add the following packages to Mariner to provide basic
SELinux support:

- checkpolicy
- libsemanage
- mcstrans
- policycoreutils
- secilc
- selinux-policy
- setools

The selinux-policy provided here is a generic base policy, which is not
specifically tuned for Mariner, therefore only permissive mode support
is enabled in this commit.  (Although users could load a custom policy
to run in enforcing mode).  Future phases have been discussed to add
SELinux enforcing mode support.

This commit does not enable SELinux by default.  In order to enable
SELinux support, one must first install necessary packages (libselinux,
policycoreutils, secilc, selinux-policy), and then append "lsm=selinux
selinux=1" to the kernel command line.  This will trigger an initial
boot to relabel the system, at which point the system will reboot, and
boot into an SELinux enabled system.  SELinux state can be queried with
the "getenforce" command line tool.  If SELinux has not been enabled, it
will report "Disabled" (the default).  If SELinux support has been
enabled as described in this paragraph, it will report "permissive".

This commit also modifies the following packages to enabled SELinux
functionality in existing packages:

- coreutils
- cronie
- dbus
- openssh
- pam
- rpm
- shadow-utils
- systemd
- util-linux

This enables them to build with SELinux support so that when SELinux is
enabled, they have SELinux related functionality available.

Because coreutils is a basic package and requires building with
libselinux-devel present in order to enable key SELinux functionality,
several dependencies in other packages that rely on coreutils (namely
python2, python3 and systemd-bootstrap) had to be removed in order to
avoid circular dependencies.  There does not appear to be a functional
impact from this change based on my testing.

* Remove "::set-env" commands in GitHub Actions (#178)

* Adding a .nopatch for CVE-2007-0086. (#176)

* Updating cert bundle paths. (#181)

* Updating cert bundle paths.

* Updating cgmanifest.json.

* Adding the `gflags` and `rocksdb` packages. (#183)

* Adding the 'rocksdb' package.

* Adding the 'gflags' package.

* Add missing %libsepolver definition in secilc.spec (#192)

* Removing 'TERMINAL_ISO_INSTALLER' from the docs. (#189)

* Add architecture at the end of toolkit archive (#182)

- Also add `version.txt` file in the toolkit archive as an easy way to verify toolkit version.

* Adding a missing '%{?dist}' tag. (#195)

* enable fetching RPMs from pacakges.microsoft.com for Docker based build (#198)

* Update README.md (#180)

* Update README.md (#180)

* Build Break Fix:  Rollback selinux checkins.   (#204)

* Revert "Add missing %libsepolver definition in secilc.spec (#192)"

This reverts commit 9cff088bec.

* Revert "Add SELinux packages to Mariner. (#100)"

This reverts commit b2d918efac.

* Natively support pulling from the preview repo (#199)

* Fix CVE-2020-26159 in oniguruma (#211)

* Fix CVE-2020-26159

* Increment release, fix autosetup.

* Adding the 'syslog-ng' package. (#205)

* Adding the 'tinyxml2' package. (#206)

* Adding the 'toml11' package. (#207)

* Adding the 'tracelogging' and 'zipper' packages. (#208)

* Add mm-common and libxml++ packages (#215)

* Add liblogging package (#214)

* Add nlohmann-json package (#217)

* Add msgpack package (#216)

* Adding the 'span-lite' and 'telegraf' packages. (#220)

* Remove toolchain-local-wget-list after use (#212)

* Remove toolchain-local-wget-list after use

- toolchain-local-wget-list has been left at the end of a toolchain build. It shows up on `git status` whene toolchain is built locally.
- Another solution would be adding it to `.gitignore`.

* Add temporary toolchain build files to toolkit/.gitignore

* Remove implicit git repository dependency from toolkit (#197)

* Remove implicit git repository dependency

* Remove the new GIT_REV variable

* Add jsonbuilder package (#223)

* update libffi to use https source0 (#227)

* Update libestr (#213)

* Add babeltrace2 and lttng-consume packages (#226)

* Add pugixml package (#222)

* Disable debug package for nlohmann-json (#228)

* Add rapidjson package (#225)

* Upgrade ruby to 2.6.6 to resolve CVE-2019-16255, CVE-2019-16201, CVE-2020-10933, CVE-2020-5247, CVE-2019-15845, CVE-2019-16254 (#224)

* Upgrade ruby to 2.6.6 to resolve CVEs

* Update cgmanifest

* Nopatch qemu CVE-2015-7504 CVE-2017-5931 CVE-2017-14167 (#162)

* Fix CVE-2020-26159 in oniguruma (#211)

* Fix CVE-2020-26159

* Increment release, fix autosetup.

* Enable QAT kernel configs in CBL-Mariner

* Nopatch kernel CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 (#193)

* Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428

* Adding the `bond`, `fluent-bit`, and `ivykis` packages. (#234)

* Joslobo/add azure storage (#232)

* Add azure-storage spec file to mariner-core

* Register with legal and update map file

* Fixed #source0 link

* Updated per code review comments

* Fixed URL to use https

* Initial spec lint action commit (#172) (#191)

* Initial spec-cleaner commit for CBL-Mariner

* Add cgmanifest.json file for GitHub workflows folder

* Set continue-on-error to true for a trial period

* patch openssh (#238)

* Update pull_request_template.md (#236)

* Fix check tests for git, make, krb5 and libcap-ng (#241)

* fix check tests

* update toolchain manifests

* fix blank spaces and tabs in make.spec

* Fix CVE-2019-12735 in vim (#230)

* Fix CVE-2019-12735 in vim

* Update the changelog to address only one CVE.

* Switching to correct source for the Microsoft bundle. (#244)

* Fix check tests for brotli, gzip and python-certifi (#245)

* fix check test for brotli, gzip, python-cerifi

* update manifest release version for gzip

* skip check for vim

* Patch unbound CVE-2020-12662 and CVE-2020-12663 (#246)

* Portablectl patches for to support --now --enable and --no-block flags (#139)

* Portablectl patches for to support --now --enable and --no-block flags

* Portablectl patches for to support --now --enable and --no-block flags

* Patch lua CVE-2019-6706, CVE-2020-15888, nopatch CVE-2020-24342 (#169)

* Patch lua CVE-2019-6706, CVE-2020-15888, CVE-2020-15945, nopatch CVE-2020-24342

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* Roll back CVE-2020-15945, patch ineffective

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

* Nopatch ed CVE-2015-2987 (#209)

ed CVE-2015-2987 applies to a different program named ed.

* Patch gnutls CVE-2020-24659 (#247)

Upstream CVE discussion: https://gitlab.com/gnutls/gnutls/-/issues/1071

* update ant verision

* fix changelog comment

* update cgmanifest

* Nopatch sqlite CVE-2015-3717 (#254)

* Added omi package

* Adding the `ccache` and `clamav` packages. (#251)

* Generate ant signatures (#260)

* Add auoms package (#258)

* add auoms package

* add auoms original source url comments

* fix changelog history

* fix auoms signatures

* fix changelog

* use %license

* update licenses-map

* add omi to LICENSES-MAP

* merge latest LICENSES-MAP

* Implement "distroless" containers (#252)

* Create distroless container without bash and surplus dependencies
* Remove RPM database for distroless
* Add busybox and uclibc. Add distroless-packages-debug
* Update cgmanifest

Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
Co-authored-by: MateuszMalisz <mamalisz@microsoft.com>

* Updated mariner-release package version (#262)

* fix setup (#263)

* fix missed merge file

* Fixed bad file merge

* Fixed poorly merged files

* Merge distroless container revert to 1.0 (#265)

* Revert "Implement "distroless" containers (#252)"

This reverts commit e41efdda19.

* Revert "Implement "distroless" containers (#252)" (#264)

This reverts commit e41efdda19.

* fix package manifest merge issues

* fix issues building input-srpms

* fix package manifest issues

* remove duplicate patch and sed cmd from lua spec

* revert package ignore list and graphoptimizer changes

* remove runc from LICENSES-MAP.md

* Update pkggen merge (#316)

* Clean up lua.spec 1.0 to dev merge (#318)

* update lua.spec and licenses-map.md per feedback

* revert gzip changes

* revert krb5 change

Co-authored-by: Jim Perrin <Jim.Perrin@microsoft.com>
Co-authored-by: Jason Goscinski <jasongos@users.noreply.github.com>
Co-authored-by: Mateusz Malisz <maliszmat@outlook.com>
Co-authored-by: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
Co-authored-by: Christopher Co <christopher.co@microsoft.com>
Co-authored-by: chalamalasetty <chalamalasetty@live.com>
Co-authored-by: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Co-authored-by: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
Co-authored-by: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Co-authored-by: Thomas Crain <thcrain@microsoft.com>
Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
Co-authored-by: Emre Girgin <mrgirgin@microsoft.com>
Co-authored-by: Daniel Burgener <burgener.daniel@gmail.com>
Co-authored-by: nicolas guibourge <nicogbg@gmail.com>
Co-authored-by: Chirag Shah <chsha@microsoft.com>
Co-authored-by: Henry Li <lihl@microsoft.com>
Co-authored-by: Henry Li <69694695+henryli001@users.noreply.github.com>
Co-authored-by: rychenf1 <rychenf1@gmail.com>
Co-authored-by: Nick Samson <nick.samson@microsoft.com>
Co-authored-by: MateuszMalisz <mamalisz@microsoft.com>
2020-11-03 17:40:59 -08:00
Thomas Crain 5c9c49d9d2
Revamp failure test for spec linting action (#291) 2020-10-27 16:03:15 -07:00
Thomas Crain 2e70583100
Revamp failure test for spec linting action (#290) 2020-10-27 15:59:35 -07:00
Thomas Crain 6ab37d60be
Fix bash script issue (#285) 2020-10-27 12:56:21 -07:00
Thomas Crain 612528d6e6
Fix bash script issue (#284) 2020-10-27 12:52:47 -07:00
Thomas Crain c525f8b8f9
Enable PR gating (dev) (#279) 2020-10-27 09:33:43 -07:00
Thomas Crain f327334eaa
Enable spec lint PR gating (#270) 2020-10-27 09:24:52 -07:00
Emre Girgin bcf0e59d7d
Update pull_request_template.md (#236) 2020-10-20 10:09:31 -07:00
Thomas Crain 20d96891ba
Initial spec lint action commit (#172) (#190)
* Initial spec-cleaner commit for CBL-Mariner

* Add cgmanifest.json file for GitHub workflows folder

* Set continue-on-error to true for a trial period
2020-10-19 15:28:53 -07:00
Thomas Crain 99ec27ac42
Initial spec lint action commit (#172) (#191)
* Initial spec-cleaner commit for CBL-Mariner

* Add cgmanifest.json file for GitHub workflows folder

* Set continue-on-error to true for a trial period
2020-10-19 15:28:41 -07:00
Thomas Crain 4d16fcb11d
Integrate Ceph into Mariner (#151) 2020-10-08 06:55:21 -07:00
Joe Schmitt 62103bd568
Improve spec file compatibility [2/2] (#163) 2020-10-07 13:22:31 -07:00
Thomas Crain 0181cc7cc0
Remove "::set-env" commands in GitHub Actions (#178) 2020-10-07 08:07:48 -07:00
Thomas Crain a2e98e3e49
Remove ::set-env command in GitHub Actions (#179) 2020-10-07 08:07:23 -07:00
Christopher Co b3ea131993
Create quickstart.yml (#119)
This patch adds a GitHub Action to verify our Quickstart instructions
2020-09-28 17:05:07 -07:00
Daniel McIlvaney a6d2d20bbd
Update workflows to target all current branches (#112) 2020-09-17 11:59:23 -07:00