microsoft
/
CCF
зеркало из https://github.com/microsoft/CCF.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
3 190 коммитов 10 Ветки 297 Теги 836 MiB
Граф коммитов

3190 Коммитов

Автор SHA1 Сообщение Дата
Mahati Chamarthy 2d7382a50b
Remove duplicate governance endpoints (#4941) 
Co-authored-by: Amaury Chamayou <amchamay@microsoft.com>
 2023-02-07 14:21:46 +00:00
Dominic Ayre 82f9bc9d05
Make secondary ACI cleanup independent of primary (#4970) 2023-02-07 13:52:10 +00:00
Dominic Ayre 90f566abd0
Cleanup ACI even when workspace cleanup failed (#4969) 2023-02-07 11:26:55 +00:00
Takuro Sato 30468ed25d
Run 'SNPCC Release' and 'Virtual Release' in the daily CI (#4962) 2023-02-07 10:12:30 +00:00
Eddy Ashton b08299ddc2
Fix documented options for `--consensus` in `sandbox.sh` and `e2e_args.py` (#4967) 2023-02-07 10:00:23 +00:00
Dominic Ayre a471de8615
Increase ACI deployment timeout (#4960) 2023-02-06 15:01:59 +00:00
Amaury Chamayou 048add256b
Revert "Activate Spectre mitigations for SNP builds" (#4961) 2023-02-06 13:18:21 +00:00
Amaury Chamayou f0f95f4950
Activate Spectre mitigations for SNP builds (#4905) 2023-02-06 11:26:33 +00:00
Takuro Sato 7e7df9efe6
Update CHANGELOG (#4959) 2023-02-06 10:48:09 +00:00
Takuro Sato 150616ca8e
Increase ssh timeout (#4956) 
Co-authored-by: Julien Maffre <42961061+jumaffre@users.noreply.github.com>
 2023-02-06 09:22:24 +00:00
Eddy Ashton 4790a6a879
Fixes for thread ID assignment (#4952) 2023-02-06 09:13:05 +00:00
Paul Liétar cd29d78291
Distinguish between system and user include search paths in add_ccf_app. (#4950) 
The add_ccf_app CMake macro had a INCLUDE_DIRS arguments, which can be
used to add directories to the compiler's header search path. To my
surprise, all paths in this argument are added as "system" headers,
which mean they get passed as `-isystem` flags to the compiler.

This has the effect of silencing any compiler warnings emitted in the
headers found through these path. While this is the intended behaviour
for 3rd party dependencies, it is undesirable for code that is part of
the application, which should adhere to the configured warning settings.

This has bit us in SCITT, where for a long time some warnings had been
silenced due to this and had gone unoticed, only to create a lot of
confusion later on when this code would suddenly fail to compile when
moved elsewhere. See microsoft/scitt-ccf-ledger#86
for some context.
 2023-02-04 07:28:08 +00:00
Markus Alexander Kuppe 4a468588b9
A pending node that becomes part of any configuration immediately transitions to Follower state. (#4928) 2023-02-03 17:26:49 +00:00
Julien Maffre a1392801c3
Fix build of SNP PR container (#4954) 2023-02-03 17:19:30 +00:00
Amaury Chamayou 56fb19df0f
Update CI image to 02-02-2023 (#4944) 2023-02-03 14:54:46 +00:00
Julien Maffre 5bf87b3829
Attestation container: retrieve report endorsements from environment (#4948) 2023-02-03 14:36:09 +00:00
Paul Liétar feffb205c5
Allow applications to add .well-known endpoints. (#4949) 
The ACME frontend was binding to the entire `.well-known` directory,
intercepting any requests make to it, including to paths outside of the
particular `acme-challenge` sub-directory.

This was preventing applications from handling any paths inside the
`.well-known`, which may be necessary to implement certain protocols,
such as did:web.

The code to extract the actor name from an incoming request is special
cased for the .well-known directory, in which case it will include the
second path component in the actor's name. THe ACME frontend's actor is
now the full `.well-known/acme-challenge`.

We did consider implementing this by instead moving the ACME endpoints
into the CommonEndpointRegistry, indirectly making them part of the
application frontend, and removing the .well-known actor. Unfortunately
this would make the endpoints accessible only once the application
frontend has been opened, which would prevent a service from obtaining
an ACME certificate early in its lifecycle.
 2023-02-03 12:17:31 +00:00
Eddy Ashton 51e4209fee
Structured verbose logging in `raft.h` (#4933) 2023-02-03 09:31:27 +00:00
Amaury Chamayou d98332b71e
Use clang-format-10 even on when we build with clang-12 (#4945) 2023-02-02 12:15:36 +00:00
dependabot[bot] 4b78d1b64a
Bump google.golang.org/grpc from 1.52.0 to 1.52.3 in /attestation-container (#4918) 2023-02-02 11:13:27 +00:00
Julien Maffre c626703362
Docs: Remove mention of future work for JWT (#4936) 2023-02-01 16:58:23 +00:00
Mahati Chamarthy f255edf8ac
Fix doc (#4938) 2023-02-01 16:20:03 +00:00
Eddy Ashton 61aecf5032
Update to pylint 2.16.0 - remove uses of `raise Exception` (#4934) 2023-02-01 15:50:24 +00:00
Christoph M. Wintersteiger 649297c4ae
Don't start ACME clients without directory URL (#4925) 2023-02-01 11:57:06 +00:00
Julien Maffre 087716a958
Update format base on `black` 23.1.0 (#4931) 2023-02-01 11:26:21 +00:00
Amaury Chamayou f8afab5a62
Switch non SGX to clang 12 (#4926) 2023-02-01 10:57:14 +00:00
Takuro Sato 1f7c73a4d4
Add GitHub Actions workflow to push attestation container image (#4906) 2023-01-31 20:08:49 +00:00
Amaury Chamayou 01aa0c5b60
Fix build with clang 12 (#4920) 2023-01-31 18:29:40 +00:00
shokouedamsr f90f267c8f
Delete github-projects.yml (#4923) 2023-01-31 17:56:22 +00:00
Takuro Sato 12656055a5
Use `az confcom acipolicygen` to generate security policy (#4898) 
Co-authored-by: Julien Maffre <42961061+jumaffre@users.noreply.github.com>
 2023-01-31 16:25:52 +00:00
Dominic Ayre 28d8e19b4b
Add published address to node to node channel template (#4921) 2023-01-31 14:06:04 +00:00
Eddy Ashton 7f8615e0b7
Simplify assignment of thread IDs (#4900) 2023-01-31 13:36:54 +00:00
Markus Alexander Kuppe d6cb71e2d0
Pending nodes must not be part of a configuration. (#4867) 2023-01-31 09:38:16 +00:00
Heidi Howard 5d720ddab5
Fixing QuorumLogInv in TLA+ spec (#4859) 2023-01-31 09:21:07 +00:00
Markus Alexander Kuppe 21e0d911de
Nodes may not rejoin a configuration. (#4868) 2023-01-30 17:35:12 +00:00
Eddy Ashton f24af812a4
Fix for `auth` e2e test: Allow for execution time difference between timestamps (#4916) 2023-01-30 15:54:08 +00:00
Christoph M. Wintersteiger f925b2d3fe
Add SANs to ACME client (#4910) 2023-01-30 12:10:22 +00:00
Amaury Chamayou f2db0b69f3
Fix compilation error with clang 11 (#4913) 2023-01-30 10:41:19 +00:00
Eddy Ashton 6d63333355
Include line number when Python infra links to error in node output (#4914) 2023-01-27 17:03:00 +00:00
Eddy Ashton 2ee26048ae
Simplify reset of Raft's `should_sign` (#4908) 2023-01-27 16:13:23 +00:00
Amaury Chamayou f1421405e2
Raise clang version requirement to 10 (#4909) 2023-01-27 15:39:58 +00:00
Dominic Ayre b2fdb5a1db
Go back to rego policy with fix (#4907) 
Co-authored-by: Amaury Chamayou <amchamay@microsoft.com>
 2023-01-27 12:58:32 +00:00
Amaury Chamayou 1f50c5824c
Fix cli doc for sandbox member count default (#4904) 2023-01-27 11:24:48 +00:00
Julien Maffre 3e17ebcfee
Setup environment variables for ACI (#4888) 2023-01-27 10:41:40 +00:00
Eddy Ashton 1569780b37
Remove commit claims from signature transaction (#4899) 2023-01-26 19:26:51 +00:00
Mahati Chamarthy d3893eccaf
Implement gRPC API to store indexed data (#4820) 2023-01-26 17:22:41 +00:00
Julien Maffre 8727c73cb1
Use JSON security policy for ACI deployments (#4903) 2023-01-26 16:02:13 +00:00
Takuro Sato ab14201fcd
Tidy up attestation container pipeline (#4883) 2023-01-26 09:24:29 +00:00
Dominic Ayre d90d2b6478
Misc improvements to codespace dev experience (#4897) 
Co-authored-by: Mahati Chamarthy <mahati.chamarthy@gmail.com>
 2023-01-25 14:59:12 +00:00
Amaury Chamayou a57f66b3ed
Fix set_service_config action (#4893) 2023-01-25 09:10:01 +00:00