Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-13 19:52:20 -04:00
Code Issues Projects Releases Packages Wiki Activity
4368 commits 143 branches 55 tags 106 MiB
Commit graph

73 commits

Author SHA1 Message Date
Markus Rudy
db0a106698 fixup! disk-mapper: include debug commands 2024-10-11 15:37:29 +02:00
Markus Rudy
4d4489e8fa disk-mapper: include debug commands 2024-10-10 15:03:13 +02:00
Daniel Weiße
c11631ec11
logging: reduce grpc logging noise (#3329) 
* Normalize gRPC logs to print at warn level only
* Fix grpcLogger level enablement

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-08-29 10:44:22 +02:00
renovate[bot]
fe96153507
deps: update bazel (modules) (#3304) 
* deps: update bazel (modules)
* Set std=c++14
* deps: tidy all modules

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
 2024-08-09 11:00:22 +02:00
renovate[bot]
e71819eb62
deps: update Go dependencies (#3185) 
* deps: update Go dependencies
* deps: tidy all modules
* Replace deprecated `grpc.DialContext` with `grpc.NewClient`

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
 2024-06-21 10:05:57 +02:00
Malte Poll
2c8a16294e bazel: migrate rules_proto to bzlmod 2024-05-23 09:48:04 +02:00
Malte Poll
d960121cba bazel: update BUILD files for rules_go bzlmod migration 2024-05-23 09:48:04 +02:00
Daniel Weiße
9def35ed06
deps: update all Go dependencies (#3071) 
* Upgrade Go dependencies

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Group Go dependency upgrades

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Remove usage of deprecated docker types

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix usage of invalid validation tags

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Regenerate bazel files

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Keep github.com/bazelbuild/buildtools at old version to not break other dependencies

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-05-08 17:31:47 +02:00
Daniel Weiße
1077b7a48e
bootstrapper: wipe disk and reboot on non-recoverable error (#2971) 
* Let JoinClient return fatal errors
* Mark disk for wiping if JoinClient or InitServer return errors
* Reboot system if bootstrapper detects an error
* Refactor joinClient start/stop implementation
* Fix joining nodes retrying kubeadm 3 times in all cases
* Write non-recoverable failures to syslog before rebooting

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-03-12 11:43:38 +01:00
Malte Poll
f94b00fe7c disk-mapper: write failure message to syslog and sleep before reboot 2024-03-07 11:47:51 +01:00
Malte Poll
281c7c320c deps: update protobuf to v1.33.0 2024-03-06 14:50:01 +01:00
Malte Poll
522f2858c6 proto: update generated protobuf sources 2024-02-21 18:40:16 +01:00
Malte Poll
65903459a0 chore: fix unused parameter lint in new golangcilint version 2024-02-21 17:54:07 +01:00
miampf
54cce77bab
deps: convert zap to slog (#2825) 2024-02-08 14:20:01 +00:00
Malte Poll
3a5753045e goleak: ignore rules_go SIGTERM handler 
rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check.
Currently, the best known workaround is to ignore this goroutine.

https://github.com/uber-go/goleak/issues/119
https://github.com/bazelbuild/rules_go/pull/3749
https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120
 2024-01-22 13:11:58 +01:00
Malte Poll
e113253262 bazel: migrate all integration tests (and retire CMakeLists.txt) 2023-12-08 14:27:46 +01:00
Malte Poll
ee3ff9ac01 bazel: use patched RPATH in bootstrapper and disk-mapper binaries 2023-12-01 09:35:33 +01:00
Malte Poll
9a5566de21 disk-mapper: package as tar 2023-09-27 17:58:19 +02:00
3u13r
2776e40df7
join: join over lb if available (#2348) 
* join: join over lb if available
 2023-09-25 10:23:35 +02:00
Malte Poll
3352a9e988 bazel: set integration go build tag 2023-08-17 10:46:45 +02:00
Malte Poll
9aa14f58eb
bazel: remove stale build rules (#2202) 2023-08-10 11:16:06 +02:00
Otto Bittner
1d5a8283e0
cli: use Semver type to represent microservice versions (#2125) 
Previously we used strings to pass microservice versions. This invited
bugs due to missing input validation.
 2023-07-25 14:20:25 +02:00
Daniel Weiße
6a40c73ff7
disk-mapper: set LUKS2 token to allow reusing unintialized state disks (#2083) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-07-18 16:20:03 +02:00
Daniel Weiße
ac1128d07f
cryptsetup: unify code (#2043) 
* Add common backend for interacting with cryptsetup

* Use common cryptsetup backend in bootstrapper

* Use common cryptsetup backend in disk-mapper

* Use common cryptsetup backend in csi lib

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-07-17 13:55:31 +02:00
renovate[bot]
49cff0aabb
deps: update module github.com/sigstore/rekor to v1.2.2 (#2033) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-06 15:41:14 +02:00
Paul Meyer
149820fdce
diskmapper: fix zap.Error without err (#2012) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-05 10:07:05 +02:00
Malte Poll
537cdbcfad bazel: trim path to *.pb.go files embedded in go libraries 
See https://github.com/bazelbuild/rules_go/issues/3581 for context.
 2023-06-16 16:30:47 +02:00
renovate[bot]
167052d443
deps: update dependency hermetic_cc_toolchain to v2.0.0 (#1860) 
* deps: update dependency hermetic_cc_toolchain to v2.0.0
* deps: tidy all modules
* bazel: target glibc 2.23 to enable rbe

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2023-06-09 17:39:30 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP as new variant (#1900) 
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP

For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
 2023-06-09 15:41:02 +02:00
Adrian Stobbe
e0fe8e6ca0
local: fix mac issues in bazel (#1893) 2023-06-09 10:35:52 +02:00
Malte Poll
21d4e5864f disk-mapper: allow building without cgo dependencies for linting 2023-05-23 13:44:56 +02:00
Daniel Weiße
c478df36fa Add TDX bazel files 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Daniel Weiße
bda999d54e Use TDX device to mark node as initialized (#1426) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Daniel Weiße
dd2da25ebe attestation: tdx issuer/validator (#1265) 
* Add TDX validator

* Add TDX issuer

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-17 11:37:26 +02:00
Malte Poll
d104af6e51 image: support intel TDX direct linux boot under TDX OVMF 2023-05-17 11:37:26 +02:00
renovate[bot]
fe115bdb16
deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY] (#1729) 
* deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY]

* deps: bump oras

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-05-11 17:23:17 +02:00
Paul Meyer
399b052f9e
bazel: add protoc codegen to //:generate target (#1554) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-30 14:47:29 +02:00
Daniel Weiße
99b12e4035
internal: refactor oid package to variant package (#1538) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-29 09:30:13 +02:00
Paul Meyer
e7fc541a57
bazel: add buf as protobuf formatter to //:tidy (#1511) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-23 18:08:49 +01:00
Paul Meyer
0036b24266 go: remove unused parameters 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-20 08:41:01 -04:00
Malte Poll
62e2e70699
bazel: use host platform by default (#1434) 2023-03-16 16:13:48 +01:00
Daniel Weiße
83d10b0e70
hack: remove unused tools (#1387) 
* Remove unused pcr-compare tool
* Remove unused pcr-reader tool
* Remove obsolete image-measurement tool

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-09 16:59:33 +01:00
Malte Poll
bdba9d8ba6
bazel: add build files for go (#1186) 
* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-09 15:23:42 +01:00
Daniel Weiße
5bad5f768b
attestation: create issuer based on kernel cmd line (#1355) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-09 09:47:28 +01:00
Paul Meyer
ebf7dd8842 openstack: use metadata client where possible 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-08 09:04:57 -05:00
Malte Poll
fc33a74c78
constants: make VersionInfo readonly (#1316) 
The variable VersionInfo is supposed to be set by `go build -X ...` during link time but should not be modified at runtime.
This change ensures the underlying var is private and can only be accessed by a public getter.
 2023-03-01 11:55:12 +01:00
Paul Meyer
d0109b833e
disk-mapper: make openstack image bootable (#1312) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-01 10:39:32 +01:00
Daniel Weiße
b3486fc32b
intenal: add logging to attestation issuer (#1264) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-02-28 16:34:18 +01:00
Malte Poll
b79f7d0c8c
cli: add basic support for constellation create on OpenStack (#1283) 
* image: support OpenStack image build / upload

* cli: add OpenStack terraform template

* config: add OpenStack as CSP

* versionsapi: add OpenStack as CSP

* cli: add OpenStack as provider for `config generate` and `create`

* disk-mapper: add basic support for boot on OpenStack

* debugd: add placeholder for OpenStack

* image: fix config file sourcing for image upload
 2023-02-27 18:19:52 +01:00
leongross
efc0cec4e1
image: verbose debugging options (#1159) 2023-02-24 14:25:39 +01:00