Arnaud Ferraris authored 3 years ago and Peter Senna Tschudin committed 3 years ago

The "Publishing a single application" section introduces the use of
.flatpakrepo files, which are detailed in the subsequent "Publishing a
repository" section. Moving the latter section before the former
therefore makes more sense.

Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>

Arnaud Ferraris authored 3 years ago and Peter Senna Tschudin committed 3 years ago

As requested, this commit adds more detailed explanations and
step-by-step commands for creating and installing signed flatpak
applications.

Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>

It has been dropped in the packaging-tools repository

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

One exception case, that of maintaining a package from an independent
upstream source tarball, was documented separately.

This was causing confusion to us all as this content wasn't reflected on
the master page, i.e. Apertis Packaging Guide

This patch just moves the content to the right location

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Change 'journactl' -> 'journalctl'

Signed-off-by: Andreas Elvstam Cantner <andreas.elvstam@se.bosch.com>

Update and re-shuffle the existing parts of the apparmor.md guide
to merge the old guide with the new guide:
 - Update summary with new ref links.
 - Reused a few sections but rephrased and updated references.
 - Removed a few, no longer needed, sections.
 - Fix minor formatting

Signed-off-by: Andreas Elvstam Cantner <andreas.elvstam@se.bosch.com>

Rewrite introduction to reflect the newly updated guide on AppArmor and
profile development. Briefly mention that DAC and capabilities are not
considered in the guide but considered prerequisites.

Signed-off-by: Andreas Elvstam Cantner <andreas.elvstam@se.bosch.com>

Apply 2 suggestion(s) to 1 file(s)

Summary of content:
 - Introduction to mount rules in AppArmor
 - Short explanation of correlation between CAP_SYS_ADMIN and mount
 - 2 examples for profiles that allow mount operations.

Signed-off-by: Andreas Elvstam Cantner <andreas.elvstam@se.bosch.com>

Jasarevic Samir authored 3 years ago and Elvstam Cantner Andreas committed 3 years ago

Signed-off-by: Samir Jasarevic <samir.jasarevic@se.bosch.com>

Signed-off-by: Samir Jasarevic <samir.jasarevic@se.bosch.com>

Jasarevic Samir authored 3 years ago and Elvstam Cantner Andreas committed 3 years ago

MAC-DAC-example.png figure added to the AppArmor guideline.

Signed-of-by:  <samir.jasarevic@se.bosch.com>

Introduction to file access in AppArmor.
An example of MAC and DAC file access permissions is shown.

Signed-off-by:  <samir.jasarevic@se.bosch.com>

Apply 4 suggestion(s) to 1 file(s)

Apply 1 suggestion(s) to 1 file(s)

Apply 1 suggestion(s) to 1 file(s)

Apply 2 suggestion(s) to 1 file(s)

Updated file access based on the review comments.

Signed-off-by:  <samir.jasarevic@se.bosch.com>

Update file access with 4 spaces for code

Signed-off-by:  <samir.jasarevic@se.bosch.com>

Elvstam Cantner Andreas authored 3 years ago and Elvstam Cantner Andreas committed 3 years ago

The current guideline on AppArmor covers basic overview and breifly mentions development
steps needed. This commit extends the AppArmor guideline with more in-depth development
steps and examples for how to developt AppArmor profiles.

Sections included:
Profile Introduction
 - Profile Modes
 - System Logs
Profile Development
 - Manually Write The Profile
 - Tool Aided Profile Development

Signed-off-by: Andreas Elvstam Cantner <andreas.elvstam@se.bosch.com>

Martyn Welch authored 3 years ago and Martyn Welch committed 3 years ago

Apertis now has open registration on it's GitLab instance. Update the
documentation to reflect this.

Correct some spelling mistakes and grammatical issues noticed when reading
documents.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Signed-off-by: Peter Senna Tschudin <peter.senna@collabora.com>

Denis Pynkin authored 3 years ago and Peter Senna Tschudin committed 3 years ago

Added the guide how to create Apertis tests for LAVA.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Ariel D'Alessandro authored 3 years ago and Martyn Welch committed 3 years ago

Debian upstream version tag should start with debian/ instead of
apertis/. Fix this.

Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

Arnaud Ferraris authored 3 years ago and Emanuele Aina committed 3 years ago

Using multiple occurrences of the `--sign-verify` option can be used to
configure a remote while a new signature key is being rolled out. Add a
paragraph explaining that use case.

Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>

Arnaud Ferraris authored 3 years ago and Emanuele Aina committed 3 years ago

This commit includes suggestions from reviewers and fixes the following
issues:
* use `ref` macros for internal links
* fix minor grammar and spelling issues
* add a warning regarding the preliminary state of Ed25519 support

Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>

Arnaud Ferraris authored 3 years ago and Emanuele Aina committed 3 years ago

This commit adds a user guide explaining how to create flatpaks signed
with the Ed25519 algorithm, and how to verify such flatpaks.

Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>

Elvstam Cantner Andreas authored 4 years ago and Martyn Welch committed 4 years ago

Change from localhost to proper link address for /policies/upstreaming
referenced from apparmor.md

Signed-off-by: Andreas Elvstam Cantner <andreas.elvstam@se.bosch.com>

Update some broken links by pointing them to the new location of the
ci-package-builder documentation.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Since we moved to an external CI config path branches like
`debian/buster-gitlab-update-job` are no  longer needed.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

We no longer use the `debian/apertis/gitlab-ci.yml` files in each
packaging repository but rather rely on a external CI config path.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Andrej Shadura authored 4 years ago and Emanuele Aina committed 4 years ago

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Andrej Shadura authored 4 years ago and Emanuele Aina committed 4 years ago

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Andrej Shadura authored 4 years ago and Emanuele Aina committed 4 years ago

The diagram comes in two formats:
 - SVG with editable text (apertis-dep-14-gitlab.svg)
   This is the primary source.
 - SVG with texts as paths (apertis-dep-14-gitlab-curves.svg)
   This is generated from the primary source; it is a preferred
   format for embedding as a figure in a document, since it
   doesn’t depend on the availability of fonts or the renderer’s
   ability to render them correctly.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Since we are editing the development process, use this an an
opportunity to improve the spelling in the document and the website's
custom dictionary.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

The development process states that a "Fixes: APERTIS-<task_id>" tag
should be added to relevant commit messages. At some point we had
functionality in place to automatically add comments on the Phabricator
task when such tags were present. I don't believe that this
functionality is still in place, hence the description is missleading.

This is also not something that I have seen being used (a lot?) by core
maintainers. Since this is not common practice we should remove this
requirement, simplifying the documented process for new contributors.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Thank you @andrewsh for spotting it.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

The titles in the supported virtualbox table are a bit messy. Clean them
up a bit.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

A few issues were missed when reviewing the addition of a table of
supported virtualbox versions:

- There's an additional "{" on one of the shortcodes that's getting
  rendered in the final page.
- The table is missing a column marker and is thus not getting formatted
  as a table.

Fix these two issues.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Benani Sagar Kishore authored 4 years ago and Martyn Welch committed 4 years ago

officially supported by Apertis for each release.

Fix some formatting issues, remarks and command names.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Walter Lozano authored 4 years ago and Martyn Welch committed 4 years ago

As currently the infrastructure repository uses only a master branch update
the links accordingly.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

As a reference for the installation of Automated License Compliance add a
guide to pointing to the pieces of software to be installed and upgraded.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

When a new release is branched, we need to ensure that a proper rotation
job is set for the respective release. In this example, we instantiate a
new timer for rotation of the images

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

For most major task, our user account suffice on OBS. But there are
certain exceptions, like creating new repositories, wherein we need
Admin level privileges.

This is required when we create new repositories for a stable release:
security, updates, backports.

Document this oddity that the user needs to have Admin level privileges

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>