1. 11 Sep, 2019 1 commit
  2. 10 Sep, 2019 4 commits
    • Emanuele Aina's avatar
      Disable HTTP pipelining in APT to avoid "Hash Sum Mismatch" · c83063aa
      Emanuele Aina authored
      Work around issues with the APT downloader corrupting files and
      causing "Hash Sum Mismatch" errors.
      
      A typical occurence is like:
      
          Get:97 https://repositories.apertis.org/apertis v2019pre/target amd64 libsystemd-dev amd64 240-5co3bb1 [317 kB]
          Err:97 https://repositories.apertis.org/apertis v2019pre/target amd64 libsystemd-dev amd64 240-5co3bb1
            Hash Sum mismatch
            Hashes of expected file:
             - SHA256:39654a35430ef132537880d67cd906bc958e1282e5e2d267e0d9ea96198c3649
             - SHA1:3d358b67b624162c4737a619de078cb8ae6091f6 [weak]
             - MD5Sum:c9da96eacf456df58bd564ab587a7a22 [weak]
             - Filesize:317116 [weak]
            Hashes of received file:
             - SHA256:caf4eacc492e6e67651c6d4ace49ee2800c3166e8d630cddd35b87c94042f655
             - SHA1:9690ac45a5282cc04fcbfc6fc3d2ac2e4c6fa375 [weak]
             - MD5Sum:33dcb5800d6e0c3c4d86f0e37c3d134e [weak]
             - Filesize:317116 [weak]
            Last modification reported: Tue, 21 May 2019 14:59:26 +0000
      
      The failures rate goes from hard-to-reproduce to reliably-fails.
      
      Downloading the affected files with `wget` or `curl` has not reproduced
      the issue, and only `apt` seems affected. The issue has hit jobs on
      Jenkins as well as pipelines on GitLab, and from time to time people
      have been able to remporarily reproduce it locally in image builder
      Docker container.
      
      From the captured network traffic it seems that HTTP pipelining is
      involved, disabling its usage in APT so far prevented the issue to come
      up in cases where it was reproducible.
      Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
      c83063aa
    • Denis Pynkin's avatar
      Jenkinsfile: sign ostree commit · 15a1e391
      Denis Pynkin authored
      Use secret file with base64 encoded ed25519 signature.
      Signed-off-by: 's avatarDenis Pynkin <denis.pynkin@collabora.com>
      15a1e391
    • Denis Pynkin's avatar
      ostree-images: enable signature verification · ed7a4c9a
      Denis Pynkin authored
      Enable signature verification for OTA updates by adding
      `sign-verify` key for remote "origin".
      After this only commits signed with known key will be used for
      update, i.e. public key must be placed into well-known system places
      or added into remote config by using keys `verification-key` or
      `verification-file`.
      Signed-off-by: 's avatarDenis Pynkin <denis.pynkin@collabora.com>
      ed7a4c9a
    • Denis Pynkin's avatar
      ostree-commit: add layer with valid public key · 76a8f66a
      Denis Pynkin authored
      Add ed25519 public key to be used for validation.
      Signed-off-by: 's avatarDenis Pynkin <denis.pynkin@collabora.com>
      76a8f66a
  3. 05 Sep, 2019 1 commit
    • Emanuele Aina's avatar
      target,{base,}sdk: Drop auditd · 5c0cd834
      Emanuele Aina authored
      The audit log can now be retrieved from the systemd journal and most if not all
      the testcases have been switched to do that.
      
      On the ostree images the auditd.service is failing because `/var/log/audit` is
      not being created on boot.
      
      	# systemctl status auditd.service
      	● auditd.service - Security Auditing Service
      	   Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
      	   Active: failed (Result: exit-code) since Thu 2019-09-05 22:55:59 UTC; 20s ago
      	     Docs: man:auditd(8)
      		   https://github.com/linux-audit/audit-documentation
      	  Process: 335 ExecStart=/sbin/auditd (code=exited, status=6)
      
      	Sep 05 22:55:59 apertis systemd[1]: Starting Security Auditing Service...
      	Sep 05 22:55:59 apertis auditd[335]: Could not open dir /var/log/audit (No such file or directory)
      	Sep 05 22:55:59 apertis auditd[335]: The audit daemon is exiting.
      	Sep 05 22:55:59 apertis systemd[1]: auditd.service: Control process exited, code=exited, status=6/NOTCONFIGURED
      	Sep 05 22:55:59 apertis systemd[1]: auditd.service: Failed with result 'exit-code'.
      	Sep 05 22:55:59 apertis systemd[1]: Failed to start Security Auditing Service.
      
      Any remaining non-ostree testcase still using `audit.log` can be ported to the
      journal as the longer term solution or it can add a dependency on the `auditd`
      package in the short term.
      Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
      5c0cd834
  4. 04 Sep, 2019 1 commit
  5. 03 Sep, 2019 1 commit
  6. 13 Aug, 2019 2 commits
  7. 08 Aug, 2019 1 commit
  8. 05 Aug, 2019 1 commit
  9. 30 Jul, 2019 1 commit
  10. 29 Jul, 2019 1 commit
  11. 22 Jul, 2019 1 commit
  12. 18 Jul, 2019 1 commit
  13. 17 Jul, 2019 3 commits
  14. 02 Jul, 2019 1 commit
  15. 01 Jul, 2019 1 commit
  16. 21 Jun, 2019 1 commit
  17. 18 Jun, 2019 1 commit
  18. 11 Jun, 2019 5 commits
  19. 07 Jun, 2019 2 commits
  20. 04 Jun, 2019 2 commits
  21. 03 Jun, 2019 6 commits
  22. 31 May, 2019 2 commits