Showing preview only (2,501K chars total). Download the full file or copy to clipboard to get everything.
Repository: gardenlinux/gardenlinux
Branch: main
Commit: 3fcf4befcee3
Files: 1260
Total size: 2.1 MB
Directory structure:
gitextract_ps9zllez/
├── .dockerignore
├── .flake8
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug_report.yml
│ │ └── enhancement_request.yml
│ ├── dependabot.yml
│ ├── labeler.yml
│ ├── pull_request_template.md
│ ├── release.yml
│ └── workflows/
│ ├── README.md
│ ├── build.yml
│ ├── build_bare_flavor.yml
│ ├── build_flavor.yml
│ ├── build_flavors_matrix.yml
│ ├── build_kmodbuild_container.yml
│ ├── build_lima_yaml_container.yml
│ ├── build_requirements.yml
│ ├── build_tests.yml
│ ├── check_adr_numbering.yml
│ ├── cloud_test_cleanup.yml
│ ├── cpe.yml
│ ├── dev.yml
│ ├── dev_tests.yml
│ ├── differential-shellcheck.yml
│ ├── download_flavor_version_data.yml
│ ├── download_flavors_images.yml
│ ├── download_workflow_data.yml
│ ├── format_diff.py
│ ├── generate_diff.sh
│ ├── get_workflow_infos.yml
│ ├── github.mjs
│ ├── github_rerun_workflow.yml
│ ├── labeler.yml
│ ├── manual_gh_release_page.yml
│ ├── manual_release.yml
│ ├── manual_tag_latest_container.yml
│ ├── manual_tests.yml
│ ├── nightly.yml
│ ├── publish.yml
│ ├── publish_kmodbuild_container.yml
│ ├── publish_oci_containers.yml
│ ├── publish_s3.yml
│ ├── reproducable_test.yml
│ ├── tag_latest_container.yml
│ ├── test_flavor_chroot.yml
│ ├── test_flavor_cloud.yml
│ ├── test_flavor_oci.yml
│ ├── test_flavor_qemu.yml
│ ├── test_report.yml
│ ├── test_update_python_runtime.yml
│ ├── tests.yml
│ ├── upload_to_github_release.yml
│ └── upload_to_s3.yml
├── .gitignore
├── CODEOWNERS
├── CONTRIBUTING.md
├── Containerfile.lima-manifest
├── LICENSE.md
├── LICENSES/
│ ├── Apache-2.0.txt
│ ├── CC-BY-4.0.txt
│ ├── LGPL-2.1-or-later.txt
│ └── MIT.txt
├── Makefile
├── Pipfile
├── README.md
├── REUSE.toml
├── SCOPE.md
├── SECURITY.md
├── VERSION.md
├── bare_flavors/
│ ├── libc/
│ │ ├── base
│ │ ├── dpkg_include
│ │ ├── include
│ │ ├── mode
│ │ ├── target
│ │ └── test/
│ │ ├── Containerfile
│ │ └── test.c
│ ├── nodejs/
│ │ ├── base
│ │ ├── include
│ │ ├── mode
│ │ ├── target
│ │ └── test/
│ │ ├── Containerfile
│ │ └── test.js
│ ├── python/
│ │ ├── base
│ │ ├── include
│ │ ├── mode
│ │ ├── target
│ │ └── test/
│ │ ├── Containerfile
│ │ └── test.py
│ └── sapmachine/
│ ├── base
│ ├── mode
│ ├── target
│ └── test/
│ ├── Containerfile
│ └── Test.java
├── bin/
│ ├── .constants.sh
│ ├── .dpkg-arch.sh
│ ├── .fix-apt-comments.sh
│ ├── .tar-exclude
│ ├── README.md
│ ├── check-pkgs-availability.py
│ ├── check-pkgs-pipelines.py
│ ├── find-build-container-for
│ ├── garden-chroot
│ ├── garden-debian-sources-list
│ ├── garden-version
│ ├── generate-lima-yaml.py
│ ├── get_arch.sh
│ ├── get_filename
│ ├── gl-flavors-parse
│ ├── glrd
│ ├── inject-sshkey
│ ├── make-ali-ami
│ ├── make-gcp-ami
│ ├── make-vhd
│ ├── shrink.sh
│ ├── start-vm
│ ├── upload-openstack
│ ├── urlescape
│ └── uuid_hash
├── build
├── build_bare_flavors
├── cert/
│ ├── Containerfile
│ ├── Makefile
│ ├── README.md
│ ├── build
│ ├── gardenlinux-nightly-intermediate-ca.chain
│ ├── gardenlinux-nightly-intermediate-ca.conf
│ ├── gardenlinux-nightly-intermediate-ca.crt
│ ├── gardenlinux-nightly-kernel-sign.chain
│ ├── gardenlinux-nightly-kernel-sign.conf
│ ├── gardenlinux-nightly-kernel-sign.crt
│ ├── gardenlinux-nightly-oci-sign.chain
│ ├── gardenlinux-nightly-oci-sign.conf
│ ├── gardenlinux-nightly-oci-sign.crt
│ ├── gardenlinux-nightly-root-ca.conf
│ ├── gardenlinux-nightly-root-ca.crt
│ ├── gardenlinux-nightly-secureboot.aws-efivars
│ ├── gardenlinux-nightly-secureboot.db.auth
│ ├── gardenlinux-nightly-secureboot.db.chain
│ ├── gardenlinux-nightly-secureboot.db.conf
│ ├── gardenlinux-nightly-secureboot.db.crt
│ ├── gardenlinux-nightly-secureboot.db.der
│ ├── gardenlinux-nightly-secureboot.kek.auth
│ ├── gardenlinux-nightly-secureboot.kek.chain
│ ├── gardenlinux-nightly-secureboot.kek.conf
│ ├── gardenlinux-nightly-secureboot.kek.crt
│ ├── gardenlinux-nightly-secureboot.kek.der
│ ├── gardenlinux-nightly-secureboot.null.pk.auth
│ ├── gardenlinux-nightly-secureboot.pk.auth
│ ├── gardenlinux-nightly-secureboot.pk.chain
│ ├── gardenlinux-nightly-secureboot.pk.conf
│ ├── gardenlinux-nightly-secureboot.pk.crt
│ ├── gardenlinux-nightly-secureboot.pk.der
│ ├── gardenlinux-nightly-tpm-sign.chain
│ ├── gardenlinux-nightly-tpm-sign.conf
│ ├── gardenlinux-nightly-tpm-sign.crt
│ ├── gardenlinux-release-intermediate-ca.chain
│ ├── gardenlinux-release-intermediate-ca.conf
│ ├── gardenlinux-release-intermediate-ca.crt
│ ├── gardenlinux-release-kernel-sign.chain
│ ├── gardenlinux-release-kernel-sign.conf
│ ├── gardenlinux-release-kernel-sign.crt
│ ├── gardenlinux-release-oci-sign.chain
│ ├── gardenlinux-release-oci-sign.conf
│ ├── gardenlinux-release-oci-sign.crt
│ ├── gardenlinux-release-repo-sign.crt
│ ├── gardenlinux-release-repo-sign.pub
│ ├── gardenlinux-release-root-ca.conf
│ ├── gardenlinux-release-root-ca.crt
│ ├── gardenlinux-release-secureboot.aws-efivars
│ ├── gardenlinux-release-secureboot.db.auth
│ ├── gardenlinux-release-secureboot.db.chain
│ ├── gardenlinux-release-secureboot.db.conf
│ ├── gardenlinux-release-secureboot.db.crt
│ ├── gardenlinux-release-secureboot.db.der
│ ├── gardenlinux-release-secureboot.kek.auth
│ ├── gardenlinux-release-secureboot.kek.chain
│ ├── gardenlinux-release-secureboot.kek.conf
│ ├── gardenlinux-release-secureboot.kek.crt
│ ├── gardenlinux-release-secureboot.kek.der
│ ├── gardenlinux-release-secureboot.null.pk.auth
│ ├── gardenlinux-release-secureboot.pk.auth
│ ├── gardenlinux-release-secureboot.pk.chain
│ ├── gardenlinux-release-secureboot.pk.conf
│ ├── gardenlinux-release-secureboot.pk.crt
│ ├── gardenlinux-release-secureboot.pk.der
│ ├── gardenlinux-release-tpm-sign.chain
│ ├── gardenlinux-release-tpm-sign.conf
│ ├── gardenlinux-release-tpm-sign.crt
│ ├── gardenlinux.io.conf
│ ├── gardenlinux.io.conf.ext
│ ├── gencert
│ ├── genefiauth
│ ├── gengpg
│ ├── gpg.conf
│ ├── intermediate-ca.conf
│ ├── kernel-sign.conf
│ ├── keyring.gpg
│ ├── oci-sign.conf
│ ├── root-ca.conf
│ ├── secureboot.db.conf
│ ├── secureboot.kek.conf
│ ├── secureboot.pk.conf
│ └── tpm-sign.conf
├── checksums.sha256
├── docs/
│ ├── 00_introduction/
│ │ ├── README.md
│ │ ├── kernel.md
│ │ ├── motivation.md
│ │ ├── package-pipeline.md
│ │ └── release.md
│ ├── 01_developers/
│ │ ├── README.md
│ │ ├── bare_container.md
│ │ ├── build_image.md
│ │ ├── build_image_openstack.md
│ │ ├── build_packages.md
│ │ ├── contributing.md
│ │ ├── github_pipelines.md
│ │ ├── test_image.md
│ │ ├── troubleshooting/
│ │ │ ├── README.md
│ │ │ └── package-linux/
│ │ │ ├── README.md
│ │ │ ├── build-fails-in-binary-phase-c-header-not-found.md
│ │ │ └── build-fails-in-source-phase-patch-is-rejected.md
│ │ └── vmware-ova.md
│ ├── 02_operators/
│ │ ├── README.md
│ │ ├── apt_repo.md
│ │ ├── deployment/
│ │ │ ├── aws-secureboot.md
│ │ │ ├── gcp-secureboot.md
│ │ │ ├── install-non-default.md
│ │ │ └── ipxe-install.md
│ │ ├── gardener-kernel-restart.md
│ │ ├── lima-vm.md
│ │ ├── local-k8s-lima.md
│ │ ├── ssh-hardening.md
│ │ └── time-configuration.md
│ ├── README.md
│ ├── architecture/
│ │ └── decisions/
│ │ ├── 0001-record-architecture-decisions.md
│ │ ├── 0002-dists-can-never-change-retroactively.md
│ │ ├── 0003-builder-updates-dependabot.md
│ │ ├── 0004-vendoring-go-dependencies.md
│ │ ├── 0005-secure-boot-keys-glci.md
│ │ ├── 0006-new-test-framework-in-place-self-contained-test-execution.md
│ │ ├── 0007-non-invasive-read-only-testing.md
│ │ ├── 0008-unified-and-declarative-test-logic.md
│ │ ├── 0009-flexible-distribution-and-reporting.md
│ │ ├── 0010-incremental-migration-and-coexistence-of-tests.md
│ │ ├── 0011-garden-linux-versioning.md
│ │ ├── 0012-remove-firecracker-feature.md
│ │ ├── 0013-discontinue-packages-musthave-tests.md
│ │ ├── 0014-enforce-pr-references-in-commits.md
│ │ ├── 0015-no-backports-from-stable.md
│ │ ├── 0016-minimal-host-dependencies-for-test-ng.md
│ │ ├── 0017-feature-cis-to-retain-shell-scripts.md
│ │ ├── 0018-revert-0003-builder-updates-dependabot.md
│ │ ├── 0019-standardize-on-systemd-timers.md
│ │ ├── 0020-enforce-single-platform-by-default-in-builder.md
│ │ ├── 0021-use-of-tiger-tool-in-tests-ng.md
│ │ ├── 0022-test-ng-system-state-diffing.md
│ │ ├── 0023-lima-image-download.md
│ │ ├── 0024-promote-lima-image-to-official.md
│ │ ├── 0025-disable-debsums-tests.md
│ │ ├── 0026-test-ng-when-to-parsers.md
│ │ ├── 0027-no-systemd-rc.md
│ │ ├── 0028-pin-actions-to-sha.md
│ │ ├── 0029-cis-selinux-permissive.md
│ │ ├── 0030-python-gardenlinux-lib.md
│ │ ├── 0031-builder-glci-interface.md
│ │ ├── 0032-static-feature-test-coverage-analysis.md
│ │ ├── 0033-retention-policy-for-gardener-cloud-images.md
│ │ └── README.md
│ └── boot_modes.md
├── examples/
│ ├── ignition/
│ │ ├── getct.sh
│ │ ├── install.sh
│ │ └── install.yaml
│ ├── ipxe/
│ │ ├── start-vm-ignition.ipxe
│ │ └── start-vm.ipxe
│ └── ipxe-install/
│ ├── boot.ipxe
│ ├── ignition.yaml
│ └── install.yaml
├── features/
│ ├── README.md
│ ├── _bfpxe/
│ │ ├── exec.config
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ └── dracut.conf.d/
│ │ │ │ └── 20-gl-live.conf
│ │ │ └── usr/
│ │ │ └── lib/
│ │ │ └── dracut/
│ │ │ └── modules.d/
│ │ │ └── 98gardenlinux-live/
│ │ │ ├── any.conf
│ │ │ ├── cleanup.sh
│ │ │ ├── gl-end.service
│ │ │ ├── is-live-image.sh
│ │ │ ├── live-get-squashfs.sh
│ │ │ ├── live-overlay-setup.sh
│ │ │ ├── live-sysroot-generator.sh
│ │ │ ├── module-setup.sh
│ │ │ └── squash-mount-generator.sh
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _build/
│ │ ├── README.md
│ │ ├── TODO
│ │ └── info.yaml
│ ├── _curl/
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _debug/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── debugbox.conf
│ │ │ │ └── systemd/
│ │ │ │ └── system/
│ │ │ │ ├── setup-debugbox-ssh.service
│ │ │ │ └── ssh-container.service
│ │ │ └── usr/
│ │ │ └── sbin/
│ │ │ └── setup-debugbox-ssh
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _dev/
│ │ ├── README.md
│ │ ├── exec.late
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ ├── emergency.service.d/
│ │ │ │ └── sulogin.conf
│ │ │ ├── getty@tty1.service.d/
│ │ │ │ └── autologin.conf
│ │ │ ├── rescue.service.d/
│ │ │ │ └── sulogin.conf
│ │ │ └── serial-getty@.service.d/
│ │ │ └── autologin.conf
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _ephemeral/
│ │ ├── info.yaml
│ │ ├── initrd.include/
│ │ │ └── etc/
│ │ │ ├── repart.d/
│ │ │ │ └── 10-var.conf
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ ├── ephemeral-cryptsetup.service
│ │ │ └── sysroot-var.mount
│ │ └── initrd.include.markers.yaml
│ ├── _fips/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── exec.late
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── dracut.conf.d/
│ │ │ │ └── 10-fips.conf
│ │ │ ├── gcrypt/
│ │ │ │ └── fips_enabled
│ │ │ ├── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ └── 30-fips.cfg
│ │ │ ├── system-fips
│ │ │ └── update-motd.d/
│ │ │ └── 06-logo
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _fwcfg/
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ └── systemd/
│ │ │ │ └── system/
│ │ │ │ └── qemu-fw_cfg-script.service
│ │ │ └── usr/
│ │ │ └── bin/
│ │ │ └── run-qemu-fw_cfg-script
│ │ ├── file.include.markers.yaml
│ │ └── info.yaml
│ ├── _ignite/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ └── dracut.conf.d/
│ │ │ │ └── 30-ignition.conf
│ │ │ └── usr/
│ │ │ └── lib/
│ │ │ └── dracut/
│ │ │ └── modules.d/
│ │ │ └── 30ignition-extra/
│ │ │ ├── after-net-online.conf
│ │ │ ├── ignition-env-generator.sh
│ │ │ ├── ignition-files.env
│ │ │ └── module-setup.sh
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _initrdDebug/
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── kernel/
│ │ │ └── cmdline.d/
│ │ │ └── ~~-rd-break.cfg
│ │ ├── info.yaml
│ │ └── initrd.include/
│ │ └── etc/
│ │ └── passwd
│ ├── _iso/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ └── systemd/
│ │ │ │ └── system/
│ │ │ │ ├── getty@tty1.service.d/
│ │ │ │ │ └── autologin.conf
│ │ │ │ └── serial-getty@.service.d/
│ │ │ │ └── autologin.conf
│ │ │ └── opt/
│ │ │ └── install/
│ │ │ ├── install.fstab
│ │ │ ├── install.part
│ │ │ └── install.sh
│ │ ├── file.include.markers.yaml
│ │ ├── image.iso
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _kdump/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── kernel/
│ │ │ │ │ └── cmdline.d/
│ │ │ │ │ └── 90-crashkernel.cfg
│ │ │ │ └── systemd/
│ │ │ │ └── system/
│ │ │ │ └── kdump-tools.service.d/
│ │ │ │ └── override.conf
│ │ │ └── usr/
│ │ │ └── local/
│ │ │ └── sbin/
│ │ │ └── prepare-initrd-kdump
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _legacy/
│ │ ├── exec.late
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ └── usr/
│ │ │ └── local/
│ │ │ └── sbin/
│ │ │ ├── update-bootloaders
│ │ │ ├── update-kernel-cmdline
│ │ │ └── update-syslinux
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _nocrypt/
│ │ ├── info.yaml
│ │ ├── initrd.include/
│ │ │ └── etc/
│ │ │ ├── repart.d/
│ │ │ │ └── 10-var.conf
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── sysroot-var.mount
│ │ └── initrd.include.markers.yaml
│ ├── _nopkg/
│ │ ├── README.md
│ │ └── info.yaml
│ ├── _oci/
│ │ ├── README.md
│ │ ├── image
│ │ └── info.yaml
│ ├── _prod/
│ │ ├── README.md
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── security/
│ │ │ │ └── limits.conf
│ │ │ ├── sysctl.d/
│ │ │ │ └── 99-disable-core-dump.conf
│ │ │ └── systemd/
│ │ │ └── coredump.conf.d/
│ │ │ └── disable_coredump.conf
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.exclude
│ ├── _pxe/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── dracut.conf.d/
│ │ │ │ │ ├── 20-gl-live.conf
│ │ │ │ │ └── 30-omit-cdc-ether.conf
│ │ │ │ └── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ └── 80-pxe.cfg
│ │ │ └── usr/
│ │ │ └── lib/
│ │ │ └── dracut/
│ │ │ └── modules.d/
│ │ │ └── 98gardenlinux-live/
│ │ │ ├── 99-any.conf
│ │ │ ├── cleanup.sh
│ │ │ ├── gl-end.service
│ │ │ ├── is-live-image.sh
│ │ │ ├── live-get-squashfs.sh
│ │ │ ├── live-overlay-setup.sh
│ │ │ ├── live-sysroot-generator.sh
│ │ │ ├── module-setup.sh
│ │ │ └── squash-mount-generator.sh
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _selinux/
│ │ ├── README.md
│ │ ├── exec.post
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── kernel/
│ │ │ └── cmdline.d/
│ │ │ └── 90-lsm.cfg
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── _slim/
│ │ ├── README.md
│ │ ├── exec.late
│ │ ├── file.exclude
│ │ └── info.yaml
│ ├── _tpm2/
│ │ ├── info.yaml
│ │ ├── initrd.include/
│ │ │ ├── etc/
│ │ │ │ ├── repart.d/
│ │ │ │ │ └── 10-var.conf
│ │ │ │ └── systemd/
│ │ │ │ └── system/
│ │ │ │ ├── check-tpm.service
│ │ │ │ ├── sysroot-var.mount
│ │ │ │ ├── systemd-cryptsetup-var.service
│ │ │ │ └── tpm2-measure.service
│ │ │ └── usr/
│ │ │ └── bin/
│ │ │ ├── check-tpm
│ │ │ └── measure-pcr7
│ │ ├── initrd.include.markers.yaml
│ │ └── requirements.mod
│ ├── _trustedboot/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── kernel/
│ │ │ └── cmdline.d/
│ │ │ └── 99-no-rd-shell.cfg
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ ├── initrd.include/
│ │ │ ├── etc/
│ │ │ │ └── systemd/
│ │ │ │ └── system/
│ │ │ │ ├── check-secureboot.service
│ │ │ │ └── emergency.service
│ │ │ └── usr/
│ │ │ └── bin/
│ │ │ └── check-secureboot
│ │ ├── initrd.include.markers.yaml
│ │ ├── requirements.mod
│ │ └── usi.config
│ ├── _unsigned/
│ │ ├── info.yaml
│ │ └── usi.config
│ ├── _usi/
│ │ ├── exec.config
│ │ ├── exec.post
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── kernel/
│ │ │ │ │ └── cmdline.d/
│ │ │ │ │ └── 99-no-gpt-auto.cfg
│ │ │ │ └── update-motd.d/
│ │ │ │ └── 25-secureboot
│ │ │ └── usr/
│ │ │ ├── local/
│ │ │ │ └── sbin/
│ │ │ │ └── update-kernel-cmdline
│ │ │ └── sbin/
│ │ │ └── enroll-gardenlinux-secureboot-keys
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ ├── initrd.include/
│ │ │ ├── etc/
│ │ │ │ ├── repart.d/
│ │ │ │ │ └── 00-efi.conf
│ │ │ │ └── systemd/
│ │ │ │ ├── system/
│ │ │ │ │ ├── sysroot-etc.mount
│ │ │ │ │ ├── sysroot-home.mount
│ │ │ │ │ ├── sysroot-opt.mount
│ │ │ │ │ ├── sysroot-root.mount
│ │ │ │ │ └── sysroot.mount
│ │ │ │ └── system-generators/
│ │ │ │ └── detect-disk-by-efivars
│ │ │ └── usr/
│ │ │ └── bin/
│ │ │ └── repart-esp-disk
│ │ ├── initrd.include.markers.yaml
│ │ ├── pkg.include
│ │ └── requirements.mod
│ ├── aide/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ └── systemd/
│ │ │ │ └── system/
│ │ │ │ ├── aide-check.service
│ │ │ │ ├── aide-check.timer
│ │ │ │ └── aide-init.service
│ │ │ └── usr/
│ │ │ └── local/
│ │ │ └── sbin/
│ │ │ └── aide-init-onboot.sh
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── ali/
│ │ ├── README.md
│ │ ├── convert.qcow2
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── cloud/
│ │ │ │ └── cloud.cfg.d/
│ │ │ │ ├── 01_debian-cloud.cfg
│ │ │ │ └── 99_disable-network-config.cfg
│ │ │ ├── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ └── 10-console.cfg
│ │ │ └── systemd/
│ │ │ ├── resolved.conf.d/
│ │ │ │ └── 00-gardenlinux-ali.conf
│ │ │ └── timesyncd.conf.d/
│ │ │ └── 00-gardenlinux-ali.conf
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── aws/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── cloud/
│ │ │ │ │ └── cloud.cfg.d/
│ │ │ │ │ ├── 01_debian-cloud.cfg
│ │ │ │ │ └── 99_disable-network-config.cfg
│ │ │ │ ├── dracut.conf.d/
│ │ │ │ │ └── 90-xen-blkfront-driver.conf
│ │ │ │ ├── kernel/
│ │ │ │ │ └── cmdline.d/
│ │ │ │ │ ├── 10-console.cfg
│ │ │ │ │ └── 70-nvme.cfg
│ │ │ │ └── systemd/
│ │ │ │ ├── resolved.conf.d/
│ │ │ │ │ └── 00-gardenlinux-aws.conf
│ │ │ │ ├── system/
│ │ │ │ │ ├── aws-clocksource.service
│ │ │ │ │ └── cloud-init-local.service.d/
│ │ │ │ │ └── override.conf
│ │ │ │ └── timesyncd.conf.d/
│ │ │ │ └── 00-gardenlinux-aws.conf
│ │ │ └── usr/
│ │ │ └── local/
│ │ │ └── sbin/
│ │ │ └── clocksource-setup.sh
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── azure/
│ │ ├── README.md
│ │ ├── convert.vhd
│ │ ├── exec.config
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── chrony/
│ │ │ │ └── chrony.conf
│ │ │ ├── cloud/
│ │ │ │ └── cloud.cfg.d/
│ │ │ │ └── 01_debian-cloud.cfg
│ │ │ ├── dracut.conf.d/
│ │ │ │ └── 67-azure-nvme-modules.conf
│ │ │ ├── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ ├── 10-console.cfg
│ │ │ │ └── 45-nvme-timeout.cfg
│ │ │ ├── systemd/
│ │ │ │ ├── 99-azure-unmanaged-devices.network
│ │ │ │ ├── system/
│ │ │ │ │ └── chronyd.service.d/
│ │ │ │ │ └── 10-after_dev-ptp_hyperv.device.conf
│ │ │ │ └── system-preset/
│ │ │ │ └── 00-chrony-disable.preset
│ │ │ └── udev/
│ │ │ └── rules.d/
│ │ │ ├── 60-hyperv-ptp.rules
│ │ │ ├── 66-azure-storage.rules
│ │ │ └── 99-azure-product-uuid.rules
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ ├── pkg.exclude
│ │ └── pkg.include
│ ├── baremetal/
│ │ └── info.yaml
│ ├── base/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── exec.post
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── apt/
│ │ │ │ │ ├── apt.conf.d/
│ │ │ │ │ │ ├── autoclean
│ │ │ │ │ │ ├── gzip-indexes
│ │ │ │ │ │ ├── no-caches
│ │ │ │ │ │ ├── no-languages
│ │ │ │ │ │ ├── no-recommends
│ │ │ │ │ │ └── no-suggests
│ │ │ │ │ └── preferences.d/
│ │ │ │ │ └── gardenlinux
│ │ │ │ ├── dpkg/
│ │ │ │ │ ├── dpkg.cfg.d/
│ │ │ │ │ │ ├── forceold
│ │ │ │ │ │ └── speedup
│ │ │ │ │ └── origins/
│ │ │ │ │ └── gardenlinux
│ │ │ │ ├── sysctl.d/
│ │ │ │ │ └── 10-disable-sysrq.conf
│ │ │ │ ├── ucf.conf
│ │ │ │ └── veritytab
│ │ │ └── var/
│ │ │ └── www/
│ │ │ └── .gitignore
│ │ ├── file.include.markers.yaml
│ │ ├── fstab
│ │ ├── info.yaml
│ │ ├── pkg.exclude
│ │ └── pkg.include
│ ├── bluefield/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── dracut.conf.d/
│ │ │ │ │ └── 90-virtio-console.conf
│ │ │ │ ├── kernel/
│ │ │ │ │ ├── cmdline.d/
│ │ │ │ │ │ ├── 00-default.cfg
│ │ │ │ │ │ └── 10-console.cfg
│ │ │ │ │ ├── entry-token
│ │ │ │ │ └── postinst.d/
│ │ │ │ │ ├── 00-kernel-cmdline
│ │ │ │ │ └── 00-ucode
│ │ │ │ ├── systemd/
│ │ │ │ │ └── system/
│ │ │ │ │ ├── getty@tty1.service.d/
│ │ │ │ │ │ └── autologin.conf
│ │ │ │ │ └── serial-getty@.service.d/
│ │ │ │ │ └── autologin.conf
│ │ │ │ └── udev/
│ │ │ │ └── rules.d/
│ │ │ │ ├── 69-nostbyrot.rules
│ │ │ │ └── 71-intellldp.rules
│ │ │ ├── opt/
│ │ │ │ └── persist/
│ │ │ │ ├── install.fstab
│ │ │ │ ├── install.part
│ │ │ │ └── install.sh
│ │ │ └── usr/
│ │ │ └── sbin/
│ │ │ └── update-usbids
│ │ ├── hack/
│ │ │ ├── Dockerfile
│ │ │ ├── defaults
│ │ │ ├── mlx-trio
│ │ │ ├── mlxbf-livefish
│ │ │ ├── mlxbf-pka
│ │ │ ├── mlxbf-pka.d/
│ │ │ │ └── class_create.patch
│ │ │ ├── mlxbf-ptm
│ │ │ ├── packages/
│ │ │ │ └── .placeholder
│ │ │ └── pwr-mlxbf
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── capi/
│ │ ├── README.md
│ │ ├── info.yaml
│ │ ├── pkg.exclude
│ │ └── pkg.include
│ ├── checkbox/
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── kernel/
│ │ │ │ │ └── cmdline.iso
│ │ │ │ └── systemd/
│ │ │ │ ├── journald.conf.d/
│ │ │ │ │ └── 10-logs.conf
│ │ │ │ ├── system/
│ │ │ │ │ └── generate-report.service
│ │ │ │ └── system.conf.d/
│ │ │ │ └── 10-dmesg.conf
│ │ │ └── usr/
│ │ │ ├── lib/
│ │ │ │ └── checkbox-provider-base/
│ │ │ │ └── bin/
│ │ │ │ ├── dmesg_colored.sh
│ │ │ │ ├── hw_encrypt_check.sh
│ │ │ │ ├── tpm_check.sh
│ │ │ │ └── virtualization_disabled.sh
│ │ │ ├── local/
│ │ │ │ └── bin/
│ │ │ │ └── generate-report.sh
│ │ │ └── share/
│ │ │ └── checkbox-provider-base/
│ │ │ └── units/
│ │ │ └── gardenlinux/
│ │ │ ├── category.pxu
│ │ │ ├── jobs.pxu
│ │ │ ├── manifest.pxu
│ │ │ └── test-plan.pxu
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── chost/
│ │ ├── README.md
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── containerd/
│ │ │ │ └── config.toml
│ │ │ ├── crictl.yaml
│ │ │ ├── modprobe.d/
│ │ │ │ └── overlayfs.conf
│ │ │ ├── modules-load.d/
│ │ │ │ ├── br_netfilter.conf
│ │ │ │ ├── ip_tables.conf
│ │ │ │ └── overlay.conf
│ │ │ ├── sysctl.d/
│ │ │ │ ├── ip-forward.conf
│ │ │ │ └── nf-call-iptables.conf
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── containerd.service.d/
│ │ │ └── override.conf
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── cis/
│ │ ├── README.md
│ │ ├── exec.config
│ │ └── info.yaml
│ ├── cisAudit/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── audit/
│ │ │ │ └── rules.d/
│ │ │ │ └── 99-cis.rules
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── audit-rules.service.d/
│ │ │ └── override.conf
│ │ ├── file.include.markers.yaml
│ │ └── info.yaml
│ ├── cisModprobe/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── modprobe.d/
│ │ │ ├── cramfs.conf
│ │ │ ├── dccp.conf
│ │ │ ├── freevxfs.conf
│ │ │ ├── jffs2.conf
│ │ │ ├── rds.conf
│ │ │ ├── sctp.conf
│ │ │ ├── squashfs.conf
│ │ │ ├── tipc.conf
│ │ │ └── udf.conf
│ │ ├── file.include.markers.yaml
│ │ └── info.yaml
│ ├── cisOS/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── kernel/
│ │ │ │ │ ├── cmdline.d/
│ │ │ │ │ │ ├── 10-audit-proc.cfg
│ │ │ │ │ │ └── 20-audit-backlog.cfg
│ │ │ │ │ ├── postinst.d/
│ │ │ │ │ │ ├── zz-kernel-cmdline
│ │ │ │ │ │ ├── zz-kernel-install
│ │ │ │ │ │ └── zz-update-syslinux
│ │ │ │ │ └── postrm.d/
│ │ │ │ │ ├── zz-kernel-remove
│ │ │ │ │ └── zz-update-syslinux
│ │ │ │ ├── logrotate.d/
│ │ │ │ │ ├── btmp
│ │ │ │ │ └── wtmp
│ │ │ │ ├── pam.d/
│ │ │ │ │ ├── common-account
│ │ │ │ │ └── common-auth
│ │ │ │ ├── security/
│ │ │ │ │ └── limits.conf
│ │ │ │ ├── selinux/
│ │ │ │ │ └── config
│ │ │ │ └── sysstat/
│ │ │ │ └── sysstat
│ │ │ └── usr/
│ │ │ └── lib/
│ │ │ └── tmpfiles.d/
│ │ │ └── var.conf
│ │ ├── file.include.markers.yaml
│ │ └── info.yaml
│ ├── cisPackages/
│ │ ├── README.md
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── cisPartition/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── tmp.mount
│ │ ├── file.include.markers.yaml
│ │ ├── fstab
│ │ └── info.yaml
│ ├── cisSshd/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── firewall/
│ │ │ │ ├── ipv4_flush.sh
│ │ │ │ ├── ipv4_gl_default.conf
│ │ │ │ ├── ipv6_flush.sh
│ │ │ │ └── ipv6_gl_default.conf
│ │ │ ├── ssh/
│ │ │ │ └── sshd-banner
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ ├── gardenlinux-fw-ipv4.service
│ │ │ └── gardenlinux-fw-ipv6.service
│ │ ├── file.include.markers.yaml
│ │ └── info.yaml
│ ├── cisSysctl/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── sysctl.d/
│ │ │ └── 99-cis.conf
│ │ ├── file.include.markers.yaml
│ │ └── info.yaml
│ ├── clamav/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── var/
│ │ │ └── spool/
│ │ │ └── cron/
│ │ │ └── crontabs/
│ │ │ └── root
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── cloud/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── kernel/
│ │ │ │ ├── cmdline.d/
│ │ │ │ │ ├── 00-default.cfg
│ │ │ │ │ ├── 40-enable-swap-cgroup-accounting.cfg
│ │ │ │ │ └── 60-timeout.cfg
│ │ │ │ ├── entry-token
│ │ │ │ ├── postinst.d/
│ │ │ │ │ ├── 00-kernel-cmdline
│ │ │ │ │ └── zz-update-syslinux
│ │ │ │ └── postrm.d/
│ │ │ │ └── zz-update-syslinux
│ │ │ ├── modprobe.d/
│ │ │ │ ├── disabled_firewire.conf
│ │ │ │ ├── disabled_fs.conf
│ │ │ │ ├── disabled_net.conf
│ │ │ │ ├── disabled_udf.conf
│ │ │ │ └── disabled_usb.conf
│ │ │ ├── profile.d/
│ │ │ │ └── 50-autologout.sh
│ │ │ ├── repart.d/
│ │ │ │ └── root.conf
│ │ │ ├── sysctl.d/
│ │ │ │ ├── 20-cloud.conf
│ │ │ │ ├── 21-ipv4-settings.conf
│ │ │ │ └── 22-ipv6-settings.conf
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── rngd.service.d/
│ │ │ └── architecture.conf
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── container/
│ │ ├── README.md
│ │ ├── image.oci
│ │ └── info.yaml
│ ├── disaSTIGlow/
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── audit/
│ │ │ │ └── auditd.conf
│ │ │ ├── security/
│ │ │ │ ├── faillock.conf
│ │ │ │ ├── limits.conf
│ │ │ │ └── pwquality.conf
│ │ │ └── sysctl.d/
│ │ │ └── 99-disaSTIG.conf
│ │ ├── file.include.markers.yaml
│ │ └── info.yaml
│ ├── fedramp/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── chrony/
│ │ │ │ └── chrony.conf
│ │ │ ├── firewall/
│ │ │ │ ├── ipv4_flush.sh
│ │ │ │ ├── ipv4_gl_default.conf
│ │ │ │ ├── ipv6_flush.sh
│ │ │ │ └── ipv6_gl_default.conf
│ │ │ ├── issue.net
│ │ │ ├── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ ├── 30-fips.cfg
│ │ │ │ └── 90-lsm.cfg
│ │ │ ├── security/
│ │ │ │ └── limits.conf
│ │ │ ├── ssh/
│ │ │ │ └── sshd_config
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ ├── gardenlinux-fw-ipv4.service
│ │ │ └── gardenlinux-fw-ipv6.service
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ ├── pkg.exclude
│ │ └── pkg.include
│ ├── firewall/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── nft.d/
│ │ │ └── default.conf
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── gardener/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ └── 90-lsm.cfg
│ │ │ ├── modules-load.d/
│ │ │ │ └── ipvs.conf
│ │ │ ├── sysctl.d/
│ │ │ │ └── 40-allow-nonroot-dmesg.conf
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── containerd.service.d/
│ │ │ └── override.conf
│ │ ├── file.include.markers.yaml
│ │ ├── fstab.mod
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── gcp/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── kernel/
│ │ │ │ │ └── cmdline.d/
│ │ │ │ │ ├── 00-cmdline.cfg
│ │ │ │ │ └── 10-console.cfg
│ │ │ │ └── systemd/
│ │ │ │ └── timesyncd.conf.d/
│ │ │ │ └── 00-gardenlinux-gcp.conf
│ │ │ └── usr/
│ │ │ └── lib/
│ │ │ └── udev/
│ │ │ └── rules.d/
│ │ │ └── 64-gce-disk-removal.rules
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ ├── pkg.exclude
│ │ └── pkg.include
│ ├── gdch/
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── cloud/
│ │ │ │ └── cloud.cfg.d/
│ │ │ │ └── 91-gdch-system.cfg
│ │ │ └── kernel/
│ │ │ └── cmdline.d/
│ │ │ ├── 00-cmdline.cfg
│ │ │ └── 10-console.cfg
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ ├── pkg.exclude
│ │ └── pkg.include
│ ├── glvd/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── update-motd.d/
│ │ │ └── 99-glvd
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── iscsi/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── iscsi/
│ │ │ │ └── initiatorname.iscsi.template
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── iscsi-initiatorname.service
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── khost/
│ │ ├── README.md
│ │ ├── exec.late
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── modules-load.d/
│ │ │ │ └── br-nf.conf
│ │ │ └── sysctl.d/
│ │ │ ├── 20-br-nf.conf
│ │ │ ├── 20-inotify.conf
│ │ │ └── 20-ip-forward.conf
│ │ ├── file.include.markers.yaml
│ │ ├── fstab.mod
│ │ ├── info.yaml
│ │ ├── pkg.include
│ │ └── release.key
│ ├── kvm/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ ├── 10-console.cfg
│ │ │ │ └── 50-ignition.cfg
│ │ │ ├── systemd/
│ │ │ │ └── system/
│ │ │ │ └── ignition-disable.service
│ │ │ └── udev/
│ │ │ └── rules.d/
│ │ │ └── 60-onmetal.rules
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── lima/
│ │ ├── README.md
│ │ ├── convert.qcow2
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── kernel/
│ │ │ ├── cmdline.d/
│ │ │ │ ├── 00-default.cfg
│ │ │ │ └── 10-console.cfg
│ │ │ └── postinst.d/
│ │ │ └── 00-kernel-cmdline
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ ├── pkg.include
│ │ └── samples/
│ │ ├── README.md
│ │ ├── _images/
│ │ │ └── gardenlinux-2150.yaml
│ │ ├── gardenlinux-containerd.yaml
│ │ ├── gardenlinux-k8s.yaml
│ │ └── gardenlinux-rootless-podman.yaml
│ ├── log/
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── audit/
│ │ │ │ └── rules.d/
│ │ │ │ ├── 10-base-config.rules
│ │ │ │ ├── 12-cont-fail.rules
│ │ │ │ ├── 12-ignore-error.rules
│ │ │ │ └── README
│ │ │ ├── rsyslog.conf
│ │ │ ├── rsyslog.d/
│ │ │ │ ├── 10-local.conf.disabled
│ │ │ │ ├── 20-input.conf
│ │ │ │ ├── 21-input-klog.conf.disabled
│ │ │ │ ├── 29-input-mark.conf.disabled
│ │ │ │ ├── 30-server.conf.disabled
│ │ │ │ └── 60-audit-log-service.conf.disabled
│ │ │ └── systemd/
│ │ │ └── journald.conf.d/
│ │ │ ├── 10-minimum.conf
│ │ │ └── 20-rsyslog.conf
│ │ ├── file.include.markers.yaml
│ │ ├── file.include.stat
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── metal/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── kernel/
│ │ │ │ │ ├── cmdline.d/
│ │ │ │ │ │ ├── 00-default.cfg
│ │ │ │ │ │ └── 10-console.cfg
│ │ │ │ │ ├── entry-token
│ │ │ │ │ ├── postinst.d/
│ │ │ │ │ │ ├── 00-kernel-cmdline
│ │ │ │ │ │ ├── 00-ucode
│ │ │ │ │ │ └── zz-update-syslinux
│ │ │ │ │ └── postrm.d/
│ │ │ │ │ └── zz-update-syslinux
│ │ │ │ └── udev/
│ │ │ │ └── rules.d/
│ │ │ │ ├── 69-nostbyrot.rules
│ │ │ │ └── 71-intellldp.rules
│ │ │ └── usr/
│ │ │ └── sbin/
│ │ │ └── update-usbids
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── multipath/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── multipath.conf
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── nodejs/
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── nvme/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── nvme-hostid.service
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── openstack/
│ │ ├── convert.qcow2
│ │ ├── convert.vmdk
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── cloud/
│ │ │ ├── cloud.cfg.d/
│ │ │ │ ├── 01_debian-cloud.cfg
│ │ │ │ └── 50-datasource.cfg
│ │ │ └── ds-identify.cfg
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── openstackCloud/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── cloud/
│ │ │ │ └── cloud.cfg.d/
│ │ │ │ └── 99_disable-network-config.cfg
│ │ │ └── kernel/
│ │ │ └── cmdline.d/
│ │ │ └── 10-console.cfg
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── openstackMetal/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── cloud/
│ │ │ │ └── cloud.cfg.d/
│ │ │ │ └── 65-network-config.cfg
│ │ │ ├── dracut.conf.d/
│ │ │ │ └── 49-include-bnxt-drivers.conf
│ │ │ ├── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ └── 40-enable-swap-cgroup-accounting.cfg
│ │ │ ├── modprobe.d/
│ │ │ │ └── 10-disallow-nouveau.conf
│ │ │ ├── profile.d/
│ │ │ │ └── 50-autologout.sh
│ │ │ ├── repart.d/
│ │ │ │ └── root.conf
│ │ │ └── sysctl.d/
│ │ │ └── 20-cloud.conf
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── python/
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── pythonDev/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ └── usr/
│ │ │ └── bin/
│ │ │ └── exportLibs.py
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── sap/
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── audit/
│ │ │ │ │ └── rules.d/
│ │ │ │ │ ├── 70-privilege-escalation.rules
│ │ │ │ │ ├── 70-privileged-special.rules
│ │ │ │ │ ├── 70-privileged-special.rules.arm64
│ │ │ │ │ └── 70-system-integrity.rules
│ │ │ │ ├── issue
│ │ │ │ ├── issue.net
│ │ │ │ ├── motd
│ │ │ │ └── tmpfiles.d/
│ │ │ │ └── legacy.conf
│ │ │ └── usr/
│ │ │ └── local/
│ │ │ └── share/
│ │ │ └── ca-certificates/
│ │ │ └── SAP_Global_Root_CA.crt
│ │ ├── file.include.markers.yaml
│ │ ├── file.include.stat
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── sapmachine/
│ │ ├── exec.late
│ │ ├── info.yaml
│ │ ├── pkg.include
│ │ └── sapmachine.key
│ ├── server/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── exec.early
│ │ ├── exec.post
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── dracut.conf.d/
│ │ │ │ │ ├── 25-uefi-stub.conf
│ │ │ │ │ └── general.conf
│ │ │ │ ├── kernel-img.conf
│ │ │ │ ├── locale.conf
│ │ │ │ ├── machine-id
│ │ │ │ ├── profile.d/
│ │ │ │ │ └── 50-nohistory.sh
│ │ │ │ ├── sudoers.d/
│ │ │ │ │ ├── keepssh
│ │ │ │ │ └── wheel
│ │ │ │ ├── sysctl.d/
│ │ │ │ │ ├── 40-enable-unprivileged-user-namespaces.conf
│ │ │ │ │ ├── 40-restrict-dmesg.conf
│ │ │ │ │ └── 90-allow-ping-for-non-root-user.conf
│ │ │ │ ├── systemd/
│ │ │ │ │ ├── network/
│ │ │ │ │ │ └── 99-default.network
│ │ │ │ │ ├── networkd.conf.d/
│ │ │ │ │ │ └── 00-gardenlinux-server.conf
│ │ │ │ │ ├── resolved.conf.d/
│ │ │ │ │ │ ├── 00-disable-llmnr.conf
│ │ │ │ │ │ └── 01-disable-mdns.conf
│ │ │ │ │ ├── system/
│ │ │ │ │ │ ├── kexec-load@.service
│ │ │ │ │ │ ├── systemd-coredump@.service.d/
│ │ │ │ │ │ │ └── override.conf
│ │ │ │ │ │ ├── systemd-growfs@.service.d/
│ │ │ │ │ │ │ └── override.conf
│ │ │ │ │ │ ├── systemd-networkd-wait-online.service.d/
│ │ │ │ │ │ │ └── any.conf
│ │ │ │ │ │ ├── systemd-resolved.service.d/
│ │ │ │ │ │ │ └── wait-for-networkd.conf
│ │ │ │ │ │ ├── systemd-timesyncd.service.d/
│ │ │ │ │ │ │ └── override.conf
│ │ │ │ │ │ └── tmp.mount
│ │ │ │ │ └── system.conf.d/
│ │ │ │ │ └── 00-gardenlinux-server.conf
│ │ │ │ └── update-motd.d/
│ │ │ │ ├── 05-logo
│ │ │ │ ├── 10-hostname
│ │ │ │ ├── 20-uname
│ │ │ │ ├── 30-load
│ │ │ │ ├── 40-free
│ │ │ │ ├── 45-line
│ │ │ │ ├── 50-network
│ │ │ │ ├── 55-line
│ │ │ │ ├── 92-unattended-upgrades
│ │ │ │ └── 95-needrestart
│ │ │ └── usr/
│ │ │ ├── lib/
│ │ │ │ └── systemd/
│ │ │ │ └── system/
│ │ │ │ └── dbus.socket
│ │ │ └── share/
│ │ │ └── pam-configs/
│ │ │ ├── garden
│ │ │ └── garden-extra
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ ├── pkg.include
│ │ └── todo
│ ├── ssh/
│ │ ├── README.md
│ │ ├── exec.config
│ │ ├── file.exclude
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ ├── ssh/
│ │ │ │ ├── ssh_config
│ │ │ │ └── sshd_config
│ │ │ └── systemd/
│ │ │ ├── system/
│ │ │ │ ├── ssh-keygen.service
│ │ │ │ └── ssh-moduli.service
│ │ │ └── system-preset/
│ │ │ └── 00-sshsocket-disable.preset
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── sssd/
│ │ ├── README.md
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── stig/
│ │ ├── exec.config
│ │ ├── file.include/
│ │ │ ├── etc/
│ │ │ │ ├── apt/
│ │ │ │ │ └── apt.conf.d/
│ │ │ │ │ └── 01-vendor-Ubuntu
│ │ │ │ ├── audit/
│ │ │ │ │ ├── auditd.conf
│ │ │ │ │ └── rules.d/
│ │ │ │ │ └── stig.rules
│ │ │ │ ├── kernel/
│ │ │ │ │ └── cmdline.d/
│ │ │ │ │ └── 90-audit.cfg
│ │ │ │ ├── modprobe.d/
│ │ │ │ │ └── disabled_usb.conf
│ │ │ │ ├── pam.d/
│ │ │ │ │ ├── common-auth
│ │ │ │ │ └── common-password
│ │ │ │ ├── rsyslog.d/
│ │ │ │ │ └── 50-default.conf
│ │ │ │ ├── security/
│ │ │ │ │ ├── faillock.conf
│ │ │ │ │ ├── limits.conf
│ │ │ │ │ └── pwquality.conf
│ │ │ │ ├── ssh/
│ │ │ │ │ └── sshd_config
│ │ │ │ └── sysctl.d/
│ │ │ │ └── 99-stig.conf
│ │ │ └── usr/
│ │ │ └── share/
│ │ │ └── pam-configs/
│ │ │ └── garden-stig
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── stigDev/
│ │ ├── exec.late
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── sudoers.d/
│ │ │ └── user
│ │ ├── info.yaml
│ │ └── pkg.include
│ ├── vhost/
│ │ ├── README.md
│ │ ├── file.include/
│ │ │ └── etc/
│ │ │ └── systemd/
│ │ │ └── system-preset/
│ │ │ └── 00-disable-libvirtd-tls-socket.preset
│ │ ├── file.include.markers.yaml
│ │ ├── info.yaml
│ │ └── pkg.include
│ └── vmware/
│ ├── README.md
│ ├── convert.ova
│ ├── exec.config
│ ├── file.include/
│ │ ├── etc/
│ │ │ ├── cloud/
│ │ │ │ └── cloud.cfg.d/
│ │ │ │ ├── 01_debian-cloud.cfg
│ │ │ │ ├── 99_disable-network-config.cfg
│ │ │ │ └── 99_enabled-datasources.cfg
│ │ │ ├── kernel/
│ │ │ │ └── cmdline.d/
│ │ │ │ ├── 10-console.cfg
│ │ │ │ └── 50-ignition.cfg
│ │ │ └── systemd/
│ │ │ └── system/
│ │ │ └── ignition-disable.service
│ │ └── usr/
│ │ ├── bin/
│ │ │ └── dscheck_VMwareGuestInfo
│ │ └── lib/
│ │ └── python3/
│ │ └── dist-packages/
│ │ └── cloudinit/
│ │ └── sources/
│ │ └── DataSourceVMwareGuestInfo.py
│ ├── file.include.markers.yaml
│ ├── info.yaml
│ ├── make-ova
│ ├── pkg.include
│ └── vmware.ovf.template
├── flavors.yaml
├── gardenlinux.asc
├── get_commit
├── get_repo
├── get_timestamp
├── get_version
├── hack/
│ ├── .gl-search-functions.sh
│ ├── README.md
│ ├── compare-apt-repo-versions-gl-debian.sh
│ ├── compare-apt-repo-versions.sh
│ ├── devscp
│ ├── devssh
│ ├── enable_inactive_workflows
│ ├── get-selected-gl-bom.sh
│ ├── gl-pkg-url.sh
│ ├── gl-search.sh
│ ├── glvd-search.sh
│ ├── list-package-releases.sh
│ ├── local-vm-workstation/
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── Vagrantfile
│ │ ├── deps.list
│ │ └── init.sh
│ └── parse-aptsource.py
├── images/
│ └── kmodbuild/
│ ├── Containerfile
│ └── list_headers
├── keyring.gpg
├── pyrightconfig.json
├── requirements.txt
├── tests/
│ ├── .gitignore
│ ├── DEVELOPER-TESTCOV.md
│ ├── DEVELOPER.md
│ ├── README.md
│ ├── conftest.py
│ ├── dev.makefile
│ ├── handlers/
│ │ ├── configure_nvme.py
│ │ ├── iscsi.py
│ │ ├── pip.py
│ │ └── services.py
│ ├── integration/
│ │ ├── boot/
│ │ │ ├── test_cloud_init.py
│ │ │ ├── test_ignition.py
│ │ │ ├── test_initrd.py
│ │ │ ├── test_iso.py
│ │ │ ├── test_legacy.py
│ │ │ └── test_secureboot.py
│ │ ├── core/
│ │ │ ├── test_autologin.py
│ │ │ ├── test_base.py
│ │ │ ├── test_codedump.py
│ │ │ ├── test_deny_packages.py
│ │ │ ├── test_dmesg.py
│ │ │ ├── test_history.py
│ │ │ ├── test_logging.py
│ │ │ ├── test_network.py
│ │ │ ├── test_proc.py
│ │ │ ├── test_profile.py
│ │ │ ├── test_server.py
│ │ │ ├── test_services.py
│ │ │ ├── test_sysdiff.py
│ │ │ ├── test_time.py
│ │ │ └── test_users_groups.py
│ │ ├── infrastructure/
│ │ │ ├── test_cloud_platforms.py
│ │ │ ├── test_iscsi.py
│ │ │ ├── test_kvm.py
│ │ │ ├── test_metal.py
│ │ │ └── test_nvme.py
│ │ ├── kernel/
│ │ │ ├── test_kernel_cmdline.py
│ │ │ ├── test_kernel_count.py
│ │ │ ├── test_kernel_modules.py
│ │ │ └── test_kernel_parameters.py
│ │ ├── runtime/
│ │ │ ├── test_checkbox.py
│ │ │ ├── test_chost.py
│ │ │ ├── test_clamav.py
│ │ │ ├── test_containers.py
│ │ │ ├── test_gardener.py
│ │ │ ├── test_glvd.py
│ │ │ ├── test_khost.py
│ │ │ ├── test_nodejs.py
│ │ │ ├── test_pythonDev.py
│ │ │ ├── test_sap.py
│ │ │ └── test_sapmachine.py
│ │ └── security/
│ │ ├── compliance/
│ │ │ ├── test_cis.py
│ │ │ ├── test_disastig_00005.py
│ │ │ ├── test_disastig_00009.py
│ │ │ ├── test_disastig_00013.py
│ │ │ ├── test_disastig_00041.py
│ │ │ ├── test_disastig_00046.py
│ │ │ ├── test_disastig_00047.py
│ │ │ ├── test_disastig_00050.py
│ │ │ ├── test_disastig_00063.py
│ │ │ ├── test_disastig_00067.py
│ │ │ ├── test_disastig_00069.py
│ │ │ ├── test_disastig_00072.py
│ │ │ ├── test_disastig_00084.py
│ │ │ ├── test_disastig_00089.py
│ │ │ ├── test_disastig_00097.py
│ │ │ ├── test_disastig_00098.py
│ │ │ ├── test_disastig_00100.py
│ │ │ ├── test_disastig_00108.py
│ │ │ ├── test_disastig_00136.py
│ │ │ ├── test_disastig_00143.py
│ │ │ ├── test_disastig_00146.py
│ │ │ ├── test_disastig_00149.py
│ │ │ ├── test_disastig_00153.py
│ │ │ ├── test_disastig_00155.py
│ │ │ ├── test_disastig_00170.py
│ │ │ ├── test_disastig_00173.py
│ │ │ ├── test_disastig_00175.py
│ │ │ ├── test_disastig_00180.py
│ │ │ ├── test_disastig_00186.py
│ │ │ ├── test_disastig_00187.py
│ │ │ ├── test_disastig_00188.py
│ │ │ ├── test_disastig_00192.py
│ │ │ ├── test_disastig_00194.py
│ │ │ ├── test_disastig_00199.py
│ │ │ ├── test_disastig_00209.py
│ │ │ ├── test_disastig_00210.py
│ │ │ ├── test_disastig_00218.py
│ │ │ ├── test_disastig_00220.py
│ │ │ ├── test_disastig_00222.py
│ │ │ ├── test_disastig_00225.py
│ │ │ ├── test_disastig_00226.py
│ │ │ ├── test_disastig_00228.py
│ │ │ ├── test_disastig_00229.py
│ │ │ ├── test_disastig_00230.py
│ │ │ ├── test_disastig_auditd.py
│ │ │ ├── test_fedramp.py
│ │ │ ├── test_fips.py
│ │ │ └── test_stig.py
│ │ ├── test_aide.py
│ │ ├── test_capabilities.py
│ │ ├── test_firewall.py
│ │ ├── test_lsm.py
│ │ ├── test_pam.py
│ │ ├── test_password_hashes.py
│ │ ├── test_password_shadow.py
│ │ ├── test_sgx.py
│ │ ├── test_ssh.py
│ │ ├── test_su.py
│ │ ├── test_umask.py
│ │ └── test_wireguard.py
│ ├── plugins/
│ │ ├── __init__.py
│ │ ├── apt.py
│ │ ├── arch.py
│ │ ├── audit.py
│ │ ├── block_devices.py
│ │ ├── booted.py
│ │ ├── capabilities.py
│ │ ├── containerd.py
│ │ ├── dpkg.py
│ │ ├── dpkg_checksums.py
│ │ ├── efivars.py
│ │ ├── features.py
│ │ ├── file.py
│ │ ├── find.py
│ │ ├── initrd.py
│ │ ├── kernel_cmdline.py
│ │ ├── kernel_configs.py
│ │ ├── kernel_module.py
│ │ ├── kernel_versions.py
│ │ ├── linux_etc_files.py
│ │ ├── lsm.py
│ │ ├── modify.py
│ │ ├── mount.py
│ │ ├── network.py
│ │ ├── nft.py
│ │ ├── pam.py
│ │ ├── parse.py
│ │ ├── parse_file.py
│ │ ├── performance.py
│ │ ├── remounted_root.py
│ │ ├── security_id.py
│ │ ├── setting_ids.py
│ │ ├── setuid_binaries.py
│ │ ├── shell.py
│ │ ├── sshd.py
│ │ ├── sysctl.py
│ │ ├── sysdiff.py
│ │ ├── system_id_parser.py
│ │ ├── systemd.py
│ │ ├── systemd_detect_virt.py
│ │ ├── tests/
│ │ │ ├── test_file.py
│ │ │ ├── test_parse.py
│ │ │ └── test_parse_file.py
│ │ ├── timeconf.py
│ │ ├── timedatectl.py
│ │ ├── users.py
│ │ └── utils.py
│ └── util/
│ ├── build.makefile
│ ├── build_dist.sh
│ ├── build_dist_image.sh
│ ├── build_runtime.sh
│ ├── container/
│ │ ├── Containerfile
│ │ └── enter_host_ns.c
│ ├── coverage.feature.excludes
│ ├── coverage.py
│ ├── install_tofu.sh
│ ├── login_cloud.sh
│ ├── login_qemu.sh
│ ├── metadata-server.py
│ ├── python.env.sh
│ ├── requirements-dev.txt
│ ├── requirements-gh.txt
│ ├── requirements.txt
│ ├── run.sh
│ ├── run_chroot.sh
│ ├── run_cloud.sh
│ ├── run_dev_cloud.sh
│ ├── run_dev_common.sh
│ ├── run_dev_qemu.sh
│ ├── run_oci.sh
│ ├── run_qemu.sh
│ ├── sysdiff.py
│ ├── tests/
│ │ └── test_coverage.py
│ ├── tf/
│ │ ├── .terraform.lock.hcl
│ │ ├── backend.tf.github
│ │ ├── encryption.tf.github
│ │ ├── main.tf
│ │ ├── modules/
│ │ │ ├── ali/
│ │ │ │ ├── disks.tf
│ │ │ │ ├── locals.tf
│ │ │ │ ├── main.tf
│ │ │ │ ├── net.tf
│ │ │ │ ├── provider.tf
│ │ │ │ ├── variables.tf
│ │ │ │ └── vm.tf
│ │ │ ├── aws/
│ │ │ │ ├── disks.tf
│ │ │ │ ├── locals.tf
│ │ │ │ ├── net.tf
│ │ │ │ ├── provider.tf
│ │ │ │ ├── variables.tf
│ │ │ │ └── vm.tf
│ │ │ ├── azure/
│ │ │ │ ├── disks.tf
│ │ │ │ ├── locals.tf
│ │ │ │ ├── main.tf
│ │ │ │ ├── net.tf
│ │ │ │ ├── provider.tf
│ │ │ │ ├── variables.tf
│ │ │ │ └── vm.tf
│ │ │ ├── gcp/
│ │ │ │ ├── disks.tf
│ │ │ │ ├── locals.tf
│ │ │ │ ├── net.tf
│ │ │ │ ├── provider.tf
│ │ │ │ ├── variables.tf
│ │ │ │ └── vm.tf
│ │ │ ├── openstack/
│ │ │ │ ├── disks.tf
│ │ │ │ ├── locals.tf
│ │ │ │ ├── net.tf
│ │ │ │ ├── variables.tf
│ │ │ │ └── vm.tf
│ │ │ └── state_aws/
│ │ │ └── main.tf
│ │ ├── providers.tf
│ │ ├── user_data_script.sh
│ │ └── variables.tf
│ └── update_runtime.py
├── tools/
│ ├── clean_ec2_ami.py
│ ├── clean_openstack_images.py
│ ├── import-azure-machine-image.py
│ └── import-ec2-ami.py
└── unbase_oci
================================================
FILE CONTENTS
================================================
================================================
FILE: .dockerignore
================================================
/.*
================================================
FILE: .flake8
================================================
[flake8]
max-line-length = 101
select = E101,E117,E201,E202,E203,E225,E251,E3,E4,E5,E703,E9,W1,W2,W3,W6,F
ignore = E501 # max-line-length is done by black
count = True
format = pylint
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.yml
================================================
---
name: Bug Report
description: Found a bug? Let us know!
title: "[BUG] "
labels: ["kind/bug"]
type: bug
body:
- type: markdown
attributes:
value: >
**NOTE**: Please only use this form to report _reproducible bugs_ in Garden Linux.
If you have any questions or are looking for assistance,
please refer to [our documentation](https://www.gardenlinux.org/)
- type: input
attributes:
label: Garden Linux Version
description: >
Which version of Garden Linux are you running?
placeholder: 2150.1.0
validations:
required: true
- type: input
attributes:
label: Used Flavor
description: >
Which Flavor or Feature Set does your image use?
validations:
required: false
- type: dropdown
attributes:
label: Deployment Type
description: How are you running Garden Linux?
multiple: false
options:
- Bare Metal
- KVM/LIMA
- AWS
- Google Cloud
- Microsoft Azure Cloud
- OpenStack
validations:
required: true
- type: textarea
attributes:
label: Bug Description
description: >
Please describe in detail what issue you face.
validations:
required: true
- type: textarea
attributes:
label: Steps to Reproduce
description: >
Please provide us with a step-by-step breakdown of the last thing
you did before encountering this issue.
This helps us reproducing the potential bug.
validations:
required: true
- type: upload
id: screenshots
attributes:
label: Upload Screenshots
description: If applicable, add screenshots to help explain your problem.
validations:
required: false
- type: upload
id: logs
attributes:
label: Upload Logs
description: >
If applicable, add any log files of your installation to help us trace the issue.
Helpful logs include:
- Any logs of the build system when building your own image (can be found in <repo>/.build/)
_Hint_: You might want to set the `set -x` flag in your invoked bash script for this.
- The output of logging daemons like journalctl or dmesg on the running system
- Any logs your virtualization or container engine or cloud host might produce
validations:
required: false
- type: checkboxes
id: terms
attributes:
label: Code of Conduct
description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/gardenlinux/gardenlinux?tab=coc-ov-file#sap-open-source-code-of-conduct).
options:
- label: I confirm that I read and agree to this project's Code of Conduct.
validations:
required: true
================================================
FILE: .github/ISSUE_TEMPLATE/enhancement_request.yml
================================================
---
name: Enhancement Request
description: Suggest an Enhancement to Garden Linux.
title: "[ER] "
labels: ["kind/enhancement"]
body:
- type: markdown
attributes:
value: >
You would like to improve something? Let us know!
- type: input
attributes:
label: Garden Linux Version
description: What version of garden linux are you working with?
placeholder: 2150.1.0
validations:
required: true
- type: dropdown
attributes:
label: Enhancement Type
multiple: true
options:
- New Feature
- Change of Process
- Documentation Improvement
- Accessibility Improvement
- Maintenance Improvement
- Other / Not listed
validations:
required: true
- type: textarea
attributes:
label: Proposal
description: >
Describe your idea in detail. Please include any specific requirements
for your plan to work and teh supposed benefit your improvement will bring.
validations:
required: true
- type: textarea
attributes:
label: Motivation for Improvement
description: >
What motivated you to suggest this improvement?
- type: checkboxes
id: terms
attributes:
label: Code of Conduct
description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/gardenlinux/gardenlinux?tab=coc-ov-file#sap-open-source-code-of-conduct).
options:
- label: I confirm that I read and agree to this project's Code of Conduct.
required: true
================================================
FILE: .github/dependabot.yml
================================================
# Docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
enable-beta-ecosystems: true # for opentofu-support
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
reviewers:
- "gardenlinux/garden-linux-maintainers"
- package-ecosystem: "pip"
directory: "/tests/util"
schedule:
interval: "weekly"
versioning-strategy: "increase-if-necessary"
reviewers:
- "gardenlinux/garden-linux-maintainers"
================================================
FILE: .github/labeler.yml
================================================
# GitHub Actions
github-actions:
- changed-files:
- any-glob-to-any-file: '.github/workflows/**'
# Non workflow related changes
github-settings:
- all:
- changed-files:
- any-glob-to-any-file: '.github/**'
- all-globs-to-all-files: '!.github/workflows/**'
test-env:
- changed-files:
- any-glob-to-any-file:
- 'tests/**'
- 'test'
test:
- changed-files:
- any-glob-to-any-file:
- 'features/*/test/**'
build-env:
- changed-files:
- any-glob-to-any-file:
- 'build'
- 'get_repo'
- 'get_timestamp'
- 'get_version'
- 'get_commit'
- 'bin/**'
docs:
- changed-files:
- any-glob-to-any-file:
- '*.md'
- 'docs/**'
- 'CODEOWNERS'
- 'examples/**'
features:
- changed-files:
- any-glob-to-any-file: 'features/**'
tools:
- changed-files:
- any-glob-to-any-file:
- 'hack/**'
- 'tools/**'
logo:
- changed-files:
- any-glob-to-any-file: 'logo/*'
certificates:
- changed-files:
- any-glob-to-any-file: 'cert/**'
# Explicit label to show changes on gardenlinux public repo key
repo-key:
- changed-files:
- any-glob-to-any-file: 'gardenlinux.asc'
checksums:
- changed-files:
- any-glob-to-any-file: 'checksums.sha256'
packages:
- changed-files:
- any-glob-to-any-file: 'features/**/pkg.*'
bare-container:
- changed-files:
- any-glob-to-any-file:
- 'bare_flavors/**'
- 'unbase_oci'
gcp-platform:
- changed-files:
- any-glob-to-any-file:
- 'features/gcp/**'
- 'tests/platformSetup/gcp.py'
azure-platform:
- changed-files:
- any-glob-to-any-file:
- 'features/azure/**'
- 'tests/platformSetup/azure.py'
aws-platform:
- changed-files:
- any-glob-to-any-file:
- 'features/aws/**'
- 'tests/platformSetup/aws.py'
ali-platform:
- changed-files:
- any-glob-to-any-file:
- 'features/ali/**'
- 'tests/platformSetup/ali.py'
kvm-platform:
- changed-files:
- any-glob-to-any-file:
- 'features/kvm/**'
- 'tests/platformSetup/kvm.py'
metal-platform:
- changed-files:
- any-glob-to-any-file: 'features/metal/**'
================================================
FILE: .github/pull_request_template.md
================================================
**What this PR does / why we need it**:
**Which issue(s) this PR fixes**:
Fixes #
**Definition of Done:**
- [ ] The code is sufficiently documented
- [ ] Shared the changes with the Team so everyone is aware
- [ ] The code is appropriately tested
- [ ] Checked if the code needs to be backportet to release branches of maintained versions (perform the actual backport after the merge to `main`)
**Special notes for your reviewer**:
**Release note**:
<!-- Write your release note:
1. Enter your release note in the below block.
2. If no release note is required, just write "NONE" within the block.
Format of block header: <category> <target_group>
Possible values:
- category: breaking|feature|bugfix|doc|other
- target_group: user|operator|developer|dependency
-->
```feature user
```
================================================
FILE: .github/release.yml
================================================
changelog:
exclude:
labels:
- ignore-for-release
- github-settings
authors:
- dependabot
categories:
- title: Breaking Changes ❗
labels:
- breaking-change
- title: Bug Fixes :bug:
labels:
- bug
- bug-fix
- title: Security :lock:
labels:
- security
- title: New Features :tada:
labels:
- enhancement
- features
- packages
- title: Build and Test Environment 🏗️
labels:
- test-env
- build-env
- github-actions
- title: Other
labels:
- "*"
================================================
FILE: .github/workflows/README.md
================================================
# Workflows
## Dev
Runs on `push` and `pull_request` (enabled for branches created by Garden Linux Developer)
1. Build Garden Linux Images
See [dev.yml](dev.yml) for implementation details.
## Nightly
Runs every day (enabled only for main branch):
1. Builds Garden Linux images
1. On successful build, images are uploaded to S3
See [nightly.yml](nightly.yml) for implementation details.
================================================
FILE: .github/workflows/build.yml
================================================
name: build
on:
workflow_call:
inputs:
version:
description: "Garden Linux version"
type: string
default: today
target:
type: string
default: dev
flavors_parse_params_test:
description: "Run bin/parse_flavors.py with these parameters"
default: '--exclude "bare-*" --no-arch --json-by-arch --build --test'
type: string
flavors_matrix:
description: "Already generated GitHub workflow flavors matrix"
type: string
flavors_parse_params_test_bare:
description: "Run bin/parse_flavors.py with these parameters for bare flavors"
default: '--include-only "bare-*" --no-arch --json-by-arch --build --test'
type: string
fail_fast:
description: "Cancel workflow run on first error"
type: boolean
default: false
prefix:
type: string
default: ''
secrets:
aws_region:
required: false
aws_kms_role:
required: false
aws_oidc_session:
required: false
secureboot_db_kms_arn:
required: false
outputs:
flavors_matrix:
value: ${{ jobs.flavors_matrix.outputs.matrix }}
version:
value: ${{ jobs.requirements.outputs.version }}
bare_flavors_matrix:
value: ${{ jobs.bare_flavors_matrix.outputs.matrix }}
jobs:
requirements:
name: Prepare build requirements
uses: ./.github/workflows/build_requirements.yml
with:
version: ${{ inputs.version == '' && 'now' || inputs.version }}
target: ${{ inputs.target }}
prefix: ${{ inputs.prefix }}
permissions:
actions: write # TODO: 3215 elevated permissions for included workflow
flavors_matrix:
name: Generate flavors matrix to build
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: ${{ inputs.flavors_parse_params_test }}
flavors_matrix: ${{ inputs.flavors_matrix }}
flavors:
needs: [flavors_matrix, requirements]
name: Build flavors
strategy:
matrix: ${{ fromJson(needs.flavors_matrix.outputs.matrix ) }}
fail-fast: ${{ inputs.fail_fast }}
with:
arch: ${{ matrix.arch }}
flavor: ${{ matrix.flavor }}
commit_id: ${{ needs.requirements.outputs.commit_id }}
version: ${{ needs.requirements.outputs.version }}
signing_env: ${{ needs.requirements.outputs.signing_env }}
prefix: ${{ inputs.prefix }}
uses: ./.github/workflows/build_flavor.yml
secrets: inherit
permissions:
id-token: write
actions: write
kmodbuild_container:
needs: [flavors, requirements]
name: Build kernel module build dev container
uses: ./.github/workflows/build_kmodbuild_container.yml
with:
version: ${{ needs.requirements.outputs.version }}
prefix: ${{ inputs.prefix }}
permissions:
actions: write
bare_flavors_matrix:
name: Generate bare flavors matrix to build
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: ${{ inputs.flavors_parse_params_test_bare }}
bare_flavors:
needs: [bare_flavors_matrix, requirements]
name: Build bare flavors
strategy:
matrix: ${{ fromJson(needs.bare_flavors_matrix.outputs.matrix) }}
fail-fast: ${{ inputs.fail_fast }}
with:
arch: ${{ matrix.arch }}
bare_flavor: ${{ matrix.flavor }}
commit_id: ${{ needs.requirements.outputs.commit_id }}
version: ${{ needs.requirements.outputs.version }}
prefix: ${{ inputs.prefix }}
uses: ./.github/workflows/build_bare_flavor.yml
secrets: inherit
permissions:
actions: write
test_build:
needs: requirements
name: Build and cache test distribution
uses: ./.github/workflows/build_tests.yml
with:
commit_id: ${{ needs.requirements.outputs.commit_id }}
version: ${{ needs.requirements.outputs.version }}
prefix: ${{ inputs.prefix }}
upload_flavor_version_data:
needs: [requirements, flavors]
name: Store flavor version data
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- name: Store data in JSON file
run: |
jq -r -n '{
"commit_id": "${{ needs.requirements.outputs.commit_id }}",
"version": "${{ needs.requirements.outputs.version }}",
"target": "${{ needs.requirements.outputs.target }}"
}' '.' > flavor_version_data.json
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: ${{ inputs.prefix }}flavor-version-data
path: flavor_version_data.json
if-no-files-found: error
================================================
FILE: .github/workflows/build_bare_flavor.yml
================================================
name: build_flavor
on:
workflow_call:
inputs:
arch:
type: string
default: "amd64"
bare_flavor:
type: string
required: true
commit_id:
type: string
required: true
version:
type: string
required: true
prefix:
type: string
default: ''
jobs:
build:
name: Build bare flavor ${{ inputs.bare_flavor }} (${{ inputs.arch }})
runs-on: ${{ inputs.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
defaults:
run:
shell: bash
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Set build reference
run: |
echo "${{ inputs.commit_id }}" | tee COMMIT
echo "${{ inputs.version }}" | tee VERSION
- name: Build
run: |
flavor="${{ inputs.bare_flavor }}"
bare_flavor="${flavor//bare-/}"
./build_bare_flavors "${bare_flavor}"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: ${{ inputs.prefix }}build-${{ inputs.bare_flavor }}-${{ inputs.arch }}
path: .build/bare_flavors/*.oci
include-hidden-files: true
if-no-files-found: error
- uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: |
COMMIT
VERSION
key: ${{ inputs.prefix }}build-${{ inputs.bare_flavor }}-${{ inputs.arch }}-${{ github.run_id }}
================================================
FILE: .github/workflows/build_flavor.yml
================================================
name: build_flavor
on:
workflow_call:
inputs:
arch:
type: string
default: "amd64"
flavor:
type: string
required: true
commit_id:
type: string
required: true
version:
type: string
required: true
signing_env:
type: string
default: ""
prefix:
type: string
default: ''
secrets:
secureboot_db_kms_arn:
required: false
aws_region:
required: false
aws_kms_role:
required: false
aws_oidc_session:
required: false
jobs:
build:
name: Build flavor ${{ inputs.flavor }} (${{ inputs.arch }})
runs-on: ${{ inputs.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
defaults:
run:
shell: bash
permissions:
id-token: write
actions: write
env:
CNAME: ""
USE_KMS: ${{ inputs.signing_env == '' && 'false' || 'true' }}
environment: ${{ inputs.signing_env }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set build reference
run: |
echo "${{ inputs.commit_id }}" | tee COMMIT
echo "${{ inputs.version }}" | tee VERSION
- name: Load certs artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: ${{ inputs.prefix }}certs
path: cert/
- name: Configure aws credentials for kms signing
id: aws_auth
if: ${{ env.USE_KMS == 'true' }}
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.aws_kms_role }}
role-session-name: ${{ secrets.aws_oidc_session }}
aws-region: ${{ secrets.aws_region }}
role-duration-seconds: 14400
- name: Write secureboot db arn for kms backed certificates
if: ${{ steps.aws_auth.conclusion == 'success' }}
run: echo "${{ secrets.secureboot_db_kms_arn }}" > cert/secureboot.db.arn
- name: Build
run: make ${{ inputs.flavor }}-${{ inputs.arch }}-build
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ inputs.flavor }}-${{ inputs.arch }} cname)" | tee -a "$GITHUB_ENV"
- name: Pack build artifacts for upload
run: tar -cSzvf "$CNAME.tar.gz" -C .build -T ".build/$CNAME.artifacts"
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: ${{ inputs.prefix }}build-${{ inputs.flavor }}-${{ inputs.arch }}
path: ${{ env.CNAME }}.tar.gz
if-no-files-found: error
- uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: |
COMMIT
VERSION
key: ${{ inputs.prefix }}build-${{ inputs.flavor }}-${{ inputs.arch }}-${{ github.run_id }}
================================================
FILE: .github/workflows/build_flavors_matrix.yml
================================================
on:
workflow_call:
inputs:
flags:
description: "Flags passed to bin/flavors_parse.py"
type: string
required: true
flavors_matrix:
type: string
ref:
type: string
default: ${{ github.ref }}
outputs:
matrix:
description: "Flavors matrix"
value: ${{ jobs.generate_matrix.outputs.matrix }}
jobs:
generate_matrix:
name: Build flavors matrix
runs-on: "ubuntu-24.04"
defaults:
run:
shell: bash
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.ref }}
sparse-checkout: |
flavors.yaml
sparse-checkout-cone-mode: false
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- id: matrix
name: Generate flavors matrix
run: |
MATRIX='${{ inputs.flavors_matrix }}'
if [[ $(echo "${MATRIX}" | jq -r 'type') != 'object' ]]; then
FLAVORS=$(gl-flavors-parse ${{ inputs.flags }})
MATRIX=$(jq -nc \
--argjson flavors "$(echo $FLAVORS)" \
'{
include: (
$flavors | reduce (to_entries[]) as $item ([]; . + ($item.value | map({"arch": $item.key, "flavor": .})))
)
}'
)
fi
echo "matrix=$MATRIX" | tee -a $GITHUB_OUTPUT
================================================
FILE: .github/workflows/build_kmodbuild_container.yml
================================================
name: build_kmodbuild_container
on:
workflow_call:
inputs:
version:
type: string
required: true
prefix:
type: string
default: ''
jobs:
kmodbuild_container:
name: Build kernel module build dev container (${{ matrix.arch }})
runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
defaults:
run:
shell: bash
env:
CNAME: ""
strategy:
matrix:
arch: [amd64, arm64]
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- id: build_container_cache
uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: |
COMMIT
VERSION
key: ${{ inputs.prefix }}build-container-${{ matrix.arch }}-${{ github.run_id }}
- if: ${{ steps.build_container_cache.outputs.cache-hit == 'true' }}
name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- if: ${{ steps.build_container_cache.outputs.cache-hit == 'true' }}
name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname container-${{ matrix.arch }} cname)" | tee -a "$GITHUB_ENV"
- if: ${{ steps.build_container_cache.outputs.cache-hit == 'true' }}
name: Load container build artifact (${{ matrix.arch }})
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: ${{ inputs.prefix }}build-container-${{ matrix.arch }}
- if: ${{ steps.build_container_cache.outputs.cache-hit == 'true' }}
name: Build kernel module build dev container (${{ matrix.arch }})
env:
GH_TOKEN: ${{ github.token }}
run: |
commit="$(./get_commit)"
commit_short="${commit:0:8}"
version="$(bin/garden-version "${{ inputs.version }}")"
if [ "$version" == "today" ]; then
version="$(bin/garden-version now)"
fi
mkdir ".build"
tar -C ".build/" -xzf "$CNAME.tar.gz"
rm "$CNAME.tar.gz"
base="ghcr.io/${{ github.repository }}:$version"
image="$(podman load -i .build/container-${{ matrix.arch }}-$(cat VERSION)-${commit_short}.oci | awk '{ print $NF }')"
podman tag "$image" "$base"
snapshot="$(gh api "/repos/gardenlinux/repo/contents/.container?ref=$version" | jq -r '.content' | base64 -d)"
podman login -u token -p "${GH_TOKEN}" ghcr.io
podman pull --arch ${{ matrix.arch }} "$snapshot"
podman build --arch ${{ matrix.arch }} --build-arg base="$base" --build-arg snapshot="$snapshot" -t ghcr.io/${{ github.repository }}/kmodbuild:${{ matrix.arch }}-${version} images/kmodbuild
podman save --format oci-archive ghcr.io/${{ github.repository }}/kmodbuild:${{ matrix.arch }}-${version} > kmodbuild_container_${{ matrix.arch }}.oci
- if: ${{ steps.build_container_cache.outputs.cache-hit == 'true' }}
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: ${{ inputs.prefix }}kmodbuild-container-${{ matrix.arch }}
path: kmodbuild_container_${{ matrix.arch }}.oci
if-no-files-found: error
================================================
FILE: .github/workflows/build_lima_yaml_container.yml
================================================
name: Build Lima Container
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * 0'
jobs:
lima_manifest_container:
name: Build Container for lima manifest generation
runs-on: ubuntu-latest
env:
IMAGE_NAME: gardenlinux/gardenlinux/lima
IMAGE_TAG: latest
defaults:
run:
shell: bash
permissions:
# Push container images
packages: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install qemu dependency for multi-arch build
run: |
sudo apt-get update
sudo apt-get install -y qemu-user-static podman
- name: Build and Push Image to ghcr.io
id: build_image
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ env.IMAGE_TAG }}
containerfiles: |
./Containerfile.lima-manifest
platforms: linux/amd64,linux/arm64
- name: Push image to ghcr.io
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/build_requirements.yml
================================================
name: build_requirements
on:
workflow_call:
inputs:
version:
type: string
default: today
use_glrd:
type: boolean
default: false
target:
type: string
required: true
prefix:
type: string
default: ''
outputs:
commit_id:
value: ${{ jobs.calculate_version.outputs.commit_id }}
version:
value: ${{ jobs.calculate_version.outputs.version }}
signing_env:
value: ${{ jobs.determine_environment.outputs.environment }}
target:
value: ${{ inputs.target }}
jobs:
determine_environment:
name: Determine signing environment
defaults:
run:
shell: bash
runs-on: ubuntu-24.04
outputs:
environment: ${{ steps.signing_environment.outputs.environment }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Set signing environment
id: signing_environment
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
core.setOutput("environment", gitHubLib.getGitHubSigningEnvironmentFromTarget("${{ inputs.target }}"));
calculate_version:
name: Build version
defaults:
run:
shell: bash
env:
COMMIT_ID: ''
VERSION: ''
runs-on: ubuntu-24.04
outputs:
commit_id: ${{ steps.version_reference.outputs.commit_id }}
version: ${{ steps.version_reference.outputs.version }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- if: ${{ inputs.version == '' || ! inputs.use_glrd }}
name: Prepare build reference from GitHub
id: prepare_github_reference
run: |
version="${{ inputs.version }}"
if [ -z "$version" ]; then
version="now"
fi
echo "COMMIT_ID=$(git rev-parse HEAD)" | tee -a "$GITHUB_ENV"
echo "VERSION=$(./bin/garden-version "$version")" | tee -a "$GITHUB_ENV"
- if: ${{ steps.prepare_github_reference.conclusion == 'skipped' }}
name: Prepare build reference from GLRD
run: |
version=$(./bin/garden-version "${{ inputs.version }}")
if [[ "${{ inputs.version }}" == "today" ]]; then
glrd_data="$(./bin/glrd --type major,minor,nightly,dev --output-format=json --latest)"
else
glrd_data="$(./bin/glrd --type major,minor,nightly,dev --output-format=json --version ${{ inputs.version }})"
fi
glrd_release=$(echo $glrd_data | jq -r 'first(.releases[] | select(.git != null))')
commit_id=$(echo $glrd_release | jq -r '.git.commit')
version=$(echo $glrd_release | jq -r '(.releases[0].version.major | tostring) + "." + (.releases[0].version.minor | tostring) + "." + (.releases[0].version.patch | tostring)')
echo "COMMIT_ID=${commit_id}" | tee -a "$GITHUB_ENV"
echo "VERSION=${version}" | tee -a "$GITHUB_ENV"
- name: Set build reference
id: version_reference
run: |
echo "commit_id=$COMMIT_ID" | tee -a "$GITHUB_OUTPUT"
echo "version=$VERSION" | tee -a "$GITHUB_OUTPUT"
cert:
name: Provide secure boot certificates
needs: calculate_version
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Set VERSION=${{ needs.calculate_version.outputs.version }}
run: echo "${{ needs.calculate_version.outputs.version }}" | tee VERSION
- name: Build certificates
if: ${{ inputs.target == 'dev' }}
run: ./cert/build
- name: Use kms backed certificates
if: ${{ inputs.target != 'dev' }}
run: |
touch cert/gardenlinux-${{ inputs.target }}-secureboot.db.arn
for f in secureboot.{{pk,null.pk,kek,db}.{crt,der,auth},db.arn,aws-efivars} oci-sign.crt; do
ln -sr "cert/gardenlinux-${{ inputs.target }}-$f" "cert/$f"
done
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: ${{ inputs.prefix }}certs
path: cert/*.*
if-no-files-found: error
================================================
FILE: .github/workflows/build_tests.yml
================================================
name: test_flavor
on:
workflow_call:
inputs:
commit_id:
type: string
required: true
version:
type: string
required: true
prefix:
type: string
default: ''
jobs:
test:
name: Build and cache test distribution
runs-on: "ubuntu-24.04"
timeout-minutes: 30
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Install dependencies
run: |
sudo apt-get update
sudo env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends make curl jq unzip qemu-utils
- name: Build test distribution
run: |
cd tests
make -f util/build.makefile
touch .build/.gh_artifact
- name: Upload test distribution artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: ${{ inputs.prefix }}test-distribution
path: tests/.build
include-hidden-files: true
if-no-files-found: error
retention-days: 7
test_container:
name: Build test containers
needs: test
runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
defaults:
run:
shell: bash
strategy:
matrix:
arch: [amd64, arm64]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Download test distribution artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: ${{ inputs.prefix }}test-distribution
path: .build
- name: Set distribution version reference
run: |
echo "${{ inputs.commit_id }}" | tee COMMIT
echo "${{ inputs.version }}" | tee VERSION
- name: Build tests container (${{ matrix.arch }})
run: |
set -euo pipefail
arch="${{ matrix.arch }}"
echo "Building tests for arch=$arch"
repo="ghcr.io/${{ github.repository_owner }}/test"
version="$(cat VERSION)"
podman build --arch ${arch} --build-context dist_ctx=.build -t ${repo}:${arch}-${version} tests/util/container
podman save --format oci-archive ${repo}:${arch}-${version} > tests_container_${arch}.oci
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: tests-container-${{ matrix.arch }}
path: tests_container_${{ matrix.arch }}.oci
if-no-files-found: error
================================================
FILE: .github/workflows/check_adr_numbering.yml
================================================
name: Check ADR Numbering
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
permissions:
contents: read
jobs:
check-adr:
runs-on: ubuntu-slim
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # pin@v6.2.0
with:
python-version: "3.14"
- name: Verify ADRs are numbered in sequence
run: |
#!/usr/bin/env python3
import re
import sys
from pathlib import Path
ADR_DIR = Path("docs/architecture/decisions")
def main() -> int:
files = sorted(p for p in ADR_DIR.glob("*.md") if p.name.lower() != "readme.md")
if not files:
print("No ADR files found.")
return 0
for idx, path in enumerate(files, start=1):
m = re.match(r"^(\d{4})-", path.name)
print(path.name)
if not m:
print(f"ERROR: filename does not start with 4 digits: {path.name}", file=sys.stderr)
return 1
num = int(m.group(1))
if num != idx:
print(
f"ERROR: numbering mismatch for {path.name}: "
f"expected {idx:04d}, found {num:04d}",
file=sys.stderr,
)
return 1
print("OK: ADR files numbered as expected.")
return 0
if __name__ == "__main__":
sys.exit(main())
shell: python
================================================
FILE: .github/workflows/cloud_test_cleanup.yml
================================================
name: Cloud Test Cleanup
on:
schedule:
- cron: "0 2 * * *" # Run daily at 2 AM UTC
# manual trigger
workflow_dispatch:
jobs:
collect_workspaces:
name: Collect Workspaces to Cleanup
runs-on: ubuntu-24.04
permissions:
id-token: write
environment: oidc_platform_tests
outputs:
matrix_test: ${{ steps.set-matrix.outputs.matrix_test }}
steps:
- id: "auth_aws"
name: "Authenticate to AWS"
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.AWS_TESTS_IAM_ROLE }}
role-session-name: ${{ secrets.AWS_TESTS_OIDC_SESSION }}
aws-region: ${{ secrets.AWS_TESTS_REGION }}
- name: Find Old OpenTofu Workspaces
id: set-matrix
run: |
# List objects older than 1 day and extract workspace names
ALL_WORKSPACES=$(aws s3api list-objects-v2 \
--bucket gardenlinux-dev-gh-actions-tfstate \
--query "Contents[?LastModified<='`date -d '1 day ago' --iso-8601=seconds`'].Key" \
--output json | jq -r '.[]' | grep "^env:/" | \
sed -E 's|env:/([^/]+)/terraform.tfstate|\1|' | grep -v ^tfstate | sort -u)
TEST_WORKSPACES=$(echo "$ALL_WORKSPACES" | grep "^test-" | jq -R -s -c 'split("\n")[:-1]')
echo "matrix_test=${TEST_WORKSPACES}" >> $GITHUB_OUTPUT
cleanup:
needs: collect_workspaces
if: ${{ needs.collect_workspaces.outputs.matrix_test != '[]' && needs.collect_workspaces.outputs.matrix_test != '' }}
name: Cleanup Test Workspaces
runs-on: ubuntu-24.04
permissions:
id-token: write
environment: oidc_platform_tests
strategy:
fail-fast: false
matrix:
workspace: ${{ fromJson(needs.collect_workspaces.outputs.matrix_test) }}
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Install dependencies
run: |
sudo apt-get update && sudo apt-get install -y retry
- name: "Authenticate to Google Cloud"
if: ${{ contains(matrix.workspace, '-gcp-') }}
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
create_credentials_file: true
cleanup_credentials: true
export_environment_variables: true
- name: Set GCP environment
if: ${{ contains(matrix.workspace, '-gcp-') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
// tf provider vars
core.exportVariable("GOOGLE_PROJECT", "${{ secrets.GCP_PROJECT }}");
core.exportVariable("GOOGLE_REGION", "${{ secrets.GCP_REGION }}");
core.exportVariable("GOOGLE_ZONE", "${{ secrets.GCP_ZONE }}");
- id: "auth_aws"
name: "Authenticate to AWS (S3 backend)"
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.AWS_TESTS_IAM_ROLE }}
role-session-name: ${{ secrets.AWS_TESTS_OIDC_SESSION }}
aws-region: ${{ secrets.aws_region }}
output-credentials: true
- name: Set AWS environment
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
// tf provider auth
core.setSecret("${{ steps.auth_aws.outputs.aws-access-key-id }}");
core.exportVariable("AWS_ACCESS_KEY_ID", "${{ steps.auth_aws.outputs.aws-access-key-id }}");
core.setSecret("${{ steps.auth_aws.outputs.aws-secret-access-key }}");
core.exportVariable("AWS_SECRET_ACCESS_KEY", "${{ steps.auth_aws.outputs.aws-secret-access-key }}");
core.setSecret("${{ steps.auth_aws.outputs.aws-session-token }}");
core.exportVariable("AWS_SESSION_TOKEN", "${{ steps.auth_aws.outputs.aws-session-token }}");
// tf provider vars
core.exportVariable("AWS_REGION", "${{ secrets.aws_region }}");
- id: "auth_azure"
if: ${{ contains(matrix.workspace, '-azure-') }}
name: "Authenticate to Azure"
uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # pin@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Set Azure environment
if: ${{ contains(matrix.workspace, '-azure-') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
// tf provider auth
core.exportVariable("ARM_USE_OIDC", "true");
core.exportVariable("AZURE_CONFIG_DIR", "$RUNNER_TEMP/azure_config_dir");
core.setSecret("${{ secrets.AZURE_CLIENT_ID }}");
core.exportVariable("ARM_CLIENT_ID", "${{ secrets.AZURE_CLIENT_ID }}");
core.setSecret("${{ secrets.AZURE_SUBSCRIPTION_ID }}");
core.exportVariable("ARM_SUBSCRIPTION_ID", "${{ secrets.AZURE_SUBSCRIPTION_ID }}");
core.setSecret("${{ secrets.AZURE_TENANT_ID }}");
core.exportVariable("ARM_TENANT_ID", "${{ secrets.AZURE_TENANT_ID }}");
- id: "auth_alicloud"
if: ${{ startsWith(inputs.flavor, 'ali-') }}
name: "Authenticate to Alicloud"
uses: aliyun/configure-aliyun-credentials-action@b347e60e64028a4d567a8f31ca42e1b0706c3c99 # v1.0.7
with:
role-to-assume: ${{ secrets.alibaba_cloud_role_arn }}
oidc-provider-arn: ${{ secrets.alibaba_cloud_oidc_provider_arn }}
role-session-expiration: 21600
- name: "Set Alicloud platform-test environment"
if: ${{ startsWith(inputs.flavor, 'ali-') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
// tf provider vars
core.exportVariable("ALIBABA_CLOUD_REGION", "${{ secrets.alibaba_cloud_region }}");
- name: Set additional OpenTofu variables
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const tfEncryption = Buffer.from("${{ secrets.TF_ENCRYPTION }}", 'base64').toString('utf-8');
core.setSecret(tfEncryption);
core.exportVariable("TF_ENCRYPTION", tfEncryption);
core.exportVariable("WORKSPACE", "${{ matrix.workspace }}");
const workspace = "${{ matrix.workspace }}";
// Extract the image name by removing test prefix and run info
// Workspace format: test-[run_id]-[run_number]-[cloud]-[flavor]...
// Remove test- and run ID/number to get: [cloud]-[flavor]-[version]-...-[seed]
let imageName = workspace.replace(/^test-\d+-\d+-/, "");
core.exportVariable("IMAGE_NAME", imageName);
// Extract cloud provider from image name (first component)
const cloud = imageName.split('-')[0];
core.exportVariable("CLOUD", cloud);
- name: Destroy OpenTofu Resources and delete workspaces
run: |
echo "Processing workspace: ${WORKSPACE}"
echo "Processing cloud: ${CLOUD}"
cd tests/util/tf
export TOFUENV_GITHUB_TOKEN="${GITHUB_TOKEN:-}"
source ../install_tofu.sh
install_tofu "$PWD"
# ssh key generation (if missing)
test -f ~/.ssh/id_ed25519 || ssh-keygen -t ed25519 -P "" -f ~/.ssh/id_ed25519
# secureboot certificate files
mkdir -p cert
touch cert/secureboot.db.crt cert/secureboot.pk.der cert/secureboot.db.der cert/secureboot.kek.der cert/secureboot.aws-efivars
# Create minimal tfvars
cat > empty.tfvars <<EOF
root_disk_path = "empty.raw"
test_disk_path = "empty.raw"
user_data_script_path = "empty.sh"
existing_root_disk = ""
cloud_provider = "${CLOUD}"
image_requirements = {
arch = "amd64"
uefi = false
secureboot = false
tpm2 = false
}
EOF
# Create non-empty placeholder artifacts required by tofu destroy
cp empty.tfvars empty.raw
cp empty.tfvars empty.sh
# Enable remote state S3 backend and init
if [ ! -f backend.tf ]; then
cp backend.tf.github backend.tf
fi
tofu init -input=false -reconfigure -var-file empty.tfvars
if ! tofu workspace select "${WORKSPACE}"; then
echo "Failed to select workspace ${WORKSPACE}, skipping..."
exit 0
fi
tofu destroy -var-file empty.tfvars -auto-approve || true
tofu workspace select default
tofu workspace delete "${WORKSPACE}" || true
cleanup_retry:
needs: cleanup
if: ${{ failure() && needs.cleanup.result == 'failure' }}
name: "Retry checkpoint: Cleanup"
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed cleanup
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const gitHubRef = "${{ github.head_ref == '' && github.ref_name || github.head_ref }}";
return await gitHubLib.dispatchRetryWorkflow(core, github.rest.actions, context, gitHubRef, 5);
================================================
FILE: .github/workflows/cpe.yml
================================================
name: Generate and upload CPE to a release
on:
workflow_dispatch:
inputs:
version:
description: Version
type: string
required: true
jobs:
build-and-upload:
runs-on: ubuntu-24.04
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Build local container
run: podman pull ghcr.io/gardenlinux/cpe:latest
- name: Generate CPE
run: podman run -i ghcr.io/gardenlinux/cpe:latest -p "${{ inputs.version }}" | tail -n1 > gardenlinux-cpe.json
- name: Upload asset to release
uses: softprops/action-gh-release@v2
with:
tag_name: "${{ inputs.version }}"
files: gardenlinux-cpe.json
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/dev.yml
================================================
name: dev
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-dev
cancel-in-progress: true
on:
push:
branches:
- main
paths-ignore:
- "docs/**"
- "**/README.md"
pull_request:
paths-ignore:
- 'docs/**'
- '**/README.md'
jobs:
set_version:
name: Set VERSION
runs-on: ubuntu-24.04
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Use VERSION file to support dev build on rel-branch
id: version
run: echo "version=$(cat VERSION)" >> $GITHUB_OUTPUT
build:
needs: set_version
name: Build
uses: ./.github/workflows/build.yml
with:
version: ${{ needs.set_version.outputs.version }}
fail_fast: false
permissions:
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
packages: write # TODO: 3215 elevated permissions for included workflow
test:
needs: build
if: ${{ success() || failure() }}
name: Test
uses: ./.github/workflows/tests.yml
with:
flavors_matrix: ${{ needs.build.outputs.flavors_matrix }}
bare_flavors_matrix: ${{ needs.build.outputs.bare_flavors_matrix }}
test_types: "chroot,qemu,oci,bare"
permissions:
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
checks: write # Required for test_report job to write workflow summary
================================================
FILE: .github/workflows/dev_tests.yml
================================================
name: dev - test framework
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-dev-tests
cancel-in-progress: true
on:
push:
branches:
- main
- rel-*
pull_request:
branches:
- main
- rel-*
jobs:
black:
name: Black (formatting)
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # pin@v6.2.0
with:
python-version: "3.13"
- name: Run black (diff check)
run: make -f tests/dev.makefile lint-black
isort:
name: isort (import sorting)
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # pin@v6.2.0
with:
python-version: "3.13"
- name: Run isort
run: make -f tests/dev.makefile lint-isort
pyright:
name: Pyright (type checking)
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # pin@v6.2.0
with:
python-version: "3.13"
- name: Run pyright
run: make -f tests/dev.makefile lint-pyright
coverage:
name: Coverage (feature/test coverage reporting)
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # pin@v6.2.0
with:
python-version: "3.13"
- name: Run coverage
run: make -f tests/dev.makefile coverage || true
- name: Generate Coverage Report
uses: gardenlinux/pytest-multi-results-action@8fc9cd734e3bfac0057ca43d70cd561b5f4d52bb
if: always()
with:
files: |
tests/coverage_report.xml
title: "Garden Linux Feature/Test Coverage Report"
summary: false
result-types: "passed,failed"
fail-on-empty: true
- name: Upload report artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
if: always()
with:
name: coverage-report
path: |
tests/coverage_report.xml
tests/coverage_report.json
retention-days: 30
test-plugins:
name: Test plugins
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.13"
- name: Run test-plugins
run: make -f tests/dev.makefile test-plugins
test-utils:
name: Test utils
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.13"
- name: Run test-utils
run: make -f tests/dev.makefile test-utils
================================================
FILE: .github/workflows/differential-shellcheck.yml
================================================
name: Differential ShellCheck
on:
push:
branches:
- main
- rel-*
pull_request:
branches:
- main
- rel-*
jobs:
lint:
runs-on: ubuntu-24.04
permissions:
# required for all workflows
security-events: write
steps:
- name: Repository checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- id: ShellCheck
name: Differential ShellCheck
uses: redhat-plumbers-in-action/differential-shellcheck@d965e66ec0b3b2f821f75c8eff9b12442d9a7d1e # pin@aa647ec4466543e8555c2c3b648124a9813cee44
with:
token: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/download_flavor_version_data.yml
================================================
name: download_flavor_version_data
on:
workflow_call:
inputs:
run_id:
type: string
required: true
outputs:
run_id:
value: ${{ inputs.run_id }}
commit_id:
value: ${{ jobs.flavor_version_data.outputs.commit_id }}
version:
value: ${{ jobs.flavor_version_data.outputs.version }}
jobs:
flavor_version_data:
name: Download flavor version data from trigger (${{ inputs.run_id }})
runs-on: ubuntu-24.04
outputs:
commit_id: ${{ steps.data.outputs.commit_id }}
version: ${{ steps.data.outputs.version }}
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: flavor-version-data
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- name: Set flavor version data
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
id: data
with:
script: |
const fs = await import("fs");
fs.accessSync("flavor_version_data.json", (fs.constants.F_OK | fs.constants.R_OK));
flavorVersionData = JSON.parse(fs.readFileSync("flavor_version_data.json"));
core.setOutput("commit_id", flavorVersionData.commit_id);
core.setOutput("version", flavorVersionData.version);
return true;
================================================
FILE: .github/workflows/download_flavors_images.yml
================================================
name: download_flavor_images
on:
workflow_call:
inputs:
commit_id:
type: string
required: true
version:
type: string
required: true
flavors_matrix:
type: string
required: true
secrets:
aws_role:
required: true
aws_session:
required: true
aws_region:
required: true
aws_s3_bucket:
required: true
jobs:
images:
name: Provide image ${{ matrix.flavor }} (${{ matrix.arch }})
if: ${{ inputs.flavors_matrix != '{"include":[]}' }}
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
permissions:
id-token: write
actions: write
# @TODO: We could use a better name for the required environment
environment: oidc_platform_tests
env:
CNAME: ""
strategy:
matrix: ${{ fromJSON(inputs.flavors_matrix) }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set image reference for S3
run: |
echo "${{ inputs.commit_id }}" | tee COMMIT
echo "${{ inputs.version }}" | tee VERSION
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ matrix.flavor }}-${{ matrix.arch }} cname)" | tee -a "$GITHUB_ENV"
- name: "Authenticate to AWS"
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.aws_role }}
role-session-name: ${{ secrets.aws_session }}
aws-region: ${{ secrets.aws_region }}
- name: Prepare image from S3
run: |
mkdir "$CNAME"
gl-s3 --bucket ${{ secrets.aws_s3_bucket }} --path "$CNAME" download-artifacts-from-bucket --cname "$CNAME"
tar -cSzvf "$CNAME.tar.gz" -C "$CNAME/" .
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: build-${{ matrix.flavor }}-${{ matrix.arch }}
path: ${{ env.CNAME }}.tar.gz
if-no-files-found: error
- uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: |
COMMIT
VERSION
key: build-${{ matrix.flavor }}-${{ matrix.arch }}-${{ github.run_id }}
================================================
FILE: .github/workflows/download_workflow_data.yml
================================================
name: download_workflow_data
on:
workflow_call:
inputs:
run_id:
type: string
required: true
outputs:
run_id:
value: ${{ inputs.run_id }}
commit_id:
value: ${{ jobs.workflow_data.outputs.commit_id }}
version:
value: ${{ jobs.workflow_data.outputs.version }}
flavors_matrix:
value: ${{ jobs.workflow_data.outputs.flavors_matrix }}
bare_flavors_matrix:
value: ${{ jobs.workflow_data.outputs.bare_flavors_matrix }}
original_workflow_name:
value: ${{ jobs.workflow_data.outputs.original_workflow_name }}
target:
value: ${{ jobs.workflow_data.outputs.target }}
jobs:
workflow_data:
name: Download workflow JSON data from trigger (${{ inputs.run_id }})
runs-on: ubuntu-24.04
outputs:
commit_id: ${{ steps.data.outputs.commit_id }}
version: ${{ steps.data.outputs.version }}
flavors_matrix: ${{ steps.data.outputs.flavors_matrix }}
bare_flavors_matrix: ${{ steps.data.outputs.bare_flavors_matrix }}
original_workflow_name: ${{ steps.data.outputs.original_workflow_name }}
target: ${{ steps.data.outputs.target }}
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: flavor-version-data
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: workflow-data
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- name: Set referenced workflow data
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
id: data
with:
script: |
const fs = await import("fs");
fs.accessSync("workflow_data.json", (fs.constants.F_OK | fs.constants.R_OK));
workflowData = JSON.parse(fs.readFileSync("workflow_data.json"));
if ("${{ inputs.run_id }}" != workflowData.id) {
core.setFailed("Failed validating workflow_run.id");
return false;
}
fs.accessSync("flavor_version_data.json", (fs.constants.F_OK | fs.constants.R_OK));
flavorVersionData = JSON.parse(fs.readFileSync("flavor_version_data.json"));
core.setOutput("commit_id", flavorVersionData.commit_id);
core.setOutput("version", flavorVersionData.version);
core.setOutput("flavors_matrix", workflowData.flavors_matrix);
core.setOutput("bare_flavors_matrix", workflowData.bare_flavors_matrix);
core.setOutput("original_workflow_name", workflowData.original_workflow_name);
core.setOutput("target", flavorVersionData.target);
return true;
================================================
FILE: .github/workflows/format_diff.py
================================================
#!/usr/bin/env python3
import os
import sys
import yaml
import json
# This script takes the differ_files results from the reproducibility check and generates a Result.md
# The differ_files contain paths of files which were different when building the flavor two times
flavors = os.listdir("diffs")
all = set()
successful = []
whitelist = []
failed = {} # {flavor: [files...]}
flavors_matrix = json.loads(sys.argv[1])
bare_flavors_matrix = json.loads(sys.argv[2])
expected_falvors = set([f'{variant["flavor"]}-{variant["arch"]}' for variant in (flavors_matrix["include"] + bare_flavors_matrix["include"])])
for flavor in flavors:
if flavor.endswith("-diff"):
with open(f"diffs/{flavor}", "r") as f:
content = f.read()
all.add(flavor[:-5])
if content == "\n":
successful.append(flavor[:-5])
elif content == "whitelist\n":
successful.append(flavor[:-5])
whitelist.append(flavor[:-5])
else:
failed[flavor[:-5]] = content.split("\n")[:-1]
missing_flavors = expected_falvors - all
unexpected_falvors = all - expected_falvors
# Map files to flavors
affected = {} # {file: {flavors...}}
for flavor in failed:
for file in failed[flavor]:
if file not in affected:
affected[file] = set()
affected[file].add(flavor)
# Merge files affected by the same flavors by mapping flavor sets to files
bundled = {} # {{flavors...}: {files...}}
for file in affected:
if frozenset(affected[file]) not in bundled:
bundled[frozenset(affected[file])] = set()
bundled[frozenset(affected[file])].add(file)
## Analyze the origin of the file change by intersecting the features of the affected flavors
# Helper for build_feature_tree() to recursively build the tree
def dependencies(feature, excludes):
if not os.path.isfile(f"features/{feature}/info.yaml"):
return {}, excludes
with open(f"features/{feature}/info.yaml") as f:
data = yaml.safe_load(f)
includes = {}
if "features" in data and "include" in data["features"]:
for include in data["features"]["include"]:
if include not in excludes:
excludes.add(include)
deps, ex = dependencies(include, excludes)
includes[include] = deps
excludes.update(ex)
return includes, excludes
# Returns a hierarchical order and a flat set
def buildFeatureTree(flavor):
separated = flavor.split("-")
if len(separated) == 2:
parsed_features = [feature if i == 0 else "_" + feature for i, feature in enumerate(separated[0].split("_"))]
elif len(separated) == 3:
parsed_features = [feature if i == 0 else "_" + feature for i, feature in enumerate(separated[1].split("_"))]
parsed_features.insert(0, separated[0])
else:
return {}, set()
features = {}
excludes = set()
for feature in parsed_features:
if feature not in excludes:
excludes.add(feature)
deps, ex = dependencies(feature, excludes)
features[feature] = deps
excludes.update(ex)
return features, excludes
# Filter a tree to only contain the features from the intersect set
def intersectionTree(tree, intersect):
for feature in tree:
subtree = intersectionTree(tree[feature], intersect)
if feature not in intersect:
del tree[feature]
return intersectionTree(tree | subtree, intersect)
else:
tree[feature] = subtree
return tree
# Format a tree for string outputs
def treeStr(tree):
s = ""
for feature in tree:
if tree[feature] == {}:
s += f"{feature}\n"
else:
s += f"{feature}:\n"
s += " " + treeStr(tree[feature]).replace("\n", "\n ") + "\n"
# Remove last linebreak as the last line can contain spaces
return "\n".join(s.split("\n")[:-1])
trees = {} # {{files...}: ({flavors...}, FeatureTree)}
for flavors in bundled:
# Only keep features active in every flavor
features = set()
first = True
for flavor in flavors:
tree, flat = buildFeatureTree(flavor)
if first:
features = flat
first = False
else:
features = features.intersection(flat)
# Remove features active in unaffected flavors
unaffected = all - flavors
for flavor in unaffected:
_, flat = buildFeatureTree(flavor)
features = features - flat
# As all features must be contained in all trees, they are also in the last tree
trees[frozenset(bundled[flavors])] = (flavors, intersectionTree(tree, features))
result = """# Reproducibility Test Results
{emoji} **{successrate}%** of **{total_count}** tested flavors were reproducible.{problem_count}
## Detailed Result{explanation}
<!-- multiline -->
| Affected Files | Flavors | Features Causing the Problem |
|----------------|---------|------------------------------|
{rows}
"""
successrate = round(100 * (len(successful) / len(expected_falvors)), 1)
emoji = "✅" if len(expected_falvors) == len(successful) else ("⚠️" if successrate >= 50.0 else "❌")
total_count = len(expected_falvors)
problem_count = "" if len(trees) == 0 else ("\n**1** Problem detected." if len(trees) == 1 else f"\n**{len(trees)}** Problems detected.")
explanation = ""
if os.path.isfile("nightly_stats"):
with open("nightly_stats", "r") as f:
nightlys = f.read().replace("\n", "").split(";")
nightlys[0] = nightlys[0].split(",")
nightlys[1] = nightlys[1].split(",")
if nightlys[0][0] != "":
explanation += f"\n\nComparison of nightly **[#{nightlys[0][0]}](https://github.com/gardenlinux/gardenlinux/actions/runs/{nightlys[0][1]})** \
and **[#{nightlys[1][0]}](https://github.com/gardenlinux/gardenlinux/actions/runs/{nightlys[1][1]})**"
if nightlys[0][2] != nightlys[1][2]:
explanation += f"\n\n⚠️ The nightlys used different commits: `{nightlys[0][2][:7]}` (#{nightlys[0][0]}) != `{nightlys[1][2][:7]}` (#{nightlys[1][0]})"
if nightlys[0][0] == nightlys[1][0]:
explanation += f"\n\n⚠️ Comparing the nightly **[#{nightlys[0][0]}](https://github.com/gardenlinux/gardenlinux/actions/runs/{nightlys[0][1]})** to itself can not reveal any issues"
else:
explanation += f"\n\nComparison of the latest nightly **[#{nightlys[1][0]}](https://github.com/gardenlinux/gardenlinux/actions/runs/{nightlys[1][1]})** \
with a new build"
if nightlys[0][2] != nightlys[1][2]:
explanation += f"\n\n⚠️ The build used different commits: `{nightlys[1][2][:7]}` (#{nightlys[1][0]}) != `{nightlys[0][2][:7]}` (new build)"
if len(whitelist) > 0:
explanation += "\n\n<details><summary>📃 These flavors only passed due to the nightly whitelist</summary><pre>" + "<br>".join(sorted(whitelist)) + "</pre></details>"
if len(unexpected_falvors) > 0:
# This should never happen, but print a warning if it somehow does
explanation += "\n\n<details><summary>⁉️ These flavors were not expected to appear in the results, please check for errors in the workflow\
</summary><pre>" + "<br>".join(sorted(unexpected_falvors)) + "</pre></details>"
explanation += "" if len(expected_falvors) == len(successful) else "\n\n*The mentioned features are included in every affected flavor and not included in every unaffected flavor.*"
rows = ""
def dropdown(items):
if len(items) <= 10:
return "<br>".join([f"`{item}`" for item in sorted(items)])
else:
for first in sorted(items):
return f"<details><summary>{first}...</summary>" + "<br>".join([f"`{item}`" for item in sorted(items)]) + "</details>"
if len(missing_flavors) > 0:
row = "|❌ Workflow run did not produce any results|"
row += f"**{round(100 * (len(missing_flavors) / len(expected_falvors)), 1)}%** affected<br>"
row += dropdown(missing_flavors)
row += "|No analysis available|\n"
rows += row
for files in trees:
flavors, tree = trees[files]
row = "|"
row += dropdown(files)
row += "|"
row += f"**{round(100 * (len(flavors) / len(expected_falvors)), 1)}%** affected<br>"
row += dropdown(flavors)
row += "|"
if tree == {}:
row += "No analysis available"
else:
row += "<pre>" + treeStr(tree).replace("\n", "<br>") + "</pre>"
row += "|\n"
rows += row
if len(successful) > 0:
# Success row
row = "|"
row += "✅ No problems found"
row += "|"
row += f"**{round(100 * (len(successful) / len(expected_falvors)), 1)}%**<br>"
row += dropdown(successful)
row += "|"
row += "-"
row += "|\n"
rows += row
if len(successful) != len(expected_falvors):
rows += "\n*To add affected files to the whitelist, edit the `whitelist` variable in `.github/workflows/generate_diff.sh`*"
with open("Result.md", "w") as f:
f.write(result.format(emoji=emoji, successrate=successrate, total_count=total_count,
problem_count=problem_count, explanation=explanation, rows=rows))
================================================
FILE: .github/workflows/generate_diff.sh
================================================
#!/usr/bin/env bash
set -euo pipefail
whitelist=()
nightly_whitelist=("etc/apt/sources\.list\.d/gardenlinux\.sources"
"etc/os-release"
"etc/shadow"
"etc/update-motd\.d/05-logo"
"var/lib/apt/lists/packages\.gardenlinux\.io_gardenlinux_dists_[0-9]*\.[0-9]*\.[0-9]*_.*"
"var/lib/apt/lists/packages\.gardenlinux\.io_gardenlinux_dists_[0-9]*\.[0-9]*\.[0-9]*_main_binary-(arm64|amd64)_Packages"
"efi/loader/entries/Default-[0-9]*\.[0-9]*\.[0-9]*-(cloud-)?(arm64|amd64)\.conf"
"efi/Default/[0-9]*\.[0-9]*\.[0-9]*-(cloud-)?(arm64|amd64)/initrd"
"boot/initrd\.img-[0-9]*\.[0-9]*\.[0-9]*-(cloud-)?(arm64|amd64)")
nightly=false
oci=false
while [ $# -gt 0 ]; do
case "$1" in
--oci)
oci=true
shift
;;
--nightly)
nightly=true
shift
;;
*)
break
;;
esac
done
if $oci; then
basefile_a="${1/bare-/}.oci"
basefile_b="${1/bare-/}.oci"
unpacked_a="$2"
unpacked_b="$3"
depth=$4
else
basefile_a="$2.tar"
basefile_b="$3.tar"
unpacked_a="./A/unpacked"
unpacked_b="./B/unpacked"
depth="3"
fi
if $nightly; then
whitelist=("${whitelist[@]}" "${nightly_whitelist[@]}")
fi
sedcommands=()
if [ ! ${#whitelist[@]} -eq 0 ]; then
sedcommands+=("sed")
sedcommands+=("-E")
else
sedcommands+=("cat")
fi
for file in "${whitelist[@]}"; do
sedcommands+=("-e")
sedcommands+=("\;$file;d")
done
if ! cmp "A/$basefile_a" "B/$basefile_b" > /dev/null; then
# Difference detected
files=$(diff -qrN "$unpacked_a" "$unpacked_b" 2> /dev/null \
| grep differ \
| perl -0777 -pe "s/(?:[^\/\n]*\/){$depth}([^\s]*)[^\n]*/\/\1/g" || true)
filtered_files=$(echo "$files" | "${sedcommands[@]}")
if [[ $files != '' && $filtered_files = '' ]]; then
# All differences are whitelisted
echo "whitelist" > "$1-diff"
exit 0
fi
echo "$filtered_files" > "$1-diff"
[[ $filtered_files = '' ]]
exit $?
else
# Builds are the same
echo "" > "$1-diff"
exit 0
fi
================================================
FILE: .github/workflows/get_workflow_infos.yml
================================================
name: Get workflow infos by run number
on:
workflow_call:
inputs:
workflow_name:
type: string
required: true
run_number:
type: string
required: true
outputs:
id:
description: "The workflow id"
value: ${{ jobs.parse_infos.outputs.id }}
commit:
description: "The workflow head commit"
value: ${{ jobs.parse_infos.outputs.commit }}
run_number:
description: "The workflow run number"
value: ${{ jobs.parse_infos.outputs.run_number }}
jobs:
parse_infos:
runs-on: ubuntu-latest
permissions:
actions: read
outputs:
id: ${{ steps.api_fetch.outputs.id }}
commit: ${{ steps.api_fetch.outputs.commit }}
run_number: ${{ steps.api_fetch.outputs.run_number }}
steps:
- name: Filter workflow runs
id: api_fetch
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
i=1
run_number=$(echo "${{ inputs.run_number }}" | sed -E "s/^#//")
if [ "$run_number" = "latest" ];then
search="${{ inputs.workflow_name }},"
else
search="${{ inputs.workflow_name }},$run_number"
fi
while ! result=$(gh api "/repos/gardenlinux/gardenlinux/actions/runs?page=$i" \
| jq -r '.workflow_runs .[] | [.name, .run_number, .id, .head_commit.id] | join(",")' \
| grep "$search"); do
i=$(($i +1))
if [ "$i" = 101 ]; then
# Stop search after 100 pages
exit 1
fi
done;
result=$(echo "$result" | head -n 1)
echo run_number=$(echo "$result" | cut -d "," -f 2) >> "$GITHUB_OUTPUT"
echo id=$(echo "$result" | cut -d "," -f 3) >> "$GITHUB_OUTPUT"
echo commit=$(echo "$result" | cut -d "," -f 4) >> "$GITHUB_OUTPUT"
================================================
FILE: .github/workflows/github.mjs
================================================
export async function dispatchRetryWorkflow(core, githubActions, context, refName, retries = 1) {
if (context.runAttempt >= retries) {
core.setFailed("Workflow run failed permanently");
return false;
}
if (refName == "") {
core.setFailed("Workflow run retry requested refName is invalid");
return false;
}
githubActions.createWorkflowDispatch({
owner: context.repo.owner,
repo: context.repo.repo,
workflow_id: "github_rerun_workflow.yml",
ref: refName,
inputs: {
run_id: String(context.runId),
retries: String(retries)
}
});
return true;
}
export function excludeFlavorsMatrix(matrixA, matrixB) {
matrixA = flattenFlavorsMatrixByArch(matrixA);
matrixB = flattenFlavorsMatrixByArch(matrixB);
let resultMatrix = [];
for (const arch in matrixA) {
for (const flavor of matrixA[arch]) {
if (!matrixB.hasOwnProperty(arch) || !matrixB[arch].includes(flavor)) {
resultMatrix.push({ "arch": arch, "flavor": flavor });
}
}
}
return { "include": resultMatrix };
}
export function isMatrixEmpty(matrix) {
return (!Object.keys(matrix).includes('include') || matrix['include'].length < 1);
}
export function getGHCRRepositoryFromTarget(target) {
let repository = "";
switch(target) {
case "release":
repository = "ghcr.io/gardenlinux/gardenlinux";
break;
case "nightly":
repository = "ghcr.io/gardenlinux/nightly";
break;
}
return repository;
}
export function getGitHubSigningEnvironmentFromTarget(target) {
let environment = "";
switch(target) {
case "release":
environment = "oidc_aws_kms_release";
break;
case "nightly":
environment = "oidc_aws_kms_nightly";
break;
}
return environment;
}
export function getTestEnvironmentsEnabled(commaSeparatedTestsRequested) {
const knownTests = ["chroot", "cloud", "oci", "qemu", "bare"];
const testsRequested = commaSeparatedTestsRequested.split(",");
let tests = [];
for (const test of knownTests) {
if (testsRequested.includes(test)) {
tests.push(test);
}
}
return tests;
}
export function flattenFlavorsMatrixByArch(matrix) {
let matrixByArch = {};
for (const flavor of matrix.include) {
if (!(flavor["arch"] in matrixByArch)) {
matrixByArch[flavor["arch"]] = [];
}
matrixByArch[flavor["arch"]].push(flavor["flavor"]);
}
return matrixByArch;
}
export function intersectFlavorsMatrix(matrixA, matrixB) {
matrixA = flattenFlavorsMatrixByArch(matrixA);
matrixB = flattenFlavorsMatrixByArch(matrixB);
let intersectMatrix = [];
for (const arch in matrixA) {
if (!matrixB.hasOwnProperty(arch)) {
continue;
}
for (const flavor of matrixA[arch]) {
if (matrixB[arch].includes(flavor)) {
intersectMatrix.push({ "arch": arch, "flavor": flavor });
}
}
}
return { "include": intersectMatrix };
}
export async function retryWorkflow(core, githubActions, context, runID, retries) {
if (isNaN(retries)) {
core.setFailed("Workflow run retry requested retries are invalid");
return false;
}
const workflowRun = await githubActions.getWorkflowRun({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: runID,
exclude_pull_requests: true
});
if (workflowRun.data.run_attempt >= retries) {
core.setFailed("Workflow run failed permanently");
return false;
}
await githubActions.reRunWorkflowFailedJobs({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: runID
});
return true;
}
================================================
FILE: .github/workflows/github_rerun_workflow.yml
================================================
name: Re-run workflow run
on:
# triggered manually
workflow_dispatch:
inputs:
run_id:
description: 'Workflow run ID'
type: string
required: true
retries:
description: 'Workflow run retries'
type: string
default: '1'
jobs:
trigger:
name: Retry workflow run ${{ inputs.run_id }}
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed build
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const githubEvent = ${{ toJson(github.event) }};
if (githubEvent.sender.type != "Bot") {
core.setFailed("Workflow run request is not supported for sender.type: " + githubEvent.sender.type);
return false;
}
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
return await gitHubLib.retryWorkflow(core, github.rest.actions, context, ${{ inputs.run_id }}, parseInt("${{ inputs.retries }}"));
================================================
FILE: .github/workflows/labeler.yml
================================================
name: "Pull Request Labeler"
on:
- pull_request_target
jobs:
triage:
permissions:
pull-requests: write
runs-on: ubuntu-24.04
steps:
- uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # pin@v6.0.1
with:
dot: true
================================================
FILE: .github/workflows/manual_gh_release_page.yml
================================================
name: release page
on:
workflow_dispatch:
inputs:
run_id:
description: Build workflow run ID
type: number
required: true
is_latest:
default: false
type: boolean
description: 'Tag Github release and OCI image as latest'
is_dev_release:
default: false
type: boolean
description: 'Github development release'
compatibility_flags:
description: 'Flags to activate compatibility modes'
type: string
default: ''
env:
GL_COMPATIBILITY_FLAGS: ${{ inputs.compatibility_flags }}
jobs:
workflow_data:
name: Download workflow JSON data from trigger
uses: ./.github/workflows/download_workflow_data.yml
with:
run_id: ${{ inputs.run_id }}
glrd:
needs: workflow_data
name: Create GLRD release
permissions:
id-token: write
runs-on: ubuntu-24.04
env:
COMMIT: ${{ needs.workflow_data.outputs.commit_id }}
VERSION: ${{ needs.workflow_data.outputs.version }}
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ needs.workflow_data.outputs.commit_id }}
sparse-checkout: |
flavors.yaml
sparse-checkout-cone-mode: false
- uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: ${{ secrets.AWS_OIDC_SESSION }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Create GLRD release
uses: gardenlinux/glrd@30fcac2ec9ad6cee873fcc503f0ca11022a4609e # v4.1.0
with:
cmd: |
type="${{ inputs.is_dev_release && 'dev' || 'minor' }}"
major="$(echo ${VERSION} | cut -d'.' -f1)"
minor="$(echo ${VERSION} | cut -d'.' -f2)"
if [ ${type} = "minor" ]; then
# check for major version and create if missing
if ! glrd --no-header --type major --version ${major} | grep ${major}; then
glrd-manage --s3-update --create major --version ${major}
fi
glrd-manage --s3-update --create minor --version ${VERSION} --commit ${COMMIT}
elif [ ${type} = "dev" ]; then
glrd-manage --s3-update --create dev --version ${VERSION} --commit ${COMMIT}
fi
- name: Get created GLRD release
uses: gardenlinux/glrd@30fcac2ec9ad6cee873fcc503f0ca11022a4609e # v4.1.0
with:
cmd: |
glrd --type major,minor,dev --version "$(echo ${VERSION} | cut -d'.' -f1)"
# Create new version in GLVD so it has the package list of the new release
# This is needed for the automatic changelog generation
glvd:
needs: workflow_data
if: ${{ !inputs.is_dev_release }}
name: Update GLVD distro list
runs-on: ubuntu-latest
env:
# Change this if you fork the repo
OIDC_AUDIENCE: glvd
permissions:
# This is required for requesting the JWT
id-token: write
steps:
- name: Authenticate to cluster
id: kube_auth
uses: gardener/cc-utils/.github/actions/kubernetes-auth@0c0dc641f2f7bb91345ba46d6a07779a47e43665 # 1.2755.0
with:
server: https://api.live.gl-live.shoot.live.k8s-hana.ondemand.com
server-ca-discovery-url: https://discovery.ingress.garden.live.k8s.ondemand.com/projects/gl-live/shoots/3f2715e7-dc7c-4bf1-a594-dc0d90cd0f1c/cluster-ca
audience: ${{ env.OIDC_AUDIENCE }}
- name: Start a new ingestion job in GLVD to import package list for new version
env:
KUBECONFIG: kubeconfig.yaml
run: |
kubectl run ingest-new-gl-version-$RANDOM \
--namespace glvd \
--image=ghcr.io/gardenlinux/glvd-data-ingestion:latest \
--restart=Never \
--env=PGDATABASE=glvd \
--env=PGUSER="${{ secrets.GLVD_DB_USERNAME }}" \
--env=PGHOST=glvd-database-0.glvd-database \
--env=PGPORT=5432 \
--env=PGPASSWORD="${{ secrets.GLVD_DB_PASSWORD }}" -- /usr/local/src/ingest-single-gl-release.sh "${{ needs.workflow_data.outputs.version }}"
- name: Wait for GLVD to ingest the package list of the new version
run: |
echo "Give GLVD some time to ingest the data. It is not clear how long this takes exactly, and there is no single indicator for when it was done."
sleep 180
github_release:
needs: [ glvd, workflow_data ]
if: always() && (needs.glvd.result == 'skipped' || needs.glvd.result == 'success')
name: Generate GitHub release
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
outputs:
id: ${{ steps.github_release.outputs.id }}
permissions:
id-token: write
contents: write
actions: write
environment: oidc_aws_s3_upload
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ needs.workflow_data.outputs.commit_id }}
sparse-checkout: |
flavors.yaml
sparse-checkout-cone-mode: false
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: ${{ secrets.AWS_OIDC_SESSION }}
aws-region: ${{ secrets.AWS_REGION }}
- id: github_release
name: Create GitHub release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [[ "${{ inputs.is_latest }}" == "true" ]]; then
gl-gh-release create-with-gl-release-notes --tag "${{ needs.workflow_data.outputs.version }}" --commit "${{ needs.workflow_data.outputs.commit_id }}" --latest
else
gl-gh-release create-with-gl-release-notes --tag "${{ needs.workflow_data.outputs.version }}" --commit "${{ needs.workflow_data.outputs.commit_id }}"
fi
echo "id=$(cat .github_release_id)" | tee -a $GITHUB_OUTPUT
flavors_matrix:
needs: workflow_data
name: Generate flavors matrix (marked for publishing)
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: "--exclude '*trustedboot*' --no-arch --json-by-arch --publish"
ref: ${{ needs.workflow_data.outputs.commit_id }}
github_release_artifacts_upload:
needs: [ workflow_data, github_release, flavors_matrix ]
if: always() && !(contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'failure'))
name: Upload to existing GitHub release
permissions:
contents: write
id-token: write
uses: ./.github/workflows/upload_to_github_release.yml
with:
commit_id: ${{ needs.workflow_data.outputs.commit_id }}
version: ${{ needs.workflow_data.outputs.version }}
flavors_matrix: ${{ needs.flavors_matrix.outputs.matrix }}
run_id: ${{ needs.workflow_data.outputs.run_id }}
release_id: ${{ needs.github_release.outputs.id }}
with_certs: false
compatibility_flags: ${{ inputs.compatibility_flags }}
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_role: ${{ secrets.AWS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_OIDC_SESSION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
trustedboot_flavors_matrix:
needs: workflow_data
name: Generate trustedboot flavors matrix (marked for publishing)
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: "--include-only '*trustedboot*' --no-arch --json-by-arch --publish"
ref: ${{ needs.workflow_data.outputs.commit_id }}
github_release_trustedboot_artifacts_upload:
needs: [ workflow_data, github_release, github_release_artifacts_upload, trustedboot_flavors_matrix ]
if: always() && !(contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'failure'))
name: Upload to existing GitHub release
permissions:
contents: write
id-token: write
uses: ./.github/workflows/upload_to_github_release.yml
with:
commit_id: ${{ needs.workflow_data.outputs.commit_id }}
version: ${{ needs.workflow_data.outputs.version }}
flavors_matrix: ${{ needs.trustedboot_flavors_matrix.outputs.matrix }}
run_id: ${{ needs.workflow_data.outputs.run_id }}
release_id: ${{ needs.github_release.outputs.id }}
with_certs: true
compatibility_flags: ${{ inputs.compatibility_flags }}
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_role: ${{ secrets.AWS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_OIDC_SESSION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
tag_container_as_latest:
needs: workflow_data
if: ${{ !inputs.is_dev_release }}
name: Tag containers released
uses: ./.github/workflows/tag_latest_container.yml
with:
version: ${{ needs.workflow_data.outputs.version }}
is_latest: ${{ inputs.is_latest }}
permissions:
packages: write
================================================
FILE: .github/workflows/manual_release.yml
================================================
# Build and publish
name: Build and publish a release
concurrency:
group: ${{ inputs.ignore_workflow_concurrency && github.run_id || format('{0}-{1}-manual-release', github.workflow, github.ref) }}
cancel-in-progress: true
on:
# triggered manually
workflow_dispatch:
inputs:
version:
description: "Garden Linux version"
type: string
required: true
target:
description: "Garden Linux release target"
required: true
type: choice
options:
- release
- nightly
publish:
description: "True to publish build results"
type: boolean
default: true
flavors_parse_params_test:
description: "Run bin/flavors_parse.py with these parameters"
default: '--exclude "bare-*" --no-arch --json-by-arch --build --test'
type: string
flavors_parse_params_test_bare:
description: "Run bin/parse_flavors.py with these parameters for bare flavors"
default: '--include-only "bare-*" --no-arch --json-by-arch --build --test'
type: string
test_types:
description: "Types of tests to execute (comma-separated: chroot,qemu,cloud,oci). Note: oci tests only work when build=true"
type: string
default: "chroot,qemu,cloud,oci,bare"
ignore_workflow_concurrency:
description: "Execute workflows concurrently"
type: boolean
default: false
jobs:
build:
name: Build
uses: ./.github/workflows/build.yml
permissions:
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
packages: write # TODO: 3215 elevated permissions for included workflow
with:
version: ${{ inputs.version }}
target: ${{ inputs.target }}
flavors_parse_params_test: ${{ inputs.flavors_parse_params_test }}
flavors_parse_params_test_bare: ${{ inputs.flavors_parse_params_test_bare }}
fail_fast: true
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }}
secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
build_retry:
needs: build
if: ${{ failure() && needs.build.result == 'failure' }}
name: "Retry checkpoint: Build"
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed build
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const gitHubRef = "${{ github.head_ref == '' && github.ref_name || github.head_ref }}";
return await gitHubLib.dispatchRetryWorkflow(core, github.rest.actions, context, gitHubRef, 3);
test:
needs: build
name: Test
uses: ./.github/workflows/tests.yml
with:
flavors_matrix: ${{ needs.build.outputs.flavors_matrix }}
bare_flavors_matrix: ${{ needs.build.outputs.bare_flavors_matrix }}
test_types: ${{ inputs.test_types }}
permissions:
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
checks: write # Required for test_report job to write workflow summary
secrets:
gcp_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
gcp_service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcp_project_id: ${{ secrets.GCP_PROJECT }}
gcp_region: ${{ secrets.GCP_REGION }}
gcp_zone: ${{ secrets.GCP_ZONE }}
aws_role: ${{ secrets.AWS_TESTS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_TESTS_OIDC_SESSION }}
aws_region: ${{ secrets.AWS_TESTS_REGION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
az_client_id: ${{ secrets.AZURE_CLIENT_ID }}
az_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
az_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
alibaba_cloud_role_arn: ${{ secrets.ALIBABA_CLOUD_ROLE_ARN }}
alibaba_cloud_oidc_provider_arn: ${{ secrets.ALIBABA_CLOUD_OIDC_PROVIDER_ARN }}
alibaba_cloud_region: ${{ secrets.ALIBABA_CLOUD_REGION }}
tf_encryption: ${{ secrets.TF_ENCRYPTION }}
test_retry:
needs: test
if: ${{ failure() && needs.test.result == 'failure' }}
name: "Retry checkpoint: Test"
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed test
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const gitHubRef = "${{ github.head_ref == '' && github.ref_name || github.head_ref }}";
return await gitHubLib.dispatchRetryWorkflow(core, github.rest.actions, context, gitHubRef, 5);
upload_workflow_data:
needs: [build, test]
name: Store workflow data
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- name: Store data in JSON file
run: |
jq -r --arg 'matrix' '${{ needs.build.outputs.flavors_matrix }}' --arg 'bare_matrix' '${{ needs.build.outputs.bare_flavors_matrix }}' -n '{
"id": ${{ github.run_id }},
"flavors_matrix": $matrix,
"bare_flavors_matrix": $bare_matrix,
"version": "${{ needs.build.outputs.version }}",
"original_workflow_name": "${{ github.workflow }}"
}' '.' > workflow_data.json
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: workflow-data
path: workflow_data.json
if-no-files-found: error
publish_ghcr:
needs: upload_workflow_data
if: ${{ inputs.publish }}
name: Publish release to ghcr.io
uses: gardenlinux/gardenlinux/.github/workflows/publish.yml@main
with:
run_id: ${{ github.run_id }}
permissions:
actions: write # TODO: 3215 elevated permissions for included workflow
id-token: write # TODO: 3215 elevated permissions for included workflow
packages: write # TODO: 3215 elevated permissions for included workflow
secrets: inherit
publish_s3:
needs: upload_workflow_data
if: ${{ inputs.publish }}
name: Publish release to S3
uses: gardenlinux/gardenlinux/.github/workflows/publish_s3.yml@main
with:
run_id: ${{ github.run_id }}
permissions:
actions: write # TODO: 3215 elevated permissions for included workflow
id-token: write # TODO: 3215 elevated permissions for included workflow
secrets: inherit
================================================
FILE: .github/workflows/manual_tag_latest_container.yml
================================================
name: Tag a container as latest manually
on:
workflow_dispatch:
inputs:
version:
description: 'Garden Linux version'
required: true
type: string
is_latest:
description: 'Tag as gardenlinux:latest'
default: false
type: boolean
jobs:
tag_container_as_latest:
uses: ./.github/workflows/tag_latest_container.yml
with:
version: ${{ inputs.version }}
is_latest: ${{ inputs.is_latest }}
permissions:
packages: write
================================================
FILE: .github/workflows/manual_tests.yml
================================================
# Tests artifacts
name: Execute tests
concurrency:
group: ${{ inputs.ignore_workflow_concurrency && github.run_id || format('{0}-{1}-manual-tests', github.workflow, github.ref) }}
cancel-in-progress: true
on:
# triggered manually
workflow_dispatch:
inputs:
version:
description: "Garden Linux version"
type: string
default: now
target:
description: "Garden Linux release target"
type: choice
default: dev
options:
- release
- nightly
- dev
build:
description: "Build for version specified in version input parameter instead of downloading it from S3."
type: boolean
default: false
flavors_parse_params_test:
description: "Run bin/flavors_parse.py with these parameters for tests"
default: '--exclude "bare-*" --no-arch --json-by-arch --build --test'
type: string
flavors_parse_params_test_bare:
description: "Run bin/parse_flavors.py with these parameters for bare flavors"
default: '--include-only "bare-*" --no-arch --json-by-arch --build --test'
type: string
test_types:
description: "Types of tests to execute (comma-separated: chroot,qemu,cloud,oci,bare). Note: bare tests only work when build=true"
type: string
default: "chroot,qemu,cloud,oci"
ignore_workflow_concurrency:
description: "Execute workflows concurrently"
type: boolean
default: false
jobs:
build:
name: Build
if: ${{ inputs.build == true }}
uses: ./.github/workflows/build.yml
with:
version: ${{ inputs.version }}
flavors_parse_params_test: ${{ inputs.flavors_parse_params_test }}
flavors_parse_params_test_bare: ${{ inputs.flavors_parse_params_test_bare }}
permissions:
actions: write # TODO: 3215 elevated permissions for included workflow
packages: write # TODO: 3215 elevated permissions for included workflow
id-token: write # TODO: 3215 elevated permissions for included workflow
test:
needs: build
if: ${{ success() || failure() }}
name: Test flavors built
uses: ./.github/workflows/tests.yml
with:
flavors_matrix: ${{ needs.build.outputs.flavors_matrix }}
bare_flavors_matrix: ${{ needs.build.outputs.bare_flavors_matrix }}
test_types: ${{ inputs.test_types }}
permissions:
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
checks: write # Required for test_report job to write workflow summary
secrets:
gcp_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
gcp_service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcp_project_id: ${{ secrets.GCP_PROJECT }}
gcp_region: ${{ secrets.GCP_REGION }}
gcp_zone: ${{ secrets.GCP_ZONE }}
aws_role: ${{ secrets.AWS_TESTS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_TESTS_OIDC_SESSION }}
aws_region: ${{ secrets.AWS_TESTS_REGION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
az_client_id: ${{ secrets.AZURE_CLIENT_ID }}
az_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
az_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
alibaba_cloud_role_arn: ${{ secrets.ALIBABA_CLOUD_ROLE_ARN }}
alibaba_cloud_oidc_provider_arn: ${{ secrets.ALIBABA_CLOUD_OIDC_PROVIDER_ARN }}
alibaba_cloud_region: ${{ secrets.ALIBABA_CLOUD_REGION }}
tf_encryption: ${{ secrets.TF_ENCRYPTION }}
download_build_requirements:
if: ${{ inputs.build != true }}
name: Build requirements for downloaded flavors
uses: ./.github/workflows/build_requirements.yml
with:
version: ${{ inputs.version }}
use_glrd: true
target: ${{ inputs.target }}
permissions:
actions: write # TODO: 3215 elevated permissions for included workflow
download_store_flavor_version_data:
name: Store flavor version data
needs: download_build_requirements
defaults:
run:
shell: bash
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- name: Prepare flavor version reference
run: |
jq -r -n '{ "commit_id": "${{ needs.download_build_requirements.outputs.commit_id }}", "version": "${{ needs.download_build_requirements.outputs.version }}" }' '.' > flavor_version_data.json
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: flavor-version-data
path: flavor_version_data.json
if-no-files-found: error
test_distribution_build:
needs: download_build_requirements
name: Build and cache test distribution
uses: ./.github/workflows/build_tests.yml
with:
commit_id: ${{ needs.download_build_requirements.outputs.commit_id }}
version: ${{ needs.download_build_requirements.outputs.version }}
download_test_flavors_matrix:
needs: download_build_requirements
name: Generate flavors matrix to test
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: ${{ inputs.flavors_parse_params_test }}
download_test_flavors:
needs: [download_build_requirements, download_test_flavors_matrix]
name: Download flavors to test
uses: ./.github/workflows/download_flavors_images.yml
with:
commit_id: ${{ needs.download_build_requirements.outputs.commit_id }}
version: ${{ needs.download_build_requirements.outputs.version }}
flavors_matrix: ${{ needs.download_test_flavors_matrix.outputs.matrix }}
permissions:
id-token: write
actions: write
secrets:
aws_role: ${{ secrets.AWS_TESTS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_TESTS_OIDC_SESSION }}
aws_region: ${{ secrets.AWS_TESTS_REGION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
test_download_platform_test:
needs:
[
download_build_requirements,
test_distribution_build,
download_test_flavors_matrix,
download_test_flavors,
]
name: Test flavors downloaded
uses: ./.github/workflows/tests.yml
with:
flavors_matrix: ${{ needs.download_test_flavors_matrix.outputs.matrix }}
test_types: ${{ inputs.test_types }}
bare_flavors_matrix: '{"include":[]}'
permissions:
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
checks: write # Required for test_report job to write workflow summary
secrets:
gcp_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
gcp_service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcp_project_id: ${{ secrets.GCP_PROJECT }}
gcp_region: ${{ secrets.GCP_REGION }}
gcp_zone: ${{ secrets.GCP_ZONE }}
aws_role: ${{ secrets.AWS_TESTS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_TESTS_OIDC_SESSION }}
aws_region: ${{ secrets.AWS_TESTS_REGION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
az_client_id: ${{ secrets.AZURE_CLIENT_ID }}
az_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
az_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
alibaba_cloud_role_arn: ${{ secrets.ALIBABA_CLOUD_ROLE_ARN }}
alibaba_cloud_oidc_provider_arn: ${{ secrets.ALIBABA_CLOUD_OIDC_PROVIDER_ARN }}
alibaba_cloud_region: ${{ secrets.ALIBABA_CLOUD_REGION }}
tf_encryption: ${{ secrets.TF_ENCRYPTION }}
================================================
FILE: .github/workflows/nightly.yml
================================================
name: nightly
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-nightly
cancel-in-progress: true
on:
schedule:
- cron: '0 4 * * *'
jobs:
build:
name: Build
uses: ./.github/workflows/build.yml
permissions:
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
packages: write # TODO: 3215 elevated permissions for included workflow
with:
version: now
target: nightly
fail_fast: true
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }}
secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
build_retry:
needs: build
if: ${{ failure() && needs.build.result == 'failure' }}
name: "Retry checkpoint: Build"
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed build
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const gitHubRef = "${{ github.head_ref == '' && github.ref_name || github.head_ref }}";
return await gitHubLib.dispatchRetryWorkflow(core, github.rest.actions, context, gitHubRef, 5);
test:
needs: build
name: Test
uses: ./.github/workflows/tests.yml
with:
flavors_matrix: ${{ needs.build.outputs.flavors_matrix }}
bare_flavors_matrix: ${{ needs.build.outputs.bare_flavors_matrix }}
test_types: "chroot,qemu,cloud,oci,bare"
permissions:
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
checks: write # Required for test_report job to write workflow summary
secrets:
gcp_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
gcp_service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcp_project_id: ${{ secrets.GCP_PROJECT }}
gcp_region: ${{ secrets.GCP_REGION }}
gcp_zone: ${{ secrets.GCP_ZONE }}
aws_role: ${{ secrets.AWS_TESTS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_TESTS_OIDC_SESSION }}
aws_region: ${{ secrets.AWS_TESTS_REGION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
az_client_id: ${{ secrets.AZURE_CLIENT_ID }}
az_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
az_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
alibaba_cloud_role_arn: ${{ secrets.ALIBABA_CLOUD_ROLE_ARN }}
alibaba_cloud_oidc_provider_arn: ${{ secrets.ALIBABA_CLOUD_OIDC_PROVIDER_ARN }}
alibaba_cloud_region: ${{ secrets.ALIBABA_CLOUD_REGION }}
tf_encryption: ${{ secrets.TF_ENCRYPTION }}
test_retry:
needs: test
if: ${{ failure() && needs.test.result == 'failure' }}
name: "Retry checkpoint: Test"
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed test
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const gitHubRef = "${{ github.head_ref == '' && github.ref_name || github.head_ref }}";
return await gitHubLib.dispatchRetryWorkflow(core, github.rest.actions, context, gitHubRef, 3);
upload_workflow_data:
needs: [build, test]
name: Store workflow data
runs-on: ubuntu-24.04
permissions:
packages: write
steps:
- name: Store data in JSON file
run: |
jq -r --arg 'matrix' '${{ needs.build.outputs.flavors_matrix }}' --arg 'bare_matrix' '${{ needs.build.outputs.bare_flavors_matrix }}' -n '{
"id": ${{ github.run_id }},
"flavors_matrix": $matrix,
"bare_flavors_matrix": $bare_matrix,
"version": "${{ needs.build.outputs.version }}",
"original_workflow_name": "${{ github.workflow }}"
}' '.' > workflow_data.json
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
name: workflow-data
path: workflow_data.json
if-no-files-found: error
publish_ghcr:
needs: upload_workflow_data
name: Publish nightly to ghcr.io
uses: ./.github/workflows/publish.yml
with:
run_id: ${{ github.run_id }}
permissions:
actions: write # TODO: 3215 elevated permissions for included workflow
id-token: write # TODO: 3215 elevated permissions for included workflow
packages: write # TODO: 3215 elevated permissions for included workflow
secrets: inherit
publish_s3:
needs: upload_workflow_data
name: Publish nightly to S3
uses: ./.github/workflows/publish_s3.yml
with:
run_id: ${{ github.run_id }}
permissions:
actions: write # TODO: 3215 elevated permissions for included workflow
id-token: write # TODO: 3215 elevated permissions for included workflow
secrets: inherit
================================================
FILE: .github/workflows/publish.yml
================================================
name: 'Publish to ghcr.io'
on:
workflow_dispatch:
inputs:
run_id:
description: Build workflow run ID
type: number
required: true
compatibility_flags:
description: 'Flags to activate compatibility modes'
type: string
default: ''
workflow_call:
inputs:
run_id:
# type: number is not supported (2026/03)
type: string
required: true
env:
GL_COMPATIBILITY_FLAGS: ${{ inputs.compatibility_flags }}
jobs:
workflow_data:
name: Download workflow JSON data from trigger
uses: ./.github/workflows/download_workflow_data.yml
with:
run_id: ${{ inputs.run_id }}
workflow_data_artifact:
name: Publish parent workflow-data artifact
needs: [ workflow_data ]
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: workflow-data
github-token: ${{ github.token }}
run-id: ${{ needs.workflow_data.outputs.run_id }}
- name: Upload parent workflow artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: parent-workflow-data
overwrite: true
path: workflow_data.json
publish_oci_containers:
needs: workflow_data
name: Publish container base image
uses: ./.github/workflows/publish_oci_containers.yml
# @TODO: Replace with safe OCI manifast handling variant
#strategy:
# fail-fast: false
# matrix:
# cnames: [ container-amd64, container-arm64 ]
with:
run_id: ${{ needs.workflow_data.outputs.run_id }}
commit_id: ${{ needs.workflow_data.outputs.commit_id }}
version: ${{ needs.workflow_data.outputs.version }}
target: ${{ needs.workflow_data.outputs.target }}
flavors_matrix: ${{ needs.workflow_data.outputs.flavors_matrix }}
bare_flavors_matrix: ${{ needs.workflow_data.outputs.bare_flavors_matrix }}
original_workflow_name: ${{ needs.workflow_data.outputs.original_workflow_name }}
compatibility_flags: ${{ inputs.compatibility_flags }}
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
aws_session: ${{ secrets.AWS_OIDC_SESSION }}
oci_kms_arn: ${{ secrets.OCI_KMS_ARN }}
permissions:
packages: write # TODO: 3215 elevated permissions for included workflow
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
publish_kmodbuild_container:
needs: [ workflow_data ]
name: Publish kernel module build dev container
uses: ./.github/workflows/publish_kmodbuild_container.yml
with:
run_id: ${{ needs.workflow_data.outputs.run_id }}
version: ${{ needs.workflow_data.outputs.version }}
compatibility_flags: ${{ inputs.compatibility_flags }}
permissions:
packages: write
publish_retry:
needs: [ publish_oci_containers, publish_kmodbuild_container ]
if: ${{ failure() && ( needs.publish_oci_containers.result == 'failure' || needs.publish_kmodbuild_container.result == 'failure' ) }}
name: 'Retry checkpoint: Publish to GitHub'
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed publishing
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const gitHubRef = "${{ github.head_ref == '' && github.ref_name || github.head_ref }}";
return await gitHubLib.dispatchRetryWorkflow(core, github.rest.actions, context, gitHubRef, 3);
================================================
FILE: .github/workflows/publish_kmodbuild_container.yml
================================================
# @TODO: Replace with safe OCI manifast handling variant
name: Publish container images
on:
workflow_call:
inputs:
run_id:
type: string
required: true
version:
type: string
required: true
compatibility_flags:
description: "Flags to activate compatibility modes"
type: string
default: ""
env:
GL_COMPATIBILITY_FLAGS: ${{ inputs.compatibility_flags }}
jobs:
kmodbuild_container:
name: Publish kernel module build dev container
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
env:
VERSION: ${{ inputs.version }}
permissions:
packages: write
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
pattern: kmodbuild-container-*
merge-multiple: true
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- name: Publish kernel module build dev container
run: |
for oci_archive in *.oci; do
podman load -i ${oci_archive}
rm ${oci_archive}
done
podman login -u token -p ${{ github.token }} ghcr.io
podman push ghcr.io/${{ github.repository }}/kmodbuild:amd64-$VERSION
podman push ghcr.io/${{ github.repository }}/kmodbuild:arm64-$VERSION
podman manifest create ghcr.io/${{ github.repository }}/kmodbuild:$VERSION
podman manifest add ghcr.io/${{ github.repository }}/kmodbuild:$VERSION ghcr.io/${{ github.repository }}/kmodbuild:amd64-$VERSION
podman manifest add ghcr.io/${{ github.repository }}/kmodbuild:$VERSION ghcr.io/${{ github.repository }}/kmodbuild:arm64-$VERSION
podman manifest push ghcr.io/${{ github.repository }}/kmodbuild:$VERSION
================================================
FILE: .github/workflows/publish_oci_containers.yml
================================================
# @TODO: Replace with safe OCI manifast handling variant
name: publish_oci_containers
on:
workflow_call:
inputs:
run_id:
type: string
required: true
commit_id:
type: string
required: true
version:
type: string
required: true
target:
type: string
required: true
flavors_matrix:
type: string
required: true
bare_flavors_matrix:
type: string
default: '{"include":[]}'
original_workflow_name:
type: string
default: ''
compatibility_flags:
description: 'Flags to activate compatibility modes'
type: string
default: ''
secrets:
aws_role:
required: true
aws_session:
required: true
aws_region:
required: true
oci_kms_arn:
required: true
env:
GL_COMPATIBILITY_FLAGS: ${{ inputs.compatibility_flags }}
jobs:
determine_environment:
name: Determine release environment and repository for ${{ inputs.target }}
runs-on: ubuntu-latest
outputs:
environment: ${{ steps.set_values.outputs.environment }}
repository: ${{ steps.set_values.outputs.repository }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: main
sparse-checkout: |
.github/**
sparse-checkout-cone-mode: false
- name: Set environment and repository
id: set_values
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
core.setOutput("environment", gitHubLib.getGitHubSigningEnvironmentFromTarget("${{ inputs.target }}"));
const repository = gitHubLib.getGHCRRepositoryFromTarget("${{ inputs.target }}");
if (repository == "") {
core.setFailed("Invalid release target ${{ inputs.target }}");
return false;
}
core.setOutput("repository", repository);
return true;
container:
needs: determine_environment
name: Publish container images
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
env:
CNAME_AMD64: ""
CNAME_ARM64: ""
permissions:
packages: write
strategy:
matrix:
include:
- flavor: "container"
subpath: ""
- flavor: "container-pythonDev"
subpath: "/container-python-dev"
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.commit_id }}
submodules: true
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set container version reference
run: |
echo "${{ inputs.commit_id }}" | tee COMMIT
echo "${{ inputs.version }}" | tee VERSION
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ matrix.flavor }}-amd64
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ matrix.flavor }}-arm64
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- name: Set CNAMEs
run: |
echo "CNAME_AMD64=$(gl-features-parse --cname ${{ matrix.flavor }} --arch amd64 --version ${{ inputs.version }} --commit ${{ inputs.commit_id }} cname)" | tee -a "$GITHUB_ENV"
echo "CNAME_ARM64=$(gl-features-parse --cname ${{ matrix.flavor }} --arch arm64 --version ${{ inputs.version }} --commit ${{ inputs.commit_id }} cname)" | tee -a "$GITHUB_ENV"
- name: Publish container images
run: |
if [ "${{ inputs.target }}" = "nightly" ]; then
is_nightly=true
else
is_nightly=false
fi
version="$(cat VERSION)"
podman login -u token -p ${{ github.token }} ghcr.io
tar xzv < "${CNAME_AMD64}.tar.gz"
image="$(podman load < ${CNAME_AMD64}.oci | awk '{ print $NF }')"
# Tagging for amd64 nightly
if [ $is_nightly = true ]; then
podman tag "$image" ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:amd64-nightly
podman push ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:amd64-nightly
fi
# Tagging for amd64 with version
podman tag "$image" ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:amd64-${version}
podman push ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:amd64-${version}
tar xzv < "${CNAME_ARM64}.tar.gz"
image="$(podman load < ${CNAME_ARM64}.oci | awk '{ print $NF }')"
# Tagging for arm64 nightly
if [ $is_nightly = true ]; then
podman tag "$image" ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:arm64-nightly
podman push ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:arm64-nightly
fi
# Tagging for arm64 with version
podman tag "$image" ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:arm64-${version}
podman push ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:arm64-${version}
# Creating and pushing manifest for nightly
if [ $is_nightly = true ]; then
podman manifest create ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:nightly
podman manifest add ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:nightly ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:amd64-nightly
podman manifest add ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:nightly ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:arm64-nightly
podman manifest push ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:nightly
fi
# Creating and pushing manifest for version tag
podman manifest create ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:${version}
podman manifest add ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:${version} ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:amd64-${version}
podman manifest add ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:${version} ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:arm64-${version}
podman manifest push ${{ needs.determine_environment.outputs.repository }}${{ matrix.subpath }}:${version}
bare_flavors:
needs: determine_environment
name: Publish bare flavors
if: ${{ inputs.bare_flavors_matrix != '{"include":[]}' }}
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
strategy:
fail-fast: false
matrix:
# @TODO: Replace with input matrix once OCI manifest tooling is ready to update existing ones
config: [libc, python, nodejs, sapmachine]
permissions:
packages: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.commit_id }}
sparse-checkout: |
bin/**
sparse-checkout-cone-mode: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
pattern: build-bare-${{ matrix.config }}-*
merge-multiple: true
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- name: Publish bare flavor image ${{ matrix.config }}
run: |
if [ "${{ inputs.target }}" = "nightly" ]; then
is_nightly=true
else
is_nightly=false
fi
version=$(bin/garden-version "${{ inputs.version }}")
podman login -u token -p ${{ github.token }} ghcr.io
# Handling amd64 image
image="$(podman load < ${{ matrix.config }}-amd64.oci | awk '{ print $NF }')"
# Tagging and pushing amd64 with version
podman tag "$image" ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:amd64-$version
podman push ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:amd64-$version
# Tagging and pushing amd64 with nightly
if [ $is_nightly = true ]; then
podman tag "$image" ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:amd64-nightly
podman push ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:amd64-nightly
fi
# Handling arm64 image
image="$(podman load < ${{ matrix.config }}-arm64.oci | awk '{ print $NF }')"
# Tagging and pushing arm64 with version
podman tag "$image" ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:arm64-$version
podman push ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:arm64-$version
# Tagging and pushing arm64 with nightly
if [ $is_nightly = true ]; then
podman tag "$image" ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:arm64-nightly
podman push ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:arm64-nightly
fi
# Creating and pushing manifest for version tag
podman manifest create ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:$version
podman manifest add ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:$version ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:amd64-$version
podman manifest add ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:$version ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:arm64-$version
podman manifest push ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:$version
# Creating and pushing manifest for nightly tag
if [ $is_nightly = true ]; then
podman manifest create ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:nightly
podman manifest add ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:nightly ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:amd64-nightly
podman manifest add ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:nightly ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:arm64-nightly
podman manifest push ${{ needs.determine_environment.outputs.repository }}/bare-${{ matrix.config }}:nightly
fi
push_flavors:
needs: determine_environment
name: Publish flavors
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
env:
CNAME: ""
GL_ALLOW_MULTIPLE_PLATFORMS: "1"
permissions:
id-token: write
packages: write
environment: ${{ needs.determine_environment.outputs.environment }}
strategy:
fail-fast: false
matrix: ${{ fromJson(inputs.flavors_matrix) }}
max-parallel: 8
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.commit_id }}
submodules: true
- uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.aws_role }}
role-session-name: ${{ secrets.aws_session }}
aws-region: ${{ secrets.aws_region }}
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Install cosign
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
with:
cosign-release: "v2.4.1"
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ matrix.flavor }}-${{ matrix.arch }}
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ matrix.flavor }} --arch ${{ matrix.arch }} --version ${{ inputs.version }} --commit ${{ inputs.commit_id }} cname)" | tee -a "$GITHUB_ENV"
- name: Push using the gl-oci util
env:
GL_CLI_REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GL_CLI_REGISTRY_USERNAME: ${{ github.repository_owner }}
run: |
mkdir "$CNAME"
tar -C "$CNAME" -xzf "$CNAME.tar.gz"
gl-oci push-manifest \
--dir "${CNAME}" \
--container ${{ needs.determine_environment.outputs.repository }} \
--arch ${{ matrix.arch }} \
--version ${{ inputs.version }} \
--cname "${CNAME}" \
--cosign_file digest.txt \
--manifest_file "oci_manifest_entry_${CNAME}.json"
- name: Sign the manifest
run: |
cat digest.txt
docker login ghcr.io -u token -p ${{ github.token }}
cosign sign -tlog-upload=false --key "awskms://kms.${{ secrets.aws_region }}.amazonaws.com/${{ secrets.oci_kms_arn }}" "${{ needs.determine_environment.outputs.repository }}@$(cat digest.txt)"
- name: Verify signature
run: |
cosign verify --insecure-ignore-tlog=true --key "awskms://kms.${{ secrets.aws_region }}.amazonaws.com/${{ secrets.oci_kms_arn }}" "${{ needs.determine_environment.outputs.repository }}@$(cat digest.txt)"
- uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: oci_manifest_entry_${{ env.CNAME }}.json
key: oci-manifest-${{ matrix.flavor }}-${{ matrix.arch }}-${{ github.run_id }}
update_manifest_index:
needs: [determine_environment, push_flavors]
name: Update OCI manifest index
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
env:
CNAME: ""
GL_ALLOW_MULTIPLE_PLATFORMS: "1"
permissions:
id-token: write
packages: write
actions: write
strategy:
fail-fast: false
matrix: ${{ fromJson(inputs.flavors_matrix) }}
max-parallel: 1
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.commit_id }}
submodules: true
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ matrix.flavor }} --arch ${{ matrix.arch }} --version ${{ inputs.version }} --commit ${{ inputs.commit_id }} cname)" | tee -a "$GITHUB_ENV"
- uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: oci_manifest_entry_${{ env.CNAME }}.json
key: oci-manifest-${{ matrix.flavor }}-${{ matrix.arch }}-${{ github.run_id }}
- name: Update index using glcli tool
env:
GL_CLI_REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GL_CLI_REGISTRY_USERNAME: ${{ github.repository_owner }}
run: |
mkdir manifests
mv oci_manifest_entry_${CNAME}.json manifests/
gl-oci push-index-from-directory \
--index ${{ needs.determine_environment.outputs.repository }} \
--index-tag ${{ inputs.version }} \
--manifest_folder manifests
publish_tests:
name: Publish tests container
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
permissions:
packages: write
steps:
- name: Set container version reference
run: |
echo "${{ inputs.commit_id }}" | tee COMMIT
echo "${{ inputs.version }}" | tee VERSION
- id: tests_containers
name: Download built tests archives
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
pattern: tests-container-*
merge-multiple: true
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- if: ${{ steps.tests_containers.outputs.cache-hit == 'true' }}
name: Load OCI archives
run: |
for oci in *.oci; do
podman load -i "${oci}"
rm -f "${oci}"
done
- if: ${{ steps.tests_containers.outputs.cache-hit == 'true' }}
name: Publish tests images and manifest
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
if [ "${{ inputs.target }}" = "nightly" ]; then
is_nightly=true
else
is_nightly=false
fi
version="$(cat VERSION)"
podman login -u token -p ${GITHUB_TOKEN} ghcr.io
# Push amd64 and arm64 images
podman push ghcr.io/${{ github.repository_owner }}/test:amd64-${version}
podman push ghcr.io/${{ github.repository_owner }}/test:arm64-${version}
if [ "$is_nightly" = true ]; then
podman tag ghcr.io/${{ github.repository_owner }}/test:amd64-${version} ghcr.io/${{ github.repository_owner }}/test:amd64-nightly
podman tag ghcr.io/${{ github.repository_owner }}/test:arm64-${version} ghcr.io/${{ github.repository_owner }}/test:arm64-nightly
podman push ghcr.io/${{ github.repository_owner }}/test:amd64-nightly
podman push ghcr.io/${{ github.repository_owner }}/test:arm64-nightly
fi
# Create and push manifests
if [ "$is_nightly" = true ]; then
podman manifest create ghcr.io/${{ github.repository_owner }}/test:nightly
podman manifest add ghcr.io/${{ github.repository_owner }}/test:nightly ghcr.io/${{ github.repository_owner }}/test:amd64-nightly
podman manifest add ghcr.io/${{ github.repository_owner }}/test:nightly ghcr.io/${{ github.repository_owner }}/test:arm64-nightly
podman manifest push ghcr.io/${{ github.repository_owner }}/test:nightly
fi
podman manifest create ghcr.io/${{ github.repository_owner }}/test:${version}
podman manifest add ghcr.io/${{ github.repository_owner }}/test:${version} ghcr.io/${{ github.repository_owner }}/test:amd64-${version}
podman manifest add ghcr.io/${{ github.repository_owner }}/test:${version} ghcr.io/${{ github.repository_owner }}/test:arm64-${version}
podman manifest push ghcr.io/${{ github.repository_owner }}/test:${version}
================================================
FILE: .github/workflows/publish_s3.yml
================================================
name: 'Publish to S3'
on:
workflow_dispatch:
inputs:
run_id:
description: Build workflow run ID
type: number
required: true
compatibility_flags:
description: 'Flags to activate compatibility modes'
type: string
default: ''
workflow_call:
inputs:
run_id:
# type: number is not supported (2026/03)
type: string
required: true
env:
GL_COMPATIBILITY_FLAGS: ${{ inputs.compatibility_flags }}
jobs:
workflow_data:
name: Download workflow JSON data from trigger
uses: ./.github/workflows/download_workflow_data.yml
with:
run_id: ${{ inputs.run_id }}
workflow_data_artifact:
name: Publish parent workflow-data artifact
needs: [workflow_data]
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: workflow-data
github-token: ${{ github.token }}
run-id: ${{ needs.workflow_data.outputs.run_id }}
- name: Upload parent workflow artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: parent-workflow-data
overwrite: true
path: workflow_data.json
trustedboot_flavors_supported_matrix:
needs: workflow_data
name: Generate flavors matrix for trustedboot
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: '--include-only "*trustedboot*" --no-arch --json-by-arch'
trustedboot_flavors_matrix:
needs: [trustedboot_flavors_supported_matrix, workflow_data]
name: Intersect matrix supporting trustedboot
runs-on: "ubuntu-24.04"
defaults:
run:
shell: bash
outputs:
flavors_matrix: ${{ steps.matrix.outputs.flavors_matrix }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
sparse-checkout: |
.github/**
sparse-checkout-cone-mode: false
- id: matrix
name: Calculate matrix
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
// chroot_test_flavors_matrix
let matrix = gitHubLib.intersectFlavorsMatrix(
${{ needs.workflow_data.outputs.flavors_matrix }},
${{ needs.trustedboot_flavors_supported_matrix.outputs.matrix }}
);
core.setOutput("flavors_matrix", matrix);
non_trustedboot_flavors_matrix:
needs: [trustedboot_flavors_supported_matrix, workflow_data]
name: Exclude matrix of flavors supporting trustedboot
runs-on: "ubuntu-24.04"
defaults:
run:
shell: bash
outputs:
flavors_matrix: ${{ steps.matrix.outputs.flavors_matrix }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
sparse-checkout: |
.github/**
sparse-checkout-cone-mode: false
- id: matrix
name: Calculate matrix
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
// chroot_test_flavors_matrix
let matrix = gitHubLib.excludeFlavorsMatrix(
${{ needs.workflow_data.outputs.flavors_matrix }},
${{ needs.trustedboot_flavors_supported_matrix.outputs.matrix }}
);
core.setOutput("flavors_matrix", matrix);
upload_trustedboot_flavors_to_s3:
needs: [trustedboot_flavors_matrix, workflow_data]
name: Upload flavors supporting trustedboot to S3
permissions:
id-token: write
uses: ./.github/workflows/upload_to_s3.yml
with:
commit_id: ${{ needs.workflow_data.outputs.commit_id }}
version: ${{ needs.workflow_data.outputs.version }}
flavors_matrix: ${{ needs.trustedboot_flavors_matrix.outputs.flavors_matrix }}
run_id: ${{ needs.workflow_data.outputs.run_id }}
with_certs: true
compatibility_flags: ${{ inputs.compatibility_flags }}
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_role: ${{ secrets.AWS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_OIDC_SESSION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
upload_trustedboot_flavors_to_s3_china:
needs: [trustedboot_flavors_matrix, workflow_data]
name: Upload flavors supporting trustedboot to S3 (China)
permissions:
id-token: write
uses: ./.github/workflows/upload_to_s3.yml
with:
commit_id: ${{ needs.workflow_data.outputs.commit_id }}
version: ${{ needs.workflow_data.outputs.version }}
flavors_matrix: ${{ needs.trustedboot_flavors_matrix.outputs.flavors_matrix }}
run_id: ${{ needs.workflow_data.outputs.run_id }}
with_certs: true
compatibility_flags: ${{ inputs.compatibility_flags }}
secrets:
aws_region: ${{ secrets.AWS_CN_REGION }}
aws_role: ${{ secrets.AWS_CN_IAM_ROLE }}
aws_session: ${{ secrets.AWS_CN_OIDC_SESSION }}
aws_s3_bucket: ${{ secrets.AWS_CN_S3_BUCKET }}
upload_non_trustedboot_flavors_to_s3:
needs: [non_trustedboot_flavors_matrix, workflow_data]
name: Upload flavors not supporting trustedboot to S3
permissions:
id-token: write
uses: ./.github/workflows/upload_to_s3.yml
with:
commit_id: ${{ needs.workflow_data.outputs.commit_id }}
version: ${{ needs.workflow_data.outputs.version }}
flavors_matrix: ${{ needs.non_trustedboot_flavors_matrix.outputs.flavors_matrix }}
run_id: ${{ needs.workflow_data.outputs.run_id }}
compatibility_flags: ${{ inputs.compatibility_flags }}
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_role: ${{ secrets.AWS_IAM_ROLE }}
aws_session: ${{ secrets.AWS_OIDC_SESSION }}
aws_s3_bucket: ${{ secrets.AWS_S3_BUCKET }}
upload_non_trustedboot_flavors_to_s3_china:
needs: [non_trustedboot_flavors_matrix, workflow_data]
name: Upload flavors not supporting trustedboot to S3 (China)
permissions:
id-token: write
uses: ./.github/workflows/upload_to_s3.yml
with:
commit_id: ${{ needs.workflow_data.outputs.commit_id }}
version: ${{ needs.workflow_data.outputs.version }}
flavors_matrix: ${{ needs.non_trustedboot_flavors_matrix.outputs.flavors_matrix }}
run_id: ${{ needs.workflow_data.outputs.run_id }}
compatibility_flags: ${{ inputs.compatibility_flags }}
secrets:
aws_region: ${{ secrets.AWS_CN_REGION }}
aws_role: ${{ secrets.AWS_CN_IAM_ROLE }}
aws_session: ${{ secrets.AWS_CN_OIDC_SESSION }}
aws_s3_bucket: ${{ secrets.AWS_CN_S3_BUCKET }}
glrd:
needs:
[
workflow_data,
upload_trustedboot_flavors_to_s3,
upload_non_trustedboot_flavors_to_s3,
]
name: create GLRD release
permissions:
id-token: write
environment: oidc_aws_s3_upload
runs-on: ubuntu-24.04
steps:
- uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: ${{ secrets.AWS_OIDC_SESSION }}
aws-region: ${{ secrets.AWS_REGION }}
- if: ${{ github.ref_name == 'main' }}
name: Create GLRD nightly release
uses: gardenlinux/glrd@30fcac2ec9ad6cee873fcc503f0ca11022a4609e # v4.1.0
with:
cmd: glrd-manage --s3-update --create nightly --version "${{ needs.workflow_data.outputs.version }}" --commit "${{ needs.workflow_data.outputs.commit_id }}"
- if: ${{ github.ref_name != 'main' }}
name: Create GLRD minor release
uses: gardenlinux/glrd@30fcac2ec9ad6cee873fcc503f0ca11022a4609e # v4.1.0
with:
cmd: glrd-manage --s3-update --create minor --version "${{ needs.workflow_data.outputs.version }}" --commit "${{ needs.workflow_data.outputs.commit_id }}"
- name: Get latest GL nightly
id: gl_version_nightly
uses: gardenlinux/glrd@30fcac2ec9ad6cee873fcc503f0ca11022a4609e # v4.1.0
with:
cmd: glrd --type nightly --latest
publish_retry:
needs:
[
upload_trustedboot_flavors_to_s3,
upload_trustedboot_flavors_to_s3_china,
upload_non_trustedboot_flavors_to_s3,
upload_non_trustedboot_flavors_to_s3_china,
glrd,
]
if: ${{ failure() && ( needs.upload_trustedboot_flavors_to_s3.result == 'failure' || needs.upload_trustedboot_flavors_to_s3_china.result == 'failure' || needs.upload_non_trustedboot_flavors_to_s3.result == 'failure' || needs.upload_non_trustedboot_flavors_to_s3_china.result == 'failure' || needs.glrd.result == 'failure' ) }}
name: "Retry checkpoint: Publish to S3"
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed publishing
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const gitHubRef = "${{ github.head_ref == '' && github.ref_name || github.head_ref }}";
return await gitHubLib.dispatchRetryWorkflow(core, github.rest.actions, context, gitHubRef, 5);
================================================
FILE: .github/workflows/reproducable_test.yml
================================================
name: Check build reproducibility
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-reproducibility
cancel-in-progress: true
on:
workflow_dispatch:
inputs:
nightly:
description: "Compared builds"
type: choice
required: true
default: "One new build with latest nightly"
options:
- "Two new builds"
- "One new build with latest nightly"
- "Two nightly builds"
run_number1:
description: "First run number (#..., only required if comparing two nightly builds)"
type: string
run_number2:
description: "Second run number (#..., only required if comparing two nightly builds)"
type: string
jobs:
build_a:
name: Build A
if: ${{ inputs.nightly != 'Two nightly builds' }}
uses: ./.github/workflows/build.yml
permissions:
id-token: write
actions: write
packages: write
with:
version: now
target: nightly
platform_test_tag: latest
fail_fast: true
prefix: a-
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }}
secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
run_number_a:
uses: ./.github/workflows/get_workflow_infos.yml
if: ${{ inputs.nightly == 'Two nightly builds' }}
permissions:
actions: read
with:
workflow_name: "nightly"
run_number: ${{ inputs.run_number1 }}
build_b:
name: Build B
if: ${{ inputs.nightly == 'Two new builds' }}
uses: ./.github/workflows/build.yml
permissions:
id-token: write
actions: write
packages: write
with:
version: now
target: nightly
platform_test_tag: latest
fail_fast: true
prefix: b-
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }}
secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
run_number_b:
uses: ./.github/workflows/get_workflow_infos.yml
if: ${{ inputs.nightly == 'One new build with latest nightly' || inputs.nightly == 'Two nightly builds' }}
permissions:
actions: read
with:
workflow_name: "nightly"
run_number: ${{ inputs.nightly == 'Two nightly builds' && inputs.run_number2 || 'latest' }}
flavors_matrix:
name: Generate flavors matrix to build
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: '--exclude "bare-*" --no-arch --json-by-arch --build --test'
bare_flavors_matrix:
name: Generate bare flavors matrix to build
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: '--include-only "bare-*" --no-arch --json-by-arch --build --test'
difference_check:
needs: [ flavors_matrix, build_a, build_b, run_number_a, run_number_b ]
name: Difference check
runs-on: ubuntu-latest
if: always()
permissions:
actions: read
strategy:
matrix: ${{ fromJson(needs.flavors_matrix.outputs.matrix) }}
fail-fast: false
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
with:
submodules: true
- name: Load flavor A build artifact
if: always() && needs.build_a.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: a-build-${{ matrix.flavor }}-${{ matrix.arch }}
path: A
- name: Load flavor A build artifact from first nightly
if: always() && needs.run_number_a.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ matrix.flavor }}-${{ matrix.arch }}
path: A
run-id: ${{ needs.run_number_a.outputs.id }}
github-token: ${{ github.token }}
- name: Load flavor B build artifact
if: always() && needs.build_b.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: b-build-${{ matrix.flavor }}-${{ matrix.arch }}
path: B
- name: Load flavor B build artifact from second nightly
if: always() && needs.run_number_b.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ matrix.flavor }}-${{ matrix.arch }}
path: B
run-id: ${{ needs.run_number_b.outputs.id }}
github-token: ${{ github.token }}
- name: Compare builds
run: |
cname_a=$(ls A | sed -E "s/.tar.gz$//")
cname_b=$(ls B | sed -E "s/.tar.gz$//")
tar -C A -xzf A/$cname_a.tar.gz
rm "A/$cname_a.tar.gz"
mkdir "A/unpacked"
tar -C A/unpacked -xf A/$cname_a.tar
tar -C B -xzf B/$cname_b.tar.gz
rm "B/$cname_b.tar.gz"
mkdir "B/unpacked"
tar -C B/unpacked -xf B/$cname_b.tar
./.github/workflows/generate_diff.sh ${{ inputs.nightly == 'Two nightly builds' && '--nightly' || '' }} ${{ matrix.flavor }}-${{ matrix.arch }} $cname_a $cname_b
- name: Upload diff data
if: always()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
if-no-files-found: error
name: ${{ matrix.flavor }}-${{ matrix.arch }}-diff
path: ${{ matrix.flavor }}-${{ matrix.arch }}-diff
bare_difference_check:
needs: [ bare_flavors_matrix, build_a, build_b, run_number_a, run_number_b ]
name: Difference check for bare flavors
runs-on: ubuntu-latest
if: always()
permissions:
actions: read
strategy:
matrix: ${{ fromJson(needs.bare_flavors_matrix.outputs.matrix) }}
fail-fast: false
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
with:
submodules: true
- name: Load flavor A build artifact
if: always() && needs.build_a.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: a-build-${{ matrix.flavor }}-${{ matrix.arch }}
path: A
- name: Load flavor A build artifact from first nightly
if: always() && needs.run_number_a.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ matrix.flavor }}-${{ matrix.arch }}
path: A
run-id: ${{ needs.run_number_a.outputs.id }}
github-token: ${{ github.token }}
- name: Load flavor B build artifact
if: always() && needs.build_b.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: b-build-${{ matrix.flavor }}-${{ matrix.arch }}
path: B
- name: Load flavor B build artifact from second nightly
if: always() && needs.run_number_b.result == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ matrix.flavor }}-${{ matrix.arch }}
path: B
run-id: ${{ needs.run_number_b.outputs.id }}
github-token: ${{ github.token }}
- name: Compare builds
run: |
podman unshare /bin/bash -c '\
FILENAME=$(echo "${{ matrix.flavor }}-${{ matrix.arch }}.oci" | sed -E "s/bare-//");\
a_sha=$(podman load -qi A/$FILENAME 2>/dev/null | awk '\''{ print $NF }'\'');\
a_mount=$(podman image mount "$a_sha");\
b_sha=$(podman load -qi B/$FILENAME 2>/dev/null | awk '\''{ print $NF }'\'');\
b_mount=$(podman image mount "$b_sha");\
depth=$(echo "$a_mount" | tr -cd '\''/'\'' | wc -c);\
depth=$(($depth + 1))
./.github/workflows/generate_diff.sh --oci ${{ inputs.nightly == 'Two nightly builds' && '--nightly' || '' }} ${{ matrix.flavor }}-${{ matrix.arch }} "$a_mount" "$b_mount" "$depth";\
'
- name: Upload diff data
if: always()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
with:
if-no-files-found: error
name: ${{ matrix.flavor }}-${{ matrix.arch }}-diff
path: ${{ matrix.flavor }}-${{ matrix.arch }}-diff
format_result:
needs: [ difference_check, bare_difference_check, run_number_a, run_number_b, flavors_matrix, bare_flavors_matrix ]
if: always()
name: Format result
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
with:
submodules: true
- name: download result data
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
pattern: "*-diff"
path: diffs/
merge-multiple: true
- name: Compare commit hashes if two nightly builds were used
if: always() && needs.run_number_a.result == 'success' && needs.run_number_b.result == 'success'
run: |
run_number_a=$(echo "${{ needs.run_number_a.outputs.run_number }}" | sed -E "s/^#//")
run_number_b=$(echo "${{ needs.run_number_b.outputs.run_number }}" | sed -E "s/^#//")
echo -e "$run_number_a,${{ needs.run_number_a.outputs.id }},${{ needs.run_number_a.outputs.commit }};\
$run_number_b,${{ needs.run_number_b.outputs.id }},${{ needs.run_number_b.outputs.commit }}"\
> nightly_stats
- name: Compare commit hashes if one nightly build was used
if: always() && needs.run_number_a.result == 'skipped' && needs.run_number_b.result == 'success'
run: |
run_number_b=$(echo "${{ needs.run_number_b.outputs.run_number }}" | sed -E "s/^#//")
echo -e ",,${{ github.sha }};\
$run_number_b,${{ needs.run_number_b.outputs.id }},${{ needs.run_number_b.outputs.commit }}"\
> nightly_stats
- name: generate Result.md
run: |
./.github/workflows/format_diff.py '${{ needs.flavors_matrix.outputs.matrix }}' '${{ needs.bare_flavors_matrix.outputs.matrix }}'
cat Result.md >> $GITHUB_STEP_SUMMARY
================================================
FILE: .github/workflows/tag_latest_container.yml
================================================
name: "Tag latest and release container"
on:
workflow_call:
inputs:
version:
required: true
type: string
description: Release to be tagged (<xxxx>.<x>)
is_latest:
required: true
type: boolean
description: Is tagging as gardenlinux:latest required
jobs:
tag_version:
name: tag latest and release container
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
permissions:
packages: write
steps:
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Tag manifest
env:
GL_CLI_REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GL_CLI_REGISTRY_USERNAME: ${{ github.repository_owner }}
run: |
# Setup version tags for latest & release without patch
version="${{ inputs.version }}"
is_latest="${{ inputs.is_latest }}"
version_major=$(echo $version | cut -d'.' -f 1)
version_patch=$(echo $version | cut -d'.' -f 3)
container=ghcr.io/${{ github.repository }}
# Tag the major release version
echo "Tagging as ${version_major}"
gl-oci push-index-tags --index "${container}" --index-tag "${version}" --tag "${version_major}"
# Tag the patch release version
if [ -z "${version_patch}" ]; then
echo "Tagging as ${version}.0"
gl-oci push-index-tags --index "${container}" --index-tag "${version}" --tag "${version}.0"
fi
# Tag latest only if requested
if [ "${is_latest}" == "true" ]; then
echo "Tagging as latest"
gl-oci push-index-tags --index "${container}" --index-tag "${version}" --tag "latest"
fi
================================================
FILE: .github/workflows/test_flavor_chroot.yml
================================================
name: test_flavor
on:
workflow_call:
inputs:
arch:
type: string
default: "amd64"
flavor:
type: string
required: true
jobs:
test:
name: Test flavor ${{ inputs.flavor }} (${{ inputs.arch }}) in chroot
runs-on: ${{ inputs.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
if: ${{ inputs.flavor != 'skip' }}
timeout-minutes: 10
defaults:
run:
shell: bash
env:
CNAME: ""
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: |
COMMIT
VERSION
key: build-${{ inputs.flavor }}-${{ inputs.arch }}-${{ github.run_id }}
fail-on-cache-miss: true
- name: Download test distribution artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: test-distribution
path: tests/.build
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ inputs.flavor }}-${{ inputs.arch }} cname)" | tee -a "$GITHUB_ENV"
- name: Load flavor build artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ inputs.flavor }}-${{ inputs.arch }}
- name: Execute tests
run: |
mkdir ".build"
tar -C .build -xzf "${CNAME}.tar.gz"
rm "${CNAME}.tar.gz"
./test ".build/${CNAME}.tar"
- name: Copy test results to build directory
if: always()
run: |
cp tests/log/chroot.test.log .build/${CNAME}.chroot.test.log || true
cp tests/log/chroot.test.xml .build/${CNAME}.chroot.test.xml || true
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
if: always()
with:
if-no-files-found: ignore
name: chroot-test-${{ env.CNAME }}
path: |
.build/${{ env.CNAME }}.chroot.test.log
.build/${{ env.CNAME }}.chroot.test.xml
================================================
FILE: .github/workflows/test_flavor_cloud.yml
================================================
name: test_flavor
on:
workflow_call:
inputs:
arch:
type: string
default: "amd64"
flavor:
type: string
required: true
secrets:
gcp_identity_provider:
required: true
gcp_service_account:
required: true
gcp_project_id:
required: true
gcp_region:
required: true
gcp_zone:
required: true
aws_role:
required: true
aws_session:
required: true
aws_region:
required: true
aws_s3_bucket:
required: true
az_client_id:
required: true
az_tenant_id:
required: true
az_subscription_id:
required: true
alibaba_cloud_role_arn:
required: true
alibaba_cloud_oidc_provider_arn:
required: true
alibaba_cloud_region:
required: true
tf_encryption:
required: true
jobs:
test:
name: Test flavor ${{ inputs.flavor }} (${{ inputs.arch }}) in cloud
runs-on: "ubuntu-24.04"
if: ${{ inputs.flavor != 'skip' }}
# timeout-minutes: 30
environment: oidc_platform_tests
defaults:
run:
shell: bash
env:
CNAME: ""
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
permissions:
id-token: write
actions: write
steps:
- name: install dependencies
run: |
sudo apt-get update
sudo env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends podman make curl jq unzip qemu-utils retry
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: |
COMMIT
VERSION
key: build-${{ inputs.flavor }}-${{ inputs.arch }}-${{ github.run_id }}
fail-on-cache-miss: true
- name: Download test distribution artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: test-distribution
path: tests/.build
- name: Load certs artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: certs
path: cert/
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ inputs.flavor }}-${{ inputs.arch }} cname)" | tee -a "$GITHUB_ENV"
- name: Set CLOUD
run: |
echo "CLOUD=${CNAME%%-*}" | tee -a "$GITHUB_ENV"
- name: Load flavor build artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ inputs.flavor }}-${{ inputs.arch }}
- name: unpack build artifacts
run: |
mkdir ".build"
tar -C .build -xzf $CNAME.tar.gz
rm "$CNAME.tar.gz"
tree .build
- name: "Authenticate to Google Cloud"
if: ${{ startsWith(inputs.flavor, 'gcp-') }}
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: ${{ secrets.gcp_identity_provider }}
service_account: ${{ secrets.gcp_service_account }}
create_credentials_file: true
cleanup_credentials: true
export_environment_variables: true
- name: Set GCP platform-test environment
if: ${{ startsWith(inputs.flavor, 'gcp-') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
// tf provider vars
core.exportVariable("GOOGLE_PROJECT", "${{ secrets.gcp_project_id }}");
core.exportVariable("GOOGLE_REGION", "${{ secrets.gcp_region }}");
core.exportVariable("GOOGLE_ZONE", "${{ secrets.gcp_zone }}");
- id: "auth_aws"
name: "Authenticate to AWS"
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.aws_role }}
role-session-name: ${{ secrets.aws_session }}
aws-region: ${{ secrets.aws_region }}
output-credentials: true
- name: Set AWS platform-test environment
if: ${{ startsWith(inputs.flavor, 'aws-') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
// tf provider auth
core.setSecret("${{ steps.auth_aws.outputs.aws-access-key-id }}");
core.exportVariable("AWS_ACCESS_KEY_ID", "${{ steps.auth_aws.outputs.aws-access-key-id }}");
core.setSecret("${{ steps.auth_aws.outputs.aws-secret-access-key }}");
core.exportVariable("AWS_SECRET_ACCESS_KEY", "${{ steps.auth_aws.outputs.aws-secret-access-key }}");
core.setSecret("${{ steps.auth_aws.outputs.aws-session-token }}");
core.exportVariable("AWS_SESSION_TOKEN", "${{ steps.auth_aws.outputs.aws-session-token }}");
// tf provider vars
core.exportVariable("AWS_REGION", "${{ secrets.aws_region }}");
- id: "auth_azure"
if: ${{ startsWith(inputs.flavor, 'azure-') }}
name: "Authenticate to Azure"
uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # pin@v1
with:
client-id: ${{ secrets.az_client_id }}
tenant-id: ${{ secrets.az_tenant_id }}
subscription-id: ${{ secrets.az_subscription_id }}
- name: Set Azure platform-test environment
if: ${{ startsWith(inputs.flavor, 'azure-') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
// tf provider auth
core.exportVariable("ARM_USE_OIDC", "true");
core.exportVariable("AZURE_CONFIG_DIR", "$RUNNER_TEMP/azure_config_dir");
core.setSecret("${{ secrets.az_client_id }}");
core.exportVariable("ARM_CLIENT_ID", "${{ secrets.az_client_id }}");
core.setSecret("${{ secrets.az_subscription_id }}");
core.exportVariable("ARM_SUBSCRIPTION_ID", "${{ secrets.az_subscription_id }}");
core.setSecret("${{ secrets.az_tenant_id }}");
// tf provider vars
core.exportVariable("ARM_TENANT_ID", "${{ secrets.az_tenant_id }}");
- id: "auth_alicloud"
if: ${{ startsWith(inputs.flavor, 'ali-') }}
name: "Authenticate to Alicloud"
uses: aliyun/configure-aliyun-credentials-action@b347e60e64028a4d567a8f31ca42e1b0706c3c99 # v1.0.7
with:
role-to-assume: ${{ secrets.alibaba_cloud_role_arn }}
oidc-provider-arn: ${{ secrets.alibaba_cloud_oidc_provider_arn }}
role-session-expiration: 21600
- name: "Set Alicloud platform-test environment"
if: ${{ startsWith(inputs.flavor, 'ali-') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
// tf provider vars
core.exportVariable("ALIBABA_CLOUD_REGION", "${{ secrets.alibaba_cloud_region }}");
# TODO: handle skipping better
- name: Execute tests
run: |
if [ ! -e ".build/$CNAME.raw" ]; then
if [ -e ".build/$CNAME.vhd" ]; then
echo "converting vhd to raw"
qemu-img convert -f vpc -O raw ".build/$CNAME.vhd" ".build/$CNAME.raw"
elif [ -e ".build/$CNAME.qcow2" ]; then
echo "converting qcow2 to raw"
qemu-img convert -f qcow2 -O raw ".build/$CNAME.qcow2" ".build/$CNAME.raw"
elif [ -e ".build/$CNAME.gcpimage.tar.gz" ]; then
echo "converting gcpimage to raw"
tar -C .build -xzf ".build/$CNAME.gcpimage.tar.gz"
mv ".build/disk.raw" ".build/$CNAME.raw"
fi
fi
if [ -e ".build/$CNAME.raw" ]; then
# enable remote state S3 backend
cp "tests/util/tf/backend.tf.github" "tests/util/tf/backend.tf"
# enable state encryption
export TF_ENCRYPTION="$(base64 -d <<< ${{ secrets.tf_encryption }})"
# run test
export TF_VAR_prefix="gh-${{ github.run_id }}"
./test --cloud $CLOUD ".build/$CNAME.raw"
else
echo "no raw file, cloud test failed"
exit 1
fi
- name: Copy test results to build directory
if: always()
run: |
cp tests/log/cloud.test.log .build/${CNAME}.cloud.test.log || true
cp tests/log/cloud.test.xml .build/${CNAME}.cloud.test.xml || true
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
if: always()
with:
if-no-files-found: ignore
name: cloud-test-${{ env.CNAME }}
path: |
.build/${{ env.CNAME }}.cloud.test.log
.build/${{ env.CNAME }}.cloud.test.xml
- name: Cleanup cloud test for ${{ inputs.flavor }} (${{ inputs.arch }})
if: always()
run: |
# enable remote state S3 backend
cp "tests/util/tf/backend.tf.github" "tests/util/tf/backend.tf"
# enable state encryption
export TF_ENCRYPTION="$(base64 -d <<< ${{ secrets.tf_encryption }})"
# run cleanup
export TF_VAR_prefix="gh-${{ github.run_id }}"
./test --cloud $CLOUD --only-cleanup ".build/$CNAME.raw" || true
================================================
FILE: .github/workflows/test_flavor_oci.yml
================================================
name: test_flavor
on:
workflow_call:
inputs:
arch:
type: string
default: "amd64"
flavor:
type: string
required: true
jobs:
test:
name: Test OCI flavor ${{ inputs.flavor }} (${{ inputs.arch }})
runs-on: ${{ inputs.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
if: ${{ inputs.flavor != 'skip' }}
timeout-minutes: 30
defaults:
run:
shell: bash
env:
CNAME: ""
permissions:
actions: write
steps:
- name: install required packages
run: |
sudo apt-get update
sudo env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends libxml2-utils retry
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: |
COMMIT
VERSION
key: build-${{ inputs.flavor }}-${{ inputs.arch }}-${{ github.run_id }}
fail-on-cache-miss: true
- name: Download test distribution artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: test-distribution
path: tests/.build
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ inputs.flavor }}-${{ inputs.arch }} cname)" | tee -a "$GITHUB_ENV"
- name: Load flavor build artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ inputs.flavor }}-${{ inputs.arch }}
- name: unpack build artifacts
run: |
mkdir ".build"
tar -C .build -xzf $CNAME.tar.gz
rm "$CNAME.tar.gz"
tree .build
# TODO: handle skipping better
- name: Execute tests
run: |
if [ -e ".build/$CNAME.oci" ]; then
./test ".build/$CNAME.oci"
else
echo "skipping non oci file"
fi
- name: Copy test results to build directory
if: always()
run: |
cp tests/log/oci.test.log .build/${CNAME}.oci.test.log || true
cp tests/log/oci.test.xml .build/${CNAME}.oci.test.xml || true
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
if: always()
with:
if-no-files-found: ignore
name: oci-test-${{ env.CNAME }}
path: |
.build/${{ env.CNAME }}.oci.test.log
.build/${{ env.CNAME }}.oci.test.xml
================================================
FILE: .github/workflows/test_flavor_qemu.yml
================================================
name: test_flavor
on:
workflow_call:
inputs:
arch:
type: string
default: "amd64"
flavor:
type: string
required: true
jobs:
test:
name: Test flavor ${{ inputs.flavor }} (${{ inputs.arch }}) in QEMU
# runs-on: ${{ inputs.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
runs-on: "ubuntu-24.04"
if: ${{ inputs.flavor != 'skip' }}
timeout-minutes: 40
defaults:
run:
shell: bash
env:
CNAME: ""
permissions:
actions: write
steps:
- name: install qemu
run: |
sudo apt-get update
sudo env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends qemu-utils qemu-system-x86 qemu-system-arm swtpm socat libxml2-utils
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # pin@v5.0.4
with:
path: |
COMMIT
VERSION
key: build-${{ inputs.flavor }}-${{ inputs.arch }}-${{ github.run_id }}
fail-on-cache-miss: true
- name: Download test distribution artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: test-distribution
path: tests/.build
- name: Load certs artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: certs
path: cert/
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ inputs.flavor }}-${{ inputs.arch }} cname)" | tee -a "$GITHUB_ENV"
- name: Load flavor build artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ inputs.flavor }}-${{ inputs.arch }}
- name: unpack build artifacts
run: |
mkdir ".build"
tar -C .build -xzf $CNAME.tar.gz
rm "$CNAME.tar.gz"
tree .build
# TODO: handle skipping better
- name: Execute tests
run: |
if [ ! -e ".build/$CNAME.raw" ]; then
if [ -e ".build/$CNAME.ova" ]; then
echo "extracting ova"
tar xvf ".build/$CNAME.ova" -C .build
ls -la .build
fi
if [ -e ".build/$CNAME.vhd" ]; then
echo "converting vhd to raw"
qemu-img convert -f vpc -O raw ".build/$CNAME.vhd" ".build/$CNAME.raw"
elif [ -e ".build/$CNAME.qcow2" ]; then
echo "converting qcow2 to raw"
qemu-img convert -f qcow2 -O raw ".build/$CNAME.qcow2" ".build/$CNAME.raw"
elif [ -e ".build/$CNAME.vmdk" ]; then
echo "converting vmdk to raw"
qemu-img convert -f vmdk -O raw ".build/$CNAME.vmdk" ".build/$CNAME.raw"
elif [ -e ".build/$CNAME.gcpimage.tar.gz" ]; then
echo "converting gcpimage to raw"
tar -C .build -xzf ".build/$CNAME.gcpimage.tar.gz"
mv ".build/disk.raw" ".build/$CNAME.raw"
fi
fi
if [ -e ".build/$CNAME.raw" ]; then
./test ".build/$CNAME.raw"
elif [ -e ".build/$CNAME.pxe.tar.gz" ]; then
./test ".build/$CNAME.pxe.tar.gz"
elif [ -e ".build/$CNAME.oci" ]; then
echo "skipping oci test"
exit 0
else
echo "no raw or pxe file, QEMU test failed"
exit 1
fi
- name: Copy test results to build directory
if: always()
run: |
cp tests/log/qemu.test.log .build/${CNAME}.qemu.test.log || true
cp tests/log/qemu.test.xml .build/${CNAME}.qemu.test.xml || true
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
if: always()
with:
if-no-files-found: ignore
name: qemu-test-${{ env.CNAME }}
path: |
.build/${{ env.CNAME }}.qemu.test.log
.build/${{ env.CNAME }}.qemu.test.xml
================================================
FILE: .github/workflows/test_report.yml
================================================
name: test_report
on:
workflow_call:
inputs:
test_jobs:
description: "Comma-separated list of test job names to wait for"
type: string
required: true
jobs:
flavor_version_data:
name: Download flavor version data from trigger
uses: ./.github/workflows/download_flavor_version_data.yml
with:
run_id: ${{ github.run_id }}
test_report:
name: Generate Test Report
runs-on: ubuntu-24.04
needs: [flavor_version_data]
if: always()
permissions:
actions: write
checks: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- name: Download all test artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
pattern: "*-test-*"
path: test-artifacts
merge-multiple: true
continue-on-error: true
- name: List downloaded artifacts
run: |
echo "Downloaded test artifacts:"
find test-artifacts -name "*.test.xml" -type f
echo "Total XML files found: $(find test-artifacts -name "*.test.xml" -type f | wc -l)"
- name: Set variables
id: vars
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const version = '${{ needs.flavor_version_data.outputs.version }}';
const commitId = '${{ needs.flavor_version_data.outputs.commit_id }}';
const commitShort = commitId.substring(0, 8);
const commitUrl = `${{ github.server_url }}/${{ github.repository }}/commit/${commitId}`;
const title = `Garden Linux ${version}-<a href="${commitUrl}">${commitShort}</a> Test Results`;
core.setOutput('version', version);
core.setOutput('commit_id', commitId);
core.setOutput('commit_short', commitShort);
core.setOutput('commit_url', commitUrl);
core.setOutput('title', title);
- name: Generate Test Report
uses: gardenlinux/pytest-multi-results-action@8fc9cd734e3bfac0057ca43d70cd561b5f4d52bb
if: always()
with:
files: |
test-artifacts/**/*.test.xml
title: ${{ steps.vars.outputs.title }}
summary: true
result-types: "skipped,passed,failed,error"
fail-on-empty: false
metadata-fields: "Artifact,Type,Namespace"
metadata-field-mapping: '{"Namespace": "Namespace", "Type": "Type", "Artifact": "Artifact"}'
- name: Upload report artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # pin@v7.0.0
if: always()
with:
name: test-report
path: |
test-artifacts/*.test.xml
retention-days: 30
================================================
FILE: .github/workflows/test_update_python_runtime.yml
================================================
name: Test - Update Python Runtime
on:
workflow_dispatch:
schedule:
# Run at 12:00 noon CEST (10:00 UTC)
- cron: "0 10 * * *"
jobs:
update:
name: Update Python Runtime
runs-on: ubuntu-24.04
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y jq python3-pip
pip install -r tests/util/requirements-gh.txt
- name: Run update script
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: tests/util/update_runtime.py
- name: Check for changes
id: changes
run: |
if git diff --quiet; then
echo "has_changes=false" >> $GITHUB_OUTPUT
else
echo "has_changes=true" >> $GITHUB_OUTPUT
{
echo "summary<<EOF"
echo "## Changes"
echo ""
echo '```diff'
git diff
echo '```'
echo "EOF"
} >> $GITHUB_OUTPUT
release_date=$(grep '^export RELEASE_DATE=' tests/util/python.env.sh | sed -n 's/^export RELEASE_DATE="\(.*\)"/\1/p')
echo "release_date=$release_date" >> $GITHUB_OUTPUT
fi
- name: Configure Git
if: steps.changes.outputs.has_changes == 'true'
run: |
git config user.name "Garden Linux Bot"
git config user.email gardenlinux[bot]@users.noreply.github.com
- name: Create Branch and Pull Request
if: steps.changes.outputs.has_changes == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SUMMARY: ${{ steps.changes.outputs.summary }}
run: |
BRANCH="update-tests-python-runtime-${{ steps.changes.outputs.release_date }}"
TITLE="chore: Update tests Python runtime version"
# Check if a PR already exists for this branch
existing_pr=$(gh pr list --base main --head "${BRANCH}" --json number --jq '.[0].number' || echo "")
if [ -n "${existing_pr}" ]; then
echo "PR #${existing_pr} already exists for branch ${BRANCH}, skipping PR creation."
exit 0
fi
# Write body and commit message to files to safely handle multi-line content
{
echo "This PR was automatically created by the [Test - Update Python Runtime](https://github.com/gardenlinux/gardenlinux/actions/workflows/test_update_python_runtime.yml) workflow."
echo ""
printf '%s\n' "${SUMMARY}"
echo ""
echo "Please review and merge if the changes look correct."
} > /tmp/body.txt
{
echo "${TITLE}"
echo ""
printf '%s\n' "${SUMMARY}"
} > /tmp/commit_message.txt
git checkout -b ${BRANCH}
git add tests/util/python.env.sh
git commit -F /tmp/commit_message.txt
git push origin ${BRANCH} -f
gh version
gh pr create \
--base main \
--head "${BRANCH}" \
--title "${TITLE}" \
--body-file /tmp/body.txt \
--label "automated" \
--label "dependencies" \
--label "test" \
--label "python"
# is somewhat broken, see https://github.com/orgs/community/discussions/113519
# error fetching organization teams: GraphQL: Resource not accessible by integration (organization.teams)
# --reviewer "gardenlinux/maintainers" \
- name: Close Superseded Pull Requests
if: steps.changes.outputs.has_changes == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
TITLE="chore: update Tests Python runtime version"
# Get PRs sorted by date (newest first)
prs=$(gh pr list --search "$TITLE" --json number,createdAt --jq 'sort_by(.createdAt) | reverse | .[].number')
pr_array=($prs)
if [ ${#pr_array[@]} -lt 2 ]; then
echo "Less than 2 PRs found, nothing to close."
exit 0
fi
latest=${pr_array[0]}
echo "Keeping latest PR: #$latest"
for pr in "${pr_array[@]:1}"; do
echo "Closing PR #$pr as superseded by #$latest"
gh pr close "$pr" --comment "Closing as superseded by #$latest"
done
================================================
FILE: .github/workflows/tests.yml
================================================
name: tests
on:
# triggered by other workflows
workflow_call:
inputs:
flavors_matrix:
description: "Generated GitHub workflow flavors matrix"
type: string
required: true
test_types:
description: "Types of tests to execute (comma-separated: chroot,qemu,cloud,oci,bare)"
type: string
default: "chroot,qemu,oci"
bare_flavors_matrix:
description: "Generated GitHub workflow flavors matrix for bare flavors"
type: string
default: '{"include":[]}'
secrets:
gcp_identity_provider:
required: false
gcp_service_account:
required: false
gcp_project_id:
required: false
gcp_region:
required: false
gcp_zone:
required: false
aws_role:
required: false
aws_session:
required: false
aws_region:
required: false
aws_s3_bucket:
required: false
az_client_id:
required: false
az_tenant_id:
required: false
az_subscription_id:
required: false
alibaba_cloud_role_arn:
required: false
alibaba_cloud_oidc_provider_arn:
required: false
alibaba_cloud_region:
required: false
tf_encryption:
required: false
jobs:
chroot_test_flavors_supported_matrix:
name: Generate flavors matrix for chroot test
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: "--no-arch --json-by-arch --test"
oci_test_flavors_supported_matrix:
name: Generate flavors matrix for oci test
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: "--no-arch --json-by-arch --test --include-only 'container-*'"
qemu_test_flavors_supported_matrix:
name: Generate flavors matrix for qemu test
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: "--no-arch --json-by-arch --test --exclude vmware-*"
cloud_test_flavors_supported_matrix:
name: Generate flavors matrix for cloud test
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: "--no-arch --json-by-arch --test-platform"
bare_flavors_supported_matrix:
name: Generate flavors matrix for bare flavors test
uses: ./.github/workflows/build_flavors_matrix.yml
with:
flags: '--include-only "bare-*" --no-arch --json-by-arch --test'
determine_test_settings:
needs:
[
chroot_test_flavors_supported_matrix,
oci_test_flavors_supported_matrix,
qemu_test_flavors_supported_matrix,
cloud_test_flavors_supported_matrix,
bare_flavors_supported_matrix,
]
name: Determine test settings
runs-on: "ubuntu-24.04"
defaults:
run:
shell: bash
outputs:
bare_flavors_matrix: ${{ steps.test_environments.outputs.bare_flavors_matrix }}
bare_flavors_tests: ${{ steps.test_environments.outputs.bare_flavors_tests }}
chroot_test_flavors_matrix: ${{ steps.test_environments.outputs.chroot_test_flavors_matrix }}
chroot_tests: ${{ steps.test_environments.outputs.chroot_tests }}
oci_flavors_matrix: ${{ steps.test_environments.outputs.oci_flavors_matrix }}
oci_flavors_tests: ${{ steps.test_environments.outputs.oci_flavors_tests }}
cloud_test_flavors_matrix: ${{ steps.test_environments.outputs.cloud_test_flavors_matrix }}
cloud_tests: ${{ steps.test_environments.outputs.cloud_tests }}
qemu_test_flavors_matrix: ${{ steps.test_environments.outputs.qemu_test_flavors_matrix }}
qemu_tests: ${{ steps.test_environments.outputs.qemu_tests }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
- id: test_environments
name: Determine test environments
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const testsEnvsEnabled = gitHubLib.getTestEnvironmentsEnabled("${{ inputs.test_types }}");
const testDefinitions = [
{
key: "chroot",
outTests: "chroot_tests",
outMatrix: "chroot_test_flavors_matrix",
inputMatrix: ${{ inputs.flavors_matrix }},
supported: ${{ needs.chroot_test_flavors_supported_matrix.outputs.matrix }}
},
{
key: "qemu",
outTests: "qemu_tests",
outMatrix: "qemu_test_flavors_matrix",
inputMatrix: ${{ inputs.flavors_matrix }},
supported: ${{ needs.qemu_test_flavors_supported_matrix.outputs.matrix }}
},
{
key: "cloud",
outTests: "cloud_tests",
outMatrix: "cloud_test_flavors_matrix",
inputMatrix: ${{ inputs.flavors_matrix }},
supported: ${{ needs.cloud_test_flavors_supported_matrix.outputs.matrix }}
},
{
key: "oci",
outTests: "oci_flavors_tests",
outMatrix: "oci_flavors_matrix",
inputMatrix: ${{ inputs.flavors_matrix }},
supported: ${{ needs.oci_test_flavors_supported_matrix.outputs.matrix }}
},
{
key: "bare",
outTests: "bare_flavors_tests",
outMatrix: "bare_flavors_matrix",
inputMatrix: ${{ inputs.bare_flavors_matrix }},
supported: ${{ needs.bare_flavors_supported_matrix.outputs.matrix }}
}
];
// `matrix:` and it's fromJson() evaluation cannot be skipped by setting the matrix to an empty string or array
// hence we set a minimal skip flavor matrix and evaluate it in each test_flavor_* workflow.
const skipFlavorMatrix = '{"include":[{"arch":"amd64","flavor":"skip"}]}';
// Process all test types, but only enable requested ones
for (const t of testDefinitions) {
if (!testsEnvsEnabled.includes(t.key)) {
core.setOutput(t.outTests, false);
core.setOutput(t.outMatrix, skipFlavorMatrix);
console.debug(`${t.key}: disabled`);
continue;
}
const matrix = gitHubLib.intersectFlavorsMatrix(t.inputMatrix, t.supported);
const isEnabled = !gitHubLib.isMatrixEmpty(matrix);
core.setOutput(t.outTests, isEnabled);
console.log(`${t.key}: ${isEnabled ? 'enabled' : 'disabled'} (${isEnabled ? matrix['include'].length : 0} flavors)`);
if (isEnabled) {
core.setOutput(t.outMatrix, matrix);
} else {
core.setOutput(t.outMatrix, skipFlavorMatrix);
}
}
## test-ng start
test_flavors_chroot:
needs: determine_test_settings
name: Test chroot flavors
uses: ./.github/workflows/test_flavor_chroot.yml
if: ${{ needs.determine_test_settings.outputs.chroot_tests == 'true' }}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.determine_test_settings.outputs.chroot_test_flavors_matrix) }}
with:
arch: ${{ matrix.arch }}
flavor: ${{ matrix.flavor }}
permissions:
actions: write
test_flavors_qemu:
needs: determine_test_settings
name: Test QEMU flavors
uses: ./.github/workflows/test_flavor_qemu.yml
if: ${{ needs.determine_test_settings.outputs.qemu_tests == 'true' }}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.determine_test_settings.outputs.qemu_test_flavors_matrix) }}
with:
arch: ${{ matrix.arch }}
flavor: ${{ matrix.flavor }}
permissions:
actions: write
test_flavors_cloud:
needs: [determine_test_settings, test_flavors_qemu]
name: Test cloud flavors
uses: ./.github/workflows/test_flavor_cloud.yml
if: |
${{
needs.determine_test_settings.outputs.cloud_tests == 'true'
&& (always() && (needs.test_flavors_qemu.result == 'success' || needs.determine_test_settings.outputs.qemu_tests != 'true'))
}}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.determine_test_settings.outputs.cloud_test_flavors_matrix) }}
with:
arch: ${{ matrix.arch }}
flavor: ${{ matrix.flavor }}
secrets: inherit
permissions:
id-token: write
actions: write
test_flavors_oci:
needs: determine_test_settings
name: Test OCI flavors
uses: ./.github/workflows/test_flavor_oci.yml
if: ${{ needs.determine_test_settings.outputs.oci_flavors_tests == 'true' }}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.determine_test_settings.outputs.oci_flavors_matrix) }}
with:
arch: ${{ matrix.arch }}
flavor: ${{ matrix.flavor }}
permissions:
actions: write
## test-ng end
test_report:
needs:
- test_flavors_chroot
- test_flavors_oci
- test_flavors_qemu
- test_flavors_cloud
name: Generate Test Report
if: always()
uses: ./.github/workflows/test_report.yml
permissions:
actions: write
checks: write
with:
test_jobs: "test_flavors_chroot,test_flavors_oci,test_flavors_qemu,test_flavors_cloud"
================================================
FILE: .github/workflows/upload_to_github_release.yml
================================================
name: upload to S3
on:
workflow_call:
inputs:
commit_id:
type: string
required: true
version:
type: string
required: true
flavors_matrix:
type: string
required: true
run_id:
type: string
required: true
release_id:
type: string
required: true
with_certs:
type: boolean
default: false
compatibility_flags:
description: 'Flags to activate compatibility modes'
type: string
default: ''
secrets:
aws_role:
required: true
aws_session:
required: true
aws_region:
required: true
aws_s3_bucket:
required: true
env:
GL_COMPATIBILITY_FLAGS: ${{ inputs.compatibility_flags }}
jobs:
upload_to_github_release:
name: Upload artifacts to a GitHub release
runs-on: ubuntu-24.04
defaults:
run:
shell: bash
env:
CNAME: ""
GL_ALLOW_MULTIPLE_PLATFORMS: "1"
permissions:
id-token: write
contents: write
environment: oidc_aws_s3_upload
strategy:
fail-fast: false
matrix: ${{ fromJson(inputs.flavors_matrix) }}
max-parallel: 8
steps:
- if: ${{ contains(inputs.compatibility_flags, 'full_checkout') }}
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.commit_id }}
submodules: true
- name: Install python-gardenlinux-lib
uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@3e2802f425fd877c5b632094fb6ce71f5334b567 # pin@0.10.20
- uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@v4
with:
role-to-assume: ${{ secrets.aws_role }}
role-session-name: ${{ secrets.aws_session }}
aws-region: ${{ secrets.aws_region }}
role-duration-seconds: 14400 # 4 hours
- name: Set CNAME
run: |
echo "CNAME=$(gl-features-parse --cname ${{ matrix.flavor }} --arch ${{ matrix.arch }} --version ${{ inputs.version }} --commit ${{ inputs.commit_id }} cname)" | tee -a "$GITHUB_ENV"
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: build-${{ matrix.flavor }}-${{ matrix.arch }}
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
- name: Load test artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
pattern: "*-+(test|testng)-${{ env.CNAME }}"
merge-multiple: true
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
path: log/
- if: ${{ inputs.with_certs }}
name: Load certs artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # pin@v8.0.1
with:
name: certs
github-token: ${{ github.token }}
run-id: ${{ inputs.run_id }}
path: cert/
- name: Prepare upload artifacts
run: |
mkdir -p "$CNAME"
gunzip "$CNA
gitextract_ps9zllez/ ├── .dockerignore ├── .flake8 ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ ├── bug_report.yml │ │ └── enhancement_request.yml │ ├── dependabot.yml │ ├── labeler.yml │ ├── pull_request_template.md │ ├── release.yml │ └── workflows/ │ ├── README.md │ ├── build.yml │ ├── build_bare_flavor.yml │ ├── build_flavor.yml │ ├── build_flavors_matrix.yml │ ├── build_kmodbuild_container.yml │ ├── build_lima_yaml_container.yml │ ├── build_requirements.yml │ ├── build_tests.yml │ ├── check_adr_numbering.yml │ ├── cloud_test_cleanup.yml │ ├── cpe.yml │ ├── dev.yml │ ├── dev_tests.yml │ ├── differential-shellcheck.yml │ ├── download_flavor_version_data.yml │ ├── download_flavors_images.yml │ ├── download_workflow_data.yml │ ├── format_diff.py │ ├── generate_diff.sh │ ├── get_workflow_infos.yml │ ├── github.mjs │ ├── github_rerun_workflow.yml │ ├── labeler.yml │ ├── manual_gh_release_page.yml │ ├── manual_release.yml │ ├── manual_tag_latest_container.yml │ ├── manual_tests.yml │ ├── nightly.yml │ ├── publish.yml │ ├── publish_kmodbuild_container.yml │ ├── publish_oci_containers.yml │ ├── publish_s3.yml │ ├── reproducable_test.yml │ ├── tag_latest_container.yml │ ├── test_flavor_chroot.yml │ ├── test_flavor_cloud.yml │ ├── test_flavor_oci.yml │ ├── test_flavor_qemu.yml │ ├── test_report.yml │ ├── test_update_python_runtime.yml │ ├── tests.yml │ ├── upload_to_github_release.yml │ └── upload_to_s3.yml ├── .gitignore ├── CODEOWNERS ├── CONTRIBUTING.md ├── Containerfile.lima-manifest ├── LICENSE.md ├── LICENSES/ │ ├── Apache-2.0.txt │ ├── CC-BY-4.0.txt │ ├── LGPL-2.1-or-later.txt │ └── MIT.txt ├── Makefile ├── Pipfile ├── README.md ├── REUSE.toml ├── SCOPE.md ├── SECURITY.md ├── VERSION.md ├── bare_flavors/ │ ├── libc/ │ │ ├── base │ │ ├── dpkg_include │ │ ├── include │ │ ├── mode │ │ ├── target │ │ └── test/ │ │ ├── Containerfile │ │ └── test.c │ ├── nodejs/ │ │ ├── base │ │ ├── include │ │ ├── mode │ │ ├── target │ │ └── test/ │ │ ├── Containerfile │ │ └── test.js │ ├── python/ │ │ ├── base │ │ ├── include │ │ ├── mode │ │ ├── target │ │ └── test/ │ │ ├── Containerfile │ │ └── test.py │ └── sapmachine/ │ ├── base │ ├── mode │ ├── target │ └── test/ │ ├── Containerfile │ └── Test.java ├── bin/ │ ├── .constants.sh │ ├── .dpkg-arch.sh │ ├── .fix-apt-comments.sh │ ├── .tar-exclude │ ├── README.md │ ├── check-pkgs-availability.py │ ├── check-pkgs-pipelines.py │ ├── find-build-container-for │ ├── garden-chroot │ ├── garden-debian-sources-list │ ├── garden-version │ ├── generate-lima-yaml.py │ ├── get_arch.sh │ ├── get_filename │ ├── gl-flavors-parse │ ├── glrd │ ├── inject-sshkey │ ├── make-ali-ami │ ├── make-gcp-ami │ ├── make-vhd │ ├── shrink.sh │ ├── start-vm │ ├── upload-openstack │ ├── urlescape │ └── uuid_hash ├── build ├── build_bare_flavors ├── cert/ │ ├── Containerfile │ ├── Makefile │ ├── README.md │ ├── build │ ├── gardenlinux-nightly-intermediate-ca.chain │ ├── gardenlinux-nightly-intermediate-ca.conf │ ├── gardenlinux-nightly-intermediate-ca.crt │ ├── gardenlinux-nightly-kernel-sign.chain │ ├── gardenlinux-nightly-kernel-sign.conf │ ├── gardenlinux-nightly-kernel-sign.crt │ ├── gardenlinux-nightly-oci-sign.chain │ ├── gardenlinux-nightly-oci-sign.conf │ ├── gardenlinux-nightly-oci-sign.crt │ ├── gardenlinux-nightly-root-ca.conf │ ├── gardenlinux-nightly-root-ca.crt │ ├── gardenlinux-nightly-secureboot.aws-efivars │ ├── gardenlinux-nightly-secureboot.db.auth │ ├── gardenlinux-nightly-secureboot.db.chain │ ├── gardenlinux-nightly-secureboot.db.conf │ ├── gardenlinux-nightly-secureboot.db.crt │ ├── gardenlinux-nightly-secureboot.db.der │ ├── gardenlinux-nightly-secureboot.kek.auth │ ├── gardenlinux-nightly-secureboot.kek.chain │ ├── gardenlinux-nightly-secureboot.kek.conf │ ├── gardenlinux-nightly-secureboot.kek.crt │ ├── gardenlinux-nightly-secureboot.kek.der │ ├── gardenlinux-nightly-secureboot.null.pk.auth │ ├── gardenlinux-nightly-secureboot.pk.auth │ ├── gardenlinux-nightly-secureboot.pk.chain │ ├── gardenlinux-nightly-secureboot.pk.conf │ ├── gardenlinux-nightly-secureboot.pk.crt │ ├── gardenlinux-nightly-secureboot.pk.der │ ├── gardenlinux-nightly-tpm-sign.chain │ ├── gardenlinux-nightly-tpm-sign.conf │ ├── gardenlinux-nightly-tpm-sign.crt │ ├── gardenlinux-release-intermediate-ca.chain │ ├── gardenlinux-release-intermediate-ca.conf │ ├── gardenlinux-release-intermediate-ca.crt │ ├── gardenlinux-release-kernel-sign.chain │ ├── gardenlinux-release-kernel-sign.conf │ ├── gardenlinux-release-kernel-sign.crt │ ├── gardenlinux-release-oci-sign.chain │ ├── gardenlinux-release-oci-sign.conf │ ├── gardenlinux-release-oci-sign.crt │ ├── gardenlinux-release-repo-sign.crt │ ├── gardenlinux-release-repo-sign.pub │ ├── gardenlinux-release-root-ca.conf │ ├── gardenlinux-release-root-ca.crt │ ├── gardenlinux-release-secureboot.aws-efivars │ ├── gardenlinux-release-secureboot.db.auth │ ├── gardenlinux-release-secureboot.db.chain │ ├── gardenlinux-release-secureboot.db.conf │ ├── gardenlinux-release-secureboot.db.crt │ ├── gardenlinux-release-secureboot.db.der │ ├── gardenlinux-release-secureboot.kek.auth │ ├── gardenlinux-release-secureboot.kek.chain │ ├── gardenlinux-release-secureboot.kek.conf │ ├── gardenlinux-release-secureboot.kek.crt │ ├── gardenlinux-release-secureboot.kek.der │ ├── gardenlinux-release-secureboot.null.pk.auth │ ├── gardenlinux-release-secureboot.pk.auth │ ├── gardenlinux-release-secureboot.pk.chain │ ├── gardenlinux-release-secureboot.pk.conf │ ├── gardenlinux-release-secureboot.pk.crt │ ├── gardenlinux-release-secureboot.pk.der │ ├── gardenlinux-release-tpm-sign.chain │ ├── gardenlinux-release-tpm-sign.conf │ ├── gardenlinux-release-tpm-sign.crt │ ├── gardenlinux.io.conf │ ├── gardenlinux.io.conf.ext │ ├── gencert │ ├── genefiauth │ ├── gengpg │ ├── gpg.conf │ ├── intermediate-ca.conf │ ├── kernel-sign.conf │ ├── keyring.gpg │ ├── oci-sign.conf │ ├── root-ca.conf │ ├── secureboot.db.conf │ ├── secureboot.kek.conf │ ├── secureboot.pk.conf │ └── tpm-sign.conf ├── checksums.sha256 ├── docs/ │ ├── 00_introduction/ │ │ ├── README.md │ │ ├── kernel.md │ │ ├── motivation.md │ │ ├── package-pipeline.md │ │ └── release.md │ ├── 01_developers/ │ │ ├── README.md │ │ ├── bare_container.md │ │ ├── build_image.md │ │ ├── build_image_openstack.md │ │ ├── build_packages.md │ │ ├── contributing.md │ │ ├── github_pipelines.md │ │ ├── test_image.md │ │ ├── troubleshooting/ │ │ │ ├── README.md │ │ │ └── package-linux/ │ │ │ ├── README.md │ │ │ ├── build-fails-in-binary-phase-c-header-not-found.md │ │ │ └── build-fails-in-source-phase-patch-is-rejected.md │ │ └── vmware-ova.md │ ├── 02_operators/ │ │ ├── README.md │ │ ├── apt_repo.md │ │ ├── deployment/ │ │ │ ├── aws-secureboot.md │ │ │ ├── gcp-secureboot.md │ │ │ ├── install-non-default.md │ │ │ └── ipxe-install.md │ │ ├── gardener-kernel-restart.md │ │ ├── lima-vm.md │ │ ├── local-k8s-lima.md │ │ ├── ssh-hardening.md │ │ └── time-configuration.md │ ├── README.md │ ├── architecture/ │ │ └── decisions/ │ │ ├── 0001-record-architecture-decisions.md │ │ ├── 0002-dists-can-never-change-retroactively.md │ │ ├── 0003-builder-updates-dependabot.md │ │ ├── 0004-vendoring-go-dependencies.md │ │ ├── 0005-secure-boot-keys-glci.md │ │ ├── 0006-new-test-framework-in-place-self-contained-test-execution.md │ │ ├── 0007-non-invasive-read-only-testing.md │ │ ├── 0008-unified-and-declarative-test-logic.md │ │ ├── 0009-flexible-distribution-and-reporting.md │ │ ├── 0010-incremental-migration-and-coexistence-of-tests.md │ │ ├── 0011-garden-linux-versioning.md │ │ ├── 0012-remove-firecracker-feature.md │ │ ├── 0013-discontinue-packages-musthave-tests.md │ │ ├── 0014-enforce-pr-references-in-commits.md │ │ ├── 0015-no-backports-from-stable.md │ │ ├── 0016-minimal-host-dependencies-for-test-ng.md │ │ ├── 0017-feature-cis-to-retain-shell-scripts.md │ │ ├── 0018-revert-0003-builder-updates-dependabot.md │ │ ├── 0019-standardize-on-systemd-timers.md │ │ ├── 0020-enforce-single-platform-by-default-in-builder.md │ │ ├── 0021-use-of-tiger-tool-in-tests-ng.md │ │ ├── 0022-test-ng-system-state-diffing.md │ │ ├── 0023-lima-image-download.md │ │ ├── 0024-promote-lima-image-to-official.md │ │ ├── 0025-disable-debsums-tests.md │ │ ├── 0026-test-ng-when-to-parsers.md │ │ ├── 0027-no-systemd-rc.md │ │ ├── 0028-pin-actions-to-sha.md │ │ ├── 0029-cis-selinux-permissive.md │ │ ├── 0030-python-gardenlinux-lib.md │ │ ├── 0031-builder-glci-interface.md │ │ ├── 0032-static-feature-test-coverage-analysis.md │ │ ├── 0033-retention-policy-for-gardener-cloud-images.md │ │ └── README.md │ └── boot_modes.md ├── examples/ │ ├── ignition/ │ │ ├── getct.sh │ │ ├── install.sh │ │ └── install.yaml │ ├── ipxe/ │ │ ├── start-vm-ignition.ipxe │ │ └── start-vm.ipxe │ └── ipxe-install/ │ ├── boot.ipxe │ ├── ignition.yaml │ └── install.yaml ├── features/ │ ├── README.md │ ├── _bfpxe/ │ │ ├── exec.config │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ └── dracut.conf.d/ │ │ │ │ └── 20-gl-live.conf │ │ │ └── usr/ │ │ │ └── lib/ │ │ │ └── dracut/ │ │ │ └── modules.d/ │ │ │ └── 98gardenlinux-live/ │ │ │ ├── any.conf │ │ │ ├── cleanup.sh │ │ │ ├── gl-end.service │ │ │ ├── is-live-image.sh │ │ │ ├── live-get-squashfs.sh │ │ │ ├── live-overlay-setup.sh │ │ │ ├── live-sysroot-generator.sh │ │ │ ├── module-setup.sh │ │ │ └── squash-mount-generator.sh │ │ ├── info.yaml │ │ └── pkg.include │ ├── _build/ │ │ ├── README.md │ │ ├── TODO │ │ └── info.yaml │ ├── _curl/ │ │ ├── info.yaml │ │ └── pkg.include │ ├── _debug/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── debugbox.conf │ │ │ │ └── systemd/ │ │ │ │ └── system/ │ │ │ │ ├── setup-debugbox-ssh.service │ │ │ │ └── ssh-container.service │ │ │ └── usr/ │ │ │ └── sbin/ │ │ │ └── setup-debugbox-ssh │ │ ├── info.yaml │ │ └── pkg.include │ ├── _dev/ │ │ ├── README.md │ │ ├── exec.late │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ ├── emergency.service.d/ │ │ │ │ └── sulogin.conf │ │ │ ├── getty@tty1.service.d/ │ │ │ │ └── autologin.conf │ │ │ ├── rescue.service.d/ │ │ │ │ └── sulogin.conf │ │ │ └── serial-getty@.service.d/ │ │ │ └── autologin.conf │ │ ├── info.yaml │ │ └── pkg.include │ ├── _ephemeral/ │ │ ├── info.yaml │ │ ├── initrd.include/ │ │ │ └── etc/ │ │ │ ├── repart.d/ │ │ │ │ └── 10-var.conf │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ ├── ephemeral-cryptsetup.service │ │ │ └── sysroot-var.mount │ │ └── initrd.include.markers.yaml │ ├── _fips/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── exec.late │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── dracut.conf.d/ │ │ │ │ └── 10-fips.conf │ │ │ ├── gcrypt/ │ │ │ │ └── fips_enabled │ │ │ ├── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ └── 30-fips.cfg │ │ │ ├── system-fips │ │ │ └── update-motd.d/ │ │ │ └── 06-logo │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── _fwcfg/ │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ └── systemd/ │ │ │ │ └── system/ │ │ │ │ └── qemu-fw_cfg-script.service │ │ │ └── usr/ │ │ │ └── bin/ │ │ │ └── run-qemu-fw_cfg-script │ │ ├── file.include.markers.yaml │ │ └── info.yaml │ ├── _ignite/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ └── dracut.conf.d/ │ │ │ │ └── 30-ignition.conf │ │ │ └── usr/ │ │ │ └── lib/ │ │ │ └── dracut/ │ │ │ └── modules.d/ │ │ │ └── 30ignition-extra/ │ │ │ ├── after-net-online.conf │ │ │ ├── ignition-env-generator.sh │ │ │ ├── ignition-files.env │ │ │ └── module-setup.sh │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── _initrdDebug/ │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── kernel/ │ │ │ └── cmdline.d/ │ │ │ └── ~~-rd-break.cfg │ │ ├── info.yaml │ │ └── initrd.include/ │ │ └── etc/ │ │ └── passwd │ ├── _iso/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ └── systemd/ │ │ │ │ └── system/ │ │ │ │ ├── getty@tty1.service.d/ │ │ │ │ │ └── autologin.conf │ │ │ │ └── serial-getty@.service.d/ │ │ │ │ └── autologin.conf │ │ │ └── opt/ │ │ │ └── install/ │ │ │ ├── install.fstab │ │ │ ├── install.part │ │ │ └── install.sh │ │ ├── file.include.markers.yaml │ │ ├── image.iso │ │ ├── info.yaml │ │ └── pkg.include │ ├── _kdump/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── kernel/ │ │ │ │ │ └── cmdline.d/ │ │ │ │ │ └── 90-crashkernel.cfg │ │ │ │ └── systemd/ │ │ │ │ └── system/ │ │ │ │ └── kdump-tools.service.d/ │ │ │ │ └── override.conf │ │ │ └── usr/ │ │ │ └── local/ │ │ │ └── sbin/ │ │ │ └── prepare-initrd-kdump │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── _legacy/ │ │ ├── exec.late │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ └── usr/ │ │ │ └── local/ │ │ │ └── sbin/ │ │ │ ├── update-bootloaders │ │ │ ├── update-kernel-cmdline │ │ │ └── update-syslinux │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── _nocrypt/ │ │ ├── info.yaml │ │ ├── initrd.include/ │ │ │ └── etc/ │ │ │ ├── repart.d/ │ │ │ │ └── 10-var.conf │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── sysroot-var.mount │ │ └── initrd.include.markers.yaml │ ├── _nopkg/ │ │ ├── README.md │ │ └── info.yaml │ ├── _oci/ │ │ ├── README.md │ │ ├── image │ │ └── info.yaml │ ├── _prod/ │ │ ├── README.md │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── security/ │ │ │ │ └── limits.conf │ │ │ ├── sysctl.d/ │ │ │ │ └── 99-disable-core-dump.conf │ │ │ └── systemd/ │ │ │ └── coredump.conf.d/ │ │ │ └── disable_coredump.conf │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.exclude │ ├── _pxe/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── dracut.conf.d/ │ │ │ │ │ ├── 20-gl-live.conf │ │ │ │ │ └── 30-omit-cdc-ether.conf │ │ │ │ └── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ └── 80-pxe.cfg │ │ │ └── usr/ │ │ │ └── lib/ │ │ │ └── dracut/ │ │ │ └── modules.d/ │ │ │ └── 98gardenlinux-live/ │ │ │ ├── 99-any.conf │ │ │ ├── cleanup.sh │ │ │ ├── gl-end.service │ │ │ ├── is-live-image.sh │ │ │ ├── live-get-squashfs.sh │ │ │ ├── live-overlay-setup.sh │ │ │ ├── live-sysroot-generator.sh │ │ │ ├── module-setup.sh │ │ │ └── squash-mount-generator.sh │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── _selinux/ │ │ ├── README.md │ │ ├── exec.post │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── kernel/ │ │ │ └── cmdline.d/ │ │ │ └── 90-lsm.cfg │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── _slim/ │ │ ├── README.md │ │ ├── exec.late │ │ ├── file.exclude │ │ └── info.yaml │ ├── _tpm2/ │ │ ├── info.yaml │ │ ├── initrd.include/ │ │ │ ├── etc/ │ │ │ │ ├── repart.d/ │ │ │ │ │ └── 10-var.conf │ │ │ │ └── systemd/ │ │ │ │ └── system/ │ │ │ │ ├── check-tpm.service │ │ │ │ ├── sysroot-var.mount │ │ │ │ ├── systemd-cryptsetup-var.service │ │ │ │ └── tpm2-measure.service │ │ │ └── usr/ │ │ │ └── bin/ │ │ │ ├── check-tpm │ │ │ └── measure-pcr7 │ │ ├── initrd.include.markers.yaml │ │ └── requirements.mod │ ├── _trustedboot/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── kernel/ │ │ │ └── cmdline.d/ │ │ │ └── 99-no-rd-shell.cfg │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ ├── initrd.include/ │ │ │ ├── etc/ │ │ │ │ └── systemd/ │ │ │ │ └── system/ │ │ │ │ ├── check-secureboot.service │ │ │ │ └── emergency.service │ │ │ └── usr/ │ │ │ └── bin/ │ │ │ └── check-secureboot │ │ ├── initrd.include.markers.yaml │ │ ├── requirements.mod │ │ └── usi.config │ ├── _unsigned/ │ │ ├── info.yaml │ │ └── usi.config │ ├── _usi/ │ │ ├── exec.config │ │ ├── exec.post │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── kernel/ │ │ │ │ │ └── cmdline.d/ │ │ │ │ │ └── 99-no-gpt-auto.cfg │ │ │ │ └── update-motd.d/ │ │ │ │ └── 25-secureboot │ │ │ └── usr/ │ │ │ ├── local/ │ │ │ │ └── sbin/ │ │ │ │ └── update-kernel-cmdline │ │ │ └── sbin/ │ │ │ └── enroll-gardenlinux-secureboot-keys │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ ├── initrd.include/ │ │ │ ├── etc/ │ │ │ │ ├── repart.d/ │ │ │ │ │ └── 00-efi.conf │ │ │ │ └── systemd/ │ │ │ │ ├── system/ │ │ │ │ │ ├── sysroot-etc.mount │ │ │ │ │ ├── sysroot-home.mount │ │ │ │ │ ├── sysroot-opt.mount │ │ │ │ │ ├── sysroot-root.mount │ │ │ │ │ └── sysroot.mount │ │ │ │ └── system-generators/ │ │ │ │ └── detect-disk-by-efivars │ │ │ └── usr/ │ │ │ └── bin/ │ │ │ └── repart-esp-disk │ │ ├── initrd.include.markers.yaml │ │ ├── pkg.include │ │ └── requirements.mod │ ├── aide/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ └── systemd/ │ │ │ │ └── system/ │ │ │ │ ├── aide-check.service │ │ │ │ ├── aide-check.timer │ │ │ │ └── aide-init.service │ │ │ └── usr/ │ │ │ └── local/ │ │ │ └── sbin/ │ │ │ └── aide-init-onboot.sh │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── ali/ │ │ ├── README.md │ │ ├── convert.qcow2 │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── cloud/ │ │ │ │ └── cloud.cfg.d/ │ │ │ │ ├── 01_debian-cloud.cfg │ │ │ │ └── 99_disable-network-config.cfg │ │ │ ├── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ └── 10-console.cfg │ │ │ └── systemd/ │ │ │ ├── resolved.conf.d/ │ │ │ │ └── 00-gardenlinux-ali.conf │ │ │ └── timesyncd.conf.d/ │ │ │ └── 00-gardenlinux-ali.conf │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── aws/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── cloud/ │ │ │ │ │ └── cloud.cfg.d/ │ │ │ │ │ ├── 01_debian-cloud.cfg │ │ │ │ │ └── 99_disable-network-config.cfg │ │ │ │ ├── dracut.conf.d/ │ │ │ │ │ └── 90-xen-blkfront-driver.conf │ │ │ │ ├── kernel/ │ │ │ │ │ └── cmdline.d/ │ │ │ │ │ ├── 10-console.cfg │ │ │ │ │ └── 70-nvme.cfg │ │ │ │ └── systemd/ │ │ │ │ ├── resolved.conf.d/ │ │ │ │ │ └── 00-gardenlinux-aws.conf │ │ │ │ ├── system/ │ │ │ │ │ ├── aws-clocksource.service │ │ │ │ │ └── cloud-init-local.service.d/ │ │ │ │ │ └── override.conf │ │ │ │ └── timesyncd.conf.d/ │ │ │ │ └── 00-gardenlinux-aws.conf │ │ │ └── usr/ │ │ │ └── local/ │ │ │ └── sbin/ │ │ │ └── clocksource-setup.sh │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── azure/ │ │ ├── README.md │ │ ├── convert.vhd │ │ ├── exec.config │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── chrony/ │ │ │ │ └── chrony.conf │ │ │ ├── cloud/ │ │ │ │ └── cloud.cfg.d/ │ │ │ │ └── 01_debian-cloud.cfg │ │ │ ├── dracut.conf.d/ │ │ │ │ └── 67-azure-nvme-modules.conf │ │ │ ├── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ ├── 10-console.cfg │ │ │ │ └── 45-nvme-timeout.cfg │ │ │ ├── systemd/ │ │ │ │ ├── 99-azure-unmanaged-devices.network │ │ │ │ ├── system/ │ │ │ │ │ └── chronyd.service.d/ │ │ │ │ │ └── 10-after_dev-ptp_hyperv.device.conf │ │ │ │ └── system-preset/ │ │ │ │ └── 00-chrony-disable.preset │ │ │ └── udev/ │ │ │ └── rules.d/ │ │ │ ├── 60-hyperv-ptp.rules │ │ │ ├── 66-azure-storage.rules │ │ │ └── 99-azure-product-uuid.rules │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ ├── pkg.exclude │ │ └── pkg.include │ ├── baremetal/ │ │ └── info.yaml │ ├── base/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── exec.post │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── apt/ │ │ │ │ │ ├── apt.conf.d/ │ │ │ │ │ │ ├── autoclean │ │ │ │ │ │ ├── gzip-indexes │ │ │ │ │ │ ├── no-caches │ │ │ │ │ │ ├── no-languages │ │ │ │ │ │ ├── no-recommends │ │ │ │ │ │ └── no-suggests │ │ │ │ │ └── preferences.d/ │ │ │ │ │ └── gardenlinux │ │ │ │ ├── dpkg/ │ │ │ │ │ ├── dpkg.cfg.d/ │ │ │ │ │ │ ├── forceold │ │ │ │ │ │ └── speedup │ │ │ │ │ └── origins/ │ │ │ │ │ └── gardenlinux │ │ │ │ ├── sysctl.d/ │ │ │ │ │ └── 10-disable-sysrq.conf │ │ │ │ ├── ucf.conf │ │ │ │ └── veritytab │ │ │ └── var/ │ │ │ └── www/ │ │ │ └── .gitignore │ │ ├── file.include.markers.yaml │ │ ├── fstab │ │ ├── info.yaml │ │ ├── pkg.exclude │ │ └── pkg.include │ ├── bluefield/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── dracut.conf.d/ │ │ │ │ │ └── 90-virtio-console.conf │ │ │ │ ├── kernel/ │ │ │ │ │ ├── cmdline.d/ │ │ │ │ │ │ ├── 00-default.cfg │ │ │ │ │ │ └── 10-console.cfg │ │ │ │ │ ├── entry-token │ │ │ │ │ └── postinst.d/ │ │ │ │ │ ├── 00-kernel-cmdline │ │ │ │ │ └── 00-ucode │ │ │ │ ├── systemd/ │ │ │ │ │ └── system/ │ │ │ │ │ ├── getty@tty1.service.d/ │ │ │ │ │ │ └── autologin.conf │ │ │ │ │ └── serial-getty@.service.d/ │ │ │ │ │ └── autologin.conf │ │ │ │ └── udev/ │ │ │ │ └── rules.d/ │ │ │ │ ├── 69-nostbyrot.rules │ │ │ │ └── 71-intellldp.rules │ │ │ ├── opt/ │ │ │ │ └── persist/ │ │ │ │ ├── install.fstab │ │ │ │ ├── install.part │ │ │ │ └── install.sh │ │ │ └── usr/ │ │ │ └── sbin/ │ │ │ └── update-usbids │ │ ├── hack/ │ │ │ ├── Dockerfile │ │ │ ├── defaults │ │ │ ├── mlx-trio │ │ │ ├── mlxbf-livefish │ │ │ ├── mlxbf-pka │ │ │ ├── mlxbf-pka.d/ │ │ │ │ └── class_create.patch │ │ │ ├── mlxbf-ptm │ │ │ ├── packages/ │ │ │ │ └── .placeholder │ │ │ └── pwr-mlxbf │ │ ├── info.yaml │ │ └── pkg.include │ ├── capi/ │ │ ├── README.md │ │ ├── info.yaml │ │ ├── pkg.exclude │ │ └── pkg.include │ ├── checkbox/ │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── kernel/ │ │ │ │ │ └── cmdline.iso │ │ │ │ └── systemd/ │ │ │ │ ├── journald.conf.d/ │ │ │ │ │ └── 10-logs.conf │ │ │ │ ├── system/ │ │ │ │ │ └── generate-report.service │ │ │ │ └── system.conf.d/ │ │ │ │ └── 10-dmesg.conf │ │ │ └── usr/ │ │ │ ├── lib/ │ │ │ │ └── checkbox-provider-base/ │ │ │ │ └── bin/ │ │ │ │ ├── dmesg_colored.sh │ │ │ │ ├── hw_encrypt_check.sh │ │ │ │ ├── tpm_check.sh │ │ │ │ └── virtualization_disabled.sh │ │ │ ├── local/ │ │ │ │ └── bin/ │ │ │ │ └── generate-report.sh │ │ │ └── share/ │ │ │ └── checkbox-provider-base/ │ │ │ └── units/ │ │ │ └── gardenlinux/ │ │ │ ├── category.pxu │ │ │ ├── jobs.pxu │ │ │ ├── manifest.pxu │ │ │ └── test-plan.pxu │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── chost/ │ │ ├── README.md │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── containerd/ │ │ │ │ └── config.toml │ │ │ ├── crictl.yaml │ │ │ ├── modprobe.d/ │ │ │ │ └── overlayfs.conf │ │ │ ├── modules-load.d/ │ │ │ │ ├── br_netfilter.conf │ │ │ │ ├── ip_tables.conf │ │ │ │ └── overlay.conf │ │ │ ├── sysctl.d/ │ │ │ │ ├── ip-forward.conf │ │ │ │ └── nf-call-iptables.conf │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── containerd.service.d/ │ │ │ └── override.conf │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── cis/ │ │ ├── README.md │ │ ├── exec.config │ │ └── info.yaml │ ├── cisAudit/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── audit/ │ │ │ │ └── rules.d/ │ │ │ │ └── 99-cis.rules │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── audit-rules.service.d/ │ │ │ └── override.conf │ │ ├── file.include.markers.yaml │ │ └── info.yaml │ ├── cisModprobe/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── modprobe.d/ │ │ │ ├── cramfs.conf │ │ │ ├── dccp.conf │ │ │ ├── freevxfs.conf │ │ │ ├── jffs2.conf │ │ │ ├── rds.conf │ │ │ ├── sctp.conf │ │ │ ├── squashfs.conf │ │ │ ├── tipc.conf │ │ │ └── udf.conf │ │ ├── file.include.markers.yaml │ │ └── info.yaml │ ├── cisOS/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── kernel/ │ │ │ │ │ ├── cmdline.d/ │ │ │ │ │ │ ├── 10-audit-proc.cfg │ │ │ │ │ │ └── 20-audit-backlog.cfg │ │ │ │ │ ├── postinst.d/ │ │ │ │ │ │ ├── zz-kernel-cmdline │ │ │ │ │ │ ├── zz-kernel-install │ │ │ │ │ │ └── zz-update-syslinux │ │ │ │ │ └── postrm.d/ │ │ │ │ │ ├── zz-kernel-remove │ │ │ │ │ └── zz-update-syslinux │ │ │ │ ├── logrotate.d/ │ │ │ │ │ ├── btmp │ │ │ │ │ └── wtmp │ │ │ │ ├── pam.d/ │ │ │ │ │ ├── common-account │ │ │ │ │ └── common-auth │ │ │ │ ├── security/ │ │ │ │ │ └── limits.conf │ │ │ │ ├── selinux/ │ │ │ │ │ └── config │ │ │ │ └── sysstat/ │ │ │ │ └── sysstat │ │ │ └── usr/ │ │ │ └── lib/ │ │ │ └── tmpfiles.d/ │ │ │ └── var.conf │ │ ├── file.include.markers.yaml │ │ └── info.yaml │ ├── cisPackages/ │ │ ├── README.md │ │ ├── info.yaml │ │ └── pkg.include │ ├── cisPartition/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── tmp.mount │ │ ├── file.include.markers.yaml │ │ ├── fstab │ │ └── info.yaml │ ├── cisSshd/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── firewall/ │ │ │ │ ├── ipv4_flush.sh │ │ │ │ ├── ipv4_gl_default.conf │ │ │ │ ├── ipv6_flush.sh │ │ │ │ └── ipv6_gl_default.conf │ │ │ ├── ssh/ │ │ │ │ └── sshd-banner │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ ├── gardenlinux-fw-ipv4.service │ │ │ └── gardenlinux-fw-ipv6.service │ │ ├── file.include.markers.yaml │ │ └── info.yaml │ ├── cisSysctl/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── sysctl.d/ │ │ │ └── 99-cis.conf │ │ ├── file.include.markers.yaml │ │ └── info.yaml │ ├── clamav/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── var/ │ │ │ └── spool/ │ │ │ └── cron/ │ │ │ └── crontabs/ │ │ │ └── root │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── cloud/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── kernel/ │ │ │ │ ├── cmdline.d/ │ │ │ │ │ ├── 00-default.cfg │ │ │ │ │ ├── 40-enable-swap-cgroup-accounting.cfg │ │ │ │ │ └── 60-timeout.cfg │ │ │ │ ├── entry-token │ │ │ │ ├── postinst.d/ │ │ │ │ │ ├── 00-kernel-cmdline │ │ │ │ │ └── zz-update-syslinux │ │ │ │ └── postrm.d/ │ │ │ │ └── zz-update-syslinux │ │ │ ├── modprobe.d/ │ │ │ │ ├── disabled_firewire.conf │ │ │ │ ├── disabled_fs.conf │ │ │ │ ├── disabled_net.conf │ │ │ │ ├── disabled_udf.conf │ │ │ │ └── disabled_usb.conf │ │ │ ├── profile.d/ │ │ │ │ └── 50-autologout.sh │ │ │ ├── repart.d/ │ │ │ │ └── root.conf │ │ │ ├── sysctl.d/ │ │ │ │ ├── 20-cloud.conf │ │ │ │ ├── 21-ipv4-settings.conf │ │ │ │ └── 22-ipv6-settings.conf │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── rngd.service.d/ │ │ │ └── architecture.conf │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── container/ │ │ ├── README.md │ │ ├── image.oci │ │ └── info.yaml │ ├── disaSTIGlow/ │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── audit/ │ │ │ │ └── auditd.conf │ │ │ ├── security/ │ │ │ │ ├── faillock.conf │ │ │ │ ├── limits.conf │ │ │ │ └── pwquality.conf │ │ │ └── sysctl.d/ │ │ │ └── 99-disaSTIG.conf │ │ ├── file.include.markers.yaml │ │ └── info.yaml │ ├── fedramp/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── chrony/ │ │ │ │ └── chrony.conf │ │ │ ├── firewall/ │ │ │ │ ├── ipv4_flush.sh │ │ │ │ ├── ipv4_gl_default.conf │ │ │ │ ├── ipv6_flush.sh │ │ │ │ └── ipv6_gl_default.conf │ │ │ ├── issue.net │ │ │ ├── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ ├── 30-fips.cfg │ │ │ │ └── 90-lsm.cfg │ │ │ ├── security/ │ │ │ │ └── limits.conf │ │ │ ├── ssh/ │ │ │ │ └── sshd_config │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ ├── gardenlinux-fw-ipv4.service │ │ │ └── gardenlinux-fw-ipv6.service │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ ├── pkg.exclude │ │ └── pkg.include │ ├── firewall/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── nft.d/ │ │ │ └── default.conf │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── gardener/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ └── 90-lsm.cfg │ │ │ ├── modules-load.d/ │ │ │ │ └── ipvs.conf │ │ │ ├── sysctl.d/ │ │ │ │ └── 40-allow-nonroot-dmesg.conf │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── containerd.service.d/ │ │ │ └── override.conf │ │ ├── file.include.markers.yaml │ │ ├── fstab.mod │ │ ├── info.yaml │ │ └── pkg.include │ ├── gcp/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── kernel/ │ │ │ │ │ └── cmdline.d/ │ │ │ │ │ ├── 00-cmdline.cfg │ │ │ │ │ └── 10-console.cfg │ │ │ │ └── systemd/ │ │ │ │ └── timesyncd.conf.d/ │ │ │ │ └── 00-gardenlinux-gcp.conf │ │ │ └── usr/ │ │ │ └── lib/ │ │ │ └── udev/ │ │ │ └── rules.d/ │ │ │ └── 64-gce-disk-removal.rules │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ ├── pkg.exclude │ │ └── pkg.include │ ├── gdch/ │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── cloud/ │ │ │ │ └── cloud.cfg.d/ │ │ │ │ └── 91-gdch-system.cfg │ │ │ └── kernel/ │ │ │ └── cmdline.d/ │ │ │ ├── 00-cmdline.cfg │ │ │ └── 10-console.cfg │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ ├── pkg.exclude │ │ └── pkg.include │ ├── glvd/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── update-motd.d/ │ │ │ └── 99-glvd │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── iscsi/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── iscsi/ │ │ │ │ └── initiatorname.iscsi.template │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── iscsi-initiatorname.service │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── khost/ │ │ ├── README.md │ │ ├── exec.late │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── modules-load.d/ │ │ │ │ └── br-nf.conf │ │ │ └── sysctl.d/ │ │ │ ├── 20-br-nf.conf │ │ │ ├── 20-inotify.conf │ │ │ └── 20-ip-forward.conf │ │ ├── file.include.markers.yaml │ │ ├── fstab.mod │ │ ├── info.yaml │ │ ├── pkg.include │ │ └── release.key │ ├── kvm/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ ├── 10-console.cfg │ │ │ │ └── 50-ignition.cfg │ │ │ ├── systemd/ │ │ │ │ └── system/ │ │ │ │ └── ignition-disable.service │ │ │ └── udev/ │ │ │ └── rules.d/ │ │ │ └── 60-onmetal.rules │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── lima/ │ │ ├── README.md │ │ ├── convert.qcow2 │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── kernel/ │ │ │ ├── cmdline.d/ │ │ │ │ ├── 00-default.cfg │ │ │ │ └── 10-console.cfg │ │ │ └── postinst.d/ │ │ │ └── 00-kernel-cmdline │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ ├── pkg.include │ │ └── samples/ │ │ ├── README.md │ │ ├── _images/ │ │ │ └── gardenlinux-2150.yaml │ │ ├── gardenlinux-containerd.yaml │ │ ├── gardenlinux-k8s.yaml │ │ └── gardenlinux-rootless-podman.yaml │ ├── log/ │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── audit/ │ │ │ │ └── rules.d/ │ │ │ │ ├── 10-base-config.rules │ │ │ │ ├── 12-cont-fail.rules │ │ │ │ ├── 12-ignore-error.rules │ │ │ │ └── README │ │ │ ├── rsyslog.conf │ │ │ ├── rsyslog.d/ │ │ │ │ ├── 10-local.conf.disabled │ │ │ │ ├── 20-input.conf │ │ │ │ ├── 21-input-klog.conf.disabled │ │ │ │ ├── 29-input-mark.conf.disabled │ │ │ │ ├── 30-server.conf.disabled │ │ │ │ └── 60-audit-log-service.conf.disabled │ │ │ └── systemd/ │ │ │ └── journald.conf.d/ │ │ │ ├── 10-minimum.conf │ │ │ └── 20-rsyslog.conf │ │ ├── file.include.markers.yaml │ │ ├── file.include.stat │ │ ├── info.yaml │ │ └── pkg.include │ ├── metal/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── kernel/ │ │ │ │ │ ├── cmdline.d/ │ │ │ │ │ │ ├── 00-default.cfg │ │ │ │ │ │ └── 10-console.cfg │ │ │ │ │ ├── entry-token │ │ │ │ │ ├── postinst.d/ │ │ │ │ │ │ ├── 00-kernel-cmdline │ │ │ │ │ │ ├── 00-ucode │ │ │ │ │ │ └── zz-update-syslinux │ │ │ │ │ └── postrm.d/ │ │ │ │ │ └── zz-update-syslinux │ │ │ │ └── udev/ │ │ │ │ └── rules.d/ │ │ │ │ ├── 69-nostbyrot.rules │ │ │ │ └── 71-intellldp.rules │ │ │ └── usr/ │ │ │ └── sbin/ │ │ │ └── update-usbids │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── multipath/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── multipath.conf │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── nodejs/ │ │ ├── info.yaml │ │ └── pkg.include │ ├── nvme/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── nvme-hostid.service │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── openstack/ │ │ ├── convert.qcow2 │ │ ├── convert.vmdk │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── cloud/ │ │ │ ├── cloud.cfg.d/ │ │ │ │ ├── 01_debian-cloud.cfg │ │ │ │ └── 50-datasource.cfg │ │ │ └── ds-identify.cfg │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── openstackCloud/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── cloud/ │ │ │ │ └── cloud.cfg.d/ │ │ │ │ └── 99_disable-network-config.cfg │ │ │ └── kernel/ │ │ │ └── cmdline.d/ │ │ │ └── 10-console.cfg │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── openstackMetal/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── cloud/ │ │ │ │ └── cloud.cfg.d/ │ │ │ │ └── 65-network-config.cfg │ │ │ ├── dracut.conf.d/ │ │ │ │ └── 49-include-bnxt-drivers.conf │ │ │ ├── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ └── 40-enable-swap-cgroup-accounting.cfg │ │ │ ├── modprobe.d/ │ │ │ │ └── 10-disallow-nouveau.conf │ │ │ ├── profile.d/ │ │ │ │ └── 50-autologout.sh │ │ │ ├── repart.d/ │ │ │ │ └── root.conf │ │ │ └── sysctl.d/ │ │ │ └── 20-cloud.conf │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── python/ │ │ ├── info.yaml │ │ └── pkg.include │ ├── pythonDev/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.include/ │ │ │ └── usr/ │ │ │ └── bin/ │ │ │ └── exportLibs.py │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── sap/ │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── audit/ │ │ │ │ │ └── rules.d/ │ │ │ │ │ ├── 70-privilege-escalation.rules │ │ │ │ │ ├── 70-privileged-special.rules │ │ │ │ │ ├── 70-privileged-special.rules.arm64 │ │ │ │ │ └── 70-system-integrity.rules │ │ │ │ ├── issue │ │ │ │ ├── issue.net │ │ │ │ ├── motd │ │ │ │ └── tmpfiles.d/ │ │ │ │ └── legacy.conf │ │ │ └── usr/ │ │ │ └── local/ │ │ │ └── share/ │ │ │ └── ca-certificates/ │ │ │ └── SAP_Global_Root_CA.crt │ │ ├── file.include.markers.yaml │ │ ├── file.include.stat │ │ ├── info.yaml │ │ └── pkg.include │ ├── sapmachine/ │ │ ├── exec.late │ │ ├── info.yaml │ │ ├── pkg.include │ │ └── sapmachine.key │ ├── server/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── exec.early │ │ ├── exec.post │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── dracut.conf.d/ │ │ │ │ │ ├── 25-uefi-stub.conf │ │ │ │ │ └── general.conf │ │ │ │ ├── kernel-img.conf │ │ │ │ ├── locale.conf │ │ │ │ ├── machine-id │ │ │ │ ├── profile.d/ │ │ │ │ │ └── 50-nohistory.sh │ │ │ │ ├── sudoers.d/ │ │ │ │ │ ├── keepssh │ │ │ │ │ └── wheel │ │ │ │ ├── sysctl.d/ │ │ │ │ │ ├── 40-enable-unprivileged-user-namespaces.conf │ │ │ │ │ ├── 40-restrict-dmesg.conf │ │ │ │ │ └── 90-allow-ping-for-non-root-user.conf │ │ │ │ ├── systemd/ │ │ │ │ │ ├── network/ │ │ │ │ │ │ └── 99-default.network │ │ │ │ │ ├── networkd.conf.d/ │ │ │ │ │ │ └── 00-gardenlinux-server.conf │ │ │ │ │ ├── resolved.conf.d/ │ │ │ │ │ │ ├── 00-disable-llmnr.conf │ │ │ │ │ │ └── 01-disable-mdns.conf │ │ │ │ │ ├── system/ │ │ │ │ │ │ ├── kexec-load@.service │ │ │ │ │ │ ├── systemd-coredump@.service.d/ │ │ │ │ │ │ │ └── override.conf │ │ │ │ │ │ ├── systemd-growfs@.service.d/ │ │ │ │ │ │ │ └── override.conf │ │ │ │ │ │ ├── systemd-networkd-wait-online.service.d/ │ │ │ │ │ │ │ └── any.conf │ │ │ │ │ │ ├── systemd-resolved.service.d/ │ │ │ │ │ │ │ └── wait-for-networkd.conf │ │ │ │ │ │ ├── systemd-timesyncd.service.d/ │ │ │ │ │ │ │ └── override.conf │ │ │ │ │ │ └── tmp.mount │ │ │ │ │ └── system.conf.d/ │ │ │ │ │ └── 00-gardenlinux-server.conf │ │ │ │ └── update-motd.d/ │ │ │ │ ├── 05-logo │ │ │ │ ├── 10-hostname │ │ │ │ ├── 20-uname │ │ │ │ ├── 30-load │ │ │ │ ├── 40-free │ │ │ │ ├── 45-line │ │ │ │ ├── 50-network │ │ │ │ ├── 55-line │ │ │ │ ├── 92-unattended-upgrades │ │ │ │ └── 95-needrestart │ │ │ └── usr/ │ │ │ ├── lib/ │ │ │ │ └── systemd/ │ │ │ │ └── system/ │ │ │ │ └── dbus.socket │ │ │ └── share/ │ │ │ └── pam-configs/ │ │ │ ├── garden │ │ │ └── garden-extra │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ ├── pkg.include │ │ └── todo │ ├── ssh/ │ │ ├── README.md │ │ ├── exec.config │ │ ├── file.exclude │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ ├── ssh/ │ │ │ │ ├── ssh_config │ │ │ │ └── sshd_config │ │ │ └── systemd/ │ │ │ ├── system/ │ │ │ │ ├── ssh-keygen.service │ │ │ │ └── ssh-moduli.service │ │ │ └── system-preset/ │ │ │ └── 00-sshsocket-disable.preset │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── sssd/ │ │ ├── README.md │ │ ├── info.yaml │ │ └── pkg.include │ ├── stig/ │ │ ├── exec.config │ │ ├── file.include/ │ │ │ ├── etc/ │ │ │ │ ├── apt/ │ │ │ │ │ └── apt.conf.d/ │ │ │ │ │ └── 01-vendor-Ubuntu │ │ │ │ ├── audit/ │ │ │ │ │ ├── auditd.conf │ │ │ │ │ └── rules.d/ │ │ │ │ │ └── stig.rules │ │ │ │ ├── kernel/ │ │ │ │ │ └── cmdline.d/ │ │ │ │ │ └── 90-audit.cfg │ │ │ │ ├── modprobe.d/ │ │ │ │ │ └── disabled_usb.conf │ │ │ │ ├── pam.d/ │ │ │ │ │ ├── common-auth │ │ │ │ │ └── common-password │ │ │ │ ├── rsyslog.d/ │ │ │ │ │ └── 50-default.conf │ │ │ │ ├── security/ │ │ │ │ │ ├── faillock.conf │ │ │ │ │ ├── limits.conf │ │ │ │ │ └── pwquality.conf │ │ │ │ ├── ssh/ │ │ │ │ │ └── sshd_config │ │ │ │ └── sysctl.d/ │ │ │ │ └── 99-stig.conf │ │ │ └── usr/ │ │ │ └── share/ │ │ │ └── pam-configs/ │ │ │ └── garden-stig │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ ├── stigDev/ │ │ ├── exec.late │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── sudoers.d/ │ │ │ └── user │ │ ├── info.yaml │ │ └── pkg.include │ ├── vhost/ │ │ ├── README.md │ │ ├── file.include/ │ │ │ └── etc/ │ │ │ └── systemd/ │ │ │ └── system-preset/ │ │ │ └── 00-disable-libvirtd-tls-socket.preset │ │ ├── file.include.markers.yaml │ │ ├── info.yaml │ │ └── pkg.include │ └── vmware/ │ ├── README.md │ ├── convert.ova │ ├── exec.config │ ├── file.include/ │ │ ├── etc/ │ │ │ ├── cloud/ │ │ │ │ └── cloud.cfg.d/ │ │ │ │ ├── 01_debian-cloud.cfg │ │ │ │ ├── 99_disable-network-config.cfg │ │ │ │ └── 99_enabled-datasources.cfg │ │ │ ├── kernel/ │ │ │ │ └── cmdline.d/ │ │ │ │ ├── 10-console.cfg │ │ │ │ └── 50-ignition.cfg │ │ │ └── systemd/ │ │ │ └── system/ │ │ │ └── ignition-disable.service │ │ └── usr/ │ │ ├── bin/ │ │ │ └── dscheck_VMwareGuestInfo │ │ └── lib/ │ │ └── python3/ │ │ └── dist-packages/ │ │ └── cloudinit/ │ │ └── sources/ │ │ └── DataSourceVMwareGuestInfo.py │ ├── file.include.markers.yaml │ ├── info.yaml │ ├── make-ova │ ├── pkg.include │ └── vmware.ovf.template ├── flavors.yaml ├── gardenlinux.asc ├── get_commit ├── get_repo ├── get_timestamp ├── get_version ├── hack/ │ ├── .gl-search-functions.sh │ ├── README.md │ ├── compare-apt-repo-versions-gl-debian.sh │ ├── compare-apt-repo-versions.sh │ ├── devscp │ ├── devssh │ ├── enable_inactive_workflows │ ├── get-selected-gl-bom.sh │ ├── gl-pkg-url.sh │ ├── gl-search.sh │ ├── glvd-search.sh │ ├── list-package-releases.sh │ ├── local-vm-workstation/ │ │ ├── .gitignore │ │ ├── README.md │ │ ├── Vagrantfile │ │ ├── deps.list │ │ └── init.sh │ └── parse-aptsource.py ├── images/ │ └── kmodbuild/ │ ├── Containerfile │ └── list_headers ├── keyring.gpg ├── pyrightconfig.json ├── requirements.txt ├── tests/ │ ├── .gitignore │ ├── DEVELOPER-TESTCOV.md │ ├── DEVELOPER.md │ ├── README.md │ ├── conftest.py │ ├── dev.makefile │ ├── handlers/ │ │ ├── configure_nvme.py │ │ ├── iscsi.py │ │ ├── pip.py │ │ └── services.py │ ├── integration/ │ │ ├── boot/ │ │ │ ├── test_cloud_init.py │ │ │ ├── test_ignition.py │ │ │ ├── test_initrd.py │ │ │ ├── test_iso.py │ │ │ ├── test_legacy.py │ │ │ └── test_secureboot.py │ │ ├── core/ │ │ │ ├── test_autologin.py │ │ │ ├── test_base.py │ │ │ ├── test_codedump.py │ │ │ ├── test_deny_packages.py │ │ │ ├── test_dmesg.py │ │ │ ├── test_history.py │ │ │ ├── test_logging.py │ │ │ ├── test_network.py │ │ │ ├── test_proc.py │ │ │ ├── test_profile.py │ │ │ ├── test_server.py │ │ │ ├── test_services.py │ │ │ ├── test_sysdiff.py │ │ │ ├── test_time.py │ │ │ └── test_users_groups.py │ │ ├── infrastructure/ │ │ │ ├── test_cloud_platforms.py │ │ │ ├── test_iscsi.py │ │ │ ├── test_kvm.py │ │ │ ├── test_metal.py │ │ │ └── test_nvme.py │ │ ├── kernel/ │ │ │ ├── test_kernel_cmdline.py │ │ │ ├── test_kernel_count.py │ │ │ ├── test_kernel_modules.py │ │ │ └── test_kernel_parameters.py │ │ ├── runtime/ │ │ │ ├── test_checkbox.py │ │ │ ├── test_chost.py │ │ │ ├── test_clamav.py │ │ │ ├── test_containers.py │ │ │ ├── test_gardener.py │ │ │ ├── test_glvd.py │ │ │ ├── test_khost.py │ │ │ ├── test_nodejs.py │ │ │ ├── test_pythonDev.py │ │ │ ├── test_sap.py │ │ │ └── test_sapmachine.py │ │ └── security/ │ │ ├── compliance/ │ │ │ ├── test_cis.py │ │ │ ├── test_disastig_00005.py │ │ │ ├── test_disastig_00009.py │ │ │ ├── test_disastig_00013.py │ │ │ ├── test_disastig_00041.py │ │ │ ├── test_disastig_00046.py │ │ │ ├── test_disastig_00047.py │ │ │ ├── test_disastig_00050.py │ │ │ ├── test_disastig_00063.py │ │ │ ├── test_disastig_00067.py │ │ │ ├── test_disastig_00069.py │ │ │ ├── test_disastig_00072.py │ │ │ ├── test_disastig_00084.py │ │ │ ├── test_disastig_00089.py │ │ │ ├── test_disastig_00097.py │ │ │ ├── test_disastig_00098.py │ │ │ ├── test_disastig_00100.py │ │ │ ├── test_disastig_00108.py │ │ │ ├── test_disastig_00136.py │ │ │ ├── test_disastig_00143.py │ │ │ ├── test_disastig_00146.py │ │ │ ├── test_disastig_00149.py │ │ │ ├── test_disastig_00153.py │ │ │ ├── test_disastig_00155.py │ │ │ ├── test_disastig_00170.py │ │ │ ├── test_disastig_00173.py │ │ │ ├── test_disastig_00175.py │ │ │ ├── test_disastig_00180.py │ │ │ ├── test_disastig_00186.py │ │ │ ├── test_disastig_00187.py │ │ │ ├── test_disastig_00188.py │ │ │ ├── test_disastig_00192.py │ │ │ ├── test_disastig_00194.py │ │ │ ├── test_disastig_00199.py │ │ │ ├── test_disastig_00209.py │ │ │ ├── test_disastig_00210.py │ │ │ ├── test_disastig_00218.py │ │ │ ├── test_disastig_00220.py │ │ │ ├── test_disastig_00222.py │ │ │ ├── test_disastig_00225.py │ │ │ ├── test_disastig_00226.py │ │ │ ├── test_disastig_00228.py │ │ │ ├── test_disastig_00229.py │ │ │ ├── test_disastig_00230.py │ │ │ ├── test_disastig_auditd.py │ │ │ ├── test_fedramp.py │ │ │ ├── test_fips.py │ │ │ └── test_stig.py │ │ ├── test_aide.py │ │ ├── test_capabilities.py │ │ ├── test_firewall.py │ │ ├── test_lsm.py │ │ ├── test_pam.py │ │ ├── test_password_hashes.py │ │ ├── test_password_shadow.py │ │ ├── test_sgx.py │ │ ├── test_ssh.py │ │ ├── test_su.py │ │ ├── test_umask.py │ │ └── test_wireguard.py │ ├── plugins/ │ │ ├── __init__.py │ │ ├── apt.py │ │ ├── arch.py │ │ ├── audit.py │ │ ├── block_devices.py │ │ ├── booted.py │ │ ├── capabilities.py │ │ ├── containerd.py │ │ ├── dpkg.py │ │ ├── dpkg_checksums.py │ │ ├── efivars.py │ │ ├── features.py │ │ ├── file.py │ │ ├── find.py │ │ ├── initrd.py │ │ ├── kernel_cmdline.py │ │ ├── kernel_configs.py │ │ ├── kernel_module.py │ │ ├── kernel_versions.py │ │ ├── linux_etc_files.py │ │ ├── lsm.py │ │ ├── modify.py │ │ ├── mount.py │ │ ├── network.py │ │ ├── nft.py │ │ ├── pam.py │ │ ├── parse.py │ │ ├── parse_file.py │ │ ├── performance.py │ │ ├── remounted_root.py │ │ ├── security_id.py │ │ ├── setting_ids.py │ │ ├── setuid_binaries.py │ │ ├── shell.py │ │ ├── sshd.py │ │ ├── sysctl.py │ │ ├── sysdiff.py │ │ ├── system_id_parser.py │ │ ├── systemd.py │ │ ├── systemd_detect_virt.py │ │ ├── tests/ │ │ │ ├── test_file.py │ │ │ ├── test_parse.py │ │ │ └── test_parse_file.py │ │ ├── timeconf.py │ │ ├── timedatectl.py │ │ ├── users.py │ │ └── utils.py │ └── util/ │ ├── build.makefile │ ├── build_dist.sh │ ├── build_dist_image.sh │ ├── build_runtime.sh │ ├── container/ │ │ ├── Containerfile │ │ └── enter_host_ns.c │ ├── coverage.feature.excludes │ ├── coverage.py │ ├── install_tofu.sh │ ├── login_cloud.sh │ ├── login_qemu.sh │ ├── metadata-server.py │ ├── python.env.sh │ ├── requirements-dev.txt │ ├── requirements-gh.txt │ ├── requirements.txt │ ├── run.sh │ ├── run_chroot.sh │ ├── run_cloud.sh │ ├── run_dev_cloud.sh │ ├── run_dev_common.sh │ ├── run_dev_qemu.sh │ ├── run_oci.sh │ ├── run_qemu.sh │ ├── sysdiff.py │ ├── tests/ │ │ └── test_coverage.py │ ├── tf/ │ │ ├── .terraform.lock.hcl │ │ ├── backend.tf.github │ │ ├── encryption.tf.github │ │ ├── main.tf │ │ ├── modules/ │ │ │ ├── ali/ │ │ │ │ ├── disks.tf │ │ │ │ ├── locals.tf │ │ │ │ ├── main.tf │ │ │ │ ├── net.tf │ │ │ │ ├── provider.tf │ │ │ │ ├── variables.tf │ │ │ │ └── vm.tf │ │ │ ├── aws/ │ │ │ │ ├── disks.tf │ │ │ │ ├── locals.tf │ │ │ │ ├── net.tf │ │ │ │ ├── provider.tf │ │ │ │ ├── variables.tf │ │ │ │ └── vm.tf │ │ │ ├── azure/ │ │ │ │ ├── disks.tf │ │ │ │ ├── locals.tf │ │ │ │ ├── main.tf │ │ │ │ ├── net.tf │ │ │ │ ├── provider.tf │ │ │ │ ├── variables.tf │ │ │ │ └── vm.tf │ │ │ ├── gcp/ │ │ │ │ ├── disks.tf │ │ │ │ ├── locals.tf │ │ │ │ ├── net.tf │ │ │ │ ├── provider.tf │ │ │ │ ├── variables.tf │ │ │ │ └── vm.tf │ │ │ ├── openstack/ │ │ │ │ ├── disks.tf │ │ │ │ ├── locals.tf │ │ │ │ ├── net.tf │ │ │ │ ├── variables.tf │ │ │ │ └── vm.tf │ │ │ └── state_aws/ │ │ │ └── main.tf │ │ ├── providers.tf │ │ ├── user_data_script.sh │ │ └── variables.tf │ └── update_runtime.py ├── tools/ │ ├── clean_ec2_ami.py │ ├── clean_openstack_images.py │ ├── import-azure-machine-image.py │ └── import-ec2-ami.py └── unbase_oci
SYMBOL INDEX (1594 symbols across 172 files)
FILE: .github/workflows/format_diff.py
function dependencies (line 56) | def dependencies(feature, excludes):
function buildFeatureTree (line 72) | def buildFeatureTree(flavor):
function intersectionTree (line 93) | def intersectionTree(tree, intersect):
function treeStr (line 104) | def treeStr(tree):
function dropdown (line 191) | def dropdown(items):
FILE: .github/workflows/github.mjs
function dispatchRetryWorkflow (line 1) | async function dispatchRetryWorkflow(core, githubActions, context, refNa...
function excludeFlavorsMatrix (line 26) | function excludeFlavorsMatrix(matrixA, matrixB) {
function isMatrixEmpty (line 42) | function isMatrixEmpty(matrix) {
function getGHCRRepositoryFromTarget (line 46) | function getGHCRRepositoryFromTarget(target) {
function getGitHubSigningEnvironmentFromTarget (line 61) | function getGitHubSigningEnvironmentFromTarget(target) {
function getTestEnvironmentsEnabled (line 76) | function getTestEnvironmentsEnabled(commaSeparatedTestsRequested) {
function flattenFlavorsMatrixByArch (line 90) | function flattenFlavorsMatrixByArch(matrix) {
function intersectFlavorsMatrix (line 104) | function intersectFlavorsMatrix(matrixA, matrixB) {
function retryWorkflow (line 124) | async function retryWorkflow(core, githubActions, context, runID, retrie...
FILE: bare_flavors/libc/test/test.c
function main (line 3) | int main(int argc, char **argv)
FILE: bare_flavors/sapmachine/test/Test.java
class Test (line 1) | class Test {
method main (line 2) | public static void main(String[] args) {
FILE: bin/check-pkgs-availability.py
function read_pkg_files (line 12) | def read_pkg_files(arch):
function get_available_pkgs_from_repo (line 38) | def get_available_pkgs_from_repo(url) -> list():
function get_unavailable_packages (line 50) | def get_unavailable_packages(available_packages, required_packages):
function check_packages (line 55) | def check_packages(arch, dist) -> list():
function check_pkgs_pipelines (line 62) | def check_pkgs_pipelines(full=False):
function main (line 113) | def main(dist):
FILE: bin/check-pkgs-pipelines.py
function check_pkgs_pipelines (line 13) | def check_pkgs_pipelines(full=False):
function main (line 61) | def main(full):
FILE: bin/generate-lima-yaml.py
function get_glrd_path (line 31) | def get_glrd_path():
function construct_command (line 40) | def construct_command(version, allow_nightly, glrd_path):
function get_image_path (line 51) | def get_image_path(command, version):
function generate_yaml (line 88) | def generate_yaml(image_paths):
function main (line 94) | def main():
FILE: features/pythonDev/file.include/usr/bin/exportLibs.py
function parse_args (line 20) | def parse_args():
function _isElf (line 45) | def _isElf(path: str | PathLike[str]) -> bool:
function _getInterpreter (line 62) | def _getInterpreter(path: str | PathLike[str]) -> Path:
function _get_default_package_dir (line 91) | def _get_default_package_dir() -> Path:
function export (line 113) | def export(
FILE: features/vmware/file.include/usr/lib/python3/dist-packages/cloudinit/sources/DataSourceVMwareGuestInfo.py
class NetworkConfigError (line 61) | class NetworkConfigError(Exception):
class DataSourceVMwareGuestInfo (line 69) | class DataSourceVMwareGuestInfo(sources.DataSource):
method __init__ (line 110) | def __init__(self, sys_cfg, distro, paths, ud_proc=None):
method get_data (line 115) | def get_data(self):
method setup (line 148) | def setup(self, is_new_instance):
method network_config (line 180) | def network_config(self):
method get_instance_id (line 190) | def get_instance_id(self):
method get_public_ssh_keys (line 199) | def get_public_ssh_keys(self):
function decode (line 214) | def decode(key, enc_type, data):
function get_none_if_empty_val (line 256) | def get_none_if_empty_val(val):
function advertise_local_ip_addrs (line 276) | def advertise_local_ip_addrs(host_info):
function handle_returned_guestinfo_val (line 298) | def handle_returned_guestinfo_val(key, val):
function get_guestinfo_value (line 311) | def get_guestinfo_value(key):
function set_guestinfo_value (line 346) | def set_guestinfo_value(key, value):
function clear_guestinfo_keys (line 380) | def clear_guestinfo_keys(keys):
function guestinfo (line 399) | def guestinfo(key):
function load (line 411) | def load(data):
function load_metadata (line 425) | def load_metadata():
function get_datasource_list (line 463) | def get_datasource_list(depends):
function get_default_ip_addrs (line 470) | def get_default_ip_addrs():
function getfqdn (line 546) | def getfqdn(name=''):
function is_valid_ip_addr (line 566) | def is_valid_ip_addr(val):
function get_host_info (line 584) | def get_host_info():
function wait_on_network (line 674) | def wait_on_network(metadata):
function get_data_access_method (line 724) | def get_data_access_method():
function merge_dicts (line 736) | def merge_dicts(a, b):
function merge_dicts_with_deep_merge (line 748) | def merge_dicts_with_deep_merge(a, b):
function merge_dicts_with_stdlib (line 753) | def merge_dicts_with_stdlib(a, b):
function main (line 763) | def main():
FILE: hack/parse-aptsource.py
class Debsrc (line 11) | class Debsrc():
method __init__ (line 12) | def __init__(self, deb_source, deb_version):
method __repr__ (line 19) | def __repr__(self) -> str:
class DebsrcFile (line 23) | class DebsrcFile(dict[str, Debsrc]):
method _read_source (line 42) | def _read_source(self, source: str, version: str) -> None:
method read (line 48) | def read(self, f: TextIO) -> None:
FILE: tests/conftest.py
function include_metadata_in_junit_xml_session (line 24) | def include_metadata_in_junit_xml_session(include_metadata_in_junit_xml):
FILE: tests/handlers/configure_nvme.py
function nvme_device (line 28) | def nvme_device(shell: ShellRunner, dpkg: Dpkg, kernel_module: KernelMod...
FILE: tests/handlers/iscsi.py
function iscsi_device (line 17) | def iscsi_device(shell: ShellRunner, systemd: Systemd, kernel_module: Ke...
FILE: tests/handlers/pip.py
function pip_requests (line 9) | def pip_requests(shell: ShellRunner):
FILE: tests/handlers/services.py
function handle_service (line 9) | def handle_service(systemd: Systemd, service_name: str):
function handle_service_containerd (line 23) | def handle_service_containerd(systemd: Systemd, kernel_module: KernelMod...
function handle_service_ssh (line 46) | def handle_service_ssh(systemd: Systemd):
function service_containerd (line 64) | def service_containerd(systemd: Systemd, kernel_module: KernelModule):
function service_ssh (line 70) | def service_ssh(systemd: Systemd):
FILE: tests/integration/boot/test_cloud_init.py
function test_cloud_init_installed (line 17) | def test_cloud_init_installed():
function test_cloud_init_not_installed (line 25) | def test_cloud_init_not_installed():
function test_cloud_init_debian_cloud_defaults (line 59) | def test_cloud_init_debian_cloud_defaults(parse_file: ParseFile):
function test_cloud_init_debian_cloud_user (line 80) | def test_cloud_init_debian_cloud_user(parse_file: ParseFile):
function test_cloud_init_debian_cloud_manage_etc_hosts (line 98) | def test_cloud_init_debian_cloud_manage_etc_hosts(parse_file: ParseFile):
function test_cloud_cfg_excludes_modules (line 127) | def test_cloud_cfg_excludes_modules(parse_file: ParseFile, module: str):
function test_ali_debian_cloud_ignore_manage_etc_hosts (line 160) | def test_ali_debian_cloud_ignore_manage_etc_hosts(parse_file: ParseFile):
function test_ali_disable_network_config (line 172) | def test_ali_disable_network_config(parse_file: ParseFile):
function test_ali_cloud_init_local_service_enabled (line 181) | def test_ali_cloud_init_local_service_enabled(systemd: Systemd):
function test_ali_cloud_init_local_service_inactive (line 190) | def test_ali_cloud_init_local_service_inactive(systemd: Systemd):
function test_ali_cloud_init_local_service_active (line 201) | def test_ali_cloud_init_local_service_active(systemd: Systemd):
function test_aws_cloud_init_local_override_exists (line 213) | def test_aws_cloud_init_local_override_exists(file: File):
function test_aws_disable_network_config (line 220) | def test_aws_disable_network_config(parse_file: ParseFile):
function test_aws_cloud_init_local_service_enabled (line 230) | def test_aws_cloud_init_local_service_enabled(systemd: Systemd):
function test_aws_cloud_init_local_service_inactive (line 239) | def test_aws_cloud_init_local_service_inactive(systemd: Systemd):
function test_aws_cloud_init_local_service_active (line 250) | def test_aws_cloud_init_local_service_active(systemd: Systemd):
function test_azure_cloud_init_network_config_disabled_exists (line 262) | def test_azure_cloud_init_network_config_disabled_exists(file: File):
function test_azure_cloud_init_network_config_disabled_content (line 273) | def test_azure_cloud_init_network_config_disabled_content(parse_file: Pa...
function test_azure_debian_cloud_user (line 285) | def test_azure_debian_cloud_user(parse_file: ParseFile):
function test_azure_cloud_init_local_service_enabled (line 294) | def test_azure_cloud_init_local_service_enabled(systemd: Systemd):
function test_azure_cloud_init_local_service_inactive (line 303) | def test_azure_cloud_init_local_service_inactive(systemd: Systemd):
function test_azure_cloud_init_local_service_active (line 314) | def test_azure_cloud_init_local_service_active(systemd: Systemd):
function test_gcp_no_cloud_init_local_service (line 327) | def test_gcp_no_cloud_init_local_service(systemd: Systemd):
function test_gdch_ntp_settings (line 345) | def test_gdch_ntp_settings(parse_file: ParseFile):
function test_gdch_cloud_init_local_service_enabled (line 356) | def test_gdch_cloud_init_local_service_enabled(systemd: Systemd):
function test_gdch_cloud_init_local_service_inactive (line 364) | def test_gdch_cloud_init_local_service_inactive(systemd: Systemd):
function test_lima_cloud_init_local_service_enabled (line 377) | def test_lima_cloud_init_local_service_enabled(systemd: Systemd):
function test_lima_cloud_init_local_service_inactive (line 385) | def test_lima_cloud_init_local_service_inactive(systemd: Systemd):
function test_openstack_datasource_list (line 401) | def test_openstack_datasource_list(parse_file: ParseFile):
function test_openstack_ds_identify (line 413) | def test_openstack_ds_identify(parse_file: ParseFile):
function test_openstack_cloud_disable_network_config (line 426) | def test_openstack_cloud_disable_network_config(parse_file: ParseFile):
function test_openstack_cloud_init_local_service_enabled (line 435) | def test_openstack_cloud_init_local_service_enabled(systemd: Systemd):
function test_openstack_cloud_init_local_service_active (line 443) | def test_openstack_cloud_init_local_service_active(systemd: Systemd):
function test_openstack_metal_network_config (line 459) | def test_openstack_metal_network_config(parse_file: ParseFile):
function test_vmware_disable_network_config (line 476) | def test_vmware_disable_network_config(parse_file: ParseFile):
function test_vmware_enabled_datasources (line 488) | def test_vmware_enabled_datasources(parse_file: ParseFile):
function test_vmware_datasource_files_exist (line 508) | def test_vmware_datasource_files_exist(file_path: str):
function test_vmware_cloud_init_local_service_enabled (line 515) | def test_vmware_cloud_init_local_service_enabled(systemd: Systemd):
function test_vmware_cloud_init_local_service_inactive (line 523) | def test_vmware_cloud_init_local_service_inactive(systemd: Systemd):
FILE: tests/integration/boot/test_ignition.py
function test_ignite_initrd_ignition_modules (line 19) | def test_ignite_initrd_ignition_modules(initrd: Initrd):
function test_ignite_initrd_files (line 46) | def test_ignite_initrd_files(initrd: Initrd):
function test__usi_initrd_ignition_modules (line 79) | def test__usi_initrd_ignition_modules(initrd: Initrd):
function test_usi_no_ignition_cmdline_config (line 97) | def test_usi_no_ignition_cmdline_config(file: File):
function test__usi_no_ignition_disable_service (line 105) | def test__usi_no_ignition_disable_service(systemd: Systemd):
function test_kvm_ignition_disable_unit_exists (line 145) | def test_kvm_ignition_disable_unit_exists(file):
function test_kvm_ignition_disable_service_enabled (line 156) | def test_kvm_ignition_disable_service_enabled(systemd: Systemd):
function test_kvm_ignition_disable_service_active (line 167) | def test_kvm_ignition_disable_service_active(systemd: Systemd):
function test_vmware_kernel_cmdline_no_ignition_arm64 (line 205) | def test_vmware_kernel_cmdline_no_ignition_arm64(file: File):
function test_vmware_ignition_disable_unit_exists (line 226) | def test_vmware_ignition_disable_unit_exists(file):
FILE: tests/integration/boot/test_initrd.py
function test_ephemeral_check_initrd_cryptsetup_unit_exists (line 22) | def test_ephemeral_check_initrd_cryptsetup_unit_exists(initrd: Initrd):
function test_ephemeral_initrd_files (line 37) | def test_ephemeral_initrd_files(initrd: Initrd):
function test_kdump_initrd_files (line 66) | def test_kdump_initrd_files(initrd: Initrd):
function test_nocrypt_initrd_files (line 94) | def test_nocrypt_initrd_files(initrd: Initrd):
function test_pxe_gl_end_unit_exists (line 113) | def test_pxe_gl_end_unit_exists(file):
function test_pxe_initrd_gl_live_module (line 128) | def test_pxe_initrd_gl_live_module(initrd: Initrd):
function test_pxe_initrd_omit_cdc_ether_module (line 146) | def test_pxe_initrd_omit_cdc_ether_module(initrd: Initrd):
function test_pxe_initrd_files (line 172) | def test_pxe_initrd_files(initrd: Initrd):
function test_pxe_kernel_cmdline (line 199) | def test_pxe_kernel_cmdline(kernel_cmdline: List[str]):
function test_pxe_no_repart_root (line 214) | def test_pxe_no_repart_root(file: File):
function test_tpm2_initrd_files (line 242) | def test_tpm2_initrd_files(initrd: Initrd):
function test_tpm2_check_initrd_tpm_unit_exists (line 266) | def test_tpm2_check_initrd_tpm_unit_exists(initrd: Initrd):
function test_tpm2_check_initrd_systemd_repart_requires_check_tpm_unit (line 275) | def test_tpm2_check_initrd_systemd_repart_requires_check_tpm_unit(initrd...
function test_tpm2_check_initrd_tpm2_measure_unit_exists (line 286) | def test_tpm2_check_initrd_tpm2_measure_unit_exists(initrd: Initrd):
function test_tpm2_check_initrd_switch_root_requires_tpm2_measure_unit (line 295) | def test_tpm2_check_initrd_switch_root_requires_tpm2_measure_unit(initrd...
function test_tpm2_check_initrd_systemd_cryptsetup_var_unit_exists (line 306) | def test_tpm2_check_initrd_systemd_cryptsetup_var_unit_exists(initrd: In...
function test__usi_initrd_files (line 336) | def test__usi_initrd_files(initrd: Initrd):
function test_aws_dracut_xen_modules_config (line 367) | def test_aws_dracut_xen_modules_config(parse_file: ParseFile):
function test_aws_initrd_xen_modules (line 379) | def test_aws_initrd_xen_modules(initrd: Initrd):
function test_azure_dracut_nvme_modules_config (line 393) | def test_azure_dracut_nvme_modules_config(parse_file: ParseFile):
function test_azure_initrd_nvme_modules (line 405) | def test_azure_initrd_nvme_modules(initrd: Initrd):
function test_kvm_no_initrd_images (line 424) | def test_kvm_no_initrd_images():
function test_openstackMetal_dracut_broadcom_modules_config (line 442) | def test_openstackMetal_dracut_broadcom_modules_config(parse_file: Parse...
function test_openstackMetal_initrd_broadcom_modules (line 454) | def test_openstackMetal_initrd_broadcom_modules(initrd: Initrd):
function test_openstackMetal_repart_root_config (line 469) | def test_openstackMetal_repart_root_config(file: File):
function test_server_no_initrd_images (line 490) | def test_server_no_initrd_images():
FILE: tests/integration/boot/test_iso.py
function test_iso_install_fstab_script (line 15) | def test_iso_install_fstab_script(file: File):
function test_iso_install_partition_script (line 28) | def test_iso_install_partition_script(file: File):
function test_iso_install_main_script (line 41) | def test_iso_install_main_script(file: File):
FILE: tests/integration/boot/test_legacy.py
function test_legacy_syslinux_bootloader_entries (line 17) | def test_legacy_syslinux_bootloader_entries(
function test_legacy_syslinux_libutil_exists (line 36) | def test_legacy_syslinux_libutil_exists(file: File):
function test_legacy_update_bootloaders_script (line 56) | def test_legacy_update_bootloaders_script(file: File):
FILE: tests/integration/boot/test_secureboot.py
function test_secureboot_enabled (line 15) | def test_secureboot_enabled(efivars):
function test__usi_files (line 53) | def test__usi_files(file: File):
function test_amd64_efi_binary_exists (line 79) | def test_amd64_efi_binary_exists(file: File):
function test_arm64_efi_binary_exists (line 95) | def test_arm64_efi_binary_exists(file: File):
function test_trustedboot_kernel_cmdline_no_rd_shell_exists (line 109) | def test_trustedboot_kernel_cmdline_no_rd_shell_exists(file: File):
function test_trustedboot_kernel_cmdline_no_rd_shell (line 117) | def test_trustedboot_kernel_cmdline_no_rd_shell(kernel_cmdline: List[str]):
function test_trustedboot_initrd_files (line 141) | def test_trustedboot_initrd_files(initrd: Initrd):
function test_trustedboot_kernel_cmdline (line 162) | def test_trustedboot_kernel_cmdline(kernel_cmdline: List[str]):
function test_trustedboot_check_initrd_emergency_unit_exists (line 175) | def test_trustedboot_check_initrd_emergency_unit_exists(initrd: Initrd):
function test_trustedboot_check_initrd_local_fs_target_requires_check_secureboot_unit (line 188) | def test_trustedboot_check_initrd_local_fs_target_requires_check_secureb...
function test_usi_kernel_cmdline_no_gpt_auto_exists (line 204) | def test_usi_kernel_cmdline_no_gpt_auto_exists(file: File):
function test_usi_kernel_cmdline (line 212) | def test_usi_kernel_cmdline(kernel_cmdline: List[str]):
FILE: tests/integration/core/test_autologin.py
function test_autologin (line 20) | def test_autologin(config_file, parse_file: ParseFile):
FILE: tests/integration/core/test_base.py
function test_machine_id_is_initialized (line 18) | def test_machine_id_is_initialized(parse_file: ParseFile):
function test_gl_is_support_distro (line 24) | def test_gl_is_support_distro(parse_file: ParseFile):
function test_fhs_directories (line 50) | def test_fhs_directories(file: File, dir: str):
function test_fhs_symlinks (line 62) | def test_fhs_symlinks(file: File, link: str, target: str):
function test_fhs_symlinks_amd64 (line 75) | def test_fhs_symlinks_amd64(file: File, link: str, target: str):
function test_startup_time (line 85) | def test_startup_time(systemd: Systemd):
function test_kernel_not_tainted (line 107) | def test_kernel_not_tainted():
function test_no_failed_units (line 119) | def test_no_failed_units(systemd: Systemd, shell: ShellRunner):
function test_kernel_configs_sysrq_not_set_cloud (line 133) | def test_kernel_configs_sysrq_not_set_cloud(
function test_sysctl_sysrq_not_set (line 148) | def test_sysctl_sysrq_not_set(sysctl: Sysctl):
function test_magic_sysrq_trigger_not_exists (line 155) | def test_magic_sysrq_trigger_not_exists(file: File):
function test_base_apt_configs_exist (line 176) | def test_base_apt_configs_exist(file: File):
function test_base_apt_preferences_gardenlinux_exists (line 193) | def test_base_apt_preferences_gardenlinux_exists(file: File):
function test_base_dpkg_origins_exist (line 210) | def test_base_dpkg_origins_exist(file: File):
function test_base_dpkg_configs_exist (line 228) | def test_base_dpkg_configs_exist(file: File):
function test_base_hosts_file_exists (line 248) | def test_base_hosts_file_exists(file: File):
function test_base_hosts_file_contains_localhost_and_garden (line 258) | def test_base_hosts_file_contains_localhost_and_garden(parse_file: Parse...
function test_base_resolv_conf_file_exists (line 273) | def test_base_resolv_conf_file_exists(file: File):
function test_base_resolv_conf_file_contains_nameservers (line 281) | def test_base_resolv_conf_file_contains_nameservers(parse_file: ParseFile):
function test_base_resolved_no_backup_file_exists (line 300) | def test_base_resolved_no_backup_file_exists(file: File):
function test_base_ucf_conf_exists (line 309) | def test_base_ucf_conf_exists(file: File):
function test_base_ucf_conf_contains_defaults (line 316) | def test_base_ucf_conf_contains_defaults(parse_file: ParseFile):
function test_base_veritytab_exists (line 326) | def test_base_veritytab_exists(file: File):
function test_base_www_gitignore_exists (line 333) | def test_base_www_gitignore_exists(file: File):
function test_base_www_gitignore_contains_defaults (line 340) | def test_base_www_gitignore_contains_defaults(parse_file: ParseFile):
function test_base_no_installation_planner_logs (line 358) | def test_base_no_installation_planner_logs(file: File):
function test_base_mount_no_sbit_security (line 376) | def test_base_mount_no_sbit_security(file: File):
function test_base_update_motd_logo (line 390) | def test_base_update_motd_logo(file: File):
function test_base_user_home_nonexistent (line 403) | def test_base_user_home_nonexistent(file: File):
function test_usi_empty_root_home_directory (line 417) | def test_usi_empty_root_home_directory(file: File):
function test_usi_no_udev_rules_image_dissect (line 427) | def test_usi_no_udev_rules_image_dissect(file: File):
function test_cispartition_mount_files_exists (line 439) | def test_cispartition_mount_files_exists(file: File):
function test_cispartition_mount_units_enabled (line 452) | def test_cispartition_mount_units_enabled(systemd: Systemd):
function test_slim_no_usr_share_docs_dirs_exist (line 481) | def test_slim_no_usr_share_docs_dirs_exist(file: File):
function test_no_man (line 498) | def test_no_man(shell: ShellRunner):
function test_ali_resolved_config_exists (line 512) | def test_ali_resolved_config_exists(file: File):
function test_aws_resolved_config_exists (line 524) | def test_aws_resolved_config_exists(file: File):
FILE: tests/integration/core/test_codedump.py
function test_prod_security_limits_no_core_dumps (line 17) | def test_prod_security_limits_no_core_dumps(file: File):
function test_prod_security_limits_no_core_dumps_check (line 31) | def test_prod_security_limits_no_core_dumps_check(shell: ShellRunner):
function test_prod_sysctl_coredump_disable (line 45) | def test_prod_sysctl_coredump_disable(file: File):
function test_prod_sysctl_coredump_disable_check (line 59) | def test_prod_sysctl_coredump_disable_check(sysctl: Sysctl):
function test_prod_systemd_coredump_disable (line 75) | def test_prod_systemd_coredump_disable(file: File):
function test_prod_no_systemd_coredump_service_override (line 88) | def test_prod_no_systemd_coredump_service_override(file: File):
FILE: tests/integration/core/test_deny_packages.py
function test_no_denylisted_packages (line 15) | def test_no_denylisted_packages(denied_package: str, dpkg: Dpkg):
function test_package_irqbalance_not_installed_on_gcp (line 25) | def test_package_irqbalance_not_installed_on_gcp(dpkg: Dpkg):
FILE: tests/integration/core/test_dmesg.py
function test_dmesg_gardener_sysctl_no_restrictions_on_accessing_dmesg (line 14) | def test_dmesg_gardener_sysctl_no_restrictions_on_accessing_dmesg(parse_...
function test_dmesg_server_sysctl_restrictions_on_accessing_dmesg (line 26) | def test_dmesg_server_sysctl_restrictions_on_accessing_dmesg(parse_file):
function test_dmesg_stig_sysctl_restrictions_on_accessing_dmesg (line 34) | def test_dmesg_stig_sysctl_restrictions_on_accessing_dmesg(parse_file):
function test_gardener_sysctl_no_restrict_dmesg (line 46) | def test_gardener_sysctl_no_restrict_dmesg(file: File):
function test_dmesg_gardener_no_restrictions_sysctl_runtime (line 62) | def test_dmesg_gardener_no_restrictions_sysctl_runtime(sysctl):
function test_dmesg_server_restrictions_sysctl_runtime (line 73) | def test_dmesg_server_restrictions_sysctl_runtime(sysctl):
function test_dmesg_gardener_call_by_unprivileged_user_allowed (line 84) | def test_dmesg_gardener_call_by_unprivileged_user_allowed(shell):
function test_dmesg_server_call_by_unprivileged_user_forbidden (line 96) | def test_dmesg_server_call_by_unprivileged_user_forbidden(shell):
function test_dmesg_stig_restrictions_sysctl_runtime (line 113) | def test_dmesg_stig_restrictions_sysctl_runtime(sysctl):
function test_dmesg_stig_call_by_unprivileged_user_forbidden (line 124) | def test_dmesg_stig_call_by_unprivileged_user_forbidden(shell):
FILE: tests/integration/core/test_history.py
function test_history_profile_d_contains_required_configuration (line 17) | def test_history_profile_d_contains_required_configuration(parse_file: P...
function test_histfile_env_var_is_readonly (line 27) | def test_histfile_env_var_is_readonly(shell):
FILE: tests/integration/core/test_logging.py
function test_log_audit_directory_permissions (line 18) | def test_log_audit_directory_permissions(find: Find, file: File):
function test_log_audit_rules_files_exist (line 38) | def test_log_audit_rules_files_exist(file: File):
function test_log_audit_rule_base_config_content (line 56) | def test_log_audit_rule_base_config_content(parse_file: ParseFile):
function test_log_audit_rule_cont_fail_content (line 73) | def test_log_audit_rule_cont_fail_content(parse_file: ParseFile):
function test_log_audit_rule_ignore_error_content (line 87) | def test_log_audit_rule_ignore_error_content(parse_file: ParseFile):
function test_log_journald_minimum_config_exists (line 106) | def test_log_journald_minimum_config_exists(file: File):
function test_log_journald_minimum_config_content (line 119) | def test_log_journald_minimum_config_content(parse_file: ParseFile):
function test_log_journald_rsyslog_config_exists (line 136) | def test_log_journald_rsyslog_config_exists(file: File):
function test_log_journald_rsyslog_config_content (line 149) | def test_log_journald_rsyslog_config_content(parse_file: ParseFile):
function test_log_rsyslog_main_config_exists (line 170) | def test_log_rsyslog_main_config_exists(file: File):
function test_log_rsyslog_main_config_content (line 183) | def test_log_rsyslog_main_config_content(parse_file: ParseFile):
function test_log_rsyslog_input_configs_exist (line 203) | def test_log_rsyslog_input_configs_exist(file: File):
function test_log_rsyslog_input_config_content (line 218) | def test_log_rsyslog_input_config_content(parse_file: ParseFile):
function test_log_auditd_service_enabled (line 236) | def test_log_auditd_service_enabled(systemd: Systemd):
function test_log_auditd_service_active (line 246) | def test_log_auditd_service_active(systemd: Systemd):
function test_log_rsyslog_service_disabled (line 254) | def test_log_rsyslog_service_disabled(systemd: Systemd):
function test_log_rsyslog_service_inactive (line 262) | def test_log_rsyslog_service_inactive(systemd: Systemd):
function test_log_systemd_journald_audit_socket_service_enabled (line 270) | def test_log_systemd_journald_audit_socket_service_enabled(systemd: Syst...
function test_log_systemd_journald_audit_socket_service_active (line 278) | def test_log_systemd_journald_audit_socket_service_active(systemd: Syste...
FILE: tests/integration/core/test_network.py
function test_loopback_interface (line 25) | def test_loopback_interface(shell):
function test_local_tcp_stack (line 33) | def test_local_tcp_stack(ip_version, loopback, tcp_echo_server):
function test_local_udp_stack (line 56) | def test_local_udp_stack(ip_version, loopback, udp_echo_server):
function test_resolv_conf_exists (line 81) | def test_resolv_conf_exists(file: File):
function test_no_default_drop_policy (line 92) | def test_no_default_drop_policy(shell):
function test_hostname_azure (line 106) | def test_hostname_azure(shell):
function test_that_nftables_firewall_service_is_running (line 133) | def test_that_nftables_firewall_service_is_running(systemd: Systemd):
function test_that_iptables_firewall_service_is_running (line 148) | def test_that_iptables_firewall_service_is_running(systemd: Systemd):
FILE: tests/integration/core/test_proc.py
function test_image_proc_is_empty (line 12) | def test_image_proc_is_empty(remounted_root):
function test_running_proc_is_not_empty (line 34) | def test_running_proc_is_not_empty():
FILE: tests/integration/core/test_profile.py
function test_profile_autologout_cloud (line 14) | def test_profile_autologout_cloud(parse_file: ParseFile):
function test_shell_tmout_file_exists_cloud (line 33) | def test_shell_tmout_file_exists_cloud(file: File):
function test_shell_tmout_is_configured_cloud (line 46) | def test_shell_tmout_is_configured_cloud(parse_file: ParseFile):
function test_shell_tmout_is_readonly_cloud (line 58) | def test_shell_tmout_is_readonly_cloud(parse_file: ParseFile):
function test_shell_tmout_is_exported_cloud (line 70) | def test_shell_tmout_is_exported_cloud(parse_file: ParseFile):
function test_profile_autologout_openstack_metal (line 90) | def test_profile_autologout_openstack_metal(parse_file: ParseFile):
function test_profile_autologout_stig (line 111) | def test_profile_autologout_stig(parse_file: ParseFile):
function test_shell_tmout_file_exists_stig (line 134) | def test_shell_tmout_file_exists_stig(file: File):
function test_shell_tmout_is_configured_stig (line 147) | def test_shell_tmout_is_configured_stig(parse_file: ParseFile):
function test_shell_tmout_is_readonly_stig (line 159) | def test_shell_tmout_is_readonly_stig(parse_file: ParseFile):
function test_shell_tmout_is_exported_stig (line 171) | def test_shell_tmout_is_exported_stig(parse_file: ParseFile):
FILE: tests/integration/core/test_server.py
function test_server_motd_scripts_exist (line 26) | def test_server_motd_scripts_exist(file: File):
function test_server_systemd_growfs_override_exists (line 56) | def test_server_systemd_growfs_override_exists(file: File):
function test_server_systemd_networkd_wait_online_override_exists (line 78) | def test_server_systemd_networkd_wait_online_override_exists(file: File):
function test_server_systemd_resolved_networkd_dependency_exists (line 91) | def test_server_systemd_resolved_networkd_dependency_exists(file: File):
function test_server_systemd_resolved_llmn_config_exists (line 104) | def test_server_systemd_resolved_llmn_config_exists(file: File):
function test_server_systemd_resolved_llmnr_disabled (line 117) | def test_server_systemd_resolved_llmnr_disabled(parse_file: ParseFile):
function test_server_systemd_resolved_mdns_config_exists (line 130) | def test_server_systemd_resolved_mdns_config_exists(file: File):
function test_server_systemd_resolved_mdns_disabled (line 143) | def test_server_systemd_resolved_mdns_disabled(parse_file: ParseFile):
function test_server_systemd_networkd_server_config_exists (line 157) | def test_server_systemd_networkd_server_config_exists(parse_file: ParseF...
function test_server_systemd_networkd_foreign_routing_disabled (line 174) | def test_server_systemd_networkd_foreign_routing_disabled(parse_file: Pa...
function test_server_resolv_conf_stub_link (line 192) | def test_server_resolv_conf_stub_link(file: File):
function test_server_hosts_file_permissions (line 210) | def test_server_hosts_file_permissions(file: File):
function test_server_sudoers_wheel_exists (line 223) | def test_server_sudoers_wheel_exists(file: File):
function test_server_sudoers_wheel_content (line 234) | def test_server_sudoers_wheel_content(parse_file: ParseFile):
function test_server_sudoers_keepssh_exists (line 248) | def test_server_sudoers_keepssh_exists(file: File):
function test_server_sudoers_keepssh_content (line 259) | def test_server_sudoers_keepssh_content(parse_file: ParseFile):
function test_sudo_resets_user_environment (line 269) | def test_sudo_resets_user_environment(parse_file: ParseFile):
function test_server_locale_conf_exists (line 285) | def test_server_locale_conf_exists(file: File):
function test_server_locale_conf_content (line 296) | def test_server_locale_conf_content(parse_file: ParseFile):
function test_server_no_init_scripts (line 315) | def test_server_no_init_scripts(file: File):
function test_server_no_unnecessary_dirs (line 338) | def test_server_no_unnecessary_dirs(file: File):
function test_server_no_runit_files (line 357) | def test_server_no_runit_files(file: File):
function test_server_no_ufw (line 375) | def test_server_no_ufw(file: File):
function test_server_no_vmlinuz_in_root (line 389) | def test_server_no_vmlinuz_in_root(file: File):
function test_server_no_dbus_machine_id (line 405) | def test_server_no_dbus_machine_id(file: File):
function test_server_mount_tmp_exists (line 420) | def test_server_mount_tmp_exists(file: File):
function test_server_mount_tmp_enabled (line 432) | def test_server_mount_tmp_enabled(systemd: Systemd):
function test_server_mount_tmp_active (line 444) | def test_server_mount_tmp_active(systemd: Systemd):
function test_server_network_default_config_exists (line 455) | def test_server_network_default_config_exists(file: File):
function test_server_no_e2scrub_all_cron (line 466) | def test_server_no_e2scrub_all_cron(file: File):
function test_server_kernel_img_conf_exists (line 479) | def test_server_kernel_img_conf_exists(file: File):
function test_server_kernel_img_do_symlinks (line 490) | def test_server_kernel_img_do_symlinks(parse_file: ParseFile):
function test_server_locale_conf_permissions (line 504) | def test_server_locale_conf_permissions(file: File):
function test_server_locale_link (line 518) | def test_server_locale_link(file: File):
function test_server_nsswitch_no_nis (line 531) | def test_server_nsswitch_no_nis(parse_file: ParseFile):
function test_server_skel_file_permissions (line 544) | def test_server_skel_file_permissions(file: File):
function test_server_systemd_system_conf (line 566) | def test_server_systemd_system_conf(file: File):
function test_server_systemd_dbus_socket (line 579) | def test_server_systemd_dbus_socket(file: File):
function test_server_systemd_dbus_socket_content (line 592) | def test_server_systemd_dbus_socket_content(parse_file: ParseFile):
function test_server_no_uname_motd_script (line 606) | def test_server_no_uname_motd_script(file: File):
FILE: tests/integration/core/test_services.py
function test_fwcfg_qemu_fw_cfg_script_unit_exists (line 17) | def test_fwcfg_qemu_fw_cfg_script_unit_exists(file):
function test__fwcfg_qemu_fw_cfg_script_service_enabled (line 25) | def test__fwcfg_qemu_fw_cfg_script_service_enabled(systemd: Systemd):
function test__fwcfg_qemu_fw_cfg_script_service_active (line 34) | def test__fwcfg_qemu_fw_cfg_script_service_active(systemd: Systemd):
function test__kdump_kdump_tools_service_enabled (line 47) | def test__kdump_kdump_tools_service_enabled(systemd: Systemd):
function test__kdump_kdump_tools_service_active (line 55) | def test__kdump_kdump_tools_service_active(systemd: Systemd):
function test__prod_no_systemd_coredump_service (line 68) | def test__prod_no_systemd_coredump_service(systemd: Systemd):
function test_aws_clocksource_unit_exists (line 82) | def test_aws_clocksource_unit_exists(file):
function test_aws_aws_clocksource_service_enabled (line 90) | def test_aws_aws_clocksource_service_enabled(systemd: Systemd):
function test_aws_aws_clocksource_service_inactive (line 98) | def test_aws_aws_clocksource_service_inactive(systemd: Systemd):
function test_checkbox_generate_report_unit_exists (line 110) | def test_checkbox_generate_report_unit_exists(file):
function test_checkbox_getty_tty1_service_disabled (line 118) | def test_checkbox_getty_tty1_service_disabled(systemd: Systemd):
function test_checkbox_getty_tty1_service_inactive (line 126) | def test_checkbox_getty_tty1_service_inactive(systemd: Systemd):
function test_checkbox_serial_getty_service_disabled (line 134) | def test_checkbox_serial_getty_service_disabled(systemd: Systemd):
function test_checkbox_serial_getty_service_inactive (line 142) | def test_checkbox_serial_getty_service_inactive(systemd: Systemd):
function test_checkbox_nginx_service_enabled (line 150) | def test_checkbox_nginx_service_enabled(systemd: Systemd):
function test_checkbox_nginx_service_active (line 158) | def test_checkbox_nginx_service_active(systemd: Systemd):
function test_chost_apparmor_service_enabled (line 171) | def test_chost_apparmor_service_enabled(systemd: Systemd):
function test_chost_apparmor_service_active (line 179) | def test_chost_apparmor_service_active(systemd: Systemd):
function test_chost_containerd_service_enabled (line 187) | def test_chost_containerd_service_enabled(systemd: Systemd):
function test_chost_containerd_service_active (line 195) | def test_chost_containerd_service_active(systemd: Systemd):
function test_cissshd_fw_ipv4_unit_exists (line 224) | def test_cissshd_fw_ipv4_unit_exists(file):
function test_cissshd_fw_ipv6_unit_exists (line 231) | def test_cissshd_fw_ipv6_unit_exists(file):
function test_clamav_clamav_daemon_service_enabled (line 244) | def test_clamav_clamav_daemon_service_enabled(systemd: Systemd):
function test_clamav_clamav_daemon_service_active (line 252) | def test_clamav_clamav_daemon_service_active(systemd: Systemd):
function test_fedramp_fw_ipv4_unit_exists (line 264) | def test_fedramp_fw_ipv4_unit_exists(file):
function test_fedramp_fw_ipv6_unit_exists (line 271) | def test_fedramp_fw_ipv6_unit_exists(file):
function test_fedramp_apparmor_service_enabled (line 279) | def test_fedramp_apparmor_service_enabled(systemd: Systemd):
function test_fedramp_apparmor_service_active (line 287) | def test_fedramp_apparmor_service_active(systemd: Systemd):
function test_fedramp_gardenlinux_fw_ipv4_service_enabled (line 295) | def test_fedramp_gardenlinux_fw_ipv4_service_enabled(systemd: Systemd):
function test_fedramp_gardenlinux_fw_ipv4_service_active (line 303) | def test_fedramp_gardenlinux_fw_ipv4_service_active(systemd: Systemd):
function test_fedramp_gardenlinux_fw_ipv6_service_enabled (line 311) | def test_fedramp_gardenlinux_fw_ipv6_service_enabled(systemd: Systemd):
function test_fedramp_gardenlinux_fw_ipv6_service_active (line 319) | def test_fedramp_gardenlinux_fw_ipv6_service_active(systemd: Systemd):
function test_firewall_nftables_service_enabled (line 332) | def test_firewall_nftables_service_enabled(systemd: Systemd):
function test_firewall_nftables_service_active (line 340) | def test_firewall_nftables_service_active(systemd: Systemd):
function test_gcp_google_guest_agent_service_enabled (line 353) | def test_gcp_google_guest_agent_service_enabled(systemd: Systemd):
function test_gcp_google_guest_agent_service_active (line 364) | def test_gcp_google_guest_agent_service_active(systemd: Systemd):
function test_gcp_no_irqbalance_service (line 372) | def test_gcp_no_irqbalance_service(systemd: Systemd):
function test_gdch_no_irqbalance_service (line 387) | def test_gdch_no_irqbalance_service(systemd: Systemd):
function test_iscsi_initiatorname_template_exists (line 405) | def test_iscsi_initiatorname_template_exists(file: File):
function test_iscsi_initiatorname_unit_exists (line 414) | def test_iscsi_initiatorname_unit_exists(file):
function test_iscsi_iscsid_service_enabled (line 422) | def test_iscsi_iscsid_service_enabled(systemd: Systemd):
function test_iscsi_iscsid_service_active (line 430) | def test_iscsi_iscsid_service_active(systemd: Systemd):
function test_iscsi_tgt_service_enabled (line 438) | def test_iscsi_tgt_service_enabled(systemd: Systemd):
function test_iscsi_tgt_service_active (line 446) | def test_iscsi_tgt_service_active(systemd: Systemd):
function test_khost_apparmor_service_enabled (line 459) | def test_khost_apparmor_service_enabled(systemd: Systemd):
function test_khost_apparmor_service_active (line 467) | def test_khost_apparmor_service_active(systemd: Systemd):
function test_lima_ssh_service_enabled (line 480) | def test_lima_ssh_service_enabled(systemd: Systemd):
function test_lima_ssh_service_active (line 488) | def test_lima_ssh_service_active(systemd: Systemd):
function test_metal_ipmievd_service_enabled (line 501) | def test_metal_ipmievd_service_enabled(systemd: Systemd):
function test_metal_ipmievd_service_active (line 512) | def test_metal_ipmievd_service_active(systemd: Systemd):
function test_metal_mdmonitor_oneshot_timer_enabled (line 520) | def test_metal_mdmonitor_oneshot_timer_enabled(systemd: Systemd):
function test_metal_mdmonitor_oneshot_timer_inactive (line 528) | def test_metal_mdmonitor_oneshot_timer_inactive(systemd: Systemd):
function test_metal_smartd_service_enabled (line 540) | def test_metal_smartd_service_enabled(systemd: Systemd):
function test_metal_smartd_service_active (line 552) | def test_metal_smartd_service_active(systemd: Systemd):
function test_multipath_multipathd_service_enabled (line 565) | def test_multipath_multipathd_service_enabled(systemd: Systemd):
function test_multipath_multipathd_service_active (line 573) | def test_multipath_multipathd_service_active(systemd: Systemd):
function test_nvme_hostid_unit_exists (line 585) | def test_nvme_hostid_unit_exists(file):
function test_openstackMetal_systemd_networkd_service_enabled (line 598) | def test_openstackMetal_systemd_networkd_service_enabled(systemd: Systemd):
function test_openstackMetal_systemd_networkd_service_active (line 606) | def test_openstackMetal_systemd_networkd_service_active(systemd: Systemd):
function test_sap_auditd_service_enabled (line 619) | def test_sap_auditd_service_enabled(systemd: Systemd):
function test_sap_auditd_service_active (line 627) | def test_sap_auditd_service_active(systemd: Systemd):
function test_server_systemd_coredump_override_exists (line 643) | def test_server_systemd_coredump_override_exists(file: File):
function test_server_systemd_coredump_socket_active (line 651) | def test_server_systemd_coredump_socket_active(systemd: Systemd):
function test_server_kexec_load_unit_exists (line 658) | def test_server_kexec_load_unit_exists(file):
function test_server_cron_update_service_inactive (line 666) | def test_server_cron_update_service_inactive(systemd: Systemd):
function test_server_kexec_load_service_enabled (line 674) | def test_server_kexec_load_service_enabled(
function test_server_kexec_load_service_inactive (line 685) | def test_server_kexec_load_service_inactive(
function test_server_sysstat_service_enabled (line 696) | def test_server_sysstat_service_enabled(systemd: Systemd):
function test_server_sysstat_service_active (line 704) | def test_server_sysstat_service_active(systemd: Systemd):
function test_server_systemd_networkd_service_enabled (line 712) | def test_server_systemd_networkd_service_enabled(systemd: Systemd):
function test_server_systemd_networkd_service_active (line 720) | def test_server_systemd_networkd_service_active(systemd: Systemd):
function test_server_systemd_repart_socket_active (line 728) | def test_server_systemd_repart_socket_active(systemd: Systemd):
function test_server_systemd_resolved_service_enabled (line 736) | def test_server_systemd_resolved_service_enabled(systemd: Systemd):
function test_server_systemd_resolved_service_active (line 744) | def test_server_systemd_resolved_service_active(systemd: Systemd):
function test_ssh_keygen_unit_exists (line 756) | def test_ssh_keygen_unit_exists(file):
function test_ssh_moduli_unit_exists (line 763) | def test_ssh_moduli_unit_exists(file):
function test_ssh_ssh_socket_disabled (line 776) | def test_ssh_ssh_socket_disabled(systemd: Systemd):
function test_ssh_ssh_socket_inactive (line 789) | def test_ssh_ssh_socket_inactive(systemd: Systemd):
function test_ssh_ssh_keygen_service_enabled (line 821) | def test_ssh_ssh_keygen_service_enabled(systemd: Systemd):
function test_ssh_ssh_keygen_service_active (line 829) | def test_ssh_ssh_keygen_service_active(systemd: Systemd):
function test_ssh_sshguard_service_enabled (line 837) | def test_ssh_sshguard_service_enabled(systemd: Systemd):
function test_ssh_sshguard_service_active (line 848) | def test_ssh_sshguard_service_active(systemd: Systemd):
function test_vhost_libvirtd_socket_service_enabled (line 861) | def test_vhost_libvirtd_socket_service_enabled(systemd: Systemd):
function test_vhost_libvirtd_socket_service_active (line 869) | def test_vhost_libvirtd_socket_service_active(systemd: Systemd):
function test_vhost_libvirtd_tls_socket_service_disabled (line 877) | def test_vhost_libvirtd_tls_socket_service_disabled(systemd: Systemd):
function test_vhost_libvirtd_tls_socket_service_inactive (line 885) | def test_vhost_libvirtd_tls_socket_service_inactive(systemd: Systemd):
FILE: tests/integration/core/test_sysdiff.py
function test_sysdiff_before_tests (line 15) | def test_sysdiff_before_tests(sysdiff: Sysdiff):
function test_sysdiff_after_tests (line 31) | def test_sysdiff_after_tests(sysdiff: Sysdiff):
FILE: tests/integration/core/test_time.py
function test_clock (line 19) | def test_clock(shell: ShellRunner):
function test_ali_timesyncd_config_exists (line 37) | def test_ali_timesyncd_config_exists(file: File):
function test_correct_ntp_on_aws (line 54) | def test_correct_ntp_on_aws(timedatectl: TimeDateCtl):
function test_azure_chrony_service_after_ptp_exists (line 68) | def test_azure_chrony_service_after_ptp_exists(file: File):
function test_azure_chrony_service_after_ptp_content (line 77) | def test_azure_chrony_service_after_ptp_content(parse_file: ParseFile):
function test_azure_no_timesyncd_override (line 89) | def test_azure_no_timesyncd_override(file: File):
function test_chrony_azure (line 100) | def test_chrony_azure(
function test_azure_chrony_wait_service_disabled (line 119) | def test_azure_chrony_wait_service_disabled(systemd: Systemd):
function test_azure_chrony_wait_service_inactive (line 127) | def test_azure_chrony_wait_service_inactive(systemd: Systemd):
function test_azure_chrony_restricted_service_disabled (line 135) | def test_azure_chrony_restricted_service_disabled(systemd: Systemd):
function test_azure_chrony_restricted_service_inactive (line 143) | def test_azure_chrony_restricted_service_inactive(systemd: Systemd):
function test_azure_ptp_symlink (line 152) | def test_azure_ptp_symlink(ptp_hyperv_dev: str, systemd_detect_virt: Hyp...
function test_correct_ntp_on_gcp (line 174) | def test_correct_ntp_on_gcp(timedatectl: TimeDateCtl):
function test_gdch_no_systemd_timesyncd_service (line 189) | def test_gdch_no_systemd_timesyncd_service(systemd: Systemd):
function test_gdch_chrony_service_enabled (line 199) | def test_gdch_chrony_service_enabled(systemd: Systemd):
function test_fedramp_no_systemd_timesyncd_service (line 212) | def test_fedramp_no_systemd_timesyncd_service(systemd: Systemd):
function test_fedramp_chrony_service_enabled (line 222) | def test_fedramp_chrony_service_enabled(systemd: Systemd):
function test_fedramp_chrony_service_active (line 230) | def test_fedramp_chrony_service_active(systemd: Systemd):
function test_server_systemd_timesyncd_override_exists (line 246) | def test_server_systemd_timesyncd_override_exists(file: File):
function test_ntp (line 255) | def test_ntp(timedatectl: TimeDateCtl):
function test_systemd_timesyncd_disabled_on_azure (line 277) | def test_systemd_timesyncd_disabled_on_azure(systemd: Systemd):
function test_chrony_on_azure (line 294) | def test_chrony_on_azure(systemd: Systemd):
function test_chrony_installed_for_azure_image (line 309) | def test_chrony_installed_for_azure_image(systemd: Systemd):
function test_clocksource_amd64 (line 336) | def test_clocksource_amd64(systemd_detect_virt: Hypervisor, clocksource:...
function test_clocksource_arm64_aarch64 (line 351) | def test_clocksource_arm64_aarch64(systemd_detect_virt: Hypervisor, cloc...
function test_files_not_in_future (line 370) | def test_files_not_in_future(find, dir: str):
function test_files_not_in_future_container (line 391) | def test_files_not_in_future_container(find):
function test_gcp_or_gdch_timezone_utc (line 416) | def test_gcp_or_gdch_timezone_utc(file: File):
FILE: tests/integration/core/test_users_groups.py
function test_service_accounts_have_nologin_shell (line 16) | def test_service_accounts_have_nologin_shell(regular_user_uid_range):
function test_root_home_permissions (line 29) | def test_root_home_permissions(file: File):
function test_no_extra_home_directories (line 34) | def test_no_extra_home_directories(expected_users, file: File):
function test_users_sudo_capability (line 45) | def test_users_sudo_capability(get_all_users, expected_users, user: User):
function test_available_regular_users (line 57) | def test_available_regular_users(get_regular_users, expected_users):
function test_duplicate_uids (line 66) | def test_duplicate_uids(passwd_entries: List[Passwd]):
function test_duplicate_uids_detection (line 76) | def test_duplicate_uids_detection(passwd_entries: List[Passwd]):
function test_groups_are_unique (line 88) | def test_groups_are_unique(group_entries: List[Group]):
function test_groups_find_duplicate (line 98) | def test_groups_find_duplicate(group_entries: List[Group]):
function test_group_root_has_no_users (line 112) | def test_group_root_has_no_users(group_entries: List[Group]):
function test_group_wheel_has_no_unexpected_users (line 132) | def test_group_wheel_has_no_unexpected_users(
FILE: tests/integration/infrastructure/test_cloud_platforms.py
function test_azure_networkd_unmanaged_devices_exists (line 13) | def test_azure_networkd_unmanaged_devices_exists(file: File):
function test_azure_networkd_unmanaged_devices_content (line 20) | def test_azure_networkd_unmanaged_devices_content(parse_file: ParseFile):
function test_azure_udev_rules_exist (line 37) | def test_azure_udev_rules_exist(file: File):
function test_gcp_instance_configs_run_dir_set (line 54) | def test_gcp_instance_configs_run_dir_set(parse_file: ParseFile):
function test_gcp_ssh_google_oslogin_config (line 72) | def test_gcp_ssh_google_oslogin_config(parse_file: ParseFile):
function test_gcp_udev_gce_disk_removal_rules (line 89) | def test_gcp_udev_gce_disk_removal_rules(file: File):
function test_gcp_google_guest_agent_manager_masked (line 102) | def test_gcp_google_guest_agent_manager_masked(systemd: Systemd):
function test_cloud_kernel_postinst_scripts_exist (line 121) | def test_cloud_kernel_postinst_scripts_exist(file: File):
function test_cloud_kernel_postrm_script_exists (line 133) | def test_cloud_kernel_postrm_script_exists(file: File):
function test_cloud_repart_root_config_exists (line 140) | def test_cloud_repart_root_config_exists(file: File):
function test_cloud_rngd_architecture_config_exists (line 147) | def test_cloud_rngd_architecture_config_exists(file: File):
FILE: tests/integration/infrastructure/test_iscsi.py
function test_multipath_config_exists (line 21) | def test_multipath_config_exists(file: File):
function test_iscsi_no_static_initiatorname (line 40) | def test_iscsi_no_static_initiatorname(file: File):
function test_iscsi_chap_algorithms_config_exists (line 53) | def test_iscsi_chap_algorithms_config_exists(parse: type[Parse]):
function test_iscsi_node_session_scan_config_exists (line 68) | def test_iscsi_node_session_scan_config_exists(parse: type[Parse]):
function test_iscsi_open_iscsi_configured (line 83) | def test_iscsi_open_iscsi_configured(file: File):
function test_iscsi_setup (line 94) | def test_iscsi_setup(shell: ShellRunner, block_devices: BlockDevices, is...
FILE: tests/integration/infrastructure/test_kvm.py
function test_fwcfg_run_script_exists (line 11) | def test_fwcfg_run_script_exists(file: File):
function test_kvm_udev_rules_onmetal_exists (line 27) | def test_kvm_udev_rules_onmetal_exists(file: File):
FILE: tests/integration/infrastructure/test_metal.py
function test_kernel_entry_token_exists (line 17) | def test_kernel_entry_token_exists(file: File):
function test_kernel_entry_token_content (line 29) | def test_kernel_entry_token_content(parse_file: ParseFile):
function test_metal_kernel_postinst_cmdline (line 41) | def test_metal_kernel_postinst_cmdline(file: File):
function test_metal_kernel_postinst_ucode (line 54) | def test_metal_kernel_postinst_ucode(file: File):
function test_metal_kernel_postinst_syslinux (line 67) | def test_metal_kernel_postinst_syslinux(file: File):
function test_metal_kernel_postrm_syslinux (line 80) | def test_metal_kernel_postrm_syslinux(file: File):
function test_metal_removed_files (line 99) | def test_metal_removed_files(file: File):
function test_metal_udev_rules_intellldp (line 120) | def test_metal_udev_rules_intellldp(file: File):
function test_metal_udev_rules_nostbyrot (line 133) | def test_metal_udev_rules_nostbyrot(file: File):
function test_metal_update_usbids_script (line 146) | def test_metal_update_usbids_script(file: File):
FILE: tests/integration/infrastructure/test_nvme.py
function test_nvme_locally (line 15) | def test_nvme_locally(nvme_device, shell: ShellRunner):
FILE: tests/integration/kernel/test_kernel_cmdline.py
function test_ali_kernel_cmdline_console_exists (line 15) | def test_ali_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_ali (line 23) | def test_console_configuration_in_cmdline_ali(kernel_cmdline: List[str]):
function test_aws_kernel_cmdline_console_exists (line 40) | def test_aws_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_aws (line 48) | def test_console_configuration_in_cmdline_aws(kernel_cmdline: List[str]):
function test_aws_kernel_cmdline_nvme_exists (line 60) | def test_aws_kernel_cmdline_nvme_exists(file: File):
function test_nvme_configuration_in_cmdline_aws (line 68) | def test_nvme_configuration_in_cmdline_aws(kernel_cmdline: List[str]):
function test_azure_kernel_cmdline_console_exists (line 82) | def test_azure_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_azure (line 90) | def test_console_configuration_in_cmdline_azure(kernel_cmdline: List[str]):
function test_azure_kernel_cmdline_nvme_exists (line 102) | def test_azure_kernel_cmdline_nvme_exists(file: File):
function test_nvme_configuration_in_cmdline_azure (line 110) | def test_nvme_configuration_in_cmdline_azure(kernel_cmdline: List[str]):
function test_cloud_kernel_cmdline_default_exists (line 124) | def test_cloud_kernel_cmdline_default_exists(file: File):
function test_cloud_kernel_cmdline_default (line 132) | def test_cloud_kernel_cmdline_default(kernel_cmdline: List[str]):
function test_cloud_kernel_cmdline_swap_cgroup_exists (line 146) | def test_cloud_kernel_cmdline_swap_cgroup_exists(file: File):
function test_cloud_kernel_cmdline_swap_cgroup (line 158) | def test_cloud_kernel_cmdline_swap_cgroup(kernel_cmdline: List[str]):
function test_cloud_kernel_cmdline_timeout_exists (line 169) | def test_cloud_kernel_cmdline_timeout_exists(file: File):
function test_gcp_kernel_cmdline_default_exists (line 189) | def test_gcp_kernel_cmdline_default_exists(file: File):
function test_gcp_kernel_cmdline_console_exists (line 209) | def test_gcp_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_gcp (line 217) | def test_console_configuration_in_cmdline_gcp(kernel_cmdline: List[str]):
function test_gdch_kernel_cmdline_default_exists (line 234) | def test_gdch_kernel_cmdline_default_exists(file: File):
function test_gdch_kernel_cmdline_console_exists (line 254) | def test_gdch_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_gdch (line 262) | def test_console_configuration_in_cmdline_gdch(kernel_cmdline: List[str]):
function test_kvm_kernel_cmdline_console_exists (line 279) | def test_kvm_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_kvm_amd64 (line 288) | def test_console_configuration_in_cmdline_kvm_amd64(kernel_cmdline: List...
function test_console_configuration_in_cmdline_kvm_earlyprintk_amd64 (line 306) | def test_console_configuration_in_cmdline_kvm_earlyprintk_amd64(
function test_console_configuration_in_cmdline_kvm_earlycon_aarch64 (line 323) | def test_console_configuration_in_cmdline_kvm_earlycon_aarch64(
function test_lima_kernel_cmdline_default_exists (line 339) | def test_lima_kernel_cmdline_default_exists(file: File):
function test_lima_kernel_cmdline_default (line 347) | def test_lima_kernel_cmdline_default(kernel_cmdline: List[str]):
function test_lima_kernel_cmdline_console_exists (line 358) | def test_lima_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_lima (line 366) | def test_console_configuration_in_cmdline_lima(kernel_cmdline: List[str]):
function test_console_configuration_in_cmdline_lima_bautrates (line 383) | def test_console_configuration_in_cmdline_lima_bautrates(kernel_cmdline:...
function test_lima_kernel_postinst_cmdline_exists (line 396) | def test_lima_kernel_postinst_cmdline_exists(file: File):
function test_metal_kernel_cmdline_default_exists (line 408) | def test_metal_kernel_cmdline_default_exists(file: File):
function test_metal_kernel_cmdline_default (line 416) | def test_metal_kernel_cmdline_default(kernel_cmdline: List[str]):
function test_metal_kernel_cmdline_console_exists (line 427) | def test_metal_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_metal (line 435) | def test_console_configuration_in_cmdline_metal(kernel_cmdline: List[str]):
function test_console_configuration_in_cmdline_metal_bautrates (line 452) | def test_console_configuration_in_cmdline_metal_bautrates(kernel_cmdline...
function test_openstack_kernel_cmdline_console_exists (line 466) | def test_openstack_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_openstack (line 474) | def test_console_configuration_in_cmdline_openstack(kernel_cmdline: List...
function test_openstackMetal_kernel_cmdline_enable_swap_cgroup_accounting_exists (line 493) | def test_openstackMetal_kernel_cmdline_enable_swap_cgroup_accounting_exi...
function test_enable_swap_cgroup_accounting_configuration_in_cmdline_openstackMetal (line 507) | def test_enable_swap_cgroup_accounting_configuration_in_cmdline_openstac...
function test_vmware_kernel_cmdline_console_exists (line 525) | def test_vmware_kernel_cmdline_console_exists(file: File):
function test_console_configuration_in_cmdline_vmware (line 533) | def test_console_configuration_in_cmdline_vmware(kernel_cmdline: List[st...
function test_console_configuration_in_cmdline_vmware_bautrates (line 550) | def test_console_configuration_in_cmdline_vmware_bautrates(kernel_cmdlin...
FILE: tests/integration/kernel/test_kernel_count.py
function test_kernel_versions (line 6) | def test_kernel_versions(kernel_versions: KernelVersions):
function test_kernel_versions_container (line 15) | def test_kernel_versions_container(kernel_versions: KernelVersions):
FILE: tests/integration/kernel/test_kernel_modules.py
function test_cismodprobe_blacklist_exists (line 24) | def test_cismodprobe_blacklist_exists(file: File):
function test_cismodprobe_modules_not_loaded (line 57) | def test_cismodprobe_modules_not_loaded(kernel_module: KernelModule):
function test_cloud_modprobe_disable_configs_exist (line 91) | def test_cloud_modprobe_disable_configs_exist(file: File):
function test_cloud_modprobe_disable_udf_config_exists (line 111) | def test_cloud_modprobe_disable_udf_config_exists(file: File):
function test_cloud_modprobe_disable_modules_not_loaded (line 130) | def test_cloud_modprobe_disable_modules_not_loaded(kernel_module: Kernel...
function test_cloud_modprobe_udf_module_not_loaded (line 160) | def test_cloud_modprobe_udf_module_not_loaded(kernel_module: KernelModule):
function test_azure_no_modprobe_udf_disable_exists (line 173) | def test_azure_no_modprobe_udf_disable_exists(file: File):
function test_azure_modprobe_udf_module_loaded (line 182) | def test_azure_modprobe_udf_module_loaded(kernel_module: KernelModule):
function test_chost_modprobe_configs_exist (line 209) | def test_chost_modprobe_configs_exist(file: File):
function test_chost_modprobe_required_modules_loaded (line 257) | def test_chost_modprobe_required_modules_loaded(kernel_module: KernelMod...
function test_khost_modprobe_br_nf_exists (line 278) | def test_khost_modprobe_br_nf_exists(file: File):
function test_khost_modprobe_br_nf_loaded (line 286) | def test_khost_modprobe_br_nf_loaded(kernel_module: KernelModule):
function test_gardener_modprobe_ipvs_exists (line 300) | def test_gardener_modprobe_ipvs_exists(file: File):
function test_gardener_modprobe_ipvs_loaded (line 308) | def test_gardener_modprobe_ipvs_loaded(kernel_module: KernelModule):
function test_openstackMetal_modprobe_nouveau_disable_exists (line 332) | def test_openstackMetal_modprobe_nouveau_disable_exists(file: File):
function test_openstackMetal_modprobe_nouveau_no_loaded (line 340) | def test_openstackMetal_modprobe_nouveau_no_loaded(kernel_module: Kernel...
FILE: tests/integration/kernel/test_kernel_parameters.py
function test_cloud_sysctl_cloud_config_exists (line 12) | def test_cloud_sysctl_cloud_config_exists(file: File):
function test_kernel_parameters_cannot_hardlink_what_you_do_not_own (line 25) | def test_kernel_parameters_cannot_hardlink_what_you_do_not_own(sysctl):
function test_kernel_parameters_cannot_symlink_what_you_do_not_own (line 37) | def test_kernel_parameters_cannot_symlink_what_you_do_not_own(sysctl):
function test_kernel_parameters_randomize_memory_allocation (line 49) | def test_kernel_parameters_randomize_memory_allocation(sysctl):
function test_sysctl_rp_filter (line 58) | def test_sysctl_rp_filter(sysctl):
function test_cloud_sysctl_network_configs_exist (line 70) | def test_cloud_sysctl_network_configs_exist(file: File):
function test_cloud_sysctl_network_config_ipv4 (line 87) | def test_cloud_sysctl_network_config_ipv4(sysctl):
function test_cloud_sysctl_network_config_ipv6 (line 120) | def test_cloud_sysctl_network_config_ipv6(sysctl):
function test_chost_sysctl_configs_exist (line 144) | def test_chost_sysctl_configs_exist(file: File):
function test_chost_sysctl_config_content (line 162) | def test_chost_sysctl_config_content(sysctl: Sysctl):
function test_khost_sysctl_configs_exist (line 189) | def test_khost_sysctl_configs_exist(file: File):
function test_khost_sysctl_configs_content (line 209) | def test_khost_sysctl_configs_content(sysctl: Sysctl):
function test_server_sysctl_allow_ping_nonroot (line 236) | def test_server_sysctl_allow_ping_nonroot(file: File):
function test_server_sysctl_allow_ping_nonroot_check (line 250) | def test_server_sysctl_allow_ping_nonroot_check(sysctl: Sysctl):
function test_server_sysctl_unprivileged_namespaces (line 267) | def test_server_sysctl_unprivileged_namespaces(file: File):
function test_server_sysctl_unprivileged_namespaces_check (line 281) | def test_server_sysctl_unprivileged_namespaces_check(sysctl: Sysctl):
FILE: tests/integration/runtime/test_checkbox.py
function test_checkbox_test_plan_exists (line 18) | def test_checkbox_test_plan_exists(file: File):
function test_checkbox_units_category_exists (line 31) | def test_checkbox_units_category_exists(file: File):
function test_checkbox_units_jobs_exists (line 44) | def test_checkbox_units_jobs_exists(file: File):
function test_checkbox_units_manifest_exists (line 57) | def test_checkbox_units_manifest_exists(file: File):
function test_checkbox_issue_banner_exists (line 70) | def test_checkbox_issue_banner_exists(file: File):
function test_checkbox_issue_banner_content (line 81) | def test_checkbox_issue_banner_content(parse_file: ParseFile):
function test_checkbox_issue_net_banner_exists (line 95) | def test_checkbox_issue_net_banner_exists(file: File):
function test_checkbox_issue_net_banner_empty (line 106) | def test_checkbox_issue_net_banner_empty(file: File):
function test_checkbox_motd_exists (line 118) | def test_checkbox_motd_exists(file: File):
function test_checkbox_motd_empty (line 129) | def test_checkbox_motd_empty(file: File):
function test_checkbox_journald_logs_config_exists (line 141) | def test_checkbox_journald_logs_config_exists(file: File):
function test_checkbox_journald_logs_config_content (line 154) | def test_checkbox_journald_logs_config_content(parse_file: ParseFile):
function test_checkbox_kernel_cmdline_iso_exists (line 171) | def test_checkbox_kernel_cmdline_iso_exists(file: File):
function test_checkbox_kernel_cmdline_iso_content (line 185) | def test_checkbox_kernel_cmdline_iso_content(kernel_cmdline: List[str]):
function test_checkbox_dmesg_colored_script_exists (line 199) | def test_checkbox_dmesg_colored_script_exists(file: File):
function test_checkbox_generate_report_script_exists (line 212) | def test_checkbox_generate_report_script_exists(file: File):
function test_checkbox_hw_encrypt_check_script_exists (line 225) | def test_checkbox_hw_encrypt_check_script_exists(file: File):
function test_checkbox_tpm_check_script_exists (line 238) | def test_checkbox_tpm_check_script_exists(file: File):
function test_checkbox_virtualization_disabled_script_exists (line 251) | def test_checkbox_virtualization_disabled_script_exists(file: File):
FILE: tests/integration/runtime/test_chost.py
function test_chost_containerd_config_exists (line 16) | def test_chost_containerd_config_exists(file: File):
function test_chost_containerd_config_content (line 29) | def test_chost_containerd_config_content(parse_file: ParseFile):
function test_chost_crictl_config_exists (line 61) | def test_chost_crictl_config_exists(file: File):
function test_chost_crictl_config_content (line 72) | def test_chost_crictl_config_content(parse_file: ParseFile):
function test_chost_containerd_service_override_exists (line 89) | def test_chost_containerd_service_override_exists(file: File):
function test_chost_no_apparmor_init (line 102) | def test_chost_no_apparmor_init(file: File):
function test_chost_no_containerd_opt_directory (line 115) | def test_chost_no_containerd_opt_directory(file: File):
FILE: tests/integration/runtime/test_clamav.py
function test_clamav_cron_exists (line 16) | def test_clamav_cron_exists(file: File):
function test_clamav_cron_content (line 33) | def test_clamav_cron_content(parse_file: ParseFile):
FILE: tests/integration/runtime/test_containers.py
function test_basic_container_functionality (line 20) | def test_basic_container_functionality(
FILE: tests/integration/runtime/test_gardener.py
function test_gardener_no_containerd_default_config (line 18) | def test_gardener_no_containerd_default_config(file: File):
function test_gardener_iptables_legacy_alternative (line 31) | def test_gardener_iptables_legacy_alternative(file: File):
function test_gardener_mount_no_sbit_security (line 55) | def test_gardener_mount_no_sbit_security(file: File):
function test_gardener_apparmor_service_enabled (line 75) | def test_gardener_apparmor_service_enabled(systemd: Systemd):
function test_gardener_apparmor_service_active (line 83) | def test_gardener_apparmor_service_active(systemd: Systemd):
function test_gardener_containerd_service_disabled (line 96) | def test_gardener_containerd_service_disabled(systemd: Systemd):
function test_gardener_containerd_service_inactive (line 109) | def test_gardener_containerd_service_inactive(systemd: Systemd):
function test_gardener_logrotate_timer_service_enabled (line 117) | def test_gardener_logrotate_timer_service_enabled(systemd: Systemd):
function test_gardener_logrotate_timer_service_active (line 125) | def test_gardener_logrotate_timer_service_active(systemd: Systemd):
function test_gardener_ssh_service_disabled (line 133) | def test_gardener_ssh_service_disabled(systemd: Systemd):
function test_gardener_ssh_service_inactive (line 145) | def test_gardener_ssh_service_inactive(systemd: Systemd):
function test_gardener_containerd_override_exists (line 160) | def test_gardener_containerd_override_exists(file: File):
function test_gardener_containerd_override_content (line 173) | def test_gardener_containerd_override_content(parse_file: ParseFile):
function test_gardener_containerd_can_be_started (line 191) | def test_gardener_containerd_can_be_started(systemd: Systemd, service_co...
FILE: tests/integration/runtime/test_glvd.py
function test_glvd_motd_scripts_exists (line 11) | def test_glvd_motd_scripts_exists(file: File):
FILE: tests/integration/runtime/test_khost.py
function test_khost_no_apparmor_init (line 15) | def test_khost_no_apparmor_init(file: File):
FILE: tests/integration/runtime/test_nodejs.py
function test_nodejs_is_installed (line 11) | def test_nodejs_is_installed(shell: ShellRunner):
function test_node_can_run_script (line 17) | def test_node_can_run_script(shell: ShellRunner):
FILE: tests/integration/runtime/test_pythonDev.py
function test_python_environment_is_installed (line 11) | def test_python_environment_is_installed(shell: ShellRunner):
function test_python_export_libs (line 50) | def test_python_export_libs(shell: ShellRunner, pip_requests):
FILE: tests/integration/runtime/test_sap.py
function test_sap_audit_privilege_escalation_permissions (line 16) | def test_sap_audit_privilege_escalation_permissions(file: File):
function test_sap_audit_privilege_escalation (line 29) | def test_sap_audit_privilege_escalation(parse_file: ParseFile):
function test_sap_audit_privilege_escalation_special_permissions (line 48) | def test_sap_audit_privilege_escalation_special_permissions(file: File):
function test_sap_audit_privilege_escalation_special_amd64 (line 62) | def test_sap_audit_privilege_escalation_special_amd64(parse_file: ParseF...
function test_sap_audit_privilege_escalation_special_arm64 (line 80) | def test_sap_audit_privilege_escalation_special_arm64(parse_file: ParseF...
function test_sap_audit_system_integrity_permissions (line 97) | def test_sap_audit_system_integrity_permissions(file: File):
function test_sap_audit_system_integrity (line 110) | def test_sap_audit_system_integrity(parse_file: ParseFile):
function test_sap_issue_banner_exists (line 134) | def test_sap_issue_banner_exists(file: File):
function test_sap_issue_banner_content (line 145) | def test_sap_issue_banner_content(parse_file: ParseFile):
function test_sap_issue_net_banner_exists (line 161) | def test_sap_issue_net_banner_exists(file: File):
function test_sap_issue_net_banner_content (line 172) | def test_sap_issue_net_banner_content(parse_file: ParseFile):
function test_sap_motd_exists (line 188) | def test_sap_motd_exists(file: File):
function test_sap_motd_content (line 199) | def test_sap_motd_content(parse_file: ParseFile):
function test_sap_tmpfiles_legacy_exists (line 213) | def test_sap_tmpfiles_legacy_exists(file: File):
function test_sap_tmpfiles_legacy_content (line 226) | def test_sap_tmpfiles_legacy_content(parse_file: ParseFile):
function test_sap_global_root_ca_exists (line 246) | def test_sap_global_root_ca_exists(file: File):
function test_sap_global_root_ca_content (line 259) | def test_sap_global_root_ca_content(parse_file: ParseFile):
FILE: tests/integration/runtime/test_sapmachine.py
function test_sapmachine_is_installed (line 12) | def test_sapmachine_is_installed(dpkg: Dpkg):
function test_java_version_command (line 19) | def test_java_version_command(shell: ShellRunner):
function test_sapmachine_apt_repo_is_installed (line 25) | def test_sapmachine_apt_repo_is_installed(apt: Apt):
function test_sapmachine_apt_keyring_exists (line 34) | def test_sapmachine_apt_keyring_exists(file):
FILE: tests/integration/security/compliance/test_cis.py
function test_debian_cis_audit (line 24) | def test_debian_cis_audit(shell):
function test_cisaudit_audit_rules_exist (line 64) | def test_cisaudit_audit_rules_exist(file: File):
function test_cisaudit_audit_rules_service_override_exists (line 71) | def test_cisaudit_audit_rules_service_override_exists(file: File):
function test_cisaudit_auditd_conf_settings (line 86) | def test_cisaudit_auditd_conf_settings(file: File):
function test_cisos_kernel_cmdline_audit_proc_exists (line 116) | def test_cisos_kernel_cmdline_audit_proc_exists(file: File):
function test_cisos_kernel_cmdline_audit_backlog_exists (line 123) | def test_cisos_kernel_cmdline_audit_backlog_exists(file: File):
function test_cisos_kernel_cmdline_audit_runtime (line 137) | def test_cisos_kernel_cmdline_audit_runtime(kernel_cmdline: List[str]):
function test_cisos_kernel_postinst_hooks_exist (line 154) | def test_cisos_kernel_postinst_hooks_exist(file: File):
function test_cisos_kernel_postrm_hooks_exist (line 172) | def test_cisos_kernel_postrm_hooks_exist(file: File):
function test_cisos_logrotate_configs_exist (line 194) | def test_cisos_logrotate_configs_exist(file: File):
function test_cisos_pam_common_account_config (line 214) | def test_cisos_pam_common_account_config(pam_config: PamConfig):
function test_cisos_pam_common_auth_config (line 244) | def test_cisos_pam_common_auth_config(pam_config: PamConfig):
function test_cisos_security_limits_conf_exists (line 285) | def test_cisos_security_limits_conf_exists(file: File):
function test_cisos_security_limits_conf_content (line 292) | def test_cisos_security_limits_conf_content(parse_file: ParseFile):
function test_cisos_selinux_config_exists (line 301) | def test_cisos_selinux_config_exists(file: File):
function test_cisos_selinux_config_permissive (line 308) | def test_cisos_selinux_config_permissive(parse_file: ParseFile):
function test_cisos_selinux_config_type (line 316) | def test_cisos_selinux_config_type(parse_file: ParseFile):
function test_cisos_selinux_config_setlocaldefs (line 324) | def test_cisos_selinux_config_setlocaldefs(parse_file: ParseFile):
function test_cisos_sysstat_config_exists (line 332) | def test_cisos_sysstat_config_exists(file: File):
function test_cisos_sysstat_config_umask (line 339) | def test_cisos_sysstat_config_umask(parse_file: ParseFile):
function test_cisos_tmpfiles_var_exists (line 347) | def test_cisos_tmpfiles_var_exists(file: File):
function test_cisos_cron_permissions (line 369) | def test_cisos_cron_permissions(file: File):
function test_cisos_login_defs_password_policies (line 404) | def test_cisos_login_defs_password_policies(parse_file: ParseFile):
function test_cisos_pwquality_config_exists (line 414) | def test_cisos_pwquality_config_exists(file: File):
function test_cisos_pwquality_config_content (line 421) | def test_cisos_pwquality_config_content(parse_file: ParseFile):
function test_cisos_pam_common_password_permissions (line 438) | def test_cisos_pam_common_password_permissions(file: File):
function test_cisos_pam_su_restrict (line 456) | def test_cisos_pam_su_restrict(pam_config: PamConfig):
function test_cisos_hosts_allow_exists (line 466) | def test_cisos_hosts_allow_exists(file: File):
function test_cisos_hosts_allow_deny_all (line 473) | def test_cisos_hosts_allow_deny_all(parse_file: ParseFile):
function test_cisos_log_files_permissions (line 482) | def test_cisos_log_files_permissions(find, file: File):
function test_cisos_shell_umask_configured (line 493) | def test_cisos_shell_umask_configured(parse_file: ParseFile):
function test_cisos_journald_storage_persistent (line 504) | def test_cisos_journald_storage_persistent(parse_file: ParseFile):
function test_cisos_udev_usb_rules_exist (line 512) | def test_cisos_udev_usb_rules_exist(file: File):
function test_cisos_root_password_configured (line 521) | def test_cisos_root_password_configured(shadow_entries: List[Shadow]):
function test_cissshd_firewall_configs_exist (line 553) | def test_cissshd_firewall_configs_exist(file: File):
function test_cissshd_banner_exists (line 567) | def test_cissshd_banner_exists(file: File):
function test_cissshd_banner_content (line 574) | def test_cissshd_banner_content(parse_file: ParseFile):
function test_cissshd_sshd_config_exists (line 588) | def test_cissshd_sshd_config_exists(file: File):
function test_cissshd_sshd_config_content (line 599) | def test_cissshd_sshd_config_content(parse_file: ParseFile):
function test_cissshd_sshd_config_permissions (line 653) | def test_cissshd_sshd_config_permissions(file: File):
function test_cis_hardening_configs_exist (line 671) | def test_cis_hardening_configs_exist(file: File):
function test_cis_logrotate_config_exists (line 685) | def test_cis_logrotate_config_exists(file: File):
function test_cis_logrotate_permissions (line 692) | def test_cis_logrotate_permissions(file: File):
function test_cissysctl_sysctl_files_exists (line 704) | def test_cissysctl_sysctl_files_exists(file: File):
function test_cissysctl_sysctl_parameters_set (line 717) | def test_cissysctl_sysctl_parameters_set(sysctl: Sysctl):
FILE: tests/integration/security/compliance/test_disastig_00005.py
function test_stig_common_auth_pam_faillock (line 8) | def test_stig_common_auth_pam_faillock(pam_config):
FILE: tests/integration/security/compliance/test_disastig_00009.py
function test_session_lock_requires_reauthentication (line 6) | def test_session_lock_requires_reauthentication(lsm):
FILE: tests/integration/security/compliance/test_disastig_00013.py
function test_sshguard_is_enabled (line 12) | def test_sshguard_is_enabled(systemd):
function test_sshguard_is_active (line 24) | def test_sshguard_is_active(systemd):
function test_sshguard_journal_reading_is_configured (line 32) | def test_sshguard_journal_reading_is_configured(parse_file):
function test_sshguard_can_log_to_journald_dev_log_is_managed_by_journald (line 43) | def test_sshguard_can_log_to_journald_dev_log_is_managed_by_journald(file):
FILE: tests/integration/security/compliance/test_disastig_00041.py
function test_passwd_does_not_store_passwords (line 7) | def test_passwd_does_not_store_passwords(passwd_entries):
function test_shadow_passwords_are_hashed (line 22) | def test_shadow_passwords_are_hashed(shadow_entries):
function test_shadow_uses_strong_hashing_algorithm (line 39) | def test_shadow_uses_strong_hashing_algorithm(shadow_entries):
FILE: tests/integration/security/compliance/test_disastig_00046.py
function test_common_password_passwdqc_pam_faillock (line 5) | def test_common_password_passwdqc_pam_faillock(pam_config):
FILE: tests/integration/security/compliance/test_disastig_00047.py
function test_authentication_uses_valid_pam_modules (line 15) | def test_authentication_uses_valid_pam_modules(file: File, parse_file: P...
function test_authentication_no_insecure_echo (line 39) | def test_authentication_no_insecure_echo(file: File, parse_file: ParseFi...
FILE: tests/integration/security/compliance/test_disastig_00050.py
function test_ports_protocols_and_services_restricted (line 20) | def test_ports_protocols_and_services_restricted(shell, systemd):
FILE: tests/integration/security/compliance/test_disastig_00063.py
function test_audit_reporting_tools_installed (line 14) | def test_audit_reporting_tools_installed():
function test_audit_reporting_execution (line 25) | def test_audit_reporting_execution(shell):
FILE: tests/integration/security/compliance/test_disastig_00067.py
function test_only_root_user_has_uid_zero (line 36) | def test_only_root_user_has_uid_zero():
function test_only_setuid_binaries_from_the_list_are_allowed (line 44) | def test_only_setuid_binaries_from_the_list_are_allowed(exposed_setuid_b...
function test_only_lima_setuid_binaries_from_the_list_are_allowed (line 53) | def test_only_lima_setuid_binaries_from_the_list_are_allowed(exposed_set...
FILE: tests/integration/security/compliance/test_disastig_00069.py
function test_tmp_mount_is_configured_securely (line 15) | def test_tmp_mount_is_configured_securely(mount):
function test_tmp_mount_is_configured_securely_and_with_selinux (line 28) | def test_tmp_mount_is_configured_securely_and_with_selinux(mount):
function test_temp_directores_are_world_writable_and_have_sticky_bit_set (line 39) | def test_temp_directores_are_world_writable_and_have_sticky_bit_set(file):
function test_systemd_tmpfiles_configuration_is_sane (line 46) | def test_systemd_tmpfiles_configuration_is_sane(shell):
function test_suid_binaries_cannot_create_coredumps (line 57) | def test_suid_binaries_cannot_create_coredumps(sysctl):
function test_kernel_randomizes_virtual_memory_addresses (line 63) | def test_kernel_randomizes_virtual_memory_addresses(sysctl):
FILE: tests/integration/security/compliance/test_disastig_00072.py
function test_terminate_ssh_session_after_inactivity_period (line 16) | def test_terminate_ssh_session_after_inactivity_period(parse_file):
FILE: tests/integration/security/compliance/test_disastig_00084.py
function test_systemd_journal_is_not_world_readable (line 11) | def test_systemd_journal_is_not_world_readable(file):
FILE: tests/integration/security/compliance/test_disastig_00089.py
function test_audit_calling_user_group_related_utilities (line 16) | def test_audit_calling_user_group_related_utilities(audit_rule):
FILE: tests/integration/security/compliance/test_disastig_00097.py
function test_shadow_permissions (line 16) | def test_shadow_permissions(file):
function test_passwd_permissions_numeric (line 31) | def test_passwd_permissions_numeric(file):
function test_passwd_permissions_symbolic (line 46) | def test_passwd_permissions_symbolic(file):
function test_audit_tools_permissions (line 63) | def test_audit_tools_permissions(file):
function test_sticky_bit_support (line 85) | def test_sticky_bit_support(file, tmp_path):
function test_audit_tools_parent_dirs_not_writable (line 101) | def test_audit_tools_parent_dirs_not_writable(file):
FILE: tests/integration/security/compliance/test_disastig_00098.py
function test_audit_log_directory_protected (line 11) | def test_audit_log_directory_protected(file):
function test_audit_log_files_protected (line 44) | def test_audit_log_files_protected(file):
FILE: tests/integration/security/compliance/test_disastig_00100.py
function ld_library_paths (line 41) | def ld_library_paths():
function test_no_unsolicited_lib_path_for_ldconfig (line 51) | def test_no_unsolicited_lib_path_for_ldconfig(ld_library_paths):
function test_lib_directories_are_only_root_writable (line 56) | def test_lib_directories_are_only_root_writable(ld_library_paths, file):
function test_python_lib_directory_is_only_root_writable (line 63) | def test_python_lib_directory_is_only_root_writable(file, dpkg):
function test_python_disallows_installing_packages_with_pip_on_system_level (line 71) | def test_python_disallows_installing_packages_with_pip_on_system_level(d...
function test_only_root_can_install_deb_packages (line 80) | def test_only_root_can_install_deb_packages(file):
FILE: tests/integration/security/compliance/test_disastig_00108.py
function test_auditd_is_not_tampered (line 12) | def test_auditd_is_not_tampered(dpkg, dpkg_checksums, shell):
FILE: tests/integration/security/compliance/test_disastig_00136.py
function test_audit_reduction_capability (line 9) | def test_audit_reduction_capability(shell: ShellRunner):
FILE: tests/integration/security/compliance/test_disastig_00143.py
function test_time_sync_ptp_daemon_running (line 23) | def test_time_sync_ptp_daemon_running(systemd):
function test_time_sync_ntp_daemon_running (line 29) | def test_time_sync_ntp_daemon_running(systemd):
function test_time_is_actively_synced (line 38) | def test_time_is_actively_synced(timedatectl, shell):
function test_time_is_synced_at_least_once_a_day (line 43) | def test_time_is_synced_at_least_once_a_day(timedatectl):
FILE: tests/integration/security/compliance/test_disastig_00146.py
function test_audit_timestamp_utc_mapping (line 8) | def test_audit_timestamp_utc_mapping(shell: ShellRunner, timedatectl):
FILE: tests/integration/security/compliance/test_disastig_00149.py
function test_package_manager_requires_privileged_access (line 16) | def test_package_manager_requires_privileged_access(file: File):
function test_package_database_protected (line 51) | def test_package_database_protected(file: File):
FILE: tests/integration/security/compliance/test_disastig_00153.py
function test_package_signature_verification_enabled (line 12) | def test_package_signature_verification_enabled(parse_file: ParseFile, f...
FILE: tests/integration/security/compliance/test_disastig_00155.py
function test_deny_all_execution_mechanism_present (line 9) | def test_deny_all_execution_mechanism_present(lsm):
FILE: tests/integration/security/compliance/test_disastig_00170.py
function test_password_expiration_checking_pam_module_is_in_use (line 14) | def test_password_expiration_checking_pam_module_is_in_use(pam_config):
FILE: tests/integration/security/compliance/test_disastig_00173.py
function test_ssh_strong_macs_present (line 8) | def test_ssh_strong_macs_present(sshd, dpkg: Dpkg):
function test_ssh_weak_macs_not_present (line 42) | def test_ssh_weak_macs_not_present(sshd):
FILE: tests/integration/security/compliance/test_disastig_00175.py
function test_ssh_client_alive_interval_configured (line 7) | def test_ssh_client_alive_interval_configured(sshd):
FILE: tests/integration/security/compliance/test_disastig_00180.py
function test_password_length_is_not_limited_in_pam_configs (line 14) | def test_password_length_is_not_limited_in_pam_configs():
function test_password_length_is_not_limited_in_passwdqc_config (line 29) | def test_password_length_is_not_limited_in_passwdqc_config(parse_file):
FILE: tests/integration/security/compliance/test_disastig_00186.py
function test_icmp_rate_limiting_enabled (line 7) | def test_icmp_rate_limiting_enabled(sysctl):
function test_tcp_syncookies_enabled (line 24) | def test_tcp_syncookies_enabled(sysctl):
FILE: tests/integration/security/compliance/test_disastig_00187.py
function test_telnet_service_disabled (line 7) | def test_telnet_service_disabled(systemd: Systemd):
function test_telnet_service_active (line 22) | def test_telnet_service_active(systemd: Systemd):
function test_rsh_service_disabled (line 38) | def test_rsh_service_disabled(systemd: Systemd):
function test_rsh_service_active (line 53) | def test_rsh_service_active(systemd: Systemd):
function test_rexec_service_disabled (line 68) | def test_rexec_service_disabled(systemd: Systemd):
function test_rexec_service_active (line 83) | def test_rexec_service_active(systemd: Systemd):
function test_rlogin_service_disabled (line 98) | def test_rlogin_service_disabled(systemd: Systemd):
function test_rlogin_service_active (line 113) | def test_rlogin_service_active(systemd: Systemd):
function test_vsftpd_service_disabled (line 128) | def test_vsftpd_service_disabled(systemd: Systemd):
function test_vsftpd_service_active (line 143) | def test_vsftpd_service_active(systemd: Systemd):
FILE: tests/integration/security/compliance/test_disastig_00188.py
function test_ssh_ciphers_are_strong (line 10) | def test_ssh_ciphers_are_strong(sshd: Sshd):
function test_ssh_macs_are_strong (line 29) | def test_ssh_macs_are_strong(sshd: Sshd):
function test_ssh_kex_are_strong (line 48) | def test_ssh_kex_are_strong(sshd: Sshd):
FILE: tests/integration/security/compliance/test_disastig_00192.py
function test_nx_bit_hardware_support (line 12) | def test_nx_bit_hardware_support():
function test_nx_not_disabled_at_boot (line 24) | def test_nx_not_disabled_at_boot(kernel_cmdline):
FILE: tests/integration/security/compliance/test_disastig_00194.py
function test_no_residual_software_components (line 9) | def test_no_residual_software_components(shell):
FILE: tests/integration/security/compliance/test_disastig_00199.py
function test_auditd_service_active (line 13) | def test_auditd_service_active(systemd):
function test_systemd_configured_to_restart_auditd_service (line 19) | def test_systemd_configured_to_restart_auditd_service(systemd):
function test_selinux_enabled (line 24) | def test_selinux_enabled(lsm):
FILE: tests/integration/security/compliance/test_disastig_00209.py
function test_setreuid_rule_file_exists (line 14) | def test_setreuid_rule_file_exists(file: File):
function test_setreuid_rule_contains_syscall (line 32) | def test_setreuid_rule_contains_syscall(parse_file: ParseFile):
function test_setreuid_rule_loaded (line 52) | def test_setreuid_rule_loaded(shell: ShellRunner, parse: type[Parse]):
function test_setreuid_event_logged (line 76) | def test_setreuid_event_logged(shell: ShellRunner):
FILE: tests/integration/security/compliance/test_disastig_00210.py
function sudoers_edit (line 9) | def sudoers_edit():
function test_audit_rules_for_logging_attempts_to_delete_privileges (line 21) | def test_audit_rules_for_logging_attempts_to_delete_privileges(audit_rule):
function test_audit_rules_for_files_capabilities_removal (line 39) | def test_audit_rules_for_files_capabilities_removal(audit_rule):
function test_audit_rules_for_selinux_policies_changes (line 53) | def test_audit_rules_for_selinux_policies_changes(audit_rule):
function test_audit_rules_for_logging_attempts_to_modify_apparmor_policies (line 68) | def test_audit_rules_for_logging_attempts_to_modify_apparmor_policies(au...
function test_attempt_to_delete_privileges_event_logged (line 87) | def test_attempt_to_delete_privileges_event_logged(audit_rule, shell, su...
FILE: tests/integration/security/compliance/test_disastig_00218.py
function concurrent_login_environment (line 11) | def concurrent_login_environment(shell: ShellRunner):
function test_audit_concurrent_logins (line 27) | def test_audit_concurrent_logins(shell: ShellRunner, concurrent_login_en...
FILE: tests/integration/security/compliance/test_disastig_00220.py
function test_journald_should_not_store_logs_in_memory (line 11) | def test_journald_should_not_store_logs_in_memory(systemd):
function test_sshd_log_level_is_set_to_verbose (line 21) | def test_sshd_log_level_is_set_to_verbose(parse_file):
function test_sshd_unit_is_journald_friendly (line 31) | def test_sshd_unit_is_journald_friendly(systemd):
function test_pam_unix_is_in_use (line 48) | def test_pam_unix_is_in_use(pam_config):
FILE: tests/integration/security/compliance/test_disastig_00222.py
function test_audit_kernel_module_rules_present (line 9) | def test_audit_kernel_module_rules_present(parse_file: ParseFile):
FILE: tests/integration/security/compliance/test_disastig_00225.py
function test_dictionary_passwords_are_forbidden (line 14) | def test_dictionary_passwords_are_forbidden(pam_config):
FILE: tests/integration/security/compliance/test_disastig_00226.py
function test_delay_is_enforced_after_failed_logins (line 13) | def test_delay_is_enforced_after_failed_logins(pam_config):
FILE: tests/integration/security/compliance/test_disastig_00228.py
function test_umask_is_restrictive_enough (line 11) | def test_umask_is_restrictive_enough(parse_file):
function test_skeleton_directory_is_not_world_writable (line 16) | def test_skeleton_directory_is_not_world_writable(file):
function test_skeleton_files_are_not_world_writable (line 20) | def test_skeleton_files_are_not_world_writable(file):
FILE: tests/integration/security/compliance/test_disastig_00229.py
function test_systemd_getty_autologin_is_not_enabled (line 12) | def test_systemd_getty_autologin_is_not_enabled(systemd):
FILE: tests/integration/security/compliance/test_disastig_00230.py
function test_validate_fingerprint_of_SAP_CA_certificate (line 12) | def test_validate_fingerprint_of_SAP_CA_certificate(shell):
FILE: tests/integration/security/compliance/test_disastig_auditd.py
function test_audit_event_generated (line 12) | def test_audit_event_generated(shell: ShellRunner):
function test_audit_event_contains_type (line 30) | def test_audit_event_contains_type(shell: ShellRunner):
function test_audit_event_contains_timestamp (line 50) | def test_audit_event_contains_timestamp(shell: ShellRunner):
function test_audit_event_contains_location (line 70) | def test_audit_event_contains_location(shell: ShellRunner):
function test_audit_event_contains_source (line 94) | def test_audit_event_contains_source(shell: ShellRunner):
function test_audit_event_contains_full_record (line 118) | def test_audit_event_contains_full_record(shell: ShellRunner):
function test_audit_event_contains_full_text_recording (line 145) | def test_audit_event_contains_full_text_recording(audit_rule, shell: She...
function test_audit_event_contains_individual_identities (line 170) | def test_audit_event_contains_individual_identities(shell: ShellRunner):
function test_audit_event_contains_audit_processing_failures (line 193) | def test_audit_event_contains_audit_processing_failures(shell: ShellRunn...
function test_audit_log_retention_config (line 218) | def test_audit_log_retention_config(parse_file: ParseFile):
function test_audit_log_retention_availability (line 246) | def test_audit_log_retention_availability(shell: ShellRunner):
function test_audit_filter_by_uid (line 273) | def test_audit_filter_by_uid(shell: ShellRunner):
function test_audit_filter_returns_structured_output (line 291) | def test_audit_filter_returns_structured_output(shell: ShellRunner):
function test_audit_filter_by_event_type (line 309) | def test_audit_filter_by_event_type(shell: ShellRunner):
function test_audit_filter_by_command (line 332) | def test_audit_filter_by_command(shell: ShellRunner):
function test_audit_records_contain_identity_information (line 355) | def test_audit_records_contain_identity_information(shell):
function test_audit_record_filtering_capability (line 391) | def test_audit_record_filtering_capability(shell: ShellRunner):
function test_audit_records_have_valid_timestamps (line 417) | def test_audit_records_have_valid_timestamps(shell: ShellRunner):
function test_system_time_status_available (line 436) | def test_system_time_status_available(shell: ShellRunner):
function test_audit_log_directory_permissions_restricted (line 456) | def test_audit_log_directory_permissions_restricted(file: File):
function test_audit_log_file_permissions_restricted (line 477) | def test_audit_log_file_permissions_restricted(file: File):
function test_audit_log_owned_by_root (line 497) | def test_audit_log_owned_by_root(file: File):
function test_audit_timestamp_granularity (line 517) | def test_audit_timestamp_granularity(shell: ShellRunner):
function test_invalid_input_handling_is_audited (line 536) | def test_invalid_input_handling_is_audited(shell: ShellRunner):
FILE: tests/integration/security/compliance/test_fedramp.py
function test_fedramp_firewall_configs_exist (line 19) | def test_fedramp_firewall_configs_exist(file: File):
function test_fedramp_chrony_config_exists (line 33) | def test_fedramp_chrony_config_exists(file: File):
function test_fedramp_issue_net_exists (line 40) | def test_fedramp_issue_net_exists(file: File):
function test_fedramp_issue_net_content (line 47) | def test_fedramp_issue_net_content(parse_file: ParseFile):
function test_fedramp_security_limits_exists (line 58) | def test_fedramp_security_limits_exists(file: File):
function test_fedramp_security_limits_content (line 65) | def test_fedramp_security_limits_content(parse_file: ParseFile):
function test_fedramp_audit_tallylog_exists (line 75) | def test_fedramp_audit_tallylog_exists(file: File):
function test_fedramp_audit_tallylog_content (line 82) | def test_fedramp_audit_tallylog_content(parse_file: ParseFile):
function test_fedramp_kernel_cmdline_configs_exist (line 97) | def test_fedramp_kernel_cmdline_configs_exist(file: File):
function test_fedramp_kernel_cmdline_fips_content (line 109) | def test_fedramp_kernel_cmdline_fips_content(parse_file: ParseFile):
function test_fedramp_kernel_cmdline_lsm_content (line 119) | def test_fedramp_kernel_cmdline_lsm_content(parse_file: ParseFile):
function test_fedramp_sshd_config_exists (line 129) | def test_fedramp_sshd_config_exists(file: File):
function test_fedramp_sshd_config_content (line 136) | def test_fedramp_sshd_config_content(parse_file: ParseFile):
FILE: tests/integration/security/compliance/test_fips.py
function test_that_md5_is_disabled_in_openssl_via_haslib (line 26) | def test_that_md5_is_disabled_in_openssl_via_haslib():
function test_dracut_fips_file_was_created (line 41) | def test_dracut_fips_file_was_created(file: File):
function test_dracut_modules_was_extended_for_fips_module (line 49) | def test_dracut_modules_was_extended_for_fips_module(parse_file: ParseFi...
function test_kernel_configs_crypto_benchmark (line 60) | def test_kernel_configs_crypto_benchmark(
function test_kernel_configs_fips (line 75) | def test_kernel_configs_fips(parse_file: ParseFile, kernel_configs: Kern...
function test_gnutls_fips_file_was_created (line 87) | def test_gnutls_fips_file_was_created(file: File):
function test_gnutls_fips_file_is_empty (line 104) | def test_gnutls_fips_file_is_empty(file: File):
function test_fips_openssh_sshd_config (line 118) | def test_fips_openssh_sshd_config(parse_file: ParseFile):
function test_fips_openssl_config (line 137) | def test_fips_openssl_config(parse_file: ParseFile):
function test_fips_openssl_fipsinstall_config (line 161) | def test_fips_openssl_fipsinstall_config(file: File):
function test_gnutls_is_in_fips_mode (line 171) | def test_gnutls_is_in_fips_mode():
function test_gnutls_fips_dot_hmac_file_is_presented (line 189) | def test_gnutls_fips_dot_hmac_file_is_presented():
function test_gnutls_fips_dot_hmac_file_is_vaild (line 204) | def test_gnutls_fips_dot_hmac_file_is_vaild():
function test_libgcrypt_fips_file_was_created (line 235) | def test_libgcrypt_fips_file_was_created(file: File):
function test_libgcrypt_fips_file_is_empty (line 247) | def test_libgcrypt_fips_file_is_empty(file: File):
function test_that_openssl_has_fips_provider_is_presented (line 257) | def test_that_openssl_has_fips_provider_is_presented(file: File):
function test_that_openssl_configuration_file_readable_for_users (line 265) | def test_that_openssl_configuration_file_readable_for_users(file: File):
function test_libssl_is_in_fips_mode (line 274) | def test_libssl_is_in_fips_mode():
function test_openssl_FIPS_vendor_is_set (line 304) | def test_openssl_FIPS_vendor_is_set(shell):
function test_libgcrypt_is_in_fips_mode (line 316) | def test_libgcrypt_is_in_fips_mode():
function test_libgcrypt_configs_FIPS_vendor_is_set (line 349) | def test_libgcrypt_configs_FIPS_vendor_is_set():
function test_kernel_cmdline_fips_file_was_created (line 385) | def test_kernel_cmdline_fips_file_was_created(file: File):
function test_kernel_cmdline_fips_file_content (line 400) | def test_kernel_cmdline_fips_file_content(parse_file: ParseFile):
function test_kernel_was_boot_with_fips_mode (line 415) | def test_kernel_was_boot_with_fips_mode(kernel_cmdline: List[str]):
function test_kernel_has_fips_entry_in_procfs (line 424) | def test_kernel_has_fips_entry_in_procfs(parse_file: ParseFile):
function test_kernel_module_tcrypt_available_for_dracut (line 435) | def test_kernel_module_tcrypt_available_for_dracut(kernel_module: Kernel...
function test_kernel_hmac_file_is_present (line 449) | def test_kernel_hmac_file_is_present(file: File, kernel_versions: Kernel...
function test_kernel_configs_btrfs_is_disabled (line 457) | def test_kernel_configs_btrfs_is_disabled(
function test_kernel_hmac_file_is_correct (line 480) | def test_kernel_hmac_file_is_correct(
FILE: tests/integration/security/compliance/test_stig.py
function test_stig_audit_configs_exist (line 18) | def test_stig_audit_configs_exist(file: File):
function test_stig_audit_auditd_conf_content (line 30) | def test_stig_audit_auditd_conf_content(parse_file: ParseFile):
function test_stig_audit_rules_d_stig_rules_content (line 46) | def test_stig_audit_rules_d_stig_rules_content(parse_file: ParseFile):
function test_stig_kernel_cmdline_audit_exists (line 126) | def test_stig_kernel_cmdline_audit_exists(file: File):
function test_stig_kernel_cmdline_audit_content (line 133) | def test_stig_kernel_cmdline_audit_content(parse_file: ParseFile):
function test_stig_usb_disabled (line 143) | def test_stig_usb_disabled(file: File):
function test_stig_modprobe_disable_modules_not_loaded (line 151) | def test_stig_modprobe_disable_modules_not_loaded(kernel_module: KernelM...
function test_stig_security_configs_exist (line 172) | def test_stig_security_configs_exist(file: File):
function test_stig_security_faillock_content (line 185) | def test_stig_security_faillock_content(parse_file: ParseFile):
function test_stig_apt_vendor_ubuntu_exists (line 205) | def test_stig_apt_vendor_ubuntu_exists(file: File):
function test_stig_apt_vendor_ubuntu_content (line 212) | def test_stig_apt_vendor_ubuntu_content(parse_file: ParseFile):
function test_stig_rsyslog_default_exists (line 222) | def test_stig_rsyslog_default_exists(file: File):
function test_stig_rsyslog_default_content (line 229) | def test_stig_rsyslog_default_content(parse_file: ParseFile):
FILE: tests/integration/security/test_aide.py
function test_aide_check_unit_exists (line 13) | def test_aide_check_unit_exists(file):
function test_aide_init_unit_exists (line 20) | def test_aide_init_unit_exists(file):
function test_aide_aide_init_service_enabled (line 28) | def test_aide_aide_init_service_enabled(systemd: Systemd):
function test_aide_aide_init_service_active (line 36) | def test_aide_aide_init_service_active(systemd: Systemd):
function test_aide_timer_aide_check_service_enabled (line 44) | def test_aide_timer_aide_check_service_enabled(systemd: Systemd):
function test_aide_timer_aide_check_service_active (line 52) | def test_aide_timer_aide_check_service_active(systemd: Systemd):
function test_aide_init_onboot_script_exists (line 59) | def test_aide_init_onboot_script_exists(file: File):
function test_aide_timer_exists (line 68) | def test_aide_timer_exists(systemd: Systemd):
function test_aide_timer_loaded (line 80) | def test_aide_timer_loaded(systemd: Systemd):
function test_aide_timer_active (line 94) | def test_aide_timer_active(systemd: Systemd):
function test_aide_timer_state (line 104) | def test_aide_timer_state(systemd: Systemd):
function test_aide_conf_contains_faillog_entry (line 119) | def test_aide_conf_contains_faillog_entry(parse_file: ParseFile):
FILE: tests/integration/security/test_capabilities.py
function test_only_expected_capabilities_are_set (line 17) | def test_only_expected_capabilities_are_set(capabilities: Capabilities):
FILE: tests/integration/security/test_firewall.py
function test_nft_config (line 18) | def test_nft_config(nft: Nft):
function test_firewall_nft_default_config_exists (line 36) | def test_firewall_nft_default_config_exists(file: File):
FILE: tests/integration/security/test_lsm.py
function test_selinux_cmdline (line 15) | def test_selinux_cmdline(kernel_cmdline: List[str]):
function test_selinux_enabled (line 21) | def test_selinux_enabled(file: File):
function test_lsm_selinux (line 40) | def test_lsm_selinux(lsm):
function test_apparmor_cmdline (line 53) | def test_apparmor_cmdline(kernel_cmdline: List[str]):
function test_lsm_gardener (line 60) | def test_lsm_gardener(lsm):
function test_lsm_common (line 71) | def test_lsm_common(lsm):
FILE: tests/integration/security/test_pam.py
function test_common_auth_pam_faillock (line 19) | def test_common_auth_pam_faillock(pam_config):
function test_common_account_pam_faillock (line 52) | def test_common_account_pam_faillock(pam_config):
function test_common_password_passwdqc_pam_faillock (line 70) | def test_common_password_passwdqc_pam_faillock(pam_config):
function test_common_password_pwhistory_pam_faillock (line 96) | def test_common_password_pwhistory_pam_faillock(pam_config):
FILE: tests/integration/security/test_password_hashes.py
function test_password_entry_present (line 12) | def test_password_entry_present(pam_config):
function test_password_entry_uses_strong_hash (line 32) | def test_password_entry_uses_strong_hash(pam_config):
FILE: tests/integration/security/test_password_shadow.py
function test_shadow_passwords_are_locked (line 12) | def test_shadow_passwords_are_locked(shadow_entries: List[Shadow]):
function test_passwd_password_field_is_valid (line 27) | def test_passwd_password_field_is_valid(passwd_entries: List[Passwd]):
function test_system_integrity_tools (line 38) | def test_system_integrity_tools(shell, command):
FILE: tests/integration/security/test_sgx.py
function test_kernel_configs_sgx (line 12) | def test_kernel_configs_sgx(parse_file: ParseFile, kernel_configs: Kerne...
FILE: tests/integration/security/test_ssh.py
function test_sshd_has_required_config (line 69) | def test_sshd_has_required_config(sshd_config_item: str, sshd: Sshd):
function test_users_have_no_authorized_keys (line 100) | def test_users_have_no_authorized_keys(expected_users, file: File):
function test_users_have_only_root_authorized_keys_cloud (line 132) | def test_users_have_only_root_authorized_keys_cloud(
function test_ssh_service_running (line 183) | def test_ssh_service_running(systemd: Systemd, service_ssh):
function test_ssh_no_init_script (line 200) | def test_ssh_no_init_script(file: File):
function test_ssh_client_config_exists (line 213) | def test_ssh_client_config_exists(file: File):
function test_ssh_client_config_content (line 224) | def test_ssh_client_config_content(parse_file: ParseFile):
function test_ssh_sudoers_wheel_permissions (line 252) | def test_ssh_sudoers_wheel_permissions(file: File):
function test_ssh_sshguard_nftables_configured (line 267) | def test_ssh_sshguard_nftables_configured(parse_file: ParseFile):
function test_ssh_sshguard_iptables_configured (line 294) | def test_ssh_sshguard_iptables_configured(parse_file: ParseFile):
function test_ssh_sshguard_iptables_backend_configured (line 324) | def test_ssh_sshguard_iptables_backend_configured(parse_file: ParseFile):
FILE: tests/integration/security/test_su.py
function test_pam_wheel_is_required (line 15) | def test_pam_wheel_is_required(pam_config: PamConfig):
FILE: tests/integration/security/test_umask.py
function test_umask_file (line 11) | def test_umask_file(parse_file: ParseFile):
function test_umask_cmd (line 18) | def test_umask_cmd(shell: ShellRunner):
FILE: tests/integration/security/test_wireguard.py
function test_kernel_module_wireguard_available (line 10) | def test_kernel_module_wireguard_available(kernel_module: KernelModule):
FILE: tests/plugins/apt.py
class Apt (line 6) | class Apt:
method __init__ (line 7) | def __init__(self, shell: ShellRunner):
method list_repos (line 10) | def list_repos(self) -> list[str]:
function apt (line 28) | def apt(shell: ShellRunner) -> Apt:
FILE: tests/plugins/arch.py
function get_current_arch (line 7) | def get_current_arch() -> str:
function pytest_configure (line 17) | def pytest_configure(config: pytest.Config):
function pytest_collection_modifyitems (line 25) | def pytest_collection_modifyitems(config: pytest.Config, items: List[pyt...
FILE: tests/plugins/audit.py
class AuditRule (line 12) | class AuditRule:
method __init__ (line 13) | def __init__(self):
method _extract_paths (line 32) | def _extract_paths(self, auditd_rule):
method _extract_syscalls (line 47) | def _extract_syscalls(self, auditd_rule):
method _access_types_included (line 70) | def _access_types_included(self, auditd_rule, access_types):
method file_path_audit_rule (line 99) | def file_path_audit_rule(self, fs_watch_path, access_types):
method syscall_audit_rule (line 129) | def syscall_audit_rule(self, syscall):
method binary_call_audit_rule (line 142) | def binary_call_audit_rule(self, binary_path):
method __call__ (line 152) | def __call__(
function audit_rule (line 165) | def audit_rule():
FILE: tests/plugins/block_devices.py
class BlockDevices (line 6) | class BlockDevices:
method list_devices (line 7) | def list_devices(self) -> list[str]:
method contains (line 10) | def contains(self, device_name: str, substring: bool = False) -> bool:
function block_devices (line 19) | def block_devices():
FILE: tests/plugins/booted.py
function is_system_booted (line 8) | def is_system_booted() -> bool:
function pytest_addoption (line 12) | def pytest_addoption(parser: pytest.Parser):
function pytest_configure (line 20) | def pytest_configure(config: pytest.Config):
function pytest_collection_modifyitems (line 30) | def pytest_collection_modifyitems(config: pytest.Config, items: List[pyt...
FILE: tests/plugins/capabilities.py
class Capabilities (line 8) | class Capabilities:
method __init__ (line 9) | def __init__(self, find: Find, shell: ShellRunner):
method get (line 13) | def get(self) -> set[str]:
function capabilities (line 35) | def capabilities(find: Find, shell: ShellRunner) -> Capabilities:
FILE: tests/plugins/containerd.py
class CtrRunner (line 7) | class CtrRunner:
method __init__ (line 13) | def __init__(self, shell: ShellRunner):
method pull_image (line 16) | def pull_image(self, uri, capture_output=False, ignore_exit_code=False):
method remove_image (line 23) | def remove_image(self, uri, capture_output=False, ignore_exit_code=Fal...
method run (line 30) | def run(self, uri, cmd, capture_output=False, ignore_exit_code=False):
function ctr (line 41) | def ctr(shell: ShellRunner):
function container_image_setup (line 46) | def container_image_setup(uri: str, ctr: CtrRunner):
FILE: tests/plugins/dpkg.py
class InstalledPackages (line 7) | class InstalledPackages:
method __init__ (line 12) | def __init__(self, packages: List[deb822.Deb822]):
method __len__ (line 15) | def __len__(self) -> int:
method __iter__ (line 18) | def __iter__(self):
method __getitem__ (line 21) | def __getitem__(self, key):
method get_package (line 24) | def get_package(self, name: str):
class Dpkg (line 29) | class Dpkg:
method __init__ (line 30) | def __init__(self, shell=None):
method collect_installed_packages (line 33) | def collect_installed_packages(self) -> InstalledPackages:
method package_is_installed (line 47) | def package_is_installed(self, package: str) -> bool:
method architecture_native (line 51) | def architecture_native(self) -> str:
method architectures_foreign (line 56) | def architectures_foreign(self) -> list[str]:
method architectures (line 62) | def architectures(self) -> list[str]:
function dpkg (line 69) | def dpkg(shell=None) -> Dpkg:
FILE: tests/plugins/dpkg_checksums.py
class DpkgChecksums (line 9) | class DpkgChecksums:
method __init__ (line 10) | def __init__(self, shell):
method for_package (line 33) | def for_package(self, package_name, package_version="INSTALLED") -> dict:
method is_matching_with_installed (line 67) | def is_matching_with_installed(self, package_checksums, file_on_disk_p...
function dpkg_checksums (line 80) | def dpkg_checksums(shell, kernel_module):
FILE: tests/plugins/efivars.py
class EfiVarsUUID (line 7) | class EfiVarsUUID:
method __init__ (line 8) | def __init__(self, uuid: str, efivars_dir: str):
method _path_for (line 12) | def _path_for(self, var_name: str) -> Optional[str]:
method __contains__ (line 17) | def __contains__(self, var_name: str) -> bool:
method __getitem__ (line 20) | def __getitem__(self, var_name: str) -> bytes:
class EfiVars (line 28) | class EfiVars:
method __init__ (line 29) | def __init__(self, efivars_dir: str):
method __getitem__ (line 32) | def __getitem__(self, uuid: str) -> EfiVarsUUID:
function efivars (line 37) | def efivars() -> EfiVars:
FILE: tests/plugins/features.py
function setup_gardenlinux_features (line 9) | def setup_gardenlinux_features() -> set[str]:
function check_feature_condition (line 25) | def check_feature_condition(condition: str):
function pytest_configure (line 53) | def pytest_configure(config: pytest.Config):
function pytest_collection_modifyitems (line 60) | def pytest_collection_modifyitems(config: pytest.Config, items: List[pyt...
FILE: tests/plugins/file.py
class File (line 11) | class File:
method exists (line 18) | def exists(self, path: str | Path) -> bool:
method is_regular_file (line 29) | def is_regular_file(self, path: str | Path) -> bool:
method is_dir (line 46) | def is_dir(self, path: str | Path) -> bool:
method _resolve_path (line 59) | def _resolve_path(self, base_path: Path, path_to_resolve: str | Path) ...
method is_symlink (line 75) | def is_symlink(
method get_mode (line 125) | def get_mode(self, path: str | Path) -> str:
method has_mode (line 141) | def has_mode(self, path: str | Path, mode: str) -> bool:
method is_executable (line 162) | def is_executable(self, path: str | Path) -> bool:
method is_readable (line 181) | def is_readable(self, path: str | Path) -> bool:
method is_writable (line 200) | def is_writable(self, path: str | Path) -> bool:
method get_size (line 219) | def get_size(self, path: str | Path) -> int:
method get_owner (line 234) | def get_owner(self, path: str | Path) -> Tuple[str, str]:
method get_user (line 251) | def get_user(self, path: str | Path) -> str:
method get_group (line 267) | def get_group(self, path: str | Path) -> str:
method is_owned_by_user (line 283) | def is_owned_by_user(self, path: str | Path, user: str) -> bool:
method is_owned_by_group (line 299) | def is_owned_by_group(self, path: str | Path, group: str) -> bool:
method is_owned_by (line 315) | def is_owned_by(self, path: str | Path, user: str, group: str) -> bool:
method has_permissions (line 332) | def has_permissions(self, path: str | Path, permissions: str | int) ->...
method _normalize_permissions (line 360) | def _normalize_permissions(self, permissions: str | int) -> int:
function file (line 439) | def file() -> File:
FILE: tests/plugins/find.py
class Find (line 12) | class Find:
method __init__ (line 14) | def __init__(self) -> None:
method __iter__ (line 32) | def __iter__(self) -> Iterator[str]:
method _find (line 35) | def _find(self) -> Iterator[str]:
function find (line 83) | def find() -> Find:
FILE: tests/plugins/initrd.py
class Initrd (line 17) | class Initrd:
method _execute_lsinitrd (line 21) | def _execute_lsinitrd(initrd_path: str) -> tuple[list[str], list[str]]:
method __init__ (line 77) | def __init__(self, kernel_versions: KernelVersions):
method _get_efi_path (line 93) | def _get_efi_path(self) -> Optional[str]:
method _get_initrd_section (line 111) | def _get_initrd_section(
method _get_initrd_data (line 133) | def _get_initrd_data(
method _write_initrd_to_temp_file (line 152) | def _write_initrd_to_temp_file(self, initrd_data: bytes, efi_path: str...
method _extract_initrd_from_efi (line 172) | def _extract_initrd_from_efi(self) -> Optional[str]:
method _load_initrd_contents (line 210) | def _load_initrd_contents(self, kernel_version: str) -> tuple[List[str...
method _get_contents (line 261) | def _get_contents(self, kernel_version: Optional[str] = None) -> List[...
method _get_dracut_modules (line 277) | def _get_dracut_modules(self, kernel_version: Optional[str] = None) ->...
method contains_module (line 293) | def contains_module(
method contains_dracut_module (line 323) | def contains_dracut_module(
method contains_file (line 343) | def contains_file(
method list_modules (line 393) | def list_modules(self, kernel_version: Optional[str] = None) -> List[s...
function initrd (line 423) | def initrd(kernel_versions: KernelVersions) -> Initrd:
FILE: tests/plugins/kernel_cmdline.py
function kernel_cmdline (line 9) | def kernel_cmdline() -> List[str]:
FILE: tests/plugins/kernel_configs.py
class KernelConfig (line 10) | class KernelConfig:
class KernelConfigs (line 18) | class KernelConfigs:
method __init__ (line 21) | def __init__(self, kernel_versions: KernelVersions):
method get_installed (line 25) | def get_installed(self) -> list[KernelConfig]:
method get_running (line 44) | def get_running(self) -> KernelConfig:
function kernel_configs (line 57) | def kernel_configs(kernel_versions: KernelVersions) -> KernelConfigs:
FILE: tests/plugins/kernel_module.py
class LoadedKernelModule (line 20) | class LoadedKernelModule:
method __str__ (line 25) | def __str__(self) -> str:
class KernelModule (line 29) | class KernelModule:
method __init__ (line 32) | def __init__(self, find: Find, shell: ShellRunner, kernel_versions: Ke...
method is_module_loaded (line 40) | def is_module_loaded(self, module: str) -> bool:
method get_module_parameter (line 55) | def get_module_parameter(self, module: str, parameter: str) -> str | N...
method has_module_parameter (line 75) | def has_module_parameter(
method get_module_parameters (line 91) | def get_module_parameters(self, module: str) -> dict[str, str]:
method load_module (line 118) | def load_module(self, module: str) -> bool:
method _update_module_dependencies (line 156) | def _update_module_dependencies(self, module: str) -> None:
method unload_module (line 167) | def unload_module(self, module: str) -> bool:
method _verify_module_unloaded (line 186) | def _verify_module_unloaded(
method _unload_and_verify (line 201) | def _unload_and_verify(self, module: str) -> bool:
method _calculate_unload_order (line 227) | def _calculate_unload_order(self) -> list[str]:
method unload_modules (line 258) | def unload_modules(self) -> bool:
method collect_loaded_modules (line 321) | def collect_loaded_modules(self) -> list[str]:
method collect_available_modules (line 334) | def collect_available_modules(self) -> list[str]:
method is_module_available (line 354) | def is_module_available(self, module: str) -> bool:
function kernel_module (line 360) | def kernel_module(
FILE: tests/plugins/kernel_versions.py
class KernelVersion (line 8) | class KernelVersion:
method __str__ (line 14) | def __str__(self) -> str:
method __lt__ (line 17) | def __lt__(self, other: "KernelVersion") -> bool:
class KernelVersions (line 22) | class KernelVersions:
method __init__ (line 25) | def __init__(self):
method get_installed (line 28) | def get_installed(self) -> list[KernelVersion]:
method get_running (line 43) | def get_running(self) -> KernelVersion:
function kernel_versions (line 53) | def kernel_versions() -> KernelVersions:
FILE: tests/plugins/linux_etc_files.py
class Shadow (line 8) | class Shadow:
class Passwd (line 25) | class Passwd:
class Group (line 40) | class Group:
function passwd_entries (line 52) | def passwd_entries() -> List[Passwd]:
function shadow_entries (line 74) | def shadow_entries() -> List[Shadow]:
function group_entries (line 96) | def group_entries() -> List[Group]:
FILE: tests/plugins/lsm.py
function lsm (line 9) | def lsm() -> List[str]:
FILE: tests/plugins/modify.py
function allow_system_modifications (line 8) | def allow_system_modifications() -> bool:
function pytest_addoption (line 12) | def pytest_addoption(parser: pytest.Parser):
function pytest_configure (line 20) | def pytest_configure(config: pytest.Config):
function pytest_collection_modifyitems (line 30) | def pytest_collection_modifyitems(config: pytest.Config, items: List[pyt...
FILE: tests/plugins/mount.py
class Mount (line 6) | class Mount:
method __init__ (line 7) | def __init__(self, shell):
method __call__ (line 11) | def __call__(self, path):
method options (line 19) | def options(self):
function mount (line 30) | def mount(shell):
FILE: tests/plugins/network.py
function has_ipv6 (line 7) | def has_ipv6():
function tcp_echo_server (line 18) | def tcp_echo_server():
function udp_echo_server (line 62) | def udp_echo_server():
FILE: tests/plugins/nft.py
class Chain (line 9) | class Chain:
class TableInterFilter (line 21) | class TableInterFilter:
class Nft (line 25) | class Nft:
method __init__ (line 26) | def __init__(self, shell: ShellRunner):
method list_table_inet_filter (line 29) | def list_table_inet_filter(self) -> list[Chain]:
function nft (line 45) | def nft(shell: ShellRunner):
FILE: tests/plugins/pam.py
class PamEntry (line 12) | class PamEntry:
method control_dict (line 44) | def control_dict(self) -> Dict[str, str]:
method hash_algo (line 88) | def hash_algo(self) -> Optional[str]:
method __repr__ (line 95) | def __repr__(self) -> str:
class PamConfig (line 99) | class PamConfig:
method __init__ (line 131) | def __init__(self, path: Path):
method _parse_entries (line 142) | def _parse_entries(self) -> List[PamEntry]:
method find_entries (line 214) | def find_entries(
function pam_config (line 319) | def pam_config(request: pytest.FixtureRequest):
FILE: tests/plugins/parse.py
function _resolve_comment_chars (line 27) | def _resolve_comment_chars(
function _strip_comments_from_line (line 52) | def _strip_comments_from_line(line: str, comment_chars: List[str]) -> str:
class Lines (line 70) | class Lines:
method __init__ (line 75) | def __init__(
method _check_string_literal (line 98) | def _check_string_literal(self, pattern: str) -> bool:
method _check_regex_pattern (line 119) | def _check_regex_pattern(self, pattern: re.Pattern[str]) -> bool:
method _check_pattern_list (line 123) | def _check_pattern_list(self, patterns: List[str]) -> bool:
method __contains__ (line 145) | def __contains__(self, pattern: Union[str, re.Pattern[str], List[str]]...
method __eq__ (line 177) | def __eq__(self, other: object) -> bool:
method __repr__ (line 207) | def __repr__(self) -> str:
class Parse (line 227) | class Parse:
method from_file (line 238) | def from_file(cls, path: str | Path) -> "Parse":
method from_str (line 256) | def from_str(cls, content: str, label: str = "input") -> "Parse":
method _parse_keyval (line 268) | def _parse_keyval(
method _parse_spacedelim (line 279) | def _parse_spacedelim(self, content: str) -> Dict[str, str]:
method _parse_ini (line 291) | def _parse_ini(self, content: str) -> Dict[str, Any]:
method _parse_json (line 297) | def _parse_json(self, content: str) -> Any:
method _parse_yaml (line 300) | def _parse_yaml(self, content: str, ignore_comments: bool) -> Any:
method _parse_toml (line 311) | def _parse_toml(self, content: str, ignore_comments: bool) -> Any:
method _parse_content (line 320) | def _parse_content(
method parse (line 343) | def parse(
method lines (line 366) | def lines(
function parse (line 405) | def parse() -> type[Parse]:
FILE: tests/plugins/parse_file.py
function _detect_format_from_path (line 21) | def _detect_format_from_path(path: str | Path) -> Optional[str]:
class ParseFile (line 35) | class ParseFile:
method _resolve_format (line 42) | def _resolve_format(self, path: str, format: Optional[str]) -> str:
method _get_parser (line 68) | def _get_parser(
method parse (line 102) | def parse(
method parse (line 114) | def parse(
method parse (line 125) | def parse(
method lines (line 166) | def lines(
method lines (line 179) | def lines(
method lines (line 191) | def lines(
function parse_file (line 248) | def parse_file() -> ParseFile:
FILE: tests/plugins/performance.py
function pytest_addoption (line 8) | def pytest_addoption(parser: pytest.Parser):
function pytest_configure (line 16) | def pytest_configure(config: pytest.Config):
function pytest_collection_modifyitems (line 25) | def pytest_collection_modifyitems(config: pytest.Config, items: List[pyt...
FILE: tests/plugins/remounted_root.py
function remounted_root (line 9) | def remounted_root(shell: ShellRunner):
FILE: tests/plugins/security_id.py
function pytest_configure (line 6) | def pytest_configure(config: pytest.Config):
function pytest_collection_modifyitems (line 13) | def pytest_collection_modifyitems(config: pytest.Config, items: List[pyt...
FILE: tests/plugins/setting_ids.py
function pytest_configure (line 8) | def pytest_configure(config: pytest.Config):
FILE: tests/plugins/setuid_binaries.py
function exposed_setuid_binaries (line 8) | def exposed_setuid_binaries():
FILE: tests/plugins/shell.py
class ShellRunner (line 11) | class ShellRunner:
method __init__ (line 12) | def __init__(self, user: Optional[Tuple[int, int]]):
method __call__ (line 15) | def __call__(
function pytest_addoption (line 40) | def pytest_addoption(parser: pytest.Parser):
function pytest_configure (line 49) | def pytest_configure(config: pytest.Config):
function shell (line 66) | def shell(request: pytest.FixtureRequest) -> ShellRunner:
FILE: tests/plugins/sshd.py
class Sshd (line 6) | class Sshd:
method __init__ (line 7) | def __init__(self, shell: ShellRunner):
method get_config (line 33) | def get_config(self) -> dict:
method get_config_section (line 36) | def get_config_section(self, key: str) -> str | set | None:
function sshd (line 41) | def sshd(shell: ShellRunner):
FILE: tests/plugins/sysctl.py
class SysctlParam (line 10) | class SysctlParam:
method __str__ (line 16) | def __str__(self) -> str:
class Sysctl (line 20) | class Sysctl:
method __init__ (line 23) | def __init__(self, shell: ShellRunner):
method _read_sysctl_parameter (line 26) | def _read_sysctl_parameter(self, key: str) -> str:
method collect_sysctl_parameters (line 41) | def collect_sysctl_parameters(self) -> dict[str, str]:
method __getitem__ (line 64) | def __getitem__(self, key: str):
method __contains__ (line 73) | def __contains__(self, key: object) -> bool:
function sysctl (line 85) | def sysctl(shell: ShellRunner) -> Sysctl:
FILE: tests/plugins/sysdiff.py
class FileEntry (line 131) | class FileEntry:
method __str__ (line 137) | def __str__(self) -> str:
class SnapshotMetadata (line 142) | class SnapshotMetadata:
class Snapshot (line 151) | class Snapshot:
class DiffResult (line 164) | class DiffResult:
class FileCollector (line 175) | class FileCollector:
method __init__ (line 178) | def __init__(self, shell: ShellRunner):
method normalize_paths (line 181) | def normalize_paths(self, paths: List[str]) -> List[str]:
method load_ignore_patterns (line 197) | def load_ignore_patterns(self, ignore_file: Optional[Path]) -> List[str]:
method should_ignore_file (line 214) | def should_ignore_file(self, filepath: str, ignore_patterns: List[str]...
method _walk_files_recursive (line 226) | def _walk_files_recursive(self, root: str):
method _calculate_file_hash (line 258) | def _calculate_file_hash(
method collect_file_hashes (line 293) | def collect_file_hashes(
class SnapshotManager (line 346) | class SnapshotManager:
method __init__ (line 349) | def __init__(self, state_dir: Path | None = None):
method _wait_for_units_settled (line 353) | def _wait_for_units_settled(
method create_snapshot (line 405) | def create_snapshot(
method _save_snapshot (line 497) | def _save_snapshot(self, snapshot: Snapshot, snapshot_file: Path):
method load_snapshot (line 514) | def load_snapshot(self, name: str) -> Snapshot:
method list_snapshots (line 547) | def list_snapshots(self) -> List[str]:
class DiffEngine (line 561) | class DiffEngine:
method __init__ (line 564) | def __init__(self):
method compare_snapshots (line 569) | def compare_snapshots(
method _generate_diff (line 589) | def _generate_diff(
method _compare_packages (line 599) | def _compare_packages(
method _compare_systemd_units (line 614) | def _compare_systemd_units(
method _compare_files (line 639) | def _compare_files(
method _compare_sysctl_params (line 654) | def _compare_sysctl_params(
method _compare_kernel_modules (line 672) | def _compare_kernel_modules(
method generate_diff (line 690) | def generate_diff(
class Sysdiff (line 719) | class Sysdiff:
method __init__ (line 722) | def __init__(self, shell: ShellRunner):
method create_snapshot (line 727) | def create_snapshot(
method load_snapshot (line 737) | def load_snapshot(self, name: str) -> Snapshot:
method compare_snapshots (line 741) | def compare_snapshots(self, name_a: str, name_b: str) -> DiffResult:
method cleanup_snapshots (line 747) | def cleanup_snapshots(self, names: List[str]):
function sysdiff (line 759) | def sysdiff(shell: ShellRunner):
FILE: tests/plugins/system_id_parser.py
class UIDRange (line 8) | class UIDRange:
method __post_init__ (line 12) | def __post_init__(self):
method __contains__ (line 17) | def __contains__(self, uid: int) -> bool:
function parse_config (line 21) | def parse_config(path):
function regular_user_uid_range (line 38) | def regular_user_uid_range() -> UIDRange:
FILE: tests/plugins/systemd.py
class SystemdUnit (line 15) | class SystemdUnit:
class SystemRunningState (line 23) | class SystemRunningState:
function _seconds (line 29) | def _seconds(token: str) -> float:
function _parse_units (line 59) | def _parse_units(systemctl_stdout: str) -> list[SystemdUnit]:
function _parse_unit_files (line 77) | def _parse_unit_files(systemctl_stdout: str) -> list[SystemdUnit]:
class Systemd (line 101) | class Systemd:
method __init__ (line 102) | def __init__(self, shell: ShellRunner):
method analyze (line 106) | def analyze(self) -> Tuple[float, ...]:
method is_active (line 129) | def is_active(self, unit_name: str) -> bool:
method is_inactive (line 146) | def is_inactive(self, unit_name: str) -> bool:
method is_enabled (line 163) | def is_enabled(self, unit_name: str) -> bool:
method is_disabled (line 186) | def is_disabled(self, unit_name: str) -> bool:
method is_masked (line 203) | def is_masked(self, unit_name: str) -> bool:
method start_unit (line 221) | def start_unit(self, unit_name: str):
method stop_unit (line 228) | def stop_unit(self, unit_name: str):
method list_units (line 235) | def list_units(self) -> list[SystemdUnit]:
method list_failed_units (line 241) | def list_failed_units(self) -> list[SystemdUnit]:
method list_installed_units (line 247) | def list_installed_units(self) -> list[SystemdUnit]:
method wait_is_system_running (line 261) | def wait_is_system_running(self) -> SystemRunningState:
method get_unit_properties (line 271) | def get_unit_properties(self, service_name) -> dict:
method get_config (line 278) | def get_config(self, config_path) -> dict:
function systemd (line 286) | def systemd(shell: ShellRunner):
FILE: tests/plugins/systemd_detect_virt.py
class Hypervisor (line 38) | class Hypervisor(Enum):
function get_hypervisor_claim (line 74) | def get_hypervisor_claim() -> Hypervisor:
function get_hypervisor_hints_from_dmi (line 102) | def get_hypervisor_hints_from_dmi() -> Hypervisor:
function detect_hypervisor (line 143) | def detect_hypervisor() -> Hypervisor:
function systemd_detect_virt (line 185) | def systemd_detect_virt() -> Hypervisor:
function pytest_configure (line 189) | def pytest_configure(config: pytest.Config):
function pytest_collection_modifyitems (line 198) | def pytest_collection_modifyitems(config, items: list[pytest.Item]):
FILE: tests/plugins/tests/test_file.py
function restricted_directory (line 17) | def restricted_directory(tmp_path):
class TestFileExists (line 44) | class TestFileExists:
method test_exists_with_file (line 47) | def test_exists_with_file(self, file: File, tmp_path):
method test_exists_with_directory (line 55) | def test_exists_with_directory(self, file: File, tmp_path):
class TestFileIsRegularFile (line 64) | class TestFileIsRegularFile:
method test_is_regular_file_with_file (line 67) | def test_is_regular_file_with_file(self, file: File, tmp_path):
method test_is_regular_file_with_directory (line 75) | def test_is_regular_file_with_directory(self, file: File, tmp_path):
method test_is_regular_file_with_symlink (line 82) | def test_is_regular_file_with_symlink(self, file: File, tmp_path):
class TestFileIsDir (line 95) | class TestFileIsDir:
method test_is_dir_with_directory (line 98) | def test_is_dir_with_directory(self, file: File, tmp_path):
method test_is_dir_with_file (line 106) | def test_is_dir_with_file(self, file: File, tmp_path):
method test_is_dir_with_symlink (line 113) | def test_is_dir_with_symlink(self, file: File, tmp_path):
class TestFileIsSymlink (line 126) | class TestFileIsSymlink:
method test_is_symlink_with_symlink (line 129) | def test_is_symlink_with_symlink(self, file: File, tmp_path):
method test_is_symlink_with_file_and_dir (line 139) | def test_is_symlink_with_file_and_dir(self, file: File, tmp_path):
method test_is_symlink_with_broken_symlink_raises_error (line 150) | def test_is_symlink_with_broken_symlink_raises_error(self, file: File,...
method test_is_symlink_with_broken_symlink_no_error (line 158) | def test_is_symlink_with_broken_symlink_no_error(self, file: File, tmp...
method test_is_symlink_with_valid_symlink (line 165) | def test_is_symlink_with_valid_symlink(self, file: File, tmp_path):
method test_is_symlink_with_target_matching (line 175) | def test_is_symlink_with_target_matching(self, file: File, tmp_path):
method test_is_symlink_with_target_not_matching (line 189) | def test_is_symlink_with_target_not_matching(self, file: File, tmp_path):
method test_is_symlink_with_target_relative_path (line 203) | def test_is_symlink_with_target_relative_path(self, file: File, tmp_pa...
method test_is_symlink_with_target_broken_symlink (line 217) | def test_is_symlink_with_target_broken_symlink(self, file: File, tmp_p...
class TestFileGetMode (line 241) | class TestFileGetMode:
method test_get_mode_with_various_modes (line 244) | def test_get_mode_with_various_modes(self, file: File, tmp_path):
method test_get_mode_raises_file_not_found_error (line 257) | def test_get_mode_raises_file_not_found_error(self, file: File, tmp_pa...
method test_get_mode_raises_permission_error (line 265) | def test_get_mode_raises_permission_error(self, file: File, restricted...
class TestFileHasMode (line 273) | class TestFileHasMode:
method test_has_mode_with_octal_mode (line 276) | def test_has_mode_with_octal_mode(self, file: File, tmp_path):
method test_has_mode_with_different_modes (line 286) | def test_has_mode_with_different_modes(self, file: File, tmp_path):
method test_has_mode_raises_file_not_found_error (line 301) | def test_has_mode_raises_file_not_found_error(self, file: File, tmp_pa...
method test_has_mode_raises_permission_error (line 309) | def test_has_mode_raises_permission_error(self, file: File, restricted...
class TestFileIsExecutable (line 317) | class TestFileIsExecutable:
method test_is_executable_with_executable_file (line 320) | def test_is_executable_with_executable_file(self, file: File, tmp_path):
method test_is_executable_with_non_executable_file (line 328) | def test_is_executable_with_non_executable_file(self, file: File, tmp_...
method test_is_executable_raises_file_not_found_error (line 336) | def test_is_executable_raises_file_not_found_error(self, file: File, t...
method test_is_executable_raises_permission_error (line 344) | def test_is_executable_raises_permission_error(
class TestFileIsReadable (line 354) | class TestFileIsReadable:
method test_is_readable_with_readable_file (line 357) | def test_is_readable_with_readable_file(self, file: File, tmp_path):
method test_is_readable_with_non_readable_file (line 365) | def test_is_readable_with_non_readable_file(self, file: File, tmp_path):
method test_is_readable_raises_file_not_found_error (line 381) | def test_is_readable_raises_file_not_found_error(self, file: File, tmp...
method test_is_readable_raises_permission_error (line 389) | def test_is_readable_raises_permission_error(
class TestFileIsWritable (line 399) | class TestFileIsWritable:
method test_is_writable_with_writable_file (line 402) | def test_is_writable_with_writable_file(self, file: File, tmp_path):
method test_is_writable_with_non_writable_file (line 410) | def test_is_writable_with_non_writable_file(self, file: File, tmp_path):
method test_is_writable_raises_file_not_found_error (line 426) | def test_is_writable_raises_file_not_found_error(self, file: File, tmp...
method test_is_writable_raises_permission_error (line 434) | def test_is_writable_raises_permission_error(
class TestFileGetSize (line 444) | class TestFileGetSize:
method test_get_size_with_empty_file (line 447) | def test_get_size_with_empty_file(self, file: File, tmp_path):
method test_get_size_with_small_file (line 454) | def test_get_size_with_small_file(self, file: File, tmp_path):
method test_get_size_with_larger_file (line 462) | def test_get_size_with_larger_file(self, file: File, tmp_path):
method test_get_size_raises_file_not_found_error (line 470) | def test_get_size_raises_file_not_found_error(self, file: File, tmp_pa...
method test_get_size_raises_permission_error (line 478) | def test_get_size_raises_permission_error(self, file: File, restricted...
class TestFileGetOwner (line 486) | class TestFileGetOwner:
method test_get_owner (line 489) | def test_get_owner(self, file: File, tmp_path):
method test_get_owner_raises_file_not_found_error (line 507) | def test_get_owner_raises_file_not_found_error(self, file: File, tmp_p...
method test_get_owner_raises_permission_error (line 515) | def test_get_owner_raises_permission_error(self, file: File, restricte...
class TestFileGetUser (line 523) | class TestFileGetUser:
method test_get_user (line 526) | def test_get_user(self, file: File, tmp_path):
method test_get_user_raises_file_not_found_error (line 540) | def test_get_user_raises_file_not_found_error(self, file: File, tmp_pa...
method test_get_user_raises_permission_error (line 548) | def test_get_user_raises_permission_error(self, file: File, restricted...
class TestFileGetGroup (line 556) | class TestFileGetGroup:
method test_get_group (line 559) | def test_get_group(self, file: File, tmp_path):
method test_get_group_raises_file_not_found_error (line 573) | def test_get_group_raises_file_not_found_error(self, file: File, tmp_p...
method test_get_group_raises_permission_error (line 581) | def test_get_group_raises_permission_error(self, file: File, restricte...
class TestFileIsOwnedByUser (line 589) | class TestFileIsOwnedByUser:
method test_is_owned_by_user (line 592) | def test_is_owned_by_user(self, file: File, tmp_path):
method test_is_owned_by_user_raises_file_not_found_error (line 603) | def test_is_owned_by_user_raises_file_not_found_error(self, file: File...
method test_is_owned_by_user_raises_permission_error (line 611) | def test_is_owned_by_user_raises_permission_error(
class TestFileIsOwnedByGroup (line 621) | class TestFileIsOwnedByGroup:
method test_is_owned_by_group (line 624) | def test_is_owned_by_group(self, file: File, tmp_path):
method test_is_owned_by_group_raises_file_not_found_error (line 635) | def test_is_owned_by_group_raises_file_not_found_error(self, file: Fil...
method test_is_owned_by_group_raises_permission_error (line 643) | def test_is_owned_by_group_raises_permission_error(
class TestFileIsOwnedBy (line 653) | class TestFileIsOwnedBy:
method test_is_owned_by (line 656) | def test_is_owned_by(self, file: File, tmp_path):
method test_is_owned_by_raises_file_not_found_error (line 671) | def test_is_owned_by_raises_file_not_found_error(self, file: File, tmp...
method test_is_owned_by_raises_permission_error (line 679) | def test_is_owned_by_raises_permission_error(
FILE: tests/plugins/tests/test_parse.py
class TestParseLines (line 12) | class TestParseLines:
method test_lines_string_literal_found (line 15) | def test_lines_string_literal_found(self, parse):
method test_lines_string_literal_with_comments_default (line 21) | def test_lines_string_literal_with_comments_default(self, parse):
method test_lines_regex_pattern (line 27) | def test_lines_regex_pattern(self, parse):
method test_lines_regex_no_match (line 36) | def test_lines_regex_no_match(self, parse):
method test_lines_regex_with_flags (line 42) | def test_lines_regex_with_flags(self, parse):
method test_lines_regex_multiline (line 48) | def test_lines_regex_multiline(self, parse):
method test_lines_list_unordered (line 54) | def test_lines_list_unordered(self, parse):
method test_lines_list_with_comments (line 64) | def test_lines_list_with_comments(self, parse):
method test_lines_empty_list (line 70) | def test_lines_empty_list(self, parse):
method test_lines_single_pattern_in_list (line 75) | def test_lines_single_pattern_in_list(self, parse):
method test_lines_invalid_pattern_type (line 81) | def test_lines_invalid_pattern_type(self, parse):
method test_lines_empty_content (line 87) | def test_lines_empty_content(self, parse):
method test_lines_only_comments (line 95) | def test_lines_only_comments(self, parse):
method test_lines_explicit_comment_char (line 101) | def test_lines_explicit_comment_char(self, parse):
method test_lines_whitespace_normalization (line 114) | def test_lines_whitespace_normalization(self, parse):
class TestParseLinesOrdered (line 121) | class TestParseLinesOrdered:
method test_sorted_lines_in_order (line 124) | def test_sorted_lines_in_order(self, parse):
method test_sorted_lines_with_comments (line 131) | def test_sorted_lines_with_comments(self, parse):
method test_sorted_lines_empty_list (line 137) | def test_sorted_lines_empty_list(self, parse):
method test_sorted_lines_single_pattern (line 142) | def test_sorted_lines_single_pattern(self, parse):
method test_sorted_lines_ordered_with_gaps (line 148) | def test_sorted_lines_ordered_with_gaps(self, parse):
class TestParseParse (line 155) | class TestParseParse:
method test_parse_json (line 158) | def test_parse_json(self, parse):
method test_parse_json_direct_access (line 166) | def test_parse_json_direct_access(self, parse):
method test_parse_yaml (line 175) | def test_parse_yaml(self, parse):
method test_parse_toml (line 182) | def test_parse_toml(self, parse):
method test_parse_ini (line 189) | def test_parse_ini(self, parse):
method test_parse_keyval (line 196) | def test_parse_keyval(self, parse):
method test_parse_with_lists (line 204) | def test_parse_with_lists(self, parse):
method test_parse_invalid_format (line 213) | def test_parse_invalid_format(self, parse):
method test_parse_ignore_comments (line 219) | def test_parse_ignore_comments(self, parse):
method test_parse_empty_json (line 225) | def test_parse_empty_json(self, parse):
method test_parse_empty_list (line 231) | def test_parse_empty_list(self, parse):
method test_parse_deeply_nested (line 237) | def test_parse_deeply_nested(self, parse):
method test_parse_ignore_comments_false_toml (line 245) | def test_parse_ignore_comments_false_toml(self, parse):
method test_parse_ignore_comments_false_ini (line 251) | def test_parse_ignore_comments_false_ini(self, parse):
method test_parse_ignore_comments_false_keyval (line 257) | def test_parse_ignore_comments_false_keyval(self, parse):
method test_parse_empty_string_json (line 263) | def test_parse_empty_string_json(self, parse):
method test_parse_malformed_yaml (line 269) | def test_parse_malformed_yaml(self, parse):
method test_parse_malformed_toml (line 275) | def test_parse_malformed_toml(self, parse):
method test_parse_malformed_ini (line 281) | def test_parse_malformed_ini(self, parse):
class TestCommentHandling (line 293) | class TestCommentHandling:
method test_comments_json_no_filtering (line 296) | def test_comments_json_no_filtering(self, parse):
method test_comments_yaml_hash (line 303) | def test_comments_yaml_hash(self, parse):
method test_comments_ini_semicolon_and_hash (line 309) | def test_comments_ini_semicolon_and_hash(self, parse):
method test_comments_toml_hash (line 317) | def test_comments_toml_hash(self, parse):
method test_comments_keyval_hash (line 323) | def test_comments_keyval_hash(self, parse):
method test_comments_with_ignore_comments_false (line 329) | def test_comments_with_ignore_comments_false(self, parse):
method test_lines_tuple_pattern_not_supported (line 338) | def test_lines_tuple_pattern_not_supported(self, parse):
FILE: tests/plugins/tests/test_parse_file.py
class TestParseFileLines (line 13) | class TestParseFileLines:
method test_lines_string_literal_found (line 16) | def test_lines_string_literal_found(self, parse_file: ParseFile, tmp_p...
method test_lines_string_literal_with_comments_json (line 26) | def test_lines_string_literal_with_comments_json(
method test_lines_string_literal_with_comments_yaml (line 37) | def test_lines_string_literal_with_comments_yaml(
method test_lines_regex_pattern (line 48) | def test_lines_regex_pattern(self, parse_file: ParseFile, tmp_path):
method test_lines_regex_no_match (line 60) | def test_lines_regex_no_match(self, parse_file: ParseFile, tmp_path):
method test_lines_list_unordered (line 69) | def test_lines_list_unordered(self, parse_file: ParseFile, tmp_path):
method test_lines_format_auto_detection (line 79) | def test_lines_format_auto_detection(self, parse_file: ParseFile, tmp_...
method test_lines_ignore_missing_true (line 89) | def test_lines_ignore_missing_true(self, parse_file: ParseFile, tmp_pa...
method test_lines_ignore_missing_false (line 95) | def test_lines_ignore_missing_false(self, parse_file: ParseFile, tmp_p...
method test_lines_empty_content (line 101) | def test_lines_empty_content(self, parse_file: ParseFile, tmp_path):
method test_lines_only_comments (line 111) | def test_lines_only_comments(self, parse_file: ParseFile, tmp_path):
method test_lines_explicit_comment_char (line 119) | def test_lines_explicit_comment_char(self, parse_file: ParseFile, tmp_...
method test_lines_whitespace_normalization (line 135) | def test_lines_whitespace_normalization(self, parse_file: ParseFile, t...
class TestParseFileLinesOrdered (line 144) | class TestParseFileLinesOrdered:
method test_sorted_lines_in_order (line 147) | def test_sorted_lines_in_order(self, parse_file: ParseFile, tmp_path):
method test_sorted_lines_with_comments (line 157) | def test_sorted_lines_with_comments(self, parse_file: ParseFile, tmp_p...
method test_sorted_lines_ignore_missing (line 166) | def test_sorted_lines_ignore_missing(self, parse_file: ParseFile, tmp_...
method test_sorted_lines_ordered_with_gaps (line 175) | def test_sorted_lines_ordered_with_gaps(self, parse_file: ParseFile, t...
class TestParseFileParse (line 184) | class TestParseFileParse:
method test_parse_json (line 187) | def test_parse_json(self, parse_file: ParseFile, tmp_path):
method test_parse_json_direct_access (line 197) | def test_parse_json_direct_access(self, parse_file: ParseFile, tmp_path):
method test_parse_yaml (line 208) | def test_parse_yaml(self, parse_file: ParseFile, tmp_path):
method test_parse_toml (line 217) | def test_parse_toml(self, parse_file: ParseFile, tmp_path):
method test_parse_ini (line 226) | def test_parse_ini(self, parse_file: ParseFile, tmp_path):
method test_parse_keyval (line 235) | def test_parse_keyval(self, parse_file: ParseFile, tmp_path):
method test_parse_format_auto_detection (line 245) | def test_parse_format_auto_detection(self, parse_file: ParseFile, tmp_...
method test_parse_with_lists (line 253) | def test_parse_with_lists(self, parse_file: ParseFile, tmp_path):
method test_parse_ignore_missing (line 264) | def test_parse_ignore_missing(self, parse_file: ParseFile, tmp_path):
method test_parse_invalid_format (line 273) | def test_parse_invalid_format(self, parse_file: ParseFile, tmp_path):
method test_parse_empty_json (line 280) | def test_parse_empty_json(self, parse_file: ParseFile, tmp_path):
method test_parse_empty_list (line 287) | def test_parse_empty_list(self, parse_file: ParseFile, tmp_path):
method test_parse_deeply_nested (line 294) | def test_parse_deeply_nested(self, parse_file: ParseFile, tmp_path):
method test_parse_ignore_comments_false_toml (line 301) | def test_parse_ignore_comments_false_toml(self, parse_file: ParseFile,...
method test_parse_ignore_comments_false_ini (line 308) | def test_parse_ignore_comments_false_ini(self, parse_file: ParseFile, ...
method test_parse_ignore_comments_false_keyval (line 315) | def test_parse_ignore_comments_false_keyval(self, parse_file: ParseFil...
method test_parse_empty_string_json (line 322) | def test_parse_empty_string_json(self, parse_file: ParseFile, tmp_path):
method test_parse_malformed_yaml (line 329) | def test_parse_malformed_yaml(self, parse_file: ParseFile, tmp_path):
method test_parse_malformed_toml (line 336) | def test_parse_malformed_toml(self, parse_file: ParseFile, tmp_path):
method test_parse_malformed_ini (line 343) | def test_parse_malformed_ini(self, parse_file: ParseFile, tmp_path):
class TestFormatAutoDetection (line 356) | class TestFormatAutoDetection:
method test_auto_detect_json (line 359) | def test_auto_detect_json(self, parse_file: ParseFile, tmp_path):
method test_auto_detect_yaml (line 366) | def test_auto_detect_yaml(self, parse_file: ParseFile, tmp_path):
method test_auto_detect_toml (line 378) | def test_auto_detect_toml(self, parse_file: ParseFile, tmp_path):
method test_auto_detect_ini (line 385) | def test_auto_detect_ini(self, parse_file: ParseFile, tmp_path):
method test_auto_detect_keyval (line 397) | def test_auto_detect_keyval(self, parse_file: ParseFile, tmp_path):
method test_auto_detect_no_extension (line 409) | def test_auto_detect_no_extension(self, parse_file: ParseFile, tmp_path):
class TestCommentHandling (line 422) | class TestCommentHandling:
method test_comments_json_no_filtering (line 425) | def test_comments_json_no_filtering(self, parse_file: ParseFile, tmp_p...
method test_comments_yaml_hash (line 433) | def test_comments_yaml_hash(self, parse_file: ParseFile, tmp_path):
method test_comments_ini_semicolon_and_hash (line 441) | def test_comments_ini_semicolon_and_hash(self, parse_file: ParseFile, ...
method test_comments_toml_hash (line 450) | def test_comments_toml_hash(self, parse_file: ParseFile, tmp_path):
method test_comments_keyval_hash (line 458) | def test_comments_keyval_hash(self, parse_file: ParseFile, tmp_path):
class TestErrorHandling (line 472) | class TestErrorHandling:
method test_missing_file_error_message (line 475) | def test_missing_file_error_message(self, parse_file: ParseFile, tmp_p...
method test_invalid_json (line 483) | def test_invalid_json(self, parse_file: ParseFile, tmp_path):
method test_invalid_path_in_parse (line 490) | def test_invalid_path_in_parse(self, parse_file: ParseFile, tmp_path):
FILE: tests/plugins/timeconf.py
function clocksource_file (line 13) | def clocksource_file() -> str:
function chrony_config_file (line 18) | def chrony_config_file() -> str:
function ptp_hyperv_dev (line 23) | def ptp_hyperv_dev() -> str:
function clocksource (line 28) | def clocksource(clocksource_file: str) -> str:
FILE: tests/plugins/timedatectl.py
class NtpServer (line 11) | class NtpServer:
class TimeSyncStatus (line 17) | class TimeSyncStatus:
class TimeDateCtl (line 47) | class TimeDateCtl:
method __init__ (line 48) | def __init__(self, systemd: Systemd, shell: ShellRunner):
method has_timesync_installed (line 52) | def has_timesync_installed(self) -> bool:
method is_timesyncd_active (line 57) | def is_timesyncd_active(self) -> bool:
method get_ntpserver (line 61) | def get_ntpserver(self) -> NtpServer:
method get_timesync_status (line 105) | def get_timesync_status(self) -> TimeSyncStatus:
method _human_time_to_seconds (line 150) | def _human_time_to_seconds(self, time_span: str) -> int:
function timedatectl (line 165) | def timedatectl(systemd: Systemd, shell: ShellRunner) -> TimeDateCtl:
FILE: tests/plugins/users.py
class User (line 12) | class User:
method __init__ (line 13) | def __init__(self, shell: ShellRunner):
method is_user_sudo (line 16) | def is_user_sudo(self, user):
function cloudinit_default_user (line 26) | def cloudinit_default_user() -> Optional[str]:
function pytest_addoption (line 39) | def pytest_addoption(parser: pytest.Parser):
function pytest_configure (line 48) | def pytest_configure(config: pytest.Config):
function expected_users (line 58) | def expected_users():
function user (line 63) | def user(shell: ShellRunner):
function get_regular_users (line 68) | def get_regular_users(regular_user_uid_range):
function get_all_users (line 78) | def get_all_users():
FILE: tests/plugins/utils.py
function equals_ignore_case (line 11) | def equals_ignore_case(a: str, b: str) -> bool:
function get_normalized_sets (line 15) | def get_normalized_sets(*sets: set) -> tuple[set, ...]:
function is_set (line 20) | def is_set(obj) -> bool:
function tree (line 24) | def tree(path: str) -> set[str]:
function check_for_duplicates (line 39) | def check_for_duplicates(entries: List[T]) -> List[T]:
function get_cname_from_os_release (line 54) | def get_cname_from_os_release() -> Optional[str]:
FILE: tests/util/container/enter_host_ns.c
function host_nsenter (line 23) | static void host_nsenter()
function main (line 48) | int main(int argc, char **argv)
FILE: tests/util/coverage.py
class Config (line 50) | class Config:
class RegexPatterns (line 74) | class RegexPatterns:
method __init__ (line 77) | def __init__(self, config: Config):
class PathMatcher (line 85) | class PathMatcher:
method normalize (line 89) | def normalize(path: str) -> str:
method matches (line 94) | def matches(path1: str, path2: str) -> bool:
method find_in_list (line 105) | def find_in_list(file_list: List[Dict[str, Any]], path: str) -> Option...
method find_in_dict (line 118) | def find_in_dict(mappings: Dict[str, Any], path: str) -> Optional[Any]:
function extract_markers_from_yaml_mapping (line 129) | def extract_markers_from_yaml_mapping(mapping: Any) -> List[str]:
function extract_markers_from_include_file (line 154) | def extract_markers_from_include_file(
function load_feature_excludes (line 204) | def load_feature_excludes(repo_root: Path) -> Set[str]:
function load_ids_files (line 226) | def load_ids_files(feature_dir: Path) -> Dict[str, Any]:
function extract_markers_from_features (line 269) | def extract_markers_from_features(
function detect_duplicate_markers (line 385) | def detect_duplicate_markers(
function find_markers_in_test_files (line 425) | def find_markers_in_test_files(repo_root: Path) -> Set[str]:
function count_test_functions (line 460) | def count_test_functions(repo_root: Path) -> Dict[str, int]:
function calculate_coverage_stats (line 538) | def calculate_coverage_stats(
function build_report_v1_0 (line 601) | def build_report_v1_0(
function report_duplicate_errors (line 705) | def report_duplicate_errors(
function generate_cli_report (line 751) | def generate_cli_report(
function generate_junit_xml_report (line 852) | def generate_junit_xml_report(
function generate_json_report (line 995) | def generate_json_report(
function main (line 1053) | def main():
FILE: tests/util/metadata-server.py
class MetadataHandler (line 18) | class MetadataHandler(http.server.BaseHTTPRequestHandler):
method do_GET (line 19) | def do_GET(self):
method log_message (line 40) | def log_message(self, format, *args):
function shutdown_handler (line 48) | def shutdown_handler(signum, frame):
FILE: tests/util/sysdiff.py
function list_snapshots (line 39) | def list_snapshots(sysdiff: Sysdiff, verbose: bool = False):
function diff_snapshots (line 66) | def diff_snapshots(
function delete_snapshots (line 94) | def delete_snapshots(sysdiff: Sysdiff, snapshot_names: list, verbose: bo...
function main (line 129) | def main():
FILE: tests/util/tests/test_coverage.py
class TestConfig (line 29) | class TestConfig:
method test_config_is_immutable (line 32) | def test_config_is_immutable(self):
method test_config_default_values (line 37) | def test_config_default_values(self):
method test_config_instance_creation (line 47) | def test_config_instance_creation(self):
class TestPathMatcher (line 57) | class TestPathMatcher:
method test_normalize_removes_quotes_and_slashes (line 60) | def test_normalize_removes_quotes_and_slashes(self):
method test_matches_with_exact_paths (line 67) | def test_matches_with_exact_paths(self):
method test_matches_with_leading_slash_variants (line 72) | def test_matches_with_leading_slash_variants(self):
method test_matches_with_quotes (line 77) | def test_matches_with_quotes(self):
method test_find_in_list_with_exact_match (line 82) | def test_find_in_list_with_exact_match(self):
method test_find_in_list_with_normalized_match (line 91) | def test_find_in_list_with_normalized_match(self):
method test_find_in_list_returns_none_for_no_match (line 99) | def test_find_in_list_returns_none_for_no_match(self):
method test_find_in_list_handles_invalid_input (line 105) | def test_find_in_list_handles_invalid_input(self):
method test_find_in_dict_with_exact_match (line 114) | def test_find_in_dict_with_exact_match(self):
method test_find_in_dict_with_variant_match (line 123) | def test_find_in_dict_with_variant_match(self):
method test_find_in_dict_returns_none_for_no_match (line 129) | def test_find_in_dict_returns_none_for_no_match(self):
method test_find_in_dict_handles_invalid_input (line 135) | def test_find_in_dict_handles_invalid_input(self):
class TestSettingIDExtraction (line 141) | class TestSettingIDExtraction:
method test_extract_markers_from_yaml_mapping_with_string (line 144) | def test_extract_markers_from_yaml_mapping_with_string(self):
method test_extract_markers_from_yaml_mapping_with_non_marker_string (line 150) | def test_extract_markers_from_yaml_mapping_with_non_marker_string(self):
method test_extract_markers_from_yaml_mapping_with_dict (line 156) | def test_extract_markers_from_yaml_mapping_with_dict(self):
method test_extract_markers_from_yaml_mapping_with_list (line 166) | def test_extract_markers_from_yaml_mapping_with_list(self):
method test_extract_markers_from_yaml_mapping_with_nested_structure (line 174) | def test_extract_markers_from_yaml_mapping_with_nested_structure(self):
method test_extract_markers_from_yaml_mapping_with_empty_input (line 188) | def test_extract_markers_from_yaml_mapping_with_empty_input(self):
method test_extract_markers_from_include_file_with_new_structure (line 196) | def test_extract_markers_from_include_file_with_new_structure(
method test_extract_markers_from_include_file_with_old_structure (line 223) | def test_extract_markers_from_include_file_with_old_structure(
method test_extract_markers_from_include_file_with_initrd_include (line 245) | def test_extract_markers_from_include_file_with_initrd_include(
method test_extract_markers_from_include_file_no_mapping (line 269) | def test_extract_markers_from_include_file_no_mapping(self, mock_relat...
method test_extract_markers_from_include_file_not_include_dir (line 285) | def test_extract_markers_from_include_file_not_include_dir(self, mock_...
class TestFeatureProcessing (line 301) | class TestFeatureProcessing:
method test_load_feature_excludes_with_valid_file (line 304) | def test_load_feature_excludes_with_valid_file(self):
method test_load_feature_excludes_ignores_comments (line 319) | def test_load_feature_excludes_ignores_comments(self):
method test_load_feature_excludes_nonexistent_file (line 328) | def test_load_feature_excludes_nonexistent_file(self):
method test_load_feature_excludes_handles_exceptions (line 334) | def test_load_feature_excludes_handles_exceptions(self):
class TestDuplicateDetection (line 342) | class TestDuplicateDetection:
method test_detect_duplicate_markers_within_feature (line 345) | def test_detect_duplicate_markers_within_feature(self):
method test_detect_duplicate_markers_across_features (line 357) | def test_detect_duplicate_markers_across_features(self):
method test_detect_duplicate_markers_no_duplicates (line 370) | def test_detect_duplicate_markers_no_duplicates(self):
method test_detect_duplicate_markers_empty_input (line 382) | def test_detect_duplicate_markers_empty_input(self):
class TestTestFileSearching (line 389) | class TestTestFileSearching:
method test_find_markers_in_test_files (line 393) | def test_find_markers_in_test_files(self, mock_glob):
method test_find_markers_handles_file_errors (line 411) | def test_find_markers_handles_file_errors(self, mock_glob):
method test_find_markers_multiple_occurrences (line 422) | def test_find_markers_multiple_occurrences(self, mock_glob):
class TestReportGeneration (line 437) | class TestReportGeneration:
method test_build_report_v1_0_complete_structure (line 440) | def test_build_report_v1_0_complete_structure(self):
method test_build_report_v1_0_with_excluded_features (line 460) | def test_build_report_v1_0_with_excluded_features(self):
method test_build_report_v1_0_100_percent_coverage (line 474) | def test_build_report_v1_0_100_percent_coverage(self):
method test_build_report_v1_0_zero_coverage (line 487) | def test_build_report_v1_0_zero_coverage(self):
method test_generate_json_report_writes_file (line 500) | def test_generate_json_report_writes_file(self):
method test_generate_json_report_invalid_schema_version (line 522) | def test_generate_json_report_invalid_schema_version(self):
method test_generate_json_report_handles_file_errors (line 529) | def test_generate_json_report_handles_file_errors(self):
class TestCalculateCoverageStats (line 551) | class TestCalculateCoverageStats:
method test_calculates_correct_totals (line 554) | def test_calculates_correct_totals(self):
method test_identifies_orphaned_ids (line 569) | def test_identifies_orphaned_ids(self):
method test_handles_empty_inputs (line 580) | def test_handles_empty_inputs(self):
method test_coverage_percentage_calculation (line 590) | def test_coverage_percentage_calculation(self):
method test_groups_by_feature_correctly (line 608) | def test_groups_by_feature_correctly(self):
class TestJunitXmlReport (line 624) | class TestJunitXmlReport:
method test_xml_structure_is_valid (line 627) | def test_xml_structure_is_valid(self):
method test_includes_all_test_suites (line 641) | def test_includes_all_test_suites(self):
method test_handles_failures_correctly (line 657) | def test_handles_failures_correctly(self):
method test_reports_duplicates_in_xml (line 671) | def test_reports_duplicates_in_xml(self):
method test_reports_orphaned_ids (line 690) | def test_reports_orphaned_ids(self):
method test_writes_to_file (line 705) | def test_writes_to_file(self, mock_write, mock_mkdir):
class TestConsoleReporting (line 720) | class TestConsoleReporting:
method test_generate_cli_report_returns_correct_counts (line 724) | def test_generate_cli_report_returns_correct_counts(self, mock_print):
method test_generate_cli_report_all_covered (line 745) | def test_generate_cli_report_all_covered(self, mock_print):
class TestRegexPatterns (line 764) | class TestRegexPatterns:
method test_regex_patterns_initialization (line 767) | def test_regex_patterns_initialization(self):
method test_marker_pattern_matches (line 773) | def test_marker_pattern_matches(self):
method test_marker_pattern_non_matches (line 780) | def test_marker_pattern_non_matches(self):
method test_inline_comment_pattern_matches (line 786) | def test_inline_comment_pattern_matches(self):
method test_inline_comment_pattern_ignores_double_hash (line 793) | def test_inline_comment_pattern_ignores_double_hash(self):
class TestValidationErrors (line 799) | class TestValidationErrors:
method test_extract_markers_from_features_returns_validation_errors (line 802) | def test_extract_markers_from_features_returns_validation_errors(self):
method test_extract_markers_from_features_detects_missing_file_include_files (line 812) | def test_extract_markers_from_features_detects_missing_file_include_fi...
method test_extract_markers_from_features_detects_missing_initrd_include_files (line 836) | def test_extract_markers_from_features_detects_missing_initrd_include_...
method test_extract_markers_from_features_no_errors_when_files_exist (line 860) | def test_extract_markers_from_features_no_errors_when_files_exist(self...
method test_main_returns_one_on_validation_errors (line 887) | def test_main_returns_one_on_validation_errors(
method test_main_reports_all_validation_errors_grouped_by_feature (line 906) | def test_main_reports_all_validation_errors_grouped_by_feature(
class TestMainFunction (line 935) | class TestMainFunction:
method test_main_returns_zero_on_success (line 945) | def test_main_returns_zero_on_success(
method test_main_returns_one_on_duplicates (line 971) | def test_main_returns_one_on_duplicates(
method test_main_returns_two_on_untested (line 998) | def test_main_returns_two_on_untested(
method test_main_returns_three_on_orphaned (line 1029) | def test_main_returns_three_on_orphaned(
method test_main_returns_four_on_both_untested_and_orphaned (line 1057) | def test_main_returns_four_on_both_untested_and_orphaned(
method test_main_returns_one_when_features_dir_missing (line 1082) | def test_main_returns_one_when_features_dir_missing(self, mock_exists):
method test_main_returns_one_when_tests_dir_missing (line 1090) | def test_main_returns_one_when_tests_dir_missing(self, mock_exists):
FILE: tests/util/update_runtime.py
function error (line 25) | def error(msg: str) -> None:
function parse_env_file (line 31) | def parse_env_file(env_file: Path) -> Dict[str, str]:
function get_latest_release (line 50) | def get_latest_release(github: Github, repo_owner: str, repo_name: str):
function get_checksum_from_digest (line 64) | def get_checksum_from_digest(asset) -> str:
function extract_info (line 74) | def extract_info(release, version_short: str) -> Dict[str, str]:
function update_file (line 141) | def update_file(env_file: Path, new_values: Dict[str, str]) -> bool:
function main (line 183) | def main():
FILE: tools/clean_ec2_ami.py
function response_ok (line 9) | def response_ok(response: dict):
function delete_snapshot (line 17) | def delete_snapshot(client, snapshot_id: str):
function find_snapshots (line 25) | def find_snapshots(client, ami_id: str):
function get_resource_tags (line 43) | def get_resource_tags(client, resource_id: str, key: str = None):
function find_ami_by_name_across_regions (line 64) | def find_ami_by_name_across_regions(client, ami_name: str, mk_session: c...
function find_ami_copies (line 85) | def find_ami_copies(session, mk_session: callable, source_ami_id: str):
function un_public_ami (line 106) | def un_public_ami(ec2_client, ami_id: str, no_dry_run: bool = False):
function delete_ami_with_snapshot (line 127) | def delete_ami_with_snapshot(ec2_client, ami_id: str, no_dry_run: bool =...
function setup_and_run_argparser (line 147) | def setup_and_run_argparser():
FILE: tools/clean_openstack_images.py
class OpenStackRC (line 10) | class OpenStackRC:
method is_complete (line 19) | def is_complete(self) -> bool:
function setup_and_run_argparser (line 36) | def setup_and_run_argparser():
function get_openstack_rc (line 85) | def get_openstack_rc(args) -> list[OpenStackRC]:
function get_images_by_name (line 125) | def get_images_by_name(glance_proxy, name: str, visibility: str = "publi...
function get_image_by_id (line 135) | def get_image_by_id(glance_proxy, id: str):
function main (line 139) | def main():
FILE: tools/import-azure-machine-image.py
class AZCredentials (line 22) | class AZCredentials:
function with_tags (line 27) | def with_tags(p: dict, tags: dict = None):
function with_generated_default (line 33) | def with_generated_default(
function azure_credentials (line 71) | def azure_credentials(
function check_location_available (line 105) | def check_location_available(credentials: AZCredentials, location):
class AzureImageBuild (line 121) | class AzureImageBuild:
method __init__ (line 122) | def __init__(self, args):
method az_get_resource_group (line 165) | def az_get_resource_group(self, name: str):
method az_create_resource_group (line 174) | def az_create_resource_group(self, name: str, location: str):
method az_get_storage_account (line 189) | def az_get_storage_account(self, name: str):
method az_create_storage_account (line 206) | def az_create_storage_account(self, name: str):
method upload_image_file (line 233) | def upload_image_file(
method az_get_image_gallery (line 323) | def az_get_image_gallery(self, name: str):
method az_create_image_gallery (line 338) | def az_create_image_gallery(self, name: str, community_gallery: bool =...
method az_get_gallery_image_definition (line 378) | def az_get_gallery_image_definition(self, name: str):
method az_create_gallery_image_definition (line 395) | def az_create_gallery_image_definition(self, name: str):
method az_get_gallery_image_version (line 418) | def az_get_gallery_image_version(self, version: str):
method az_create_gallery_image_version (line 436) | def az_create_gallery_image_version(self, version: str, image_id: str):
method run (line 463) | def run(self):
method _argparse_register (line 526) | def _argparse_register(cls, parser):
method _main (line 628) | def _main(cls):
FILE: tools/import-ec2-ami.py
function response_ok (line 27) | def response_ok(response: dict):
class S3Bucket (line 36) | class S3Bucket:
method __init__ (line 38) | def __init__(self, s3_client, logger, bucket_name, region_name, tags =...
method exists (line 47) | def exists(self):
method create_storage_bucket (line 63) | def create_storage_bucket(self):
method delete_storage_bucket (line 143) | def delete_storage_bucket(self, force: bool = False):
class Ec2ImageImport (line 158) | class Ec2ImageImport:
method __init__ (line 159) | def __init__(self, args):
method aws_command_prefix (line 184) | def aws_command_prefix(self):
method upload_image (line 188) | def upload_image(self):
method import_snapshot (line 251) | def import_snapshot(self):
method tag_resource (line 306) | def tag_resource(self, resource_id, tag_specifications):
method register_image (line 324) | def register_image(self, snapshot_id):
method make_amis_public (line 388) | def make_amis_public(self, amis):
method distribute_ami (line 408) | def distribute_ami(self, src_ami):
method run (line 439) | def run(self):
method _argparse_register (line 466) | def _argparse_register(cls, parser):
method _main (line 541) | def _main(cls):
Condensed preview — 1260 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (2,426K chars).
[
{
"path": ".dockerignore",
"chars": 5,
"preview": "/.*\n\n"
},
{
"path": ".flake8",
"chars": 184,
"preview": "[flake8]\nmax-line-length = 101\nselect = E101,E117,E201,E202,E203,E225,E251,E3,E4,E5,E703,E9,W1,W2,W3,W6,F\nignore = E501 "
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.yml",
"chars": 2806,
"preview": "---\nname: Bug Report\ndescription: Found a bug? Let us know!\ntitle: \"[BUG] \"\nlabels: [\"kind/bug\"]\ntype: bug\nbody:\n - typ"
},
{
"path": ".github/ISSUE_TEMPLATE/enhancement_request.yml",
"chars": 1581,
"preview": "---\nname: Enhancement Request\ndescription: Suggest an Enhancement to Garden Linux.\ntitle: \"[ER] \"\nlabels: [\"kind/enhance"
},
{
"path": ".github/dependabot.yml",
"chars": 579,
"preview": "# Docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dep"
},
{
"path": ".github/labeler.yml",
"chars": 2048,
"preview": "# GitHub Actions\ngithub-actions:\n- changed-files:\n - any-glob-to-any-file: '.github/workflows/**'\n\n# Non workflow relat"
},
{
"path": ".github/pull_request_template.md",
"chars": 801,
"preview": "**What this PR does / why we need it**:\n\n**Which issue(s) this PR fixes**:\nFixes #\n\n**Definition of Done:**\n- [ ] The co"
},
{
"path": ".github/release.yml",
"chars": 615,
"preview": "changelog:\n exclude:\n labels:\n - ignore-for-release\n - github-settings\n authors:\n - dependabot\n c"
},
{
"path": ".github/workflows/README.md",
"chars": 394,
"preview": "# Workflows\n\n## Dev\nRuns on `push` and `pull_request` (enabled for branches created by Garden Linux Developer)\n1. Build "
},
{
"path": ".github/workflows/build.yml",
"chars": 4680,
"preview": "name: build\non:\n workflow_call:\n inputs:\n version:\n description: \"Garden Linux version\"\n type: st"
},
{
"path": ".github/workflows/build_bare_flavor.yml",
"chars": 1636,
"preview": "name: build_flavor\non:\n workflow_call:\n inputs:\n arch:\n type: string\n default: \"amd64\"\n bare"
},
{
"path": ".github/workflows/build_flavor.yml",
"chars": 3378,
"preview": "name: build_flavor\non:\n workflow_call:\n inputs:\n arch:\n type: string\n default: \"amd64\"\n flav"
},
{
"path": ".github/workflows/build_flavors_matrix.yml",
"chars": 1604,
"preview": "on:\n workflow_call:\n inputs:\n flags:\n description: \"Flags passed to bin/flavors_parse.py\"\n type: "
},
{
"path": ".github/workflows/build_kmodbuild_container.yml",
"chars": 3483,
"preview": "name: build_kmodbuild_container\non:\n workflow_call:\n inputs:\n version:\n type: string\n required: t"
},
{
"path": ".github/workflows/build_lima_yaml_container.yml",
"chars": 1398,
"preview": "name: Build Lima Container\non:\n workflow_dispatch:\n schedule:\n - cron: '0 0 * * 0'\njobs:\n lima_manifest_container:"
},
{
"path": ".github/workflows/build_requirements.yml",
"chars": 4568,
"preview": "name: build_requirements\non:\n workflow_call:\n inputs:\n version:\n type: string\n default: today\n "
},
{
"path": ".github/workflows/build_tests.yml",
"chars": 2739,
"preview": "name: test_flavor\non:\n workflow_call:\n inputs:\n commit_id:\n type: string\n required: true\n ve"
},
{
"path": ".github/workflows/check_adr_numbering.yml",
"chars": 1693,
"preview": "name: Check ADR Numbering\non:\n push:\n branches: [\"main\"]\n pull_request:\n branches: [\"main\"]\n\npermissions:\n cont"
},
{
"path": ".github/workflows/cloud_test_cleanup.yml",
"chars": 9989,
"preview": "name: Cloud Test Cleanup\non:\n schedule:\n - cron: \"0 2 * * *\" # Run daily at 2 AM UTC\n # manual trigger\n workflow_d"
},
{
"path": ".github/workflows/cpe.yml",
"chars": 869,
"preview": "name: Generate and upload CPE to a release\n\non:\n workflow_dispatch:\n inputs:\n version:\n description: Ver"
},
{
"path": ".github/workflows/dev.yml",
"chars": 1668,
"preview": "name: dev\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}-dev\n cancel-in-progress: true\non:\n push:\n "
},
{
"path": ".github/workflows/dev_tests.yml",
"chars": 3599,
"preview": "name: dev - test framework\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}-dev-tests\n cancel-in-progress"
},
{
"path": ".github/workflows/differential-shellcheck.yml",
"chars": 693,
"preview": "name: Differential ShellCheck\non:\n push:\n branches:\n - main\n - rel-*\n pull_request:\n branches:\n - main\n"
},
{
"path": ".github/workflows/download_flavor_version_data.yml",
"chars": 1399,
"preview": "name: download_flavor_version_data\non:\n workflow_call:\n inputs:\n run_id:\n type: string\n required:"
},
{
"path": ".github/workflows/download_flavors_images.yml",
"chars": 2558,
"preview": "name: download_flavor_images\non:\n workflow_call:\n inputs:\n commit_id:\n type: string\n required: tr"
},
{
"path": ".github/workflows/download_workflow_data.yml",
"chars": 2871,
"preview": "name: download_workflow_data\non:\n workflow_call:\n inputs:\n run_id:\n type: string\n required: true\n"
},
{
"path": ".github/workflows/format_diff.py",
"chars": 9094,
"preview": "#!/usr/bin/env python3\nimport os\nimport sys\nimport yaml\nimport json\n\n# This script takes the differ_files results from t"
},
{
"path": ".github/workflows/generate_diff.sh",
"chars": 2138,
"preview": "#!/usr/bin/env bash\n\nset -euo pipefail\n\nwhitelist=()\n\nnightly_whitelist=(\"etc/apt/sources\\.list\\.d/gardenlinux\\.sources\""
},
{
"path": ".github/workflows/get_workflow_infos.yml",
"chars": 1905,
"preview": "name: Get workflow infos by run number\n\non:\n workflow_call:\n inputs:\n workflow_name:\n type: string\n "
},
{
"path": ".github/workflows/github.mjs",
"chars": 3948,
"preview": "export async function dispatchRetryWorkflow(core, githubActions, context, refName, retries = 1) {\n if (context.runAtt"
},
{
"path": ".github/workflows/github_rerun_workflow.yml",
"chars": 1175,
"preview": "name: Re-run workflow run\non:\n # triggered manually\n workflow_dispatch:\n inputs:\n run_id:\n description:"
},
{
"path": ".github/workflows/labeler.yml",
"chars": 272,
"preview": "name: \"Pull Request Labeler\"\non:\n - pull_request_target\njobs:\n triage:\n permissions:\n pull-requests: write\n "
},
{
"path": ".github/workflows/manual_gh_release_page.yml",
"chars": 9322,
"preview": "name: release page\non:\n workflow_dispatch:\n inputs:\n run_id:\n description: Build workflow run ID\n "
},
{
"path": ".github/workflows/manual_release.yml",
"chars": 6975,
"preview": "# Build and publish\nname: Build and publish a release\nconcurrency:\n group: ${{ inputs.ignore_workflow_concurrency && gi"
},
{
"path": ".github/workflows/manual_tag_latest_container.yml",
"chars": 508,
"preview": "name: Tag a container as latest manually\non:\n workflow_dispatch:\n inputs:\n version:\n description: 'Garde"
},
{
"path": ".github/workflows/manual_tests.yml",
"chars": 7523,
"preview": "# Tests artifacts\nname: Execute tests\nconcurrency:\n group: ${{ inputs.ignore_workflow_concurrency && github.run_id || f"
},
{
"path": ".github/workflows/nightly.yml",
"chars": 5376,
"preview": "name: nightly\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}-nightly\n cancel-in-progress: true\non:\n sc"
},
{
"path": ".github/workflows/publish.yml",
"chars": 3947,
"preview": "name: 'Publish to ghcr.io'\non:\n workflow_dispatch:\n inputs:\n run_id:\n description: Build workflow run ID"
},
{
"path": ".github/workflows/publish_kmodbuild_container.yml",
"chars": 1814,
"preview": "# @TODO: Replace with safe OCI manifast handling variant\nname: Publish container images\non:\n workflow_call:\n inputs:"
},
{
"path": ".github/workflows/publish_oci_containers.yml",
"chars": 19610,
"preview": "# @TODO: Replace with safe OCI manifast handling variant\nname: publish_oci_containers\non:\n workflow_call:\n inputs:\n "
},
{
"path": ".github/workflows/publish_s3.yml",
"chars": 9660,
"preview": "name: 'Publish to S3'\non:\n workflow_dispatch:\n inputs:\n run_id:\n description: Build workflow run ID\n "
},
{
"path": ".github/workflows/reproducable_test.yml",
"chars": 10277,
"preview": "name: Check build reproducibility\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}-reproducibility\n cance"
},
{
"path": ".github/workflows/tag_latest_container.yml",
"chars": 1857,
"preview": "name: \"Tag latest and release container\"\non:\n workflow_call:\n inputs:\n version:\n required: true\n "
},
{
"path": ".github/workflows/test_flavor_chroot.yml",
"chars": 2443,
"preview": "name: test_flavor\non:\n workflow_call:\n inputs:\n arch:\n type: string\n default: \"amd64\"\n flavo"
},
{
"path": ".github/workflows/test_flavor_cloud.yml",
"chars": 9761,
"preview": "name: test_flavor\non:\n workflow_call:\n inputs:\n arch:\n type: string\n default: \"amd64\"\n flavo"
},
{
"path": ".github/workflows/test_flavor_oci.yml",
"chars": 2836,
"preview": "name: test_flavor\non:\n workflow_call:\n inputs:\n arch:\n type: string\n default: \"amd64\"\n flavo"
},
{
"path": ".github/workflows/test_flavor_qemu.yml",
"chars": 4367,
"preview": "name: test_flavor\non:\n workflow_call:\n inputs:\n arch:\n type: string\n default: \"amd64\"\n flavo"
},
{
"path": ".github/workflows/test_report.yml",
"chars": 2888,
"preview": "name: test_report\non:\n workflow_call:\n inputs:\n test_jobs:\n description: \"Comma-separated list of test j"
},
{
"path": ".github/workflows/test_update_python_runtime.yml",
"chars": 4550,
"preview": "name: Test - Update Python Runtime\n\non:\n workflow_dispatch:\n schedule:\n # Run at 12:00 noon CEST (10:00 UTC)\n - "
},
{
"path": ".github/workflows/tests.yml",
"chars": 9461,
"preview": "name: tests\non:\n # triggered by other workflows\n workflow_call:\n inputs:\n flavors_matrix:\n description:"
},
{
"path": ".github/workflows/upload_to_github_release.yml",
"chars": 3977,
"preview": "name: upload to S3\non:\n workflow_call:\n inputs:\n commit_id:\n type: string\n required: true\n v"
},
{
"path": ".github/workflows/upload_to_s3.yml",
"chars": 4117,
"preview": "name: upload to S3\non:\n workflow_call:\n inputs:\n commit_id:\n type: string\n required: true\n v"
},
{
"path": ".gitignore",
"chars": 1249,
"preview": "/.build\n/.buildlogs\n/.packages\n/.repository\n/.tofuenv\n/repository/reprepro/db\n/repository/reprepro/logs\n/features/_dev/i"
},
{
"path": "CODEOWNERS",
"chars": 186,
"preview": "# gardenlinux maintainers\n* @gardenlinux/garden-linux-maintainers\n\n# Gardener Responsibility for the Gardener Feature\n/f"
},
{
"path": "CONTRIBUTING.md",
"chars": 5667,
"preview": "# Contributing to Garden Linux\n\n## Code of conduct\n\nAll members of the Garden Linux community must abide by the [CNCF Co"
},
{
"path": "Containerfile.lima-manifest",
"chars": 411,
"preview": "FROM ghcr.io/gardenlinux/glrd:latest\n\nLABEL org.opencontainers.image.source=https://github.com/gardenlinux/gardenlinux\nL"
},
{
"path": "LICENSE.md",
"chars": 1134,
"preview": "Copyright 2017 Tianon Gravi <tianon@debian.org>\nCopyright 2025 SAP SE <gardenlinux-admin@lists.neonephos.org>\n\nPermissio"
},
{
"path": "LICENSES/Apache-2.0.txt",
"chars": 10280,
"preview": "Apache License\nVersion 2.0, January 2004\nhttp://www.apache.org/licenses/\n\nTERMS AND CONDITIONS FOR USE, REPRODUCTION, AN"
},
{
"path": "LICENSES/CC-BY-4.0.txt",
"chars": 16983,
"preview": "Creative Commons Attribution 4.0 International\n\n Creative Commons Corporation (“Creative Commons”) is not a law firm and"
},
{
"path": "LICENSES/LGPL-2.1-or-later.txt",
"chars": 26001,
"preview": "GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n5"
},
{
"path": "LICENSES/MIT.txt",
"chars": 1078,
"preview": "MIT License\n\nCopyright (c) <year> <copyright holders>\n\nPermission is hereby granted, free of charge, to any person obtai"
},
{
"path": "Makefile",
"chars": 2762,
"preview": "SHELL := /usr/bin/env bash\n.SHELLFLAGS := -euo pipefail -c\n\n# get git root - if running as git submodule, return parent "
},
{
"path": "Pipfile",
"chars": 253,
"preview": "[[source]]\nurl = \"https://pypi.org/simple\"\nverify_ssl = true\nname = \"pypi\"\n\n[packages]\nrequests = \"*\"\ngardenlinux = {ref"
},
{
"path": "README.md",
"chars": 7575,
"preview": "<p style=\"text-align: center;\">\n <a href=\"https://github.com/gardenlinux/gardenlinux/releases\" target=\"_blank\">\n "
},
{
"path": "REUSE.toml",
"chars": 2122,
"preview": "version = 1\nSPDX-PackageName = \"gardenlinux\"\nSPDX-PackageSupplier = \"GardenLinux authors <gardenlinux-admin@lists.neonep"
},
{
"path": "SCOPE.md",
"chars": 3324,
"preview": "# Project Scope\n\n## Overview\n\nThe Garden Linux Project develops and maintains a minimal, purpose-built operating system "
},
{
"path": "SECURITY.md",
"chars": 9231,
"preview": "# Garden Linux Security Response Process\n\nGarden Linux has a growing community of volunteers and users. The Garden Linux"
},
{
"path": "VERSION.md",
"chars": 474,
"preview": "# Versioning\n\nGarden Linux is versioned by the day of the created binary release (image):\n\nThe Release 1 would have been"
},
{
"path": "bare_flavors/libc/base",
"chars": 10,
"preview": "container\n"
},
{
"path": "bare_flavors/libc/dpkg_include",
"chars": 6,
"preview": "libc6\n"
},
{
"path": "bare_flavors/libc/include",
"chars": 22,
"preview": "usr/share/zoneinfo/.*\n"
},
{
"path": "bare_flavors/libc/mode",
"chars": 18,
"preview": "dpkg-dependencies\n"
},
{
"path": "bare_flavors/libc/target",
"chars": 10,
"preview": "container\n"
},
{
"path": "bare_flavors/libc/test/Containerfile",
"chars": 141,
"preview": "ARG image\n\nFROM gcc AS compile\nCOPY test.c /\nRUN gcc -O2 -o test test.c && ldd test\n\nFROM $image\nCOPY --from=compile /te"
},
{
"path": "bare_flavors/libc/test/test.c",
"chars": 101,
"preview": "#include <stdio.h>\n\nint main(int argc, char **argv)\n{\n\tprintf(\"argv[0]=%s\\n\", argv[0]);\n\treturn 0;\n}\n"
},
{
"path": "bare_flavors/nodejs/base",
"chars": 10,
"preview": "container\n"
},
{
"path": "bare_flavors/nodejs/include",
"chars": 34,
"preview": "usr/bin/env\nusr/share/zoneinfo/.*\n"
},
{
"path": "bare_flavors/nodejs/mode",
"chars": 17,
"preview": "ldd-dependencies\n"
},
{
"path": "bare_flavors/nodejs/target",
"chars": 17,
"preview": "container-nodejs\n"
},
{
"path": "bare_flavors/nodejs/test/Containerfile",
"chars": 65,
"preview": "ARG image\n\nFROM $image\nCOPY test.js /\nCMD [ \"node\", \"/test.js\" ]\n"
},
{
"path": "bare_flavors/nodejs/test/test.js",
"chars": 43,
"preview": "console.log(`argv[0]=${process.argv[0]}`);\n"
},
{
"path": "bare_flavors/python/base",
"chars": 10,
"preview": "container\n"
},
{
"path": "bare_flavors/python/include",
"chars": 34,
"preview": "usr/bin/env\nusr/share/zoneinfo/.*\n"
},
{
"path": "bare_flavors/python/mode",
"chars": 17,
"preview": "ldd-dependencies\n"
},
{
"path": "bare_flavors/python/target",
"chars": 17,
"preview": "container-python\n"
},
{
"path": "bare_flavors/python/test/Containerfile",
"chars": 68,
"preview": "ARG image\n\nFROM $image\nCOPY test.py /\nCMD [ \"python3\", \"/test.py\" ]\n"
},
{
"path": "bare_flavors/python/test/test.py",
"chars": 68,
"preview": "#!/usr/bin/env python3\n\nimport sys\n\nprint(f\"argv[0]={sys.argv[0]}\")\n"
},
{
"path": "bare_flavors/sapmachine/base",
"chars": 15,
"preview": "container_curl\n"
},
{
"path": "bare_flavors/sapmachine/mode",
"chars": 17,
"preview": "ldd-dependencies\n"
},
{
"path": "bare_flavors/sapmachine/target",
"chars": 21,
"preview": "container-sapmachine\n"
},
{
"path": "bare_flavors/sapmachine/test/Containerfile",
"chars": 222,
"preview": "ARG image\n\nFROM docker.io/library/sapmachine:latest AS compile\nCOPY Test.java /\nRUN javac Test.java && jar -c -f test.ja"
},
{
"path": "bare_flavors/sapmachine/test/Test.java",
"chars": 91,
"preview": "class Test {\n\tpublic static void main(String[] args) {\n\t\tSystem.out.println(\"hello\");\n\t}\n}\n"
},
{
"path": "bin/.constants.sh",
"chars": 4241,
"preview": "#!/usr/bin/env bash\n\n# constants of the universe\nexport TZ='UTC' LC_ALL='C'\numask 0022\nscriptsDir=\"$(dirname \"$(readlink"
},
{
"path": "bin/.dpkg-arch.sh",
"chars": 501,
"preview": "#!/usr/bin/env bash\nset -Eeuo pipefail\n\nthisDir=\"$(dirname \"$(readlink -f \"$BASH_SOURCE\")\")\"\nsource \"$thisDir/.constants"
},
{
"path": "bin/.fix-apt-comments.sh",
"chars": 729,
"preview": "#!/usr/bin/env bash\nset -Eeuo pipefail\n\nthisDir=\"$(dirname \"$(readlink -f \"$BASH_SOURCE\")\")\"\nsource \"$thisDir/.constants"
},
{
"path": "bin/.tar-exclude",
"chars": 1758,
"preview": "# the file we store the \"epoch\" of a given rootfs in\n./garden-epoch\n\n# \"/dev\" is a special case in \"garden-tar\"\n#./dev/*"
},
{
"path": "bin/README.md",
"chars": 9822,
"preview": "# Garden Linux Binary Set\n## General\nThis directory contains many scripts to manage the Garden Linux build process. Whil"
},
{
"path": "bin/check-pkgs-availability.py",
"chars": 4177,
"preview": "#!/usr/bin/env python3\n\nimport argparse\nimport re\nimport requests\nimport re\nimport glob\nfrom pprint import pprint\n\nimpor"
},
{
"path": "bin/check-pkgs-pipelines.py",
"chars": 2190,
"preview": "#!/usr/bin/env python3\n\nimport argparse\nimport re\nimport requests\nimport re\nimport glob\nfrom pprint import pprint\n\nimpor"
},
{
"path": "bin/find-build-container-for",
"chars": 983,
"preview": "#!/usr/bin/env python3\n\nimport sys\nimport urllib.request\nimport urllib.error\n\ndef fetch_container_info(version):\n # E"
},
{
"path": "bin/garden-chroot",
"chars": 1412,
"preview": "#!/usr/bin/env bash\n\n# Contains sources from https://github.com/debuerreotype/debuerreotype\n\nset -Eeuo pipefail\n\nthisDir"
},
{
"path": "bin/garden-debian-sources-list",
"chars": 4142,
"preview": "#!/usr/bin/env bash\n# Contains sources from https://github.com/debuerreotype/debuerreotype\nset -Eeuo pipefail\n\nthisDir=\""
},
{
"path": "bin/garden-version",
"chars": 5249,
"preview": "#!/usr/bin/env bash\n\n# Contains sources from https://github.com/debuerreotype/debuerreotype\n\nset -Eeuo pipefail\n# shellc"
},
{
"path": "bin/generate-lima-yaml.py",
"chars": 3835,
"preview": "#!/usr/bin/env python3\n\n# This script generates a YAML manifest for using Garden Linux as a guest with lima-vm.\n# It out"
},
{
"path": "bin/get_arch.sh",
"chars": 203,
"preview": "#!/usr/bin/env bash\nset -Eeufo pipefail\n\ncase \"$(uname -m)\" in\n\t\"x86_64\"|\"amd64\")\n\t\techo \"amd64\"\n\t\t;;\n\t\"aarch64\"|\"arm64\""
},
{
"path": "bin/get_filename",
"chars": 195,
"preview": "#!/usr/bin/env python3\n\nimport urllib.parse\nimport sys\n\nif len(sys.argv) == 1 or len(sys.argv) > 2:\n sys.exit(1)\n\npar"
},
{
"path": "bin/gl-flavors-parse",
"chars": 464,
"preview": "#!/usr/bin/env bash\n\nset -Eeuo pipefail\n\nthisDir=\"$(dirname \"$(readlink -fn \"$BASH_SOURCE\")\")\"\nrootDir=\"$(dirname \"${thi"
},
{
"path": "bin/glrd",
"chars": 382,
"preview": "#!/usr/bin/env bash\ncmd=$(basename \"${0}\")\nargs=\"$*\"\nif [ -z \"${GARDENLINUX_BUILD_CRE}\" ]; then\n GARDENLINUX_BUILD_CR"
},
{
"path": "bin/inject-sshkey",
"chars": 6848,
"preview": "#!/usr/bin/env python3\n\nimport os\nimport sys\nimport argparse\nimport subprocess\nimport shutil\nimport tempfile\nimport logg"
},
{
"path": "bin/make-ali-ami",
"chars": 435,
"preview": "#!/usr/bin/env bash \nset -x\n\nbucket=$1\nregion=$2\nossobject=$3 # gardenlinux/garden-linux-dev-ali-${VERSION}.qcow2\nimage"
},
{
"path": "bin/make-gcp-ami",
"chars": 7999,
"preview": "#!/usr/bin/env python3\n\nimport argparse\nimport os\nimport sys\nimport subprocess\nimport json\nimport time\nimport logging\n\nl"
},
{
"path": "bin/make-vhd",
"chars": 55,
"preview": "#!/usr/bin/env bash\n\nqemu-img convert -f raw -O vpc $@\n"
},
{
"path": "bin/shrink.sh",
"chars": 1721,
"preview": "#!/bin/bash\nset -Eeuo pipefail\nset -x\n\nloopback=$(losetup -f --partscan --show rootfs.raw)\ntrap \"losetup -d $loopback 2>"
},
{
"path": "bin/start-vm",
"chars": 30440,
"preview": "#!/usr/bin/env bash\nset -Eeuo pipefail\n\n\n# Constants\nreadonly CURR_DIR=\"$(dirname \"$(readlink -f \"$BASH_SOURCE\")\")\"\nread"
},
{
"path": "bin/upload-openstack",
"chars": 578,
"preview": "#!/usr/bin/env bash\n# Create OpenStack Image for CC EE\n\nopenstack image create \\\n --container-format bare \\\n --d"
},
{
"path": "bin/urlescape",
"chars": 525,
"preview": "#!/usr/bin/env python3\n\nimport urllib.parse\nimport sys\n\nGARDENLINUX_SNAPSHOT_CACHE_URL = 'snapshot-cache.ci.gardener.clo"
},
{
"path": "bin/uuid_hash",
"chars": 130,
"preview": "#!/usr/bin/env bash\nset -Eeufo pipefail\n\nhash=$(sha256sum)\necho \"${hash:0:8}-${hash:8:4}-${hash:12:4}-${hash:16:4}-${has"
},
{
"path": "build",
"chars": 4756,
"preview": "#!/usr/bin/env bash\n\nset -euo pipefail\nshopt -s nullglob\n\nexec 3>&1\nexec 1>&2\n\ncontainer_image=ghcr.io/gardenlinux/build"
},
{
"path": "build_bare_flavors",
"chars": 977,
"preview": "#!/usr/bin/env bash\n\nset -eufo pipefail\n\narch=\n\nwhile [ $# -gt 0 ]; do\n\tcase \"$1\" in\n\t\t-a|--arch)\n\t\t\tarch=\"$2\"\n\t\t\tshift "
},
{
"path": "cert/Containerfile",
"chars": 662,
"preview": "FROM debian:stable\nRUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends awscl"
},
{
"path": "cert/Makefile",
"chars": 3791,
"preview": "CERT_C=DE\nCERT_L=Walldorf\nCERT_O=SAP SE\nCERT_OU=Garden Linux\nCERT_E=contact@gardenlinux.io\n\nGPG_KEY_TYPE=RSA\nGPG_KEY_LEN"
},
{
"path": "cert/README.md",
"chars": 210,
"preview": "See [Secureboot / Trustedboot / TPM2](../docs/01_developers/build_image.md#secureboot--trustedboot--tpm2) in the image b"
},
{
"path": "cert/build",
"chars": 1157,
"preview": "#!/usr/bin/env bash\n\nset -efo pipefail\n\ndir=\"$(dirname \"${BASH_SOURCE[0]}\")\"\n\ncontainer_image=\ncontainer_engine=podman\n\n"
},
{
"path": "cert/gardenlinux-nightly-intermediate-ca.chain",
"chars": 0,
"preview": ""
},
{
"path": "cert/gardenlinux-nightly-intermediate-ca.conf",
"chars": 43,
"preview": "CERT_CN=$CERT_OU intermediate CA\ndays=3650\n"
},
{
"path": "cert/gardenlinux-nightly-intermediate-ca.crt",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4kCCB0DDeeqZuNRMA0GCSqGSIb3DQEBCwUAMIGOMR0wGwYDVQQDDBRH\nYXJkZW4gTGludXggcm9vdCBDQTE"
},
{
"path": "cert/gardenlinux-nightly-kernel-sign.chain",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4kCCB0DDeeqZuNRMA0GCSqGSIb3DQEBCwUAMIGOMR0wGwYDVQQDDBRH\nYXJkZW4gTGludXggcm9vdCBDQTE"
},
{
"path": "cert/gardenlinux-nightly-kernel-sign.conf",
"chars": 54,
"preview": "CERT_CN=$CERT_OU kernel signing certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-nightly-kernel-sign.crt",
"chars": 2041,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFtTCCA50CCQCi3dJsxdoEJTANBgkqhkiG9w0BAQsFADCBljElMCMGA1UEAwwc\nR2FyZGVuIExpbnV4IGludGVybWV"
},
{
"path": "cert/gardenlinux-nightly-oci-sign.chain",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4kCCB0DDeeqZuNRMA0GCSqGSIb3DQEBCwUAMIGOMR0wGwYDVQQDDBRH\nYXJkZW4gTGludXggcm9vdCBDQTE"
},
{
"path": "cert/gardenlinux-nightly-oci-sign.conf",
"chars": 60,
"preview": "CERT_CN=$CERT_OU OCI artifact signing certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-nightly-oci-sign.crt",
"chars": 2045,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFujCCA6ICCF1fTIogY+h4MA0GCSqGSIb3DQEBCwUAMIGWMSUwIwYDVQQDDBxH\nYXJkZW4gTGludXggaW50ZXJtZWR"
},
{
"path": "cert/gardenlinux-nightly-root-ca.conf",
"chars": 35,
"preview": "CERT_CN=$CERT_OU root CA\ndays=3650\n"
},
{
"path": "cert/gardenlinux-nightly-root-ca.crt",
"chars": 2139,
"preview": "-----BEGIN CERTIFICATE-----\nMIIF/zCCA+egAwIBAgIUSzHiW1O6vQyJ6ngFDFq9LazOAPYwDQYJKoZIhvcNAQEL\nBQAwgY4xHTAbBgNVBAMMFEdhcmR"
},
{
"path": "cert/gardenlinux-nightly-secureboot.aws-efivars",
"chars": 4760,
"preview": "QU1aTlVFRklUqg36AAAAAHj5a7fZ99Wbd1CT2bvHIVTphACCVIWAiCEhFEGQGnqVHgkEiBSBUJS+NEMRKYIC0ntTs/TeBaVFOioSQKQKgqiAdLmwu85dd9eZ"
},
{
"path": "cert/gardenlinux-nightly-secureboot.db.chain",
"chars": 6103,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4kCCB0DDeeqZuNRMA0GCSqGSIb3DQEBCwUAMIGOMR0wGwYDVQQDDBRH\nYXJkZW4gTGludXggcm9vdCBDQTE"
},
{
"path": "cert/gardenlinux-nightly-secureboot.db.conf",
"chars": 53,
"preview": "CERT_CN=$CERT_OU secureboot db certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-nightly-secureboot.db.crt",
"chars": 2053,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFvzCCA6cCCQDDvi+LRjcHOjANBgkqhkiG9w0BAQsFADCBoTEwMC4GA1UEAwwn\nR2FyZGVuIExpbnV4IHNlY3VyZWJ"
},
{
"path": "cert/gardenlinux-nightly-secureboot.kek.chain",
"chars": 4050,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4kCCB0DDeeqZuNRMA0GCSqGSIb3DQEBCwUAMIGOMR0wGwYDVQQDDBRH\nYXJkZW4gTGludXggcm9vdCBDQTE"
},
{
"path": "cert/gardenlinux-nightly-secureboot.kek.conf",
"chars": 54,
"preview": "CERT_CN=$CERT_OU secureboot KEK certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-nightly-secureboot.kek.crt",
"chars": 2053,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFvjCCA6YCCFX13IQmBLGFMA0GCSqGSIb3DQEBCwUAMIGgMS8wLQYDVQQDDCZH\nYXJkZW4gTGludXggc2VjdXJlYm9"
},
{
"path": "cert/gardenlinux-nightly-secureboot.pk.chain",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4kCCB0DDeeqZuNRMA0GCSqGSIb3DQEBCwUAMIGOMR0wGwYDVQQDDBRH\nYXJkZW4gTGludXggcm9vdCBDQTE"
},
{
"path": "cert/gardenlinux-nightly-secureboot.pk.conf",
"chars": 53,
"preview": "CERT_CN=$CERT_OU secureboot PK certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-nightly-secureboot.pk.crt",
"chars": 2037,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFszCCA5sCCDwev6x6yt2LMA0GCSqGSIb3DQEBCwUAMIGWMSUwIwYDVQQDDBxH\nYXJkZW4gTGludXggaW50ZXJtZWR"
},
{
"path": "cert/gardenlinux-nightly-tpm-sign.chain",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4kCCB0DDeeqZuNRMA0GCSqGSIb3DQEBCwUAMIGOMR0wGwYDVQQDDBRH\nYXJkZW4gTGludXggcm9vdCBDQTE"
},
{
"path": "cert/gardenlinux-nightly-tpm-sign.conf",
"chars": 48,
"preview": "CERT_CN=$CERT_OU tpm sign certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-nightly-tpm-sign.crt",
"chars": 1684,
"preview": "-----BEGIN CERTIFICATE-----\nMIIErzCCApcCCQDnqbRfW2hzFDANBgkqhkiG9w0BAQsFADCBljElMCMGA1UEAwwc\nR2FyZGVuIExpbnV4IGludGVybWV"
},
{
"path": "cert/gardenlinux-release-intermediate-ca.chain",
"chars": 0,
"preview": ""
},
{
"path": "cert/gardenlinux-release-intermediate-ca.conf",
"chars": 43,
"preview": "CERT_CN=$CERT_OU intermediate CA\ndays=3650\n"
},
{
"path": "cert/gardenlinux-release-intermediate-ca.crt",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFojCCA4oCCQDlhrHGm1Q26TANBgkqhkiG9w0BAQsFADCBjjEdMBsGA1UEAwwU\nR2FyZGVuIExpbnV4IHJvb3QgQ0E"
},
{
"path": "cert/gardenlinux-release-kernel-sign.chain",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFojCCA4oCCQDlhrHGm1Q26TANBgkqhkiG9w0BAQsFADCBjjEdMBsGA1UEAwwU\nR2FyZGVuIExpbnV4IHJvb3QgQ0E"
},
{
"path": "cert/gardenlinux-release-kernel-sign.conf",
"chars": 54,
"preview": "CERT_CN=$CERT_OU kernel signing certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-release-kernel-sign.crt",
"chars": 2037,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFtDCCA5wCCC0WoJPfnLQfMA0GCSqGSIb3DQEBCwUAMIGWMSUwIwYDVQQDDBxH\nYXJkZW4gTGludXggaW50ZXJtZWR"
},
{
"path": "cert/gardenlinux-release-oci-sign.chain",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFojCCA4oCCQDlhrHGm1Q26TANBgkqhkiG9w0BAQsFADCBjjEdMBsGA1UEAwwU\nR2FyZGVuIExpbnV4IHJvb3QgQ0E"
},
{
"path": "cert/gardenlinux-release-oci-sign.conf",
"chars": 60,
"preview": "CERT_CN=$CERT_OU OCI artifact signing certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-release-oci-sign.crt",
"chars": 2049,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFuzCCA6MCCQDobXD6l4ZJRTANBgkqhkiG9w0BAQsFADCBljElMCMGA1UEAwwc\nR2FyZGVuIExpbnV4IGludGVybWV"
},
{
"path": "cert/gardenlinux-release-repo-sign.crt",
"chars": 1846,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFJzCCAw+gAwIBAgIUSfFNLpI62wHdssZL3LZlvIzMGZAwDQYJKoZIhvcNAQEL\nBQAwIzEhMB8GA1UEAwwYR2FyZGV"
},
{
"path": "cert/gardenlinux-release-repo-sign.pub",
"chars": 1668,
"preview": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBGWWkc0BEADgVQK4Jh/nhsEtUGUYVaAAPp0kk2LKypX5NcEZ+67QsawhosZV\nU/Rw4taDKL4nCh1yE"
},
{
"path": "cert/gardenlinux-release-root-ca.conf",
"chars": 35,
"preview": "CERT_CN=$CERT_OU root CA\ndays=3650\n"
},
{
"path": "cert/gardenlinux-release-root-ca.crt",
"chars": 2139,
"preview": "-----BEGIN CERTIFICATE-----\nMIIF/zCCA+egAwIBAgIUHTj5OiBx7PQ8MBGHYA5zdOmYT3cwDQYJKoZIhvcNAQEL\nBQAwgY4xHTAbBgNVBAMMFEdhcmR"
},
{
"path": "cert/gardenlinux-release-secureboot.aws-efivars",
"chars": 4752,
"preview": "QU1aTlVFRkkdypIeAAAAAHj5a7fZ99Wbd1DTS9fHSRAJRVAERESK9BKS0EIRQUC61FCkCgTpQgJSAlJCpAp4ld6kiNLbRboQOoogvUXFAEoRIUSkCMgD917n"
},
{
"path": "cert/gardenlinux-release-secureboot.db.chain",
"chars": 6103,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFojCCA4oCCQDlhrHGm1Q26TANBgkqhkiG9w0BAQsFADCBjjEdMBsGA1UEAwwU\nR2FyZGVuIExpbnV4IHJvb3QgQ0E"
},
{
"path": "cert/gardenlinux-release-secureboot.db.conf",
"chars": 53,
"preview": "CERT_CN=$CERT_OU secureboot db certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-release-secureboot.db.crt",
"chars": 2053,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFvjCCA6YCCDNd3Mq7oLDIMA0GCSqGSIb3DQEBCwUAMIGhMTAwLgYDVQQDDCdH\nYXJkZW4gTGludXggc2VjdXJlYm9"
},
{
"path": "cert/gardenlinux-release-secureboot.kek.chain",
"chars": 4050,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFojCCA4oCCQDlhrHGm1Q26TANBgkqhkiG9w0BAQsFADCBjjEdMBsGA1UEAwwU\nR2FyZGVuIExpbnV4IHJvb3QgQ0E"
},
{
"path": "cert/gardenlinux-release-secureboot.kek.conf",
"chars": 54,
"preview": "CERT_CN=$CERT_OU secureboot KEK certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-release-secureboot.kek.crt",
"chars": 2053,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFvjCCA6YCCHWeH0cq0mfqMA0GCSqGSIb3DQEBCwUAMIGgMS8wLQYDVQQDDCZH\nYXJkZW4gTGludXggc2VjdXJlYm9"
},
{
"path": "cert/gardenlinux-release-secureboot.pk.chain",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFojCCA4oCCQDlhrHGm1Q26TANBgkqhkiG9w0BAQsFADCBjjEdMBsGA1UEAwwU\nR2FyZGVuIExpbnV4IHJvb3QgQ0E"
},
{
"path": "cert/gardenlinux-release-secureboot.pk.conf",
"chars": 53,
"preview": "CERT_CN=$CERT_OU secureboot PK certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-release-secureboot.pk.crt",
"chars": 2037,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFszCCA5sCCE1aQNzdcAxhMA0GCSqGSIb3DQEBCwUAMIGWMSUwIwYDVQQDDBxH\nYXJkZW4gTGludXggaW50ZXJtZWR"
},
{
"path": "cert/gardenlinux-release-tpm-sign.chain",
"chars": 2013,
"preview": "-----BEGIN CERTIFICATE-----\nMIIFojCCA4oCCQDlhrHGm1Q26TANBgkqhkiG9w0BAQsFADCBjjEdMBsGA1UEAwwU\nR2FyZGVuIExpbnV4IHJvb3QgQ0E"
},
{
"path": "cert/gardenlinux-release-tpm-sign.conf",
"chars": 48,
"preview": "CERT_CN=$CERT_OU tpm sign certificate\ndays=3650\n"
},
{
"path": "cert/gardenlinux-release-tpm-sign.crt",
"chars": 1684,
"preview": "-----BEGIN CERTIFICATE-----\nMIIErjCCApYCCCIlGvMcnG2RMA0GCSqGSIb3DQEBCwUAMIGWMSUwIwYDVQQDDBxH\nYXJkZW4gTGludXggaW50ZXJtZWR"
},
{
"path": "cert/gardenlinux.io.conf",
"chars": 65,
"preview": "CERT_CN=gardenlinux.io\ndays=365\next_file=gardenlinux.io.conf.ext\n"
},
{
"path": "cert/gardenlinux.io.conf.ext",
"chars": 34,
"preview": "subjectAltName=DNS:gardenlinux.io\n"
},
{
"path": "cert/gencert",
"chars": 3484,
"preview": "#!/usr/bin/env bash\n\nset -Eeufo pipefail\n\nexport PKCS11_MODULE_PATH=\"/usr/lib/$(uname -m)-linux-gnu/pkcs11/aws_kms_pkcs1"
},
{
"path": "cert/genefiauth",
"chars": 1346,
"preview": "#!/usr/bin/env bash\n\nset -Eeufo pipefail\n\nexport PKCS11_MODULE_PATH=\"/usr/lib/$(uname -m)-linux-gnu/pkcs11/aws_kms_pkcs1"
},
{
"path": "cert/gengpg",
"chars": 2434,
"preview": "#!/bin/bash\n\nset -eufo pipefail\n\nconf=gpg.conf\naws_kms_key_spec=\n\nwhile [ $# -gt 0 ]; do\n\tcase \"$1\" in\n\t\t--conf)\n\t\t\tconf"
},
{
"path": "cert/gpg.conf",
"chars": 142,
"preview": "%no-protection\nKey-Type: $GPG_KEY_TYPE\nKey-Length: $GPG_KEY_LENGTH\nKey-Usage: sign\nName-Real: $GPG_NAME\nName-Email: $GPG"
},
{
"path": "cert/intermediate-ca.conf",
"chars": 46,
"preview": "CERT_CN=$CERT_OU dev intermediate CA\ndays=365\n"
},
{
"path": "cert/kernel-sign.conf",
"chars": 57,
"preview": "CERT_CN=$CERT_OU dev kernel signing certificate\ndays=365\n"
},
{
"path": "cert/oci-sign.conf",
"chars": 63,
"preview": "CERT_CN=$CERT_OU dev OCI artifact signing certificate\ndays=365\n"
},
{
"path": "cert/root-ca.conf",
"chars": 38,
"preview": "CERT_CN=$CERT_OU dev root CA\ndays=365\n"
},
{
"path": "cert/secureboot.db.conf",
"chars": 56,
"preview": "CERT_CN=$CERT_OU dev secureboot db certificate\ndays=365\n"
},
{
"path": "cert/secureboot.kek.conf",
"chars": 57,
"preview": "CERT_CN=$CERT_OU dev secureboot KEK certificate\ndays=365\n"
},
{
"path": "cert/secureboot.pk.conf",
"chars": 56,
"preview": "CERT_CN=$CERT_OU dev secureboot PK certificate\ndays=365\n"
},
{
"path": "cert/tpm-sign.conf",
"chars": 51,
"preview": "CERT_CN=$CERT_OU dev tpm sign certificate\ndays=365\n"
},
{
"path": "checksums.sha256",
"chars": 1432,
"preview": "43bf075f7da8d2a30ab0799452ec49c2ae4fb47260f406f5470e2b63593f795b cpp_10.2.1-1_amd64.deb\n4cacdf964d30a2724521a410108cafa"
},
{
"path": "docs/00_introduction/README.md",
"chars": 928,
"preview": "# Introduction to Garden Linux\n\nGarden Linux is a customizable operating system designed with modularity in mind. Each p"
},
{
"path": "docs/00_introduction/kernel.md",
"chars": 3047,
"preview": "# Linux Kernel\n\nGarden Linux aims towards a complete open, reproducible and easy-to-understand solution. That also inclu"
},
{
"path": "docs/00_introduction/motivation.md",
"chars": 1541,
"preview": "# Motivation Behind Garden Linux\n\nGarden Linux was conceived with a vision to address the evolving needs of modern infra"
},
{
"path": "docs/00_introduction/package-pipeline.md",
"chars": 3076,
"preview": "# The Garden Linux Package Pipeline\n\nGarden Linux is based on [Debian](https://www.debian.org), but it has a unique desi"
},
{
"path": "docs/00_introduction/release.md",
"chars": 8372,
"preview": "# Garden Linux Release Plan Overview\r\n\r\n## Introduction\r\n\r\nOn this page you will learn about the Garden Linux releases a"
},
{
"path": "docs/01_developers/README.md",
"chars": 1046,
"preview": "# Developers Guide\n\nThis section provides comprehensive documentation tailored for developers who are looking to contrib"
},
{
"path": "docs/01_developers/bare_container.md",
"chars": 8603,
"preview": "# Garden Linux Bare Container Documentation\n\n## Overview\nGarden Linux offers a range of specialized bare container image"
},
{
"path": "docs/01_developers/build_image.md",
"chars": 4452,
"preview": "The build system utilizes the [gardenlinux/builder](https://github.com/gardenlinux/builder) to create customized Linux d"
},
{
"path": "docs/01_developers/build_image_openstack.md",
"chars": 6724,
"preview": "# Garden Linux OpenStack Images\n\nGarden Linux can be run on OpenStack, but due to the diverse nature of OpenStack deploy"
},
{
"path": "docs/01_developers/build_packages.md",
"chars": 1537,
"preview": "Garden Linux packages are built using [the `package-build` scripts](https://github.com/gardenlinux/package-build).\n\nEach"
},
{
"path": "docs/01_developers/contributing.md",
"chars": 1018,
"preview": "# Contributing to Garden Linux\n\n## Code of conduct\n\nAll members of the Garden Linux community must abide by the [CNCF Co"
},
{
"path": "docs/01_developers/github_pipelines.md",
"chars": 3602,
"preview": "## Manually triggered Workflows\n\n| Name | When/Why to Us"
}
]
// ... and 1060 more files (download for full content)
About this extraction
This page contains the full source code of the gardenlinux/gardenlinux GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 1260 files (2.1 MB), approximately 627.7k tokens, and a symbol index with 1594 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.