Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create qubes.AppendLog service #2023

Closed
rootkovska opened this issue May 24, 2016 · 2 comments
Closed

Create qubes.AppendLog service #2023

rootkovska opened this issue May 24, 2016 · 2 comments

Comments

@rootkovska
Copy link
Member

@rootkovska rootkovska commented May 24, 2016

Very useful to e.g. gather build logs in a reliable way, i.e. even if the build VM gets compromised during the build process (e.g due to curl|bash in a Makefile), the log can still be meaningful. Also for many other uses. Related to #830.

@rootkovska rootkovska added this to the Release 4.0 milestone May 24, 2016
marmarek added a commit to marmarek/qubes-builder that referenced this issue Dec 6, 2016
Require explicit call to scripts/make-with-log.
Later will be plugged in build automation.

QubesOS/qubes-issues#2023
marmarek added a commit to marmarek/qubes-builder that referenced this issue Dec 6, 2016
Take a look at COMPONENTS setting. This way single-component build log
is not trashed with a status of all the repositories.

QubesOS/qubes-issues#2023
marmarek added a commit to marmarek/qubes-builder that referenced this issue Dec 6, 2016
marmarek added a commit to marmarek/qubes-builder that referenced this issue Dec 6, 2016
marmarek added a commit to marmarek/old-qubes-builder-debian that referenced this issue Dec 17, 2016
This, connected with append-only build log (QubesOS/qubes-issues#2023)
will allow for meaningful inspection what really got installed during
template build, even if signature verification is buggy, or release
signing key is compromised.

Adding this for debootstrap - after downloading but before installing
packages is somehow complex. Split the operation into two phases - first
download all the packages, then install them. Point at local directory
for the second run to not download packages (or repository metadata)
the second time. That local directory needs to have proper repository
metadata.
marmarek added a commit to QubesOS/qubes-builder-debian that referenced this issue Dec 17, 2016
This, connected with append-only build log (QubesOS/qubes-issues#2023)
will allow for meaningful inspection what really got installed during
template build, even if signature verification is buggy, or release
signing key is compromised.

Adding this for debootstrap - after downloading but before installing
packages is somehow complex. Split the operation into two phases - first
download all the packages, then install them. Point at local directory
for the second run to not download packages (or repository metadata)
the second time. That local directory needs to have proper repository
metadata.

(cherry picked from commit f1e2283)
andrewdavidwong added a commit that referenced this issue Dec 17, 2016
marmarek added a commit to marmarek/qubes-builder that referenced this issue Dec 18, 2016
GIT_REPOS variable may contains qubes-builder itself, as ".".

Fixes 43b1221 "Log only status of selected git repositories"

QubesOS/qubes-issues#2023
marmarek added a commit to marmarek/qubes-builder that referenced this issue Dec 19, 2016
Default value for keyword argument is calculate at function definition
time, not a call time. So the previous version basically logged script
start time.

QubesOS/qubes-issues#2023
marmarek added a commit to marmarek/qubes-builder that referenced this issue Jan 24, 2017
Don't replace sys.stdin, use os.path.join, make it clear that file_name
is always set to something.

QubesOS/qubes-issues#2023
@marmarek
Copy link
Member

@marmarek marmarek commented Mar 7, 2017

@HW42 implementation is already integrated and enabled: #1818 , https://github.com/QubesOS/build-logs

@marmarek marmarek closed this Mar 7, 2017
marmarek added a commit to marmarek/qubes-builder-rpm that referenced this issue May 15, 2017
Follow the change in builder-debian f1e2283 "template: log hashes of all
downloaded packages before installation". This will allow better
verification of template build process.
Simplify the process by dropping support for templates without yum/dnf
installed. It is always installed by prepare-chroot-base, if not -
that's an error.

Related: QubesOS/qubes-issues#2023
marmarek added a commit to marmarek/qubes-builder-rpm that referenced this issue May 15, 2017
Follow the change in builder-debian f1e2283 "template: log hashes of all
downloaded packages before installation". This will allow better
verification of template build process.
Simplify the process by dropping support for templates without yum/dnf
installed. It is always installed by prepare-chroot-base, if not -
that's an error.

Related: QubesOS/qubes-issues#2023
marmarek added a commit to marmarek/qubes-builder-rpm that referenced this issue May 15, 2017
Follow the change in builder-debian f1e2283 "template: log hashes of all
downloaded packages before installation". This will allow better
verification of template build process.
Simplify the process by dropping support for templates without yum/dnf
installed. It is always installed by prepare-chroot-base, if not -
that's an error.

Related: QubesOS/qubes-issues#2023
marmarek added a commit to marmarek/qubes-builder-rpm that referenced this issue May 15, 2017
Follow the change in builder-debian f1e2283 "template: log hashes of all
downloaded packages before installation". This will allow better
verification of template build process.
Simplify the process by dropping support for templates without yum/dnf
installed. It is always installed by prepare-chroot-base, if not -
that's an error.

Related: QubesOS/qubes-issues#2023
marmarek added a commit to marmarek/qubes-builder-rpm that referenced this issue May 15, 2017
Follow the change in builder-debian f1e2283 "template: log hashes of all
downloaded packages before installation". This will allow better
verification of template build process.
Simplify the process by dropping support for templates without yum/dnf
installed. It is always installed by prepare-chroot-base, if not -
that's an error.

Related: QubesOS/qubes-issues#2023
andrewdavidwong added a commit that referenced this issue Oct 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants