kairos/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-09-26 06:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
233 Commits 12 Branches 18 Tags
f943b01c90ab2b28c42161b701e17e8b82bff69a
Commit Graph

19 Commits

Author SHA1 Message Date
Dimitris Karakasilis
f943b01c90 Introduce a cli interface to interace with the challenger client 
This will make debugging easier both while developing and in production.
No need to use it through the kcrypt binary anymore, because we might
not actually care about decrypting the disks but rather about getting
the passphrase from the KMS.

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2025-09-18 13:47:10 +03:00
Dimitris Karakasilis
80cd276ff3 [WIP] Split with-TPM and without-TPM flows 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2025-09-17 17:29:34 +03:00
Itxaka
ddd65746f0 Drop kcrypt, use sdk (#120) 2025-05-06 09:18:50 +00:00
Dimitris Karakasilis
311b8adda0 Migrate mdns functions from tpm helpers to this repo 
because tpm has nothing to do with mdns.

TODO: Remove the functions from tpm helpers and bump the module here

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2024-01-23 12:53:44 +02:00
Itxaka
0b68d90081 Bump ghw and fix label (#17) 
* Bump ghw and fix label

old label was the new FilesystemLabel. Now the label refers to the
partition label which is different

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* bump deps

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* Rework ginkgo

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* docker login

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* [Will drop]Allow building kcrypt from branches

Otherwise any changes that need both wont pass tests.

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* Dont build the iso 5 times

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* This confirms Im dumb and dont know how to program

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* debug logs

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* debug

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* 🤖 run in github CI

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* Debug

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* debug

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

* Add /tmp/oem to scan dirs for config

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>

---------

Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>
 2023-05-10 00:24:58 +02:00
Dimitris Karakasilis
0d3406fa7b Fallback to system CAs 
No automated test for this case because it's complicated to get a
properly signed certificate in tests:

- the domain we use is sslip.io (not sure if letsencrypt would sign it)
- we need to use the letsencrypt production and that has quotas not
  suitable for CI

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 11:48:59 +02:00
Dimitris Karakasilis
1cd4d9a7af Implement test that checks invalid cert case 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 11:48:59 +02:00
Dimitris Karakasilis
d875e54171 Implement pinned certs 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-02-09 11:48:59 +02:00
mudler
076a50b2e9 Drop unnecessary condition 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-24 17:53:38 +01:00
mudler
f8e7a0df87 Revert "Change function return style" 
This reverts commit 968ff53267.
 2023-01-24 17:40:00 +01:00
mudler
968ff53267 Change function return style 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-24 16:19:33 +01:00
mudler
dfe29aa24f Return a payload 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-24 12:03:08 +01:00
Ettore Di Giacinto
91c24586ea Improve naming of functions and add comments 
Signed-off-by: Dimitris Karakasilis <dimitris@spectrocloud.com>
 2023-01-19 16:06:53 +02:00
Dimitris Karakasilis
eefd5f2c2c Extract method and simplify "if" logic 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-01-19 15:46:35 +02:00
mudler
83f529b53d 🌱 Small fixups 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-19 14:24:33 +01:00
mudler
2c8a589906 Enable local encryption, remote now partially uses TPM 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-18 23:32:27 +01:00
mudler
df0fb4a341 ⬆️ Point to tpm-helpers 
Signed-off-by: mudler <mudler@c3os.io>
 2023-01-18 16:02:17 +01:00
Dimitris Karakasilis
b3ca9687c6 Implement test and remove TODOs 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-01-18 16:56:49 +02:00
Dimitris Karakasilis
72829108df Extract client code to separate package and test it 
- add new suite to the pipeline and fix Earthly to run tests
- read configuration from file
- the "kcrypt" section is our configuration now
- move configuration logic in `kcrypt` repository

Part of #399

Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
 2023-01-18 15:25:04 +02:00