kcrypt-challenger

mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-04-27 02:51:14 +00:00

Author	SHA1	Message	Date
Dimitris Karakasilis	08bb62f94e	Remove TODO Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-09 12:03:24 +02:00
Dimitris Karakasilis	0d3406fa7b	Fallback to system CAs No automated test for this case because it's complicated to get a properly signed certificate in tests: - the domain we use is sslip.io (not sure if letsencrypt would sign it) - we need to use the letsencrypt production and that has quotas not suitable for CI Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-09 11:48:59 +02:00
Dimitris Karakasilis	1cd4d9a7af	Implement test that checks invalid cert case Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-09 11:48:59 +02:00
Dimitris Karakasilis	d875e54171	Implement pinned certs Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-09 11:48:59 +02:00
Dimitris Karakasilis	2967fb0a6c	[WIP] Implement failing test for pinned cert Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-09 11:48:59 +02:00
Dimitris Karakasilis	e9433d2ba7	Move challenger server inside the cluster and serve with TLS Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-09 11:48:59 +02:00
Ettore Di Giacinto	7abdc7b092	📖 Update README	2023-02-07 12:29:13 +01:00
Dimitris Karakasilis	9448ecdd54	Ignore README changes in e2e workflow Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-02 12:06:19 +02:00
Dimitris Karakasilis	d8cd48b411	Fix link in README to send users directly to "main" runs Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-02 12:03:55 +02:00
Dimitris Karakasilis	43d629c974	Show "main" status in badge Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-02 12:02:02 +02:00
Dimitris Karakasilis	b00d3af43b	Rename "master" to "main" so that e2e tests run correctly Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-02 11:58:12 +02:00
Dimitris Karakasilis	7d83e07b05	Fix typo in badge url Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-02 11:56:38 +02:00
Dimitris Karakasilis	2fe3f3bc00	Add badges to the README Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-02 11:54:45 +02:00
Dimitris Karakasilis	791d9dbb8b	Merge pull request #11 from kairos-io/e2e-tests E2e tests	2023-02-02 11:49:35 +02:00
Dimitris Karakasilis	7dc1e39ac7	Implement an e2e test suite for kcrypt encryption Scenarios based on docs: https://kairos.io/docs/advanced/partition_encryption/ Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-02-02 11:48:44 +02:00
mudler	076a50b2e9	Drop unnecessary condition Signed-off-by: mudler <mudler@c3os.io>	2023-01-24 17:53:38 +01:00
mudler	f8e7a0df87	Revert "Change function return style" This reverts commit `968ff53267`.	2023-01-24 17:40:00 +01:00
mudler	968ff53267	Change function return style Signed-off-by: mudler <mudler@c3os.io>	2023-01-24 16:19:33 +01:00
mudler	a95436bf16	Clean up default secret names	2023-01-24 12:16:09 +01:00
mudler	dfe29aa24f	Return a payload Signed-off-by: mudler <mudler@c3os.io>	2023-01-24 12:03:08 +01:00
mudler	db2b6758de	🌱 Handle case when secret doesn't exist Signed-off-by: mudler <mudler@c3os.io>	2023-01-23 23:00:16 +01:00
Dimitris Karakasilis	317c6d87b4	Merge pull request #10 from kairos-io/local_encryption 🌱 Enable local encryption, remote now partially uses TPM	2023-01-19 16:27:52 +02:00
Dimitris Karakasilis	8898eb8ae9	Small refactorings (renaming vars, create constants etc) Signed-off-by: Ettore Di Giacinto <ettore@spectrocloud.com>	2023-01-19 16:24:39 +02:00
Ettore Di Giacinto	91c24586ea	Improve naming of functions and add comments Signed-off-by: Dimitris Karakasilis <dimitris@spectrocloud.com>	2023-01-19 16:06:53 +02:00
Dimitris Karakasilis	eefd5f2c2c	Extract method and simplify "if" logic Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-01-19 15:46:35 +02:00
mudler	83f529b53d	🌱 Small fixups Signed-off-by: mudler <mudler@c3os.io>	2023-01-19 14:24:33 +01:00
mudler	2c8a589906	Enable local encryption, remote now partially uses TPM Signed-off-by: mudler <mudler@c3os.io>	2023-01-18 23:32:27 +01:00
Dimitris Karakasilis	9f7abe321a	Merge pull request #9 from kairos-io/use_tpm_helpers Use tpm helpers	2023-01-18 17:26:15 +02:00
mudler	2603757f2c	Simplify challenge Signed-off-by: mudler <mudler@c3os.io>	2023-01-18 16:09:52 +01:00
mudler	df0fb4a341	⬆️ Point to tpm-helpers Signed-off-by: mudler <mudler@c3os.io>	2023-01-18 16:02:17 +01:00
Dimitris Karakasilis	12edf4d4cf	Merge pull request #8 from kairos-io/399-configuration-from-file 399 configuration from file	2023-01-18 16:58:38 +02:00
Dimitris Karakasilis	b3ca9687c6	Implement test and remove TODOs Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-01-18 16:56:49 +02:00
Dimitris Karakasilis	72829108df	Extract client code to separate package and test it - add new suite to the pipeline and fix Earthly to run tests - read configuration from file - the "kcrypt" section is our configuration now - move configuration logic in `kcrypt` repository Part of #399 Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com> Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2023-01-18 15:25:04 +02:00
Dimitris Karakasilis	a49495e47a	Merge pull request #7 from kairos-io/380-traceback-partition 380 traceback partition	2022-11-17 15:06:04 +02:00
Dimitris Karakasilis	83bba2f0cf	Introduce a test suite and an earthly target to run it Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2022-11-17 12:57:09 +02:00
Dimitris Karakasilis	3b9477b6ea	Add `omitempty` on PartitionSpec fields to make the optional Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2022-11-17 12:56:59 +02:00
Dimitris Karakasilis	aa736211af	Don't go frenzy when a TPM is not found. Just return. Because there is no guarantee that a TPM will eventually be found. Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2022-11-11 09:54:19 +02:00
Dimitris Karakasilis	7a07d5c45b	Change sealedvolume CRD to add more fields to the partition We use those field to identify which partition is requested. On the client side, the label is not available when the partition is encrypted. We allow the client to request the passphrase for a partition using the partition name (e.g. /dev/sdb1) or the UUID (as returned by blkid). Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2022-11-11 09:54:19 +02:00
Dimitris Karakasilis	a3df62df03	[WIP] Send more data over to the escrow server in order to identify the partition. The label is not available before the filesystem is descrypted (post-install). In that case the server can look up the partition in the configuration using the name or the mountpoint. Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2022-11-11 09:54:19 +02:00
mudler	9e8249c730	Minor fixups	2022-10-18 17:04:48 +02:00
mudler	4236420ed5	📖 Update README	2022-10-18 15:44:09 +02:00
mudler	21681a58fd	Dial-in re-attempts	2022-10-18 15:43:58 +02:00
Ettore Di Giacinto	a2cb5d95fb	Skip errors when evaluating cmdline (best-effort)	2022-10-18 12:27:48 +00:00
Ettore Di Giacinto	06b8dc9c58	🐛 Fixup unmarshal to anonymous struct	2022-10-17 22:27:39 +02:00
Ettore Di Giacinto	d9da1b4090	Merge pull request #1 from kairos-io/tests Add Earthfile	2022-10-17 22:10:26 +02:00
Ettore Di Giacinto	770814996b	Attempt to get also from part name	2022-10-17 19:08:45 +00:00
Ettore Di Giacinto	a00353fda1	Add Earthfile	2022-10-17 16:44:25 +02:00
Ettore Di Giacinto	673bfcbd56	Slightly change spec	2022-10-13 22:21:06 +00:00
Ettore Di Giacinto	7c6fa7df06	🎨 Small fixups	2022-10-13 21:35:26 +00:00
Ettore Di Giacinto	6124f9aec9	🤖 Fixup workflow	2022-10-13 20:35:58 +00:00

1 2 3 4 5

203 Commits