├── .bazelignore ├── .bazelproject ├── .bazelrc ├── .bazelrc.ci ├── .bazelrc.sandboxroot ├── .bazelversion ├── .git-ignore-revs ├── .gitignore ├── .vscode └── settings.json ├── BUILD.bazel ├── CODING_STANDARDS.md ├── LICENSE ├── MODULE.bazel ├── MODULE.bazel.lock ├── README.md ├── SETUP.md ├── WORKSPACE ├── build ├── BUILD.bazel ├── README.md ├── analysis │ ├── BUILD.bazel │ ├── checkcompilerdirectives │ │ ├── BUILD.bazel │ │ └── checkcompilerdirectives.go │ ├── def.bzl │ ├── gofmt │ │ ├── BUILD.bazel │ │ └── gofmt.go │ ├── haslicense │ │ ├── BUILD.bazel │ │ └── haslicense.go │ ├── importsort │ │ ├── BUILD.bazel │ │ ├── classify.go │ │ ├── importsort.go │ │ ├── importsort_test.go │ │ └── testdata │ │ │ ├── README.md │ │ │ ├── example.com │ │ │ └── extlib │ │ │ │ ├── extlib.notgo │ │ │ │ └── foo │ │ │ │ └── foo.notgo │ │ │ └── source.monogon.dev │ │ │ ├── dut │ │ │ ├── mixed_in_group.notgo │ │ │ ├── okay.notgo │ │ │ ├── unsorted_group.notgo │ │ │ └── wrong_group_order.notgo │ │ │ ├── lib │ │ │ └── lib.notgo │ │ │ └── project │ │ │ ├── a │ │ │ └── a.notgo │ │ │ └── b │ │ │ └── b.notgo │ ├── lib │ │ ├── BUILD.bazel │ │ ├── generated.go │ │ └── genstd │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ ├── noioutil │ │ ├── BUILD.bazel │ │ └── noioutil.go │ └── tools.go ├── bazel │ ├── BUILD.bazel │ ├── bazel_downloader.cfg │ ├── go.MODULE.bazel │ ├── oci.MODULE.bazel │ ├── rust.MODULE.bazel │ └── third_party.MODULE.bazel ├── bazel_cc_fix │ ├── BUILD.bazel │ ├── ccfixspec │ │ ├── BUILD.bazel │ │ ├── ccfixspec.proto │ │ └── gomod-generated-placeholder.go │ └── main.go ├── ci │ ├── README.md │ └── jenkins-presubmit.groovy ├── github_repository │ ├── BUILD.bazel │ ├── README.md │ └── def.bzl ├── go │ └── README.md ├── mirror_proxy │ ├── BUILD.bazel │ ├── README.md │ └── main.go ├── platforms │ └── BUILD.bazel ├── print-workspace-status.py ├── remote_worker │ └── BUILD.bazel ├── sqlc │ ├── BUILD.bazel │ ├── README.md │ ├── sqlc.bzl │ └── tool-dep │ │ └── gomod-generated-placeholder.go ├── static_binary_tarball │ ├── BUILD.bazel │ ├── def.bzl │ ├── main.go │ └── spec │ │ ├── BUILD.bazel │ │ ├── gomod-generated-placeholder.go │ │ └── spec.proto ├── toolbase │ ├── BUILD.bazel │ └── gotoolchain │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ ├── toolchain.go.in │ │ └── toolchain_test.go ├── toolchain │ ├── BUILD.bazel │ ├── cc_toolchain_config.bzl │ └── rust-efi │ │ └── BUILD.bazel └── utils │ ├── BUILD.bazel │ ├── detect_root.bzl │ └── template_file.bzl ├── cloud └── agent │ ├── BUILD.bazel │ ├── agent.go │ ├── api │ ├── BUILD.bazel │ ├── agent.proto │ ├── gomod-generated-placeholder.go │ ├── hwreport.proto │ └── takeover.proto │ ├── e2e │ ├── BUILD.bazel │ └── main_test.go │ ├── hwreport.go │ ├── hwreport_test.go │ ├── install.go │ ├── takeover │ ├── BUILD.bazel │ ├── e2e │ │ ├── BUILD.bazel │ │ └── main_test.go │ └── takeover.go │ └── testdata │ ├── cpuinfo_amd_7402p.txt │ ├── cpuinfo_intel_12900k.txt │ └── cpuinfo_qemu_virtual.txt ├── go.mod ├── go.sum ├── go ├── README.md ├── algorithm │ ├── cartesian │ │ ├── BUILD.bazel │ │ ├── cartesian.go │ │ └── cartesian_test.go │ └── toposort │ │ ├── BUILD.bazel │ │ ├── toposort.go │ │ └── toposort_test.go ├── clitable │ ├── BUILD.bazel │ ├── table.go │ └── table_test.go ├── logging │ ├── BUILD.bazel │ ├── backend.go │ └── leveled.go ├── mflags │ ├── BUILD.bazel │ └── limiter.go ├── net │ ├── psample │ │ ├── BUILD.bazel │ │ ├── psample_test.go │ │ └── subscriber.go │ └── tinylb │ │ ├── BUILD.bazel │ │ ├── connection_pool.go │ │ ├── tinylb.go │ │ └── tinylb_test.go ├── qcow2 │ ├── BUILD.bazel │ ├── qcow2.go │ └── qcow2_test.go └── types │ └── mapsets │ ├── BUILD.bazel │ ├── orderedmap.go │ └── orderedmap_test.go ├── intellij ├── README.md ├── localconfig │ ├── BUILD.bazel │ ├── localconfig.go │ └── watchers │ │ ├── BUILD.bazel │ │ └── filewatchers.go ├── patches │ └── bazel_intellij_aspect_filter.patch └── run │ ├── Connect_to_dlv_on__2345.xml │ ├── Run__gazelle.xml │ ├── Run_all_tests.xml │ ├── Run_single_node_cluster.xml │ ├── Run_single_node_cluster_in_dbg_mode.xml │ ├── e2e_test.xml │ ├── e2e_test_in_dbg_mode.xml │ └── e2e_test_in_dbg_mode_with_dlv.xml ├── metropolis ├── BUILD.bazel ├── README.md ├── cli │ ├── dbg │ │ ├── BUILD.bazel │ │ └── main.go │ ├── flagdefs │ │ ├── BUILD.bazel │ │ └── flagdefs.go │ ├── metroctl │ │ ├── BUILD.bazel │ │ ├── cmd_certs.go │ │ ├── cmd_cluster.go │ │ ├── cmd_cluster_configure.go │ │ ├── cmd_cluster_takeownership.go │ │ ├── cmd_install.go │ │ ├── cmd_install_ssh.go │ │ ├── cmd_install_usb.go │ │ ├── cmd_k8s_configure.go │ │ ├── cmd_k8scredplugin.go │ │ ├── cmd_node.go │ │ ├── cmd_node_approve.go │ │ ├── cmd_node_logs.go │ │ ├── cmd_node_metrics.go │ │ ├── cmd_node_set.go │ │ ├── core │ │ │ ├── BUILD.bazel │ │ │ ├── ca_tofu.go │ │ │ ├── config.go │ │ │ ├── core.go │ │ │ ├── install.go │ │ │ └── rpc.go │ │ ├── defs.bzl │ │ ├── main.go │ │ ├── rpc.go │ │ ├── table_node.go │ │ └── test │ │ │ ├── BUILD.bazel │ │ │ └── main_test.go │ └── takeover │ │ ├── BUILD.bazel │ │ ├── boot.go │ │ ├── e2e │ │ ├── BUILD.bazel │ │ └── main_test.go │ │ ├── install.go │ │ ├── main.go │ │ └── takeover.go ├── handbook │ ├── .gitignore │ ├── BUILD.bazel │ ├── README.md │ ├── defs.bzl │ └── src │ │ ├── SUMMARY.md │ │ ├── ch01-00-metropolis-organization.md │ │ ├── ch02-00-local-demo-cluster.md │ │ ├── ch03-00-cluster-architecture.md │ │ ├── ch03-05-cluster-api.md │ │ ├── introduction-00-title.md │ │ └── introduction-01-how-to-use.md ├── installer │ ├── BUILD.bazel │ ├── main.go │ └── test │ │ ├── BUILD.bazel │ │ ├── run_test.go │ │ └── testos │ │ ├── BUILD.bazel │ │ └── main.go ├── node │ ├── BUILD.bazel │ ├── abloader │ │ ├── BUILD.bazel │ │ ├── main.rs │ │ └── spec │ │ │ ├── BUILD.bazel │ │ │ ├── abloader.proto │ │ │ └── gomod-generated-placeholder.go │ ├── bios_bootcode │ │ ├── BUILD.bazel │ │ ├── README.md │ │ ├── boot.asm │ │ ├── genlogo │ │ │ ├── BUILD.bazel │ │ │ ├── def.bzl │ │ │ └── main.go │ │ └── logo.png │ ├── core │ │ ├── BUILD.bazel │ │ ├── cluster │ │ │ ├── BUILD.bazel │ │ │ ├── cluster.go │ │ │ ├── cluster_bootstrap.go │ │ │ ├── cluster_join.go │ │ │ └── cluster_register.go │ │ ├── clusternet │ │ │ ├── BUILD.bazel │ │ │ ├── clusternet.go │ │ │ ├── clusternet_test.go │ │ │ ├── types.go │ │ │ └── wireguard.go │ │ ├── consensus │ │ │ ├── BUILD.bazel │ │ │ ├── client │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── client.go │ │ │ │ └── unimplemented.go │ │ │ ├── configuration.go │ │ │ ├── consensus.go │ │ │ ├── consensus_test.go │ │ │ ├── logparser.go │ │ │ ├── logparser_test.go │ │ │ ├── status.go │ │ │ └── testhelpers.go │ │ ├── curator │ │ │ ├── BUILD.bazel │ │ │ ├── bootstrap.go │ │ │ ├── curator.go │ │ │ ├── curator_test.go │ │ │ ├── filters.go │ │ │ ├── impl_follower.go │ │ │ ├── impl_leader.go │ │ │ ├── impl_leader_aaa.go │ │ │ ├── impl_leader_background.go │ │ │ ├── impl_leader_certificates.go │ │ │ ├── impl_leader_cluster_networking.go │ │ │ ├── impl_leader_curator.go │ │ │ ├── impl_leader_management.go │ │ │ ├── impl_leader_test.go │ │ │ ├── listener.go │ │ │ ├── proto │ │ │ │ ├── api │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── api.proto │ │ │ │ │ └── gomod-generated-placeholder.go │ │ │ │ └── private │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── gomod-generated-placeholder.go │ │ │ │ │ ├── lock.proto │ │ │ │ │ └── storage.proto │ │ │ ├── reconfigure.go │ │ │ ├── reconfigure_test.go │ │ │ ├── state.go │ │ │ ├── state_cluster.go │ │ │ ├── state_node.go │ │ │ ├── state_pki.go │ │ │ ├── state_registerticket.go │ │ │ ├── state_test.go │ │ │ └── watcher │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── watch_node.go │ │ │ │ └── watch_nodes.go │ │ ├── debug_service_disabled.go │ │ ├── debug_service_enabled.go │ │ ├── delve_disabled.go │ │ ├── delve_enabled.go │ │ ├── devmgr │ │ │ ├── BUILD.bazel │ │ │ └── devmgr.go │ │ ├── identity │ │ │ ├── BUILD.bazel │ │ │ ├── certificates.go │ │ │ ├── certificates_test.go │ │ │ └── identity.go │ │ ├── localstorage │ │ │ ├── BUILD.bazel │ │ │ ├── crypt │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── blockdev.go │ │ │ │ ├── crypt.go │ │ │ │ ├── crypt_encryption.go │ │ │ │ ├── crypt_integrity.go │ │ │ │ └── crypt_test.go │ │ │ ├── declarative │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── declarative.go │ │ │ │ ├── placement.go │ │ │ │ └── placement_local.go │ │ │ ├── directory_data.go │ │ │ ├── directory_pki.go │ │ │ ├── directory_root.go │ │ │ ├── storage.go │ │ │ ├── storage_esp.go │ │ │ └── storage_test.go │ │ ├── main.go │ │ ├── metrics │ │ │ ├── BUILD.bazel │ │ │ ├── discovery.go │ │ │ ├── exporters.go │ │ │ ├── fake_exporter │ │ │ │ ├── BUILD.bazel │ │ │ │ └── fake_exporter.go │ │ │ ├── metrics.go │ │ │ └── metrics_test.go │ │ ├── mgmt │ │ │ ├── BUILD.bazel │ │ │ ├── mgmt.go │ │ │ ├── power.go │ │ │ ├── svc_logs.go │ │ │ ├── svc_logs_test.go │ │ │ └── update.go │ │ ├── mounts.go │ │ ├── network │ │ │ ├── BUILD.bazel │ │ │ ├── dhcp4c │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── callback │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── callback.go │ │ │ │ │ └── callback_test.go │ │ │ │ ├── dhcpc.go │ │ │ │ ├── dhcpc_test.go │ │ │ │ ├── doc.go │ │ │ │ ├── lease.go │ │ │ │ ├── lease_test.go │ │ │ │ └── transport │ │ │ │ │ ├── BUILD.bazel │ │ │ │ │ ├── transport.go │ │ │ │ │ ├── transport_broadcast.go │ │ │ │ │ └── transport_unicast.go │ │ │ ├── hostsfile │ │ │ │ ├── BUILD.bazel │ │ │ │ └── hostsfile.go │ │ │ ├── main.go │ │ │ ├── neigh.go │ │ │ ├── quirks.go │ │ │ └── static.go │ │ ├── nodeparams.go │ │ ├── roleserve │ │ │ ├── BUILD.bazel │ │ │ ├── roleserve.go │ │ │ ├── values.go │ │ │ ├── worker_clusternet.go │ │ │ ├── worker_controlplane.go │ │ │ ├── worker_heartbeat.go │ │ │ ├── worker_hostsfile.go │ │ │ ├── worker_kubernetes.go │ │ │ ├── worker_metrics.go │ │ │ ├── worker_nodemgmt.go │ │ │ ├── worker_rolefetch.go │ │ │ ├── worker_statuspush.go │ │ │ └── worker_statuspush_test.go │ │ ├── rpc │ │ │ ├── BUILD.bazel │ │ │ ├── client.go │ │ │ ├── methodinfo.go │ │ │ ├── peerinfo.go │ │ │ ├── resolver │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── processor.go │ │ │ │ ├── resolver.go │ │ │ │ ├── resolver_test.go │ │ │ │ └── watcher.go │ │ │ ├── server.go │ │ │ ├── server_authentication.go │ │ │ ├── server_authentication_test.go │ │ │ ├── trace.go │ │ │ └── trace_test.go │ │ ├── sysctl.go │ │ ├── tconsole │ │ │ ├── BUILD.bazel │ │ │ ├── colors.go │ │ │ ├── draw.go │ │ │ ├── page_logs.go │ │ │ ├── page_status.go │ │ │ ├── standalone │ │ │ │ ├── BUILD.bazel │ │ │ │ └── main.go │ │ │ ├── statusbar.go │ │ │ └── tconsole.go │ │ ├── time │ │ │ ├── BUILD.bazel │ │ │ └── time.go │ │ └── update │ │ │ ├── BUILD.bazel │ │ │ ├── e2e │ │ │ ├── BUILD.bazel │ │ │ ├── e2e_test.go │ │ │ └── testos │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── main.go │ │ │ │ ├── rootfs.fsspec │ │ │ │ └── testos.bzl │ │ │ └── update.go │ ├── erofs-layout.fsspec │ ├── ids.go │ ├── kubernetes │ │ ├── BUILD.bazel │ │ ├── apiproxy.go │ │ ├── apiserver.go │ │ ├── authproxy │ │ │ ├── BUILD.bazel │ │ │ └── authproxy.go │ │ ├── clusternet │ │ │ ├── BUILD.bazel │ │ │ └── clusternet.go │ │ ├── containerd │ │ │ ├── BUILD.bazel │ │ │ ├── cnispec.gojson │ │ │ ├── config.toml │ │ │ ├── main.go │ │ │ ├── runsc_debug.toml │ │ │ └── runsc_nondebug.toml │ │ ├── controller-manager.go │ │ ├── csi.go │ │ ├── feature_gates.go │ │ ├── feature_gates_test.go │ │ ├── hyperkube │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ │ ├── kubelet.go │ │ ├── labelmaker.go │ │ ├── metricsprovider │ │ │ ├── BUILD.bazel │ │ │ └── metricsprovider.go │ │ ├── metricsproxy │ │ │ ├── BUILD.bazel │ │ │ └── metricsproxy.go │ │ ├── networkpolicy │ │ │ ├── BUILD.bazel │ │ │ ├── networkpolicy.go │ │ │ └── networkpolicy_test.go │ │ ├── nfproxy │ │ │ ├── BUILD.bazel │ │ │ └── nfproxy.go │ │ ├── pause │ │ │ └── BUILD.bazel │ │ ├── pki │ │ │ ├── BUILD.bazel │ │ │ └── kubernetes.go │ │ ├── plugins │ │ │ └── kvmdevice │ │ │ │ ├── BUILD.bazel │ │ │ │ └── kvmdevice.go │ │ ├── provisioner.go │ │ ├── reconciler │ │ │ ├── BUILD.bazel │ │ │ ├── reconciler.go │ │ │ ├── reconciler_status.go │ │ │ ├── reconciler_status_test.go │ │ │ ├── reconciler_test.go │ │ │ ├── resources_csi.go │ │ │ ├── resources_rbac.go │ │ │ ├── resources_runtimeclass.go │ │ │ └── resources_storageclass.go │ │ ├── scheduler.go │ │ ├── service_controller.go │ │ └── service_worker.go │ ├── labels.go │ ├── labels_test.go │ ├── minit │ │ ├── BUILD.bazel │ │ └── main.c │ ├── net_ips.go │ ├── net_protocols.go │ ├── passwd │ ├── ports.go │ ├── tools │ │ └── tools.go │ ├── validation.go │ └── validation_test.go ├── proto │ ├── BUILD.bazel │ ├── api │ │ ├── BUILD.bazel │ │ ├── aaa.proto │ │ ├── configuration.proto │ │ ├── debug.proto │ │ ├── gomod-generated-placeholder.go │ │ └── management.proto │ ├── common │ │ ├── BUILD.bazel │ │ ├── common.proto │ │ └── gomod-generated-placeholder.go │ ├── ext │ │ ├── BUILD.bazel │ │ ├── authorization.proto │ │ └── gomod-generated-placeholder.go │ └── private │ │ ├── BUILD.bazel │ │ ├── gomod-generated-placeholder.go │ │ └── private.proto ├── test │ ├── e2e │ │ ├── BUILD.bazel │ │ ├── connectivity │ │ │ ├── BUILD.bazel │ │ │ ├── agent │ │ │ │ ├── BUILD.bazel │ │ │ │ └── main.go │ │ │ ├── connectivity.go │ │ │ └── spec │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── gomod-generated-placeholder.go │ │ │ │ └── spec.proto │ │ ├── httpserver │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ │ ├── k8s_cts │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ │ ├── persistentvolume │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ │ ├── preseedtest │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ │ ├── selftest │ │ │ ├── BUILD.bazel │ │ │ ├── README.md │ │ │ └── main.go │ │ └── suites │ │ │ ├── core │ │ │ ├── BUILD.bazel │ │ │ └── run_test.go │ │ │ ├── ha │ │ │ ├── BUILD.bazel │ │ │ └── run_test.go │ │ │ ├── ha_cold │ │ │ ├── BUILD.bazel │ │ │ └── run_test.go │ │ │ └── kubernetes │ │ │ ├── BUILD.bazel │ │ │ ├── kubernetes_helpers.go │ │ │ └── run_test.go │ ├── lacp │ │ ├── BUILD.bazel │ │ └── lacp_test.go │ ├── launch │ │ ├── BUILD.bazel │ │ ├── cli │ │ │ ├── launch-cluster │ │ │ │ ├── BUILD.bazel │ │ │ │ └── main.go │ │ │ └── launch │ │ │ │ ├── BUILD.bazel │ │ │ │ └── main.go │ │ ├── cluster.go │ │ ├── insecure_key.go │ │ ├── launch.go │ │ ├── log.go │ │ ├── metroctl.go │ │ ├── prefixed_stdio.go │ │ └── swtpm.go │ ├── localregistry │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ ├── localregistry.go │ │ └── spec │ │ │ ├── BUILD.bazel │ │ │ ├── gomod-generated-placeholder.go │ │ │ └── manifest.proto │ ├── nanoswitch │ │ ├── BUILD.bazel │ │ ├── nanoswitch.go │ │ └── socks.go │ ├── swtpm │ │ ├── README.md │ │ ├── certtool │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ │ └── swtpm_cert │ │ │ ├── BUILD.bazel │ │ │ ├── asn1.go │ │ │ └── main.go │ └── util │ │ ├── BUILD.bazel │ │ ├── curator.go │ │ ├── rpc.go │ │ └── runners.go └── version │ ├── BUILD.bazel │ └── gomod-generated-placeholder.go ├── osbase ├── README.md ├── blockdev │ ├── BUILD.bazel │ ├── blockdev.go │ ├── blockdev_darwin.go │ ├── blockdev_linux.go │ ├── blockdev_linux_test.go │ ├── blockdev_test.go │ ├── blockdev_windows.go │ └── memory.go ├── bootparam │ ├── BUILD.bazel │ ├── bootparam.go │ ├── bootparam_test.go │ ├── params.go │ ├── params_test.go │ └── ref │ │ ├── BUILD.bazel │ │ └── ref.go ├── bringup │ ├── BUILD.bazel │ ├── bringup.go │ ├── panichandler.go │ ├── pstore.go │ └── test │ │ ├── BUILD.bazel │ │ ├── bringup.bzl │ │ ├── main_error.go │ │ ├── main_panic.go │ │ ├── main_succeeded.go │ │ └── run_test.go ├── build │ ├── BUILD.bazel │ ├── def.bzl │ ├── earlydev.fsspec │ ├── fsspec │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ ├── spec.proto │ │ └── utils.go │ ├── fwprune │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ └── main.go │ ├── genosrelease │ │ ├── BUILD.bazel │ │ ├── defs.bzl │ │ └── main.go │ ├── kconfig-patcher │ │ ├── BUILD.bazel │ │ ├── kconfig-patcher.bzl │ │ ├── main.go │ │ └── main_test.go │ ├── mkcpio │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ └── main.go │ ├── mkerofs │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ └── main.go │ ├── mkimage │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ ├── main.go │ │ └── osimage │ │ │ ├── BUILD.bazel │ │ │ └── osimage.go │ ├── mkoci │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ └── main.go │ ├── mkpayload │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ └── mkpayload.go │ ├── mkucode │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ ├── main.go │ │ └── spec │ │ │ ├── BUILD.bazel │ │ │ ├── gomod-generated-placeholder.go │ │ │ └── spec.proto │ └── mkverity │ │ ├── BUILD.bazel │ │ ├── def.bzl │ │ └── mkverity.go ├── cmd │ ├── BUILD.bazel │ └── run.go ├── devicemapper │ ├── BUILD.bazel │ ├── ctype.go │ └── devicemapper.go ├── efivarfs │ ├── BUILD.bazel │ ├── boot.go │ ├── boot_test.go │ ├── devicepath.go │ ├── devicepath_test.go │ ├── efivarfs.go │ ├── osindications.go │ └── variables.go ├── erofs │ ├── BUILD.bazel │ ├── compression.go │ ├── compression_test.go │ ├── defs.go │ ├── defs_test.go │ ├── doc.md │ ├── erofs.go │ ├── erofs_test.go │ ├── inode_types.go │ └── uncompressed_inode_writer.go ├── event │ ├── BUILD.bazel │ ├── etcd │ │ ├── BUILD.bazel │ │ ├── etcd.go │ │ └── etcd_test.go │ ├── event.go │ └── memory │ │ ├── BUILD.bazel │ │ ├── example_test.go │ │ ├── memory.go │ │ └── memory_test.go ├── fat32 │ ├── BUILD.bazel │ ├── dos83.go │ ├── fat32.go │ ├── fsck_test.go │ ├── linux_test.go │ ├── structs.go │ ├── structs_test.go │ └── utils.go ├── fileargs │ ├── BUILD.bazel │ └── fileargs.go ├── freeport │ ├── BUILD.bazel │ └── freeport.go ├── fsquota │ ├── BUILD.bazel │ ├── fsquota.go │ ├── fsquota_test.go │ ├── fsxattrs │ │ ├── BUILD.bazel │ │ └── fsxattrs.go │ └── quotactl │ │ ├── BUILD.bazel │ │ └── quotactl.go ├── gpt │ ├── BUILD.bazel │ ├── gpt.go │ ├── gpt_test.go │ ├── linux_test.go │ ├── mbr.go │ ├── mbr_test.go │ └── structs_test.go ├── kexec │ ├── BUILD.bazel │ └── kexec.go ├── kmod │ ├── BUILD.bazel │ ├── manager.go │ ├── manager_test.go │ ├── meta.go │ ├── modinfo.go │ ├── radix.go │ ├── radix_test.go │ ├── spec │ │ ├── BUILD.bazel │ │ ├── gomod-generated-placeholder.go │ │ └── meta.proto │ └── syscall.go ├── logbuffer │ ├── BUILD.bazel │ ├── linebuffer.go │ ├── linebuffer_test.go │ ├── logbuffer.go │ └── logbuffer_test.go ├── logtree │ ├── BUILD.bazel │ ├── doc.go │ ├── grpc.go │ ├── journal.go │ ├── journal_entry.go │ ├── journal_subscriber.go │ ├── journal_test.go │ ├── klog.go │ ├── klog_test.go │ ├── kmsg.go │ ├── kmsg_test.go │ ├── leveled.go │ ├── leveled_payload.go │ ├── logtree.go │ ├── logtree_access.go │ ├── logtree_entry.go │ ├── logtree_publisher.go │ ├── logtree_test.go │ ├── proto │ │ ├── BUILD.bazel │ │ ├── gomod-generated-placeholder.go │ │ └── logtree.proto │ ├── testhelpers.go │ ├── unraw │ │ ├── BUILD.bazel │ │ ├── unraw.go │ │ └── unraw_test.go │ ├── zap.go │ └── zap_test.go ├── loop │ ├── BUILD.bazel │ ├── loop.go │ └── loop_test.go ├── msguid │ ├── BUILD.bazel │ ├── msguid.go │ └── msguid_test.go ├── net │ ├── dns │ │ ├── BUILD.bazel │ │ ├── dns.go │ │ ├── dns_test.go │ │ ├── forward │ │ │ ├── BUILD.bazel │ │ │ ├── LICENSE-3RD-PARTY.txt │ │ │ ├── cache.go │ │ │ ├── cache │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── cache.go │ │ │ │ ├── cache_test.go │ │ │ │ └── shard_test.go │ │ │ ├── forward.go │ │ │ ├── forward_test.go │ │ │ ├── metrics.go │ │ │ ├── proxy │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── connect.go │ │ │ │ ├── health.go │ │ │ │ ├── health_test.go │ │ │ │ ├── metrics.go │ │ │ │ ├── persistent.go │ │ │ │ ├── persistent_test.go │ │ │ │ ├── proxy.go │ │ │ │ ├── proxy_test.go │ │ │ │ └── type.go │ │ │ └── up │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── up.go │ │ │ │ └── up_test.go │ │ ├── hosts │ │ ├── kubernetes │ │ │ ├── BUILD.bazel │ │ │ ├── LICENSE-3RD-PARTY.txt │ │ │ ├── controller.go │ │ │ ├── handler.go │ │ │ ├── handler_test.go │ │ │ ├── kubernetes.go │ │ │ ├── metrics.go │ │ │ └── object │ │ │ │ ├── BUILD.bazel │ │ │ │ ├── endpoint.go │ │ │ │ ├── informer.go │ │ │ │ ├── informer_test.go │ │ │ │ ├── namespace.go │ │ │ │ ├── object.go │ │ │ │ └── service.go │ │ ├── metrics.go │ │ ├── name.go │ │ ├── name_test.go │ │ ├── resolv.conf │ │ ├── test │ │ │ ├── BUILD.bazel │ │ │ ├── LICENSE-3RD-PARTY.txt │ │ │ ├── server.go │ │ │ └── server_test.go │ │ └── testhelpers.go │ ├── dump │ │ ├── BUILD.bazel │ │ ├── cli │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ │ ├── hwaddr_compat.go │ │ └── netdump.go │ ├── proto │ │ ├── BUILD.bazel │ │ ├── gomod-generated-placeholder.go │ │ └── net.proto │ └── sshtakeover │ │ ├── BUILD.bazel │ │ └── sshtakeover.go ├── nvme │ ├── BUILD.bazel │ ├── cmd_linux.go │ ├── cmd_unsupported.go │ ├── error.go │ ├── format.go │ ├── health.go │ ├── identify.go │ ├── nvme.go │ ├── selftest.go │ ├── struct_test.go │ └── uint128le.go ├── oci │ ├── BUILD.bazel │ ├── layout.go │ ├── oci.go │ ├── oci_test.go │ ├── osimage │ │ ├── BUILD.bazel │ │ ├── osimage.go │ │ ├── osimage_test.go │ │ └── types.go │ └── registry │ │ ├── BUILD.bazel │ │ ├── auth.go │ │ ├── client.go │ │ ├── client_test.go │ │ ├── headers.go │ │ ├── headers_test.go │ │ └── server.go ├── pki │ ├── BUILD.bazel │ ├── ca.go │ ├── certificate.go │ ├── certificate_test.go │ ├── crl.go │ ├── crl_test.go │ └── x509.go ├── pstore │ ├── BUILD.bazel │ ├── pstore.go │ └── pstore_test.go ├── scsi │ ├── BUILD.bazel │ ├── dev_block.go │ ├── health.go │ ├── inquiry.go │ ├── log.go │ ├── scsi.go │ ├── scsi_linux.go │ ├── scsi_linux_defs.go │ ├── scsi_linux_defs1.go │ └── sensekeydata.go ├── smbios │ ├── BUILD.bazel │ ├── smbios.go │ └── structures.go ├── socksproxy │ ├── BUILD.bazel │ ├── protocol.go │ ├── socksproxy.go │ └── socksproxy_test.go ├── structfs │ ├── BUILD.bazel │ ├── blob.go │ ├── structfs.go │ └── structfs_test.go ├── supervisor │ ├── BUILD.bazel │ ├── supervisor.go │ ├── supervisor_metrics.go │ ├── supervisor_metrics_prometheus.go │ ├── supervisor_node.go │ ├── supervisor_processor.go │ ├── supervisor_support.go │ ├── supervisor_test.go │ └── supervisor_testhelpers.go ├── sysctl │ ├── BUILD.bazel │ └── options.go ├── sysfs │ ├── BUILD.bazel │ ├── block.go │ └── uevents.go ├── test │ ├── ktest │ │ ├── BUILD.bazel │ │ ├── init │ │ │ ├── BUILD.bazel │ │ │ └── main.go │ │ ├── ktest.bzl │ │ ├── main.go │ │ └── run_ktest.sh │ └── qemu │ │ ├── BUILD.bazel │ │ └── launch.go ├── tpm │ ├── BUILD.bazel │ ├── credactivation_compat.go │ ├── eventlog │ │ ├── BUILD.bazel │ │ ├── LICENSE-3RD-PARTY.txt │ │ ├── compat.go │ │ ├── eventlog.go │ │ ├── internal │ │ │ ├── BUILD.bazel │ │ │ └── events.go │ │ └── secureboot.go │ ├── proto │ │ ├── BUILD.bazel │ │ ├── gomod-generated-placeholder.go │ │ └── tpm.proto │ └── tpm.go ├── verity │ ├── BUILD.bazel │ ├── encoder.go │ └── encoder_test.go └── watchdog │ ├── BUILD.bazel │ └── watchdog.go ├── shell.nix ├── third_party ├── BUILD.bazel ├── README.md ├── bazelrc │ └── aspect │ │ ├── BUILD.bazel │ │ ├── COPYING │ │ ├── README │ │ ├── bazel8.bazelrc │ │ ├── ci.bazelrc │ │ ├── convenience.bazelrc │ │ ├── correctness.bazelrc │ │ └── performance.bazelrc ├── cap │ ├── BUILD.bazel │ ├── cap.bzl │ └── patches │ │ ├── BUILD.bazel │ │ └── add_go_codegen.patch ├── chrony │ ├── BUILD.bazel │ ├── chrony.bzl │ ├── config.h.in │ └── patches │ │ ├── BUILD.bazel │ │ ├── disable_defaults.patch │ │ └── support_fixed_uids.patch ├── cockroach │ ├── BUILD.bazel │ └── cockroach.bzl ├── com_github_containernetworking_cni │ ├── BUILD.bazel │ └── cni-fix-cachepath.patch ├── com_github_containernetworking_plugins │ ├── BUILD.bazel │ └── cniplugins-add-linkgroup.patch ├── com_github_corverroos_commentwrap │ ├── BUILD.bazel │ └── commentwrap-uri.patch ├── com_github_go_delve_delve │ └── BUILD.bazel ├── com_github_google_cadvisor │ ├── BUILD.bazel │ └── cadvisor-errdefs1.patch ├── com_github_google_go_tpm_tools │ ├── BUILD.bazel │ └── go-tpm-tools-fix-proto-paths.patch ├── com_github_google_nftables │ ├── BUILD.bazel │ └── nftables-dynamic-exprs.patch ├── com_github_opencontainers_runc │ ├── BUILD.bazel │ └── runc-add-cdeps.patch ├── com_github_pganalyze_pg_query_go_v4 │ ├── BUILD.bazel │ └── pganalyze-add-cdeps.patch ├── com_github_sbezverk_nfproxy │ ├── BUILD.bazel │ ├── nfproxy-adapt-to-k8s-1.28.patch │ └── nfproxy-adapt-to-nftables-0.2.patch ├── com_github_seccomp_libseccomp_golang │ ├── BUILD.bazel │ └── libseccomp.patch ├── com_github_vishvananda_netlink │ ├── BUILD.bazel │ └── netlink-psample.patch ├── com_go_etcd_io_etcd_server_v3 │ ├── BUILD.bazel │ ├── etcd-fix-embed-close.patch │ └── etcd-fix-islearner-panic.patch ├── com_go_etcd_io_etcd_tests_v3 │ ├── BUILD.bazel │ └── etcd-integration-logging.patch ├── com_golang_org_x_tools │ ├── BUILD.bazel │ └── goimports-group-merging.patch ├── com_gvisor_dev_gvisor │ ├── BUILD.bazel │ ├── gvisor-containerd-compat.patch │ └── gvisor-fix-syslog.patch ├── com_k8s_io_client_go │ ├── BUILD.bazel │ ├── k8s-fix-websocket-custom-dialer.patch │ └── version-stamp.patch ├── com_k8s_io_component_base │ ├── BUILD.bazel │ ├── k8s-fix-metrics-data-race.patch │ └── version-stamp.patch ├── com_k8s_io_kubectl │ ├── BUILD.bazel │ └── kubectl-fix-embed.patch ├── com_k8s_io_kubelet │ ├── BUILD.bazel │ └── kubelet-fix-path.patch ├── com_k8s_io_kubernetes │ ├── BUILD.bazel │ ├── k8s-add-pause-build-file.patch │ ├── k8s-drop-legacy-log-path.patch │ ├── k8s-native-metrics.patch │ ├── k8s-removed-block-device-pseudo-locks.patch │ ├── k8s-reserve-metropolis-ports-import.patch │ └── k8s-reserve-metropolis-ports.patch ├── com_k8s_io_mount_utils │ ├── BUILD.bazel │ └── k8s-native-mounter.patch ├── dosfstools │ ├── BUILD.bazel │ └── dosfstools.bzl ├── edk2 │ ├── BUILD.bazel │ ├── edk2.bzl │ └── patches │ │ ├── BUILD.bazel │ │ ├── disable-werror.patch │ │ └── remove-brotli-build.patch ├── efistub │ ├── BUILD.bazel │ ├── efistub.bzl │ └── patches │ │ ├── BUILD.bazel │ │ ├── ab-slot-handling.patch │ │ ├── remove-wrong-cmdline-assertion.patch │ │ └── use-sysv-for-kernel.patch ├── gazelle │ ├── BUILD.bazel │ └── add-prepatching.patch ├── glib │ ├── BUILD.bazel │ ├── cc_fix_spec.prototxt │ └── patches │ │ ├── BUILD.bazel │ │ ├── bazel_cc_fix.patch │ │ └── bazel_support.patch ├── gnuefi │ ├── BUILD.bazel │ └── gnuefi.bzl ├── inih │ ├── BUILD.bazel │ └── inih.bzl ├── intel_ucode │ ├── BUILD.bazel │ └── intel_ucode.bzl ├── libpg_query │ ├── BUILD.bazel │ ├── README.md │ └── libpg_query.bzl ├── libtpms │ ├── BUILD.bazel │ └── patches │ │ ├── 0001-boringssl-compat-new-SHA-types.patch │ │ ├── 0002-boringssl-compat-removed-const_DES_cblock.patch │ │ ├── 0003-boringssl-compat-removed-EC_POINTs_mul.patch │ │ ├── 0004-boringssl-compat-removed-camellia-support.patch │ │ ├── 0005-boringssl-compat-remove-constant-time-flags-UNSAFE.patch │ │ ├── 0006-bazel-support-implement.patch │ │ └── BUILD.bazel ├── licenses │ └── LICENSE.APACHE20 ├── linux-firmware │ ├── BUILD.bazel │ └── linux-firmware.bzl ├── linux │ ├── BUILD.bazel │ ├── def.bzl │ ├── linux-metropolis.config │ ├── linux.bzl │ └── patches │ │ ├── 0001-block-partition-expose-PARTUUID-through-uevent.patch │ │ ├── BUILD.bazel │ │ ├── disable-static-ifs.patch │ │ ├── enable-pmsg.patch │ │ ├── fb-devs-knob.patch │ │ └── lacp_fix.patch ├── musl │ ├── BUILD.bazel │ └── musl.bzl ├── nix │ ├── bazel-inner.sh │ ├── env.nix │ ├── sources.json │ └── sources.nix ├── rules_go │ ├── BUILD.bazel │ ├── introduce-all-scope-for-nogo.patch │ └── rules_go_absolute_embedsrc.patch ├── rules_rust │ ├── BUILD.bazel │ ├── rust-prost-nostd.patch │ └── rust-reproducibility.patch ├── rust │ ├── BUILD.bazel │ ├── Cargo.lock │ ├── Cargo.toml │ └── README.md ├── rust_efi │ ├── BUILD.bazel │ ├── Cargo.lock │ └── Cargo.toml ├── sandboxroot │ ├── .gitignore │ ├── BUILD.bazel │ ├── README.md │ ├── regenerate.sh │ ├── repo.yaml │ ├── repositories.bzl │ └── tools.go ├── seccomp │ ├── BUILD.bazel │ ├── patches │ │ ├── BUILD.bazel │ │ ├── bazel_cc_fix.patch │ │ └── fix_generated_includes.patch │ └── seccomp.bzl ├── swtpm │ ├── BUILD.bazel │ └── patches │ │ ├── 0001-bazel-compat-glib.h-glib-glib.h.patch │ │ ├── 0002-swtpm_localca-replace-gmp-mpz-dependency-with-boring.patch │ │ ├── 0003-swtpm_setup-replace-dep-on-JSON-GLib-with-sheredom-j.patch │ │ ├── 0004-bazel-support-implement.patch │ │ └── BUILD.bazel ├── urcu │ ├── BUILD.bazel │ ├── config.h │ ├── patches │ │ ├── BUILD.bazel │ │ └── generated-files.patch │ └── urcu.bzl ├── util-linux │ ├── BUILD.bazel │ ├── cc_fix_spec.prototxt │ ├── patches │ │ ├── BUILD.bazel │ │ └── bazel_cc_fix.patch │ └── util-linux.bzl └── xfsprogs │ ├── BUILD.bazel │ ├── cc_fix_spec.prototxt │ ├── patches │ ├── BUILD.bazel │ └── bazel_cc_fix.patch │ └── xfsprogs.bzl ├── tools ├── bazel └── gopackagesdriver └── version ├── BUILD.bazel ├── defs.bzl ├── spec ├── BUILD.bazel ├── gomod-generated-placeholder.go └── spec.proto ├── stampgo ├── BUILD.bazel └── main.go └── version.go /.bazelignore: -------------------------------------------------------------------------------- 1 | generated 2 | .bazeldnf 3 | -------------------------------------------------------------------------------- /.bazelproject: -------------------------------------------------------------------------------- 1 | directories: 2 | # Add the directories you want added as source here 3 | # By default, we've added your entire workspace ('.') 4 | . 5 | 6 | # Automatically includes all relevant targets under the 'directories' above 7 | derive_targets_from_directories: false 8 | 9 | targets: 10 | # If source code isn't resolving, add additional targets that compile it here 11 | //... 12 | 13 | additional_languages: 14 | # Uncomment any additional languages you want supported 15 | # android 16 | # dart 17 | go 18 | # javascript 19 | # kotlin 20 | # python 21 | # scala 22 | # typescript 23 | 24 | import_run_configurations: 25 | intellij/run/Connect_to_dlv_on__2345.xml 26 | 27 | intellij/run/e2e_test.xml 28 | intellij/run/e2e_test_in_dbg_mode.xml 29 | intellij/run/e2e_test_in_dbg_mode_with_dlv.xml 30 | 31 | intellij/run/Run__gazelle.xml 32 | 33 | intellij/run/Run_all_tests.xml 34 | 35 | intellij/run/Run_single_node_cluster.xml 36 | intellij/run/Run_single_node_cluster_in_dbg_mode.xml 37 | -------------------------------------------------------------------------------- /.bazelrc.ci: -------------------------------------------------------------------------------- 1 | # Import Aspect bazelrc presets 2 | import %workspace%/third_party/bazelrc/aspect/ci.bazelrc 3 | 4 | # Our Jenkins does not support colors. 5 | build --color=no 6 | 7 | # Dont upload local results to prevent cache poisoning. Whenever we get remote 8 | # cache for builds, we will only populate it from a builder that runs against 9 | # all merged main commits. 10 | build --noremote_upload_local_results 11 | 12 | # Setup a disk cache with a maximum size of 150Gi. We currently have our PVs 13 | # set to 200Gi, which is more than enough. 14 | build --disk_cache=~/.cache/bazel-monogon/ 15 | build --experimental_disk_cache_gc_max_size=150G 16 | 17 | # Disable stamping for cache determinism 18 | build --config=nostamp 19 | -------------------------------------------------------------------------------- /.bazelrc.sandboxroot: -------------------------------------------------------------------------------- 1 | # bazelrc config used during sandboxroot generation 2 | 3 | startup --batch_cpu_scheduling --io_nice_level 7 4 | build --incompatible_strict_action_env=true 5 | build --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1 6 | 7 | # We still require WORKSPACE support as bazeldnf isn't bzlmod compatible yet. 8 | common --enable_workspace 9 | 10 | # No host CC platform - we only want pure Go for the sandboxroot 11 | build --host_platform=@io_bazel_rules_go//go/toolchain:linux_amd64 12 | 13 | common --experimental_downloader_config=build/bazel/bazel_downloader.cfg 14 | 15 | # Shared with main .bazelrc 16 | try-import %workspace%/.bazelrc.user 17 | try-import %workspace%/ci.bazelrc 18 | -------------------------------------------------------------------------------- /.bazelversion: -------------------------------------------------------------------------------- 1 | 8.1.0 -------------------------------------------------------------------------------- /.git-ignore-revs: -------------------------------------------------------------------------------- 1 | # Initial commentwrap reformat. 2 | 216fe7b3ae949376467f626f339423a31ea7da97 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /bazel-* 2 | *swp 3 | .idea 4 | .ijwb 5 | .bazelrc.user 6 | .bazelrc.sandbox 7 | .bazeldnf 8 | .direnv 9 | 10 | # Ignore misplaced build output from Intellij's Rust plugin. 11 | third_party/rust/target/* 12 | third_party/rust_efi/target/* -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "go.goroot": "${workspaceFolder}/bazel-${workspaceFolderBasename}/external/rules_go++go_sdk+main___download_0/", 3 | "go.toolsEnvVars": { 4 | "GOPACKAGESDRIVER": "${workspaceFolder}/tools/gopackagesdriver" 5 | }, 6 | "gopls": { 7 | "formatting.local": "source.monogon.dev", 8 | "build.directoryFilters": [ 9 | "-bazel-bin", 10 | "-bazel-${workspaceFolderBasename}", 11 | "-bazel-out", 12 | "-bazel-testlogs", 13 | "-.bazeldnf" 14 | ], 15 | "ui.semanticTokens": true, 16 | }, 17 | "go.enableCodeLens": { 18 | "runtest": false 19 | }, 20 | "files.watcherExclude": { 21 | "bazel-bin/**": true, 22 | "bazel-${workspaceFolderBasename}/**": true, 23 | "bazel-testlogs/**": true, 24 | ".bazeldnf/**": true, 25 | } 26 | } -------------------------------------------------------------------------------- /WORKSPACE: -------------------------------------------------------------------------------- 1 | workspace(name = "dev_source_monogon") 2 | 3 | # bazeldnf is used to generate our sandbox root. 4 | load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") 5 | 6 | http_archive( 7 | name = "bazeldnf", 8 | sha256 = "cd75fbbad6f191c26b036132d57ca731cce067e9330306a8a2beb3e51af991a8", 9 | urls = [ 10 | "https://github.com/rmohr/bazeldnf/releases/download/v0.5.8/bazeldnf-v0.5.8.tar.gz", 11 | ], 12 | ) 13 | 14 | load("@bazeldnf//:deps.bzl", "bazeldnf_dependencies") 15 | 16 | bazeldnf_dependencies() 17 | 18 | load("//third_party/sandboxroot:repositories.bzl", "sandbox_dependencies") 19 | 20 | sandbox_dependencies() 21 | -------------------------------------------------------------------------------- /build/README.md: -------------------------------------------------------------------------------- 1 | # `//build` 2 | 3 | This directory contains global build and CI infrastructure which are useful across the entire monorepo, such as toolchains, Bazel libraries and CI config. 4 | 5 | -------------------------------------------------------------------------------- /build/analysis/checkcompilerdirectives/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "checkcompilerdirectives", 5 | srcs = ["checkcompilerdirectives.go"], 6 | importpath = "source.monogon.dev/build/analysis/checkcompilerdirectives", 7 | visibility = ["//visibility:public"], 8 | deps = ["@com_4d63_gocheckcompilerdirectives//checkcompilerdirectives"], 9 | ) 10 | -------------------------------------------------------------------------------- /build/analysis/checkcompilerdirectives/checkcompilerdirectives.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package checkcompilerdirectives 5 | 6 | import "4d63.com/gocheckcompilerdirectives/checkcompilerdirectives" 7 | 8 | var Analyzer = checkcompilerdirectives.Analyzer() 9 | -------------------------------------------------------------------------------- /build/analysis/gofmt/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "gofmt", 5 | srcs = ["gofmt.go"], 6 | importpath = "source.monogon.dev/build/analysis/gofmt", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//build/analysis/lib", 10 | "@com_github_golangci_gofmt//gofmt", 11 | "@org_golang_x_tools//go/analysis", 12 | ], 13 | ) 14 | -------------------------------------------------------------------------------- /build/analysis/haslicense/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "haslicense", 5 | srcs = ["haslicense.go"], 6 | importpath = "source.monogon.dev/build/analysis/haslicense", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//build/analysis/lib", 10 | "@org_golang_x_tools//go/analysis", 11 | ], 12 | ) 13 | -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/README.md: -------------------------------------------------------------------------------- 1 | Test data for //build/analysis/importsort 2 | === 3 | 4 | This directory contains a fake GOPATH-like structure used to test the importsort analyzer. Files have the .notgo extension to prevent smart editors/IDEs from reformatting broken files, and to prevent Gazelle and other automation from ingesting these files as part of the main build. -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/example.com/extlib/extlib.notgo: -------------------------------------------------------------------------------- 1 | package extlib 2 | -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/example.com/extlib/foo/foo.notgo: -------------------------------------------------------------------------------- 1 | package foo 2 | -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/source.monogon.dev/dut/mixed_in_group.notgo: -------------------------------------------------------------------------------- 1 | package dut 2 | 3 | import ( 4 | _ "errors" 5 | 6 | _ "example.com/extlib" // want `import classes within group are mixed` 7 | _ "source.monogon.dev/lib" 8 | ) 9 | -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/source.monogon.dev/dut/okay.notgo: -------------------------------------------------------------------------------- 1 | package dut 2 | 3 | import ( 4 | _ "errors" 5 | _ "math" 6 | 7 | _ "example.com/extlib" 8 | // Comments within groups are okay. 9 | _ "example.com/extlib/foo" 10 | 11 | _ "source.monogon.dev/lib" 12 | 13 | // Repeated group classes are okay. 14 | _ "source.monogon.dev/project/a" 15 | _ "source.monogon.dev/project/b" 16 | ) -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/source.monogon.dev/dut/unsorted_group.notgo: -------------------------------------------------------------------------------- 1 | package dut 2 | 3 | import ( 4 | _ "math" // want `imports within group are not sorted` 5 | _ "errors" 6 | ) 7 | -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/source.monogon.dev/dut/wrong_group_order.notgo: -------------------------------------------------------------------------------- 1 | package dut 2 | 3 | import ( 4 | _ "errors" 5 | 6 | _ "source.monogon.dev/lib" 7 | 8 | _ "example.com/extlib" // want `global import group after local import group` 9 | ) -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/source.monogon.dev/lib/lib.notgo: -------------------------------------------------------------------------------- 1 | package lib 2 | -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/source.monogon.dev/project/a/a.notgo: -------------------------------------------------------------------------------- 1 | package a 2 | -------------------------------------------------------------------------------- /build/analysis/importsort/testdata/source.monogon.dev/project/b/b.notgo: -------------------------------------------------------------------------------- 1 | package b 2 | -------------------------------------------------------------------------------- /build/analysis/lib/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "lib", 5 | srcs = [ 6 | "generated.go", 7 | "stdlib_packages.go", 8 | ], 9 | importpath = "source.monogon.dev/build/analysis/lib", 10 | visibility = ["//visibility:public"], 11 | ) 12 | 13 | genrule( 14 | name = "stdlib_packages", 15 | outs = ["stdlib_packages.go"], 16 | cmd = "$(location //build/analysis/lib/genstd) $@", 17 | tools = ["//build/analysis/lib/genstd"], 18 | ) 19 | -------------------------------------------------------------------------------- /build/analysis/lib/generated.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package lib 5 | 6 | import ( 7 | "go/ast" 8 | "strings" 9 | ) 10 | 11 | const ( 12 | genPrefix = "// Code generated" 13 | genSuffix = "DO NOT EDIT." 14 | ) 15 | 16 | // IsGeneratedFile returns true if the file is generated according to 17 | // https://golang.org/s/generatedcode and other heuristics. 18 | func IsGeneratedFile(file *ast.File) bool { 19 | for _, c := range file.Comments { 20 | for _, t := range c.List { 21 | if strings.HasPrefix(t.Text, genPrefix) && strings.HasSuffix(t.Text, genSuffix) { 22 | return true 23 | } 24 | // Generated testmain.go stubs from rules_go - for some reason, they don't 25 | // contain the expected markers. 26 | if strings.Contains(t.Text, "This package must be initialized before packages being tested.") { 27 | return true 28 | } 29 | } 30 | } 31 | return false 32 | } 33 | -------------------------------------------------------------------------------- /build/analysis/lib/genstd/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "genstd_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/build/analysis/lib/genstd", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//build/toolbase/gotoolchain", 10 | "@org_golang_x_tools//go/packages", 11 | ], 12 | ) 13 | 14 | go_binary( 15 | name = "genstd", 16 | embed = [":genstd_lib"], 17 | visibility = ["//visibility:public"], 18 | ) 19 | -------------------------------------------------------------------------------- /build/analysis/noioutil/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "noioutil", 5 | srcs = ["noioutil.go"], 6 | importpath = "source.monogon.dev/build/analysis/noioutil", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//build/analysis/lib", 10 | "@org_golang_x_tools//go/analysis", 11 | ], 12 | ) 13 | -------------------------------------------------------------------------------- /build/analysis/tools.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | //go:build tools 5 | // +build tools 6 | 7 | package analysis 8 | 9 | import ( 10 | _ "4d63.com/gocheckcompilerdirectives/checkcompilerdirectives" 11 | _ "github.com/corverroos/commentwrap/cmd/commentwrap" 12 | _ "honnef.co/go/tools/cmd/staticcheck" 13 | ) 14 | -------------------------------------------------------------------------------- /build/bazel/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/build/bazel/BUILD.bazel -------------------------------------------------------------------------------- /build/bazel/bazel_downloader.cfg: -------------------------------------------------------------------------------- 1 | # Allow request to go.dev for finding the current go sdk versions. 2 | allow go.dev 3 | 4 | # Allow requests to the bazel registry for ensuring we can update our 5 | # bzlmod deps. 6 | allow bcr.bazel.build 7 | 8 | # Allow requests to api.github.com for finding submodule refs. 9 | allow api.github.com 10 | 11 | # Allow requests to our mirror and rewrite all urls to use said mirror. 12 | allow mirror.monogon.dev 13 | rewrite ^((?!go\.dev|bcr\.bazel\.build|api\.github\.com).*) mirror.monogon.dev/$1 14 | 15 | # Block all other URLs. You can comment out this one to allow a fallback. 16 | block * 17 | -------------------------------------------------------------------------------- /build/bazel/oci.MODULE.bazel: -------------------------------------------------------------------------------- 1 | oci = use_extension("@rules_oci//oci:extensions.bzl", "oci") 2 | oci.pull( 3 | name = "distroless_base", 4 | digest = "sha256:6ae5fe659f28c6afe9cc2903aebc78a5c6ad3aaa3d9d0369760ac6aaea2529c8", 5 | image = "gcr.io/distroless/base", 6 | platforms = [ 7 | "linux/amd64", 8 | "linux/arm/v7", 9 | "linux/arm64/v8", 10 | "linux/ppc64le", 11 | "linux/s390x", 12 | ], 13 | ) 14 | use_repo( 15 | oci, 16 | "distroless_base", 17 | "distroless_base_linux_amd64", 18 | "distroless_base_linux_arm64_v8", 19 | "distroless_base_linux_arm_v7", 20 | "distroless_base_linux_ppc64le", 21 | "distroless_base_linux_s390x", 22 | ) 23 | -------------------------------------------------------------------------------- /build/bazel_cc_fix/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "bazel_cc_fix_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/build/bazel_cc_fix", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//build/bazel_cc_fix/ccfixspec", 10 | "@com_github_mattn_go_shellwords//:go-shellwords", 11 | "@org_golang_google_protobuf//encoding/prototext", 12 | ], 13 | ) 14 | 15 | go_binary( 16 | name = "bazel_cc_fix", 17 | embed = [":bazel_cc_fix_lib"], 18 | visibility = ["//visibility:public"], 19 | ) 20 | -------------------------------------------------------------------------------- /build/bazel_cc_fix/ccfixspec/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package ccfixspec 5 | -------------------------------------------------------------------------------- /build/github_repository/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/build/github_repository/BUILD.bazel -------------------------------------------------------------------------------- /build/github_repository/README.md: -------------------------------------------------------------------------------- 1 | # GitHub repository repository_rule 2 | This package provides a repository_rule for fetching GitHub repositories including their submodules without relying on git_repository, which prevents proper caching. -------------------------------------------------------------------------------- /build/mirror_proxy/README.md: -------------------------------------------------------------------------------- 1 | Bazel downloader mirror 2 | === 3 | 4 | This is a small tool which acts as a transparent proxy-ish mirror for use in the bazel downloader. 5 | By using a bazel_downloader.cfg we can instruct bazel to rewrite the download URLs and use a custom target instead. We use this to mirror all dependencies to our S3 storage. 6 | 7 | Usage 8 | --- 9 | 10 | This is expected to run with a given bucket name and a hardcoded set of credentials which are used to authenticate requests. When an authenticated request is received, the mirror will download uncached data if it isn't in the cache yet. This is expected to be used by trusted users, e.g. employees. 11 | 12 | There are two ways to authenticate with bazel. Either with the credential helper or a .netrc file, which a user should deploy a inside their home folder based on the following template to allow bazel to authenticate against the mirror. 13 | 14 | `~/.netrc` 15 | ``` 16 | machine mirror.monogon.dev 17 | login myfancyusername 18 | password mysecretpassword 19 | ``` -------------------------------------------------------------------------------- /build/sqlc/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary") 2 | 3 | # keep 4 | go_binary( 5 | name = "sqlc", 6 | embed = ["@com_github_sqlc_dev_sqlc//cmd/sqlc:sqlc_lib"], 7 | gotags = [ 8 | "osusergo", 9 | "netgo", 10 | "nowasm", 11 | ], 12 | pure = "off", 13 | ) 14 | -------------------------------------------------------------------------------- /build/sqlc/tool-dep/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | //go:build tools 5 | // +build tools 6 | 7 | // This is a synthetic file which depends on the sqlc binary. That in turn 8 | // makes `go mod tidy` pick it up, which in turns makes it available to Bazel. 9 | package main 10 | 11 | import ( 12 | _ "github.com/sqlc-dev/sqlc/pkg/cli" 13 | ) 14 | 15 | func main() { 16 | } 17 | -------------------------------------------------------------------------------- /build/static_binary_tarball/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "static_binary_tarball_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/build/static_binary_tarball", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//build/static_binary_tarball/spec", 10 | "@org_golang_google_protobuf//encoding/prototext", 11 | ], 12 | ) 13 | 14 | go_binary( 15 | name = "static_binary_tarball", 16 | embed = [":static_binary_tarball_lib"], 17 | visibility = ["//visibility:public"], 18 | ) 19 | -------------------------------------------------------------------------------- /build/static_binary_tarball/spec/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package spec 5 | -------------------------------------------------------------------------------- /build/toolbase/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/build/toolbase/BUILD.bazel -------------------------------------------------------------------------------- /build/toolbase/gotoolchain/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | load(":def.bzl", "toolchain_library") 3 | 4 | toolchain_library( 5 | name = "toolchain_library", 6 | importpath = "source.monogon.dev/build/toolbase/gotoolchain", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "@io_bazel_rules_go//go/runfiles:go_default_library", 10 | ], 11 | ) 12 | 13 | # keep 14 | go_library( 15 | name = "gotoolchain", 16 | embed = [":toolchain_library"], 17 | importpath = "source.monogon.dev/build/toolbase/gotoolchain", 18 | visibility = ["//visibility:public"], 19 | ) 20 | 21 | go_test( 22 | name = "gotoolchain_test", 23 | srcs = ["toolchain_test.go"], 24 | embed = [":gotoolchain"], # keep 25 | ) 26 | -------------------------------------------------------------------------------- /build/toolbase/gotoolchain/toolchain.go.in: -------------------------------------------------------------------------------- 1 | // gotoolchain provides information about the Go toolchain used on the host by 2 | // rules_go. 3 | package gotoolchain 4 | 5 | import ( 6 | "fmt" 7 | "path/filepath" 8 | "strings" 9 | 10 | "github.com/bazelbuild/rules_go/go/runfiles" 11 | ) 12 | 13 | func mustRunfile(s string) string { 14 | // TODO(tim): I couldn't find out why there is a prefix. 15 | s = strings.TrimPrefix(s, "external/") 16 | res, err := runfiles.Rlocation(s) 17 | if err != nil { 18 | panic(fmt.Sprintf("runfile %q not found: %v", s, err)) 19 | } 20 | abs, err := filepath.Abs(res) 21 | if err != nil { 22 | panic(fmt.Sprintf("cant make runfile %q absolute: %v", s, err)) 23 | } 24 | return abs 25 | } 26 | 27 | var ( 28 | // Go is a path to the `go` executable. 29 | Go = mustRunfile(`GOTOOL`) 30 | // Root is the GOROOT path. 31 | Root = mustRunfile(`GOROOT`) 32 | ) 33 | -------------------------------------------------------------------------------- /build/toolbase/gotoolchain/toolchain_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package gotoolchain 5 | 6 | import ( 7 | "os" 8 | "os/exec" 9 | "path" 10 | "testing" 11 | ) 12 | 13 | func TestGoToolRuns(t *testing.T) { 14 | cmd := exec.Command(Go, "version") 15 | if out, err := cmd.CombinedOutput(); err != nil { 16 | t.Fatalf("Failed to run `go version`: %q, %v", string(out), err) 17 | } 18 | } 19 | 20 | func TestGorootContainsRoot(t *testing.T) { 21 | rootfile := path.Join(Root, "ROOT") 22 | if _, err := os.Stat(rootfile); err != nil { 23 | t.Fatalf("ROOT not found in %s", Root) 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /build/toolchain/rust-efi/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@rules_rust//rust:defs.bzl", "rust_library_group") 2 | load("@rules_rust_prost//:defs.bzl", "rust_prost_toolchain") 3 | 4 | rust_library_group( 5 | name = "prost_runtime_efi", 6 | deps = [ 7 | "@crate_index_efi//:prost", 8 | ], 9 | ) 10 | 11 | rust_prost_toolchain( 12 | name = "prost_efi_toolchain_impl", 13 | is_nostd = True, 14 | prost_plugin = "@crate_index//:protoc-gen-prost__protoc-gen-prost", 15 | prost_runtime = ":prost_runtime_efi", 16 | prost_types = "@crate_index_efi//:prost-types", 17 | # This defaults to a non-empty value, which triggers an error that not all 18 | # tonic flags are set. We do not want tonic, so explicitly set this to 19 | # an empty string. 20 | tonic_plugin_flag = "", 21 | ) 22 | 23 | toolchain( 24 | name = "prost_efi_toolchain", 25 | toolchain = "prost_efi_toolchain_impl", 26 | toolchain_type = "@rules_rust_prost//:toolchain_type", 27 | ) 28 | -------------------------------------------------------------------------------- /build/utils/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/build/utils/BUILD.bazel -------------------------------------------------------------------------------- /cloud/agent/api/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package api 5 | -------------------------------------------------------------------------------- /cloud/agent/testdata/cpuinfo_qemu_virtual.txt: -------------------------------------------------------------------------------- 1 | processor : 0 2 | vendor_id : GenuineIntel 3 | cpu family : 6 4 | model : 6 5 | model name : QEMU Virtual CPU version 2.1.0 6 | stepping : 3 7 | microcode : 0x1 8 | cpu MHz : 2693.764 9 | cache size : 4096 KB 10 | physical id : 0 11 | siblings : 1 12 | core id : 0 13 | cpu cores : 1 14 | apicid : 0 15 | initial apicid : 0 16 | fpu : yes 17 | fpu_exception : yes 18 | cpuid level : 4 19 | wp : yes 20 | flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 x2apic popcnt hypervisor lahf_lm abm 21 | bogomips : 5387.52 22 | clflush size : 64 23 | cache_alignment : 64 24 | address sizes : 40 bits physical, 48 bits virtual 25 | power management: 26 | -------------------------------------------------------------------------------- /go/README.md: -------------------------------------------------------------------------------- 1 | # `//go` 2 | 3 | Go libraries which are not specific to any component live here. For example, this is a good place to put algorithms or helper libraries. 4 | -------------------------------------------------------------------------------- /go/algorithm/cartesian/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "cartesian", 5 | srcs = ["cartesian.go"], 6 | importpath = "source.monogon.dev/go/algorithm/cartesian", 7 | visibility = ["//visibility:public"], 8 | ) 9 | 10 | go_test( 11 | name = "cartesian_test", 12 | srcs = ["cartesian_test.go"], 13 | embed = [":cartesian"], 14 | deps = ["@com_github_google_go_cmp//cmp"], 15 | ) 16 | -------------------------------------------------------------------------------- /go/algorithm/cartesian/cartesian.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package cartesian 5 | 6 | // Product returns cartesian product of arguments. Each argument must be a slice 7 | // of the same kind. 8 | func Product[T any](dimensions ...[]T) [][]T { 9 | if len(dimensions) == 0 { 10 | return nil 11 | } 12 | 13 | head, tail := dimensions[0], dimensions[1:] 14 | tailProduct := Product[T](tail...) 15 | 16 | var result [][]T 17 | for _, v := range head { 18 | if len(tailProduct) == 0 { 19 | result = append(result, []T{v}) 20 | } else { 21 | for _, ttail := range tailProduct { 22 | element := []T{ 23 | v, 24 | } 25 | element = append(element, ttail...) 26 | result = append(result, element) 27 | } 28 | } 29 | 30 | } 31 | return result 32 | } 33 | -------------------------------------------------------------------------------- /go/algorithm/cartesian/cartesian_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package cartesian 5 | 6 | import ( 7 | "fmt" 8 | "testing" 9 | 10 | "github.com/google/go-cmp/cmp" 11 | ) 12 | 13 | func TestProduct(t *testing.T) { 14 | for i, te := range []struct { 15 | data [][]string 16 | want [][]string 17 | }{ 18 | { 19 | data: [][]string{ 20 | {"a", "b"}, 21 | {"c", "d"}, 22 | }, 23 | want: [][]string{ 24 | {"a", "c"}, 25 | {"a", "d"}, 26 | {"b", "c"}, 27 | {"b", "d"}, 28 | }, 29 | }, 30 | { 31 | data: [][]string{ 32 | {"a", "b"}, 33 | }, 34 | want: [][]string{ 35 | {"a"}, 36 | {"b"}, 37 | }, 38 | }, 39 | { 40 | data: [][]string{}, 41 | want: nil, 42 | }, 43 | } { 44 | t.Run(fmt.Sprintf("%d", i), func(t *testing.T) { 45 | got := Product(te.data...) 46 | if diff := cmp.Diff(te.want, got); diff != "" { 47 | t.Fatalf("Diff:\n%s", diff) 48 | } 49 | }) 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /go/algorithm/toposort/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "toposort", 5 | srcs = ["toposort.go"], 6 | importpath = "source.monogon.dev/go/algorithm/toposort", 7 | visibility = ["//visibility:public"], 8 | ) 9 | 10 | go_test( 11 | name = "toposort_test", 12 | srcs = ["toposort_test.go"], 13 | embed = [":toposort"], 14 | ) 15 | -------------------------------------------------------------------------------- /go/clitable/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "clitable", 5 | srcs = ["table.go"], 6 | importpath = "source.monogon.dev/go/clitable", 7 | visibility = ["//visibility:public"], 8 | ) 9 | 10 | go_test( 11 | name = "clitable_test", 12 | srcs = ["table_test.go"], 13 | embed = [":clitable"], 14 | ) 15 | -------------------------------------------------------------------------------- /go/logging/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "logging", 5 | srcs = [ 6 | "backend.go", 7 | "leveled.go", 8 | ], 9 | importpath = "source.monogon.dev/go/logging", 10 | visibility = ["//visibility:public"], 11 | ) 12 | -------------------------------------------------------------------------------- /go/mflags/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "mflags", 5 | srcs = ["limiter.go"], 6 | importpath = "source.monogon.dev/go/mflags", 7 | visibility = ["//visibility:public"], 8 | deps = ["@org_golang_x_time//rate"], 9 | ) 10 | -------------------------------------------------------------------------------- /go/net/psample/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | load("//osbase/test/ktest:ktest.bzl", "k_test") 3 | 4 | go_library( 5 | name = "psample", 6 | srcs = ["subscriber.go"], 7 | importpath = "source.monogon.dev/go/net/psample", 8 | visibility = ["//visibility:public"], 9 | deps = [ 10 | "@com_github_mdlayher_genetlink//:genetlink", 11 | "@com_github_mdlayher_netlink//:netlink", 12 | ], 13 | ) 14 | 15 | go_test( 16 | name = "psample_test", 17 | srcs = ["psample_test.go"], 18 | embed = [":psample"], 19 | deps = [ 20 | "@com_github_google_gopacket//:gopacket", 21 | "@com_github_google_gopacket//layers", 22 | "@com_github_vishvananda_netlink//:netlink", 23 | "@org_golang_x_sys//unix", 24 | ], 25 | ) 26 | 27 | k_test( 28 | name = "ktest", 29 | tester = ":psample_test", 30 | ) 31 | -------------------------------------------------------------------------------- /go/net/tinylb/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "tinylb", 5 | srcs = [ 6 | "connection_pool.go", 7 | "tinylb.go", 8 | ], 9 | importpath = "source.monogon.dev/go/net/tinylb", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "//go/types/mapsets", 13 | "//osbase/event", 14 | "//osbase/supervisor", 15 | ], 16 | ) 17 | 18 | go_test( 19 | name = "tinylb_test", 20 | srcs = ["tinylb_test.go"], 21 | embed = [":tinylb"], 22 | deps = [ 23 | "//osbase/event/memory", 24 | "//osbase/supervisor", 25 | ], 26 | ) 27 | -------------------------------------------------------------------------------- /go/qcow2/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "qcow2", 5 | srcs = ["qcow2.go"], 6 | importpath = "source.monogon.dev/go/qcow2", 7 | visibility = ["//visibility:public"], 8 | ) 9 | 10 | go_test( 11 | name = "qcow2_test", 12 | srcs = ["qcow2_test.go"], 13 | embed = [":qcow2"], 14 | ) 15 | -------------------------------------------------------------------------------- /go/qcow2/qcow2_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package qcow2 5 | 6 | import ( 7 | "fmt" 8 | "os" 9 | "os/exec" 10 | "path/filepath" 11 | "testing" 12 | ) 13 | 14 | // TestGenerate exercises the Generate function for a variety of image sizes. 15 | func TestGenerate(t *testing.T) { 16 | // Test all orders of magnitude from 1KiB to 1PiB. 17 | for i := 20; i < 50; i++ { 18 | t.Run(fmt.Sprintf("%d", 1< -------------------------------------------------------------------------------- /intellij/run/Run__gazelle.xml: -------------------------------------------------------------------------------- 1 | //:gazelleupdate -------------------------------------------------------------------------------- /intellij/run/Run_all_tests.xml: -------------------------------------------------------------------------------- 1 | //... -------------------------------------------------------------------------------- /intellij/run/Run_single_node_cluster.xml: -------------------------------------------------------------------------------- 1 | //:launch -------------------------------------------------------------------------------- /intellij/run/Run_single_node_cluster_in_dbg_mode.xml: -------------------------------------------------------------------------------- 1 | //:launch--compilation_mode=dbg -------------------------------------------------------------------------------- /intellij/run/e2e_test.xml: -------------------------------------------------------------------------------- 1 | //metropolis/test/e2e:go_default_test--test_output=streamed 2 | -------------------------------------------------------------------------------- /intellij/run/e2e_test_in_dbg_mode.xml: -------------------------------------------------------------------------------- 1 | //metropolis/test/e2e:go_default_test--test_output=streamed--cache_test_results=no--compilation_mode=dbg--test_timeout=3600 2 | -------------------------------------------------------------------------------- /intellij/run/e2e_test_in_dbg_mode_with_dlv.xml: -------------------------------------------------------------------------------- 1 | //metropolis/test/e2e:go_default_test--local_test_jobs=1--runs_per_test=1--test_output=streamed--cache_test_results=no--compilation_mode=dbg--run_under="@//:dlv exec --continue --headless --accept-multiclient --listen=:2345 --api-version=2 2 | -------------------------------------------------------------------------------- /metropolis/BUILD.bazel: -------------------------------------------------------------------------------- 1 | alias( 2 | name = "launch", 3 | actual = "//metropolis/test/launch/cli/launch", 4 | ) 5 | 6 | alias( 7 | name = "launch-cluster", 8 | actual = "//metropolis/test/launch/cli/launch-cluster", 9 | ) 10 | 11 | alias( 12 | name = "metroctl", 13 | actual = "//metropolis/cli/metroctl:metroctl", 14 | ) 15 | -------------------------------------------------------------------------------- /metropolis/cli/dbg/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "dbg_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/metropolis/cli/dbg", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//metropolis/proto/api", 10 | "//metropolis/proto/common", 11 | "//osbase/logtree", 12 | "@io_k8s_cli_runtime//pkg/genericclioptions", 13 | "@io_k8s_component_base//cli", 14 | "@io_k8s_kubectl//pkg/cmd", 15 | "@io_k8s_kubectl//pkg/cmd/plugin", 16 | "@io_k8s_kubectl//pkg/cmd/util", 17 | "@org_golang_google_grpc//:grpc", 18 | "@org_golang_google_grpc//credentials/insecure", 19 | ], 20 | ) 21 | 22 | go_binary( 23 | name = "dbg", 24 | embed = [":dbg_lib"], 25 | visibility = ["//visibility:private"], 26 | ) 27 | -------------------------------------------------------------------------------- /metropolis/cli/flagdefs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "flagdefs", 5 | srcs = ["flagdefs.go"], 6 | importpath = "source.monogon.dev/metropolis/cli/flagdefs", 7 | visibility = ["//metropolis:__subpackages__"], 8 | deps = [ 9 | "//metropolis/proto/common", 10 | "@com_github_spf13_pflag//:pflag", 11 | ], 12 | ) 13 | -------------------------------------------------------------------------------- /metropolis/cli/metroctl/cmd_cluster.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package main 5 | 6 | import "github.com/spf13/cobra" 7 | 8 | var clusterCmd = &cobra.Command{ 9 | Short: "Manages a running Metropolis cluster.", 10 | Use: "cluster", 11 | } 12 | 13 | func init() { 14 | rootCmd.AddCommand(clusterCmd) 15 | } 16 | -------------------------------------------------------------------------------- /metropolis/cli/metroctl/core/core.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | // Package core contains parts of metroctl which do significant amounts of work 5 | // beyond just providing a CLI for them. 6 | // This package is intended to be used for integrating with functions provided 7 | // by metroctl, for example for using them in integration tests or writing other 8 | // frontends providing functionality similar to metroctl (like a GUI or webapp). 9 | package core 10 | -------------------------------------------------------------------------------- /metropolis/cli/metroctl/defs.bzl: -------------------------------------------------------------------------------- 1 | BuildKindInfo = provider( 2 | "Build kind for userspace tools", 3 | fields = ["type"], 4 | ) 5 | 6 | def _impl(ctx): 7 | values = ["full", "lite"] 8 | value = ctx.build_setting_value 9 | if value not in values: 10 | fail(str(ctx.label) + " build setting allowed to take values {full, lite} but was set to " + value) 11 | 12 | return BuildKindInfo(type = value) 13 | 14 | buildkind = rule( 15 | implementation = _impl, 16 | build_setting = config.string(flag = True), 17 | doc = """ 18 | Build kind for userspace tools, either full (will have a direct 19 | dependency on data files) or lite (will not have a direct dependency on 20 | data files and will not attempt to load them). 21 | """, 22 | ) 23 | -------------------------------------------------------------------------------- /metropolis/cli/metroctl/test/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_test") 2 | 3 | go_test( 4 | name = "test_test", 5 | srcs = ["main_test.go"], 6 | data = [ 7 | "//metropolis/cli/metroctl", 8 | ], 9 | rundir = ".", 10 | x_defs = { 11 | "xMetroctlPath": "$(rlocationpath //metropolis/cli/metroctl )", 12 | }, 13 | deps = [ 14 | "//metropolis/test/launch", 15 | "//metropolis/test/util", 16 | "//metropolis/version", 17 | "//osbase/cmd", 18 | "//version", 19 | "@io_bazel_rules_go//go/runfiles", 20 | ], 21 | ) 22 | -------------------------------------------------------------------------------- /metropolis/handbook/.gitignore: -------------------------------------------------------------------------------- 1 | book 2 | -------------------------------------------------------------------------------- /metropolis/handbook/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//metropolis/handbook:defs.bzl", "mdbook_html") 2 | 3 | mdbook_html( 4 | name = "handbook", 5 | srcs = glob(["src/**/*.md"]), 6 | title = "Metropolis Handbook", 7 | ) 8 | -------------------------------------------------------------------------------- /metropolis/installer/test/testos/main.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | // TestOS is a tiny "operating system" which is packaged the exact same way as 5 | // an actual Metropolis node but only outputs a single flag before exiting. 6 | // It's used for decoupling the installer tests from the Metropolis Node code. 7 | package main 8 | 9 | import ( 10 | "fmt" 11 | 12 | "golang.org/x/sys/unix" 13 | ) 14 | 15 | func main() { 16 | fmt.Println("TestOS launched successfully! _TESTOS_LAUNCH_SUCCESS_") 17 | unix.Reboot(unix.LINUX_REBOOT_CMD_POWER_OFF) 18 | } 19 | -------------------------------------------------------------------------------- /metropolis/node/abloader/spec/abloader.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | package metropolis.node.abloader.spec; 4 | 5 | enum Slot { 6 | SLOT_NONE = 0; 7 | SLOT_A = 1; 8 | SLOT_B = 2; 9 | } 10 | 11 | // ABLoaderData contains data the A/B loader needs to chose which slot to boot 12 | // as well as for auto-rollback functionality. 13 | message ABLoaderData { 14 | // The currently-active slot. This slot will be booted unless next_slot is 15 | // set to a non-default value. 16 | Slot active_slot = 1; 17 | // The slot to boot next, but only once. Once the the slot has been selected 18 | // to be booted by the loader, this value is reset before booting into that 19 | // slot. If the OS boots successfully, it will update the active_slot to 20 | // permanently boot from the new slot. 21 | Slot next_slot = 2; 22 | } 23 | -------------------------------------------------------------------------------- /metropolis/node/abloader/spec/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package spec 5 | -------------------------------------------------------------------------------- /metropolis/node/bios_bootcode/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//metropolis/node/bios_bootcode/genlogo:def.bzl", "gen_logo") 2 | 3 | gen_logo( 4 | name = "logo.asm", 5 | logo = ":logo.png", 6 | ) 7 | 8 | genrule( 9 | name = "bios_bootcode", 10 | srcs = [ 11 | ":boot.asm", 12 | ":logo.asm", 13 | ], 14 | outs = ["boot.bin"], 15 | cmd = "nasm -d LOGO=$(location :logo.asm) $(location :boot.asm) -f bin -o $@", 16 | visibility = ["//visibility:public"], 17 | ) 18 | -------------------------------------------------------------------------------- /metropolis/node/bios_bootcode/README.md: -------------------------------------------------------------------------------- 1 | # BIOS Bootcode 2 | 3 | This package contains legacy bootcode which is displayed to non-UEFI users. 4 | It's sole purpose is to explain users their wrongdoing and tell them to use UEFI. 5 | It also shows a cute ascii-art logo. 6 | 7 | ## Build 8 | 9 | Bazel generates the logo content with `genlogo`. 10 | It takes a black/white png-file and converts it to RLE encoded data, 11 | which is rendered as ascii-art at runtime. 12 | -------------------------------------------------------------------------------- /metropolis/node/bios_bootcode/genlogo/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "genlogo_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/metropolis/node/bios_bootcode/genlogo", 7 | visibility = ["//visibility:private"], 8 | ) 9 | 10 | go_binary( 11 | name = "genlogo", 12 | embed = [":genlogo_lib"], 13 | visibility = ["//visibility:public"], 14 | ) 15 | -------------------------------------------------------------------------------- /metropolis/node/bios_bootcode/genlogo/def.bzl: -------------------------------------------------------------------------------- 1 | def _build_logo_impl(ctx): 2 | arguments = ctx.actions.args() 3 | 4 | arguments.add_all(["--input"] + ctx.files.logo) 5 | output = ctx.actions.declare_file("logo.asm") 6 | arguments.add_all(["--output", output]) 7 | 8 | ctx.actions.run( 9 | outputs = [output], 10 | inputs = ctx.files.logo, 11 | arguments = [arguments], 12 | executable = ctx.executable._genlogo, 13 | ) 14 | 15 | return DefaultInfo( 16 | files = depset([output]), 17 | ) 18 | 19 | gen_logo = rule( 20 | implementation = _build_logo_impl, 21 | attrs = { 22 | "logo": attr.label( 23 | allow_single_file = True, 24 | ), 25 | "_genlogo": attr.label( 26 | default = Label(":genlogo"), 27 | allow_single_file = True, 28 | executable = True, 29 | cfg = "exec", 30 | ), 31 | }, 32 | ) 33 | -------------------------------------------------------------------------------- /metropolis/node/bios_bootcode/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/metropolis/node/bios_bootcode/logo.png -------------------------------------------------------------------------------- /metropolis/node/core/consensus/client/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "client", 5 | srcs = [ 6 | "client.go", 7 | "unimplemented.go", 8 | ], 9 | importpath = "source.monogon.dev/metropolis/node/core/consensus/client", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "@io_etcd_go_etcd_client_v3//:client", 13 | "@io_etcd_go_etcd_client_v3//namespace", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /metropolis/node/core/curator/proto/api/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package api 5 | -------------------------------------------------------------------------------- /metropolis/node/core/curator/proto/private/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package private 5 | -------------------------------------------------------------------------------- /metropolis/node/core/curator/proto/private/lock.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | option go_package = "source.monogon.dev/metropolis/node/core/curator/proto/private"; 3 | package metropolis.node.core.curator.proto.private; 4 | 5 | // LeaderElectionValue is the value set under an election key by the curator 6 | // leader. It is used by curator followers to be able to contact the current 7 | // leader and forward any client requests to it. 8 | message LeaderElectionValue { 9 | // node_id is the ID of the node whose curator is acting as the leader. 10 | string node_id = 1; 11 | // ttl is the time-to-live set on the underlying session used for leader 12 | // election. It is effectively an upper bound on how long the leader might 13 | // be unavailable for until another curator instance can be elected as a 14 | // replacement leader. 15 | uint64 ttl = 2; 16 | } 17 | -------------------------------------------------------------------------------- /metropolis/node/core/curator/state_pki.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package curator 5 | 6 | import ( 7 | "source.monogon.dev/metropolis/node/core/identity" 8 | "source.monogon.dev/osbase/pki" 9 | ) 10 | 11 | var ( 12 | // pkiNamespace is the etcd/pki namespace in which the Metropolis cluster CA 13 | // data will live. 14 | pkiNamespace = pki.Namespaced("/cluster-pki/") 15 | // pkiCA is the main cluster CA, stored in etcd. It is used to emit cluster, 16 | // node and user certificates. 17 | pkiCA = &pki.Certificate{ 18 | Namespace: &pkiNamespace, 19 | Issuer: pki.SelfSigned, 20 | Template: identity.CACertificate("Metropolis Cluster CA"), 21 | Name: "cluster-ca", 22 | } 23 | ) 24 | -------------------------------------------------------------------------------- /metropolis/node/core/curator/watcher/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "watcher", 5 | srcs = [ 6 | "watch_node.go", 7 | "watch_nodes.go", 8 | ], 9 | importpath = "source.monogon.dev/metropolis/node/core/curator/watcher", 10 | visibility = ["//visibility:public"], 11 | deps = ["//metropolis/node/core/curator/proto/api"], 12 | ) 13 | -------------------------------------------------------------------------------- /metropolis/node/core/debug_service_disabled.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package main 5 | 6 | import ( 7 | "context" 8 | 9 | "source.monogon.dev/metropolis/node/core/localstorage" 10 | "source.monogon.dev/metropolis/node/core/roleserve" 11 | "source.monogon.dev/osbase/logtree" 12 | ) 13 | 14 | // runDebugService runs the debug service if this is a debug build. Otherwise 15 | // it does nothing. 16 | func runDebugService(_ context.Context, _ *roleserve.Service, _ *logtree.LogTree, _ *localstorage.Root) error { 17 | // This code is included in the production build, do nothing. 18 | return nil 19 | } 20 | -------------------------------------------------------------------------------- /metropolis/node/core/delve_disabled.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package main 5 | 6 | import "source.monogon.dev/metropolis/node/core/network" 7 | 8 | // initializeDebugger does nothing in a non-debug build 9 | func initializeDebugger(*network.Service) { 10 | } 11 | -------------------------------------------------------------------------------- /metropolis/node/core/devmgr/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "devmgr", 5 | srcs = ["devmgr.go"], 6 | importpath = "source.monogon.dev/metropolis/node/core/devmgr", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//osbase/kmod", 10 | "//osbase/supervisor", 11 | "@com_github_mdlayher_kobject//:kobject", 12 | ], 13 | ) 14 | -------------------------------------------------------------------------------- /metropolis/node/core/identity/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "identity", 5 | srcs = [ 6 | "certificates.go", 7 | "identity.go", 8 | ], 9 | importpath = "source.monogon.dev/metropolis/node/core/identity", 10 | visibility = ["//visibility:public"], 11 | ) 12 | 13 | go_test( 14 | name = "identity_test", 15 | srcs = ["certificates_test.go"], 16 | embed = [":identity"], 17 | ) 18 | -------------------------------------------------------------------------------- /metropolis/node/core/localstorage/declarative/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "declarative", 5 | srcs = [ 6 | "declarative.go", 7 | "placement.go", 8 | "placement_local.go", 9 | ], 10 | importpath = "source.monogon.dev/metropolis/node/core/localstorage/declarative", 11 | visibility = ["//metropolis/node:__subpackages__"], 12 | deps = ["@org_golang_x_sys//unix"], 13 | ) 14 | -------------------------------------------------------------------------------- /metropolis/node/core/metrics/fake_exporter/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "fake_exporter_lib", 5 | srcs = ["fake_exporter.go"], 6 | importpath = "source.monogon.dev/metropolis/node/core/metrics/fake_exporter", 7 | visibility = ["//visibility:private"], 8 | ) 9 | 10 | go_binary( 11 | name = "fake_exporter", 12 | embed = [":fake_exporter_lib"], 13 | visibility = ["//visibility:public"], 14 | ) 15 | -------------------------------------------------------------------------------- /metropolis/node/core/metrics/fake_exporter/fake_exporter.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | // fake_exporter is a tiny Prometheus-compatible metrics exporter which exports a 5 | // single metric with a value configured at startup. It is used to test the 6 | // metrics service. 7 | package main 8 | 9 | import ( 10 | "flag" 11 | "fmt" 12 | "log" 13 | "net/http" 14 | ) 15 | 16 | var ( 17 | flagListen string 18 | flagValue int 19 | ) 20 | 21 | func main() { 22 | flag.StringVar(&flagListen, "listen", ":8080", "address to listen on") 23 | flag.IntVar(&flagValue, "value", 1234, "value of 'test' metric to serve") 24 | flag.Parse() 25 | 26 | http.HandleFunc("/metrics", func(w http.ResponseWriter, r *http.Request) { 27 | fmt.Fprintf(w, "test %d\n", flagValue) 28 | }) 29 | log.Printf("Listening on %s", flagListen) 30 | http.ListenAndServe(flagListen, nil) 31 | } 32 | -------------------------------------------------------------------------------- /metropolis/node/core/network/dhcp4c/transport/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "transport", 5 | srcs = [ 6 | "transport.go", 7 | "transport_broadcast.go", 8 | "transport_unicast.go", 9 | ], 10 | importpath = "source.monogon.dev/metropolis/node/core/network/dhcp4c/transport", 11 | visibility = ["//metropolis/node/core/network/dhcp4c:__subpackages__"], 12 | deps = [ 13 | "@com_github_google_gopacket//:gopacket", 14 | "@com_github_google_gopacket//layers", 15 | "@com_github_insomniacslk_dhcp//dhcpv4", 16 | "@com_github_mdlayher_packet//:packet", 17 | "@org_golang_x_net//bpf", 18 | "@org_golang_x_sys//unix", 19 | ], 20 | ) 21 | -------------------------------------------------------------------------------- /metropolis/node/core/network/dhcp4c/transport/transport.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | // Package transport contains Linux-based transports for the DHCP broadcast and 5 | // unicast specifications. 6 | package transport 7 | 8 | import ( 9 | "errors" 10 | "fmt" 11 | "net" 12 | ) 13 | 14 | var ErrDeadlineExceeded = errors.New("deadline exceeded") 15 | 16 | func NewInvalidMessageError(internalErr error) error { 17 | return &InvalidMessageError{internalErr: internalErr} 18 | } 19 | 20 | type InvalidMessageError struct { 21 | internalErr error 22 | } 23 | 24 | func (i InvalidMessageError) Error() string { 25 | return fmt.Sprintf("received invalid packet: %v", i.internalErr.Error()) 26 | } 27 | 28 | func (i InvalidMessageError) Unwrap() error { 29 | return i.internalErr 30 | } 31 | 32 | func deadlineFromTimeout(err error) error { 33 | var timeoutErr net.Error 34 | if errors.As(err, &timeoutErr) && timeoutErr.Timeout() { 35 | return ErrDeadlineExceeded 36 | } 37 | return err 38 | } 39 | -------------------------------------------------------------------------------- /metropolis/node/core/network/hostsfile/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "hostsfile", 5 | srcs = ["hostsfile.go"], 6 | importpath = "source.monogon.dev/metropolis/node/core/network/hostsfile", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//metropolis/node/core/curator/proto/api", 10 | "//metropolis/node/core/curator/watcher", 11 | "//metropolis/node/core/localstorage", 12 | "//metropolis/node/core/network", 13 | "//metropolis/proto/common", 14 | "//osbase/event", 15 | "//osbase/net/dns", 16 | "//osbase/supervisor", 17 | "@com_github_miekg_dns//:dns", 18 | "@org_golang_google_grpc//:grpc", 19 | "@org_golang_google_protobuf//proto", 20 | "@org_golang_x_sys//unix", 21 | ], 22 | ) 23 | -------------------------------------------------------------------------------- /metropolis/node/core/rpc/server.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package rpc 5 | 6 | import ( 7 | epb "source.monogon.dev/metropolis/proto/ext" 8 | ) 9 | 10 | var ( 11 | // nodePermissions are the set of metropolis.common.ext.authorization 12 | // permissions automatically given to nodes when connecting to curator gRPC 13 | // services, either locally or remotely. 14 | nodePermissions = Permissions{ 15 | epb.Permission_PERMISSION_READ_CLUSTER_STATUS: true, 16 | epb.Permission_PERMISSION_UPDATE_NODE_SELF: true, 17 | } 18 | ) 19 | -------------------------------------------------------------------------------- /metropolis/node/core/sysctl.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package main 5 | 6 | import ( 7 | "context" 8 | "strconv" 9 | 10 | "source.monogon.dev/osbase/supervisor" 11 | "source.monogon.dev/osbase/sysctl" 12 | ) 13 | 14 | func nodeSysctls(ctx context.Context) error { 15 | const vmMaxMapCount = 2<<30 - 1 16 | options := sysctl.Options{ 17 | // We increase the max mmap count to nearly the maximum, as it gets 18 | // accounted by the cgroup memory limit. 19 | "vm.max_map_count": strconv.Itoa(vmMaxMapCount), 20 | } 21 | 22 | if err := options.Apply(); err != nil { 23 | return err 24 | } 25 | 26 | supervisor.Signal(ctx, supervisor.SignalHealthy) 27 | supervisor.Signal(ctx, supervisor.SignalDone) 28 | return nil 29 | } 30 | -------------------------------------------------------------------------------- /metropolis/node/core/tconsole/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "tconsole", 5 | srcs = [ 6 | "colors.go", 7 | "draw.go", 8 | "page_logs.go", 9 | "page_status.go", 10 | "statusbar.go", 11 | "tconsole.go", 12 | ], 13 | embedsrcs = [ 14 | "//build:copyright_line.txt", #keep 15 | ], 16 | importpath = "source.monogon.dev/metropolis/node/core/tconsole", 17 | visibility = ["//visibility:public"], 18 | deps = [ 19 | "//metropolis/node/core/network", 20 | "//metropolis/node/core/roleserve", 21 | "//metropolis/proto/common", 22 | "//metropolis/version", 23 | "//osbase/event", 24 | "//osbase/logtree", 25 | "//osbase/supervisor", 26 | "//version", 27 | "@com_github_gdamore_tcell_v2//:tcell", 28 | "@com_github_rivo_uniseg//:uniseg", 29 | ], 30 | ) 31 | -------------------------------------------------------------------------------- /metropolis/node/core/tconsole/standalone/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "standalone_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/metropolis/node/core/tconsole/standalone", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//metropolis/node/core/network", 10 | "//metropolis/node/core/roleserve", 11 | "//metropolis/node/core/tconsole", 12 | "//metropolis/proto/common", 13 | "//osbase/event/memory", 14 | "//osbase/logtree", 15 | "//osbase/supervisor", 16 | ], 17 | ) 18 | 19 | go_binary( 20 | name = "standalone", 21 | embed = [":standalone_lib"], 22 | visibility = ["//visibility:public"], 23 | ) 24 | -------------------------------------------------------------------------------- /metropolis/node/core/time/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "time", 5 | srcs = ["time.go"], 6 | importpath = "source.monogon.dev/metropolis/node/core/time", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//metropolis/node", 10 | "//osbase/fileargs", 11 | "//osbase/supervisor", 12 | ], 13 | ) 14 | -------------------------------------------------------------------------------- /metropolis/node/core/update/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "update", 5 | srcs = ["update.go"], 6 | embedsrcs = [ 7 | "//metropolis/node/abloader", #keep 8 | ], 9 | importpath = "source.monogon.dev/metropolis/node/core/update", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "//go/logging", 13 | "//metropolis/node/abloader/spec", 14 | "//metropolis/proto/api", 15 | "//metropolis/version", 16 | "//osbase/blockdev", 17 | "//osbase/build/mkimage/osimage", 18 | "//osbase/efivarfs", 19 | "//osbase/gpt", 20 | "//osbase/kexec", 21 | "//osbase/oci/osimage", 22 | "//osbase/oci/registry", 23 | "//version", 24 | "@com_github_cenkalti_backoff_v4//:backoff", 25 | "@org_golang_google_grpc//codes", 26 | "@org_golang_google_grpc//status", 27 | "@org_golang_google_protobuf//proto", 28 | "@org_golang_x_sys//unix", 29 | ], 30 | ) 31 | -------------------------------------------------------------------------------- /metropolis/node/core/update/e2e/testos/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | load(":testos.bzl", "testos") 3 | 4 | testos(variant = "x") 5 | 6 | testos(variant = "y") 7 | 8 | testos(variant = "z") 9 | 10 | go_library( 11 | name = "testos_lib", 12 | srcs = ["main.go"], 13 | importpath = "source.monogon.dev/metropolis/node/core/update/e2e/testos", 14 | visibility = ["//visibility:private"], 15 | deps = [ 16 | "//metropolis/node/core/network", 17 | "//metropolis/node/core/update", 18 | "//metropolis/proto/api", 19 | "//osbase/blockdev", 20 | "//osbase/bringup", 21 | "//osbase/build/mkimage/osimage", 22 | "//osbase/gpt", 23 | "//osbase/supervisor", 24 | "@org_golang_x_sys//unix", 25 | ], 26 | ) 27 | 28 | go_binary( 29 | name = "testos", 30 | embed = [":testos_lib"], 31 | visibility = ["//visibility:public"], 32 | ) 33 | -------------------------------------------------------------------------------- /metropolis/node/core/update/e2e/testos/rootfs.fsspec: -------------------------------------------------------------------------------- 1 | directory < 2 | path: "/sys" 3 | mode: 0555 uid: 0 gid: 0 4 | > 5 | directory < 6 | path: "/proc" 7 | mode: 0555 uid: 0 gid: 0 8 | > 9 | directory < 10 | path: "/dev" 11 | mode: 0555 uid: 0 gid: 0 12 | > 13 | directory < 14 | path: "/esp" 15 | mode: 0555 uid: 0 gid: 0 16 | > 17 | directory < 18 | path: "/tmp" 19 | mode: 0555 uid: 0 gid: 0 20 | > 21 | -------------------------------------------------------------------------------- /metropolis/node/erofs-layout.fsspec: -------------------------------------------------------------------------------- 1 | # Directory layout of Metropolis node rootfs (on erofs). 2 | 3 | directory < 4 | path: "/kubernetes/conf/flexvolume-plugins" 5 | mode: 0555 uid: 0 gid: 0 6 | > 7 | directory < 8 | path: "/containerd/plugins" 9 | mode: 0555 uid: 0 gid: 0 10 | > 11 | directory < 12 | path: "/sys" 13 | mode: 0555 uid: 0 gid: 0 14 | > 15 | directory < 16 | path: "/proc" 17 | mode: 0555 uid: 0 gid: 0 18 | > 19 | directory < 20 | path: "/dev" 21 | mode: 0555 uid: 0 gid: 0 22 | > 23 | directory < 24 | path: "/esp" 25 | mode: 0555 uid: 0 gid: 0 26 | > 27 | directory < 28 | path: "/tmp" 29 | mode: 0555 uid: 0 gid: 0 30 | > 31 | directory < 32 | path: "/run" 33 | mode: 0555 uid: 0 gid: 0 34 | > 35 | directory < 36 | path: "/ephemeral" 37 | mode: 0555 uid: 0 gid: 0 38 | > 39 | directory < 40 | path: "/data" 41 | mode: 0555 uid: 0 gid: 0 42 | > 43 | -------------------------------------------------------------------------------- /metropolis/node/ids.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package node 5 | 6 | // These are UID/GID constants for components inside the Metropolis node 7 | // code. 8 | const ( 9 | RootUid = 0 10 | TimeUid = 100 11 | ) 12 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/authproxy/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "authproxy", 5 | srcs = ["authproxy.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/authproxy", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//metropolis/node", 10 | "//metropolis/node/core/identity", 11 | "//metropolis/node/kubernetes/pki", 12 | "//osbase/supervisor", 13 | "@io_k8s_apimachinery//pkg/apis/meta/v1:meta", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/clusternet/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "clusternet", 5 | srcs = ["clusternet.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/clusternet", 7 | visibility = ["//metropolis/node/kubernetes:__subpackages__"], 8 | deps = [ 9 | "//go/logging", 10 | "//metropolis/node/core/clusternet", 11 | "//osbase/event", 12 | "//osbase/supervisor", 13 | "@io_k8s_api//core/v1:core", 14 | "@io_k8s_apimachinery//pkg/fields", 15 | "@io_k8s_client_go//kubernetes", 16 | "@io_k8s_client_go//tools/cache", 17 | ], 18 | ) 19 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/containerd/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "containerd", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/containerd", 7 | visibility = ["//metropolis/node/core:__subpackages__"], 8 | deps = [ 9 | "//metropolis/node/core/localstorage", 10 | "//osbase/supervisor", 11 | "@com_github_containerd_containerd_v2//client", 12 | "@com_github_containerd_containerd_v2//pkg/namespaces", 13 | ], 14 | ) 15 | 16 | exports_files([ 17 | "config.toml", 18 | "cnispec.gojson", 19 | ]) 20 | 21 | alias( 22 | name = "runsc.toml", 23 | actual = select({ 24 | "//metropolis/node:debug_build": ":runsc_debug.toml", 25 | "//conditions:default": ":runsc_nondebug.toml", 26 | }), 27 | visibility = ["//metropolis/node:__pkg__"], 28 | ) 29 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/containerd/cnispec.gojson: -------------------------------------------------------------------------------- 1 | {{- /*gotype: github.com/containerd/cri/pkg/server.cniConfigTemplate*/ -}} 2 | { 3 | "name": "k8s-pod-network", 4 | "cniVersion": "0.3.1", 5 | "plugins": [ 6 | { 7 | "type": "ptp", 8 | "mtu": 1420, 9 | {{/* Must be node.LinkGroupK8sPod */}} 10 | "linkGroup": 8, 11 | "ipam": { 12 | "type": "host-local", 13 | "dataDir": "/ephemeral/containerd/ipam", 14 | "ranges": [ 15 | {{range $i, $range := .PodCIDRRanges}}{{if $i}}, 16 | {{end}}[ 17 | { 18 | "subnet": "{{$range}}" 19 | } 20 | ] 21 | {{end}} 22 | ], 23 | "routes": [ 24 | {{range $i, $route := .Routes}}{{if $i}}, 25 | {{end}}{ 26 | "dst": "{{$route}}" 27 | }{{end}}] 28 | } 29 | } 30 | ] 31 | } -------------------------------------------------------------------------------- /metropolis/node/kubernetes/containerd/runsc_debug.toml: -------------------------------------------------------------------------------- 1 | root = "/ephemeral/containerd/runsc" 2 | [runsc_config] 3 | debug = "true" 4 | debug-log = "/ephemeral/containerd/runsc-logs.fifo" 5 | panic-log = "/ephemeral/containerd/runsc-logs.fifo" 6 | log = "/ephemeral/containerd/runsc-logs.fifo" 7 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/containerd/runsc_nondebug.toml: -------------------------------------------------------------------------------- 1 | root = "/ephemeral/containerd/runsc" 2 | [runsc_config] 3 | debug = "false" 4 | panic-log = "/ephemeral/containerd/runsc-logs.fifo" 5 | log = "/ephemeral/containerd/runsc-logs.fifo" 6 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/hyperkube/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "hyperkube_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/hyperkube", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "@com_github_spf13_cobra//:cobra", 10 | "@io_k8s_component_base//cli", 11 | "@io_k8s_component_base//metrics/prometheus/restclient", 12 | "@io_k8s_component_base//metrics/prometheus/version", 13 | "@io_k8s_kubernetes//cmd/kube-apiserver/app", 14 | "@io_k8s_kubernetes//cmd/kube-controller-manager/app", 15 | "@io_k8s_kubernetes//cmd/kube-scheduler/app", 16 | "@io_k8s_kubernetes//cmd/kubelet/app", 17 | ], 18 | ) 19 | 20 | go_binary( 21 | name = "hyperkube", 22 | embed = [":hyperkube_lib"], 23 | visibility = ["//metropolis/node:__pkg__"], 24 | ) 25 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/metricsprovider/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "metricsprovider", 5 | srcs = ["metricsprovider.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/metricsprovider", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "@com_github_prometheus_client_golang//prometheus", 10 | "@io_k8s_client_go//util/workqueue", 11 | ], 12 | ) 13 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/metricsproxy/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "metricsproxy", 5 | srcs = ["metricsproxy.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/metricsproxy", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//metropolis/node", 10 | "//metropolis/node/kubernetes/pki", 11 | "//osbase/supervisor", 12 | "@io_k8s_kubernetes//cmd/kubeadm/app/constants", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/nfproxy/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "nfproxy", 5 | srcs = ["nfproxy.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/nfproxy", 7 | visibility = ["//metropolis/node/kubernetes:__subpackages__"], 8 | deps = [ 9 | "//osbase/supervisor", 10 | "@com_github_sbezverk_nfproxy//pkg/controller", 11 | "@com_github_sbezverk_nfproxy//pkg/nftables", 12 | "@com_github_sbezverk_nfproxy//pkg/proxy", 13 | "@io_k8s_api//core/v1:core", 14 | "@io_k8s_apimachinery//pkg/apis/meta/v1:meta", 15 | "@io_k8s_apimachinery//pkg/labels", 16 | "@io_k8s_apimachinery//pkg/selection", 17 | "@io_k8s_client_go//informers", 18 | "@io_k8s_client_go//kubernetes", 19 | "@io_k8s_client_go//kubernetes/scheme", 20 | "@io_k8s_client_go//tools/cache", 21 | "@io_k8s_client_go//tools/record", 22 | ], 23 | ) 24 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/pki/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "pki", 5 | srcs = ["kubernetes.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/pki", 7 | visibility = ["//metropolis/node:__subpackages__"], 8 | deps = [ 9 | "//metropolis/node", 10 | "//metropolis/node/core/consensus", 11 | "//osbase/pki", 12 | "@io_etcd_go_etcd_client_v3//:client", 13 | "@io_k8s_client_go//tools/clientcmd", 14 | "@io_k8s_client_go//tools/clientcmd/api", 15 | ], 16 | ) 17 | -------------------------------------------------------------------------------- /metropolis/node/kubernetes/plugins/kvmdevice/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "kvmdevice", 5 | srcs = ["kvmdevice.go"], 6 | importpath = "source.monogon.dev/metropolis/node/kubernetes/plugins/kvmdevice", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//go/logging", 10 | "//metropolis/node/core/localstorage", 11 | "//osbase/supervisor", 12 | "@io_k8s_api//core/v1:core", 13 | "@io_k8s_kubelet//pkg/apis/deviceplugin/v1beta1", 14 | "@io_k8s_kubelet//pkg/apis/pluginregistration/v1:pluginregistration", 15 | "@org_golang_google_grpc//:grpc", 16 | "@org_golang_x_sys//unix", 17 | ], 18 | ) 19 | -------------------------------------------------------------------------------- /metropolis/node/minit/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@aspect_bazel_lib//lib:expand_template.bzl", "expand_template") 2 | load("@rules_cc//cc:defs.bzl", "cc_binary") 3 | 4 | expand_template( 5 | name = "stamp", 6 | out = "stamp.h", 7 | stamp = 1, 8 | stamp_substitutions = {"copyright": "{{STABLE_MONOGON_copyright}}"}, 9 | template = ["#define COPYRIGHT_LINE \"copyright\""], 10 | ) 11 | 12 | cc_binary( 13 | name = "minit", 14 | srcs = [ 15 | "main.c", 16 | ":stamp", 17 | ], 18 | visibility = [ 19 | "//metropolis/node:__pkg__", 20 | ], 21 | ) 22 | -------------------------------------------------------------------------------- /metropolis/node/net_ips.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package node 5 | 6 | import "net" 7 | 8 | // These are IP addresses used by various parts of Metropolis. 9 | var ( 10 | // Used by //metropolis/node/kubernetes as the DNS server IP for containers. 11 | // Link-local IP space, 77 for ASCII M(onogon), 53 for DNS port. 12 | ContainerDNSIP = net.IPv4(169, 254, 77, 53) 13 | ) 14 | -------------------------------------------------------------------------------- /metropolis/node/net_protocols.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package node 5 | 6 | // These are netlink protocol numbers used internally for various netlink 7 | // resource (e.g. route) owners/manager. 8 | const ( 9 | // ProtocolClusternet is used by //metropolis/node/core/clusternet when 10 | // creating/removing routes pointing to the clusternet interface. 11 | ProtocolClusternet int = 129 12 | ) 13 | 14 | // Netlink link groups used for interface classification and traffic matching. 15 | const ( 16 | // LinkGroupK8sPod is set on all host side PtP interfaces going to K8s 17 | // pods. 18 | LinkGroupK8sPod uint32 = 8 19 | // LinkGroupClusternet is set on all interfaces not needing SNAT from the 20 | // K8s internal IPs. 21 | LinkGroupClusternet uint32 = 9 22 | ) 23 | -------------------------------------------------------------------------------- /metropolis/node/passwd: -------------------------------------------------------------------------------- 1 | root:x:0:0:root:/nonexistent:/sbin/nologin 2 | -------------------------------------------------------------------------------- /metropolis/node/tools/tools.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | //go:build tools 5 | // +build tools 6 | 7 | package node 8 | 9 | import ( 10 | _ "github.com/containerd/containerd/v2/cmd/containerd" 11 | _ "github.com/containerd/containerd/v2/cmd/containerd-shim-runc-v2" 12 | _ "github.com/containernetworking/plugins/plugins/ipam/host-local" 13 | _ "github.com/containernetworking/plugins/plugins/main/loopback" 14 | _ "github.com/containernetworking/plugins/plugins/main/ptp" 15 | _ "github.com/go-delve/delve/cmd/dlv" 16 | _ "github.com/opencontainers/runc" 17 | _ "github.com/prometheus/node_exporter" 18 | _ "gvisor.dev/gvisor/runsc" 19 | ) 20 | -------------------------------------------------------------------------------- /metropolis/proto/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@rules_proto_grpc_doc//:defs.bzl", "doc_html_compile") 2 | 3 | doc_html_compile( 4 | name = "proto_docs", 5 | protos = [ 6 | "//metropolis/proto/api:api_proto", 7 | "//metropolis/proto/common:common_proto", 8 | ], 9 | ) 10 | -------------------------------------------------------------------------------- /metropolis/proto/api/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package api 5 | -------------------------------------------------------------------------------- /metropolis/proto/common/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package common 5 | -------------------------------------------------------------------------------- /metropolis/proto/ext/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package ext 5 | -------------------------------------------------------------------------------- /metropolis/proto/private/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package private 5 | -------------------------------------------------------------------------------- /metropolis/test/e2e/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//metropolis/test/localregistry:def.bzl", "localregistry_manifest") 2 | 3 | localregistry_manifest( 4 | name = "testimages_manifest", 5 | images = { 6 | "selftest:latest": "//metropolis/test/e2e/selftest:selftest_image", 7 | "persistentvolume:latest": "//metropolis/test/e2e/persistentvolume:persistentvolume_image", 8 | "httpserver:latest": "//metropolis/test/e2e/httpserver:httpserver_image", 9 | "connectivity/agent:latest": "//metropolis/test/e2e/connectivity/agent:agent_image", 10 | }, 11 | visibility = [ 12 | "//metropolis/test/e2e/suites:__subpackages__", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /metropolis/test/e2e/connectivity/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "connectivity", 5 | srcs = ["connectivity.go"], 6 | importpath = "source.monogon.dev/metropolis/test/e2e/connectivity", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//metropolis/test/e2e/connectivity/spec", 10 | "@com_github_cenkalti_backoff_v4//:backoff", 11 | "@io_k8s_api//core/v1:core", 12 | "@io_k8s_apimachinery//pkg/api/errors", 13 | "@io_k8s_apimachinery//pkg/apis/meta/v1:meta", 14 | "@io_k8s_apimachinery//pkg/watch", 15 | "@io_k8s_client_go//kubernetes", 16 | "@io_k8s_client_go//kubernetes/scheme", 17 | "@io_k8s_client_go//rest", 18 | "@io_k8s_client_go//tools/remotecommand", 19 | "@io_k8s_utils//ptr", 20 | "@org_golang_google_protobuf//encoding/protodelim", 21 | "@org_golang_google_protobuf//types/known/durationpb", 22 | ], 23 | ) 24 | -------------------------------------------------------------------------------- /metropolis/test/e2e/connectivity/spec/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library") 3 | load("@rules_proto//proto:defs.bzl", "proto_library") 4 | 5 | proto_library( 6 | name = "metropolis_test_e2e_connectivty_tester_proto", 7 | srcs = ["spec.proto"], 8 | visibility = ["//visibility:public"], 9 | deps = ["@protobuf//:duration_proto"], 10 | ) 11 | 12 | go_proto_library( 13 | name = "metropolis_test_e2e_connectivty_tester_go_proto", 14 | importpath = "source.monogon.dev/metropolis/test/e2e/connectivity/spec", 15 | proto = ":metropolis_test_e2e_connectivty_tester_proto", 16 | visibility = ["//visibility:public"], 17 | ) 18 | 19 | go_library( 20 | name = "spec", 21 | embed = [":metropolis_test_e2e_connectivty_tester_go_proto"], 22 | importpath = "source.monogon.dev/metropolis/test/e2e/connectivity/spec", 23 | visibility = ["//visibility:public"], 24 | ) 25 | -------------------------------------------------------------------------------- /metropolis/test/e2e/connectivity/spec/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | package spec 2 | -------------------------------------------------------------------------------- /metropolis/test/e2e/httpserver/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | load("@rules_oci//oci:defs.bzl", "oci_image") 3 | load("//build/static_binary_tarball:def.bzl", "static_binary_tarball") 4 | 5 | go_library( 6 | name = "httpserver_lib", 7 | srcs = ["main.go"], 8 | importpath = "source.monogon.dev/metropolis/test/e2e/httpserver", 9 | visibility = ["//visibility:private"], 10 | ) 11 | 12 | go_binary( 13 | name = "httpserver", 14 | embed = [":httpserver_lib"], 15 | visibility = ["//visibility:private"], 16 | ) 17 | 18 | static_binary_tarball( 19 | name = "httpserver_layer", 20 | executable = ":httpserver", 21 | visibility = ["//visibility:private"], 22 | ) 23 | 24 | oci_image( 25 | name = "httpserver_image", 26 | base = "@distroless_base", 27 | entrypoint = ["/app/metropolis/test/e2e/httpserver/httpserver_/httpserver"], 28 | tars = [":httpserver_layer"], 29 | visibility = ["//metropolis/test/e2e:__pkg__"], 30 | workdir = "/app", 31 | ) 32 | -------------------------------------------------------------------------------- /metropolis/test/e2e/httpserver/main.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | // httpserver serves a test HTTP endpoint for E2E testing. 5 | package main 6 | 7 | import ( 8 | "net/http" 9 | "os" 10 | ) 11 | 12 | func main() { 13 | nodeName := os.Getenv("NODE_NAME") 14 | http.ListenAndServe(":8080", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 15 | w.Header().Set("X-Node-Name", nodeName) 16 | w.Header().Set("X-Remote-IP", r.RemoteAddr) 17 | w.WriteHeader(http.StatusOK) 18 | // Send a big chunk to root out MTU/MSS issues. 19 | testPayload := make([]byte, 2000) 20 | w.Write(testPayload) 21 | })) 22 | } 23 | -------------------------------------------------------------------------------- /metropolis/test/e2e/k8s_cts/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "k8s_cts_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/metropolis/test/e2e/k8s_cts", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//metropolis/test/launch", 10 | "@io_k8s_api//core/v1:core", 11 | "@io_k8s_api//rbac/v1:rbac", 12 | "@io_k8s_apimachinery//pkg/apis/meta/v1:meta", 13 | ], 14 | ) 15 | 16 | go_binary( 17 | name = "k8s_cts", 18 | embed = [":k8s_cts_lib"], 19 | visibility = ["//visibility:private"], 20 | ) 21 | -------------------------------------------------------------------------------- /metropolis/test/e2e/selftest/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | load("@rules_oci//oci:defs.bzl", "oci_image") 3 | load("//build/static_binary_tarball:def.bzl", "static_binary_tarball") 4 | 5 | go_library( 6 | name = "selftest_lib", 7 | srcs = ["main.go"], 8 | importpath = "source.monogon.dev/metropolis/test/e2e/selftest", 9 | visibility = ["//visibility:private"], 10 | ) 11 | 12 | go_binary( 13 | name = "selftest", 14 | embed = [":selftest_lib"], 15 | visibility = ["//visibility:private"], 16 | ) 17 | 18 | static_binary_tarball( 19 | name = "selftest_layer", 20 | executable = ":selftest", 21 | visibility = ["//visibility:private"], 22 | ) 23 | 24 | oci_image( 25 | name = "selftest_image", 26 | base = "@distroless_base", 27 | entrypoint = ["/app/metropolis/test/e2e/selftest/selftest_/selftest"], 28 | tars = [":selftest_layer"], 29 | visibility = ["//metropolis/test/e2e:__pkg__"], 30 | workdir = "/app", 31 | ) 32 | -------------------------------------------------------------------------------- /metropolis/test/e2e/selftest/README.md: -------------------------------------------------------------------------------- 1 | self-test image 2 | === 3 | 4 | This image is used by the Metropolis E2E tests to perform some cluster-internal 5 | tests. See //metropolis/test/e2e:main_test.go for usage. 6 | 7 | The image should be run as a Kubernetes Job, and should return 0 if all tests 8 | have passed. If the job fails, its last log line will be printed. -------------------------------------------------------------------------------- /metropolis/test/e2e/suites/core/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_test") 2 | 3 | go_test( 4 | name = "core_test", 5 | srcs = ["run_test.go"], 6 | data = [ 7 | "//metropolis/test/e2e:testimages_manifest", 8 | ], 9 | tags = [ 10 | "resources:iops:5000", 11 | "resources:cpu:3", 12 | # 2x2048 for nodes plus some extra. 13 | "resources:ram:4500", 14 | ], 15 | x_defs = { 16 | "xTestImagesManifestPath": "$(rlocationpath //metropolis/test/e2e:testimages_manifest )", 17 | }, 18 | deps = [ 19 | "//metropolis/node", 20 | "//metropolis/node/core/rpc", 21 | "//metropolis/proto/api", 22 | "//metropolis/proto/common", 23 | "//metropolis/test/launch", 24 | "//metropolis/test/localregistry", 25 | "//metropolis/test/util", 26 | "@io_bazel_rules_go//go/runfiles", 27 | "@org_golang_google_grpc//:grpc", 28 | ], 29 | ) 30 | -------------------------------------------------------------------------------- /metropolis/test/e2e/suites/ha/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_test") 2 | 3 | go_test( 4 | name = "ha_test", 5 | srcs = ["run_test.go"], 6 | data = [ 7 | "//metropolis/test/e2e:testimages_manifest", 8 | ], 9 | tags = [ 10 | "resources:iops:5000", 11 | "resources:cpu:3", 12 | # 3x2048 for nodes plus some extra. 13 | "resources:ram:7000", 14 | ], 15 | x_defs = { 16 | "xTestImagesManifestPath": "$(rlocationpath //metropolis/test/e2e:testimages_manifest )", 17 | }, 18 | deps = [ 19 | "//metropolis/test/launch", 20 | "//metropolis/test/localregistry", 21 | "//metropolis/test/util", 22 | "@io_bazel_rules_go//go/runfiles", 23 | ], 24 | ) 25 | -------------------------------------------------------------------------------- /metropolis/test/e2e/suites/ha_cold/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_test") 2 | 3 | go_test( 4 | name = "ha_cold_test", 5 | srcs = ["run_test.go"], 6 | tags = [ 7 | "resources:iops:5000", 8 | "resources:cpu:3", 9 | # 3x2048 for nodes plus some extra. 10 | "resources:ram:7000", 11 | ], 12 | deps = [ 13 | "//metropolis/node/core/curator/proto/api", 14 | "//metropolis/proto/api", 15 | "//metropolis/proto/common", 16 | "//metropolis/test/launch", 17 | "//metropolis/test/util", 18 | "@io_k8s_utils//ptr", 19 | ], 20 | ) 21 | -------------------------------------------------------------------------------- /metropolis/test/lacp/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_test") 2 | load("//osbase/test/ktest:ktest.bzl", "k_test") 3 | 4 | go_test( 5 | name = "lacptest_test", 6 | srcs = ["lacp_test.go"], 7 | deps = [ 8 | "@com_github_vishvananda_netlink//:netlink", 9 | "@org_golang_x_sys//unix", 10 | ], 11 | ) 12 | 13 | k_test( 14 | name = "ktest", 15 | tester = ":lacptest_test", 16 | ) 17 | 18 | go_test( 19 | name = "lacp_test", 20 | srcs = ["lacp_test.go"], 21 | deps = [ 22 | "@com_github_vishvananda_netlink//:netlink", 23 | "@org_golang_x_sys//unix", 24 | ], 25 | ) 26 | -------------------------------------------------------------------------------- /metropolis/test/launch/cli/launch-cluster/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "launch-cluster_lib", 5 | srcs = ["main.go"], 6 | data = [ 7 | "//metropolis/cli/metroctl:metroctl_lite", 8 | ], 9 | importpath = "source.monogon.dev/metropolis/test/launch/cli/launch-cluster", 10 | visibility = ["//visibility:private"], 11 | x_defs = { 12 | "xMetroctlPath": "$(rlocationpath //metropolis/cli/metroctl:metroctl_lite )", 13 | }, 14 | deps = [ 15 | "//metropolis/cli/flagdefs", 16 | "//metropolis/cli/metroctl/core", 17 | "//metropolis/node", 18 | "//metropolis/proto/common", 19 | "//metropolis/test/launch", 20 | "@io_bazel_rules_go//go/runfiles", 21 | ], 22 | ) 23 | 24 | go_binary( 25 | name = "launch-cluster", 26 | embed = [":launch-cluster_lib"], 27 | visibility = ["//visibility:public"], 28 | ) 29 | -------------------------------------------------------------------------------- /metropolis/test/launch/cli/launch/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "launch_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/metropolis/test/launch/cli/launch", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//metropolis/proto/api", 10 | "//metropolis/test/launch", 11 | "//osbase/test/qemu", 12 | ], 13 | ) 14 | 15 | go_binary( 16 | name = "launch", 17 | embed = [":launch_lib"], 18 | visibility = ["//visibility:public"], 19 | ) 20 | -------------------------------------------------------------------------------- /metropolis/test/launch/insecure_key.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package launch 5 | 6 | import ( 7 | "crypto/ed25519" 8 | 9 | apb "source.monogon.dev/metropolis/proto/api" 10 | ) 11 | 12 | var ( 13 | // InsecurePrivateKey is a ED25519 key that can be used during development as 14 | // a fixed Owner Key when bootstrapping new clusters. 15 | InsecurePrivateKey = ed25519.NewKeyFromSeed([]byte( 16 | "\xb5\xcf\x35\x0f\xbf\xfb\xea\xfa\xa0\xf0\x29\x9d\xfa\xf7\xca\x6f" + 17 | "\xa2\xc2\xc7\x87\xd7\x03\x3e\xb2\x11\x4f\x36\xe0\x22\x73\x4f\x87")) 18 | // InsecurePublicKey is the ED25519 public key corresponding to 19 | // InsecurePrivateKey. 20 | InsecurePublicKey = InsecurePrivateKey.Public().(ed25519.PublicKey) 21 | // InsecureClusterBootstrap is a ClusterBootstrap message to be used within 22 | // NodeParameters when bootstrapping a development cluster that should be owned 23 | // by the InsecurePrivateKey. 24 | InsecureClusterBootstrap = &apb.NodeParameters_ClusterBootstrap{ 25 | OwnerPublicKey: InsecurePublicKey, 26 | } 27 | ) 28 | -------------------------------------------------------------------------------- /metropolis/test/launch/log.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package launch 5 | 6 | import ( 7 | "fmt" 8 | "strings" 9 | ) 10 | 11 | // logf is compatible with the output of ConciseString as used in the Metropolis 12 | // console log, making the output more readable in unified test logs. 13 | func logf(f string, args ...any) { 14 | formatted := fmt.Sprintf(f, args...) 15 | for i, line := range strings.Split(formatted, "\n") { 16 | if len(line) == 0 { 17 | continue 18 | } 19 | if i == 0 { 20 | fmt.Printf("TT| %20s ! %s\n", "test launch", line) 21 | } else { 22 | fmt.Printf("TT| %20s | %s\n", "", line) 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /metropolis/test/localregistry/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "localregistry", 5 | srcs = ["localregistry.go"], 6 | importpath = "source.monogon.dev/metropolis/test/localregistry", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//metropolis/test/localregistry/spec", 10 | "//osbase/oci", 11 | "//osbase/oci/registry", 12 | "@io_bazel_rules_go//go/runfiles", 13 | "@org_golang_google_protobuf//encoding/prototext", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /metropolis/test/localregistry/spec/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package spec 5 | -------------------------------------------------------------------------------- /metropolis/test/localregistry/spec/manifest.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | package metropolis.test.localregistry.spec; 4 | 5 | option go_package = "source.monogon.dev/metropolis/test/localregistry/spec"; 6 | 7 | // Single image metadata 8 | message Image { 9 | // Repository where the image is served 10 | string repository = 1; 11 | // Tag where the image is served 12 | string tag = 2; 13 | // Path to the OCI layout directory containing the image 14 | string path = 3; 15 | } 16 | 17 | // Main message 18 | message Manifest { 19 | // List of images for the local registry 20 | repeated Image images = 1; 21 | } 22 | -------------------------------------------------------------------------------- /metropolis/test/swtpm/certtool/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "certtool_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/metropolis/test/swtpm/certtool", 7 | visibility = ["//visibility:private"], 8 | deps = ["@com_github_spf13_pflag//:pflag"], 9 | ) 10 | 11 | go_binary( 12 | name = "certtool", 13 | embed = [":certtool_lib"], 14 | visibility = ["//visibility:public"], 15 | ) 16 | -------------------------------------------------------------------------------- /metropolis/test/swtpm/swtpm_cert/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "swtpm_cert_lib", 5 | srcs = [ 6 | "asn1.go", 7 | "main.go", 8 | ], 9 | importpath = "source.monogon.dev/metropolis/test/swtpm/swtpm_cert", 10 | visibility = ["//visibility:private"], 11 | deps = [ 12 | "//osbase/pki", 13 | "@com_github_spf13_pflag//:pflag", 14 | ], 15 | ) 16 | 17 | go_binary( 18 | name = "swtpm_cert", 19 | embed = [":swtpm_cert_lib"], 20 | visibility = ["//visibility:public"], 21 | ) 22 | -------------------------------------------------------------------------------- /metropolis/test/util/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "util", 5 | srcs = [ 6 | "curator.go", 7 | "rpc.go", 8 | "runners.go", 9 | ], 10 | importpath = "source.monogon.dev/metropolis/test/util", 11 | visibility = ["//metropolis:__subpackages__"], 12 | deps = [ 13 | "//metropolis/node/core/curator/proto/api", 14 | "//metropolis/node/core/identity", 15 | "//metropolis/proto/common", 16 | "//osbase/event/memory", 17 | "//osbase/pki", 18 | "@com_zx2c4_golang_wireguard_wgctrl//wgtypes", 19 | "@org_golang_google_grpc//:grpc", 20 | "@org_golang_google_grpc//credentials/insecure", 21 | "@org_golang_google_grpc//test/bufconn", 22 | ], 23 | ) 24 | -------------------------------------------------------------------------------- /metropolis/version/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | load("//version:defs.bzl", "go_version_library") 3 | 4 | go_version_library( 5 | name = "version_lib", 6 | importpath = "source.monogon.dev/metropolis/version", 7 | product = "metropolis", 8 | ) 9 | 10 | go_library( 11 | name = "version", 12 | embed = [ 13 | ":version_lib", # keep 14 | ], 15 | importpath = "source.monogon.dev/metropolis/version", # keep 16 | visibility = [ 17 | "//metropolis:__subpackages__", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /metropolis/version/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package version 5 | -------------------------------------------------------------------------------- /osbase/README.md: -------------------------------------------------------------------------------- 1 | # `//osbase` 2 | 3 | osbase is our SDK for building an operating system. It contains low-level building blocks for making a "mini OS" such as ktest, the cloud agent or Monogon OS itself. 4 | -------------------------------------------------------------------------------- /osbase/bootparam/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "bootparam", 5 | srcs = [ 6 | "bootparam.go", 7 | "params.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/bootparam", 10 | visibility = ["//visibility:public"], 11 | ) 12 | 13 | go_test( 14 | name = "bootparam_test", 15 | srcs = [ 16 | "bootparam_test.go", 17 | "params_test.go", 18 | ], 19 | embed = [":bootparam"], 20 | gc_goopts = ["-d=libfuzzer"], 21 | pure = "off", 22 | deps = [ 23 | "//osbase/bootparam/ref", 24 | "@com_github_google_go_cmp//cmp", 25 | ], 26 | ) 27 | -------------------------------------------------------------------------------- /osbase/bootparam/params.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package bootparam 5 | 6 | import ( 7 | "regexp" 8 | "strings" 9 | ) 10 | 11 | var validTTYRegexp = regexp.MustCompile(`^[a-zA-Z0-9]+$`) 12 | 13 | // Consoles returns the set of consoles passed to the kernel, i.e. the values 14 | // passed to the console= directive. It normalizes away any possibly present 15 | // /dev/ prefix, returning values like ttyS0. It returns an empty set in case 16 | // no valid console parameters exist. 17 | func (p Params) Consoles() map[string]bool { 18 | consoles := make(map[string]bool) 19 | for _, pa := range p { 20 | if pa.Param == "console" { 21 | consoleParts := strings.Split(pa.Value, ",") 22 | consoleName := strings.TrimPrefix(consoleParts[0], "/dev/") 23 | if validTTYRegexp.MatchString(consoleName) { 24 | consoles[consoleName] = true 25 | } 26 | } 27 | } 28 | return consoles 29 | } 30 | -------------------------------------------------------------------------------- /osbase/bootparam/ref/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "ref", 5 | srcs = ["ref.go"], 6 | cgo = True, 7 | gc_goopts = ["-d=libfuzzer"], 8 | importpath = "source.monogon.dev/osbase/bootparam/ref", 9 | visibility = ["//visibility:public"], 10 | deps = ["//osbase/bootparam"], 11 | ) 12 | -------------------------------------------------------------------------------- /osbase/bringup/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "bringup", 5 | srcs = [ 6 | "bringup.go", 7 | "panichandler.go", 8 | "pstore.go", 9 | ], 10 | importpath = "source.monogon.dev/osbase/bringup", 11 | visibility = ["//visibility:public"], 12 | deps = [ 13 | "//go/logging", 14 | "//osbase/bootparam", 15 | "//osbase/efivarfs", 16 | "//osbase/logtree", 17 | "//osbase/pstore", 18 | "//osbase/supervisor", 19 | "@com_github_opencontainers_runc//libcontainer/cgroups", 20 | "@org_golang_x_sys//unix", 21 | "@org_uber_go_multierr//:multierr", 22 | ], 23 | ) 24 | -------------------------------------------------------------------------------- /osbase/bringup/test/main_error.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package main 5 | 6 | import ( 7 | "context" 8 | "fmt" 9 | 10 | "source.monogon.dev/osbase/bringup" 11 | ) 12 | 13 | func main() { 14 | bringup.Runnable(func(ctx context.Context) error { 15 | return fmt.Errorf("this is an error") 16 | }).Run() 17 | } 18 | -------------------------------------------------------------------------------- /osbase/bringup/test/main_panic.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package main 5 | 6 | import ( 7 | "context" 8 | "os" 9 | 10 | "source.monogon.dev/osbase/bringup" 11 | ) 12 | 13 | func main() { 14 | bringup.Runnable(func(ctx context.Context) error { 15 | // Disable the exception tracing of the kernel which captures unhandled 16 | // signals as it races with our logging which makes the test flaky. 17 | err := os.WriteFile("/proc/sys/debug/exception-trace", []byte("0"), 0755) 18 | if err != nil { 19 | return err 20 | } 21 | 22 | // Provoke a segfault, which produces a panic inside the root runnable 23 | //nolint:nilness 24 | _ = *(*string)(nil) 25 | return nil 26 | }).Run() 27 | } 28 | -------------------------------------------------------------------------------- /osbase/bringup/test/main_succeeded.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package main 5 | 6 | import ( 7 | "context" 8 | "fmt" 9 | "time" 10 | 11 | "golang.org/x/sys/unix" 12 | 13 | "source.monogon.dev/osbase/bringup" 14 | ) 15 | 16 | func main() { 17 | bringup.Runnable(func(ctx context.Context) error { 18 | fmt.Println("_BRINGUP_LAUNCH_SUCCESS_") 19 | time.Sleep(5 * time.Second) 20 | unix.Reboot(unix.LINUX_REBOOT_CMD_POWER_OFF) 21 | return nil 22 | }).Run() 23 | } 24 | -------------------------------------------------------------------------------- /osbase/build/BUILD.bazel: -------------------------------------------------------------------------------- 1 | exports_files(["earlydev.fsspec"]) 2 | -------------------------------------------------------------------------------- /osbase/build/fwprune/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "fwprune_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/build/fwprune", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//osbase/build/fsspec", 10 | "//osbase/kmod", 11 | "@org_golang_google_protobuf//encoding/prototext", 12 | "@org_golang_google_protobuf//proto", 13 | ], 14 | ) 15 | 16 | go_binary( 17 | name = "fwprune", 18 | embed = [":fwprune_lib"], 19 | visibility = ["//visibility:public"], 20 | ) 21 | -------------------------------------------------------------------------------- /osbase/build/genosrelease/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "genosrelease_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/build/genosrelease", 7 | visibility = ["//visibility:private"], 8 | deps = ["@com_github_joho_godotenv//:godotenv"], 9 | ) 10 | 11 | go_binary( 12 | name = "genosrelease", 13 | embed = [":genosrelease_lib"], 14 | visibility = [ 15 | "//metropolis/installer:__subpackages__", 16 | "//metropolis/node:__subpackages__", 17 | ], 18 | ) 19 | -------------------------------------------------------------------------------- /osbase/build/kconfig-patcher/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "kconfig-patcher_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/build/kconfig-patcher", 7 | visibility = ["//visibility:private"], 8 | ) 9 | 10 | go_binary( 11 | name = "kconfig-patcher", 12 | embed = [":kconfig-patcher_lib"], 13 | visibility = [ 14 | "//metropolis/node:__pkg__", 15 | "//osbase/test/ktest:__pkg__", 16 | ], 17 | ) 18 | 19 | go_test( 20 | name = "kconfig-patcher_test", 21 | srcs = ["main_test.go"], 22 | embed = [":kconfig-patcher_lib"], 23 | ) 24 | -------------------------------------------------------------------------------- /osbase/build/mkcpio/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "mkcpio_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/build/mkcpio", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//osbase/build/fsspec", 10 | "@com_github_cavaliergopher_cpio//:cpio", 11 | "@com_github_klauspost_compress//zstd", 12 | "@org_golang_x_sys//unix", 13 | ], 14 | ) 15 | 16 | go_binary( 17 | name = "mkcpio", 18 | embed = [":mkcpio_lib"], 19 | visibility = ["//visibility:public"], 20 | ) 21 | -------------------------------------------------------------------------------- /osbase/build/mkerofs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "mkerofs_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/build/mkerofs", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//osbase/build/fsspec", 10 | "//osbase/erofs", 11 | ], 12 | ) 13 | 14 | go_binary( 15 | name = "mkerofs", 16 | embed = [":mkerofs_lib"], 17 | visibility = ["//visibility:public"], 18 | ) 19 | -------------------------------------------------------------------------------- /osbase/build/mkimage/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "mkimage_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/build/mkimage", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//osbase/blockdev", 10 | "//osbase/build/mkimage/osimage", 11 | "//osbase/structfs", 12 | ], 13 | ) 14 | 15 | go_binary( 16 | name = "mkimage", 17 | embed = [":mkimage_lib"], 18 | visibility = ["//metropolis/node:__pkg__"], 19 | ) 20 | -------------------------------------------------------------------------------- /osbase/build/mkimage/osimage/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "osimage", 5 | srcs = ["osimage.go"], 6 | importpath = "source.monogon.dev/osbase/build/mkimage/osimage", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//osbase/blockdev", 10 | "//osbase/efivarfs", 11 | "//osbase/fat32", 12 | "//osbase/gpt", 13 | "//osbase/structfs", 14 | "@com_github_google_uuid//:uuid", 15 | ], 16 | ) 17 | -------------------------------------------------------------------------------- /osbase/build/mkoci/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "mkoci_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/build/mkoci", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//osbase/oci/osimage", 10 | "@com_github_klauspost_compress//zstd", 11 | "@com_github_opencontainers_go_digest//:go-digest", 12 | "@com_github_opencontainers_image_spec//specs-go", 13 | "@com_github_opencontainers_image_spec//specs-go/v1:specs-go", 14 | ], 15 | ) 16 | 17 | go_binary( 18 | name = "mkoci", 19 | embed = [":mkoci_lib"], 20 | visibility = ["//visibility:public"], 21 | ) 22 | -------------------------------------------------------------------------------- /osbase/build/mkpayload/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_binary( 4 | name = "mkpayload", 5 | embed = [":mkpayload_lib"], 6 | visibility = ["//visibility:public"], 7 | ) 8 | 9 | go_library( 10 | name = "mkpayload_lib", 11 | srcs = ["mkpayload.go"], 12 | importpath = "source.monogon.dev/osbase/build/mkpayload", 13 | visibility = ["//visibility:private"], 14 | ) 15 | -------------------------------------------------------------------------------- /osbase/build/mkucode/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "mkucode_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/build/mkucode", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//osbase/build/mkucode/spec", 10 | "@com_github_cavaliergopher_cpio//:cpio", 11 | "@org_golang_google_protobuf//encoding/prototext", 12 | ], 13 | ) 14 | 15 | go_binary( 16 | name = "mkucode", 17 | embed = [":mkucode_lib"], 18 | visibility = ["//visibility:public"], 19 | ) 20 | -------------------------------------------------------------------------------- /osbase/build/mkucode/spec/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package spec 5 | -------------------------------------------------------------------------------- /osbase/build/mkucode/spec/spec.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | package osbase.build.mkucode.spec; 4 | option go_package = "source.monogon.dev/osbase/build/mkucode/spec"; 5 | 6 | message UCode { 7 | repeated UCodeVendor vendor = 1; 8 | } 9 | 10 | message UCodeVendor { 11 | // The vendor id (as given in cpuid) of the CPU the microcode is for, like 12 | // GenuineIntel or AuthenticAMD. 13 | string id = 1; 14 | 15 | // List of paths to microcode files from for CPUs from the vendor. 16 | repeated string file = 2; 17 | } -------------------------------------------------------------------------------- /osbase/build/mkverity/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_binary( 4 | name = "mkverity", 5 | embed = [":mkverity_lib"], 6 | visibility = [ 7 | "//metropolis/installer/test/testos:__pkg__", 8 | "//metropolis/node:__pkg__", 9 | "//metropolis/node/core/update/e2e/testos:__pkg__", 10 | ], 11 | ) 12 | 13 | go_library( 14 | name = "mkverity_lib", 15 | srcs = ["mkverity.go"], 16 | importpath = "source.monogon.dev/osbase/build/mkverity", 17 | visibility = ["//visibility:private"], 18 | deps = ["//osbase/verity"], 19 | ) 20 | -------------------------------------------------------------------------------- /osbase/cmd/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "cmd", 5 | srcs = ["run.go"], 6 | importpath = "source.monogon.dev/osbase/cmd", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//osbase/logbuffer", 10 | ], 11 | ) 12 | -------------------------------------------------------------------------------- /osbase/devicemapper/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "devicemapper", 5 | srcs = [ 6 | "ctype.go", 7 | "devicemapper.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/devicemapper", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "@com_github_pkg_errors//:errors", 13 | "@com_github_yalue_native_endian//:native_endian", 14 | "@org_golang_x_sys//unix", 15 | ], 16 | ) 17 | -------------------------------------------------------------------------------- /osbase/efivarfs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "efivarfs", 5 | srcs = [ 6 | "boot.go", 7 | "devicepath.go", 8 | "efivarfs.go", 9 | "osindications.go", 10 | "variables.go", 11 | ], 12 | importpath = "source.monogon.dev/osbase/efivarfs", 13 | visibility = ["//visibility:public"], 14 | deps = [ 15 | "//osbase/msguid", 16 | "@com_github_google_uuid//:uuid", 17 | "@org_golang_x_text//encoding/unicode", 18 | ], 19 | ) 20 | 21 | go_test( 22 | name = "efivarfs_test", 23 | srcs = [ 24 | "boot_test.go", 25 | "devicepath_test.go", 26 | ], 27 | embed = [":efivarfs"], 28 | gc_goopts = ["-d=libfuzzer"], 29 | deps = [ 30 | "@com_github_google_go_cmp//cmp", 31 | "@com_github_google_uuid//:uuid", 32 | ], 33 | ) 34 | -------------------------------------------------------------------------------- /osbase/erofs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | load("//osbase/test/ktest:ktest.bzl", "k_test") 3 | 4 | go_library( 5 | name = "erofs", 6 | srcs = [ 7 | "compression.go", 8 | "defs.go", 9 | "erofs.go", 10 | "inode_types.go", 11 | "uncompressed_inode_writer.go", 12 | ], 13 | importpath = "source.monogon.dev/osbase/erofs", 14 | visibility = ["//visibility:public"], 15 | deps = ["@org_golang_x_sys//unix"], 16 | ) 17 | 18 | go_test( 19 | name = "erofs_test", 20 | srcs = [ 21 | "compression_test.go", 22 | "defs_test.go", 23 | "erofs_test.go", 24 | ], 25 | embed = [":erofs"], 26 | deps = [ 27 | "@com_github_stretchr_testify//assert", 28 | "@com_github_stretchr_testify//require", 29 | "@org_golang_x_sys//unix", 30 | ], 31 | ) 32 | 33 | k_test( 34 | name = "ktest", 35 | cmdline = "ramdisk_size=128", 36 | tester = ":erofs_test", 37 | ) 38 | -------------------------------------------------------------------------------- /osbase/event/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "event", 5 | srcs = ["event.go"], 6 | importpath = "source.monogon.dev/osbase/event", 7 | visibility = ["//visibility:public"], 8 | deps = ["//osbase/supervisor"], 9 | ) 10 | -------------------------------------------------------------------------------- /osbase/event/etcd/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "etcd", 5 | srcs = ["etcd.go"], 6 | importpath = "source.monogon.dev/osbase/event/etcd", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//osbase/event", 10 | "@com_github_cenkalti_backoff_v4//:backoff", 11 | "@io_etcd_go_etcd_client_v3//:client", 12 | ], 13 | ) 14 | 15 | go_test( 16 | name = "etcd_test", 17 | srcs = ["etcd_test.go"], 18 | embed = [":etcd"], 19 | deps = [ 20 | "//osbase/event", 21 | "//osbase/logtree", 22 | "@io_etcd_go_etcd_api_v3//v3rpc/rpctypes", 23 | "@io_etcd_go_etcd_client_pkg_v3//testutil", 24 | "@io_etcd_go_etcd_client_v3//:client", 25 | "@io_etcd_go_etcd_tests_v3//integration", 26 | "@org_golang_google_grpc//codes", 27 | "@org_golang_google_grpc//grpclog", 28 | "@org_uber_go_zap//:zap", 29 | ], 30 | ) 31 | -------------------------------------------------------------------------------- /osbase/event/memory/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "memory", 5 | srcs = ["memory.go"], 6 | importpath = "source.monogon.dev/osbase/event/memory", 7 | visibility = ["//visibility:public"], 8 | deps = ["//osbase/event"], 9 | ) 10 | 11 | go_test( 12 | name = "memory_test", 13 | srcs = [ 14 | "example_test.go", 15 | "memory_test.go", 16 | ], 17 | embed = [":memory"], 18 | deps = ["//osbase/event"], 19 | ) 20 | -------------------------------------------------------------------------------- /osbase/fat32/structs_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package fat32 5 | 6 | import ( 7 | "encoding/binary" 8 | "reflect" 9 | "testing" 10 | ) 11 | 12 | func TestStructureSizes(t *testing.T) { 13 | cases := []struct { 14 | StructInstance interface{} 15 | ExpectedSize int 16 | }{ 17 | {bootSector{}, 512}, 18 | {fsinfo{}, 512}, 19 | {dirEntry{}, 32}, 20 | {lfnEntry{}, 32}, 21 | } 22 | for _, c := range cases { 23 | t.Run(reflect.TypeOf(c.StructInstance).String(), func(t *testing.T) { 24 | actualSize := binary.Size(c.StructInstance) 25 | if actualSize != c.ExpectedSize { 26 | t.Errorf("Expected %d bytes, got %d", c.ExpectedSize, actualSize) 27 | } 28 | }) 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /osbase/fileargs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "fileargs", 5 | srcs = ["fileargs.go"], 6 | importpath = "source.monogon.dev/osbase/fileargs", 7 | visibility = ["//visibility:public"], 8 | deps = ["@org_golang_x_sys//unix"], 9 | ) 10 | -------------------------------------------------------------------------------- /osbase/freeport/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "freeport", 5 | srcs = ["freeport.go"], 6 | importpath = "source.monogon.dev/osbase/freeport", 7 | visibility = ["//visibility:public"], 8 | ) 9 | -------------------------------------------------------------------------------- /osbase/fsquota/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | load("//osbase/test/ktest:ktest.bzl", "k_test") 3 | 4 | go_library( 5 | name = "fsquota", 6 | srcs = ["fsquota.go"], 7 | importpath = "source.monogon.dev/osbase/fsquota", 8 | visibility = ["//visibility:public"], 9 | deps = [ 10 | "//osbase/fsquota/fsxattrs", 11 | "//osbase/fsquota/quotactl", 12 | "@org_golang_x_sys//unix", 13 | ], 14 | ) 15 | 16 | go_test( 17 | name = "fsquota_test", 18 | srcs = ["fsquota_test.go"], 19 | embed = [":fsquota"], 20 | deps = [ 21 | "@com_github_stretchr_testify//require", 22 | "@org_golang_x_sys//unix", 23 | ], 24 | ) 25 | 26 | k_test( 27 | name = "ktest", 28 | cmdline = "ramdisk_size=51200", 29 | files = { 30 | "/mkfs.xfs": "@xfsprogs//:mkfs", 31 | }, 32 | tester = ":fsquota_test", 33 | ) 34 | -------------------------------------------------------------------------------- /osbase/fsquota/fsxattrs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "fsxattrs", 5 | srcs = ["fsxattrs.go"], 6 | importpath = "source.monogon.dev/osbase/fsquota/fsxattrs", 7 | visibility = ["//visibility:public"], 8 | deps = ["@org_golang_x_sys//unix"], 9 | ) 10 | -------------------------------------------------------------------------------- /osbase/fsquota/quotactl/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "quotactl", 5 | srcs = ["quotactl.go"], 6 | importpath = "source.monogon.dev/osbase/fsquota/quotactl", 7 | visibility = ["//visibility:public"], 8 | deps = ["@org_golang_x_sys//unix"], 9 | ) 10 | -------------------------------------------------------------------------------- /osbase/gpt/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | load("//osbase/test/ktest:ktest.bzl", "k_test") 3 | 4 | go_library( 5 | name = "gpt", 6 | srcs = [ 7 | "gpt.go", 8 | "mbr.go", 9 | ], 10 | importpath = "source.monogon.dev/osbase/gpt", 11 | visibility = ["//visibility:public"], 12 | deps = [ 13 | "//osbase/blockdev", 14 | "//osbase/msguid", 15 | "@com_github_google_uuid//:uuid", 16 | ], 17 | ) 18 | 19 | go_test( 20 | name = "gpt_test", 21 | srcs = [ 22 | "gpt_test.go", 23 | "linux_test.go", 24 | "mbr_test.go", 25 | "structs_test.go", 26 | ], 27 | embed = [":gpt"], 28 | deps = [ 29 | "//osbase/blockdev", 30 | "@com_github_google_uuid//:uuid", 31 | ], 32 | ) 33 | 34 | k_test( 35 | name = "ktest", 36 | cmdline = "ramdisk_size=4096", 37 | tester = ":gpt_test", 38 | ) 39 | -------------------------------------------------------------------------------- /osbase/gpt/mbr_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package gpt 5 | 6 | import "testing" 7 | 8 | func TestToCHS(t *testing.T) { 9 | cases := []struct { 10 | name string 11 | lba int64 12 | expectedCHS [3]byte 13 | }{ 14 | { // See UEFI Specification 2.9 Table 5-4 StartingCHS 15 | name: "One", 16 | lba: 1, 17 | expectedCHS: [3]byte{0x00, 0x02, 0x00}, 18 | }, 19 | { 20 | name: "TooBig", 21 | lba: (1023 * 255 * 63) + 1, 22 | expectedCHS: [3]byte{0xff, 0xff, 0xff}, 23 | }, 24 | } 25 | for _, c := range cases { 26 | t.Run(c.name, func(t *testing.T) { 27 | chs := toCHS(c.lba) 28 | if chs != c.expectedCHS { 29 | t.Errorf("expected %x, got %x", c.expectedCHS, chs) 30 | } 31 | }) 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /osbase/gpt/structs_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package gpt 5 | 6 | import ( 7 | "encoding/binary" 8 | "reflect" 9 | "testing" 10 | ) 11 | 12 | func TestStructureSizes(t *testing.T) { 13 | cases := []struct { 14 | StructInstance interface{} 15 | ExpectedSize int 16 | }{ 17 | {mbr{}, 512}, 18 | {mbrPartitionRecord{}, 16}, 19 | {header{}, 92}, 20 | {partition{}, 128}, 21 | } 22 | for _, c := range cases { 23 | t.Run(reflect.TypeOf(c.StructInstance).String(), func(t *testing.T) { 24 | actualSize := binary.Size(c.StructInstance) 25 | if actualSize != c.ExpectedSize { 26 | t.Errorf("Expected %d bytes, got %d", c.ExpectedSize, actualSize) 27 | } 28 | }) 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /osbase/kexec/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "kexec", 5 | srcs = ["kexec.go"], 6 | importpath = "source.monogon.dev/osbase/kexec", 7 | visibility = ["//visibility:public"], 8 | deps = select({ 9 | "@io_bazel_rules_go//go/platform:amd64": [ 10 | "@org_golang_x_sys//unix", 11 | ], 12 | "@io_bazel_rules_go//go/platform:arm64": [ 13 | "@org_golang_x_sys//unix", 14 | ], 15 | "@io_bazel_rules_go//go/platform:riscv64": [ 16 | "@org_golang_x_sys//unix", 17 | ], 18 | "//conditions:default": [], 19 | }), 20 | ) 21 | -------------------------------------------------------------------------------- /osbase/kmod/spec/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library") 3 | load("@rules_proto//proto:defs.bzl", "proto_library") 4 | load("@rules_proto_grpc_buf//:defs.bzl", "buf_proto_lint_test") 5 | 6 | buf_proto_lint_test( 7 | name = "spec_proto_lint_test", 8 | except_rules = [ 9 | "PACKAGE_VERSION_SUFFIX", 10 | "ENUM_ZERO_VALUE_SUFFIX", 11 | ], 12 | protos = [":spec_proto"], 13 | use_rules = [ 14 | "DEFAULT", 15 | "COMMENTS", 16 | ], 17 | ) 18 | 19 | proto_library( 20 | name = "spec_proto", 21 | srcs = ["meta.proto"], 22 | visibility = ["//visibility:public"], 23 | ) 24 | 25 | go_proto_library( 26 | name = "spec_go_proto", 27 | importpath = "source.monogon.dev/osbase/kmod/spec", 28 | proto = ":spec_proto", 29 | visibility = ["//visibility:public"], 30 | ) 31 | 32 | go_library( 33 | name = "spec", 34 | embed = [":spec_go_proto"], 35 | importpath = "source.monogon.dev/osbase/kmod/spec", 36 | visibility = ["//visibility:public"], 37 | ) 38 | -------------------------------------------------------------------------------- /osbase/kmod/spec/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package spec 5 | -------------------------------------------------------------------------------- /osbase/logbuffer/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "logbuffer", 5 | srcs = [ 6 | "linebuffer.go", 7 | "logbuffer.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/logbuffer", 10 | visibility = ["//visibility:public"], 11 | deps = ["//osbase/logtree/proto"], 12 | ) 13 | 14 | go_test( 15 | name = "logbuffer_test", 16 | srcs = [ 17 | "linebuffer_test.go", 18 | "logbuffer_test.go", 19 | ], 20 | embed = [":logbuffer"], 21 | deps = ["@com_github_stretchr_testify//require"], 22 | ) 23 | -------------------------------------------------------------------------------- /osbase/logtree/proto/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package proto 5 | -------------------------------------------------------------------------------- /osbase/logtree/testhelpers.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package logtree 5 | 6 | import ( 7 | "context" 8 | "testing" 9 | ) 10 | 11 | // PipeAllToTest starts a goroutine that will forward all logtree entries 12 | // t.Logf(), in the canonical logtree payload representation. 13 | // 14 | // It's designed to be used in tests, and will automatically stop when the 15 | // test/benchmark it's running in exits. 16 | func PipeAllToTest(t testing.TB, lt *LogTree) { 17 | t.Helper() 18 | 19 | reader, err := lt.Read("", WithChildren(), WithStream()) 20 | if err != nil { 21 | t.Fatalf("Failed to set up logtree reader: %v", err) 22 | } 23 | 24 | // Internal context used to cancel the goroutine. This could also be a 25 | // implemented via a channel. 26 | ctx, ctxC := context.WithCancel(context.Background()) 27 | t.Cleanup(ctxC) 28 | 29 | go func() { 30 | t.Helper() 31 | for { 32 | select { 33 | case <-ctx.Done(): 34 | return 35 | case p := <-reader.Stream: 36 | t.Logf("%s", p.String()) 37 | } 38 | } 39 | }() 40 | } 41 | -------------------------------------------------------------------------------- /osbase/logtree/unraw/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "unraw", 5 | srcs = ["unraw.go"], 6 | importpath = "source.monogon.dev/osbase/logtree/unraw", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//go/logging", 10 | "//osbase/logbuffer", 11 | "//osbase/logtree", 12 | "//osbase/supervisor", 13 | ], 14 | ) 15 | 16 | go_test( 17 | name = "unraw_test", 18 | srcs = ["unraw_test.go"], 19 | embed = [":unraw"], 20 | deps = [ 21 | "//osbase/logbuffer", 22 | "//osbase/logtree", 23 | "//osbase/supervisor", 24 | ], 25 | ) 26 | -------------------------------------------------------------------------------- /osbase/loop/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | load("//osbase/test/ktest:ktest.bzl", "k_test") 3 | 4 | go_library( 5 | name = "loop", 6 | srcs = ["loop.go"], 7 | importpath = "source.monogon.dev/osbase/loop", 8 | visibility = ["//visibility:public"], 9 | deps = ["@org_golang_x_sys//unix"], 10 | ) 11 | 12 | go_test( 13 | name = "loop_test", 14 | srcs = ["loop_test.go"], 15 | embed = [":loop"], 16 | deps = [ 17 | "@com_github_stretchr_testify//assert", 18 | "@com_github_stretchr_testify//require", 19 | "@org_golang_x_sys//unix", 20 | ], 21 | ) 22 | 23 | k_test( 24 | name = "ktest", 25 | tester = ":loop_test", 26 | ) 27 | -------------------------------------------------------------------------------- /osbase/msguid/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "msguid", 5 | srcs = ["msguid.go"], 6 | importpath = "source.monogon.dev/osbase/msguid", 7 | visibility = ["//visibility:public"], 8 | deps = ["@com_github_google_uuid//:uuid"], 9 | ) 10 | 11 | go_test( 12 | name = "msguid_test", 13 | srcs = ["msguid_test.go"], 14 | embed = [":msguid"], 15 | deps = [ 16 | "@com_github_google_go_cmp//cmp", 17 | "@com_github_google_uuid//:uuid", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /osbase/msguid/msguid.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | // Package msguid provides functions to convert UUIDs/GUIDs to and from 5 | // Microsoft's idiosyncratic "mixed-endian" format. 6 | // See https://uefi.org/specs/UEFI/2.10/Apx_A_GUID_and_Time_Formats.html#text-representation-relationships-apxa-guid-and-time-formats 7 | // for an explanation of the format. 8 | package msguid 9 | 10 | import "github.com/google/uuid" 11 | 12 | var mixedEndianTranspose = []int{3, 2, 1, 0, 5, 4, 7, 6, 8, 9, 10, 11, 12, 13, 14, 15} 13 | 14 | // From converts from a standard UUID into its mixed-endian encoding. 15 | func From(u uuid.UUID) (o [16]byte) { 16 | for dest, from := range mixedEndianTranspose { 17 | o[dest] = u[from] 18 | } 19 | return 20 | } 21 | 22 | // To converts a mixed-endian-encoded UUID to its standard format. 23 | func To(i [16]byte) (o uuid.UUID) { 24 | for from, dest := range mixedEndianTranspose { 25 | o[dest] = i[from] 26 | } 27 | return 28 | } 29 | -------------------------------------------------------------------------------- /osbase/net/dns/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "dns", 5 | srcs = [ 6 | "dns.go", 7 | "metrics.go", 8 | "name.go", 9 | "testhelpers.go", 10 | ], 11 | importpath = "source.monogon.dev/osbase/net/dns", 12 | visibility = ["//visibility:public"], 13 | deps = [ 14 | "//osbase/supervisor", 15 | "@com_github_miekg_dns//:dns", 16 | "@com_github_prometheus_client_golang//prometheus", 17 | "@com_github_prometheus_client_golang//prometheus/promauto", 18 | ], 19 | ) 20 | 21 | exports_files([ 22 | "resolv.conf", 23 | "hosts", 24 | ]) 25 | 26 | go_test( 27 | name = "dns_test", 28 | srcs = [ 29 | "dns_test.go", 30 | "name_test.go", 31 | ], 32 | embed = [":dns"], 33 | deps = [ 34 | "//osbase/net/dns/test", 35 | "@com_github_miekg_dns//:dns", 36 | ], 37 | ) 38 | -------------------------------------------------------------------------------- /osbase/net/dns/forward/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "forward", 5 | srcs = [ 6 | "cache.go", 7 | "forward.go", 8 | "metrics.go", 9 | ], 10 | importpath = "source.monogon.dev/osbase/net/dns/forward", 11 | visibility = ["//visibility:public"], 12 | deps = [ 13 | "//osbase/event/memory", 14 | "//osbase/net/dns", 15 | "//osbase/net/dns/forward/cache", 16 | "//osbase/net/dns/forward/proxy", 17 | "//osbase/supervisor", 18 | "@com_github_miekg_dns//:dns", 19 | "@com_github_prometheus_client_golang//prometheus", 20 | ], 21 | ) 22 | 23 | go_test( 24 | name = "forward_test", 25 | srcs = ["forward_test.go"], 26 | embed = [":forward"], 27 | deps = [ 28 | "//osbase/net/dns", 29 | "//osbase/net/dns/test", 30 | "//osbase/supervisor", 31 | "@com_github_miekg_dns//:dns", 32 | ], 33 | ) 34 | -------------------------------------------------------------------------------- /osbase/net/dns/forward/LICENSE-3RD-PARTY.txt: -------------------------------------------------------------------------------- 1 | Copyright 2016-2024 The CoreDNS authors and contributors 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /osbase/net/dns/forward/cache/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "cache", 5 | srcs = ["cache.go"], 6 | importpath = "source.monogon.dev/osbase/net/dns/forward/cache", 7 | visibility = ["//osbase/net/dns/forward:__subpackages__"], 8 | deps = ["@org_golang_x_sys//cpu"], 9 | ) 10 | 11 | go_test( 12 | name = "cache_test", 13 | srcs = [ 14 | "cache_test.go", 15 | "shard_test.go", 16 | ], 17 | embed = [":cache"], 18 | ) 19 | -------------------------------------------------------------------------------- /osbase/net/dns/forward/cache/cache_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package cache 5 | 6 | // Taken and modified from CoreDNS, under Apache 2.0. 7 | 8 | import ( 9 | "testing" 10 | ) 11 | 12 | func TestCacheAddAndGet(t *testing.T) { 13 | const N = shardSize * 4 14 | c := New[int](N) 15 | c.Put(1, 1) 16 | 17 | if _, found := c.Get(1); !found { 18 | t.Fatal("Failed to find inserted record") 19 | } 20 | } 21 | 22 | func TestCacheSharding(t *testing.T) { 23 | c := New[int](shardSize) 24 | for i := 0; i < shardSize*2; i++ { 25 | c.Put(uint64(i), 1) 26 | } 27 | for i := range c.shards { 28 | if len(c.shards[i].items) == 0 { 29 | t.Errorf("Failed to populate shard: %d", i) 30 | } 31 | } 32 | } 33 | 34 | func BenchmarkCache(b *testing.B) { 35 | b.ReportAllocs() 36 | 37 | c := New[int](4) 38 | for n := 0; n < b.N; n++ { 39 | c.Put(1, 1) 40 | c.Get(1) 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /osbase/net/dns/forward/proxy/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "proxy", 5 | srcs = [ 6 | "connect.go", 7 | "health.go", 8 | "metrics.go", 9 | "persistent.go", 10 | "proxy.go", 11 | "type.go", 12 | ], 13 | importpath = "source.monogon.dev/osbase/net/dns/forward/proxy", 14 | visibility = ["//osbase/net/dns/forward:__subpackages__"], 15 | deps = [ 16 | "//osbase/net/dns", 17 | "//osbase/net/dns/forward/up", 18 | "@com_github_miekg_dns//:dns", 19 | "@com_github_prometheus_client_golang//prometheus", 20 | ], 21 | ) 22 | 23 | go_test( 24 | name = "proxy_test", 25 | srcs = [ 26 | "health_test.go", 27 | "persistent_test.go", 28 | "proxy_test.go", 29 | ], 30 | embed = [":proxy"], 31 | deps = [ 32 | "//osbase/net/dns/test", 33 | "@com_github_miekg_dns//:dns", 34 | ], 35 | ) 36 | -------------------------------------------------------------------------------- /osbase/net/dns/forward/proxy/metrics.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package proxy 5 | 6 | // Taken and modified from CoreDNS, under Apache 2.0. 7 | 8 | import ( 9 | "github.com/prometheus/client_golang/prometheus" 10 | 11 | "source.monogon.dev/osbase/net/dns" 12 | ) 13 | 14 | // Variables declared for monitoring. 15 | var ( 16 | healthcheckFailureCount = dns.MetricsFactory.NewCounterVec(prometheus.CounterOpts{ 17 | Namespace: "dnsserver", 18 | Subsystem: "forward", 19 | Name: "healthcheck_failures_total", 20 | Help: "Counter of the number of failed healthchecks.", 21 | }, []string{"to"}) 22 | ) 23 | -------------------------------------------------------------------------------- /osbase/net/dns/forward/proxy/type.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package proxy 5 | 6 | // Taken and modified from CoreDNS, under Apache 2.0. 7 | 8 | import ( 9 | "net" 10 | ) 11 | 12 | type transportType int 13 | 14 | const ( 15 | typeUDP transportType = iota 16 | typeTCP 17 | typeTLS 18 | typeTotalCount // keep this last 19 | ) 20 | 21 | func stringToTransportType(s string) transportType { 22 | switch s { 23 | case "udp": 24 | return typeUDP 25 | case "tcp": 26 | return typeTCP 27 | case "tcp-tls": 28 | return typeTLS 29 | } 30 | 31 | return typeUDP 32 | } 33 | 34 | func (t *Transport) transportTypeFromConn(pc *persistConn) transportType { 35 | if _, ok := pc.c.Conn.(*net.UDPConn); ok { 36 | return typeUDP 37 | } 38 | 39 | if t.tlsConfig == nil { 40 | return typeTCP 41 | } 42 | 43 | return typeTLS 44 | } 45 | -------------------------------------------------------------------------------- /osbase/net/dns/forward/up/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "up", 5 | srcs = ["up.go"], 6 | importpath = "source.monogon.dev/osbase/net/dns/forward/up", 7 | visibility = ["//osbase/net/dns/forward:__subpackages__"], 8 | ) 9 | 10 | go_test( 11 | name = "up_test", 12 | srcs = ["up_test.go"], 13 | embed = [":up"], 14 | ) 15 | -------------------------------------------------------------------------------- /osbase/net/dns/hosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 localhost 2 | ::1 localhost 3 | -------------------------------------------------------------------------------- /osbase/net/dns/kubernetes/LICENSE-3RD-PARTY.txt: -------------------------------------------------------------------------------- 1 | Copyright 2016-2024 The CoreDNS authors and contributors 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /osbase/net/dns/resolv.conf: -------------------------------------------------------------------------------- 1 | # NOTE: This is baked into the rootfs. All DNS-related settings are in the 2 | # DNS service at //osbase/net/dns. 3 | nameserver 127.0.0.1 4 | -------------------------------------------------------------------------------- /osbase/net/dns/test/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "test", 5 | srcs = ["server.go"], 6 | importpath = "source.monogon.dev/osbase/net/dns/test", 7 | visibility = ["//osbase/net/dns:__subpackages__"], 8 | deps = ["@com_github_miekg_dns//:dns"], 9 | ) 10 | 11 | go_test( 12 | name = "test_test", 13 | srcs = ["server_test.go"], 14 | embed = [":test"], 15 | deps = ["@com_github_miekg_dns//:dns"], 16 | ) 17 | -------------------------------------------------------------------------------- /osbase/net/dns/test/LICENSE-3RD-PARTY.txt: -------------------------------------------------------------------------------- 1 | Copyright 2016-2024 The CoreDNS authors and contributors 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /osbase/net/dump/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "dump", 5 | srcs = [ 6 | "hwaddr_compat.go", 7 | "netdump.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/net/dump", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "//osbase/net/proto", 13 | "@com_github_vishvananda_netlink//:netlink", 14 | "@org_go4_netipx//:netipx", 15 | "@org_golang_x_sys//unix", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /osbase/net/dump/cli/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "cli_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/net/dump/cli", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//osbase/net/dump", 10 | "@org_golang_google_protobuf//encoding/prototext", 11 | ], 12 | ) 13 | 14 | go_binary( 15 | name = "cli", 16 | embed = [":cli_lib"], 17 | visibility = ["//visibility:public"], 18 | ) 19 | -------------------------------------------------------------------------------- /osbase/net/dump/cli/main.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package main 5 | 6 | import ( 7 | "fmt" 8 | "log" 9 | 10 | "google.golang.org/protobuf/encoding/prototext" 11 | 12 | netdump "source.monogon.dev/osbase/net/dump" 13 | ) 14 | 15 | func main() { 16 | netconf, _, err := netdump.Dump() 17 | if err != nil { 18 | log.Fatalf("failed to dump network configuration: %v", err) 19 | } 20 | fmt.Println(prototext.Format(netconf)) 21 | } 22 | -------------------------------------------------------------------------------- /osbase/net/proto/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package proto 5 | -------------------------------------------------------------------------------- /osbase/net/sshtakeover/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "sshtakeover", 5 | srcs = ["sshtakeover.go"], 6 | importpath = "source.monogon.dev/osbase/net/sshtakeover", 7 | visibility = ["//visibility:public"], 8 | deps = [ 9 | "//osbase/structfs", 10 | "@com_github_pkg_sftp//:sftp", 11 | "@org_golang_x_crypto//ssh", 12 | ], 13 | ) 14 | -------------------------------------------------------------------------------- /osbase/nvme/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "nvme", 5 | srcs = [ 6 | "cmd_linux.go", 7 | "cmd_unsupported.go", 8 | "error.go", 9 | "format.go", 10 | "health.go", 11 | "identify.go", 12 | "nvme.go", 13 | "selftest.go", 14 | "uint128le.go", 15 | ], 16 | importpath = "source.monogon.dev/osbase/nvme", 17 | visibility = ["//visibility:public"], 18 | deps = select({ 19 | "@io_bazel_rules_go//go/platform:android": [ 20 | "@org_golang_x_sys//unix", 21 | ], 22 | "@io_bazel_rules_go//go/platform:linux": [ 23 | "@org_golang_x_sys//unix", 24 | ], 25 | "//conditions:default": [], 26 | }), 27 | ) 28 | 29 | go_test( 30 | name = "nvme_test", 31 | srcs = ["struct_test.go"], 32 | embed = [":nvme"], 33 | ) 34 | -------------------------------------------------------------------------------- /osbase/nvme/cmd_unsupported.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | //go:build !linux 5 | 6 | package nvme 7 | 8 | import ( 9 | "fmt" 10 | "runtime" 11 | ) 12 | 13 | func (d *Device) RawCommand(cmd *Command) error { 14 | return fmt.Errorf("NVMe command interface unimplemented for %v", runtime.GOOS) 15 | } 16 | -------------------------------------------------------------------------------- /osbase/nvme/struct_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package nvme 5 | 6 | import ( 7 | "encoding/binary" 8 | "testing" 9 | ) 10 | 11 | // TestStruct tests if the struct passed to Linux's ioctl has the ABI-specified 12 | // size. 13 | func TestStruct(t *testing.T) { 14 | passthruCmdSize := binary.Size(passthruCmd{}) 15 | if passthruCmdSize != 72 { 16 | t.Errorf("passthroughCmd is %d bytes, expected 72", passthruCmdSize) 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /osbase/nvme/uint128le.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package nvme 5 | 6 | import ( 7 | "math" 8 | "math/big" 9 | ) 10 | 11 | // uint128 little endian composed of two uint64s, readable by binary.Read. 12 | // Auxiliary type to simplify structures with uint128s (of which NVMe has 13 | // quite a few). 14 | type uint128le struct { 15 | Lo, Hi uint64 16 | } 17 | 18 | // BigInt returns u as a bigint 19 | func (u uint128le) BigInt() *big.Int { 20 | v := new(big.Int).SetUint64(u.Hi) 21 | v = v.Lsh(v, 64) 22 | v = v.Or(v, new(big.Int).SetUint64(u.Lo)) 23 | return v 24 | } 25 | 26 | // Uint64 returns u as a clamped uint64 27 | func (u uint128le) Uint64() uint64 { 28 | if u.Hi > 0 { 29 | return math.MaxUint64 30 | } 31 | return u.Lo 32 | } 33 | -------------------------------------------------------------------------------- /osbase/oci/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "oci", 5 | srcs = [ 6 | "layout.go", 7 | "oci.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/oci", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "//osbase/structfs", 13 | "@com_github_opencontainers_go_digest//:go-digest", 14 | "@com_github_opencontainers_image_spec//specs-go", 15 | "@com_github_opencontainers_image_spec//specs-go/v1:specs-go", 16 | ], 17 | ) 18 | 19 | go_test( 20 | name = "oci_test", 21 | srcs = ["oci_test.go"], 22 | embed = [":oci"], 23 | ) 24 | -------------------------------------------------------------------------------- /osbase/pki/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "pki", 5 | srcs = [ 6 | "ca.go", 7 | "certificate.go", 8 | "crl.go", 9 | "x509.go", 10 | ], 11 | importpath = "source.monogon.dev/osbase/pki", 12 | visibility = ["//visibility:public"], 13 | deps = [ 14 | "//osbase/event", 15 | "//osbase/event/etcd", 16 | "//osbase/fileargs", 17 | "@io_etcd_go_etcd_client_v3//:client", 18 | ], 19 | ) 20 | 21 | go_test( 22 | name = "pki_test", 23 | srcs = [ 24 | "certificate_test.go", 25 | "crl_test.go", 26 | ], 27 | embed = [":pki"], 28 | deps = [ 29 | "//osbase/logtree", 30 | "@io_etcd_go_etcd_client_pkg_v3//testutil", 31 | "@io_etcd_go_etcd_tests_v3//integration", 32 | "@org_uber_go_zap//:zap", 33 | ], 34 | ) 35 | -------------------------------------------------------------------------------- /osbase/pstore/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "pstore", 5 | srcs = ["pstore.go"], 6 | importpath = "source.monogon.dev/osbase/pstore", 7 | visibility = ["//visibility:public"], 8 | ) 9 | 10 | go_test( 11 | name = "pstore_test", 12 | srcs = ["pstore_test.go"], 13 | embed = [":pstore"], 14 | ) 15 | -------------------------------------------------------------------------------- /osbase/scsi/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "scsi", 5 | srcs = [ 6 | "dev_block.go", 7 | "health.go", 8 | "inquiry.go", 9 | "log.go", 10 | "scsi.go", 11 | "scsi_linux.go", 12 | "scsi_linux_defs.go", 13 | "sensekeydata.go", 14 | ], 15 | cgo = True, 16 | importpath = "source.monogon.dev/osbase/scsi", 17 | visibility = ["//visibility:public"], 18 | deps = select({ 19 | "@io_bazel_rules_go//go/platform:android": [ 20 | "@org_golang_x_sys//unix", 21 | ], 22 | "@io_bazel_rules_go//go/platform:linux": [ 23 | "@org_golang_x_sys//unix", 24 | ], 25 | "//conditions:default": [], 26 | }), 27 | ) 28 | -------------------------------------------------------------------------------- /osbase/scsi/health.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package scsi 5 | 6 | import "errors" 7 | 8 | type InformationalExceptions struct { 9 | InformationalSenseCode AdditionalSenseCode 10 | Temperature uint8 11 | } 12 | 13 | func (d *Device) GetInformationalExceptions() (*InformationalExceptions, error) { 14 | raw, err := d.LogSenseParameters(LogSenseRequest{PageCode: 0x0b}) 15 | if err != nil { 16 | return nil, err 17 | } 18 | if len(raw[0x1]) == 0 { 19 | return nil, errors.New("mandatory parameter 0001h missing") 20 | } 21 | param1 := raw[0x01][0] 22 | if len(param1.Data) < 3 { 23 | return nil, errors.New("parameter 0001h too short") 24 | } 25 | return &InformationalExceptions{ 26 | InformationalSenseCode: AdditionalSenseCode(uint16(param1.Data[0])<<8 | uint16(param1.Data[1])), 27 | Temperature: param1.Data[2], 28 | }, nil 29 | } 30 | -------------------------------------------------------------------------------- /osbase/scsi/scsi_linux_defs.go: -------------------------------------------------------------------------------- 1 | //go:build linux 2 | 3 | // Code generated by cmd/cgo -godefs; DO NOT EDIT. 4 | // cgo -godefs scsi_linux_defs1.go 5 | 6 | package scsi 7 | 8 | const ( 9 | SG_IO = 0x2285 10 | SG_DXFER_NONE = -0x1 11 | SG_DXFER_TO_DEV = -0x2 12 | SG_DXFER_FROM_DEV = -0x3 13 | SG_DXFER_TO_FROM_DEV = -0x4 14 | ) 15 | 16 | type sgIOHdr struct { 17 | Interface_id int32 18 | Dxfer_direction int32 19 | Cmd_len uint8 20 | Mx_sb_len uint8 21 | Iovec_count uint16 22 | Dxfer_len uint32 23 | Dxferp uintptr 24 | Cmdp uintptr 25 | Sbp uintptr 26 | Timeout uint32 27 | Flags uint32 28 | Pack_id int32 29 | Usr_ptr uintptr 30 | Status uint8 31 | Masked_status uint8 32 | Msg_status uint8 33 | Sb_len_wr uint8 34 | Host_status uint16 35 | Driver_status uint16 36 | Resid int32 37 | Duration uint32 38 | Info uint32 39 | Pad_cgo_0 [4]byte 40 | } 41 | -------------------------------------------------------------------------------- /osbase/scsi/scsi_linux_defs1.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | //go:build ignore 5 | 6 | package scsi 7 | 8 | // #include 9 | import "C" 10 | 11 | const ( 12 | SG_IO = C.SG_IO 13 | SG_DXFER_NONE = C.SG_DXFER_NONE 14 | SG_DXFER_TO_DEV = C.SG_DXFER_TO_DEV 15 | SG_DXFER_FROM_DEV = C.SG_DXFER_FROM_DEV 16 | SG_DXFER_TO_FROM_DEV = C.SG_DXFER_TO_FROM_DEV 17 | ) 18 | 19 | type sgIOHdr C.sg_io_hdr_t 20 | -------------------------------------------------------------------------------- /osbase/smbios/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "smbios", 5 | srcs = [ 6 | "smbios.go", 7 | "structures.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/smbios", 10 | visibility = ["//visibility:public"], 11 | ) 12 | -------------------------------------------------------------------------------- /osbase/socksproxy/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "socksproxy", 5 | srcs = [ 6 | "protocol.go", 7 | "socksproxy.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/socksproxy", 10 | visibility = ["//visibility:public"], 11 | ) 12 | 13 | go_test( 14 | name = "socksproxy_test", 15 | srcs = ["socksproxy_test.go"], 16 | embed = [":socksproxy"], 17 | deps = ["@org_golang_x_net//proxy"], 18 | ) 19 | -------------------------------------------------------------------------------- /osbase/structfs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | 3 | go_library( 4 | name = "structfs", 5 | srcs = [ 6 | "blob.go", 7 | "structfs.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/structfs", 10 | visibility = ["//visibility:public"], 11 | ) 12 | 13 | go_test( 14 | name = "structfs_test", 15 | srcs = ["structfs_test.go"], 16 | deps = [":structfs"], 17 | ) 18 | -------------------------------------------------------------------------------- /osbase/sysctl/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "sysctl", 5 | srcs = ["options.go"], 6 | importpath = "source.monogon.dev/osbase/sysctl", 7 | visibility = ["//visibility:public"], 8 | ) 9 | -------------------------------------------------------------------------------- /osbase/sysctl/options.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package sysctl 5 | 6 | import ( 7 | "fmt" 8 | "os" 9 | "path" 10 | "strings" 11 | ) 12 | 13 | // Options contains sysctl options to apply 14 | type Options map[string]string 15 | 16 | // Apply attempts to apply all options in Options. It aborts on the first 17 | // one which returns an error when applying. 18 | func (o Options) Apply() error { 19 | for name, value := range o { 20 | filePath := path.Join("/proc/sys/", strings.ReplaceAll(name, ".", "/")) 21 | optionFile, err := os.OpenFile(filePath, os.O_WRONLY, 0) 22 | if err != nil { 23 | return fmt.Errorf("failed to set option %v: %w", name, err) 24 | } 25 | if _, err := optionFile.WriteString(value + "\n"); err != nil { 26 | optionFile.Close() 27 | return fmt.Errorf("failed to set option %v: %w", name, err) 28 | } 29 | optionFile.Close() // In a loop, defer'ing could open a lot of FDs 30 | } 31 | return nil 32 | } 33 | -------------------------------------------------------------------------------- /osbase/sysfs/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "sysfs", 5 | srcs = [ 6 | "block.go", 7 | "uevents.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/sysfs", 10 | visibility = ["//visibility:public"], 11 | deps = ["@com_github_google_uuid//:uuid"], 12 | ) 13 | -------------------------------------------------------------------------------- /osbase/sysfs/uevents.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package sysfs 5 | 6 | import ( 7 | "bufio" 8 | "io" 9 | "os" 10 | "strings" 11 | ) 12 | 13 | func ReadUevents(filename string) (map[string]string, error) { 14 | f, err := os.Open(filename) 15 | if err != nil { 16 | return nil, err 17 | } 18 | defer f.Close() 19 | ueventMap := make(map[string]string) 20 | reader := bufio.NewReader(f) 21 | for { 22 | name, err := reader.ReadString(byte('=')) 23 | if err == io.EOF { 24 | break 25 | } else if err != nil { 26 | return nil, err 27 | } 28 | value, err := reader.ReadString(byte('\n')) 29 | if err == io.EOF { 30 | continue 31 | } else if err != nil { 32 | return nil, err 33 | } 34 | ueventMap[strings.Trim(name, "=")] = strings.TrimSpace(value) 35 | } 36 | return ueventMap, nil 37 | } 38 | -------------------------------------------------------------------------------- /osbase/test/ktest/init/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "init_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/osbase/test/ktest/init", 7 | visibility = ["//visibility:private"], 8 | deps = ["@org_golang_x_sys//unix"], 9 | ) 10 | 11 | go_binary( 12 | name = "init", 13 | embed = [":init_lib"], 14 | visibility = [ 15 | "//visibility:public", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /osbase/test/ktest/run_ktest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright The Monogon Project Authors. 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | 7 | exec "$1" -initrd-path "$2" -kernel-path "$3" -cmdline "$4" -------------------------------------------------------------------------------- /osbase/test/qemu/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "qemu", 5 | srcs = ["launch.go"], 6 | importpath = "source.monogon.dev/osbase/test/qemu", 7 | visibility = [ 8 | "//metropolis:__subpackages__", 9 | "//osbase:__subpackages__", 10 | ], 11 | deps = [ 12 | "//osbase/freeport", 13 | "@org_golang_x_sys//unix", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /osbase/tpm/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "tpm", 5 | srcs = [ 6 | "credactivation_compat.go", 7 | "tpm.go", 8 | ], 9 | importpath = "source.monogon.dev/osbase/tpm", 10 | visibility = ["//visibility:public"], 11 | deps = [ 12 | "//go/logging", 13 | "//osbase/sysfs", 14 | "//osbase/tpm/proto", 15 | "@com_github_google_go_tpm//tpm2", 16 | "@com_github_google_go_tpm//tpmutil", 17 | "@com_github_google_go_tpm_tools//client", 18 | "@org_golang_google_protobuf//proto", 19 | "@org_golang_x_crypto//nacl/secretbox", 20 | "@org_golang_x_sys//unix", 21 | ], 22 | ) 23 | -------------------------------------------------------------------------------- /osbase/tpm/eventlog/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "eventlog", 5 | srcs = [ 6 | "compat.go", 7 | "eventlog.go", 8 | "secureboot.go", 9 | ], 10 | importpath = "source.monogon.dev/osbase/tpm/eventlog", 11 | visibility = ["//visibility:public"], 12 | deps = [ 13 | "//osbase/tpm/eventlog/internal", 14 | "@com_github_google_certificate_transparency_go//x509", 15 | "@com_github_google_go_tpm//tpm2", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /osbase/tpm/eventlog/LICENSE-3RD-PARTY.txt: -------------------------------------------------------------------------------- 1 | Copyright 2020 Google Inc. 2 | Licensed under the Apache License, Version 2.0 (the "License"); you may not 3 | use this file except in compliance with the License. You may obtain a copy of 4 | the License at 5 | 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | 8 | Unless required by applicable law or agreed to in writing, software 9 | distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 10 | WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 11 | License for the specific language governing permissions and limitations under 12 | the License. -------------------------------------------------------------------------------- /osbase/tpm/eventlog/compat.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package eventlog 5 | 6 | // This file contains compatibility functions for our TPM library 7 | 8 | import ( 9 | "crypto" 10 | ) 11 | 12 | // ConvertRawPCRs converts from raw PCRs to eventlog PCR structures 13 | func ConvertRawPCRs(pcrs [][]byte) []PCR { 14 | var evPCRs []PCR 15 | for i, digest := range pcrs { 16 | evPCRs = append(evPCRs, PCR{DigestAlg: crypto.SHA256, Index: i, Digest: digest}) 17 | } 18 | return evPCRs 19 | } 20 | -------------------------------------------------------------------------------- /osbase/tpm/eventlog/internal/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "internal", 5 | srcs = ["events.go"], 6 | importpath = "source.monogon.dev/osbase/tpm/eventlog/internal", 7 | visibility = ["//osbase/tpm/eventlog:__subpackages__"], 8 | deps = [ 9 | "@com_github_google_certificate_transparency_go//asn1", 10 | "@com_github_google_certificate_transparency_go//x509", 11 | ], 12 | ) 13 | -------------------------------------------------------------------------------- /osbase/tpm/proto/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package proto 5 | -------------------------------------------------------------------------------- /osbase/tpm/proto/tpm.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | option go_package = "source.monogon.dev/osbase/tpm/proto"; 3 | package osbase.tpm.proto; 4 | 5 | import "proto/tpm/tpm.proto"; 6 | 7 | // ExtendedSealedBytes contains data sealed by a TPM2 via an indirection to 8 | // allow for more than 128 bytes of payload. It seals an ephemeral key for 9 | // a nacl secretbox in the TPM and stores the encrypted box next to the sealed 10 | // key. 11 | message ExtendedSealedBytes { 12 | // The secretbox key, as sealed by the TPM. 13 | .tpm.SealedBytes sealed_key = 1; 14 | // The encrypted box contents. 15 | bytes encrypted_payload = 2; 16 | } -------------------------------------------------------------------------------- /osbase/verity/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") 2 | load("//osbase/test/ktest:ktest.bzl", "k_test") 3 | 4 | go_library( 5 | name = "verity", 6 | srcs = ["encoder.go"], 7 | importpath = "source.monogon.dev/osbase/verity", 8 | visibility = ["//visibility:public"], 9 | ) 10 | 11 | go_test( 12 | name = "verity_test", 13 | srcs = ["encoder_test.go"], 14 | embed = [":verity"], 15 | deps = [ 16 | "//osbase/devicemapper", 17 | "@com_github_stretchr_testify//require", 18 | "@org_golang_x_sys//unix", 19 | ], 20 | ) 21 | 22 | k_test( 23 | name = "ktest", 24 | cmdline = "ramdisk_size=16384", 25 | tester = ":verity_test", 26 | ) 27 | -------------------------------------------------------------------------------- /osbase/watchdog/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "watchdog", 5 | srcs = ["watchdog.go"], 6 | importpath = "source.monogon.dev/osbase/watchdog", 7 | visibility = ["//visibility:public"], 8 | deps = ["@org_golang_x_sys//unix"], 9 | ) 10 | -------------------------------------------------------------------------------- /shell.nix: -------------------------------------------------------------------------------- 1 | # If you're on NixOS, use me! `nix-shell --pure`. 2 | { sources ? import third_party/nix/sources.nix }: 3 | let 4 | pkgs = import sources.nixpkgs {}; 5 | in 6 | (import third_party/nix/env.nix { inherit pkgs; }).env 7 | -------------------------------------------------------------------------------- /third_party/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//osbase/build/fwprune:def.bzl", "fsspec_linux_firmware") 2 | load("//osbase/build/mkucode:def.bzl", "cpio_ucode") 3 | 4 | fsspec_linux_firmware( 5 | name = "firmware", 6 | firmware_files = ["@linux-firmware//:all_files"], 7 | kernel = "//third_party/linux", 8 | metadata = "@linux-firmware//:metadata", 9 | visibility = ["//visibility:public"], 10 | ) 11 | 12 | cpio_ucode( 13 | name = "ucode", 14 | ucode = { 15 | "@linux-firmware//:amd_ucode": "AuthenticAMD", 16 | "@intel_ucode//:fam6h": "GenuineIntel", 17 | }, 18 | visibility = ["//visibility:public"], 19 | ) 20 | 21 | # TODO: Workaround for https://github.com/bazelbuild/bazel/issues/19301 22 | alias( 23 | name = "zlib", 24 | actual = "@zlib", 25 | visibility = ["//visibility:public"], 26 | ) 27 | -------------------------------------------------------------------------------- /third_party/README.md: -------------------------------------------------------------------------------- 1 | # `//third_party` 2 | 3 | Anything related to importing third party code and making it work with our monorepo lives here: 4 | 5 | - Vendored code. 6 | - Bazel rules for third party code. 7 | - Patches to thid party code. 8 | - Lock files and similar package manager definitions (whenever possible - things like `go.mod have to live at the top level, and that's OK too). 9 | 10 | First-party code or build rules based *on* a third-party component should not live here. 11 | -------------------------------------------------------------------------------- /third_party/bazelrc/aspect/BUILD.bazel: -------------------------------------------------------------------------------- 1 | "Aspect bazelrc presets; see https://docs.aspect.build/guides/bazelrc" 2 | 3 | load("@aspect_bazel_lib//lib:bazelrc_presets.bzl", "write_aspect_bazelrc_presets") 4 | 5 | write_aspect_bazelrc_presets( 6 | name = "update_aspect_bazelrc_presets", 7 | presets = [ 8 | "bazel8", 9 | "ci", 10 | "convenience", 11 | "correctness", 12 | "performance", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /third_party/bazelrc/aspect/README: -------------------------------------------------------------------------------- 1 | The files in this directory are automatically copied from https://github.com/aspect-build/bazel-lib/tree/main/.aspect/bazelrc via `bazel run //third_party/bazelrc/aspect:update_aspect_bazelrc_presets`. 2 | 3 | Unless otherwise noted, the files in this directory are licensed under the Apache 2.0 License, see COPYING. 4 | 5 | Copyright (c) 2024 github.com/aspect-build/bazel-lib contributors 6 | -------------------------------------------------------------------------------- /third_party/bazelrc/aspect/bazel8.bazelrc: -------------------------------------------------------------------------------- 1 | # No Bazel 8 specific flag presets yet. 2 | -------------------------------------------------------------------------------- /third_party/cap/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/cap/BUILD.bazel -------------------------------------------------------------------------------- /third_party/cap/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/cap/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/chrony/BUILD.bazel: -------------------------------------------------------------------------------- 1 | exports_files(["config.h.in"]) 2 | -------------------------------------------------------------------------------- /third_party/chrony/config.h.in: -------------------------------------------------------------------------------- 1 | #define LINUX 2 | #define DEBUG 0 3 | #define USE_PTHREAD_ASYNCDNS 4 | 5 | #define CHRONY_VERSION "%CHRONY_VERSION%" 6 | #define CHRONYD_FEATURES "NTP RTC SCFILTER ASYNCDNS" 7 | #define FEAT_NTP 8 | #define FEAT_RTC 9 | #define FEAT_SCFILTER 10 | #define FEAT_ASYNCDNS 11 | #define FEAT_PRIVDROP 12 | #define CAP_IS_SUPPORTED 13 | 14 | #define DEFAULT_COMMAND_SOCKET "/todo/chronyd.sock" 15 | #define DEFAULT_CONF_FILE "/todo/chrony.conf" 16 | #define DEFAULT_HWCLOCK_FILE "" 17 | #define DEFAULT_PID_FILE "/todo/chronyd.pid" 18 | #define DEFAULT_RTC_DEVICE "/dev/rtc" 19 | #define DEFAULT_USER "root" 20 | 21 | #define MAIL_PROGRAM "/todo/sendmail" 22 | -------------------------------------------------------------------------------- /third_party/chrony/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/chrony/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/chrony/patches/disable_defaults.patch: -------------------------------------------------------------------------------- 1 | diff --git a/conf.c b/conf.c 2 | index ce2ff00..7ce7fd2 100644 3 | --- a/conf.c 4 | +++ b/conf.c 5 | @@ -403,8 +403,6 @@ CNF_Initialise(int r, int client_only) 6 | if (client_only) { 7 | cmd_port = ntp_port = 0; 8 | } else { 9 | - bind_cmd_path = Strdup(DEFAULT_COMMAND_SOCKET); 10 | - pidfile = Strdup(DEFAULT_PID_FILE); 11 | } 12 | 13 | SCK_GetAnyLocalIPAddress(IPADDR_INET4, &bind_address4); -------------------------------------------------------------------------------- /third_party/cockroach/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/cockroach/BUILD.bazel -------------------------------------------------------------------------------- /third_party/cockroach/cockroach.bzl: -------------------------------------------------------------------------------- 1 | exports_files([ 2 | "cockroach", 3 | ]) 4 | -------------------------------------------------------------------------------- /third_party/com_github_containernetworking_cni/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_containernetworking_cni/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_containernetworking_cni/cni-fix-cachepath.patch: -------------------------------------------------------------------------------- 1 | From 3646de78ed303e1c84c78b676859df9c2db33863 Mon Sep 17 00:00:00 2001 2 | From: Lorenz Brun 3 | Date: Mon, 25 Jan 2021 18:20:01 +0100 4 | Subject: [PATCH] Point CacheDir to the correct location for Metropolis 5 | 6 | This is arguably an ugly hack, but they hardcoded it and the fastest way to 7 | access anything resembling a config is through three different repos: 8 | containernetworking/cni -> containerd/go-cni -> containerd/cri -> 9 | containerd/containerd. 10 | --- 11 | libcni/api.go | 2 +- 12 | 1 file changed, 1 insertion(+), 1 deletion(-) 13 | 14 | diff --git a/libcni/api.go b/libcni/api.go 15 | index 5a43219..5d71426 100644 16 | --- a/libcni/api.go 17 | +++ b/libcni/api.go 18 | @@ -38,7 +38,7 @@ import ( 19 | ) 20 | 21 | var ( 22 | - CacheDir = "/var/lib/cni" 23 | + CacheDir = "/ephemeral/containerd/cni-cache" 24 | // slightly awkward wording to preserve anyone matching on error strings 25 | ErrorCheckNotSupp = fmt.Errorf("does not support the CHECK command") 26 | ) 27 | -- 28 | 2.44.1 29 | 30 | -------------------------------------------------------------------------------- /third_party/com_github_containernetworking_plugins/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_containernetworking_plugins/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_corverroos_commentwrap/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_corverroos_commentwrap/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_go_delve_delve/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_go_delve_delve/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_google_cadvisor/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_google_cadvisor/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_google_go_tpm_tools/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_google_go_tpm_tools/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_google_nftables/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_google_nftables/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_opencontainers_runc/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_opencontainers_runc/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_opencontainers_runc/runc-add-cdeps.patch: -------------------------------------------------------------------------------- 1 | --- a/libcontainer/seccomp/patchbpf/BUILD.bazel 2022-03-24 20:12:34.325421847 +0100 2 | +++ b/libcontainer/seccomp/patchbpf/BUILD.bazel 2022-03-24 20:12:59.777602881 +0100 3 | @@ -7,6 +7,7 @@ 4 | "enosys_unsupported.go", 5 | ], 6 | cgo = True, 7 | + cdeps = ["@@//third_party/seccomp"], 8 | importpath = "github.com/opencontainers/runc/libcontainer/seccomp/patchbpf", 9 | visibility = ["//visibility:public"], 10 | deps = select({ 11 | -------------------------------------------------------------------------------- /third_party/com_github_pganalyze_pg_query_go_v4/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_pganalyze_pg_query_go_v4/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_pganalyze_pg_query_go_v4/pganalyze-add-cdeps.patch: -------------------------------------------------------------------------------- 1 | --- a/parser/BUILD.bazel 2022-09-05 14:33:25.825959896 +0200 2 | +++ b/parser/BUILD.bazel 2022-09-05 14:33:51.071298361 +0200 3 | @@ -86,6 +86,9 @@ 4 | "xxhash.c", 5 | ], 6 | cgo = True, 7 | + cdeps = [ 8 | + "@@//third_party/libpg_query", 9 | + ], 10 | clinkopts = [""], 11 | copts = ["-Iparser/include -g -fstack-protector -std=gnu99 -Wno-deprecated-non-prototype -Wno-unknown-warning-option"], 12 | importpath = "github.com/pganalyze/pg_query_go/v4/parser", 13 | -------------------------------------------------------------------------------- /third_party/com_github_sbezverk_nfproxy/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_sbezverk_nfproxy/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_seccomp_libseccomp_golang/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_seccomp_libseccomp_golang/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_github_seccomp_libseccomp_golang/libseccomp.patch: -------------------------------------------------------------------------------- 1 | --- a/BUILD.bazel 2 | +++ b/BUILD.bazel 3 | @@ -6,6 +6,9 @@ 4 | "seccomp.go", 5 | "seccomp_internal.go", 6 | ], 7 | + cdeps = [ 8 | + "@@//third_party/seccomp", 9 | + ], 10 | cgo = True, 11 | importpath = "github.com/seccomp/libseccomp-golang", 12 | visibility = ["//visibility:public"], 13 | -------------------------------------------------------------------------------- /third_party/com_github_vishvananda_netlink/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_github_vishvananda_netlink/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_go_etcd_io_etcd_server_v3/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_go_etcd_io_etcd_server_v3/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_go_etcd_io_etcd_server_v3/etcd-fix-embed-close.patch: -------------------------------------------------------------------------------- 1 | diff -ur io_etcd_go_etcd_server_v3.orig/embed/etcd.go io_etcd_go_etcd_server_v3/embed/etcd.go 2 | --- io_etcd_go_etcd_server_v3.orig/embed/etcd.go 2023-03-16 12:53:08.416697099 +0100 3 | +++ io_etcd_go_etcd_server_v3/embed/etcd.go 2023-03-16 12:54:27.376650809 +0100 4 | @@ -427,6 +426,7 @@ 5 | } 6 | if e.errc != nil { 7 | close(e.errc) 8 | + e.errc = nil 9 | } 10 | } 11 | 12 | -------------------------------------------------------------------------------- /third_party/com_go_etcd_io_etcd_server_v3/etcd-fix-islearner-panic.patch: -------------------------------------------------------------------------------- 1 | Fix panic in IsLocalMemberLearner after removing membership 2 | 3 | diff --git a/etcdserver/api/membership/cluster.go b/etcdserver/api/membership/cluster.go 4 | index 6becdfd62..cbdd38c2d 100644 5 | --- a/etcdserver/api/membership/cluster.go 6 | +++ b/etcdserver/api/membership/cluster.go 7 | @@ -783,11 +783,7 @@ func (c *RaftCluster) IsLocalMemberLearner() bool { 8 | defer c.Unlock() 9 | localMember, ok := c.members[c.localID] 10 | if !ok { 11 | - c.lg.Panic( 12 | - "failed to find local ID in cluster members", 13 | - zap.String("cluster-id", c.cid.String()), 14 | - zap.String("local-member-id", c.localID.String()), 15 | - ) 16 | + return false 17 | } 18 | return localMember.IsLearner 19 | } 20 | -------------------------------------------------------------------------------- /third_party/com_go_etcd_io_etcd_tests_v3/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_go_etcd_io_etcd_tests_v3/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_golang_org_x_tools/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_golang_org_x_tools/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_gvisor_dev_gvisor/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_gvisor_dev_gvisor/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_k8s_io_client_go/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_k8s_io_client_go/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_k8s_io_component_base/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_k8s_io_component_base/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_k8s_io_kubectl/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_k8s_io_kubectl/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_k8s_io_kubectl/kubectl-fix-embed.patch: -------------------------------------------------------------------------------- 1 | --- a/pkg/explain/v2/BUILD.bazel 2 | +++ b/pkg/explain/v2/BUILD.bazel 3 | @@ -8,6 +8,9 @@ 4 | "generator.go", 5 | "template.go", 6 | ], 7 | + embedsrcs = [ 8 | + "//pkg/explain/v2/templates:files", 9 | + ], 10 | importpath = "k8s.io/kubectl/pkg/explain/v2", 11 | importpath_aliases = ["k8s.io/kubectl/pkg/explain"], 12 | visibility = ["//visibility:public"], 13 | 14 | --- a/pkg/explain/v2/templates/BUILD.bazel 15 | +++ b/pkg/explain/v2/templates/BUILD.bazel 16 | @@ -17,4 +17,10 @@ 17 | "@io_k8s_kube_openapi//pkg/spec3", 18 | "@io_k8s_kube_openapi//pkg/validation/spec", 19 | ], 20 | +) 21 | + 22 | +filegroup( 23 | + name = "files", 24 | + srcs = glob(["*.tmpl"]), 25 | + visibility = ["//visibility:public"], 26 | ) 27 | \ No newline at end of file -------------------------------------------------------------------------------- /third_party/com_k8s_io_kubelet/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_k8s_io_kubelet/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_k8s_io_kubernetes/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_k8s_io_kubernetes/BUILD.bazel -------------------------------------------------------------------------------- /third_party/com_k8s_io_kubernetes/k8s-add-pause-build-file.patch: -------------------------------------------------------------------------------- 1 | From b524a63f818f74b7fbef0ca0016c61ea454a50bd Mon Sep 17 00:00:00 2001 2 | From: Tim Windelschmidt 3 | Date: Tue, 13 Feb 2024 15:19:31 +0100 4 | Subject: [PATCH] add BUILD file for pause container 5 | 6 | --- 7 | build/pause/linux/BUILD.bazel | 1 + 8 | 1 file changed, 1 insertion(+) 9 | create mode 100644 build/pause/linux/BUILD.bazel 10 | 11 | diff --git a/build/pause/linux/BUILD.bazel b/build/pause/linux/BUILD.bazel 12 | new file mode 100644 13 | index 00000000000..8057dd4a859 14 | --- /dev/null 15 | +++ b/build/pause/linux/BUILD.bazel 16 | @@ -0,0 +1 @@ 17 | +exports_files(["pause.c"]) 18 | -- 19 | 2.42.0 20 | 21 | -------------------------------------------------------------------------------- /third_party/com_k8s_io_kubernetes/k8s-reserve-metropolis-ports-import.patch: -------------------------------------------------------------------------------- 1 | diff --git a/pkg/registry/core/service/portallocator/controller/BUILD.bazel b/pkg/registry/core/service/portallocator/controller/BUILD.bazel 2 | index fa870760490..0f67fe7eb9b 100644 3 | --- a/pkg/registry/core/service/portallocator/controller/BUILD.bazel 4 | +++ b/pkg/registry/core/service/portallocator/controller/BUILD.bazel 5 | @@ -26,6 +26,7 @@ 6 | "@io_k8s_client_go//util/retry", 7 | "@io_k8s_component_base//metrics", 8 | "@io_k8s_component_base//metrics/legacyregistry", 9 | + "@@//metropolis/node", 10 | ], 11 | ) 12 | 13 | -------------------------------------------------------------------------------- /third_party/com_k8s_io_mount_utils/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/com_k8s_io_mount_utils/BUILD.bazel -------------------------------------------------------------------------------- /third_party/dosfstools/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/dosfstools/BUILD.bazel -------------------------------------------------------------------------------- /third_party/edk2/BUILD.bazel: -------------------------------------------------------------------------------- 1 | alias( 2 | name = "firmware", 3 | actual = "@edk2//:firmware", 4 | visibility = ["//visibility:public"], 5 | ) 6 | 7 | alias( 8 | name = "OVMF_CODE.fd", 9 | actual = "@edk2//:OVMF_CODE.fd", 10 | visibility = ["//visibility:public"], 11 | ) 12 | 13 | alias( 14 | name = "OVMF_VARS.fd", 15 | actual = "@edk2//:OVMF_VARS.fd", 16 | visibility = ["//visibility:public"], 17 | ) 18 | -------------------------------------------------------------------------------- /third_party/edk2/edk2.bzl: -------------------------------------------------------------------------------- 1 | filegroup( 2 | name = "all", 3 | srcs = glob( 4 | ["**"], 5 | exclude = [ 6 | "CryptoPkg/Library/OpensslLib/openssl/boringssl/fuzz/*_corpus/**", 7 | "CryptoPkg/Library/OpensslLib/openssl/fuzz/corpora/**", 8 | ], 9 | ), 10 | ) 11 | 12 | genrule( 13 | name = "firmware", 14 | srcs = [":all"], 15 | outs = [ 16 | "OVMF_CODE.fd", 17 | "OVMF_VARS.fd", 18 | ], 19 | cmd = """ 20 | ( 21 | # The edk2 build does not like Bazel's default genrule environment. 22 | set +u 23 | 24 | cd {path} 25 | . edksetup.sh 26 | make -C BaseTools/Source/C 27 | build -DTPM2_ENABLE -DSECURE_BOOT_ENABLE -t GCC5 -a X64 -b RELEASE -p $$PWD/OvmfPkg/OvmfPkgX64.dsc 28 | ) > /dev/null 29 | 30 | cp {path}/Build/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd $(RULEDIR) 31 | cp {path}/Build/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd $(RULEDIR) 32 | """.format(path = package_relative_label(":all").workspace_root), 33 | visibility = ["//visibility:public"], 34 | ) 35 | -------------------------------------------------------------------------------- /third_party/edk2/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/edk2/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/efistub/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/efistub/BUILD.bazel -------------------------------------------------------------------------------- /third_party/efistub/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/efistub/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/efistub/patches/remove-wrong-cmdline-assertion.patch: -------------------------------------------------------------------------------- 1 | From 8f0fa4ec981e6c22013949f551ef1b2d7b7dc0e3 Mon Sep 17 00:00:00 2001 2 | From: Lorenz Brun 3 | Date: Wed, 29 Sep 2021 19:10:17 +0200 4 | Subject: [PATCH] Remove wrong assertion that a cmdline exists 5 | 6 | All uses of cmdline are gated behind an if statement, it is perfectly 7 | acceptable for cmdline to not be passed. 8 | --- 9 | src/boot/efi/linux.c | 1 - 10 | 1 file changed, 1 deletion(-) 11 | 12 | diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c 13 | index 0d58f39ff6..ad82ade019 100644 14 | --- a/src/boot/efi/linux.c 15 | +++ b/src/boot/efi/linux.c 16 | @@ -40,7 +40,6 @@ EFI_STATUS linux_exec(EFI_HANDLE image, 17 | EFI_STATUS err; 18 | 19 | assert(image); 20 | - assert(cmdline); 21 | 22 | image_params = (const struct boot_params *) linux_addr; 23 | 24 | -- 25 | 2.25.1 26 | 27 | -------------------------------------------------------------------------------- /third_party/gazelle/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/gazelle/BUILD.bazel -------------------------------------------------------------------------------- /third_party/glib/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # TODO: Workaround for https://github.com/bazelbuild/bazel/issues/19301 2 | alias( 3 | name = "glib", 4 | actual = "@glib//glib", 5 | visibility = ["//visibility:public"], 6 | ) 7 | -------------------------------------------------------------------------------- /third_party/glib/cc_fix_spec.prototxt: -------------------------------------------------------------------------------- 1 | replace { 2 | type: SYSTEM 3 | from: "glibconfig.h" 4 | to: "glib/glibconfig.h" 5 | } 6 | 7 | replace { 8 | type: WORKSPACE 9 | from: "build/config.h" 10 | to: "glib/config.h" 11 | } 12 | 13 | replace { 14 | type: SYSTEM 15 | from: "glib.h" 16 | to: "glib/glib.h" 17 | } -------------------------------------------------------------------------------- /third_party/glib/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/glib/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/gnuefi/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/gnuefi/BUILD.bazel -------------------------------------------------------------------------------- /third_party/gnuefi/gnuefi.bzl: -------------------------------------------------------------------------------- 1 | load("@rules_cc//cc:defs.bzl", "cc_library") 2 | 3 | cc_library( 4 | name = "gnuefi", 5 | srcs = glob(["lib/*.c", "lib/runtime/*.c", "lib/x86_64/*.c"]), 6 | hdrs = glob(["inc/**/*.h"]), 7 | # Consumers expect this to be a system library, so add it to the transitive include paths 8 | includes = ["inc", "inc/x86_64"], 9 | visibility = ["//visibility:public"], 10 | ) 11 | -------------------------------------------------------------------------------- /third_party/inih/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/inih/BUILD.bazel -------------------------------------------------------------------------------- /third_party/inih/inih.bzl: -------------------------------------------------------------------------------- 1 | # Copyright 2020 The Monogon Project Authors. 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | load("@rules_cc//cc:defs.bzl", "cc_library") 18 | 19 | cc_library( 20 | name = "inih", 21 | srcs = ["ini.c"], 22 | hdrs = ["ini.h"], 23 | visibility = ["//visibility:public"], 24 | ) 25 | -------------------------------------------------------------------------------- /third_party/intel_ucode/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/intel_ucode/BUILD.bazel -------------------------------------------------------------------------------- /third_party/intel_ucode/intel_ucode.bzl: -------------------------------------------------------------------------------- 1 | # Anything other than family 6 is not interesting to us 2 | filegroup(name = "fam6h", srcs = glob(["intel-ucode/06-*"]), visibility = ["//visibility:public"]) 3 | -------------------------------------------------------------------------------- /third_party/libpg_query/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # TODO: Workaround for https://github.com/bazelbuild/bazel/issues/19301 2 | alias( 3 | name = "libpg_query", 4 | actual = "@libpg_query//:libpg_query", 5 | visibility = ["//visibility:public"], 6 | ) 7 | -------------------------------------------------------------------------------- /third_party/libpg_query/README.md: -------------------------------------------------------------------------------- 1 | libpg\_query 2 | === 3 | 4 | This library provides a C API to parse postgres queries. It consists of some vendored PostgreSQL source code and wrapper header/sources. 5 | 6 | Licensing 7 | --- 8 | 9 | * libpg\_query itself: BSD 3-clause 10 | * xxhash: BSD 2-clause 11 | * protobuf-c: BSD 2-clause (not named, but terms are equal) 12 | * PostgreSQL: PostgreSQL license (similar to MIT) 13 | 14 | Known Issues 15 | --- 16 | 17 | This library has a very wide include path requirement, that includes its own vendor directories (which contain postgres, xxhash and protobuf-c). These includes are pulled into all dependendents of this library and might break anything that wants eg. both libpg\_query and xxhash. When this happens, we should patch the library to always use absolute includes instead, thereby cleaning up the include directives. We technically have `bazel_cc_fix` for that. 18 | 19 | We could also unvendor xxhash, protobuf-c and even postgres. But that might not be worth the effort right now. 20 | -------------------------------------------------------------------------------- /third_party/libtpms/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # TODO: Workaround for https://github.com/bazelbuild/bazel/issues/19301 2 | alias( 3 | name = "libtpms_tpm2", 4 | actual = "@libtpms//:libtpms_tpm2", 5 | visibility = ["//visibility:public"], 6 | ) 7 | -------------------------------------------------------------------------------- /third_party/libtpms/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/libtpms/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/linux-firmware/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/linux-firmware/BUILD.bazel -------------------------------------------------------------------------------- /third_party/linux-firmware/linux-firmware.bzl: -------------------------------------------------------------------------------- 1 | filegroup(name = "all_files", srcs = glob(["**"]), visibility = ["//visibility:public"]) 2 | filegroup(name = "metadata", srcs = ["WHENCE"], visibility = ["//visibility:public"]) 3 | filegroup(name = "amd_ucode", srcs = glob(["amd-ucode/*.bin"]), visibility = ["//visibility:public"]) 4 | -------------------------------------------------------------------------------- /third_party/linux/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("//third_party/linux:def.bzl", "linux_image") 2 | 3 | exports_files(["linux-metropolis.config"]) 4 | 5 | linux_image( 6 | name = "linux", 7 | visibility = ["//visibility:public"], 8 | ) 9 | -------------------------------------------------------------------------------- /third_party/linux/linux.bzl: -------------------------------------------------------------------------------- 1 | load("@rules_cc//cc:defs.bzl", "cc_binary") 2 | 3 | filegroup( 4 | name = "all", 5 | srcs = glob(["**"]), 6 | visibility = ["//visibility:public"], 7 | ) 8 | 9 | # Build gen_init_cpio separately for the initramfs generation stage 10 | cc_binary( 11 | name = "gen_init_cpio", 12 | srcs = ["usr/gen_init_cpio.c"], 13 | visibility = ["//visibility:public"], 14 | ) 15 | -------------------------------------------------------------------------------- /third_party/linux/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/linux/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/musl/BUILD.bazel: -------------------------------------------------------------------------------- 1 | genrule( 2 | name = "musl", 3 | srcs = [ 4 | "@musl//:all", 5 | ], 6 | outs = [ 7 | # C Runtimes 8 | "crt1.o", 9 | "crti.o", 10 | "crtn.o", 11 | "rcrt1.o", 12 | "Scrt1.o", 13 | 14 | # Static musl libc 15 | "libc.a", 16 | 17 | # Placeholder archives 18 | "libcrypt.a", 19 | "libdl.a", 20 | "libm.a", 21 | "libpthread.a", 22 | "libresolv.a", 23 | "librt.a", 24 | "libutil.a", 25 | "libxnet.a", 26 | ], 27 | cmd = """ 28 | OUT=$$PWD/$(RULEDIR) 29 | ( 30 | export CFLAGS="-static-pie -fPIC" 31 | cd {path} 32 | ./configure --prefix=$$OUT --syslibdir=$$OUT --libdir=$$OUT 33 | make -j $$(nproc) install-libs 34 | ) > /dev/null 35 | """.format(path = package_relative_label("@musl//:all").workspace_root), 36 | visibility = ["//visibility:public"], 37 | ) 38 | -------------------------------------------------------------------------------- /third_party/musl/musl.bzl: -------------------------------------------------------------------------------- 1 | filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"]) 2 | -------------------------------------------------------------------------------- /third_party/nix/bazel-inner.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | function get_workspace_root() { 3 | workspace_dir="${PWD}" 4 | while [[ "${workspace_dir}" != / ]]; do 5 | if [[ -e "${workspace_dir}/WORKSPACE" || -e "${workspace_dir}/WORKSPACE.bazel" || -e "${workspace_dir}/MODULE.bazel" ]]; then 6 | readonly workspace_dir 7 | return 8 | fi 9 | workspace_dir="$(dirname "${workspace_dir}")" 10 | done 11 | readonly workspace_dir="" 12 | } 13 | 14 | get_workspace_root 15 | readonly wrapper="${workspace_dir}/tools/bazel" 16 | if [ -f "${wrapper}" ]; then 17 | exec -a "$0" "${wrapper}" "$@" 18 | fi 19 | exec -a "$0" "${BAZEL_REAL}" "$@" 20 | -------------------------------------------------------------------------------- /third_party/nix/sources.json: -------------------------------------------------------------------------------- 1 | { 2 | "nixpkgs": { 3 | "branch": "release-24.05", 4 | "description": "Nix Packages collection", 5 | "homepage": null, 6 | "owner": "NixOS", 7 | "repo": "nixpkgs", 8 | "rev": "2ccc79cca053f714e9462f356fe80ba3469ab50b", 9 | "sha256": "12fbsc2iz0bwmr71ai0q3zspskmrkh9wkkq6ycwvcxjh0px0kpdw", 10 | "type": "tarball", 11 | "url": "https://github.com/NixOS/nixpkgs/archive/2ccc79cca053f714e9462f356fe80ba3469ab50b.tar.gz", 12 | "url_template": "https://github.com///archive/.tar.gz" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /third_party/rules_go/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/rules_go/BUILD.bazel -------------------------------------------------------------------------------- /third_party/rules_go/rules_go_absolute_embedsrc.patch: -------------------------------------------------------------------------------- 1 | This adds support for workspace-relative Go embeds. 2 | 3 | diff --git a/go/tools/builders/compilepkg.go b/go/tools/builders/compilepkg.go 4 | index 09e3ef6e..4623f803 100644 5 | --- a/go/tools/builders/compilepkg.go 6 | +++ b/go/tools/builders/compilepkg.go 7 | @@ -379,6 +379,13 @@ func compileArchive( 8 | } 9 | } 10 | } 11 | + // Sort by length descenting to not get wrong roots 12 | + sort.Slice(embedRoots, func(i, j int) bool { 13 | + return len(embedRoots[i]) > len(embedRoots[j]) 14 | + }) 15 | + for _, root := range embedRoots { 16 | + embedRootDirs = append(embedRootDirs, abs(root)) 17 | + } 18 | embedcfgPath, err := buildEmbedcfgFile(srcs.goSrcs, embedSrcs, embedRootDirs, workDir) 19 | if err != nil { 20 | return err 21 | -------------------------------------------------------------------------------- /third_party/rules_rust/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/rules_rust/BUILD.bazel -------------------------------------------------------------------------------- /third_party/rust/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/rust/BUILD.bazel -------------------------------------------------------------------------------- /third_party/rust/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "compile_with_bazel" 3 | version = "0.0.0" 4 | 5 | # Mandatory (or Cargo tooling is unhappy) 6 | [lib] 7 | path = "fake_lib.rs" 8 | 9 | [dependencies] 10 | mdbook = "0" 11 | protoc-gen-prost = "0.2.3" 12 | -------------------------------------------------------------------------------- /third_party/rust/README.md: -------------------------------------------------------------------------------- 1 | Rust dependency management 2 | ========================== 3 | 4 | Dependencies are defined in Cargo.toml. Dependency syncing and updating is done in the repository rule which means it’s done during the analysis phase of builds. 5 | 6 | To render a new lock file: 7 | 8 | $ CARGO_BAZEL_REPIN=1 bazel sync 9 | 10 | For more information on the process, consult the official [rules_rust/crate_universe documentation](https://bazelbuild.github.io/rules_rust/crate_universe.html). 11 | -------------------------------------------------------------------------------- /third_party/rust_efi/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/rust_efi/BUILD.bazel -------------------------------------------------------------------------------- /third_party/rust_efi/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "compile_with_bazel" 3 | version = "0.0.0" 4 | 5 | # Mandatory (or Cargo tooling is unhappy) 6 | [lib] 7 | path = "fake_lib.rs" 8 | 9 | [dependencies] 10 | uefi = { version = "0.24.0", features = ["alloc"] } 11 | uefi-services = "0.21.0" 12 | prost = { version = "0.12", default-features = false, features = ["prost-derive"] } 13 | prost-types = { version = "0.12", default-features = false } 14 | 15 | -------------------------------------------------------------------------------- /third_party/sandboxroot/.gitignore: -------------------------------------------------------------------------------- 1 | *.in 2 | -------------------------------------------------------------------------------- /third_party/sandboxroot/README.md: -------------------------------------------------------------------------------- 1 | # sandboxroot 2 | 3 | We use [bazeldnf](https://github.com/rmohr/bazeldnf) in order to reproducibly generate a sysroot 4 | to use for Bazel's sandbox from Fedora packages. 5 | 6 | bazeldnf is self-contained and requires only a Go toolchain, requiring minimal host dependencies. 7 | This allows us to bootstrap without having to ship a prebuilt sysroot. 8 | 9 | ## How to update repository and build rules 10 | 11 | Add any new packages to [regenerate.sh](./regenerate.sh) and regenerate definitions: 12 | 13 | third_party/sandboxroot/regenerate.sh 14 | 15 | This will fetch the latest version of all required packages from Fedora's repos 16 | and update repositories.bzl and BUILD.bazel. 17 | 18 | The next time a bazel command is run, the wrapper will pick up the change 19 | and rebuild the sandbox root. 20 | -------------------------------------------------------------------------------- /third_party/sandboxroot/repo.yaml: -------------------------------------------------------------------------------- 1 | repositories: 2 | - arch: x86_64 3 | metalink: https://mirrors.fedoraproject.org/metalink?repo=fedora-40&arch=x86_64 4 | name: 40-x86_64-primary-repo 5 | mirrors: 6 | - https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Everything/x86_64/os 7 | gpgkey: https://storage.googleapis.com/monogon-infra-public/RPM-GPG-KEY-fedora-40-primary 8 | - arch: x86_64 9 | metalink: https://mirrors.fedoraproject.org/metalink?repo=updates-released-f40&arch=x86_64 10 | name: 40-x86_64-update-repo 11 | gpgkey: https://storage.googleapis.com/monogon-infra-public/RPM-GPG-KEY-fedora-40-primary 12 | mirrors: 13 | - https://dl.fedoraproject.org/pub/fedora/linux/updates/40/Everything/x86_64 14 | -------------------------------------------------------------------------------- /third_party/sandboxroot/tools.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | //go:build tools 5 | // +build tools 6 | 7 | package sandboxroot 8 | 9 | import ( 10 | _ "github.com/rmohr/bazeldnf/cmd" 11 | ) 12 | -------------------------------------------------------------------------------- /third_party/seccomp/BUILD.bazel: -------------------------------------------------------------------------------- 1 | # TODO: Workaround for https://github.com/bazelbuild/bazel/issues/19301 2 | alias( 3 | name = "seccomp", 4 | actual = "@seccomp", 5 | visibility = ["//visibility:public"], 6 | ) 7 | -------------------------------------------------------------------------------- /third_party/seccomp/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/seccomp/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/swtpm/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/swtpm/BUILD.bazel -------------------------------------------------------------------------------- /third_party/swtpm/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/swtpm/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/urcu/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/urcu/BUILD.bazel -------------------------------------------------------------------------------- /third_party/urcu/config.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/urcu/config.h -------------------------------------------------------------------------------- /third_party/urcu/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/urcu/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/urcu/urcu.bzl: -------------------------------------------------------------------------------- 1 | load("@@//build/utils:template_file.bzl", "template_file") 2 | load("@rules_cc//cc:defs.bzl", "cc_library") 3 | 4 | template_file( 5 | name = "config.h", 6 | src = "@@//third_party/urcu:config.h.in", 7 | substitutions = {}, 8 | ) 9 | 10 | cc_library( 11 | name = "urcu", 12 | srcs = glob( 13 | [ 14 | "src/*.c", 15 | "src/*.h", 16 | ], 17 | ), 18 | hdrs = glob(["include/**/*.h"]), 19 | includes = ["include"], 20 | local_defines = ["RCU_MEMBARRIER", "_GNU_SOURCE"], 21 | visibility = ["//visibility:public"], 22 | ) 23 | -------------------------------------------------------------------------------- /third_party/util-linux/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/util-linux/BUILD.bazel -------------------------------------------------------------------------------- /third_party/util-linux/cc_fix_spec.prototxt: -------------------------------------------------------------------------------- 1 | # proto-file: build/bazel_cc_fix/ccfixspec/ccfixspec.proto 2 | # proto-message: CCFixSpec 3 | 4 | # To regenerate the patch, run the following in the checked-out util-linux repo 5 | # ./autogen.sh 6 | # ./configure --without-util --without-udev --without-ncursesw --without-tinfo --without-readline --without-cap-ng --without-libz --without-libmagic --without-user --without-btrfs --without-systemd --without-python 7 | # intercept-build make -j24 uuidgen blkid 8 | 9 | # And the following in the monorepo root 10 | # bazel run //build/bazel_cc_fix -- -workspace $path_to_repo -compilation_db $path_to_repo/compile_commands.json -spec third_party/util-linux/cc_fix_spec.prototxt 11 | 12 | # Templated file (original path, later rewritten) 13 | generated_file { 14 | path: "libblkid/src/blkid.h", 15 | } 16 | 17 | # Rewrite blkid.h to root for ease of use and easier codegen 18 | replace { 19 | type: WORKSPACE, 20 | from: "libblkid/src/blkid.h", 21 | to: "blkid.h", 22 | } 23 | -------------------------------------------------------------------------------- /third_party/util-linux/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/util-linux/patches/BUILD.bazel -------------------------------------------------------------------------------- /third_party/xfsprogs/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/xfsprogs/BUILD.bazel -------------------------------------------------------------------------------- /third_party/xfsprogs/patches/BUILD.bazel: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/monogon-dev/monogon/043c0b4c1a89078eafe4c8faefa78ccbadf3a233/third_party/xfsprogs/patches/BUILD.bazel -------------------------------------------------------------------------------- /tools/gopackagesdriver: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | exec bazel run -- @io_bazel_rules_go//go/tools/gopackagesdriver "${@}" 3 | -------------------------------------------------------------------------------- /version/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | 3 | go_library( 4 | name = "version", 5 | srcs = ["version.go"], 6 | importpath = "source.monogon.dev/version", 7 | visibility = ["//visibility:public"], 8 | deps = ["//version/spec"], 9 | ) 10 | -------------------------------------------------------------------------------- /version/spec/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_library") 2 | load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library") 3 | load("@rules_proto//proto:defs.bzl", "proto_library") 4 | load("@rules_proto_grpc_buf//:defs.bzl", "buf_proto_lint_test") 5 | 6 | buf_proto_lint_test( 7 | name = "spec_proto_lint_test", 8 | except_rules = [ 9 | "PACKAGE_VERSION_SUFFIX", 10 | "ENUM_ZERO_VALUE_SUFFIX", 11 | ], 12 | protos = [":spec_proto"], 13 | use_rules = [ 14 | "DEFAULT", 15 | "COMMENTS", 16 | ], 17 | ) 18 | 19 | proto_library( 20 | name = "spec_proto", 21 | srcs = ["spec.proto"], 22 | visibility = ["//visibility:public"], 23 | ) 24 | 25 | go_proto_library( 26 | name = "spec_go_proto", 27 | importpath = "source.monogon.dev/version/spec", 28 | proto = ":spec_proto", 29 | visibility = ["//visibility:public"], 30 | ) 31 | 32 | go_library( 33 | name = "spec", 34 | embed = [":spec_go_proto"], 35 | importpath = "source.monogon.dev/version/spec", 36 | visibility = ["//visibility:public"], 37 | ) 38 | -------------------------------------------------------------------------------- /version/spec/gomod-generated-placeholder.go: -------------------------------------------------------------------------------- 1 | // Copyright The Monogon Project Authors. 2 | // SPDX-License-Identifier: Apache-2.0 3 | 4 | package spec 5 | -------------------------------------------------------------------------------- /version/stampgo/BUILD.bazel: -------------------------------------------------------------------------------- 1 | load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") 2 | 3 | go_library( 4 | name = "stampgo_lib", 5 | srcs = ["main.go"], 6 | importpath = "source.monogon.dev/version/stampgo", 7 | visibility = ["//visibility:private"], 8 | deps = [ 9 | "//version/spec", 10 | "@com_github_coreos_go_semver//semver", 11 | "@org_golang_google_protobuf//proto", 12 | ], 13 | ) 14 | 15 | go_binary( 16 | name = "stampgo", 17 | embed = [":stampgo_lib"], 18 | visibility = ["//visibility:public"], 19 | ) 20 | --------------------------------------------------------------------------------