From 31a56ee0baad48b628fa4cc1513fc9290379f95c Mon Sep 17 00:00:00 2001 From: axtloss Date: Sat, 13 Jan 2024 17:51:52 +0100 Subject: [PATCH 1/2] feat: add fsguard --- .github/workflows/vib-build.yml | 5 ++++- .github/workflows/vib-pr.yml | 5 ++++- recipe.yml | 13 +++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.github/workflows/vib-build.yml b/.github/workflows/vib-build.yml index 3c68e4d..12f60d2 100644 --- a/.github/workflows/vib-build.yml +++ b/.github/workflows/vib-build.yml @@ -18,7 +18,10 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: vanilla-os/vib-gh-action@v0.3.2-2 + - uses: vanilla-os/vib-gh-action@v0.3.3-1 + with: + recipe: 'recipe.yml' + plugins: 'Vanilla-OS/vib-fsguard:v1.2-1' - name: Build the Docker image run: docker image build -f Containerfile --tag ghcr.io/vanilla-os/vm:main . diff --git a/.github/workflows/vib-pr.yml b/.github/workflows/vib-pr.yml index 7b6efbe..415a30a 100644 --- a/.github/workflows/vib-pr.yml +++ b/.github/workflows/vib-pr.yml @@ -13,7 +13,10 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: vanilla-os/vib-gh-action@v0.3.2-2 + - uses: vanilla-os/vib-gh-action@v0.3.3-1 + with: + recipe: 'recipe.yml' + plugins: 'Vanilla-OS/vib-fsguard:v1.2-1' - name: Build the Docker image run: docker image build -f Containerfile --tag vanillaos/vm:validation . diff --git a/recipe.yml b/recipe.yml index b6eb401..8e8c0b9 100644 --- a/recipe.yml +++ b/recipe.yml @@ -35,3 +35,16 @@ modules: - apt autoremove -y - apt clean - lpkg --lock + +- name: fsguard + type: fsguard + CustomFsGuard: false + GenerateKey: true + FilelistPaths: ["/usr/bin"] + modules: + - name: remove-prev-fsguard + type: shell + commands: + - rm -rf /FsGuard + - rm -f ./minisign.pub ./minisign.key + - chmod +x /usr/sbin/init From 7435d97700db87a447cc4187c0d8ed23bea83268 Mon Sep 17 00:00:00 2001 From: axtloss Date: Sat, 13 Jan 2024 17:57:03 +0100 Subject: [PATCH 2/2] fix recipe --- recipe.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/recipe.yml b/recipe.yml index 8e8c0b9..08fe121 100644 --- a/recipe.yml +++ b/recipe.yml @@ -38,6 +38,7 @@ modules: - name: fsguard type: fsguard + FsGuardLocation: "/usr/sbin/FsGuard" CustomFsGuard: false GenerateKey: true FilelistPaths: ["/usr/bin"]