|
|
d96ad3dc02
|
Some more hardening to not process raw jinja inside salt/ansible cmd. But, I think this is the end of the road
Lint / test (push) Waiting to run
CI / test (push) Successful in 57s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Has been cancelled
CI / test (debian, docker.io/library/debian:13, python3) (push) Has been cancelled
|
2026-06-22 20:26:06 +10:00 |
|
|
|
c3c3608049
|
Validate state.json is a normal file
|
2026-06-22 17:47:36 +10:00 |
|
|
|
5757bf4275
|
Update DEVELOPMENT.md
CI / test (push) Successful in 51s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 12m41s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 22m25s
Lint / test (push) Successful in 1m19s
|
2026-06-22 17:23:31 +10:00 |
|
|
|
992b8060a5
|
validation of artifact dir
|
2026-06-22 17:23:25 +10:00 |
|
|
|
efb6d7cc15
|
Be strict about XDG_CACHE_DIR ownership etc
|
2026-06-22 17:22:27 +10:00 |
|
|
|
4277e029d0
|
fix changelog
CI / test (push) Successful in 52s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m50s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 21m39s
Lint / test (push) Successful in 47s
|
2026-06-22 15:39:22 +10:00 |
|
|
|
5930758398
|
Fix pyproject to make debian build happy
|
2026-06-22 15:39:17 +10:00 |
|
|
|
952687e15d
|
Ensure that --include-path records (but does not traverse) symlinks
Lint / test (push) Waiting to run
CI / test (push) Failing after 44s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Has been cancelled
CI / test (debian, docker.io/library/debian:13, python3) (push) Has been cancelled
|
2026-06-22 15:34:44 +10:00 |
|
|
|
07b07e60c5
|
Ensure paths are not followed through parent links
|
2026-06-22 15:32:40 +10:00 |
|
|
|
e10a3f62b0
|
Belts and braces: normalise paths before globbing
|
2026-06-22 15:06:46 +10:00 |
|
|
|
c4448226c0
|
Ensure tests run through the poetry env's pytest
|
2026-06-22 15:05:48 +10:00 |
|
|
|
00f960d01e
|
Upgrade to Poetry 2
|
2026-06-22 15:03:32 +10:00 |
|
|
|
70525e52d8
|
Doc updates
CI / test (push) Successful in 49s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m47s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m32s
Lint / test (push) Successful in 47s
|
2026-06-22 14:49:56 +10:00 |
|
|
|
ad019f6b09
|
normalise control characters in generated manifest scalars
|
2026-06-22 14:45:12 +10:00 |
|
|
|
cec6023a40
|
Ensure that diff also runs through validate()
CI / test (push) Successful in 48s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m15s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m51s
Lint / test (push) Successful in 46s
|
2026-06-22 14:14:51 +10:00 |
|
|
|
1312b7eac2
|
Add SECURITY.md
|
2026-06-22 13:33:30 +10:00 |
|
|
|
a1d7a9e4e6
|
Add warning about --dangerous mode if sops is not in use
CI / test (push) Successful in 50s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 12m37s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m21s
Lint / test (push) Successful in 45s
|
2026-06-22 12:56:21 +10:00 |
|
|
|
bf1c72c542
|
CHANGELOG updates
|
2026-06-22 12:47:39 +10:00 |
|
|
|
d93de8a8a2
|
Fix for remote harvest tmp dir
|
2026-06-22 12:46:45 +10:00 |
|
|
|
21a3ef3447
|
More safety about writing output harvests/manifests to safe locations, including SOPS and diff.
|
2026-06-22 12:21:33 +10:00 |
|
|
|
3feba9a9f2
|
More information about use of --dangerous mode
|
2026-06-22 12:03:48 +10:00 |
|
|
|
d1e99db2df
|
Update the cli help info about enroll.ini location
|
2026-06-22 12:00:48 +10:00 |
|
|
|
def1c2bbc7
|
Add note about README.md
|
2026-06-22 11:59:38 +10:00 |
|
|
|
e78f61c5ed
|
Avoid TOCTOU issues, stronger perms on manifest dir, don't allow harvesting to existing dir by default, scan whole file for potential secrets
CI / test (push) Successful in 48s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m19s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m40s
Lint / test (push) Successful in 48s
|
2026-06-22 11:41:11 +10:00 |
|
|
|
c7a6bfe979
|
Update tests
CI / test (push) Successful in 51s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m30s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 19m55s
Lint / test (push) Successful in 44s
|
2026-06-22 11:06:24 +10:00 |
|
|
|
a0914e1369
|
Strict validation of PATH when running as root in case it could contain potentially unsafe binaries
|
2026-06-22 11:06:01 +10:00 |
|
|
|
205c419a7a
|
Sanity check on FQDN name to avoid accidental path traversal and similar woes
|
2026-06-22 10:59:17 +10:00 |
|
|
|
3e8ad600e2
|
Use shlex.quote on remote commands
|
2026-06-22 10:58:20 +10:00 |
|
|
|
0a0f067111
|
Add other common strings that could represent sensitive values to ignore unless in --dangerous mode
|
2026-06-22 10:57:54 +10:00 |
|
|
|
e2b61bcdf1
|
Ensure jinjifying an artifact passes through safe_artifact_file just in case
|
2026-06-22 10:57:08 +10:00 |
|
|
|
03dc467e32
|
Updates to DEVELOPMENT.md re: manifest and validate
|
2026-06-22 10:09:31 +10:00 |
|
|
|
1e61ae2ff9
|
Fix tests for deb build
CI / test (push) Successful in 49s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m32s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m1s
Lint / test (push) Successful in 44s
|
2026-06-22 10:05:17 +10:00 |
|
|
|
67b92731f6
|
Update tests
Lint / test (push) Waiting to run
CI / test (push) Failing after 49s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Has been cancelled
CI / test (debian, docker.io/library/debian:13, python3) (push) Has been cancelled
|
2026-06-22 09:58:54 +10:00 |
|
|
|
0384f8817b
|
Fail closed on SMTP STARTTLS credential failure before sending creds. Ensure diff's manifest dir works now that we don't remove the target location if it exists (temp dir)
|
2026-06-22 09:57:56 +10:00 |
|
|
|
5ffd4ee755
|
Perform harvest validation before trying to manifest from it
|
2026-06-22 09:56:55 +10:00 |
|
|
|
706604df74
|
Stricter validation of harvests to ensure that they meet the schema and don't contain unsafe artifacts (e.g symlinks pointing outside the artifact tree)
|
2026-06-22 09:55:38 +10:00 |
|
|
|
a85e8265f4
|
Don't allow .enroll.ini in CWD, rely on env var or XDG path
|
2026-06-22 09:52:33 +10:00 |
|
|
|
6ee8c60e64
|
Fix the almalinux tests - skip jinjaturtle and systemd in CI
CI / test (push) Successful in 46s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m26s
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m24s
Lint / test (push) Successful in 45s
|
2026-06-21 17:49:51 +10:00 |
|
|
|
ce2652a3b3
|
Handle gracefully debian stuff when testing on rhel-like
CI / test (push) Has been cancelled
Lint / test (push) Has been cancelled
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Failing after 5m10s
CI / test (debian, docker.io/library/debian:13, python3) (push) Failing after 10m10s
|
2026-06-21 16:15:33 +10:00 |
|
|
|
b704a6c80b
|
Add node before checkout
Lint / test (push) Waiting to run
CI / test (push) Successful in 46s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Failing after 3m14s
CI / test (debian, docker.io/library/debian:13, python3) (push) Failing after 11m33s
|
2026-06-21 16:07:03 +10:00 |
|
|
|
b3a9cd3fb9
|
Fix curl on almalinux
Lint / test (push) Waiting to run
CI / test (push) Successful in 46s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Failing after 2m9s
CI / test (debian, docker.io/library/debian:13, python3) (push) Failing after 2m28s
|
2026-06-21 16:00:35 +10:00 |
|
|
|
429da3f4c1
|
Attempt to run tests on Alma Linux
Lint / test (push) Waiting to run
CI / test (push) Successful in 46s
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Failing after 30s
CI / test (debian, docker.io/library/debian:13, python3) (push) Failing after 2m47s
|
2026-06-21 15:57:41 +10:00 |
|
|
|
f21bac7d1c
|
Updates to CHANGELOG and release script
CI / test (push) Successful in 26m56s
Lint / test (push) Successful in 42s
|
2026-06-21 13:40:07 +10:00 |
|
|
|
fc120f02a5
|
More test coverage
|
2026-06-21 13:37:37 +10:00 |
|
|
|
528176ad82
|
Enforce the galaxy requirements in tests
Lint / test (push) Waiting to run
CI / test (push) Has been cancelled
|
2026-06-21 13:15:10 +10:00 |
|
|
|
90e863df40
|
Add DEVELOPMENT.md
|
2026-06-21 13:03:26 +10:00 |
|
|
|
a0ac28f213
|
Support '--enforce' mode in 'enroll diff' with '--target' to use a specific config manager to run to enforce
CI / test (push) Successful in 27m26s
Lint / test (push) Successful in 45s
|
2026-06-21 12:38:10 +10:00 |
|
|
|
5b0e945c99
|
Fix jinjaturtle tests
CI / test (push) Successful in 27m22s
Lint / test (push) Successful in 41s
|
2026-06-21 09:42:19 +10:00 |
|
|
|
d81c32ab7f
|
Require version 1.20.0 or higher of podman container collection, for the platform arg
|
2026-06-21 09:41:56 +10:00 |
|
|
|
c7c8b93e09
|
make tests.sh executable again, whoops
CI / test (push) Failing after 3m49s
Lint / test (push) Successful in 44s
|
2026-06-21 09:30:15 +10:00 |
|
