8.x.x#28

Closed

0mniteck wants to merge 211 commits intomainfrom

Owner

0mniteck commented Mar 17, 2026 •

edited

Loading

Many changes including:

Standardizing release SBOM/Attestations for multi-arch images
Use PKI to verify and fetch external HTTPS resources
Use docker-cred-helper (docker-cred-pass) to secure docker login
More closely match entrypoint and CI.actions
Make human-only policy on repo by enforcing u2f requirements at every step and by including:
- # ## HUMAN-CODE - NO AI GENERATED CODE - AGENTS HANDSOFF


          Successful Build of Release 2026-03-16

e1b456d

0mniteck self-assigned this

0mniteck added 12 commits

March 16, 2026 20:48


          Update .gitattributes

fd86749


          Update Dockerfile

7d3c950


          Update modules

028fc9f


          Update Dockerfile

1ff838c


          Update buildscript.sh

4559d10


          Update buildscript.sh

40f9c21


          Update Dockerfile

734b8f3


          Update Dockerfile

58b89c1


          Update buildscript.sh

358a2c8


          Update modules

e8f3b24


          Update buildscript.sh

2a633a0


          Update buildscript.sh

389574a

Owner Author

0mniteck commented Mar 18, 2026 •

edited

Loading

"Due to the nature of containers, the permissions granted to the Docker snap allow it to bypass elements of the snapd security sandbox. This is acceptable because the Docker snap publisher is trusted and because applications running inside such containers are further isolated with the sandbox built by Docker itself." --docker-snap-team

To me this is unacceptable and doesnt adhere to the principals of least privilledge.
Running in a --user namespaced .slice solves this issue and a few others.
As shown here you can still include files from /bin like gpg if you use $HOME/bin to create a symbolic link or copy.
Docker login is still run in total confinement along with using docker-credential-pass to avoid plaintext.
Everything else other than installation is performed as a standard user.

0mniteck added 5 commits

March 18, 2026 15:39


          Update buildscript.sh

b4b358f


          Update buildscript.sh

611dad4


          Update buildscript.sh

536be30


          Update modules

0f3a561


          Update .pinned_ver

1e43fea

Owner Author

0mniteck commented Mar 19, 2026 •

edited

Loading

Space usage study:

Approx. usage is 1.4GB of space for installation on primary drive.

EMPTY: /dev/mapper/ubuntu-ubuntu 12G 2.6G 8.6G 23% /
EMPTY: /dev/mapper/ubuntu-ubuntu 12317824 2657356 9013304 23% /

PREREQ: /dev/mapper/ubuntu-ubuntu 12G 3.3G 8.0G 29% /
PREREQ: /dev/mapper/ubuntu-ubuntu 12317824 3362092 8308568 29% /

FULL: /dev/mapper/ubuntu-ubuntu 12G 3.9G 7.4G 35% /
FULL: /dev/mapper/ubuntu-ubuntu 12317824 3990372 7680288 35% /

AFTER: /dev/mapper/ubuntu-ubuntu 12G 2.7G 8.5G 25% /
AFTER: /dev/mapper/ubuntu-ubuntu 12317824 2819924 8850736 25% /

0mniteck added 9 commits

March 18, 2026 19:27


          Update .pinned_ver


          Update modules

0a0ecec


          Update modules

d410390


          Update modules

ba63de8


          Update buildscript.sh

4617ff5


          Update modules

fa25720


          Update buildscript.sh

7ba5da9


          Update buildscript.sh

540f029


          Update buildscript.sh

54b1cfe

0mniteck added 27 commits

April 6, 2026 09:18


          Update buildscript.sh

4b26e8d

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update .pinned_ver

7f184cc

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update .identity

c80b032

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Many changes and improvements of the installation steps

9d3284b

Many changes and improvements of the installation steps

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          small fix for json input

4327dce

small fix for json input

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Adjusted json input

cbc0784

Validated json input

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Improve debugger

644b673

Improve debugger

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update buildscript.sh

5708c05

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Rewrote install to improve formatting. Attempted to fix while loop mi…

08a308f

…sinterpretation.

Rewrote install to improve formatting
Attempted to fix while loop misinterpretation

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          minor fix add fi to if

8d93427

minor fix add fi to if

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Fix command substitution for seend, dir change daemon

1816dfd

Fix command substitution for seend, dir change daemon
Fix minor formatting issue in installer

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Debugging dockerd service files

c7f60eb

Debugging dockerd service files after breaking changes

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update buildscript.sh

64c3bb4

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update buildscript.sh

563f2fb

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Many changes

dbd7ab1

revamped debug mode, added new test -t NO_CLEAN

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Minor formatting fixes

4d69f3b

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Fix minor formatting issue

a3eb70c

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Fix line ending

bfd9eba

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Fix missing -p

41657af

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Fixed unescaped quote

5214fb3

Fixed unescaped quote

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Refactor entire script

fc15d53

Adjust conditionals to inline truncation saved approx 100 lines
Slightly harder to review code but better performance

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Fix typo

88bcebe

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update buildscript.sh

33a518e

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update buildscript.sh

5d0208f

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update buildscript.sh

ad4091f

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update buildscript.sh

e35ceea

Signed-off-by: Shant Tchatalbachian <10482171+0mniteck@users.noreply.github.com>


          Update CNAME

f6b5f8b

Owner Author

0mniteck commented Apr 8, 2026

Reopening as automerge is failing

0mniteck closed this

0mniteck mentioned this pull request

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels