Sean P. Kelly

icon indicating an email [email protected]

icon company @aws icon location Seattle, WA icon location shaver of yaks. Senior Software Development Engineer @ AWS. I work on Bottlerocket.

Results 46 issues of Sean P. Kelly

Compile SELinux policies at Image Creation Time

1 comment

Currently Bottlerocket's [SELinux policies](https://github.com/bottlerocket-os/bottlerocket/tree/a1d20d0598865a86f2328f292bcd60e562f90704/packages/selinux-policy) are written using the CIL intermediate language and then [compiled into a policy binary when the RPM is built](https://github.com/bottlerocket-os/bottlerocket/blob/a1d20d0598865a86f2328f292bcd60e562f90704/packages/selinux-policy/selinux-policy.spec#L52). This means that out-of-tree changes to the...

Provide a mechanism for installing additional files provided by crates

Something like this is needed to install settings extensions. Each settings extension has a configuration file associated with it, e.g. [`motd.toml`](https://github.com/cbgbt/bottlerocket/blob/639de3dfdce12c34c428702ffa073c6c97c89a24/sources/models/settings-extensions/motd/motd.toml) as part of the [`motd` settings extension](https://github.com/cbgbt/bottlerocket/tree/639de3dfdce12c34c428702ffa073c6c97c89a24/sources/models/settings-extensions/motd). When installing...

`cargo make repo` fails after move to `bottlerocket-core-kit`

**Platform I'm building on:** aarch64 **What I expected to happen:** The following should create a TUF repository containing my variant: ``` $ cargo make -e ARCH=aarch64 -e BUILDSYS_VARIANT=aws-k8s-1.29 repo ```...

type/bug
area/out-of-tree-builds

Create an interface for determining the release date of an update

2 comment

**What I'd like:** I'd like to programmatically be able to associate an updated Bottlerocket image with the datestamp when it was published. One possible approach to this would be to...

type/enhancement
status/needs-proposal
area/core

Support `aws-lc-rs`

**Issue or Feature Request:** In order to provide fips support, Rust packages typically lean on [`aws-lc`](https://github.com/aws/aws-lc) for crypto. rustls leans on [`aws-lc-rs`](https://github.com/aws/aws-lc-rs) for bindings. Bindings aren't shipped upstream for Bottlerocket's...

Unable to disable `cross_check_fips` in RPM

**Image I'm using:** v0.42.0 **Issue or Feature Request:** I'm building an RPM that I would like to avoid running the [check-fips script](https://github.com/bottlerocket-os/bottlerocket-sdk/blob/6a9042cbefa86e8c7a99b6717190aa3c74dfdd1e/macros/check-fips). We [expose a macro `cross_check_fips`](https://github.com/bottlerocket-os/bottlerocket-sdk/blob/6a9042cbefa86e8c7a99b6717190aa3c74dfdd1e/macros/shared#L269) which should be...