Sean P. Kelly
Sean P. Kelly
Currently Bottlerocket's [SELinux policies](https://github.com/bottlerocket-os/bottlerocket/tree/a1d20d0598865a86f2328f292bcd60e562f90704/packages/selinux-policy) are written using the CIL intermediate language and then [compiled into a policy binary when the RPM is built](https://github.com/bottlerocket-os/bottlerocket/blob/a1d20d0598865a86f2328f292bcd60e562f90704/packages/selinux-policy/selinux-policy.spec#L52). This means that out-of-tree changes to the...
Something like this is needed to install settings extensions. Each settings extension has a configuration file associated with it, e.g. [`motd.toml`](https://github.com/cbgbt/bottlerocket/blob/639de3dfdce12c34c428702ffa073c6c97c89a24/sources/models/settings-extensions/motd/motd.toml) as part of the [`motd` settings extension](https://github.com/cbgbt/bottlerocket/tree/639de3dfdce12c34c428702ffa073c6c97c89a24/sources/models/settings-extensions/motd). When installing...
**Platform I'm building on:** aarch64 **What I expected to happen:** The following should create a TUF repository containing my variant: ``` $ cargo make -e ARCH=aarch64 -e BUILDSYS_VARIANT=aws-k8s-1.29 repo ```...
**What I'd like:** I'd like to programmatically be able to associate an updated Bottlerocket image with the datestamp when it was published. One possible approach to this would be to...
**Issue or Feature Request:** In order to provide fips support, Rust packages typically lean on [`aws-lc`](https://github.com/aws/aws-lc) for crypto. rustls leans on [`aws-lc-rs`](https://github.com/aws/aws-lc-rs) for bindings. Bindings aren't shipped upstream for Bottlerocket's...
**Image I'm using:** v0.42.0 **Issue or Feature Request:** I'm building an RPM that I would like to avoid running the [check-fips script](https://github.com/bottlerocket-os/bottlerocket-sdk/blob/6a9042cbefa86e8c7a99b6717190aa3c74dfdd1e/macros/check-fips). We [expose a macro `cross_check_fips`](https://github.com/bottlerocket-os/bottlerocket-sdk/blob/6a9042cbefa86e8c7a99b6717190aa3c74dfdd1e/macros/shared#L269) which should be...