Closed conorsch closed 2 years ago
conorsch
commented
7 years ago A more intuitive role breakdown:
The metapackage role can leverage https://github.com/freedomofpress/ansible-role-build-debian-package specifically for the SecureDrop use case.
conorsch
commented
7 years ago Made progress, have two broken out roles in separate repositories now:
Porting over the metapackage logic will require integration with another role as mentioned above. This repo can remain to house documentation on building SecureDrop-specific kernels from source. Beefing up the dev environment via Molecule will provide endpoints for all the "example" playbooks, and we can include the external roles via dependencies now.
conorsch
commented
6 years ago The final role logic, that for the securedrop-grsec metapackage, was broken out of this repo and consolidated into the SecureDrop repository in https://github.com/freedomofpress/securedrop/issues/2696 . There's still a bit of housekeeping to be done on this repository, such as updating the README to link out to the old roles. That's the last task.
eloquence
commented
2 years ago We now use a dockerized setup, https://github.com/freedomofpress/kernel-builder/ . Closing and archiving this repo.
This git repository contains three separate roles:
The primary use of this repository is to publish the kernel maintenance documentation for use with SecureDrop. Some of the roles and associated playbooks are specifically intended for use with SecureDrop, e.g.
build-grsec-metapackage, but the others are more generalized.Most of the Ansible logic required to maintain SecureDrop exists in the SecureDrop repository—except the kernel build information. If we split up these roles, we can selectively include them in the SecureDrop repository, which should make the documentation story more straightforward for future (and current) maintainers.