* chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
* Remove global permissions which are set implicitly
With restrictive settings in the global GitHub Action permission settings
those permissions are given implicitly.
Co-authored-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
Co-authored-by: Joakim Sørensen <hi@ludeeus.dev>
Co-authored-by: Stefan Agner <stefan@agner.ch>
Some applications try to increase the buffers for performance reason. The
QUIC Go implementation for instance tries to request a 2048 kiB buffer
size.
The kernel default depends on skubuf size (which is architecture
dependent), but it is memory size independet and typically around 200 kiB
(see [1]).
Other network tuning guides suggest 16MiB for 1GB ethernet, as well as
changing the default as well as maximum bufffer size (see [2]). This
conservatively increases the maximum buffer size to 4MiB.
[1]: https://elixir.bootlin.com/linux/v5.15.45/source/include/net/sock.h#L2742
[2]: https://nateware.com/2013/04/06/linux-network-tuning-for-2013/
* Add open-vm-tools to AArch64 for better VMware support (#1050)
* Bump buildroot
* buildroot 666868435d...de7aa15c65 (1):
> package/openvmtools: bump version to 11.3.5
For phyiscal hardware the default Power Button action has been disabled
to avoid accidentally power down the machine.
However, for virtual machine this method is often used to shutdown the
virtual machine gracefully. Use the regular power settings for virtual
machines.
* Use upstream Linux driver for Bluetooth on ASUS Tinker
* Drop unnecessary Bluetooth initialization systemd service
Bluetooth is now entirely handled by the kernel.
* Recreate defconfigs using savedefconfig target
Buildroot allows to generate minimal defconfigs using the savedefconfig
target. Regenerate all our configurations so they all look alive and are
minimalistc.
* Fix generic_aarch64_defconfig
* Enable additional LED triggers
* Improve Yellow device tree
Fix soundcard name and use BTN_1 as key code.
* Add input-event-daemon configuration
Add minimal input-event-daemon configuration to avoid the default
configuration taking effect. This minimal configuration triggers
the USB configuration import on button press.
* Support firewall matching by pkttype
Matching by pkttype is required by the reference OTBR firewall script.
* Add additional Kernel configurations required for OpenThread.
It seems that the GitHub container registry sometimes returns 503
service unavailable temporarily ("Error fetching tags list: invalid status
code from registry 503"). Use skopeo's retry mechanism to try up to 5
times before failing.
Add VID/PID of some known problematic USB SSD controllers to USB storage
quirk list. This should make most USB SSD's work with Home Assistant OS
out-of-the box.
