Commit Graph

286 Commits

Author SHA1 Message Date
nikstur eca0ea67fe lanzabooteModule: implement configuration limit 2023-01-02 00:05:21 +01:00
nikstur 9daf9ae0a8 lanzatool: implement configuration limit 2023-01-02 00:05:17 +01:00
nikstur 4a8cfa7f7f lanzatool: add walkdir dependency 2022-12-31 02:10:36 +01:00
nikstur e439cf452b
Merge pull request #42 from nix-community/lanzatool-small-fixes
Lanzatool: small fixes
2022-12-31 00:00:36 +01:00
nikstur 0a58b290e2 lanzatool: clean up parse_version and add simple test 2022-12-30 23:43:19 +01:00
nikstur 463d9496bf lanzatool: write sbsign output to stdout 2022-12-30 23:43:19 +01:00
nikstur d4c5af23fe lanzatool: improve error msg for file_size 2022-12-30 23:43:19 +01:00
nikstur a341baa09a lanzatool: simplify nixos_path and add unit test 2022-12-30 23:43:18 +01:00
nikstur 781651b9e0 lanzatool: improve esp_relative_path_string error msg 2022-12-30 21:11:07 +01:00
nikstur f4e4ad9c3b
Merge pull request #41 from nix-community/path_are_not_strings
Avoid Path -> String Conversions
2022-12-29 00:28:36 +01:00
Julian Stecklina f6ae373500 lanzatool: apply rustfmt to install.rs 2022-12-28 23:59:23 +01:00
Julian Stecklina f07618b64c lanzatool: remove unused utils module 2022-12-28 23:59:23 +01:00
Julian Stecklina b762de9fec lanzatool: remove Path -> String conversions in signature module 2022-12-28 23:59:23 +01:00
Julian Stecklina 74afcb1eea lanzatool: remove Path -> String conversion from pe module
... by using OsString, which can handle broken UTF-8 in file
names.
2022-12-28 23:59:23 +01:00
Ryan Lahfa 3fdf25a5a8
Merge pull request #40 from nix-community/inputs-from-lanzatool
Move lanzatool to inputsFrom in devShell
2022-12-26 20:55:11 +01:00
nikstur 110f1bb9fd flake.nix: move lanzatool to inputsFrom in devShell
When lanzatool is in the packages attr of the devShell, any compliation
error in lanzatool means direnv cannot load the environment anymore.
Then LSP support in your editor and even cargo in your shell is missing.
2022-12-26 16:33:19 +01:00
nikstur 46df12d579
Merge pull request #38 from nix-community/fix-malformed-gens
lanzatool: ignore malformed generations
2022-12-26 02:51:15 +01:00
Raito Bezarius 0ad20b0d5a lanzatool: ignore malformed generations 2022-12-26 02:47:28 +01:00
nikstur de5545a67f
Merge pull request #36 from nix-community/non-flake
chore: support non-flake users
2022-12-26 01:24:26 +01:00
Raito Bezarius 8e482e7db9 chore: support non-flake users 2022-12-26 01:22:34 +01:00
nikstur 287fb0978d
Merge pull request #35 from nix-community/refactor-nix
Move tests into separate file, add more structure to nix directory, and run nixpkgs-fmt & statix over everything
2022-12-25 19:03:44 +01:00
nikstur a6926d7419 flake.nix: add statix and nixpkgs-fmt to devSHell 2022-12-25 18:49:29 +01:00
nikstur 7d5ac15cbb nix.tests: move from flake 2022-12-25 18:49:28 +01:00
nikstur 912c9b27a6 nix: move package and module into subdir 2022-12-25 18:38:41 +01:00
nikstur e90262608e flake.nix: apply suggestions from statix 2022-12-25 18:38:41 +01:00
nikstur eb9b1bbbe3 treewide: format with nixpkgs-fmt 2022-12-25 18:38:39 +01:00
nikstur 07fc31613e
Merge pull request #27 from nix-community/docs
Initial "experimental end-user" documentation
2022-12-25 18:22:59 +01:00
Raito Bezarius c38e155d3c documentation: add a simple quick start 2022-12-25 18:16:14 +01:00
nikstur 14c6c413f3
Merge pull request #26 from nix-community/upstream-bootspec
project: support upstream bootspec
2022-12-25 18:11:28 +01:00
nikstur 65f3c67357 lanzatool: appease clippy by removing borrow 2022-12-25 18:05:07 +01:00
nikstur 6e66c5f0ed Cargo.toml: update bootspec to upstream 2022-12-25 18:05:07 +01:00
Raito Bezarius e3f6029643 nixos/lanzaboote: use upstream bootspec for extension generation 2022-12-25 18:05:07 +01:00
Ryan Lahfa 1e149b8e9f
Merge pull request #32 from nix-community/nlnet
Thank (a lot) NLnet for making this possible
2022-12-21 20:24:40 +01:00
Raito Bezarius 1b9fac224d readme: thank (a lot) NLnet for making this possible 2022-12-21 05:09:00 +01:00
Raito Bezarius 92e7e4f49a lanzatool(bootspec): introduce DetSys's bootspec library 2022-12-18 00:29:49 +01:00
Julian Stecklina 30be791826
Merge pull request #24 from nix-community/remove-auto-entroll
Remove auto entroll leftovers
2022-12-11 14:48:27 +00:00
Julian Stecklina 1a63419003
Merge pull request #25 from nix-community/flake
Deduplicate nixpkgs in Flakes Inputs
2022-12-11 14:47:27 +00:00
Jörg Thalheim 3a0a8e7d71
Update flake.nix
Co-authored-by: Julian Stecklina <js@alien8.de>
2022-12-10 17:26:47 +00:00
nikstur 36c0a13c4c lanzaboote module: remove --pki-bundle option 2022-12-10 18:11:23 +01:00
nikstur 614131d648 lanzatool: remove placeholder code for auto enrolling uefi keys 2022-12-10 18:11:23 +01:00
Julian Stecklina 06da27529f
Merge pull request #21 from nix-community/boot-file-integrity
Verify Kernel/Initrd Integrity using Blake3
2022-12-09 23:54:14 +00:00
Jörg Thalheim c9f9f1c52a nixos/lanzaboote: pkiBundle is not actual optional
the installHook needs it.
2022-12-08 21:26:17 +01:00
Jörg Thalheim 39774a6974 fix lanzaboote module import 2022-12-08 21:23:35 +01:00
Jörg Thalheim a4ddbada50 deduplicate flakes
without this users end up with multiple copies of nixpkgs, which cannot
be overriden from the outside (follows only works on 1 level).
2022-12-08 20:40:40 +01:00
nikstur 49a8ae8aec lanzatool: skip existing files in esp 2022-12-03 19:05:12 +01:00
Julian Stecklina d35ca2d7d3 nix: fix initrd integration test 2022-12-02 13:50:32 +01:00
Julian Stecklina 85b111aa17 initrd-stub: drop unused stub
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
Julian Stecklina 401c3b8c1c lanzatool, lanzaboote: don't wrap initrd as PE
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
Julian Stecklina 1739ffde26 lanzaboote: verify hash of kernel and initrd 2022-11-30 09:22:14 +01:00
Julian Stecklina 7a15bba50b lanzaboote: load kernel and initrd into memory only once 2022-11-30 09:22:14 +01:00