Commit Graph

582 Commits

Author SHA1 Message Date
Julian Stecklina d751d13b0a
Merge pull request #139 from adtya/built_on_date
Use birth time instead of modify time for generation "built on" date
2023-04-06 12:18:46 +02:00
Lily Foster 4066b0a894
nix: clean up fwupd-efi handling a little bit 2023-04-04 06:38:19 -04:00
Mats 223ab53d55 tool: drop buggy condition for when to sign 2023-03-30 23:53:24 +02:00
Adithya Nair 97874a2002
propagate error instead of unwrapping in tests 2023-03-22 11:19:12 +05:30
Adithya Nair 6a342a49a9
propagate error instead of unwrapping 2023-03-22 01:25:17 +05:30
Adithya Nair e033a2fcaf
replace mtime with birth time 2023-03-21 23:47:33 +05:30
Ryan Lahfa 7c55847aaf
Merge pull request #134 from kanashimia/hardcoding
nixos-module: add settings key for the loader.conf
2023-03-21 15:49:55 +01:00
Mia Kanashi ea5e2ba437 nixos-module: add settings key for the loader.conf
This commit adds settings key for configuring systemd-boot to the lanzaboot
nixos module. The are couple of the default values that are set from the usual
nixos boot.loader.systemd-boot options, they are merged with the user defined
configuration.

This commit modifies default loader.conf to boot into the latest nixos
generation by default, for when you have other operating systems installed.

Primary reason behind this PR is to allow extensible loader configuration.

Co-authored-by: Raito Bezarius <masterancpp@gmail.com>
2023-03-21 15:48:56 +01:00
Ryan Lahfa 9c0dfff36b
Merge pull request #131 from lilyinstarlight/feature/fwupd
Properly handle fwupd update capsules, take 2
2023-03-21 15:26:50 +01:00
Lily Foster fd956c4864
flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs-test':
    'github:RaitoBezarius/nixpkgs/e51bf8cc8e2c75192e930ad83ed272938729e7be' (2022-12-23)
  → 'github:NixOS/nixpkgs/371d3778c4f9cee7d5cf014e6ce400d57366570f' (2023-03-16)
2023-03-20 07:47:21 -04:00
Lily Foster 738d986536
flake: update nixpkgs-test
The nixpkgs-test input has been moved to the branch from
NixOS/nixpkgs#207039.
2023-03-20 07:46:24 -04:00
Lily Foster 658d753d1c
Properly handle fwupd update capsules
Co-Authored-By: Janne Heß <janne@hess.ooo>
2023-03-20 07:46:24 -04:00
Julian Stecklina bdcada4bc2
Merge pull request #137 from nix-community/renovate/all
fix(deps): update all dependencies
2023-03-20 10:34:53 +01:00
renovate[bot] 9bbbae3168
fix(deps): update all dependencies 2023-03-20 09:25:02 +00:00
Julian Stecklina a5dcc2cc3f
Merge pull request #138 from nix-community/renovate/lock-file-maintenance
chore(deps): lock file maintenance
2023-03-20 10:23:09 +01:00
Julian Stecklina 5a03bb751d stub: update dependencies
Update nightly toolchain and UEFI dependencies. The latest crane
version comes with a bug where it fails to compile UEFI binaries.
2023-03-20 09:51:30 +01:00
renovate[bot] dfa6c3db1f
chore(deps): lock file maintenance 2023-03-20 01:57:17 +00:00
Julian Stecklina 73fca9b923
Merge pull request #132 from nix-community/toctou
Don't Reload Stub from the File System
2023-03-15 23:57:12 +01:00
Julian Stecklina 7060389698 stub: add safety comment for PE parsing 2023-03-15 21:53:19 +01:00
Julian Stecklina 9c128e9ef6 stub: do not read loaded image again from ESP
... because this might not work, if we were not loaded from a file
system. It also removes the issue where we might not load the signed
image that was actually loaded.

Fixes #123
2023-03-15 00:36:50 +01:00
Julian Stecklina 8aad4af5ad renovate: enable lockfile maintenance
This allows Renovate to update Flake dependencies and indirect Rust
dependencies.
2023-03-14 00:31:46 +01:00
Julian Stecklina 73ee9198e7
Merge pull request #130 from nix-community/renovate/all
fix(deps): update all dependencies
2023-03-14 00:06:23 +01:00
renovate[bot] eed59b4d16
fix(deps): update all dependencies 2023-03-13 00:45:02 +00:00
Julian Stecklina 3efb505a2a
Merge pull request #125 from nix-community/tool-finetune-log-messsages
tool: fine tune a few log messages
2023-03-06 10:04:37 +01:00
nikstur 721b584940 tool: fine tune a few log messages 2023-03-06 00:52:46 +01:00
nikstur f590204e8f
Merge pull request #121 from nix-community/tool-configurable-logging
tool: init configurable logging
2023-03-05 23:27:11 +01:00
nikstur c8522e02b4 Merge pull request #122 from nix-community/renovate/all
fix(deps): update all dependencies
2023-02-28 22:20:33 +01:00
nikstur a3bff52602
Merge pull request #122 from nix-community/renovate/all
fix(deps): update all dependencies
2023-02-27 10:03:37 +01:00
renovate[bot] e321ad1626
fix(deps): update all dependencies 2023-02-27 02:01:48 +00:00
nikstur a393ac7673
Merge pull request #120 from nix-community/renovate/configure
Configure Renovate
2023-02-26 19:56:30 +01:00
renovate[bot] 342cc80b08 Add renovate.json 2023-02-26 17:18:14 +01:00
nikstur 9dedcaea15
Merge pull request #118 from nix-community/qs-nonflakes
docs: add non-flakes quick start documentation
2023-02-26 00:07:51 +01:00
Raito Bezarius eab58bda3e docs: add non-flakes quick start documentation 2023-02-26 00:06:11 +01:00
Julian Stecklina cf7efb6b93
Merge pull request #119 from nix-community/revert-113-feat/fwupd
Revert "Properly handle fwupd update capsules"
2023-02-25 23:28:27 +01:00
Julian Stecklina 754656d500
Revert "Properly handle fwupd update capsules" 2023-02-25 23:27:39 +01:00
Julian Stecklina 9daa941320
Merge pull request #113 from dasJ/feat/fwupd
Properly handle fwupd update capsules
2023-02-25 23:01:12 +01:00
Julian Stecklina 29e0aaf934
Merge pull request #117 from nix-community/fix-initrd-secrets-test
tests: correctly test appending secret to initrd
2023-02-25 22:52:55 +01:00
nikstur ab4e90c331 tests: correctly test appending secret to initrd
The way the test was implemented previously did not make it fail if no
secret was appended to the initrd. Now it is implemented similary to the
initrd-secrets test in Nixpkgs and works correctly.
2023-02-25 21:41:38 +01:00
Julian Stecklina 195e29f935
Merge pull request #116 from nix-community/installation-order
Make File Installation Order Deterministic
2023-02-25 21:25:23 +01:00
Julian Stecklina cbccd64c57 tool: make file installation deterministic
Due to the use of hash maps, the order of file installation was not
deterministic. I've changed the code the use BTreeMaps instead, which
makes this deterministic. While I was here, I tried to simplify the
code a bit.
2023-02-25 20:42:08 +01:00
Julian Stecklina a5e283ca44
Merge pull request #112 from nix-community/log
Minimalistic Logging Support
2023-02-25 11:20:01 +01:00
nikstur 46b8a553b9
Merge pull request #115 from nix-community/install-typos
tool: fix typos
2023-02-24 01:33:44 +01:00
nikstur 32950b7708 tool: fix typos 2023-02-24 01:29:15 +01:00
nikstur ed1676e544
Merge pull request #109 from nix-community/correctly-update-initrd-secrets
tool: correctly update initrd secrets
2023-02-24 01:18:57 +01:00
nikstur f4f8c41005 tests: add initrd-secrets-update
Add a test for updating the secrets on an existing initrd.
2023-02-24 01:16:52 +01:00
nikstur 75a19cd818 tool: correctly sort generation links
To correctly overwrite existing initrd with newer secrets (from newer
generations), the links need to be sorted from oldest generation to
newest.
2023-02-24 00:32:14 +01:00
nikstur 3f0669607d
Merge pull request #110 from nix-community/ensure-signed-generations
tool: ensure correct up to date files in the ESP
2023-02-24 00:12:02 +01:00
nikstur 1d21d7bdd8 tool: add install tests
Add a few integration tests for installing files, e.g. overwriting
signed and unsigned files.
2023-02-24 00:04:00 +01:00
nikstur 362205c2ec tool: check file hashes before copying
To minimize writes to the ESP but still find necessary changes, compare
the hashes of the files on the ESP with the "expected" hashes. Only copy
and overwrite already existing files if the hashes don't match. This
ensures a working-as-expected state on the ESP as opposed to previously
where already existing files were just ignored.
2023-02-24 00:04:00 +01:00
nikstur 06b9cdc69e tool: move file_hash() to utils module 2023-02-24 00:04:00 +01:00