Raito Bezarius
77f1279406
tool(bootspec): remove boilerplate with newest bootspec
2023-05-20 19:41:31 +02:00
nikstur
7ed294c84d
Merge pull request #180 from nix-community/sync-packages-ver
...
chore: sync our crates version to latest tag
2023-05-19 00:36:31 +02:00
Raito Bezarius
606b9e8bab
stub(tpm): Measure "UKI" (i.e. all unified sections in our stub)
2023-05-18 19:05:53 +02:00
Raito Bezarius
ad28b4cd01
stub: bump crate to 0.3.0
2023-05-18 19:03:42 +02:00
Raito Bezarius
39cda9e457
tool: bump crate to 0.3.0
2023-05-18 19:03:37 +02:00
nikstur
65dbe44999
stub: format with rustfmt
2023-05-17 21:40:03 +02:00
nikstur
e37bf51ed3
stub: format with rustfmt
2023-05-17 21:39:40 +02:00
renovate[bot]
7378e06257
fix(deps): update all dependencies
2023-05-08 01:30:03 +00:00
nikstur
ae49611bd6
Merge pull request #166 from nix-community/sd-stub-efi-variables
...
feat: minimal poc for exporting UEFI variables à la sd-boot
2023-05-05 21:32:50 +02:00
Raito Bezarius
a5372db91f
hotfix(stub): rust_version -> rust-version in Cargo.toml
2023-05-05 20:11:55 +02:00
Raito Bezarius
9dd9116b1e
stub: export boot loader interface efivars
2023-05-05 20:11:55 +02:00
renovate[bot]
008e7a65fd
fix(deps): update all dependencies
2023-05-01 02:39:28 +00:00
Raito Bezarius
4ef6957f88
feat: enable synthesis support
...
Bootspec has a mechanism called synthesis where you can synthesize
bootspecs if they are not present based on the generation link only.
This is useful for "vanilla bootspec" which does not contain any
extensions, as this is what we do right now.
If we need extensions, we can also implement our synthesis mechanism on
the top of it.
Enabling synthesis gives us the superpower to support non-bootspec
users. :-)
2023-04-29 22:55:39 +02:00
Raito Bezarius
9fe979d2d6
tests: adopt bootspec v1 format
2023-04-29 15:21:38 +02:00
Raito Bezarius
48ff4cb7c4
tool: adopt bootspec 0.1.0
2023-04-29 15:21:38 +02:00
nikstur
06edad2e83
tool: improve log message about malformed gens
...
Tells the user which generations are malformed and how to remove them.
2023-04-27 00:33:45 +02:00
nikstur
09e12eb559
tool: disable gc in the presence of malformed gens
...
Disable GC if there are any malformed gens to avoid catastrophic failure
when there are upstream changes to NixOS that are not handled in lzbt.
2023-04-24 22:03:14 +02:00
nikstur
1b27ddd753
Merge pull request #159 from nix-community/renovate/all
...
fix(deps): update rust crate clap to 4.2.4
2023-04-24 14:03:04 +02:00
Janne Heß
c22352ca20
tool: Use mtime of the symlink rather than the target
...
When using the target, this will always result in a timestamp from 1970
because the symlink points to the store.
2023-04-24 11:57:34 +02:00
Janne Heß
979d25ee13
Revert "Merge pull request #139 from adtya/built_on_date"
...
This reverts commit d751d13b0a
, reversing
changes made to 7c55847aaf
.
2023-04-24 11:48:46 +02:00
renovate[bot]
2ecd951de1
fix(deps): update rust crate clap to 4.2.4
2023-04-24 01:08:24 +00:00
nikstur
8efc061e1d
tool: add comment for log level of malformed gens
...
The message about malformed generatiosn should semantically be a
warning. However, since users might have hundres of old and thus
malformed generations and can do little about it, this should remain a
debug message. This way the user is not spammed with no-op warnings
while still enabling debugging.
2023-04-23 23:28:21 +02:00
nikstur
68d1928e3d
Revert "tool: don't silently ignore generations"
...
This reverts commit 4f182704e0
.
2023-04-23 23:27:32 +02:00
Julian Stecklina
4f182704e0
tool: don't silently ignore generations
2023-04-23 15:20:49 +02:00
Julian Stecklina
be458e3385
tool: avoid creating unbootable system
...
lzbt currently happily nukes all boot entries, if it can't parse any
bootspecs. With the upcoming incompatible bootspec change, this might
be a problem that's worth avoiding. :)
I changed lzbt to fail hard in case, it can't generate any boot
items.
2023-04-23 15:17:32 +02:00
Julian Stecklina
ddd22a8f67
Merge branch 'master' into icache
2023-04-21 18:34:33 +02:00
Alois Wohlschlager
ae401e4b18
stub: implement icache coherence on i686 and AArch64
...
People reportedly want to compile the stub on i686 and AArch64
platforms for testing. Make compilation possible by providing proper
`make_instruction_cache_coherent` implementations on these platforms.
For x86 (just as x86_64), this is a no-op, because Intel made the
instruction cache coherent for compatibility with code that was written
before caches existed.
For AArch64, adapt the procedure from their manual to multiple
instructions.
2023-04-21 18:00:14 +02:00
renovate[bot]
b25e1b77d2
chore(deps): update all dependencies
2023-04-17 01:25:18 +00:00
Alois Wohlschlager
81e25ee5c3
stub: clarify instruction cache coherence
2023-04-16 16:17:50 +02:00
Raito Bezarius
666b5e7169
stub: make it compatible with a stable Rust compiler (≥ 1.68.x)
2023-04-14 16:48:30 +02:00
renovate[bot]
51017c0f40
fix(deps): update all dependencies
2023-04-09 20:27:07 +00:00
Julian Stecklina
5d3fbf10a6
Merge pull request #142 from Myaats/master
...
tool: drop buggy condition for when to sign
2023-04-09 22:20:46 +02:00
Mats
223ab53d55
tool: drop buggy condition for when to sign
2023-03-30 23:53:24 +02:00
Adithya Nair
97874a2002
propagate error instead of unwrapping in tests
2023-03-22 11:19:12 +05:30
Adithya Nair
6a342a49a9
propagate error instead of unwrapping
2023-03-22 01:25:17 +05:30
Adithya Nair
e033a2fcaf
replace mtime with birth time
2023-03-21 23:47:33 +05:30
renovate[bot]
9bbbae3168
fix(deps): update all dependencies
2023-03-20 09:25:02 +00:00
Julian Stecklina
5a03bb751d
stub: update dependencies
...
Update nightly toolchain and UEFI dependencies. The latest crane
version comes with a bug where it fails to compile UEFI binaries.
2023-03-20 09:51:30 +01:00
renovate[bot]
dfa6c3db1f
chore(deps): lock file maintenance
2023-03-20 01:57:17 +00:00
Julian Stecklina
7060389698
stub: add safety comment for PE parsing
2023-03-15 21:53:19 +01:00
Julian Stecklina
9c128e9ef6
stub: do not read loaded image again from ESP
...
... because this might not work, if we were not loaded from a file
system. It also removes the issue where we might not load the signed
image that was actually loaded.
Fixes #123
2023-03-15 00:36:50 +01:00
renovate[bot]
eed59b4d16
fix(deps): update all dependencies
2023-03-13 00:45:02 +00:00
nikstur
721b584940
tool: fine tune a few log messages
2023-03-06 00:52:46 +01:00
nikstur
c8522e02b4
Merge pull request #122 from nix-community/renovate/all
...
fix(deps): update all dependencies
2023-02-28 22:20:33 +01:00
renovate[bot]
e321ad1626
fix(deps): update all dependencies
2023-02-27 02:01:48 +00:00
Julian Stecklina
cbccd64c57
tool: make file installation deterministic
...
Due to the use of hash maps, the order of file installation was not
deterministic. I've changed the code the use BTreeMaps instead, which
makes this deterministic. While I was here, I tried to simplify the
code a bit.
2023-02-25 20:42:08 +01:00
Julian Stecklina
a5e283ca44
Merge pull request #112 from nix-community/log
...
Minimalistic Logging Support
2023-02-25 11:20:01 +01:00
nikstur
32950b7708
tool: fix typos
2023-02-24 01:29:15 +01:00
nikstur
75a19cd818
tool: correctly sort generation links
...
To correctly overwrite existing initrd with newer secrets (from newer
generations), the links need to be sorted from oldest generation to
newest.
2023-02-24 00:32:14 +01:00
nikstur
1d21d7bdd8
tool: add install tests
...
Add a few integration tests for installing files, e.g. overwriting
signed and unsigned files.
2023-02-24 00:04:00 +01:00