Commit Graph

667 Commits

Author SHA1 Message Date
Raito Bezarius 8e482e7db9 chore: support non-flake users 2022-12-26 01:22:34 +01:00
nikstur 287fb0978d
Merge pull request #35 from nix-community/refactor-nix
Move tests into separate file, add more structure to nix directory, and run nixpkgs-fmt & statix over everything
2022-12-25 19:03:44 +01:00
nikstur a6926d7419 flake.nix: add statix and nixpkgs-fmt to devSHell 2022-12-25 18:49:29 +01:00
nikstur 7d5ac15cbb nix.tests: move from flake 2022-12-25 18:49:28 +01:00
nikstur 912c9b27a6 nix: move package and module into subdir 2022-12-25 18:38:41 +01:00
nikstur e90262608e flake.nix: apply suggestions from statix 2022-12-25 18:38:41 +01:00
nikstur eb9b1bbbe3 treewide: format with nixpkgs-fmt 2022-12-25 18:38:39 +01:00
nikstur 07fc31613e
Merge pull request #27 from nix-community/docs
Initial "experimental end-user" documentation
2022-12-25 18:22:59 +01:00
Raito Bezarius c38e155d3c documentation: add a simple quick start 2022-12-25 18:16:14 +01:00
nikstur 14c6c413f3
Merge pull request #26 from nix-community/upstream-bootspec
project: support upstream bootspec
2022-12-25 18:11:28 +01:00
nikstur 65f3c67357 lanzatool: appease clippy by removing borrow 2022-12-25 18:05:07 +01:00
nikstur 6e66c5f0ed Cargo.toml: update bootspec to upstream 2022-12-25 18:05:07 +01:00
Raito Bezarius e3f6029643 nixos/lanzaboote: use upstream bootspec for extension generation 2022-12-25 18:05:07 +01:00
Ryan Lahfa 1e149b8e9f
Merge pull request #32 from nix-community/nlnet
Thank (a lot) NLnet for making this possible
2022-12-21 20:24:40 +01:00
Raito Bezarius 1b9fac224d readme: thank (a lot) NLnet for making this possible 2022-12-21 05:09:00 +01:00
Raito Bezarius 92e7e4f49a lanzatool(bootspec): introduce DetSys's bootspec library 2022-12-18 00:29:49 +01:00
Julian Stecklina 30be791826
Merge pull request #24 from nix-community/remove-auto-entroll
Remove auto entroll leftovers
2022-12-11 14:48:27 +00:00
Julian Stecklina 1a63419003
Merge pull request #25 from nix-community/flake
Deduplicate nixpkgs in Flakes Inputs
2022-12-11 14:47:27 +00:00
Jörg Thalheim 3a0a8e7d71
Update flake.nix
Co-authored-by: Julian Stecklina <js@alien8.de>
2022-12-10 17:26:47 +00:00
nikstur 36c0a13c4c lanzaboote module: remove --pki-bundle option 2022-12-10 18:11:23 +01:00
nikstur 614131d648 lanzatool: remove placeholder code for auto enrolling uefi keys 2022-12-10 18:11:23 +01:00
Julian Stecklina 06da27529f
Merge pull request #21 from nix-community/boot-file-integrity
Verify Kernel/Initrd Integrity using Blake3
2022-12-09 23:54:14 +00:00
Jörg Thalheim c9f9f1c52a nixos/lanzaboote: pkiBundle is not actual optional
the installHook needs it.
2022-12-08 21:26:17 +01:00
Jörg Thalheim 39774a6974 fix lanzaboote module import 2022-12-08 21:23:35 +01:00
Jörg Thalheim a4ddbada50 deduplicate flakes
without this users end up with multiple copies of nixpkgs, which cannot
be overriden from the outside (follows only works on 1 level).
2022-12-08 20:40:40 +01:00
nikstur 49a8ae8aec lanzatool: skip existing files in esp 2022-12-03 19:05:12 +01:00
Julian Stecklina d35ca2d7d3 nix: fix initrd integration test 2022-12-02 13:50:32 +01:00
Julian Stecklina 85b111aa17 initrd-stub: drop unused stub
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
Julian Stecklina 401c3b8c1c lanzatool, lanzaboote: don't wrap initrd as PE
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
Julian Stecklina 1739ffde26 lanzaboote: verify hash of kernel and initrd 2022-11-30 09:22:14 +01:00
Julian Stecklina 7a15bba50b lanzaboote: load kernel and initrd into memory only once 2022-11-30 09:22:14 +01:00
Julian Stecklina d754a87d5c lanzaboote: cleanup kernel/initrd opening 2022-11-30 09:22:14 +01:00
Julian Stecklina 3f78939d0a lanzatool: embed kernel and initrd hashes 2022-11-30 09:22:14 +01:00
Julian Stecklina ba119d398f lanzatool: add function documentation 2022-11-30 09:22:14 +01:00
Ryan Lahfa e496b60be1
Merge pull request #22 from nix-community/crane
Drop Naersk and Enable Clippy for lanzaboote
2022-11-29 22:42:13 +01:00
Julian Stecklina c3e0e73b82
Merge pull request #23 from nix-community/test-sd-stage1
lanzaboot: test systemd stage 1
2022-11-29 21:04:50 +00:00
Raito Bezarius f7c66b027a lanzaboot: test systemd stage 1 2022-11-29 20:10:55 +01:00
Julian Stecklina 28bb93c5f3 nix: switch everything to crane and drop naersk 2022-11-28 14:01:35 +01:00
Julian Stecklina 7926ab9e5e lanzaboote: fix clippy issues 2022-11-28 13:38:01 +01:00
Julian Stecklina 4fb1e0d0dd flake.lock: Update
Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/c61d98aaea5667607a36bafe5a6fa87fe5bb2c7e' (2022-11-21)
  → 'github:ipetkov/crane/24591d5f8cc979f7b243b88a2d39da09976970ad' (2022-11-28)
• Updated input 'naersk/nixpkgs':
    'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
  → 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
  → 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/018df6d3f900fc53d567045bd86208f5c00d8956' (2022-11-24)
  → 'github:oxalica/rust-overlay/b9da8e68a08707115be750c0cf7ade33f49d8ec4' (2022-11-28)
2022-11-28 13:15:59 +01:00
nikstur e6aa11f76c
Merge pull request #19 from blitz/specialisation
Lanzatool: enable specialisation
2022-11-27 18:19:59 +01:00
nikstur 0a638970e7 lanzatool: enable specialisation 2022-11-27 12:01:53 +01:00
nikstur 8e04bbf63c Merge pull request #18 from blitz/lanzatool-cli-help
Lanzatool: improve --help output
2022-11-27 00:21:28 +01:00
nikstur 98cf9e0978 lanzatool: improve --help output 2022-11-27 00:12:00 +01:00
Julian Stecklina 452e558e40 Merge pull request #17 from blitz/appease-clippy
Lanzatool: appease clippy
2022-11-26 23:36:15 +01:00
nikstur fffa7d6bfa lanzatool: appease clippy 2022-11-26 23:19:08 +01:00
nikstur f080c010e9 Merge pull request #16 from blitz/lanzatool-bootspec-from-generation
Lanzatool read bootspec for each generation
2022-11-26 23:13:32 +01:00
nikstur 0a96623461 lanzatool: bootspec from generation
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur 3c094ee5ff flake.nix: remove some redundancies 2022-11-26 22:21:05 +01:00
nikstur 3548c1a459 Merge pull request #15 from blitz/lanzatool-sign-and-copy
Lanzatool sign and copy
2022-11-26 19:30:09 +01:00