Commit Graph

543 Commits

Author SHA1 Message Date
Jörg Thalheim a4ddbada50 deduplicate flakes
without this users end up with multiple copies of nixpkgs, which cannot
be overriden from the outside (follows only works on 1 level).
2022-12-08 20:40:40 +01:00
nikstur 49a8ae8aec lanzatool: skip existing files in esp 2022-12-03 19:05:12 +01:00
Julian Stecklina d35ca2d7d3 nix: fix initrd integration test 2022-12-02 13:50:32 +01:00
Julian Stecklina 85b111aa17 initrd-stub: drop unused stub
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
Julian Stecklina 401c3b8c1c lanzatool, lanzaboote: don't wrap initrd as PE
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
Julian Stecklina 1739ffde26 lanzaboote: verify hash of kernel and initrd 2022-11-30 09:22:14 +01:00
Julian Stecklina 7a15bba50b lanzaboote: load kernel and initrd into memory only once 2022-11-30 09:22:14 +01:00
Julian Stecklina d754a87d5c lanzaboote: cleanup kernel/initrd opening 2022-11-30 09:22:14 +01:00
Julian Stecklina 3f78939d0a lanzatool: embed kernel and initrd hashes 2022-11-30 09:22:14 +01:00
Julian Stecklina ba119d398f lanzatool: add function documentation 2022-11-30 09:22:14 +01:00
Ryan Lahfa e496b60be1
Merge pull request #22 from nix-community/crane
Drop Naersk and Enable Clippy for lanzaboote
2022-11-29 22:42:13 +01:00
Julian Stecklina c3e0e73b82
Merge pull request #23 from nix-community/test-sd-stage1
lanzaboot: test systemd stage 1
2022-11-29 21:04:50 +00:00
Raito Bezarius f7c66b027a lanzaboot: test systemd stage 1 2022-11-29 20:10:55 +01:00
Julian Stecklina 28bb93c5f3 nix: switch everything to crane and drop naersk 2022-11-28 14:01:35 +01:00
Julian Stecklina 7926ab9e5e lanzaboote: fix clippy issues 2022-11-28 13:38:01 +01:00
Julian Stecklina 4fb1e0d0dd flake.lock: Update
Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/c61d98aaea5667607a36bafe5a6fa87fe5bb2c7e' (2022-11-21)
  → 'github:ipetkov/crane/24591d5f8cc979f7b243b88a2d39da09976970ad' (2022-11-28)
• Updated input 'naersk/nixpkgs':
    'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
  → 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
  → 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/018df6d3f900fc53d567045bd86208f5c00d8956' (2022-11-24)
  → 'github:oxalica/rust-overlay/b9da8e68a08707115be750c0cf7ade33f49d8ec4' (2022-11-28)
2022-11-28 13:15:59 +01:00
nikstur e6aa11f76c
Merge pull request #19 from blitz/specialisation
Lanzatool: enable specialisation
2022-11-27 18:19:59 +01:00
nikstur 0a638970e7 lanzatool: enable specialisation 2022-11-27 12:01:53 +01:00
nikstur 8e04bbf63c Merge pull request #18 from blitz/lanzatool-cli-help
Lanzatool: improve --help output
2022-11-27 00:21:28 +01:00
nikstur 98cf9e0978 lanzatool: improve --help output 2022-11-27 00:12:00 +01:00
Julian Stecklina 452e558e40 Merge pull request #17 from blitz/appease-clippy
Lanzatool: appease clippy
2022-11-26 23:36:15 +01:00
nikstur fffa7d6bfa lanzatool: appease clippy 2022-11-26 23:19:08 +01:00
nikstur f080c010e9 Merge pull request #16 from blitz/lanzatool-bootspec-from-generation
Lanzatool read bootspec for each generation
2022-11-26 23:13:32 +01:00
nikstur 0a96623461 lanzatool: bootspec from generation
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur 3c094ee5ff flake.nix: remove some redundancies 2022-11-26 22:21:05 +01:00
nikstur 3548c1a459 Merge pull request #15 from blitz/lanzatool-sign-and-copy
Lanzatool sign and copy
2022-11-26 19:30:09 +01:00
Julian Stecklina 5406e69b9a lanzatool: prepare to enable clippy
This still needs work.
2022-11-26 19:16:31 +01:00
Julian Stecklina b37ffd19d6 nix: fix indentation of checks attribute 2022-11-26 19:16:31 +01:00
Julian Stecklina 85de5d52d0 nix: build lanzatool with crane 2022-11-26 19:16:31 +01:00
Julian Stecklina 4197f369a8 doc: mention aarch64 support 2022-11-26 16:22:53 +01:00
Julian Stecklina 4c0adac9df Merge pull request #14 from blitz/lanzatool-make-it-more-typedriven
lanzatool: make it more typedriven
2022-11-26 16:21:02 +01:00
Julian Stecklina f16623d713 docs: update README 2022-11-26 16:14:26 +01:00
nikstur 967f78d374 lanzatool: hide sbsign output on happy path 2022-11-26 15:34:48 +01:00
nikstur c441f5157e lanzatool: sign and copy in one step) 2022-11-26 15:32:43 +01:00
nikstur 240c80368f lanzatool: make it more typedriven 2022-11-26 14:55:15 +01:00
Raito Bezarius 8a430b6578 readme: sprint end! 2022-11-26 03:24:54 +01:00
Ryan Lahfa 95f596f4dc lanzatool: add support for generations and correct naming of kernels a… (#12)
* lanzatool: add support for generations and correct naming of kerels and initrds

* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests

* lanzatool: ryan is a B class engineer

Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina df9716da7c Add GPLv3 license 2022-11-26 03:12:24 +01:00
Julian Stecklina 1f0f349559 lanzaboote: add error handling strings 2022-11-26 02:47:21 +01:00
Julian Stecklina 95a03d69bb lanzaboote: reorganize to avoid explicit drops 2022-11-26 02:31:01 +01:00
Julian Stecklina 702a38398f nix: remove remaining cruft from flakes.nix 2022-11-26 02:26:39 +01:00
Julian Stecklina 46452f0e46 nix: drop wrapInitrd from flake.nix 2022-11-26 02:21:05 +01:00
Julian Stecklina 691da44610 nix: rename lanzatoolBin to lanzatool-unwrapped 2022-11-26 02:17:34 +01:00
Julian Stecklina 74b815512c nix: remove qemuUefi wrapper 2022-11-26 02:17:34 +01:00
Julian Stecklina 541275acae nix: drop the stable Rust toolchain from the environment
... otherwise it messes with the unstable one we use for the UEFI
code.
2022-11-26 02:17:28 +01:00
Julian Stecklina 3434433cec Merge pull request #11 from blitz/secure-pe-assembling
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 02:14:32 +01:00
Raito Bezarius 9f65f75289 feature: support initrd secrets 2022-11-26 02:01:41 +01:00
Raito Bezarius a3150dca11 lanzatool: perform secure assembling for lanzaboote_image and PE wrapping 2022-11-26 01:24:33 +01:00
Raito Bezarius f6930955a3 lanzatool: sync for every sign operation 2022-11-25 23:58:06 +01:00
nikstur a3ec2cfc15 lanzatool: add error messages 2022-11-25 23:50:11 +01:00