Commit Graph

134 Commits

Author SHA1 Message Date
Jörg Thalheim a4ddbada50 deduplicate flakes
without this users end up with multiple copies of nixpkgs, which cannot
be overriden from the outside (follows only works on 1 level).
2022-12-08 20:40:40 +01:00
Ryan Lahfa e496b60be1
Merge pull request #22 from nix-community/crane
Drop Naersk and Enable Clippy for lanzaboote
2022-11-29 22:42:13 +01:00
Julian Stecklina c3e0e73b82
Merge pull request #23 from nix-community/test-sd-stage1
lanzaboot: test systemd stage 1
2022-11-29 21:04:50 +00:00
Raito Bezarius f7c66b027a lanzaboot: test systemd stage 1 2022-11-29 20:10:55 +01:00
Julian Stecklina 28bb93c5f3 nix: switch everything to crane and drop naersk 2022-11-28 14:01:35 +01:00
Julian Stecklina 7926ab9e5e lanzaboote: fix clippy issues 2022-11-28 13:38:01 +01:00
Julian Stecklina 4fb1e0d0dd flake.lock: Update
Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/c61d98aaea5667607a36bafe5a6fa87fe5bb2c7e' (2022-11-21)
  → 'github:ipetkov/crane/24591d5f8cc979f7b243b88a2d39da09976970ad' (2022-11-28)
• Updated input 'naersk/nixpkgs':
    'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
  → 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
  → 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/018df6d3f900fc53d567045bd86208f5c00d8956' (2022-11-24)
  → 'github:oxalica/rust-overlay/b9da8e68a08707115be750c0cf7ade33f49d8ec4' (2022-11-28)
2022-11-28 13:15:59 +01:00
nikstur e6aa11f76c
Merge pull request #19 from blitz/specialisation
Lanzatool: enable specialisation
2022-11-27 18:19:59 +01:00
nikstur 0a638970e7 lanzatool: enable specialisation 2022-11-27 12:01:53 +01:00
nikstur 8e04bbf63c Merge pull request #18 from blitz/lanzatool-cli-help
Lanzatool: improve --help output
2022-11-27 00:21:28 +01:00
nikstur 98cf9e0978 lanzatool: improve --help output 2022-11-27 00:12:00 +01:00
Julian Stecklina 452e558e40 Merge pull request #17 from blitz/appease-clippy
Lanzatool: appease clippy
2022-11-26 23:36:15 +01:00
nikstur fffa7d6bfa lanzatool: appease clippy 2022-11-26 23:19:08 +01:00
nikstur f080c010e9 Merge pull request #16 from blitz/lanzatool-bootspec-from-generation
Lanzatool read bootspec for each generation
2022-11-26 23:13:32 +01:00
nikstur 0a96623461 lanzatool: bootspec from generation
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur 3c094ee5ff flake.nix: remove some redundancies 2022-11-26 22:21:05 +01:00
nikstur 3548c1a459 Merge pull request #15 from blitz/lanzatool-sign-and-copy
Lanzatool sign and copy
2022-11-26 19:30:09 +01:00
Julian Stecklina 5406e69b9a lanzatool: prepare to enable clippy
This still needs work.
2022-11-26 19:16:31 +01:00
Julian Stecklina b37ffd19d6 nix: fix indentation of checks attribute 2022-11-26 19:16:31 +01:00
Julian Stecklina 85de5d52d0 nix: build lanzatool with crane 2022-11-26 19:16:31 +01:00
Julian Stecklina 4197f369a8 doc: mention aarch64 support 2022-11-26 16:22:53 +01:00
Julian Stecklina 4c0adac9df Merge pull request #14 from blitz/lanzatool-make-it-more-typedriven
lanzatool: make it more typedriven
2022-11-26 16:21:02 +01:00
Julian Stecklina f16623d713 docs: update README 2022-11-26 16:14:26 +01:00
nikstur 967f78d374 lanzatool: hide sbsign output on happy path 2022-11-26 15:34:48 +01:00
nikstur c441f5157e lanzatool: sign and copy in one step) 2022-11-26 15:32:43 +01:00
nikstur 240c80368f lanzatool: make it more typedriven 2022-11-26 14:55:15 +01:00
Raito Bezarius 8a430b6578 readme: sprint end! 2022-11-26 03:24:54 +01:00
Ryan Lahfa 95f596f4dc lanzatool: add support for generations and correct naming of kernels a… (#12)
* lanzatool: add support for generations and correct naming of kerels and initrds

* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests

* lanzatool: ryan is a B class engineer

Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina df9716da7c Add GPLv3 license 2022-11-26 03:12:24 +01:00
Julian Stecklina 1f0f349559 lanzaboote: add error handling strings 2022-11-26 02:47:21 +01:00
Julian Stecklina 95a03d69bb lanzaboote: reorganize to avoid explicit drops 2022-11-26 02:31:01 +01:00
Julian Stecklina 702a38398f nix: remove remaining cruft from flakes.nix 2022-11-26 02:26:39 +01:00
Julian Stecklina 46452f0e46 nix: drop wrapInitrd from flake.nix 2022-11-26 02:21:05 +01:00
Julian Stecklina 691da44610 nix: rename lanzatoolBin to lanzatool-unwrapped 2022-11-26 02:17:34 +01:00
Julian Stecklina 74b815512c nix: remove qemuUefi wrapper 2022-11-26 02:17:34 +01:00
Julian Stecklina 541275acae nix: drop the stable Rust toolchain from the environment
... otherwise it messes with the unstable one we use for the UEFI
code.
2022-11-26 02:17:28 +01:00
Julian Stecklina 3434433cec Merge pull request #11 from blitz/secure-pe-assembling
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 02:14:32 +01:00
Raito Bezarius 9f65f75289 feature: support initrd secrets 2022-11-26 02:01:41 +01:00
Raito Bezarius a3150dca11 lanzatool: perform secure assembling for lanzaboote_image and PE wrapping 2022-11-26 01:24:33 +01:00
Raito Bezarius f6930955a3 lanzatool: sync for every sign operation 2022-11-25 23:58:06 +01:00
nikstur a3ec2cfc15 lanzatool: add error messages 2022-11-25 23:50:11 +01:00
Julian Stecklina c87b2a09dc nix: fix lanzatool integration/merge mixup 2022-11-25 23:46:19 +01:00
Raito Bezarius dec7c06e6b tests: test unsigned initrd/kernel either, plus some machinery for sb tests 2022-11-25 18:42:37 +01:00
Julian Stecklina 3779e81b20 lanzaboote: handle errors in print_logo 2022-11-25 18:14:58 +01:00
Julian Stecklina 6bc66052c2 lanzaboote: add EmbeddedConfiguration docs 2022-11-25 18:14:58 +01:00
Julian Stecklina a9edb1488e lanzaboote: fix logo
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
nikstur 53c4e03619 merge this shit 2022-11-25 18:10:21 +01:00
Ryan Lahfa eda254b6cd nixpkgs: integrate the whole thing (#7)
* nixos: add a lanzaboote module

* nixos: add a lanzaboote module

- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys

* nixos: actually enable sb

* nixos: disable it and adapt it

* lanzatool: fix init

* nixos: secureboot reached

* nixos: enrollment is optional

Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
nikstur 3a093d85ab lanzatool: set permissons for all files in esp to 755 2022-11-25 17:47:24 +01:00
nikstur 91b8cb02e4 flake.nix: use nixosTest instead of importing file 2022-11-25 17:39:01 +01:00