9c128e9ef6
stub: do not read loaded image again from ESP
...
... because this might not work, if we were not loaded from a file
system. It also removes the issue where we might not load the signed
image that was actually loaded.
Fixes #123
2023-03-15 00:36:50 +01:00
8aad4af5ad
renovate: enable lockfile maintenance
...
This allows Renovate to update Flake dependencies and indirect Rust
dependencies.
2023-03-14 00:31:46 +01:00
73ee9198e7
Merge pull request #130 from nix-community/renovate/all
...
fix(deps): update all dependencies
2023-03-14 00:06:23 +01:00
eed59b4d16
fix(deps): update all dependencies
2023-03-13 00:45:02 +00:00
3efb505a2a
Merge pull request #125 from nix-community/tool-finetune-log-messsages
...
tool: fine tune a few log messages
2023-03-06 10:04:37 +01:00
721b584940
tool: fine tune a few log messages
2023-03-06 00:52:46 +01:00
f590204e8f
Merge pull request #121 from nix-community/tool-configurable-logging
...
tool: init configurable logging
2023-03-05 23:27:11 +01:00
c8522e02b4
Merge pull request #122 from nix-community/renovate/all
...
fix(deps): update all dependencies
2023-02-28 22:20:33 +01:00
a3bff52602
Merge pull request #122 from nix-community/renovate/all
...
fix(deps): update all dependencies
2023-02-27 10:03:37 +01:00
e321ad1626
fix(deps): update all dependencies
2023-02-27 02:01:48 +00:00
a393ac7673
Merge pull request #120 from nix-community/renovate/configure
...
Configure Renovate
2023-02-26 19:56:30 +01:00
342cc80b08
Add renovate.json
2023-02-26 17:18:14 +01:00
9dedcaea15
Merge pull request #118 from nix-community/qs-nonflakes
...
docs: add non-flakes quick start documentation
2023-02-26 00:07:51 +01:00
eab58bda3e
docs: add non-flakes quick start documentation
2023-02-26 00:06:11 +01:00
cf7efb6b93
Merge pull request #119 from nix-community/revert-113-feat/fwupd
...
Revert "Properly handle fwupd update capsules"
2023-02-25 23:28:27 +01:00
754656d500
Revert "Properly handle fwupd update capsules"
2023-02-25 23:27:39 +01:00
9daa941320
Merge pull request #113 from dasJ/feat/fwupd
...
Properly handle fwupd update capsules
2023-02-25 23:01:12 +01:00
29e0aaf934
Merge pull request #117 from nix-community/fix-initrd-secrets-test
...
tests: correctly test appending secret to initrd
2023-02-25 22:52:55 +01:00
ab4e90c331
tests: correctly test appending secret to initrd
...
The way the test was implemented previously did not make it fail if no
secret was appended to the initrd. Now it is implemented similary to the
initrd-secrets test in Nixpkgs and works correctly.
2023-02-25 21:41:38 +01:00
195e29f935
Merge pull request #116 from nix-community/installation-order
...
Make File Installation Order Deterministic
2023-02-25 21:25:23 +01:00
cbccd64c57
tool: make file installation deterministic
...
Due to the use of hash maps, the order of file installation was not
deterministic. I've changed the code the use BTreeMaps instead, which
makes this deterministic. While I was here, I tried to simplify the
code a bit.
2023-02-25 20:42:08 +01:00
a5e283ca44
Merge pull request #112 from nix-community/log
...
Minimalistic Logging Support
2023-02-25 11:20:01 +01:00
46b8a553b9
Merge pull request #115 from nix-community/install-typos
...
tool: fix typos
2023-02-24 01:33:44 +01:00
32950b7708
tool: fix typos
2023-02-24 01:29:15 +01:00
ed1676e544
Merge pull request #109 from nix-community/correctly-update-initrd-secrets
...
tool: correctly update initrd secrets
2023-02-24 01:18:57 +01:00
f4f8c41005
tests: add initrd-secrets-update
...
Add a test for updating the secrets on an existing initrd.
2023-02-24 01:16:52 +01:00
75a19cd818
tool: correctly sort generation links
...
To correctly overwrite existing initrd with newer secrets (from newer
generations), the links need to be sorted from oldest generation to
newest.
2023-02-24 00:32:14 +01:00
3f0669607d
Merge pull request #110 from nix-community/ensure-signed-generations
...
tool: ensure correct up to date files in the ESP
2023-02-24 00:12:02 +01:00
1d21d7bdd8
tool: add install tests
...
Add a few integration tests for installing files, e.g. overwriting
signed and unsigned files.
2023-02-24 00:04:00 +01:00
362205c2ec
tool: check file hashes before copying
...
To minimize writes to the ESP but still find necessary changes, compare
the hashes of the files on the ESP with the "expected" hashes. Only copy
and overwrite already existing files if the hashes don't match. This
ensures a working-as-expected state on the ESP as opposed to previously
where already existing files were just ignored.
2023-02-24 00:04:00 +01:00
06b9cdc69e
tool: move file_hash() to utils module
2023-02-24 00:04:00 +01:00
3a3ad7c40d
tool: write all generation artifacts at once
...
Previously, generations were installed one after another. Now all
artifacts (kernels, initrd etc.) are first collected and then installed.
This way the writes to the ESP are reduced as duplicate paths are
already removed in the collection phase.
2023-02-24 00:04:00 +01:00
048df99975
Properly handle fwupd update capsules
...
Closes #85
2023-02-23 11:38:27 +01:00
de4c62a1bd
stub: lanzatool -> lzbt
2023-02-23 09:32:28 +01:00
90755b789f
stub: use logger instead of printing manually
2023-02-21 01:32:29 +01:00
7bde42f4a8
stub: enable logger in uefi-services
2023-02-21 01:32:29 +01:00
5af69f0d63
Merge pull request #111 from nix-community/uefi-update
...
Update Dependencies of Stub
2023-02-21 01:23:58 +01:00
3a9cd26c5e
stub: update uefi dependency to 0.19.1
2023-02-21 00:50:34 +01:00
697d0d1baa
stub: drop unused ed25519-compact dependency
2023-02-21 00:35:00 +01:00
6924e6ea09
Merge pull request #107 from nix-community/random-names-for-tmpfiles
...
tool: use random names for secure tempfiles
2023-02-21 00:27:50 +01:00
750629c860
Merge pull request #105 from nix-community/quickstart
...
Add a More Complete Flakes Fragment for Quickstart
2023-02-21 00:24:06 +01:00
6e72e2fed2
doc: add a more complete flakes fragment for quickstart
2023-02-21 00:22:34 +01:00
df6b1b07f7
tool: use random names for secure tempfiles
...
Using random names for tempfiles makes handling them easier. It reduces
the amount of noise in the code because no custom name needs to be
provided for each tempfile. The names were not really useful in any
case.
It also does not burden the developer with ensuring uniqueness of names.
This is relevant when files for multiple generations need to be stored
in the same directory (e.g. because they need to be accessed after
handling one generation).
Out of an abundance of caution, 32 random alphanumeric characters are
chosen for each filename. The tempfile crate, in comparison, only
chooses 8. 32 characters should be enough to avoid collisions, even
if the PRNG is not of cryptographic quality.
2023-02-21 00:13:40 +01:00
ceed92460f
Merge pull request #108 from nix-community/make-test-functions-reusable
...
tool: make some utility test functions reusable
2023-02-20 23:23:21 +01:00
4d2e67f799
tool: make some utility test functions reusable
...
Make them reusable by moving them to the common module.
2023-02-20 01:05:01 +01:00
a75e2b4c95
Merge pull request #101 from nix-community/improve-generation-name
...
tool: improve sd-boot generation display name
2023-02-10 17:45:05 +01:00
a8d9ea128d
tool: improve sd-boot generation display name
...
Leverage the bootspec `label` field in its intended way. The VERSION_ID
of the os-release in the stub now only contains the generation number
and the build time. This makes a correct PRETTY_NAME entirely dependent
on correct information in the bootspec `label` field.
2023-02-10 12:25:59 +01:00
01f8fd418a
Merge pull request #100 from nix-community/fix-build-time
...
tool: read build time from symlink
2023-02-09 22:42:44 +01:00
522687b044
Merge pull request #102 from ercao/hotfix
...
nixos/lanzaboote: use `config.systemd.package`
2023-02-09 22:37:11 +01:00
d1516ffdfd
nixos/lanzaboote: use `config.systemd.package`
...
Signed-off-by: ercao <vip@ercao.cn>
2023-02-09 22:24:54 +08:00
Julian Stecklina