Commit Graph

81 Commits

Author SHA1 Message Date
Alois Wohlschlager ca070a9eec
tool: make stubs input-addressed
The stubs on the ESP are now input-addressed, where the inputs are the
system toplevel and the public key used for signature. This way, it is
guaranteed that any stub at a given path will boot the desired system,
even in the presence of one of the two edge-cases where it was not
previously guaranteed:
* The latest generation was deleted at one point, and its generation
  number was reused by a different system configuration. This is
  detected because the toplevel will change.
* The secure boot signing key was rotated, so old stubs would not boot
  at all any more. This is detected because the public key will change.

Avoiding these two cases will allow to skip reinstallation of stubs that
are already in place at the correct path.
2023-10-03 22:08:10 +02:00
Alois Wohlschlager 240914d763
tool: make kernels and initrds content-addressed
Kernels and initrds on the ESP are now content-addressed. By definition,
it is impossible for two different kernels or initrds to ever end up at
the same place, even in the presence of changing initrd secrets or other
unreproducibility.

The basic advantage of this is that installing the kernel or initrd for
a generation can never break another generation. In turn, this enables
the following two improvements:
* All generations can be installed independently. In particular, the
  installation can be performed in one pass, one generation at a time.
  As a result, the code is significantly simplified, and memory usage
  (due to the temporary files) does not grow with the number of
  generations any more.
* Generations that already have their files in place on the ESP do not
  need to be reinstalled. This will be taken advantage of in a
  subsequent commit.
2023-10-03 22:08:03 +02:00
nikstur 0b5ce324d7 tool: clean up a few minor details 2023-09-14 16:35:53 +02:00
nikstur 3bf55f92b8 test: clean up a few minor details 2023-09-14 16:35:53 +02:00
Raito Bezarius 1330292008 tool/systemd: make clippy happy I guess 2023-09-14 16:35:53 +02:00
Raito Bezarius 0107754d62 tool(architecture): make it generic
Architecture is now a generic structure that can be specialized
via an "external" trait for generating the paths you care about
depending on your target bootloader.
2023-09-14 16:35:53 +02:00
Raito Bezarius 609c11f26d tool(systemd-boot): install it once instead of checking for each generation
systemd-boot is now installed once for many generations rather than multiple times.

This means it is not really possible to manage different system in the same "machine", which is a very
obscure usecase, theoretically possible, but not yet encountered.
2023-09-14 16:35:53 +02:00
Raito Bezarius e5c1d74e3f tool: introduce --target-system to choose target architecture
We will hard fail in case of encountering different architectures in bootspec.
This should still be compatible with cross-compiling systems in the future.
2023-09-14 16:35:53 +02:00
Raito Bezarius acc4c2e0a1 tool(tests): use library to use the "target architecture" properly in tests 2023-09-14 16:35:53 +02:00
Raito Bezarius 9af0e56527 tool(esp): add systemd stub filenames mapping for systems 2023-09-14 16:35:53 +02:00
Raito Bezarius 7acb1b218a tool: implement general architecture support - for aarch64, x86 for now 2023-09-14 16:35:53 +02:00
nikstur ff442cd032 tool: introduce some more whitespace 2023-09-14 12:38:40 +02:00
nikstur 143a000f36 tool: separates use statements correctly with whitespace 2023-09-14 12:36:02 +02:00
nikstur baf2f5f6bb tool: use workspace values in Cargo.toml 2023-09-14 12:35:42 +02:00
nikstur efd8c50214 tool: remove superfluous lock file 2023-09-14 12:29:54 +02:00
Raito Bezarius eba963b6f1 tool/shared: make clippy happy
- implements a trivial Default for Roots
- implements a FromStr for OsRelease
2023-09-14 11:55:09 +02:00
Raito Bezarius fd188a0e32 tool/shared: make constraints less concrete and drop lockfile
In a library, a lockfile is not really needed per se
and we should avoid creating duplicate dependencies
as much as possible.
2023-09-14 11:55:09 +02:00
Raito Bezarius 923567d08a systemd-tool: make integration test pass 2023-09-14 11:55:09 +02:00
Raito Bezarius 8029449cba tool: split systemd into a new crate and make tool into a lib-only crate
This is necessary to make integration testing specific to the backend.
2023-09-14 11:55:09 +02:00
Raito Bezarius efe7b40f5c lzbt: abstraction for multiple backends
This generates `lzbt-systemd` binary instead of `lzbt`
which is using a special systemd-specific entrypoint.

This is part of the effort to enable multiple backends.
2023-09-14 11:55:09 +02:00
tilpner 3895c94eb5
tool: only sync ESP filesystem 2023-08-17 21:23:33 +02:00
renovate[bot] 9cceec4008 fix(deps): update all dependencies 2023-07-20 01:27:43 +02:00
renovate[bot] 3cae2f1c63
fix(deps): update all dependencies 2023-06-05 02:00:30 +00:00
renovate[bot] f1d199d0b4
fix(deps): update rust crate log to 0.4.18 2023-05-29 01:38:08 +00:00
nikstur 30ddfcd2ce tool: improve command error messages 2023-05-24 00:17:11 +02:00
renovate[bot] 5ecd73cdac
fix(deps): update all dependencies 2023-05-22 02:56:28 +00:00
Raito Bezarius 77f1279406 tool(bootspec): remove boilerplate with newest bootspec 2023-05-20 19:41:31 +02:00
Raito Bezarius 39cda9e457 tool: bump crate to 0.3.0 2023-05-18 19:03:37 +02:00
nikstur 65dbe44999 stub: format with rustfmt 2023-05-17 21:40:03 +02:00
renovate[bot] 7378e06257
fix(deps): update all dependencies 2023-05-08 01:30:03 +00:00
renovate[bot] 008e7a65fd
fix(deps): update all dependencies 2023-05-01 02:39:28 +00:00
Raito Bezarius 4ef6957f88 feat: enable synthesis support
Bootspec has a mechanism called synthesis where you can synthesize
bootspecs if they are not present based on the generation link only.

This is useful for "vanilla bootspec" which does not contain any
extensions, as this is what we do right now.

If we need extensions, we can also implement our synthesis mechanism on
the top of it.

Enabling synthesis gives us the superpower to support non-bootspec
users. :-)
2023-04-29 22:55:39 +02:00
Raito Bezarius 9fe979d2d6 tests: adopt bootspec v1 format 2023-04-29 15:21:38 +02:00
Raito Bezarius 48ff4cb7c4 tool: adopt bootspec 0.1.0 2023-04-29 15:21:38 +02:00
nikstur 06edad2e83 tool: improve log message about malformed gens
Tells the user which generations are malformed and how to remove them.
2023-04-27 00:33:45 +02:00
nikstur 09e12eb559 tool: disable gc in the presence of malformed gens
Disable GC if there are any malformed gens to avoid catastrophic failure
when there are upstream changes to NixOS that are not handled in lzbt.
2023-04-24 22:03:14 +02:00
nikstur 1b27ddd753
Merge pull request #159 from nix-community/renovate/all
fix(deps): update rust crate clap to 4.2.4
2023-04-24 14:03:04 +02:00
Janne Heß c22352ca20
tool: Use mtime of the symlink rather than the target
When using the target, this will always result in a timestamp from 1970
because the symlink points to the store.
2023-04-24 11:57:34 +02:00
Janne Heß 979d25ee13
Revert "Merge pull request #139 from adtya/built_on_date"
This reverts commit d751d13b0a, reversing
changes made to 7c55847aaf.
2023-04-24 11:48:46 +02:00
renovate[bot] 2ecd951de1
fix(deps): update rust crate clap to 4.2.4 2023-04-24 01:08:24 +00:00
nikstur 8efc061e1d tool: add comment for log level of malformed gens
The message about malformed generatiosn should semantically be a
warning. However, since users might have hundres of old and thus
malformed generations and can do little about it, this should remain a
debug message. This way the user is not spammed with no-op warnings
while still enabling debugging.
2023-04-23 23:28:21 +02:00
nikstur 68d1928e3d Revert "tool: don't silently ignore generations"
This reverts commit 4f182704e0.
2023-04-23 23:27:32 +02:00
Julian Stecklina 4f182704e0 tool: don't silently ignore generations 2023-04-23 15:20:49 +02:00
Julian Stecklina be458e3385 tool: avoid creating unbootable system
lzbt currently happily nukes all boot entries, if it can't parse any
bootspecs. With the upcoming incompatible bootspec change, this might
be a problem that's worth avoiding. :)

I changed lzbt to fail hard in case, it can't generate any boot
items.
2023-04-23 15:17:32 +02:00
renovate[bot] b25e1b77d2
chore(deps): update all dependencies 2023-04-17 01:25:18 +00:00
renovate[bot] 51017c0f40
fix(deps): update all dependencies 2023-04-09 20:27:07 +00:00
Julian Stecklina 5d3fbf10a6
Merge pull request #142 from Myaats/master
tool: drop buggy condition for when to sign
2023-04-09 22:20:46 +02:00
Mats 223ab53d55 tool: drop buggy condition for when to sign 2023-03-30 23:53:24 +02:00
Adithya Nair 97874a2002
propagate error instead of unwrapping in tests 2023-03-22 11:19:12 +05:30
Adithya Nair 6a342a49a9
propagate error instead of unwrapping 2023-03-22 01:25:17 +05:30