Compare commits
11 Commits
90a97cceec
...
d7958dd005
Author | SHA1 | Date |
---|---|---|
minish | d7958dd005 | |
minish | 2d62a850c0 | |
minish | 0ce19bd9c8 | |
minish | 8d02012ddc | |
minish | 2fb1d3dad4 | |
nikstur | 850f273222 | |
Jappie3 | 0f252af9b8 | |
nikstur | 1197e51e8f | |
renovate[bot] | c6a7167c8d | |
Julian Stecklina | 999c0cb03f | |
renovate[bot] | fe804aac25 |
|
@ -21,13 +21,14 @@ in
|
||||||
enable = mkEnableOption "Enable the LANZABOOTE";
|
enable = mkEnableOption "Enable the LANZABOOTE";
|
||||||
|
|
||||||
enrollKeys = mkEnableOption "Automatic enrollment of the keys using sbctl";
|
enrollKeys = mkEnableOption "Automatic enrollment of the keys using sbctl";
|
||||||
|
createKeys = mkEnableOption "Automatic creation of the keys using sbctl";
|
||||||
|
|
||||||
configurationLimit = mkOption {
|
configurationLimit = mkOption {
|
||||||
default = config.boot.loader.systemd-boot.configurationLimit;
|
default = config.boot.loader.systemd-boot.configurationLimit;
|
||||||
defaultText = "config.boot.loader.systemd-boot.configurationLimit";
|
defaultText = "config.boot.loader.systemd-boot.configurationLimit";
|
||||||
example = 120;
|
example = 120;
|
||||||
type = types.nullOr types.int;
|
type = types.nullOr types.int;
|
||||||
description = lib.mdDoc ''
|
description = ''
|
||||||
Maximum number of latest generations in the boot menu.
|
Maximum number of latest generations in the boot menu.
|
||||||
Useful to prevent boot partition running out of disk space.
|
Useful to prevent boot partition running out of disk space.
|
||||||
|
|
||||||
|
@ -110,6 +111,10 @@ in
|
||||||
boot.loader.external = {
|
boot.loader.external = {
|
||||||
enable = true;
|
enable = true;
|
||||||
installHook = pkgs.writeShellScript "bootinstall" ''
|
installHook = pkgs.writeShellScript "bootinstall" ''
|
||||||
|
${optionalString cfg.createKeys ''
|
||||||
|
${pkgs.sbctl}/bin/sbctl create-keys
|
||||||
|
''}
|
||||||
|
|
||||||
${optionalString cfg.enrollKeys ''
|
${optionalString cfg.enrollKeys ''
|
||||||
mkdir -p /tmp/pki
|
mkdir -p /tmp/pki
|
||||||
cp -r ${cfg.pkiBundle}/* /tmp/pki
|
cp -r ${cfg.pkiBundle}/* /tmp/pki
|
||||||
|
|
|
@ -67,9 +67,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "anyhow"
|
name = "anyhow"
|
||||||
version = "1.0.81"
|
version = "1.0.82"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "0952808a6c2afd1aa8947271f3a60f1a6763c7b912d210184c5149b5cf147247"
|
checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "assert_cmd"
|
name = "assert_cmd"
|
||||||
|
@ -299,9 +299,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "expect-test"
|
name = "expect-test"
|
||||||
version = "1.4.1"
|
version = "1.5.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "30d9eafeadd538e68fb28016364c9732d78e420b9ff8853fa5e4058861e9f8d3"
|
checksum = "9e0be0a561335815e06dab7c62e50353134c796e7a6155402a64bcff66b6a5e0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"dissimilar",
|
"dissimilar",
|
||||||
"once_cell",
|
"once_cell",
|
||||||
|
@ -698,9 +698,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "serde_json"
|
name = "serde_json"
|
||||||
version = "1.0.114"
|
version = "1.0.115"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "c5f09b1bd632ef549eaa9f60a1f8de742bdbc698e6cee2095fc84dde5f549ae0"
|
checksum = "12dc5c46daa8e9fdf4f5e71b6cf9a53f2487da0e86e55808e2d35539666497dd"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"itoa",
|
"itoa",
|
||||||
"ryu",
|
"ryu",
|
||||||
|
|
|
@ -6,21 +6,21 @@ edition = "2021"
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
anyhow = "1.0.81"
|
anyhow = "1.0.82"
|
||||||
base32ct = { version = "0.2.0", features = ["alloc"] }
|
base32ct = { version = "0.2.0", features = ["alloc"] }
|
||||||
stderrlog = "0.6.0"
|
stderrlog = "0.6.0"
|
||||||
log = { version = "0.4.21", features = ["std"] }
|
log = { version = "0.4.21", features = ["std"] }
|
||||||
clap = { version = "4.5.4", features = ["derive"] }
|
clap = { version = "4.5.4", features = ["derive"] }
|
||||||
lanzaboote_tool = { path = "../shared" }
|
lanzaboote_tool = { path = "../shared" }
|
||||||
indoc = "2.0.5"
|
indoc = "2.0.5"
|
||||||
serde_json = "1.0.114"
|
serde_json = "1.0.115"
|
||||||
sha2 = "0.10.8"
|
sha2 = "0.10.8"
|
||||||
tempfile = "3.10.1"
|
tempfile = "3.10.1"
|
||||||
nix = { version = "0.28.0", default-features = false, features = [ "fs" ] }
|
nix = { version = "0.28.0", default-features = false, features = [ "fs" ] }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
assert_cmd = "2.0.14"
|
assert_cmd = "2.0.14"
|
||||||
expect-test = "1.4.1"
|
expect-test = "1.5.0"
|
||||||
filetime = "0.2.23"
|
filetime = "0.2.23"
|
||||||
rand = "0.8.5"
|
rand = "0.8.5"
|
||||||
goblin = "0.7.1"
|
goblin = "0.7.1"
|
||||||
|
|
|
@ -31,9 +31,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "cpio"
|
name = "cpio"
|
||||||
version = "0.2.2"
|
version = "0.3.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "27e77cfc4543efb4837662cb7cd53464ae66f0fd5c708d71e0f338b1c11d62d3"
|
checksum = "60f1e083e4cca56002af53561ec885d6de310b60515f525e0bc093d14515908c"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "cpufeatures"
|
name = "cpufeatures"
|
||||||
|
|
|
@ -10,4 +10,4 @@ embedded-io = { version = "0.6.1", features = [ "alloc" ] }
|
||||||
snafu = { version = "0.8.2", default-features = false }
|
snafu = { version = "0.8.2", default-features = false }
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
cpio = "0.2.2"
|
cpio = "0.3.0"
|
||||||
|
|
Loading…
Reference in New Issue