Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-06-19 | Replace resolv.conf hack with new hack | Andrew Cady | |
We need working DNS resolution to download the firmware for two Debian wireless firmware packages. Previously this was accomplished by copying resolv.conf into the chroot, which was bad, because it leaked data about the build system into the chroot. Now the resolv.conf is bind-mounted in the chroot so it won't affect the install target root filesystem. | |||
2023-06-18 | fix git submodule url | Andrew Cady | |
2023-06-17 | "make efi" target | Andrew Cady | |
2023-06-17 | remove documentary comments from partvi | Andrew Cady | |
2023-06-17 | fetch/extract BOOTX64.EFI before depending on it | Andrew Cady | |
2023-06-17 | update submodule | Andrew Cady | |
2023-06-17 | add submodule import-grub-bootx64-efi | Andrew Cady | |
2023-06-17 | "fix" efi booting with disgusting hack and out-of-repo binary | Andrew Cady | |
it turns out all that we need to do to make EFI booting work is to replace the BOOTX64.EFI file that is produced by GRUB's "grub-install" command with the version of that file from Ventoy's upstream source of the same file: <https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk/>. Ventoy claims that to be their source here: <https://github.com/ventoy/Ventoy/blob/master/DOC/BuildVentoyFromSource.txt> """ 5.10 UEFIinSecureBoot https://github.com/ValdikSS/Super-UEFIinSecureBoot-Disk/releases Super-UEFIinSecureBoot-Disk_minimal_v3.zip unzip it and get Super-UEFIinSecureBoot-Disk_minimal.img, extract the img by 7zip. INSTALL/EFI/BOOT/BOOTX64.EFI --> EFI/BOOT/BOOTX64.EFI SHA-256: 475552c7476ad45e42344eee8b30d44c264d200ac2468428aa86fc8795fb6e34 """ That SHA-256 matches what we have downloaded and are using. I have created a separate repo containing the code that pulls down the .zip file and extract the BOOTX64.EFI file from it. That code verifies the SHA-256 hash. It can be added as a sami.git submodule. This code is not usable without that file generated by that code. This commit should be amended with a git submodule added with that code too. | |||
2023-06-16 | "make" targets for EFI boot testing | Andrew Cady | |
2023-06-14 | makefile variable determines size of persist.img | Andrew Cady | |
2023-06-14 | fixup! experimental grub simplification | Andrew Cady | |
2023-06-13 | experimental grub simplification | Steven | |
2022-10-27 | Don't install submodules with 'make install' | Ella Grapp | |
It is important than 'make key' not build the submodules unnecessarily. It would make sense to rename the current 'install' target for use as dependency, re-introduce an 'install' target that does both for manual use at the command line. | |||
2022-01-11 | bump fsmgr | Andrew Cady | |
2022-01-11 | ugly hack fix, not right | Andrew Cady | |
2022-01-10 | add target: make mu | Andrew Cady | |
2022-01-10 | switch to C ficlonerange instead of Python | Andrew Cady | |
2022-01-10 | fixup! bump fsmgr, with fixes for Debian "bullseye" release | Andrew Cady | |
2022-01-10 | rootfs fixes & improvements; now using Debian bullseye | u | |
Probably breaks Debian buster, which probably won't be fixed. | |||
2022-01-10 | bump fsmgr, with fixes for Debian "bullseye" release | u | |
2022-01-10 | rootfs: update build-deps.yaml for bullseye | u | |
2022-01-10 | partvi: show grub-install runtime | u | |
2022-01-10 | Makefile: avoid mv interactive prompt with -f | u | |
2022-01-10 | install grub-efi instead of grub-pc | x | |
2022-01-10 | add "cleanmu" make target | x | |
2022-01-10 | remove cruft | Your Name | |
2022-01-09 | drop openssh patch | Andrew Cady | |
2022-01-09 | Revert "rootfs: upgrade openssh to 8.4p1-5 and now get its dependencies from ↵ | Andrew Cady | |
sid" This reverts commit a8710d9fb1e4ed2c12d406b2b7d0f1f6c1ffbc74. | |||
2021-10-06 | Makefile: use apt instead of apt-get when available | Andrew Cady | |
2021-09-25 | avoid lsb_release | u | |
2021-03-22 | bump fsmgr | Andrew Cady | |
2021-03-13 | This is obsoleted by (and conflicts with) fsmgr support for apt-update: true | Andrew Cady | |
2021-03-13 | initrd: improve messaging | Andrew Cady | |
2021-03-13 | make cleaner | Andrew Cady | |
2021-03-13 | samizdat.patchfs.btrfs was missing dependency on samizdat.seed.btrfs | Andrew Cady | |
2021-03-13 | rootfs: upgrade openssh to 8.4p1-5 and now get its dependencies from sid | Andrew Cady | |
2021-03-13 | bump fsmgr | Andrew Cady | |
2021-03-13 | Specify REWRITE_SOURCES_LIST=y for samizdat.btrfs | Andrew Cady | |
This means it is always on, but there is no sid access until "apt-update" is specified true. | |||
2021-03-13 | Makefile: improve core command-line interface targets | Andrew Cady | |
2021-03-13 | also generate .verity file for .patch.btrfs file | Andrew Cady | |
2021-03-13 | firstboot: do not attempt to eject samizdat medium when booting to ram | Andrew Cady | |
2021-03-12 | try to fix efi boot with alternative grub-install commandefi-test | Andrew Cady | |
2021-03-11 | new make targets: total-destroy and testinitrd | Andrew Cady | |
2021-03-11 | initrd: umount /mnt/* before booting | Andrew Cady | |
2021-03-11 | calling umount slightly sooner is more correct | Andrew Cady | |
2021-03-03 | automatically make the boot medium ejectable | Andrew Cady | |
2021-03-02 | Fix to make the btrfs install method work. | Andrew Cady | |
Just figured this out. We must change the fsuid after removing the devices, because btrfs MODIFIES the READ-ONLY SEED DEVICES to mark them unavailable after when remove them from the read-write device. When we reboot with the UNMODIFIED, IMMUTABLE seed image, btrfs cannot handle the duplicate fsuid. We detect this situation (kind of) and call btrfstune -m to change the fsuid of the /dev/mapper/samizdatcrypt single device fs. Now it just works. It would be much better to call this on the booted system on the running rootfs, but btrfs can't, so we instead call it on the initrd mount time. A more proper fix might use the partition table to mark the partition as in need of 'btrfstune -m'. | |||
2021-03-02 | include btrfstune and sfdisk on initrd | Andrew Cady | |
2021-03-02 | simplify samizdat-eject.sh | Andrew Cady | |
2021-03-02 | mkinitramfs-samizdat: use standard location for initrd by default | Andrew Cady | |