summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-08-29debootstrap.sh: add command 'sh'Andrew Cady
2017-08-28debootstrap.sh: debootstrap wrapperAndrew Cady
2017-04-02remove obsolete commentAndrew Cady
2017-04-02xorriso-usb: changes that should not affect behaviorAndrew Cady
2017-03-31xorriso-usb: cleanup/reorg that should not affect behaviorAndrew Cady
2017-03-30xorriso-usb: slight reorg; no behavior should have changedAndrew Cady
2017-03-30fixup! split btrfs-shrink out of btarfsAndrew Cady
2017-03-29move functions to top of file; no other changesAndrew Cady
2017-03-29split btrfs-shrink out of btarfsAndrew Cady
2017-03-29add more options to with-btrfs-seedAndrew Cady
2017-03-29new util: with-btrfs-seedAndrew Cady
2017-03-28verify that we can decrypt rootfs before offering it as menu itemAndrew Cady
2017-03-28Use pxelinux "ipappend" option to choose rootfs sourceAndrew Cady
This fixes the issue described in the first 'netkeys' commit, where the network would need to be available even when it was not used. The "ipappend" option results in a $BOOTIF variable in the initrd environment. This variable is now used to determine whether to wait on the network for a rootfs & keys, or to wait on the boot device becoming available to determine whether it has the keys. That is, there may or may not be a boot device which may or may not have keys and/or rootfs, but we will always know for sure whether it does, therefore there are no races and no waiting on the network unnecessarily. The qemu.sh script was updated to provide the BOOTIF variable when PXE boot is emulated.
2017-03-28change some log locationsAndrew Cady
2017-03-28xorriso-usb will install initrd even with --bootloader flagAndrew Cady
This is more useful. The flag might be renamed "--skip-rootfs" or such.
2017-03-28fix apparently-racy orderingAndrew Cady
2017-03-28Support for reusing a generated set of child keysAndrew Cady
2017-03-28Wait for nbd-client before using /dev/nbd0Andrew Cady
For explanation, see: https://lists.freedesktop.org/archives/systemd-devel/2014-March/018053.html But for the proper solution, see: https://lists.freedesktop.org/archives/systemd-devel/2014-March/018054.html Another option would just be to use a partitioned nbd device. The nbd device _partitions_ do not have this issue at all.
2017-03-28Implement boot parameter "netkeys"Andrew Cady
This allows the keys to be loaded from the boot medium even when the root filesystem is loaded over the network. I.e., specifying nbdroot= no longer implies that the keys will be loaded over the network. The ISO images generated by xorriso-usb.sh will not specify 'netkeys' so the keys on the USB stick will be used. The idea is that after install, the network should not be needed at all; but that requires using a new mechanism instead of the nbdroot= parameter, to determine dynamically whether to use a network root fs device. Currently, the network is still needed to boot a device that has its root fs on the local disk and the keys on the boot medium, even though no data is fetched from the NBD server. You can force the machine to boot by going to the initramfs shell and running: for n in $(seq 1 20); do killall ipconfig; done Otherwise it blocks waiting for the network.
2017-03-28use mountpoint /plaintext for samizdat-plaintext partitionAndrew Cady
2017-03-28Ensure we can decrypt the luks key before attempting to use itAndrew Cady
This just fails earlier when the wrong GPG key is used. The correct solution is to avoid the failure by testing for GPG keys before offering disks to boot.
2017-03-26fully enable booting from installed native partitionAndrew Cady
2017-03-26Implement booting already-installed native installAndrew Cady
This option is only available if the partitions have been renamed to indicate finalization of the install. The code that finalizes the install by renaming the partitions is available, but not yet run after the install.
2017-03-26create and boot the encrypted root filesystemAndrew Cady
2017-03-26bump kernel version to 4.9.0Andrew Cady
2017-03-25Initial support for installing to an empty disk deviceAndrew Cady
Right now, this just installs a new GPT partition table on the disk, with the partitions samizdat needs. Then nothing happens because nothing else is implemented. It will only allow a disk to be wiped like this if there are no partitions on the disk (or if the only partitions on the disk are partially-installed samizdat partitions).
2017-03-25publish-ip script will work on systems without kikiAndrew Cady
Instead of just looking for host keys where kiki leaves them, publish-ip will (after not finding kiki keys) try to access the system keys, and even use the user's keys. Thus it is now appropriate to run stand-alone on any Debian machine.
2017-03-25qemu script will use built-in linux loader by defaultAndrew Cady
The script was modified so that it would still use PXE to load the other things that are loaded during network boot. The network style booting is also now the default This is the fastest way to boot, though it does not permit testing the bootloader on the CDROM or the PXE boot setup. To test the bootloader, you must now export SLOW_BOOT=y To boot from CDROM image, you must export USE_ISO=y
2017-03-25Bump installed linux kernel version to 4.6Andrew Cady
2017-03-25dnsmasq dhcp-script handles missing gnupghome.tar by generating itAndrew Cady
Previously, this condition would cause the client to poll forever.
2016-05-06added configuration files for various thingsAndrew Cady
2016-05-06xorriso: disable "--in" with message; improve message for (already disabled) ↵Andrew Cady
interactive cdrom choosing
2016-05-04gitignore built exesAndrew Cady
2016-05-03redo.sh rebuilds the btrfs imageAndrew Cady
2016-05-03fix the rest of the bugsAndrew Cady
2016-05-03fix everythingAndrew Cady
2016-05-03publish-ip.shAndrew Cady
2016-05-02fix btarfs to support output to non-cwdAndrew Cady
2016-05-01copy more executables from initrd to rootfs (if missing)Andrew Cady
2016-05-01remove references to files outside of this repoAndrew Cady
(commit the files into this repo)
2016-05-01netbooting, with unique keys, WORKSAndrew Cady
2016-05-01run an extra grok-block since nbd0 wasn't mountable otherwiseAndrew Cady
2016-05-01avoid waiting for cdrom in more placesAndrew Cady
2016-05-01don't wait for the cdrom when all we need is the gpg homedirAndrew Cady
2016-05-01get GNUPGHOME from the network-downloaded .tar instead of the cdromAndrew Cady
(if available)
2016-05-01hide tftp error messagesAndrew Cady
2016-05-01remove unused functionsAndrew Cady
2016-05-01Download gnupghome.tar when net-bootingAndrew Cady
This contains a keyring that is generated on the server for each client that netboots.
2016-05-01add important file that should have been in repo!Andrew Cady
2016-05-01fixup! remove unused filesAndrew Cady