Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-03-28 | Support for reusing a generated set of child keys | Andrew Cady | |
2017-03-28 | Wait for nbd-client before using /dev/nbd0 | Andrew Cady | |
For explanation, see: https://lists.freedesktop.org/archives/systemd-devel/2014-March/018053.html But for the proper solution, see: https://lists.freedesktop.org/archives/systemd-devel/2014-March/018054.html Another option would just be to use a partitioned nbd device. The nbd device _partitions_ do not have this issue at all. | |||
2017-03-28 | Implement boot parameter "netkeys" | Andrew Cady | |
This allows the keys to be loaded from the boot medium even when the root filesystem is loaded over the network. I.e., specifying nbdroot= no longer implies that the keys will be loaded over the network. The ISO images generated by xorriso-usb.sh will not specify 'netkeys' so the keys on the USB stick will be used. The idea is that after install, the network should not be needed at all; but that requires using a new mechanism instead of the nbdroot= parameter, to determine dynamically whether to use a network root fs device. Currently, the network is still needed to boot a device that has its root fs on the local disk and the keys on the boot medium, even though no data is fetched from the NBD server. You can force the machine to boot by going to the initramfs shell and running: for n in $(seq 1 20); do killall ipconfig; done Otherwise it blocks waiting for the network. | |||
2017-03-28 | use mountpoint /plaintext for samizdat-plaintext partition | Andrew Cady | |
2017-03-28 | Ensure we can decrypt the luks key before attempting to use it | Andrew Cady | |
This just fails earlier when the wrong GPG key is used. The correct solution is to avoid the failure by testing for GPG keys before offering disks to boot. | |||
2017-03-26 | fully enable booting from installed native partition | Andrew Cady | |
2017-03-26 | Implement booting already-installed native install | Andrew Cady | |
This option is only available if the partitions have been renamed to indicate finalization of the install. The code that finalizes the install by renaming the partitions is available, but not yet run after the install. | |||
2017-03-26 | create and boot the encrypted root filesystem | Andrew Cady | |
2017-03-26 | bump kernel version to 4.9.0 | Andrew Cady | |
2017-03-25 | Initial support for installing to an empty disk device | Andrew Cady | |
Right now, this just installs a new GPT partition table on the disk, with the partitions samizdat needs. Then nothing happens because nothing else is implemented. It will only allow a disk to be wiped like this if there are no partitions on the disk (or if the only partitions on the disk are partially-installed samizdat partitions). | |||
2017-03-25 | publish-ip script will work on systems without kiki | Andrew Cady | |
Instead of just looking for host keys where kiki leaves them, publish-ip will (after not finding kiki keys) try to access the system keys, and even use the user's keys. Thus it is now appropriate to run stand-alone on any Debian machine. | |||
2017-03-25 | qemu script will use built-in linux loader by default | Andrew Cady | |
The script was modified so that it would still use PXE to load the other things that are loaded during network boot. The network style booting is also now the default This is the fastest way to boot, though it does not permit testing the bootloader on the CDROM or the PXE boot setup. To test the bootloader, you must now export SLOW_BOOT=y To boot from CDROM image, you must export USE_ISO=y | |||
2017-03-25 | Bump installed linux kernel version to 4.6 | Andrew Cady | |
2017-03-25 | dnsmasq dhcp-script handles missing gnupghome.tar by generating it | Andrew Cady | |
Previously, this condition would cause the client to poll forever. | |||
2016-05-06 | added configuration files for various things | Andrew Cady | |
2016-05-06 | xorriso: disable "--in" with message; improve message for (already disabled) ↵ | Andrew Cady | |
interactive cdrom choosing | |||
2016-05-04 | gitignore built exes | Andrew Cady | |
2016-05-03 | redo.sh rebuilds the btrfs image | Andrew Cady | |
2016-05-03 | fix the rest of the bugs | Andrew Cady | |
2016-05-03 | fix everything | Andrew Cady | |
2016-05-03 | publish-ip.sh | Andrew Cady | |
2016-05-02 | fix btarfs to support output to non-cwd | Andrew Cady | |
2016-05-01 | copy more executables from initrd to rootfs (if missing) | Andrew Cady | |
2016-05-01 | remove references to files outside of this repo | Andrew Cady | |
(commit the files into this repo) | |||
2016-05-01 | netbooting, with unique keys, WORKS | Andrew Cady | |
2016-05-01 | run an extra grok-block since nbd0 wasn't mountable otherwise | Andrew Cady | |
2016-05-01 | avoid waiting for cdrom in more places | Andrew Cady | |
2016-05-01 | don't wait for the cdrom when all we need is the gpg homedir | Andrew Cady | |
2016-05-01 | get GNUPGHOME from the network-downloaded .tar instead of the cdrom | Andrew Cady | |
(if available) | |||
2016-05-01 | hide tftp error messages | Andrew Cady | |
2016-05-01 | remove unused functions | Andrew Cady | |
2016-05-01 | Download gnupghome.tar when net-booting | Andrew Cady | |
This contains a keyring that is generated on the server for each client that netboots. | |||
2016-05-01 | add important file that should have been in repo! | Andrew Cady | |
2016-05-01 | fixup! remove unused files | Andrew Cady | |
2016-05-01 | rename now-ill-named "lvm-create" | Andrew Cady | |
2016-05-01 | remove unused files | Andrew Cady | |
2016-04-30 | shitty workaround for pxe with inappropriate symlink | Andrew Cady | |
i haven't had enough sleep to deal with path changes again | |||
2016-04-30 | samizdat-eject will wait to do the last step instead of giving up | Andrew Cady | |
2016-04-30 | add btarfs | Andrew Cady | |
2016-04-29 | keygen.sh: work even if the clock is wrong | Andrew Cady | |
2016-04-29 | fix problems with xorriso-usb related to creating a grandchild | Andrew Cady | |
2016-04-29 | don't check for 'expect' | Andrew Cady | |
2016-04-29 | prefix= and instdir= can be set on the make command line | Andrew Cady | |
2016-04-29 | another path fix | Andrew Cady | |
2016-04-29 | path independence achieved? | Andrew Cady | |
2016-04-29 | fix more paths | Andrew Cady | |
2016-04-29 | put qemu.sh on path | Andrew Cady | |
2016-04-29 | avoid expect | Andrew Cady | |
2016-04-29 | remove old versions of xorriso script | Andrew Cady | |
2016-04-29 | more path fixes | Andrew Cady | |