| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-06-13 | gpg2 now requires gpg-agent to be in /usr/bin/ | Andrew Cady | |
| 2018-06-13 | use current running kernel version | Andrew Cady | |
| 2018-06-13 | new command "add" to add packages | Andrew Cady | |
| 2018-06-13 | add "rm" command | Andrew Cady | |
| 2018-06-13 | use selfstrap instead of deboostrap when possible | Andrew Cady | |
| this isn't quite right since it uses ./src/selfstrap instead of PATH | |||
| 2018-06-13 | run chroot in pids cgroup, and kill all pids in group when done | Andrew Cady | |
| 2018-06-13 | use variable for default chroot command | Andrew Cady | |
| 2018-06-13 | cache the list of unpackaged files, instead of rescanning | Andrew Cady | |
| also show the 'filtered' option in the usage output. | |||
| 2018-06-13 | show currently running suite in output | Andrew Cady | |
| 2018-06-13 | Update for newer versions of qemu | Andrew Cady | |
| (The new qemu warns about opening a file as a raw disk image unless `raw` is specified explicitly.) | |||
| 2018-06-13 | Update for newer versions of nbd-client | Andrew Cady | |
| The kernel commandline syntax for `nbdroot=...` changed. | |||
| 2018-02-07 | redo.sh: skip kiki rebuild | Andrew Cady | |
| 2018-02-07 | rename some variables | Andrew Cady | |
| 2018-02-07 | parameterize $NBD_FILENAME | Andrew Cady | |
| 2018-02-07 | avoid cutesy tar --to-command; instead extract to tempdir | Andrew Cady | |
| 2017-09-04 | selfstrap: set up /var/lib/dpkg/tmp.ci before running inst scripts | Andrew Cady | |
| 2017-09-04 | selfstrap: fixes | Andrew Cady | |
| create symlink awk -> mawk use dpkg --extract when '--real-apt' is used | |||
| 2017-09-03 | selfstrap: getopt-based CLI | Andrew Cady | |
| 2017-08-30 | rename file | Andrew Cady | |
| 2017-08-30 | selfstrap: minor refactor | Andrew Cady | |
| 2017-08-30 | selfstrap: internally manage /var/lib/dpkg/status | Andrew Cady | |
| 2017-08-30 | selfstrap: substantially improve performance | Andrew Cady | |
| 2017-08-30 | selfstrap: debootstrap using local /var/cache/apt/archives | Andrew Cady | |
| 2017-08-30 | deboostrap.sh: new commands: unpackaged, unpackaged-du | Andrew Cady | |
| 2017-08-29 | debootstrap.sh: add command 'sh' | Andrew Cady | |
| 2017-08-28 | debootstrap.sh: debootstrap wrapper | Andrew Cady | |
| 2017-04-02 | remove obsolete comment | Andrew Cady | |
| 2017-04-02 | xorriso-usb: changes that should not affect behavior | Andrew Cady | |
| 2017-03-31 | xorriso-usb: cleanup/reorg that should not affect behavior | Andrew Cady | |
| 2017-03-30 | xorriso-usb: slight reorg; no behavior should have changed | Andrew Cady | |
| 2017-03-30 | fixup! split btrfs-shrink out of btarfs | Andrew Cady | |
| 2017-03-29 | move functions to top of file; no other changes | Andrew Cady | |
| 2017-03-29 | split btrfs-shrink out of btarfs | Andrew Cady | |
| 2017-03-29 | add more options to with-btrfs-seed | Andrew Cady | |
| 2017-03-29 | new util: with-btrfs-seed | Andrew Cady | |
| 2017-03-28 | verify that we can decrypt rootfs before offering it as menu item | Andrew Cady | |
| 2017-03-28 | Use pxelinux "ipappend" option to choose rootfs source | Andrew Cady | |
| This fixes the issue described in the first 'netkeys' commit, where the network would need to be available even when it was not used. The "ipappend" option results in a $BOOTIF variable in the initrd environment. This variable is now used to determine whether to wait on the network for a rootfs & keys, or to wait on the boot device becoming available to determine whether it has the keys. That is, there may or may not be a boot device which may or may not have keys and/or rootfs, but we will always know for sure whether it does, therefore there are no races and no waiting on the network unnecessarily. The qemu.sh script was updated to provide the BOOTIF variable when PXE boot is emulated. | |||
| 2017-03-28 | change some log locations | Andrew Cady | |
| 2017-03-28 | xorriso-usb will install initrd even with --bootloader flag | Andrew Cady | |
| This is more useful. The flag might be renamed "--skip-rootfs" or such. | |||
| 2017-03-28 | fix apparently-racy ordering | Andrew Cady | |
| 2017-03-28 | Support for reusing a generated set of child keys | Andrew Cady | |
| 2017-03-28 | Wait for nbd-client before using /dev/nbd0 | Andrew Cady | |
| For explanation, see: https://lists.freedesktop.org/archives/systemd-devel/2014-March/018053.html But for the proper solution, see: https://lists.freedesktop.org/archives/systemd-devel/2014-March/018054.html Another option would just be to use a partitioned nbd device. The nbd device _partitions_ do not have this issue at all. | |||
| 2017-03-28 | Implement boot parameter "netkeys" | Andrew Cady | |
| This allows the keys to be loaded from the boot medium even when the root filesystem is loaded over the network. I.e., specifying nbdroot= no longer implies that the keys will be loaded over the network. The ISO images generated by xorriso-usb.sh will not specify 'netkeys' so the keys on the USB stick will be used. The idea is that after install, the network should not be needed at all; but that requires using a new mechanism instead of the nbdroot= parameter, to determine dynamically whether to use a network root fs device. Currently, the network is still needed to boot a device that has its root fs on the local disk and the keys on the boot medium, even though no data is fetched from the NBD server. You can force the machine to boot by going to the initramfs shell and running: for n in $(seq 1 20); do killall ipconfig; done Otherwise it blocks waiting for the network. | |||
| 2017-03-28 | use mountpoint /plaintext for samizdat-plaintext partition | Andrew Cady | |
| 2017-03-28 | Ensure we can decrypt the luks key before attempting to use it | Andrew Cady | |
| This just fails earlier when the wrong GPG key is used. The correct solution is to avoid the failure by testing for GPG keys before offering disks to boot. | |||
| 2017-03-26 | fully enable booting from installed native partition | Andrew Cady | |
| 2017-03-26 | Implement booting already-installed native install | Andrew Cady | |
| This option is only available if the partitions have been renamed to indicate finalization of the install. The code that finalizes the install by renaming the partitions is available, but not yet run after the install. | |||
| 2017-03-26 | create and boot the encrypted root filesystem | Andrew Cady | |
| 2017-03-26 | bump kernel version to 4.9.0 | Andrew Cady | |
| 2017-03-25 | Initial support for installing to an empty disk device | Andrew Cady | |
| Right now, this just installs a new GPT partition table on the disk, with the partitions samizdat needs. Then nothing happens because nothing else is implemented. It will only allow a disk to be wiped like this if there are no partitions on the disk (or if the only partitions on the disk are partially-installed samizdat partitions). | |||
 |
index : sami.git | |
| summaryrefslogtreecommitdiff |