Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This fixes the issue described in the first 'netkeys' commit, where the
network would need to be available even when it was not used.
The "ipappend" option results in a $BOOTIF variable in the initrd
environment. This variable is now used to determine whether to wait on
the network for a rootfs & keys, or to wait on the boot device becoming
available to determine whether it has the keys.
That is, there may or may not be a boot device which may or may not
have keys and/or rootfs, but we will always know for sure whether
it does, therefore there are no races and no waiting on the network
unnecessarily.
The qemu.sh script was updated to provide the BOOTIF variable when PXE
boot is emulated.
|
|
|
|
This is more useful. The flag might be renamed "--skip-rootfs" or such.
|
|
|
|
For explanation, see:
https://lists.freedesktop.org/archives/systemd-devel/2014-March/018053.html
But for the proper solution, see:
https://lists.freedesktop.org/archives/systemd-devel/2014-March/018054.html
Another option would just be to use a partitioned nbd device. The nbd
device _partitions_ do not have this issue at all.
|
|
This allows the keys to be loaded from the boot medium even when the
root filesystem is loaded over the network. I.e., specifying nbdroot=
no longer implies that the keys will be loaded over the network.
The ISO images generated by xorriso-usb.sh will not specify 'netkeys' so
the keys on the USB stick will be used.
The idea is that after install, the network should not be needed at
all; but that requires using a new mechanism instead of the nbdroot=
parameter, to determine dynamically whether to use a network root fs
device.
Currently, the network is still needed to boot a device that has its
root fs on the local disk and the keys on the boot medium, even though
no data is fetched from the NBD server.
You can force the machine to boot by going to the initramfs shell and
running:
for n in $(seq 1 20); do killall ipconfig; done
Otherwise it blocks waiting for the network.
|
|
|
|
This just fails earlier when the wrong GPG key is used.
The correct solution is to avoid the failure by testing for GPG keys
before offering disks to boot.
|
|
|
|
This option is only available if the partitions have been renamed to
indicate finalization of the install.
The code that finalizes the install by renaming the partitions is
available, but not yet run after the install.
|
|
|
|
|
|
Right now, this just installs a new GPT partition table on the disk, with the
partitions samizdat needs. Then nothing happens because nothing else is
implemented.
It will only allow a disk to be wiped like this if there are no partitions on
the disk (or if the only partitions on the disk are partially-installed samizdat
partitions).
|
|
Instead of just looking for host keys where kiki leaves them, publish-ip will
(after not finding kiki keys) try to access the system keys, and even use the
user's keys.
Thus it is now appropriate to run stand-alone on any Debian machine.
|
|
The script was modified so that it would still use PXE to load the other things
that are loaded during network boot. The network style booting is also now the
default
This is the fastest way to boot, though it does not permit testing the
bootloader on the CDROM or the PXE boot setup.
To test the bootloader, you must now export SLOW_BOOT=y
To boot from CDROM image, you must export USE_ISO=y
|
|
|
|
Previously, this condition would cause the client to poll forever.
|
|
|
|
interactive cdrom choosing
|
|
|
|
|
|
|
|
|
|
|
|
(commit the files into this repo)
|
|
|
|
|
|
|
|
|
|
(if available)
|
|
|
|
This contains a keyring that is generated on the server for each client
that netboots.
|
|
|
|
|
|
|
|
|
|
i haven't had enough sleep to deal with path changes again
|
|
|
|
|
|
|
|
|