summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-10-05Kernel: T5887: update Linux Kernel to v6.6.54c-po-patch-1Christian Breunig
2024-10-04Merge pull request #785 from sever-sever/T973Viacheslav Hletenko
T973: Add build script for node_exporter package
2024-10-03Merge pull request #788 from sever-sever/T6758Daniil Baturin
T6758: Add build package xen-guest-agent
2024-10-03T6758: Add build package xen-guest-agentViacheslav Hletenko
The 'xen-guest-agent' could be used for XCP-NG images
2024-10-02T973: Add build script for node_exporter packageViacheslav Hletenko
2024-10-02Merge pull request #781 from sever-sever/T6754Viacheslav Hletenko
T6754: Delete Jenkins build packages
2024-10-02Merge pull request #780 from sever-sever/T6755Viacheslav Hletenko
T6755: Change default vyos mirror URL
2024-10-02T6754: Delete Jenkins build packagesViacheslav Hletenko
2024-10-02T6755: Change default vyos mirror URLViacheslav Hletenko
2024-10-01Merge pull request #779 from ↵John Estabrook
dmbaturin/T6742-childless-leaf-nodes-rendering-libvyosconfig docker: T6742: libvyosconfig update for childless node rendering
2024-10-01docker: T6742: libvyosconfig update for childless node renderingDaniil Baturin
2024-10-01Merge pull request #778 from sever-sever/T861-mlnxViacheslav Hletenko
T861: Fix mellanox build by actions
2024-10-01T861: Fix mellanox build by actionsViacheslav Hletenko
2024-10-01Merge pull request #776 from sever-sever/T861Christian Breunig
T861: Fix kernel suffix for package build by actions
2024-10-01T861: Fix kernel suffix for package build by actionsViacheslav Hletenko
2024-09-30Merge pull request #774 from dmbaturin/T6742-childless-leaf-nodes-renderingDaniil Baturin
build-image: T6742: update vyos1x-config for childless non-leaf node rendering fixes
2024-09-30Merge pull request #773 from dmbaturin/T6738-build-type-fieldChristian Breunig
build: T6738: add build_type field to version data instead of the very limited and unused lts_build
2024-09-27build-image: T6742: update vyos1x-config for childless non-leaf node fixesDaniil Baturin
2024-09-25Merge pull request #772 from c-po/kernel-ephemeral-keysChristian Breunig
T861: sign all Kernel modules with an ephemeral key
2024-09-25T861: sign all Kernel modules with an ephemeral keyChristian Breunig
The shim review board (which is the secure boot base loader) recommends using ephemeral keys when signing the Linux Kernel. This commit enables the Kernel build system to generate a one-time ephemeral key that is used to: * sign all build-in Kernel modules * sign all other out-of-tree Kernel modules The key lives in /tmp and is destroyed after the build container exits and is named: "VyOS build time autogenerated kernel key". In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it unable to load any Kernel Module to the image that is NOT signed by the ephemeral key.
2024-09-25build: T6738: add build_type field to version dataDaniil Baturin
instead of the very limited and unused lts_build
2024-09-22T861: VyOS image build should use UTC timestampsChristian Breunig
2024-09-22Kernel: T5887: disable various unused/not needed debug optionsChristian Breunig
2024-09-22Kernel: T5887: update Linux Kernel to v6.6.52Christian Breunig
2024-09-22T861: stripping Kernel modules would also remove module signaturesChristian Breunig
As the VyOS Linux Kernel will be compiled with CONFIG_MODULE_SIG_FORCE all driver modules need to be cryptographically signed. This happens during build of the Kernel and it's 3rd party modules. Stripping the objects would remove said signature and the system will be unable to boot b/c of CONFIG_MODULE_SIG_FORCE.
2024-09-21Merge pull request #769 from vyos/t6729-ethtoolDaniil Baturin
ethtool: T6729: upgrade to 6.10 to make use of more --json options
2024-09-21ethtool: T6729: upgrade to 6.10 to make use of more --json optionst6729-ethtoolChristian Breunig
Same as T6078 but we now wan't to make use of ethtool --json eth0 to drop out own text based parsing of ethtool options in [1]. This is the base for moving to a better, machine readable interface 1: https://github.com/vyos/vyos-1x/blob/e47d4fd385631236da68/python/vyos/ethtool.py#L77-L105
2024-09-20Merge pull request #768 from dmbaturin/artifact-filteringViacheslav Hletenko
build: T3664: add an option to specify artifact extensions
2024-09-20build: T3664: add an option to specify artifact extensionsDaniil Baturin
so that the manifest only contains files considered build artifacts, and those artifacts can be automatically picked up by CI jobs and the like
2024-09-19Merge pull request #767 from dmbaturin/post_build_hook_improvementsDaniil Baturin
build: T3664: improve support for custom build hooks
2024-09-18build: T3664: improve support for custom build hooksDaniil Baturin
2024-09-18Merge pull request #766 from dmbaturin/manifest-reuse-isoDaniil Baturin
build: T6653: fix a manifest generation error when using --reuse-iso
2024-09-17build: T6653: fix a manifest generation error when using --reuse-isoDaniil Baturin
2024-09-17Merge pull request #765 from sarthurdev/tpm_luksSimon
2024-09-17build: T861: Add socat as needed by commit 7f23b57sarthurdev
2024-09-17tpm: T4919: Fix TPM test for changes in 7f23b57sarthurdev
2024-09-17tpm: T4919: Fix check for /dev/tpm0sarthurdev
2024-09-16Merge pull request #764 from c-po/secure-bootChristian Breunig
Kernel: T861: use find over ls when probing for Kernel signing public keys
2024-09-16Kernel: T861: use find over ls when probing for Kernel signing public keysChristian Breunig
2024-09-16Merge pull request #758 from HollyGurza/T6684Daniil Baturin
T6684: new Debian package repo snapshot logic
2024-09-16Merge pull request #763 from c-po/secure-bootViacheslav Hletenko
T861: add UEFI Secure Boot support
2024-09-16T6684: new Debian package repo snapshot logickhramshinr
patch live-build to save information about all installed packages and their source repo, including temporary packages
2024-09-14Docker: T861: fix warning for UID_MIN/UID_MAC out of rangeChristian Breunig
Rise upper limit for UID when working in an Active Direcotry integrated environment. This solves the warning: vyos_bld's uid 1632000007 outside of the UID_MIN 1000 and UID_MAX 60000 range.
2024-09-14T861: add UEFI Secure Boot supportChristian Breunig
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux Kernel and enforces module signing. This results in an additional security layer where untrusted (unsigned) Kernel modules can no longer be loaded into the live system. NOTE: This commit will not work unless signing keys are present. Arbitrary keys can be generated using instructions found in: data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
2024-09-14Kernel: T5887: cleanup Debian postinst files after package buildChristian Breunig
2024-09-14Kernel: T5887: update Linux Kernel to v6.6.51Christian Breunig
2024-09-14mellanox: T6231: execute build script with sudoChristian Breunig
2024-09-12Merge pull request #759 from sever-sever/T6674-netfilterChristian Breunig
T6674: Fix build package netfilter dependencies
2024-09-12T6674: Fix build package netfilter dependenciesViacheslav Hletenko
2024-09-09Merge pull request #755 from nvollmar/T6703Christian Breunig
T6703: add support for amd pstate driver
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-12 08:40:13 +0000