summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-09-25Merge pull request #772 from c-po/kernel-ephemeral-keysChristian Breunig
T861: sign all Kernel modules with an ephemeral key
2024-09-25T861: sign all Kernel modules with an ephemeral keyChristian Breunig
The shim review board (which is the secure boot base loader) recommends using ephemeral keys when signing the Linux Kernel. This commit enables the Kernel build system to generate a one-time ephemeral key that is used to: * sign all build-in Kernel modules * sign all other out-of-tree Kernel modules The key lives in /tmp and is destroyed after the build container exits and is named: "VyOS build time autogenerated kernel key". In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it unable to load any Kernel Module to the image that is NOT signed by the ephemeral key.
2024-09-22T861: VyOS image build should use UTC timestampsChristian Breunig
2024-09-22Kernel: T5887: disable various unused/not needed debug optionsChristian Breunig
2024-09-22Kernel: T5887: update Linux Kernel to v6.6.52Christian Breunig
2024-09-22T861: stripping Kernel modules would also remove module signaturesChristian Breunig
As the VyOS Linux Kernel will be compiled with CONFIG_MODULE_SIG_FORCE all driver modules need to be cryptographically signed. This happens during build of the Kernel and it's 3rd party modules. Stripping the objects would remove said signature and the system will be unable to boot b/c of CONFIG_MODULE_SIG_FORCE.
2024-09-21Merge pull request #769 from vyos/t6729-ethtoolDaniil Baturin
ethtool: T6729: upgrade to 6.10 to make use of more --json options
2024-09-21ethtool: T6729: upgrade to 6.10 to make use of more --json optionst6729-ethtoolChristian Breunig
Same as T6078 but we now wan't to make use of ethtool --json eth0 to drop out own text based parsing of ethtool options in [1]. This is the base for moving to a better, machine readable interface 1: https://github.com/vyos/vyos-1x/blob/e47d4fd385631236da68/python/vyos/ethtool.py#L77-L105
2024-09-20Merge pull request #768 from dmbaturin/artifact-filteringViacheslav Hletenko
build: T3664: add an option to specify artifact extensions
2024-09-20build: T3664: add an option to specify artifact extensionsDaniil Baturin
so that the manifest only contains files considered build artifacts, and those artifacts can be automatically picked up by CI jobs and the like
2024-09-19Merge pull request #767 from dmbaturin/post_build_hook_improvementsDaniil Baturin
build: T3664: improve support for custom build hooks
2024-09-18build: T3664: improve support for custom build hooksDaniil Baturin
2024-09-18Merge pull request #766 from dmbaturin/manifest-reuse-isoDaniil Baturin
build: T6653: fix a manifest generation error when using --reuse-iso
2024-09-17build: T6653: fix a manifest generation error when using --reuse-isoDaniil Baturin
2024-09-17Merge pull request #765 from sarthurdev/tpm_luksSimon
2024-09-17build: T861: Add socat as needed by commit 7f23b57sarthurdev
2024-09-17tpm: T4919: Fix TPM test for changes in 7f23b57sarthurdev
2024-09-17tpm: T4919: Fix check for /dev/tpm0sarthurdev
2024-09-16Merge pull request #764 from c-po/secure-bootChristian Breunig
Kernel: T861: use find over ls when probing for Kernel signing public keys
2024-09-16Kernel: T861: use find over ls when probing for Kernel signing public keysChristian Breunig
2024-09-16Merge pull request #758 from HollyGurza/T6684Daniil Baturin
T6684: new Debian package repo snapshot logic
2024-09-16Merge pull request #763 from c-po/secure-bootViacheslav Hletenko
T861: add UEFI Secure Boot support
2024-09-16T6684: new Debian package repo snapshot logickhramshinr
patch live-build to save information about all installed packages and their source repo, including temporary packages
2024-09-14Docker: T861: fix warning for UID_MIN/UID_MAC out of rangeChristian Breunig
Rise upper limit for UID when working in an Active Direcotry integrated environment. This solves the warning: vyos_bld's uid 1632000007 outside of the UID_MIN 1000 and UID_MAX 60000 range.
2024-09-14T861: add UEFI Secure Boot supportChristian Breunig
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux Kernel and enforces module signing. This results in an additional security layer where untrusted (unsigned) Kernel modules can no longer be loaded into the live system. NOTE: This commit will not work unless signing keys are present. Arbitrary keys can be generated using instructions found in: data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
2024-09-14Kernel: T5887: cleanup Debian postinst files after package buildChristian Breunig
2024-09-14Kernel: T5887: update Linux Kernel to v6.6.51Christian Breunig
2024-09-14mellanox: T6231: execute build script with sudoChristian Breunig
2024-09-12Merge pull request #759 from sever-sever/T6674-netfilterChristian Breunig
T6674: Fix build package netfilter dependencies
2024-09-12T6674: Fix build package netfilter dependenciesViacheslav Hletenko
2024-09-09Merge pull request #755 from nvollmar/T6703Christian Breunig
T6703: add support for amd pstate driver
2024-09-09Merge pull request #754 from sever-sever/T6674Christian Breunig
T6674: build-kernel: Get kernel version from the defatults
2024-09-07Testsuite: T861: add explicit --smoketest argumentChristian Breunig
In the past the CLI based smoketest was always executed under an else branch in the testcase if-statement. Instead of using negative logic move all testcases to positive logic adding an empty "catch all" else path.
2024-09-07Testsuite: T861: use fix bootindex for install medium and non-volatile disksChristian Breunig
This is required to support proper disk ejection and not reloading the disk on system reboot when operation in BIOS mode.
2024-09-07Testsuite: T861: add support to use VNC for a graphics consoleChristian Breunig
To use VNC you could run "make test -- --vnc"
2024-09-07Testsuite: T861: use variable to define one single place for VM nameChristian Breunig
2024-09-07Testsuite: T861: cleanup imports and use "kernel_flavor" from vyos_defaultsChristian Breunig
2024-09-07Testsuite: T861: remove option to disable KVM and use soft-emulationChristian Breunig
This code path was unused during CI runs.
2024-09-07Testsuite: T861: eject installation media CD-ROM over powercycleChristian Breunig
When moving to UEFI and secure-boot it's better to just reboot the system for Machine Owner Key installation, then powercycling the machine. This commit will use `reboot now` over `poweroff` after base system installation and boot into installed image for smoketest handling.
2024-09-07Kernel: T861: remove superfluous architecture from Kernel stringChristian Breunig
2024-09-06T6674: Add trigger rebuild kernel if defaults.toml is changedViacheslav Hletenko
2024-09-06T6674: Add symlink to original linux-kernel arch and patchesViacheslav Hletenko
2024-09-06T6703: add support for amd pstate driverNicolas Vollmar
2024-09-06T6674: build-kernel: Get kernel version from the defatultsViacheslav Hletenko
Get kernel version from the vyos-build/data/defaults.toml for buld 'linux-kernel' and related packages Retrun the original build-jool.py script
2024-09-06Merge pull request #753 from sever-sever/T6674-actions-keysChristian Breunig
T6674: Add keys gpg_key_id and package_branch to rebuild packages
2024-09-05T6674: Add keys gpg_key_id and package_branch to rebuild packagesViacheslav Hletenko
2024-09-05Merge pull request #751 from c-po/secure-boot-cleanupDaniil Baturin
T1416: T861: T3664: T3664: T2640: various cleanup commits
2024-09-05Merge pull request #752 from sever-sever/T6674-actionsViacheslav Hletenko
T6674: Add workflow to rebuild packages
2024-09-05T6674: Add workflow to rebuild packagesViacheslav Hletenko
2024-09-05T4974: remove package openvpn-dco as it has a proper dependency via vyos-1xChristian Breunig
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 04:51:06 +0000