| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-09-25 | T861: sign all Kernel modules with an ephemeral key | Christian Breunig | |
| The shim review board (which is the secure boot base loader) recommends using ephemeral keys when signing the Linux Kernel. This commit enables the Kernel build system to generate a one-time ephemeral key that is used to: * sign all build-in Kernel modules * sign all other out-of-tree Kernel modules The key lives in /tmp and is destroyed after the build container exits and is named: "VyOS build time autogenerated kernel key". In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it unable to load any Kernel Module to the image that is NOT signed by the ephemeral key. | |||
| 2024-09-22 | Kernel: T5887: update Linux Kernel to v6.6.52 | Christian Breunig | |
| 2024-09-22 | T861: stripping Kernel modules would also remove module signatures | Christian Breunig | |
| As the VyOS Linux Kernel will be compiled with CONFIG_MODULE_SIG_FORCE all driver modules need to be cryptographically signed. This happens during build of the Kernel and it's 3rd party modules. Stripping the objects would remove said signature and the system will be unable to boot b/c of CONFIG_MODULE_SIG_FORCE. | |||
| 2024-09-14 | T861: add UEFI Secure Boot support | Christian Breunig | |
| This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux Kernel and enforces module signing. This results in an additional security layer where untrusted (unsigned) Kernel modules can no longer be loaded into the live system. NOTE: This commit will not work unless signing keys are present. Arbitrary keys can be generated using instructions found in: data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md | |||
| 2024-09-14 | Kernel: T5887: update Linux Kernel to v6.6.51 | Christian Breunig | |
| 2024-09-07 | Kernel: T861: remove superfluous architecture from Kernel string | Christian Breunig | |
| 2024-09-05 | T4974: remove package openvpn-dco as it has a proper dependency via vyos-1x | Christian Breunig | |
| 2024-09-05 | telegraf: T3664: remove package dependency | Christian Breunig | |
| Telegraf is not a full VyOS feature with a proper dependency in place via vyos-1x package. Drop this temporary dependency. | |||
| 2024-09-05 | T1416: remove deprecated default-union-grub-entry | Christian Breunig | |
| 2024-09-04 | Kernel: T5887: update Linux Kernel to v6.6.49t5887-kernel-6.6.49 | Christian Breunig | |
| 2024-08-22 | Merge pull request #738 from bk2zsto/image_format_singular | Christian Breunig | |
| build: T6666: singular image_format in flavor files | |||
| 2024-08-20 | build: T6666: singular image_format in flavor files | bk2zsto | |
| 2024-08-20 | Kernel: T5887: update Linux Kernel to v6.6.47kernel-6-6-47 | Christian Breunig | |
| 2024-08-11 | Kernel: T5887: update Linux Kernel to v6.6.45 | Christian Breunig | |
| 2024-07-29 | Kernel: T5887: update Linux Kernel to v6.6.43cpo-T5887-kernel | Christian Breunig | |
| 2024-07-25 | build: T6231: include out-of-tree Mellanox driver in image | Christian Breunig | |
| 2024-07-25 | Kernel: T5887: update Linux Kernel to v6.6.42 | Christian Breunig | |
| 2024-07-24 | Merge pull request #709 from c-po/podman-T6598 | Christian Breunig | |
| podman: T6598: add custom podman build for version 4.9.5 | |||
| 2024-07-23 | podman: T6598: add custom podman build for version 4.9.5 | Christian Breunig | |
| 2024-07-20 | Kernel: T5887: update Linux Kernel to v6.6.41 | Christian Breunig | |
| 2024-07-17 | Kernel: T5887: update Linux Kernel to v6.6.40 | Christian Breunig | |
| 2024-07-12 | Kernel: T5887: update Linux Kernel to v6.6.39 | Christian Breunig | |
| 2024-07-08 | Merge pull request #690 from c-po/podman | Christian Breunig | |
| container: T5867: pin specific podman version | |||
| 2024-07-08 | container: T5867: pin specific podman version | Christian Breunig | |
| As of Debian version 4.9.5+ds1-1 podman increased the dependency on libc6 and libgpgme11t64. podman : Depends: libc6 (>= 2.38) but 2.36-9+deb12u7 is to be installed Depends: libgpgme11t64 (>= 1.4.1) but it is not going to be installed Pin the version to a prior one that requires the old libc. | |||
| 2024-07-06 | Kernel: T5887: update Linux Kernel to v6.6.37 | Christian Breunig | |
| 2024-07-02 | Kernel: T5887: update Linux Kernel to v6.6.36 | Christian Breunig | |
| 2024-06-30 | T6527: remove legacy packages | Christian Breunig | |
| 2024-06-27 | Merge pull request #667 from c-po/T6507-drop-vyos-world | Christian Breunig | |
| T6507: remove references to vyos-world package | |||
| 2024-06-22 | T6507: remove references to vyos-world package | Christian Breunig | |
| As we got rid of most of the old vyatta packages we can now also discontinue vyos-world. It only served the purpose of keeping the package list during ISO build small. | |||
| 2024-06-22 | Kernel: T5887: update Linux Kernel to v6.6.35 | Christian Breunig | |
| 2024-06-17 | Kernel: T5887: update Linux Kernel to v6.6.34 | Christian Breunig | |
| 2024-06-15 | Merge pull request #653 from ZenithTecnologia/current | Christian Breunig | |
| docker: arm: T6474: Initial support for dynamic arch toml loading | |||
| 2024-06-12 | Kernel: T5887: update Linux Kernel to v6.6.33 | Christian Breunig | |
| 2024-06-11 | docker: arm: T6474: Added Salt Project repo for armhf | Leonardo Amaral | |
| Signed-off-by: Leonardo Amaral <contato@leonardoamaral.com.br> | |||
| 2024-06-05 | migration: T6006: move config.boot.default to vyos-1x | John Estabrook | |
| 2024-05-28 | build: T6414: rename the "iso" flavor to "generic" | Daniil Baturin | |
| 2024-05-25 | Kernel: T5887: update Linux Kernel to v6.6.32 | Christian Breunig | |
| 2024-05-19 | Merge pull request #629 from c-po/T5887-kernel | Christian Breunig | |
| Kernel: T5887: update Linux Kernel to v6.6.31 | |||
| 2024-05-19 | Kernel: T5887: update Linux Kernel to v6.6.31 | Christian Breunig | |
| 2024-05-16 | T6356: normalize '.., ntp, server' path syntax in config.boot.default | John Estabrook | |
| 2024-05-16 | Merge pull request #624 from c-po/target | Christian Breunig | |
| hooks: T6346: set default boot target to multi-user.target | |||
| 2024-05-16 | hooks: T6346: set default boot target to multi-user.target | Christian Breunig | |
| 2024-05-16 | Merge pull request #614 from aidan-gibson/current | Christian Breunig | |
| T6333 non-free-firmware to trixie | |||
| 2024-05-16 | T6333: drop reference to non-free of trixie as it's not used | Aidan Gibson | |
| 2024-05-14 | Merge pull request #582 from 0xThiebaut/suricata | Christian Breunig | |
| suricata: T751: Disable suricata.service by default | |||
| 2024-05-14 | T3420: Remove service upnp | Viacheslav Hletenko | |
| 2024-05-03 | container: T5867: podman depends on libgpgme11t64 from trixie | Christian Breunig | |
| 2024-05-03 | suricata: T751: Disable suricata.service by default | Maxime THIEBAUT | |
| 2024-05-02 | Kernel: T5887: update Linux Kernel to v6.6.30 | Christian Breunig | |
| 2024-04-28 | Kernel: T5887: update Linux Kernel to v6.6.29 | Christian Breunig | |
 |
index : vyos-build.git | |
| VyOS image build scripts (mirror of https://github.com/vyos/vyos-build.git) |
| summaryrefslogtreecommitdiff |