archiso merge requestshttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests2020-07-05T04:48:50Zhttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/34configs/releng/build.sh: symplify how verbose (-v) is implemented2020-07-05T04:48:50Znl6720configs/releng/build.sh: symplify how verbose (-v) is implementedReplace if-else statements with parameter substitution.Replace if-else statements with parameter substitution.https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/65scripts/run_archiso.sh: disable PXE ROM2020-08-17T17:50:14Znl6720scripts/run_archiso.sh: disable PXE ROMISO testing doesn't require the emulated firmware's PXE stack.
For UEFI, it only disable iPXE in favor of EDK II network stack. https://github.com/tianocore/tianocore.github.io/wiki/EDKII-Network-Over-QEMU#verification-resultISO testing doesn't require the emulated firmware's PXE stack.
For UEFI, it only disable iPXE in favor of EDK II network stack. https://github.com/tianocore/tianocore.github.io/wiki/EDKII-Network-Over-QEMU#verification-resulthttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/113remove empty apparent unused ExecStart from releng wait-for-only-one-interface2021-01-04T16:04:11ZMichael Vorburger.chremove empty apparent unused ExecStart from releng wait-for-only-one-interfacehttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/139Recursively change file permissions for folders listed in profiledef.sh2021-03-10T08:06:52ZMichael GilchristRecursively change file permissions for folders listed in profiledef.sh- if a folder listed in the associative array ends with a "/",
recursively apply chmod and chown.- if a folder listed in the associative array ends with a "/",
recursively apply chmod and chown.https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/140Recursively change file permissions for folders listed in profiledef.sh2021-03-10T12:26:04ZMichael GilchristRecursively change file permissions for folders listed in profiledef.shCloses #100Closes #100https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/143Recursively change file permissions for folders listed in profiledef.sh2021-03-10T13:06:29ZMichael GilchristRecursively change file permissions for folders listed in profiledef.shCloses #100Closes #100https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/132rm raw, so that -d -i can also boot e.g. qcow2021-11-30T22:16:10ZMichael Vorburger.chrm raw, so that -d -i can also boot e.g. qcowqemu appear to figure out and correctly guess the image type if it's not specified?
If we don't hardcode it anymore, then `-d -i` can also boot e.g. a `qcow`.
Or should we have another option to explicitly set the image type?qemu appear to figure out and correctly guess the image type if it's not specified?
If we don't hardcode it anymore, then `-d -i` can also boot e.g. a `qcow`.
Or should we have another option to explicitly set the image type?https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/127make clean2021-11-30T22:16:10ZMichael Vorburger.chmake cleanhttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/117add new script to easily create cloud-init ISO2021-11-30T22:16:10ZMichael Vorburger.chadd new script to easily create cloud-init ISOas mentioned on https://wiki.archlinux.org/index.php/Cloud-initas mentioned on https://wiki.archlinux.org/index.php/Cloud-inithttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/125add first step of test target to Makefile (#86)2021-11-30T22:16:11ZMichael Vorburger.chadd first step of test target to Makefile (#86)see #86
Is this stupid, or a good idea?
@dvzrv @nl6720see #86
Is this stupid, or a good idea?
@dvzrv @nl6720https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/126WIP: run archiso in make test2021-11-30T22:16:11ZMichael Vorburger.chWIP: run archiso in make testFor #86, once a basic !125 is agreed upon.
WIP: The console is a mess, with the GRUB TUI... I wonder if `run_archiso.sh` should perhaps have some sort of `-q` quiet option, which logs to a file? But that wouldn't be very handy for later...For #86, once a basic !125 is agreed upon.
WIP: The console is a mess, with the GRUB TUI... I wonder if `run_archiso.sh` should perhaps have some sort of `-q` quiet option, which logs to a file? But that wouldn't be very handy for later (#2) running this on CI and seeing output.
Or, I think better, another option to avoiding showing the console all together, and just stream the serial console output. That may actually be more suitable for this here.
The 30s wait on GRUB TUI is also a minor PITA.
@dvzrv @nl6720 any additional thoughts?https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/218Draft: Resolve "Create and use uefi-x64.grub.* boot modes"2021-12-10T09:22:26Znl6720Draft: Resolve "Create and use uefi-x64.grub.* boot modes"https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/244CONTRIBUTING.rst: recommend verifying signatures on fast-forward merges2022-04-07T13:01:16Znl6720CONTRIBUTING.rst: recommend verifying signatures on fast-forward mergeshttps://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/252Remove more host specific resources and ensure a random seed is not read from...2022-05-27T11:39:12Znl6720Remove more host specific resources and ensure a random seed is not read from the ESP* `mkarchiso`: remove more host specific resources in `_cleanup_pacstrap_dir` by removing files listed in https://systemd.io/BUILDING_IMAGES/#resources-to-reset.
* `configs/*/efiboot/loader/loader.conf`: ensure a random seed is not read ...* `mkarchiso`: remove more host specific resources in `_cleanup_pacstrap_dir` by removing files listed in https://systemd.io/BUILDING_IMAGES/#resources-to-reset.
* `configs/*/efiboot/loader/loader.conf`: ensure a random seed is not read from the ESP to protect against an unlikely scenario.https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/249Adding openssl to support openssl code-signing verification2022-05-31T06:54:12ZAnton Hvornumtorxed@archlinux.orgAdding openssl to support openssl code-signing verificationThis would allow users to choose between PGP or Openssl for verification of signed binary blobs.
Currently, the only way to net-boot Archiso with signature verification turned on is if you have a valid PGP key some where published.
This...This would allow users to choose between PGP or Openssl for verification of signed binary blobs.
Currently, the only way to net-boot Archiso with signature verification turned on is if you have a valid PGP key some where published.
This is an enabler for:
* https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/merge_requests/24
* https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/251https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/272Draft: TEST if metrics work with artifactless ci-scripts2022-07-05T14:44:44Znl6720Draft: TEST if metrics work with artifactless ci-scripts**DO NOT MERGE!**
Test a solution for https://gitlab.archlinux.org/archlinux/ci-scripts/-/issues/5.**DO NOT MERGE!**
Test a solution for https://gitlab.archlinux.org/archlinux/ci-scripts/-/issues/5.https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/271Update grub.cfg - boot existing OS2022-07-06T09:20:52ZAmish MUpdate grub.cfg - boot existing OSThis adds ability to boot from existing OS via grub.
syslinux configuration of archiso has similar menu option. (mentioned in archiso_tail.cfg)This adds ability to boot from existing OS via grub.
syslinux configuration of archiso has similar menu option. (mentioned in archiso_tail.cfg)v66https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/253mkarchiso: use 'efibootimg' variable for efibootimg path2022-07-15T16:40:50ZTallero Talleromkarchiso: use 'efibootimg' variable for efibootimg pathIt's clearer to read.It's clearer to read.v66nl6720nl6720https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/268Add optional writable partition2022-08-13T09:05:30ZTallero TalleroAdd optional writable partitionWhen an Archiso-generated ISO is put on an USB drive the non-rockridge partitions (i.e. the EFI system partition) become writable.
This merge request adds support for a third native (non-fat) partition which can be added to the ISO file...When an Archiso-generated ISO is put on an USB drive the non-rockridge partitions (i.e. the EFI system partition) become writable.
This merge request adds support for a third native (non-fat) partition which can be added to the ISO file to be used as persistent storage at build time.
```yaml
persistent_image_type: ext4
ext4+luks
persistent_size: size in KB
```
The partition is added to the ISO whenever `persistent_size` is set or a non-empty `persistent` directory is found in the profile directory.
When selecting the `+luks` image type, the same encryption key as the `airootfs` is used.
When it's entirely unfeasible to ship an enlarged ISOs, a systemd service (`setup-persistent-storage`), which depends on `xorriso` being present in the live environment and executes the same task described above on first boot, has been added to the `baseline` and `releng` profiles.
If I were to estimate proper sizes for current profiles, they would be around 10MB and 50MB, so it would mostly be to let the system import and edit `systemd-homed` homes on internal/external drives.
Solves #184, partially #171.
Depends on !217, !253, !259.https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/279Add physical attackers mitigations2022-09-03T05:04:04ZTallero TalleroAdd physical attackers mitigationsIt adds support for a `dongle` buildmode so that install drives put on writable storage devices become equivalent to those put on write-once storage devices.
The dongle does not require the base ISO image to be encrypted to serve its pu...It adds support for a `dongle` buildmode so that install drives put on writable storage devices become equivalent to those put on write-once storage devices.
The dongle does not require the base ISO image to be encrypted to serve its purpose.
Despite this, this branch is based on !217 and include !268, so that it will be easier to move the kernel and the initramfs partition on an encrypted partition at a later stage (GRUB supports booting from a LUKS partition).
Solves #189.
#### Includes
- !217
- !268
#### Notes
It also needs https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/merge_requests/27 to be merged into `mkinitcpio-archiso` and `cryptsetup-sigfile` ([`AUR`](https://aur.archlinux.org/packages/cryptsetup-sigfile)) merged into `cryptsetup`.
#### Changes
Follow upstream branch.