1. 22 Sep, 2022 2 commits
  2. 01 Sep, 2022 1 commit
  3. 28 Aug, 2022 2 commits
  4. 26 Aug, 2022 1 commit
  5. 22 Aug, 2022 1 commit
  6. 21 Aug, 2022 1 commit
    • Kristian Klausen's avatar
      Use VM runners[1] for building · a2e886b4
      Kristian Klausen authored
      Building inside a TCG accelerated qemu VM is slow and painful, but it is
      the only option when running in a non-privileged container.
      
      arch-boxes has been built inside a KVM accelerated VMs ("VM runner") for
      over 11 months[2] and recently the MR[1] was merged into the
      infrastructure repo. With it now being a official part of arch's
      infrastructure we should switch to it and get much faster builds.
      
      Doing some quick testing, the whole pipeline is now roughly ~29-84
      minutes faster (taking between 7-9 minutes, instead of 36-93 minutes).
      
      [1] infrastructure!385
      [2] arch-boxes@3bda5b26
      
      Fix #161
      a2e886b4
  7. 19 Aug, 2022 1 commit
    • nl6720's avatar
      mkarchiso: preload more GRUB modules and disable shim_lock verifier · 7bc4c542
      nl6720 authored
      --disable-shim-lock is required to support Secure Boot with custom signatures without using shim.
      Otherwise GRUB will trow an error when trying to boot a kernel:
      
          error: shim_lock protocol not found.
          error: you need to load the kernel first.
      
      The modules GRUB will use need to be preloaded otherwise the EFI binaries cannot be signed and used for Secure Boot.
      See https://bugs.archlinux.org/task/71382.
      GRUB will trow en error:
      
          error: verification requested but nobody cares
      
      These changes are done to support Secure Boot using custom keys (not shim) by simply extracting the boot loader
      (BOOTx64.EFI and BOOTIA32.EFI), kernel, UEFI shell, signing them and then repacking the ISO.
      
      For example.
      Extract the files:
      
          $ osirrox -indev archlinux-YYYY.MM.DD-x86_64.iso \
              -extract_boot_images ./ \
              -extract /EFI/BOOT/BOOTx64.EFI BOOTx64.EFI \
              -extract /EFI/BOOT/BOOTIA32.EFI BOOTIA32.EFI \
              -extract /shellx64.efi shellx64.efi \
              -extract /shellia32.efi shellia32.efi \
              -extract /arch/boot/x86_64/vmlinuz-linux vmlinuz-linux
      
      Make the files writable:
      
          $ chmod +w BOOTx64.EFI BOOTIA32.EFI shellx64.efi shellia32.efi vmlinuz-linux
      
      Sign the files:
      
          $ sbsign --key db.key --cert db.crt --output BOOTx64.EFI BOOTx64.EFI
          $ sbsign --key db.key --cert db.crt --output BOOTIA32.EFI BOOTIA32.EFI
          $ sbsign --key db.key --cert db.crt --output shellx64.efi shellx64.efi
          $ sbsign --key db.key --cert db.crt --output shellia32.efi shellia32.efi
          $ sbsign --key db.key --cert db.crt --output vmlinuz-linux vmlinuz-linux
      
      Copy the boot loader and UEFI shell to the EFI system partition image:
      
          $ mcopy -D oO -i eltorito_img2_uefi.img BOOTx64.EFI BOOTIA32.EFI ::/EFI/BOOT/
          $ mcopy -D oO -i eltorito_img2_uefi.img shellx64.efi shellia32.efi ::/
      
      Repack the ISO using the modified El Torito UEFI boot image and add the signed boot loader files, UEFI shell and
      kernel to ISO9660:
      
          $ xorriso -indev archlinux-YYYY.MM.DD-x86_64.iso \
              -outdev archlinux-YYYY.MM.DD-x86_64-Secure_Boot.iso \
              -boot_image any replay \
              -append_partition 2 0xef eltorito_img2_uefi.img \
              -map BOOTx64.EFI /EFI/BOOT/BOOTx64.EFI \
              -map BOOTIA32.EFI /EFI/BOOT/BOOTIA32.EFI \
              -map shellx64.efi /shellx64.efi \
              -map shellia32.efi /shellia32.efi \
              -map vmlinuz-linux /arch/boot/x86_64/vmlinuz-linux
      
      Boot the resulting archlinux-YYYY.MM.DD-x86_64-Secure_Boot.iso.
      7bc4c542
  8. 17 Aug, 2022 1 commit
    • nl6720's avatar
      mkarchiso: copy all GRUB files to the ISO · b13e5e33
      nl6720 authored
      Do not limit file copying to only grub.cfg and instead copy all GRUB configuration files and assets to both the ISO9660 and FAT image.
      This will allow for including custom images, fonts, etc.
      
      To easily match all non-configuration files (i.e. files without the .cfg extension), bash's extended glob feature will be enabled.
      Actions common to multiple _make_bootmode_uefi-*.grub are split off into dedicated functions:
      
      * _make_common_bootmode_grub_copy_to_efibootimg,
      * _make_common_bootmode_grub_copy_to_isofs,
      * _make_common_bootmode_grub_cfg.
      
      Use the same du command in all efiboot_imgsize variable assignments.
      
      Fixes #185.
      b13e5e33
  9. 07 Aug, 2022 1 commit
  10. 17 Jul, 2022 1 commit
  11. 16 Jul, 2022 1 commit
  12. 30 Jun, 2022 1 commit
  13. 26 Jun, 2022 1 commit
  14. 24 Jun, 2022 1 commit
  15. 23 Jun, 2022 2 commits
  16. 18 Jun, 2022 7 commits
  17. 11 Jun, 2022 1 commit
  18. 10 Jun, 2022 3 commits
  19. 09 Jun, 2022 2 commits
    • nl6720's avatar
      mkarchiso: use C.UTF-8 · de151089
      nl6720 authored
      The glibc 2.35-6 package ships with the C.UTF-8 locale included, so mkarchiso does not need to use a non-UTF-8 locale anymore.
      
      Implements #175.
      de151089
    • nl6720's avatar
      configs/: use the C.UTF-8 locale · ba11c40e
      nl6720 authored
      The glibc 2.35-6 package ships with the C.UTF-8 locale included.
      This means there is now a UTF-8 locale available by default and en_US.UTF-8, which requires editing /etc/locale.gen and running locale-gen, is not needed anymore.
      
      Implements #175.
      ba11c40e
  20. 31 May, 2022 1 commit
    • nl6720's avatar
      .gitignore: ignore *.cer, *.crt, *.key, *.pem and *.img · 89292ce8
      nl6720 authored
      * .cer, .crt, .key and .pem are typical file name extensions for TLS certificates and keys. They are used when codesigning with openssl and should never be commited in the repo.
      * .img is a generic image file. Such files could be used when repacking an ISO to attach cloud-init CIDATA.
      89292ce8
  21. 30 May, 2022 1 commit
  22. 28 May, 2022 5 commits
  23. 27 May, 2022 1 commit
    • nl6720's avatar
      Merge remote-tracking branch 'origin/merge-requests/216' · 376e9282
      nl6720 authored
      * origin/merge-requests/216:
        Update CHANGELOG.
        Update baseline and releng profiledef.sh to support ia32 uefi mode.
        Add GRUB configuration files to baseline and releng profiles.
        Add support for GRUB ia32 UEFI in mkarchiso, update READMEs.
      
      Closes #107
      
      See merge request !216
      376e9282
  24. 25 May, 2022 1 commit