This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.
NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:
data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
Use either "make oci" or call the script manually:
$ scripts/iso-to-oci build/live-image-amd64.hybrid.iso
I: mount ISO build/live-image-amd64.hybrid.iso
I: extracting squashfs content
I: generate OCI container image vyos-1.5-strongswan-202311241125.tar
I: to import the previously generated OCI image to your local images run:
docker import vyos-1.5-strongswan-202311241125.tar vyos:1.5-strongswan-202311241125 --change 'CMD [/sbin/init]'
Instead of scattering build instructions accross individual repositories for
some additional packages we want to build from latest Debian releases, this
is a proof-of-concept how to integrate an individual package Pipeline into the
overall VyOS build repository.
A dedicated Jenkins job will be required for this Pipeline but it will only
compile if files are actually changes in the directory path relevant for
this components.
All registered Git submodules were out of date. Even worse some of the modules
are no longer in use and have been replaced by upstream packages.
Keeping invalid information is even worse then no information. All required
VyOS packages can be found in the future build-packages script.