11 Commits

Author SHA1 Message Date
Christian Breunig
fd737172f1 T861: add UEFI Secure Boot support
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.

NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:

  data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
2024-09-14 23:05:23 +02:00
Christian Breunig
499e8e1cbb Makefile: T2640: add helper to convert ISO to OCI image to start a container
Use either "make oci" or call the script manually:

$ scripts/iso-to-oci build/live-image-amd64.hybrid.iso

I: mount ISO build/live-image-amd64.hybrid.iso
I: extracting squashfs content
I: generate OCI container image vyos-1.5-strongswan-202311241125.tar
I: to import the previously generated OCI image to your local images run:

   docker import vyos-1.5-strongswan-202311241125.tar vyos:1.5-strongswan-202311241125 --change 'CMD [/sbin/init]'
2023-11-26 20:13:28 +01:00
Christian Breunig
619e707c2c .gitignore: ignore qcow2 disk images 2023-08-12 18:07:23 +02:00
Christian Poessinger
3656075d27 packages: add builds for netfilter packages from upstream Debian
Instead of scattering build instructions accross individual repositories for
some additional packages we want to build from latest Debian releases, this
is a proof-of-concept how to integrate an individual package Pipeline into the
overall VyOS build repository.

A dedicated Jenkins job will be required for this Pipeline but it will only
compile if files are actually changes in the directory path relevant for
this components.
2020-06-20 23:11:56 +02:00
Christian Poessinger
0f7b9ac534 .gitignore: ignore QEmu disk images 2020-06-01 13:58:36 +02:00
Christian Poessinger
a0b3251dba Remove outdated/unmaintained submodules
All registered Git submodules were out of date. Even worse some of the modules
are no longer in use and have been replaced by upstream packages.

Keeping invalid information is even worse then no information. All required
VyOS packages can be found in the future build-packages script.
2019-04-23 08:43:23 +02:00
Christian Poessinger
ecc0db23c3 .gitignore: ignore log from build-submodules 2019-01-11 07:49:24 +01:00
Christian Poessinger
17230a2212 Add signing keys to .gitignore 2017-08-27 19:18:35 +02:00
Yuya Kusakabe
3e56d7456e Add qemu image build scripts 2016-03-04 23:39:23 +09:00
Daniil Baturin
73a06aa42c Add *.pyc files to gitignore. 2015-12-17 00:30:38 -05:00
Daniil Baturin
8e71eae3a2 Initial commit. 2015-12-16 16:02:03 -05:00