30 Commits

Author SHA1 Message Date
Christian Breunig
fd737172f1 T861: add UEFI Secure Boot support
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.

NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:

  data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
2024-09-14 23:05:23 +02:00
Christian Breunig
3170bcaf2c build: T3664: remove unused psutil dependency 2024-09-05 07:13:08 +02:00
Christian Breunig
9928925b3b build: T6653: add build/manifest.json file 2024-08-19 19:38:14 +02:00
Daniil Baturin
4112d47e33 build: T6446: include support URL in the version data 2024-06-05 16:01:01 +01:00
zsdc
8186e82024 build-script: T3664: Allowed all options in both config file and command args
Moved defaults away from argparser to `defaults.py`. This unlocks the ability to
pass values that can be defined as command line arguments via a config file.

With this change logic looks like this (in order of overrides).

Pre-build config:
`data/defaults.toml` -> `build-flavors/<flavor>.toml` ->
`--<command line argument>`

Build config:
`defaults.py` -> `data/defaults.toml` -> `build-types/<type>.toml` ->
`architectures/<architecture>.toml` -> `build-flavors/<flavor>.toml` ->
`--<command line argument>`
2024-05-15 16:48:35 +03:00
zsdc
31b720b8f1 build-script: T3664: Add flavor and architecture to image name (rework)
The previous version did not work for all flavor types. This one should be
universal.
2024-05-14 21:00:20 +03:00
zsdc
5cbd14cc0f build-script: T3664: Added flavor name to a target file name
Mark artifacts with a flavor name for better clarity.
2024-05-14 14:46:08 +03:00
Christian Breunig
81be4c7f61 build: T6330: fix indention of autogenerated release.pref.chroot 2024-05-12 08:48:43 +02:00
Christian Breunig
f4d2678263
Merge pull request #609 from dmbaturin/T3664-architecture
build: T3664: include the architecture field in version data
2024-05-10 14:24:57 +02:00
Daniil Baturin
e832811c79 build: T3664: include the architecture field in version data 2024-05-09 17:43:57 +01:00
Christian Breunig
c58c5cc234
Merge pull request #605 from dmbaturin/T3664-flavor-field
build: T3664: include build flavor name in the version file
2024-05-09 16:14:49 +02:00
Daniil Baturin
7656acd57d build: T3664: use explicit defaults argument in the dict merging function
to make it clear what is merged into what
2024-05-09 11:12:24 +01:00
Daniil Baturin
e215fad273 build: T3664: include build flavor name in the version file 2024-05-08 19:31:03 +01:00
zsdc
d144519a53 build-script: T3664: Added more options to the image format
Added two new options:
  - `image_ext`. Can be used if the file extension needs to be different than
the image format
  - `image_opts`. Required if a target format needs extra options.
2024-05-08 21:12:44 +03:00
Daniil Baturin
e68e7fb9f5 build: T3664: fix architecture mix-in loading 2024-05-08 10:47:20 +01:00
John Estabrook
02c340d9d7 build: T3664: fix regression and bug in clone vyos-1x repo 2024-05-03 15:07:08 -05:00
John Estabrook
a90809e213 build: T3664: clone vyos-1x under build dir instead of as submodule 2024-05-02 21:25:16 -05:00
Daniil Baturin
7dfd9232da build: T3664: fail the build on external command errors 2024-04-29 14:33:25 +00:00
Daniil Baturin
f6b0809f47 build: T3664: typo fixes and small refactoring 2024-04-25 13:17:52 +00:00
Daniil Baturin
ec42af75e0 build: T3664: adjust the vyos-1x submodule path in scripts 2024-04-22 15:58:34 +00:00
Christian Breunig
671bbd09b7
Merge pull request #550 from dmbaturin/T3664-raw-flavors
build: T3664: add support for building non-ISO flavors
2024-04-20 10:01:19 +02:00
John Estabrook
867567e0ee build: T3664: initialize git vyos-1x submodule before imports
Signed-off-by: Daniil Baturin <daniil@vyos.io>
2024-04-15 18:11:43 +00:00
John Estabrook
ed7bcbd0db fix path to versions file
Signed-off-by: Daniil Baturin <daniil@vyos.io>
2024-04-14 13:33:46 +00:00
Daniil Baturin
72c7c7ff99 build: T3664: add a sanity check for image_format
and normalize it to a list if only one format is specified
2024-04-13 20:06:53 +00:00
Daniil Baturin
c07268987c build: T3664: filter out non-TOML files from the build flavor dir
to avoid mistakenly listing auixilliary files like README
as flavors
2024-04-13 19:49:59 +00:00
John Estabrook
7fa66c77f1 Account for the working dir below the root in git invocation
Signed-off-by: Daniil Baturin <daniil@vyos.io>
2024-04-13 12:55:29 +00:00
Christian Breunig
801def2d71 T6173: fix TypeError: 'NoneType' object is not iterable
Commit 611cfc85c531 ("T6173: validate allowed characters in ISO image name")
missed the probability that version is a dict member bot empty.
2024-04-13 12:34:35 +02:00
Daniil Baturin
a896176ad8 build: T3664: add support for building non-ISO flavors 2024-04-10 16:36:10 +00:00
Christian Breunig
611cfc85c5 T6173: validate allowed characters in ISO image name
Building custom VyOS version: 1.5-asdf%-202404081841
I: Checking if packages required for VyOS image build are installed
Version contained illegal character(s), allowed: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-+
2024-04-08 20:43:35 +02:00
Daniil Baturin
750819bfec build scripts: T3664: move image build scripts to a dedicated directory
to avoid a mix of image build scripts and ancilliary scripts in the same directory
2024-03-23 21:02:44 +00:00