David Michael
aa772ea048
Revert "offline_signing: sign UEFI binaries for Secure Boot"
...
This reverts commit 40b60875d0
2017-03-01 18:09:53 -08:00
David Michael
828ae7b561
Revert "offline_signing: download all UEFI binaries"
...
This reverts commit d91c0c398f
2017-03-01 18:09:53 -08:00
Benjamin Gilbert
9e1c23f3f4
grub: Set coreos.first_boot based on existence of file in ESP
...
Detect first boot based on the existence of a coreos/first_boot file
in the EFI partition, and set "coreos.first_boot=detected" command line
argument when found. We use "detected" rather than "1" so the initramfs
knows that it should mount the ESP and delete the file. This lets us
defer clearing the first-boot flag until Ignition has run successfully,
without having to change the disk GUID after filesystems are mounted.
Continue detecting the first-boot disk GUID and adding the command-line
argument to randomize it, since we still want unique disk GUIDs
regardless of Ignition.
2017-03-01 16:10:21 -08:00
Benjamin Gilbert
0b010279e0
build_image: Create /boot/coreos/first_boot
2017-03-01 15:54:05 -08:00
Euan Kemp
1186d2875a
Initial checkin of docker-aci build script
2017-03-01 14:59:43 -08:00
Euan Kemp
20325a547f
build_image_util: allow unchecked emerges too
...
This is useful for emerges that are meant for incomplete rootfs's, such
as ACI building emerges. There are cases where the #! check is expected
to fail while doing those.
2017-03-01 10:52:17 -08:00
Benjamin Gilbert
37d22d0ff3
Merge pull request #648 from bgilbert/sdk-version-keep
...
tag_release: Semi-document "keep" argument to --sdk_version
2017-02-27 14:19:07 -08:00
Benjamin Gilbert
7965d657c7
tag_release: Semi-document "keep" argument to --sdk_version
2017-02-27 13:48:44 -08:00
Euan Kemp
18076b8bdb
Merge pull request #642 from euank/symlink-checker
...
check_root: add check for broken symlinks
2017-02-17 16:18:45 -08:00
Euan Kemp
3eea9d2701
check_root: fix lint warnings
...
Per `flake8-3`'s recommendations
2017-02-17 16:00:33 -08:00
Euan Kemp
2596099207
check_root: add check for broken symlinks
2017-02-17 15:51:31 -08:00
David Michael
1538d40fe9
Merge pull request #641 from dm0-/toolchain
...
toolchain: always run gcc-config
2017-02-17 11:38:16 -08:00
David Michael
3d68362d02
toolchain: always run gcc-config
2017-02-16 17:54:06 -08:00
David Michael
06c80eb38a
Merge pull request #640 from dm0-/secure-boot
...
Add Secure Boot to the offline signing process
2017-02-06 13:32:27 -08:00
David Michael
40b60875d0
offline_signing: sign UEFI binaries for Secure Boot
2017-02-06 13:29:15 -08:00
David Michael
d91c0c398f
offline_signing: download all UEFI binaries
2017-02-06 13:29:14 -08:00
Benjamin Gilbert
7bab03e772
Merge pull request #638 from bgilbert/reinject
...
Add script to inject kernel/GRUB/shim
2017-02-02 17:39:08 -08:00
Benjamin Gilbert
5541e1521e
Merge pull request #639 from bgilbert/other-boards
...
build_image: Correctly disable verity on unsupported boards
2017-02-02 17:18:22 -08:00
Benjamin Gilbert
d8d7b1ee86
Merge pull request #636 from bgilbert/secure-boot
...
build_image: Extract and upload GRUB/shim EFI images for signing
2017-02-02 17:17:53 -08:00
Benjamin Gilbert
b11d3a7c1d
build_image: Correctly disable verity on unsupported boards
...
Fixes up missing bit from e630a36e50
2017-02-02 17:08:01 -08:00
Benjamin Gilbert
e65d5101cf
build_image: Extract and upload GRUB/shim EFI images for signing
...
On arm64, extract only GRUB, since there is no shim. On dev builds,
extract neither.
2017-02-02 17:00:15 -08:00
Benjamin Gilbert
f16226acb5
grub_install: Install shim in official amd64 builds
2017-02-02 16:58:52 -08:00
Benjamin Gilbert
dd3fbb8ece
image_inject_bootchain: New script to inject kernel/GRUB/shim
...
Add script to replace the unsigned kernel, EFI GRUB, and shim in an
image's EFI System Partition with (externally-produced) signed ones.
2017-02-02 16:53:16 -08:00
Benjamin Gilbert
5443a101f7
build_image: Move one message to logging framework
2017-02-02 16:51:58 -08:00
David Michael
7419751493
Merge pull request #637 from dm0-/fix-verity
...
Fix verity in our automated builds
2017-02-02 16:48:11 -08:00
David Michael
e630a36e50
Revert "build_image: Remove disable_read_write variable"
...
This reverts commit a7ffba9a9f
2017-02-02 15:08:43 -08:00
Benjamin Gilbert
8751c85494
image_set_group: Move generic setup/teardown code into a library
2017-02-02 12:51:35 -08:00
Benjamin Gilbert
dcc3367164
Merge pull request #635 from bgilbert/vmware-bin
...
image_to_vm: Add vmware_raw image type
2017-02-01 15:46:36 -08:00
Alex Crawford
fd402748be
Merge pull request #634 from jeanfabrice/jeanfabrice/guestinfo
...
Set ovf transport mode so guestinfo gets available to coreos-cloudinit
2017-02-01 15:46:23 -08:00
Michael Marineau
74edf63449
Merge pull request #611 from glevand/for-merge-arm64-verity
...
scripts: Add arm64 verity support
2017-01-30 11:07:21 -08:00
Benjamin Gilbert
b363484c3b
image_to_vm: Add vmware_raw image type
...
Allow "coreos-install -o vmware_raw" to install Container Linux with
the vmware OEM.
Use base DISK_LAYOUT to reduce the minimum disk size.
Fixes coreos/bugs#359 .
2017-01-19 14:34:53 -08:00
Benjamin Gilbert
60ef04a6a0
Merge pull request #633 from bgilbert/ignition-version
...
build_image: Include {ignition,bootengine} in {packages,licenses}.txt
2017-01-19 10:58:01 -08:00
jeanfabrice
fe7c43a794
Set ovf transport mode so guestinfo gets available to coreos-cloudinit
2017-01-19 19:34:28 +01:00
Benjamin Gilbert
e878dc51ea
build_image: Include {ignition,bootengine} in {packages,licenses}.txt
...
They're not in the root fs, but they are in the initramfs. Handle this
by augmenting the package list with packages that are both
- build dependencies of coreos-kernel, and
- configured to cause rebuilds of coreos-kernel when their sub-slot
changes.
2017-01-18 16:37:37 -08:00
David Michael
56dd41d011
Merge pull request #632 from dm0-/bugs-1628
...
disk_util: differentiate between partition and FS labels
2017-01-18 16:27:24 -08:00
David Michael
08ed31d70d
disk_util: differentiate between partition and FS labels
2017-01-18 16:21:19 -08:00
David Michael
e23d10223a
Merge pull request #631 from dm0-/ignore-doc-scripts
...
check_root: ignore scripts in documentation
2017-01-17 13:53:02 -08:00
David Michael
eef53ab5b6
check_root: ignore scripts in documentation
2017-01-17 13:47:04 -08:00
Alex Crawford
6a0a5f954f
Merge pull request #626 from crawford/lsb
...
set_lsb_release: properly quote lsb-release
2017-01-06 12:15:58 -08:00
Alex Crawford
4cb4904654
set_lsb_release: properly quote lsb-release
2017-01-06 10:23:00 -08:00
Euan Kemp
7ab582ed7f
Merge pull request #618 from euank/minor-docs
...
build_image: specify arguments more clearly
2017-01-05 10:03:48 -08:00
David Michael
80c1671a5e
Merge pull request #619 from dm0-/bugs-1139
...
check_root: make #!/usr/bin/env a special case
2017-01-04 19:19:43 -08:00
David Michael
98718496a4
check_root: make #!/usr/bin/env a special case
2017-01-04 17:30:05 -08:00
Alex Crawford
0e1849a138
Merge pull request #624 from crawford/regions
...
oem/ami: add eu-west-2 and ca-central-1 regions
2017-01-04 11:00:02 -08:00
Alex Crawford
f507a06b8a
oem/ami: add eu-west-2 and ca-central-1 regions
2017-01-04 08:25:08 -08:00
Alex Crawford
cb2e40da70
Merge pull request #620 from crawford/lsb
...
set_lsb_release: update name and color
2016-12-29 12:34:56 -08:00
Alex Crawford
ab60f519ec
set_lsb_release: update name and color
2016-12-29 12:33:02 -08:00
Euan Kemp
302e5bd405
build_image: specify arguments more clearly
2016-12-19 14:22:47 -08:00
Geoff Levand
2839b73177
build_image: Add arm64 rootfs verification
...
Signed-off-by: Geoff Levand <geoff@infradead.org>
2016-12-13 13:46:05 -08:00
Geoff Levand
4ca0c5bc19
build_image: Cleanup enable_rootfs_verification
...
To clean things up and prepare for arrm64 support move
all the enable_rootfs_verification processing into one
location and add some comments.
Signed-off-by: Geoff Levand <geoff@infradead.org>
2016-12-13 13:46:05 -08:00
