rancher/immucore
1
0
Fork 0
mirror of https://github.com/kairos-io/immucore.git synced 2025-09-08 10:09:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement generic sysext management

Browse Source 
Signed-off-by: Itxaka <itxaka@kairos.io>
This commit is contained in:
Itxaka
2025-04-07 16:36:06 +02:00
parent 6eca30162d
commit 01cdac2c72
5 changed files with 88 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/constants/constants.go
View File

@@ -102,7 +102,7 @@ const (
OpUkiKcrypt = "uki-unlock"
OpUkiMountLivecd = "mount-livecd"
OpUkiExtractCerts = "extract-certs"
OpUkiCopySysExtensions = "copy-sysextensions"
OpUkiCopySysExtensions = "enable-sysextensions"
UkiLivecdMountPoint = "/run/initramfs/live"
UkiIsoBaseTree = "/run/rootfsbase"
UkiIsoBootImage = "efiboot.img"
@@ -116,7 +116,7 @@ const (
PathAppend = "/usr/bin:/usr/sbin:/bin:/sbin"
PATH = "PATH"
DefaultPCR = 11
SourceSysExtDir = "/.extra/sysext/"
SourceSysExtDir = "/var/lib/kairos/extensions/"
DestSysExtDir = "/run/extensions"
VerityCertDir = "/run/verity.d/"
SysextDefaultPolicy = "--image-policy=\"root=verity+signed+absent:usr=verity+signed+absent\""