immucore

mirror of https://github.com/kairos-io/immucore.git synced 2025-05-14 02:54:42 +00:00

Author	SHA1	Message	Date
Itxaka	a597656fe0	Improve deps (#431 )	2025-02-18 14:41:54 +01:00
Itxaka	3042aae185	2599 (#336 )	2024-06-13 12:08:37 +02:00
Itxaka	4c4801cde3	Exit properly if we cannot unlock partitions (#334 )	2024-06-11 16:51:33 +02:00
Itxaka	c9924a3205	Support copying sysextensions into final dir (#330 )	2024-06-10 10:10:54 +02:00
Itxaka	a956ab361d	Do a better panic on uki with secureboot disabled (#326 )	2024-05-30 09:35:32 +02:00
Itxaka	2bac6058eb	Run rootfs stage after oem under uki (#300 )	2024-04-24 19:10:59 +02:00
Itxaka	cbf38f553c	Use a pure golang pcr extend (#286 )	2024-04-19 13:43:05 +02:00
Ettore Di Giacinto	d14a047aa6	fix(mount): call sync before/after operations (#288 ) * fix(mount): call sync after mount ops Signed-off-by: mudler <mudler@kairos.io> * refactor(mount): replace calls wrapped with sync Signed-off-by: mudler <mudler@kairos.io> * be consistent Signed-off-by: mudler <mudler@kairos.io> * lint fixes Signed-off-by: mudler <mudler@kairos.io> --------- Signed-off-by: mudler <mudler@kairos.io>	2024-04-19 10:01:16 +00:00
Mauro Morales	d8671d1152	Check both pcrphase and pcrextend (#279 ) Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>	2024-04-10 16:39:44 +02:00
Itxaka	c97a3ae559	Recover original 755 perms for dir creation Signed-off-by: Itxaka <itxaka@kairos.io>	2024-04-10 11:22:15 +02:00
Itxaka	ade21d4663	Fix lint and new uki steps (#274 ) * Fix lint and add new uki step Make it simpler by dividing the actual base mounts and pivot into new sysroot into two different steps Signed-off-by: Itxaka <itxaka@kairos.io> * Fix constant name and gosec issues Signed-off-by: Itxaka <itxaka@kairos.io> --------- Signed-off-by: Itxaka <itxaka@kairos.io>	2024-04-09 10:40:47 +02:00
Itxaka	b9fe50bf84	Add timeout wait for sysroot (#278 )	2024-04-09 10:40:28 +02:00
Itxaka	266d06334f	Rework uki to pivot at start (#271 ) * Rework uki to pivot at start Signed-off-by: Itxaka <itxaka@kairos.io> * Fix secureboot check Signed-off-by: Itxaka <itxaka@kairos.io> * debug Signed-off-by: Itxaka <itxaka@kairos.io> * Change order of initial stuff first mount the barebone stuff and then do the movement Signed-off-by: Itxaka <itxaka@kairos.io> * Drop sleep Signed-off-by: Itxaka <itxaka@kairos.io> --------- Signed-off-by: Itxaka <itxaka@kairos.io>	2024-04-02 10:26:07 +00:00
Itxaka	94e643622a	Set autoreset sentinel (#259 )	2024-03-22 13:21:31 +01:00
Itxaka	93f5cf5de6	Rework immucore (#246 )	2024-03-20 11:48:51 +01:00
Itxaka	ddfe8b7648	Recover the remouon / RO (#249 )	2024-03-20 11:08:38 +01:00
Itxaka	572002fb38	Bump lint and fix issues (#245 )	2024-03-18 14:38:57 +01:00
Itxaka	a78e2b7ce7	Fix mounts (#241 ) Co-authored-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2024-03-15 09:24:54 +01:00
Itxaka	25975a5594	Chroot into a new dir before starting the system (#234 ) * Chroot into a new dir before starting the system Signed-off-by: Itxaka <itxaka@kairos.io> * Use ReadDir and copy files int eh rootdir to the enw rootdir Signed-off-by: Itxaka <itxaka@kairos.io> * logggg Signed-off-by: Itxaka <itxaka@kairos.io> * Several fixes Mount /dev at start so we can log to kmesg/ttyS0 Log more Store the mountpoints found in root to bind them later to the new sysroot Signed-off-by: Itxaka <itxaka@kairos.io> * debvuy Signed-off-by: Itxaka <itxaka@kairos.io> * Fix Signed-off-by: Itxaka <itxaka@kairos.io> * more debufg Signed-off-by: Itxaka <itxaka@kairos.io> * fix Signed-off-by: Itxaka <itxaka@kairos.io> * sfder Signed-off-by: Itxaka <itxaka@kairos.io> * Fix symlinks Signed-off-by: Itxaka <itxaka@kairos.io> * final Signed-off-by: Itxaka <itxaka@kairos.io> * disable mobving the / root mountpoint Im not sure this works on our side or how, I just get errors Signed-off-by: Itxaka <itxaka@kairos.io> * Debug Signed-off-by: Itxaka <itxaka@kairos.io> * Disable remounting / as RO and enable remounting the new sysroot as RO Signed-off-by: Itxaka <itxaka@kairos.io> * Dont drop to bash like that Signed-off-by: Itxaka <itxaka@kairos.io> * Move "sysroot" to a constant, dry code and handle errors Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Fix linting errors by removing superflows `else` statements because the `if`s end with `continue` Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Apply suggestions from code review * Remove loggers that don't work because `/dev` is not there yet (?). In any case, we need to switch to the new logger Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> --------- Signed-off-by: Itxaka <itxaka@kairos.io> Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> Co-authored-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2024-03-06 17:09:26 +02:00
Itxaka	a52b9651ad	Change the secureboot disable to not collide with disable immucore (#233 )	2024-03-06 10:30:18 +01:00
Itxaka	3604633112	Check secureboot if on uki mode and panic if not (#205 ) * Check secureboot if on uki mode and panic if not Signed-off-by: Itxaka <itxaka@kairos.io> * Check cmdline for disable secureboot Signed-off-by: Itxaka <itxaka@kairos.io> * Fix tests Signed-off-by: Itxaka <itxaka@kairos.io> --------- Signed-off-by: Itxaka <itxaka@kairos.io>	2024-03-01 09:42:03 +01:00
Itxaka	4c2ba5883b	Be slower to find the install media (#227 )	2024-02-28 12:28:50 +01:00
Dimitris Karakasilis	4521fe6fcd	2226 detect boot state (#225 ) * WIP Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * WIP Signed-off-by: Dimitris Karakasilis <dimitris@spectrocloud.com> Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * WIP add logs everywhere (EOD wip) Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Do the livecd check as late as possible because the herd condition is evaluated too early before the /sys is mounted and thus we don't detect the installed system correctly in UKI mode. Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Wrap NewRuntime to allow passing down a logger so that kairos-sdk logs make it to the immucore.log file Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Add TODOs and remove redundant check in code the livecd check already happens some lines above Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Replace the "replace" with an actual tag Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Remoce "replace" directive and use wrapper method for UnlockAll Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Remove unecessary TODO the log message describes what happened * Re-use the method from kairos-sdk for uki boot detection Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> * Move messages from Info() to Debug() (PR review request) Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> --------- Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me> Signed-off-by: Dimitris Karakasilis <dimitris@spectrocloud.com> Co-authored-by: Mauro Morales <mauro.morales@spectrocloud.com>	2024-02-19 13:42:06 +02:00
Itxaka	c9c9edb261	Mount cdrom efiboot contents under /run/rootfsbase (#224 ) Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-11 18:37:24 +01:00
Itxaka	a2874ca3ee	Mount livecd in /run/initramfs/live under uki (#223 )	2024-02-08 14:22:44 +01:00
Itxaka	55a6622c4a	Copy PCR related files generated by systemd-stub in uki (#203 )	2023-12-16 07:54:42 +01:00
Itxaka	6592034132	Update dag_steps.go	2023-12-15 23:12:28 +01:00
Itxaka	76e605d9fd	Do not fail if we cant measure	2023-12-15 23:03:59 +01:00
Itxaka	424392b390	measure PCR phase (#201 )	2023-12-15 16:20:34 +01:00
Ettore Di Giacinto	8827393083	Lower to warning when we continue the loop (#198 )	2023-12-11 18:43:19 +01:00
Itxaka	c4ad991e0c	unlock partitions with UKI TPM values (#191 )	2023-11-30 22:19:47 +01:00
Itxaka	ad83785e37	Fix log to add timestamp (#161 )	2023-09-26 10:56:32 +02:00
Itxaka	30b454eac4	Check if uki install mode before mounting oem (#159 ) Signed-off-by: Itxaka <itxaka@kairos.io>	2023-09-25 17:03:50 +02:00
Itxaka	7f2813e5b7	Mount ESP under /efi if possible + identify EFI run source (#158 )	2023-09-25 14:14:56 +02:00
Itxaka	5412c76ebb	Uki changes for iso/install (#156 )	2023-09-22 14:56:26 +02:00
Itxaka	a1710b8589	Set basic /run mount from the start to be able to always log (#154 )	2023-09-19 09:51:57 +02:00
Mauro Morales	62831b8ecf	Sort bind mounts (#134 ) * Sort bind mounts Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com> * Add comment Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com> --------- Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>	2023-06-12 10:47:49 +02:00
Itxaka	0811f0f054	Increase compatibility with alpine systems (#132 )	2023-05-30 21:51:03 +02:00
Itxaka	18c70b4ff1	Unlock after oem to read the server config (#126 )	2023-05-09 15:45:26 +02:00
Itxaka	9399d0cf08	Move some err to warnings (#124 )	2023-05-08 15:20:05 +02:00
Itxaka	14426d39b4	Upgrade kcrypt partitions on boot (#122 ) Co-authored-by: Dimitris Karakasilis <jimmykarily@gmail.com>	2023-05-08 09:44:43 +02:00
Itxaka	2e9e5de03e	Fix missing sysroot mount in fstab (#121 )	2023-05-05 12:34:23 +02:00
Itxaka	d644fb0af9	Run kcrypt unlock via immucore (#118 )	2023-05-04 18:58:26 +02:00
Itxaka	d1f4669f03	🐛 Retry getting the state label (#115 )	2023-04-29 12:21:33 +02:00
Itxaka	06ff33cc97	⬆️ Bump deps (#114 )	2023-04-28 09:30:56 +02:00
Itxaka	f1c3aad0ee	🌱 activate LVM volumes at the start (#113 )	2023-04-19 16:23:51 +02:00
Itxaka	6bf656cd21	Try to mount oem under livemedia (#110 )	2023-04-12 16:19:21 +02:00
Itxaka	2534577e09	🐛 Add missing dependency to bind mounts (#102 ) As overlay mounts its responsible of mounting some of the RW paths that bind mounts are using (for example /etc) we need to depend on it and let it finish before running ht ebind mounts Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>	2023-03-21 10:58:15 +01:00
Itxaka	8f7d808dec	Bring UKI to a working state (#97 ) - Mount the needed base mounts (/proc /dev /sys /tmp) - Use our own console for yip (required to add the PATH under uki) - Order the DAG in a proper way (was out of order and not working) Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>	2023-03-14 10:33:38 +01:00
Itxaka	44c2a5be26	Update kairos sdk to latest master (#89 ) Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>	2023-03-09 19:45:24 +01:00

1 2 3

138 Commits