| Age | Commit message (Collapse) | Author |
|---|
|
In order to be able to provide decryption keys for the LUKS device, they need
to be available in the initial ram disk. However they cannot be stored inside
the usual initrd, since it is stored in the store and being a
world-readable (as files in the store are) is not a desired property for a
initrd containing decryption keys. This commit adds an option to load
additional initrd during the boot, one that is not stored inside the store and
therefore can contain secrets.
Since only grub supports encrypted /boot, only grub is modified to use the
extra-initrd. There is no use case for the other bootloaders.
* doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd
field.
* gnu/bootloader.scm (<bootloader-configuration>): Add extra-initrd field.
* gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I995989bb623bb594ccdafbf4a1a6de941bd4189f
|
|
Fixes <https://issues.guix.gnu.org/65225>.
* guix/profiles.scm (info-dir-file, package-cache-file)
(info-dir-file, ghc-package-cache-file, ca-certificate-bundle)
(emacs-subdirs, gdk-pixbuf-loaders-cache-file, glib-schemas)
(gtk-icon-themes, gtk-im-modules, linux-module-database)
(xdg-desktop-database, xdg-mime-database, fonts-dir-file)
(manual-database, manual-database/optional): Add optional #:system
parameter and pass it to ‘gexp->derivation’.
(profile-derivation): Pass HOOK a second parameter, SYSTEM.
* gnu/bootloader.scm (efi-bootloader-profile)[efi-bootloader-profile-hook]:
Add optional #:system parameter and pass it to ‘gexp->derivation’.
* guix/channels.scm (package-cache-file): Likewise.
* tests/profiles.scm ("profile-derivation, #:system, and hooks"): New
test.
Reported-by: Tobias Geerinckx-Rice <me@tobias.gr>
|
|
This rework allows to use an (efi-bootloader-chain) like this, which is able
to boot over network or local storage, depending on whether the bootloader
target has support for symbolic links:
(operating-system
(bootloader
(bootloader-configuration
(bootloader
(efi-bootloader-chain
grub-efi-netboot-removable-bootloader
#:packages (list my-firmware-package
my-u-boot-package)
#:files (list (plain-file "config.txt"
"kernel=u-boot.bin"))
#:hooks my-special-bootloader-profile-manipulator))
(targets '("/booti/efi"))
…))
…)
* doc/guix.texi (Bootloader Configuration): Describe the new
‘grub-efi-netboot-removable-bootloader’. Mention the file names used and that
the UEFI Boot Manager is not modified. Advise to disable write-access over
TFTP.
* gnu/bootloader.scm (efi-bootloader-profile): Allow a list of packages and
collect everything directly in the profile, avoiding a separate collection
directory. Renamed the profile from "bootloader-profile" to
"efi-bootloader-profile".
[bootloader-collection]: Rename to...
[efi-bootloader-profile-hook]: ... this and remove unused modules. Do not
create the now extraneous collection directory.
(efi-bootloader-chain): Add PACKAGES and DISK-IMAGE-INSTALLER arguments.
Remove handling of the collection directory, now only calling the given
installer procedure.
* gnu/bootloader/grub.scm (make-grub-efi-netboot-installer): New helper.
(make-grub-configuration): New helper based on (grub-configuration-file). Add
a GRUB argument, fix indentation, remove previous code retrieving GRUB from
CONFIG.
(grub-configuration-file): Make use of make-grub-configuration.
(grub-efi-configuration-file): New procedure.
(grub-cfg): New variable to replace "/boot/grub/grub.cfg".
(install-grub-efi-netboot): Remove, splitting logic to...
(make-grub-efi-netboot-installer): ... this new helper procedure, as well as
to make-grub-efi-netboot, added below.
(grub-bootloader): Adjust to use the GRUB-CFG.
(grub-efi-bootloader): Likewise. Removed inheritance and declare all fields
explicitly.
(make-grub-efi-netboot-bootloader): New procedure.
(grub-efi-netboot-bootloader): Use it.
(grub-efi-netboot-removable-bootloader): New variable.
* gnu/packages/bootloaders.scm (make-grub-efi-netboot): New procedure.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
* gnu/bootloader.scm (report-menu-entry-error): New procedure.
(menu-entry->sexp): Add a call to `report-menu-entry-error'.
Co-Authored-By: Julien Lepiller <julien@lepiller.eu>
Signed-off-by: Julien Lepiller <julien@lepiller.eu>
|
|
* gnu/bootloader.scm (<menu-entry>)[chain-loader]: New field.
(menu-entry->sexp, sexp->menu-entry): Support chain-loader.
* doc/guix.texi (Bootloader Configuration): Document it.
Co-Authored-By: Julien Lepiller <julien@lepiller.eu>
Signed-off-by: Julien Lepiller <julien@lepiller.eu>
|
|
* gnu/bootloader (<bootloader-configuration>): Wrap lines, no functional
change.
|
|
In some specific cases where the device tree file is already loaded in RAM, it
can be preferable that the bootloader does not try to use a device tree from
the Linux kernel tree.
* gnu/bootloader.scm (<bootloader-configuration>)[device-tree-support?]: New field.
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Add FDTDIR line
based on <device-tree-support?> field of <bootloader-configuration>.
* doc/guix.texi (Bootloader Configuration)[device-tree-support?]: Add
documentation for the new field.
|
|
Previously, menu-entry->sexp didn't try to convert `device` to a
proper sexp, which was inserted directly into the boot parameters
G-exp, leading to a G-exp input error. Now convert both uuid and
file-system-label possibilities to sexps, and add parsing code to
sexp->menu-entry. This fixes #57307.
* gnu/bootloader.scm (menu-entry->sexp, sexp->menu-entry): Take
non-string devices into account.
Signed-off-by: Marius Bakke <marius@gnu.org>
|
|
This follows up on commit 8a0e1bb12b3c22a8c9a2be17492058ca63ec7c5d.
* gnu/bootloader.scm: Don't export
bootloader-configuration-additional-configuration, which no longer
exists.
Reported by muradm in #guix.
|
|
* gnu/bootloader.scm (%warn-target-field-deprecation): Remove it.
* gnu/bootloader.scm (warn-target-field-deprecation): Use
define-with-syntax-properties.
* gnu/system.scm (ensure-setuid-program-list): Ditto. Also rename the
'location' variable to 'properties'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
This is a followup to 2ca982ff41270288913ad6b7d5d9e1cad87b06d9.
* gnu/bootloader.scm (warn-target-field-deprecation): New macro.
(<bootloader-configuration>)[target]: Add 'sanitize' property.
(%warn-target-field-deprecation): New procedure.
(bootloader-configuration-target): Define using 'define-deprecated'.
(bootloader-configuration-targets): Use
'%bootloader-configuration-target' rather than the deprecated one.
|
|
Fixes <https://issues.guix.gnu.org/40997>.
* gnu/bootloader.scm (<bootloader-configuration>): New 'targets' field.
(%bootloader-configuration-target): New procedure.
(bootloader-configuration-target): Add deprecation warning.
(bootloader-configuration-targets): New procedure.
* guix/scripts/system.scm (install): Access targets via
bootloader-configuration-targets.
(perform-action)[bootloader-target]: Remove unused argument and update doc.
Access targets via bootloader-configuration-targets and fix indentation.
(process-action): Access targets via bootloader-configuration-targets.
Do not provide the unused BOOTLOADER-TARGET argument when applying
`perform-action'.
* guix/scripts/system/reconfigure.scm (install-bootloader-program): Rename
DEVICE argument to DEVICES. Adjust doc and comment. Apply `installer' and
`disk-installer' for every DEVICES.
(install-bootloader): Access targets via bootloader-configuration-targets and
rename variable from DEVICE to DEVICES.
* gnu/tests/install.scm: Adjust accordingly.
* tests/guix-system.sh: Likewise.
* gnu/tests/reconfigure.scm (run-install-bootloader-test): Adjust the DEVICES
argument so that it is a list.
* doc/guix.texi: Update doc.
|
|
* gnu/bootloader.scm (efi-bootloader-profile): Allow multiple HOOKS.
(efi-bootloader-chain): Allow multiple HOOKS.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
|
|
* gnu/bootloader.scm (efi-bootloader-profile): New function.
(efi-bootloader-chain): New function.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
|
