Commit Graph

260 Commits

Author SHA1 Message Date
Trammell Hudson
791d064397
musl-cross-make: replace all cross compilers with musl-cross-make
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-08 17:08:15 +01:00
Trammell hudson
027ae39abe
modules: add module_tar_opt to allow different strip options
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-12-03 10:48:10 +01:00
rofl0r
7370b75945 update musl-cross to 1952975
this should fix issues with compressed ELF header sections.
2019-12-02 23:03:14 +00:00
Trammell hudson
2980eb0522
pin msrtools and tpmtotp to current git heads
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:36:04 +01:00
Trammell hudson
e5038e6adf
musl-cross: crossgcc binary changed names (#617)
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:26:23 +01:00
Trammell hudson
56aa508b8d
musl-cross: pin to a specific checkout (#617)
Add `--strip 1` to tar file extraction in the `Makefile`,
which ensures that the directory name in `build/` will
match the one listed in `$($(MODULE)_dir)`.

Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:15:56 +01:00
Trammell hudson
a37e1f434d
add Intel msrtools commands 2019-07-30 15:36:57 +02:00
tlaurion
6080219d85
tabs required instead of spaces... 2019-04-27 13:40:12 -04:00
Thierry Laurion
a15504b414
Fedora 30 fix for pinentry: remove gtk and gnome3 support. TODO: remove all unneeded config options for ALL modules 2019-04-27 13:36:05 -04:00
tlaurion
64c830e652
Merge branch 'master' into make-4.2.1 2019-04-22 21:53:43 -04:00
tlaurion
6612352a60
Merge pull request #496 from strugee/better-mirror-url
Improve mirror URLs
2019-02-28 16:12:25 -05:00
tlaurion
695993b593
Merge branch 'master' into gpg2 2019-02-08 13:29:02 -05:00
Thierry Laurion
8dd1082808
module/pinentry: disable-pinentry-qt instead of qt5
else:
make[4]: Entering directory '/home/user/heads/build/pinentry-1.1.0/qt'
g++ -DHAVE_CONFIG_H -I. -I..  -I//include -I//include  -I.. -I../secmem  -I../pinentry -Wall -I/home/user/heads/install/usr/include -I/home/user/heads/install/usr/include/QtCore -I/home/user/heads/install/usr/include/QtGui -DQT_SHARED  -g -O2 -MT pinentrydialog.o -MD -MP -MF .deps/pinentrydialog.Tpo -c -o pinentrydialog.o pinentrydialog.cpp
In file included from pinentrydialog.cpp:24:
pinentrydialog.h:27:10: fatal error: QDialog: No such file or directory
2019-01-29 11:18:14 -05:00
Itay Grudev
3bc79495bb
Disabled libsecret support in the pinentry module 2019-01-29 11:16:26 -05:00
Thierry Laurion
44d566a72a
pinentry-tty path needs to be known from gpg-agent 2019-01-26 11:51:59 -05:00
Trammell Hudson
e5a739e54c
use /bin for libexecdir and disable curses pinentry 2019-01-26 11:51:54 -05:00
Thierry Laurion
8ba3c33402
required changes to apply on top of osresearch/gpg2 for gpg2 to actually work, tools and libs updated to latest versions 2019-01-26 11:51:51 -05:00
Trammell hudson
c261907ee6
gpg2 pinentry program is required for passwords or PINs 2019-01-26 11:51:41 -05:00
tlaurion
49269f2bb4
gpg2 library fixes 2019-01-26 11:51:17 -05:00
Trammell hudson
b1736d7cb3
use full version names on output libraries 2019-01-26 11:48:26 -05:00
Trammell hudson
c1c615e677
copy gpg2 executables and pass in the libusb include path 2019-01-26 11:47:16 -05:00
Duncan Guthrie
7f1288b89c
Preliminary support for GnuPG2 2019-01-26 11:45:00 -05:00
AJ Jordan
8b28e49459
Switch popt mirror to Launchpad
Launchpad offers HTTPS downloads, whereas other more obvious mirrors
(like the one used originally, as well as rpm5.org) do not.

Note: it is unclear to whether Launchpad's tarballs will always match
the checksum from upstream tarballs. However, at least for 1.16, this
condition does indeed seem to hold true. Homebrew, FWIW, lists OpenBSD
as a mirror:

https://github.com/Homebrew/homebrew-core/blob/master/Formula/popt.rb
2018-12-13 16:39:07 -05:00
AJ Jordan
6303fbcacc
Download most resource from HTTPS
As much as possible.
2018-12-13 16:21:21 -05:00
AJ Jordan
b38e720440
Use a better GNU mirror URL
The new URL automatically redirects to a nearby, current GNU mirror.

Also, the fact that it's HTTPS helps with restrictive outbound
firewall policies that disallow plaintext traffic (for example,
using Qubes' firewall functionality).
2018-12-13 01:32:37 -05:00
Francis Lam
c559d71725
cairo: restore reproducibility
libtool needs to be patched to not write rpath to targets
2018-11-24 09:18:32 -08:00
Trammell Hudson
d8a3be47af
Merge branch 'coreboot-4.8' of https://github.com/flammit/heads 2018-11-07 17:04:23 -05:00
Trammell Hudson
7f83a0a028
Merge branch 'fbwhiptail_url' of https://github.com/merge/heads 2018-11-07 16:41:28 -05:00
Trammell Hudson
8fec61f6e8
Merge branch 'cryptsetup-reencrypt' of https://github.com/tlaurion/heads 2018-11-07 16:38:12 -05:00
Trammell Hudson
3f53cfe05b
Merge branch 'add_librem_key_support' of https://github.com/kylerankin/heads 2018-11-07 16:37:01 -05:00
Francis Lam
fe0f957bfc
Make lvm and slang build reproducibly again 2018-10-28 10:59:33 -07:00
Francis Lam
79c1434610
Fix DOTCONFIG in coreboot module and clean up configs 2018-10-27 14:03:45 -07:00
Trammell hudson
0bb78d343f
Use defconfig for coreboot builds 2018-10-27 11:02:23 -07:00
Francis Lam
c326ff62c7
Start updating to coreboot 4.8.1
missing librem patches
2018-10-27 11:02:23 -07:00
Martin Kepplinger
255181c02f fix the fbwhiptail source URL
The current source URL is not available anymore.

kakaroto changed his copy of heads to point to his own github account's fbwhiptail:
b13cc5e68d

But it seems that source.puri.sm/coreboot is a more accessible home for the
project.
2018-10-18 13:47:54 +02:00
Thierry Laurion
1d2fb02668 Adding cryptsetup-reencrypt support 2018-10-08 16:28:05 -04:00
Trammell hudson
aeb59e1b48
coreboot must be extracted before the xgcc symlink 2018-09-18 16:06:35 -04:00
Trammell hudson
6183d58ecc
fix config spacing and path to xgcc 2018-09-18 16:04:28 -04:00
Trammell hudson
9ab033aa06
use externally built coreboot compilers 2018-09-18 15:59:48 -04:00
Trammell hudson
66b51d3296
quiet hashing process slightly 2018-09-18 13:07:40 -04:00
Trammell hudson
54748c663a
hash the kernel 2018-09-18 12:09:47 -04:00
Trammell hudson
606600586c
coreboot-gcc target 2018-09-18 09:27:18 -04:00
Trammell hudson
f712d7aefe
move limits.h dependency into modules/linux 2018-09-18 07:24:19 -04:00
Trammell hudson
292a8bec81
patch for __alloca missing on ubuntu 18.04 (#352) 2018-09-18 06:33:15 -04:00
Trammell Hudson
fb37c5dcc8
bds-pr is on the main branch now 2018-08-13 06:31:07 -04:00
Trammell Hudson
f4e25dd216
Use Linux kernel defconfig format (issue #416)
This reduces the amount of noise in the Linux kernel config files
by only storing the differences from the stock configuration.
It adds a new makefile target 'linux.saveconfig' to convert the
build tree's .config file into config/linux-linuxboot.config.
2018-08-09 12:45:53 -04:00
Trammell Hudson
c7c4b9919c
ensure that the dxe modules will be built with the Heads cross compiler 2018-08-09 12:20:03 -04:00
Trammell Hudson
c98bfe158f
update to 4.14.62 and use the linuxboot.efi BDS 2018-08-09 10:20:22 -04:00
Trammell Hudson
d400c4dd4d
update paths for Linux 4.14.56 (issue #423) 2018-07-17 06:48:06 -04:00
Kyle Rankin
31cf85b707
Add Librem Key support to Heads
The Librem Key is a custom device USB-based security token Nitrokey is
producing for Purism and among other things it has custom firmware
created for use with Heads. In particular, when a board is configured
with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
sealed TOTP secret to also send an HOTP authentication to the Librem
Key. If the HOTP code is successful, the Librem Key will blink a green
LED, if unsuccessful it will blink red, thereby informing the user that
Heads has been tampered with without requiring them to use a phone to
validate the TOTP secret.

Heads will still use and show the TOTP secret, in case the user wants to
validate both codes (in case the Librem Key was lost or is no longer
trusted). It will also show the result of the HOTP verification (but not
the code itself), even though the user should trust only what the Librem
Key displays, so the user can confirm that both the device and Heads are
in sync. If HOTP is enabled, Heads will maintain a new TPM counter
separate from the Heads TPM counter that will increment each time HOTP
codes are checked.

This change also modifies the routines that update TOTP so that if
the Librem Key executables are present it will also update HOTP codes
and synchronize them with a Librem Key.
2018-06-19 12:27:27 -07:00