Commit Graph

2707 Commits

Author SHA1 Message Date
Trammell Hudson
4e88d5d59c
typo in gnupg, remove the install directory on a real.clean 2017-04-09 01:38:22 -04:00
Trammell Hudson
a2b0ef878e
add real.clean target and fix DAG for parallel top-level makes (issue #175) 2017-04-08 17:46:54 -04:00
Trammell Hudson
a42aaa37c6
xen depends on musl-cross (issue #175) 2017-04-08 17:46:21 -04:00
Trammell Hudson
8c3b5877a3
add bootstrap target to build cross compilers (issue #162) 2017-04-08 15:19:26 -04:00
Trammell Hudson
46a2ae8c2b
disable more unnecessary LVM components 2017-04-08 14:30:50 -04:00
Trammell Hudson
07eb5e9717
Define $(CROSS_TOOLS) to ensure reproducible builds (issue #173)
Each of the submodule configuration files defined a subset of the
cross compiler tools that it used and many were picking up the
system `ar`, `nm`, `strip, `ld`, etc.  They all now use a `Makefile`
macro that defines the path to the proper cross compiler tools.

For ones that need the tools, but not the musl-libc gcc,
there is $(CROSS_TOOLS_NOCC) that is all of them without gcc.
This is for musl-libc itself, as well as xen and the Linux kernel.
2017-04-08 13:23:34 -04:00
Trammell Hudson
ae6bed14a2
lvm Makefile was defining $(STRIP) (issue #174) 2017-04-08 13:21:14 -04:00
Trammell Hudson
c262de30a4
kexec/util/bin-to-hex needs to be HOST_CC, not LD (issue #173) 2017-04-08 13:20:40 -04:00
Trammell Hudson
9fb1f247ad
use cross compiler ar (issue #166) 2017-04-07 11:28:36 -04:00
Trammell Hudson
2b0b6f33c0
use cross compiler ar (issue #166) 2017-04-07 11:19:44 -04:00
Trammell Hudson
ea175466a0
use cross compiler ar (issue #166) 2017-04-07 10:57:19 -04:00
Trammell Hudson
8241f190ac
use cross compiler ar (issue #166) 2017-04-07 10:48:46 -04:00
Trammell Hudson
75117c0e5b
reconfigure submodules if their config files ever change (issue #172) 2017-04-07 10:34:57 -04:00
Trammell Hudson
5a0f3dc10b
use -9 instead of --extreme for reproducibility (issue #171) 2017-04-07 10:05:30 -04:00
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169) 2017-04-07 09:53:02 -04:00
Trammell Hudson
ac74b92157
re-enable zlib and use it in kexec (issue #170) 2017-04-07 09:51:49 -04:00
Trammell Hudson
3c07e27d73
prefix should not be empty 2017-04-07 09:51:15 -04:00
Trammell Hudson
f65136c1a2
parallel crosscompiler build (issue #168) 2017-04-07 08:59:25 -04:00
Trammell Hudson
6b0013e038
use the non-musl-libc wrapped gcc (issue #167) 2017-04-06 17:28:12 -04:00
Trammell Hudson
c76a618b1e
use our cross compiler ld (issue #166) 2017-04-06 17:02:14 -04:00
Trammell Hudson
7c8f86bc52
lvm2 builds reproducibly again (issue #166) 2017-04-06 16:44:48 -04:00
Trammell Hudson
2b55d8bcf8
use our cross compiler ar, not /usr/bin/ar (issue #166) 2017-04-06 16:22:40 -04:00
Trammell Hudson
727e2fbc56
report sha256 of stages as they are built 2017-04-06 16:06:52 -04:00
Trammell Hudson
96fe3f3f09
replaced PREFIX= with DESTDIR= to make builds reproducible (issue #166) 2017-04-06 16:01:56 -04:00
Trammell Hudson
09718fc97e
replace __FILE__ with "__FILE__" to make Xen reproducible (issue #166) 2017-04-06 15:58:51 -04:00
Trammell Hudson
ea8a55fe5b
shell syntax, not makefile syntax (issue #131) 2017-04-06 11:01:48 -04:00
Trammell Hudson
192e122719
scale the max load by the number of CPUs (issue #131) 2017-04-06 10:50:43 -04:00
Trammell Hudson
830828f2a2
enable usb storage module (issue #160) 2017-04-06 09:45:47 -04:00
Trammell Hudson
350a3564b1
move usb-storage into a kernel module (issue #160) 2017-04-05 19:20:53 -04:00
Trammell Hudson
362785b81c
gpg uses pubring.gpg instead of trustedkeys.gpg 2017-04-05 18:43:58 -04:00
Trammell Hudson
06d2f7728b
ignore tilde files 2017-04-05 18:43:18 -04:00
Trammell Hudson
9d6c5c5da8
fix gpg tty reading from /dev/console to support yubikey (issue #32) 2017-04-05 18:35:45 -04:00
Trammell Hudson
a2e51a599c
fix build to avoid libusb installed on host system 2017-04-05 18:07:50 -04:00
Trammell Hudson
a1efbb8e02
fix build to avoid libusb installed on host system 2017-04-05 18:06:42 -04:00
Trammell Hudson
71f6cf3315
hash update 2017-04-05 18:01:36 -04:00
Trammell Hudson
0da184fe01
Enable gpg with card support (issue #32) 2017-04-05 17:59:49 -04:00
Trammell Hudson
cfcf6c46d5
Purism Librem 13v1 initial configuration 2017-04-05 14:13:40 -04:00
Trammell Hudson
0019d8031c
make %.rom generic 2017-04-05 14:12:44 -04:00
Trammell Hudson
5195a74422
remove initrd unpacking, since Qubes dracut /etc/cryptab can be fixed 2017-04-05 10:30:28 -04:00
Trammell Hudson
ce766bdc58
LVM patches to compile with musl 2017-04-04 09:41:50 -04:00
Trammell Hudson
39cb4031f4
TPM disk encryption keys for Qubes.
Issue #123: This streamline Qubes startup experience by
making it possible to have a single-password decryption.

Issue #29: The disk keys in `/secret.key` are passed to the systemd
in initramfs through `/etc/crypttab`, which is generated on each boot.
This is slow; need to look at alternate ways.

Issue #110: By using LVM instead of partitions it is now
possible to find the root filesystem in a consistent way.

Issue #80: LVM is now included in the ROM.
2017-04-03 17:18:11 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80)
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).

This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154.
2017-04-03 17:13:59 -04:00
Trammell Hudson
392599b90b
have xen output the xen executable for x230-qubes (issue #84) 2017-04-03 17:13:07 -04:00
Trammell Hudson
4c413a1737
enable file locking for LVM 2017-04-03 17:11:12 -04:00
Trammell Hudson
cd584c4fad
remove unused platform modules 2017-04-03 17:10:22 -04:00
Trammell Hudson
3dcc3d4b49
load the xhci USB3 modules as well 2017-04-03 17:09:54 -04:00
Trammell Hudson
85a77cf5de
build xen for installation into x230-qubes ROM (issue #84) 2017-04-03 17:09:22 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue #156) 2017-04-03 14:53:29 -04:00
Trammell Hudson
e41e21084a
extend PCR 4 in a recovery to prevent disk key decryption (issue #154) 2017-04-03 10:30:03 -04:00
Trammell Hudson
174bb64957
Move Qubes startup script to /boot/boot.sh
This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.

Issue #154: for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM.  This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.

Issue #123: this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue #29).

This does not address issues #110 of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.
2017-04-02 22:21:49 -04:00