lxc/incus-os
1
0
Fork 0
mirror of https://github.com/lxc/incus-os.git synced 2026-03-02 14:49:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,479 Commits 1 Branch 236 Tags
main
Commit Graph

29 Commits

Author SHA1 Message Date
Mathias Gibbens
787e1c124c base: No longer bake all certificates into the image 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2026-02-02 09:49:15 -07:00
Mathias Gibbens
8ffd00f1f6 scripts/tests: Update scripts to place certificates in common location 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2026-02-02 08:39:22 -07:00
Mathias Gibbens
c085763f5d scripts: Update to use new certificates path 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2026-02-02 08:39:22 -07:00
Mathias Gibbens
1b5137e0c0 scripts/test: Capitalize db files 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2026-01-09 16:14:34 -07:00
Mathias Gibbens
ae3fb6adf3 base: Rename and cleanup initrd deb package 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2026-01-09 12:19:32 -07:00
Mathias Gibbens
f8a1b331e4 base: Check PE binaries in initrd 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2026-01-02 12:46:05 -07:00
Mathias Gibbens
c40b58c4e5 base: Install IncusOS CA and PEM-encoded Secure Boot certificates for use when Secure Boot is disabled 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2026-01-02 12:46:00 -07:00
Mathias Gibbens
01c43e6759 scripts/test: Update test cert naming convention 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2026-01-02 12:46:00 -07:00
Mathias Gibbens
9cbb3a2300 scripts/test: Symlink CA certificates 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-12-29 11:29:04 -07:00
Mathias Gibbens
a4a64fd164 scripts/test: Update test certificate generation to more closely match production certificates 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-12-23 07:56:15 -07:00
Stéphane Graber
b665e2a7e8 Fix IncusOS spelling 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-11-04 19:08:22 -05:00
Mathias Gibbens
ff61ab99ee scripts: Robustify SecureBoot certificate injection script 
Loop-mounting the raw image to inject our own SecureBoot certificates is failing
in CI runs more often than I'd like to see. So, switch to using mtools to
directly manipulate the ESP partition since it's formatted as vfat.

Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-10-21 17:09:10 -06:00
Stéphane Graber
512a900d07 convert-img-to-iso: Fix bad GUID 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-08-18 21:12:53 -04:00
Stéphane Graber
0e3c7104b2 convert-img-to-iso: Add aarch64 support 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-08-15 01:39:05 -04:00
Stéphane Graber
46b358f584 scripts: Inject der version of the keys 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-07-14 12:09:14 -04:00
Mathias Gibbens
247182a3a5 scripts: Add helper script to inject custom Secure Boot key defaults 
mkosi doesn't seem to have a nice hook we can use, so we rely on this
script to mount the final install image and inject/replace the auto-
enroll Secure Boot keys with the ones we want.

Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-06-21 13:25:42 -06:00
Mathias Gibbens
81b167151e scripts/test: Add scripts to generate test Secure Boot keys 
These scripts generate a full mock-up CA certificate hierarchy similar
to the production certs used when publishing IncusOS. A total of four
Secure Boot signing keys are created, with the first two used to
populate an initial db of trusted certificates. The third is prepared
as an update to db, while the fourth is prepared as an update to dbx.

The resulting keys generated with these scripts are for TEST purposes
only -- don't let them anywhere near a production system.

Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-06-21 08:40:14 -06:00
Mathias Gibbens
40d79df47f Add licenses check 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-06-19 15:07:53 -06:00
Mathias Gibbens
f3a76872a8 Update spawn-image script to use flasher tool 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-06-05 13:09:22 -06:00
Stéphane Graber
cd272bbef0 scripts: Hardcode partition GUIDs 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-05-22 16:56:45 -04:00
Stéphane Graber
0d3493a2af scripts: Fix spawn-image 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-05-07 00:01:36 -04:00
Mathias Gibbens
200e8b840c Improve creation of .iso boot image 
Rather than running a duplicate build, add a small script that will copy
each partition from the raw image with 512 byte sectors to a new iso
image with 2048 byte sectors. The resulting iso can then be booted as a
CDROM.

Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-05-02 14:53:37 -06:00
Mathias Gibbens
3d2d059fc3 Don't need to truncate install images anymore 
Signed-off-by: Mathias Gibbens <mathias.gibbens@futurfusion.io>
 2025-05-01 16:10:25 -06:00
Stéphane Graber
4930034258 spawn-image: Don't use tmpfs 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-04-11 22:03:37 -04:00
Stéphane Graber
6b7910a0fc scripts: Remove debugging 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-04-08 20:04:11 -04:00
Stéphane Graber
3cd921bea0 scripts: Update for install logic 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-04-08 18:02:21 -04:00
Stéphane Graber
a0335be5bf scripts: Update for incus-osd 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2025-03-13 14:51:32 -04:00
Stéphane Graber
b0ddc94c52 scripts/update-image: Update for variable filenames 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2024-12-13 23:17:27 -05:00
Stéphane Graber
8cf96c93e3 scripts: Add scripts to consume the Github builds 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
 2024-12-06 22:19:16 -05:00