Compare commits
2 Commits
3630d25d6e
...
046f9e5fcd
Author | SHA1 | Date |
---|---|---|
Tobias Strobel | 046f9e5fcd | |
Tobias Strobel | a8bd0d8a8b |
|
@ -13,10 +13,10 @@ MinimumVersion=20.2
|
|||
|
||||
[Validation]
|
||||
# Use RSA 2048 keys for wide UEFI compatibility
|
||||
SecureBootKey=signing-keys/rafeOS_secureboot.key
|
||||
SecureBootCertificate=signing-keys/rafeOS_secureboot.crt
|
||||
VerityKey=signing-keys/rafeOS_secureboot.key
|
||||
VerityCertificate=signing-keys/rafeOS_secureboot.crt
|
||||
SecureBootKey=signing-keys/rafeOS.secure-boot.key
|
||||
SecureBootCertificate=signing-keys/rafeOS.secure-boot.crt
|
||||
VerityKey=signing-keys/rafeOS.secure-boot.key
|
||||
VerityCertificate=signing-keys/rafeOS.secure-boot.crt
|
||||
|
||||
[Host]
|
||||
Incremental=true
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
OUTPUT="${IMAGE_ID}_${IMAGE_VERSION}.sysext"
|
||||
mkdir -p "$DESTDIR/usr/lib/extension-release.d/"
|
||||
cat >"$DESTDIR/usr/lib/extension-release.d/extension-release.$OUTPUT" <<EOF
|
||||
SYSEXT_SCOPE=system
|
||||
SYSEXT_PRETTY_NAME="mkosi — Build Bespoke OS Images"
|
||||
EOF
|
|
@ -2,9 +2,11 @@
|
|||
Dependencies=base
|
||||
|
||||
[Output]
|
||||
# See: https://uapi-group.org/specifications/specs/extension_image/
|
||||
Format=sysext
|
||||
Overlay=yes
|
||||
Output=mkosi_%v.sysext
|
||||
ImageId=mkosi
|
||||
Output=%i_%v.%t
|
||||
SectorSize=4096
|
||||
# For Reproducible Builds
|
||||
Seed=834dd70f55be43cc9934b20fc0b7f7be
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -eu
|
||||
|
||||
mkdir -p /usr/lib/extension-release.d/
|
||||
cat >/usr/lib/extension-release.d/extension-release.mkosi <<EOF
|
||||
ID=rafeOS
|
||||
SYSEXT_ID=mkosi
|
||||
SYSEXT_SCOPE=system
|
||||
EOF
|
||||
|
||||
# The default profiles mount the host's /etc/resolv.conf into our
|
||||
# image. For that the file to mount over needs to exist. Let's create
|
||||
# it here.
|
||||
touch /etc/resolv.conf
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
DIRS="etc dev proc run sys tmp usr/lib var/tmp"
|
||||
|
||||
for dir in $DIRS
|
||||
do
|
||||
mkdir -p "$DESTDIR/$dir"
|
||||
done
|
||||
|
||||
touch "$DESTDIR/etc/machine-id"
|
||||
touch "$DESTDIR/etc/resolv.conf"
|
||||
|
||||
cat <<EOF >"$DESTDIR/usr/lib/os-release"
|
||||
ID=arch
|
||||
SYSEXT_ID="$IMAGE_ID"
|
||||
SYSEXT_VERSION_ID="$IMAGE_VERSION"
|
||||
SYSEXT_SCOPE=portable
|
||||
PORTABLE_PRETTY_NAME="OpenSSH SSH daemon"
|
||||
PORTABLE_PREFIXES=sshd
|
||||
EOF
|
|
@ -2,9 +2,11 @@
|
|||
Dependencies=base
|
||||
|
||||
[Output]
|
||||
# See: https://systemd.io/PORTABLE_SERVICES/
|
||||
Format=portable
|
||||
Overlay=yes
|
||||
Output=openssh_%v.portable
|
||||
ImageId=openssh
|
||||
Output=%i_%v.%t
|
||||
SectorSize=4096
|
||||
# For Reproducible Builds
|
||||
Seed=834dd70f55be43cc9934b20fc0b7f7be
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -eu
|
||||
|
||||
cat >/usr/lib/os-release <<EOF
|
||||
ID=rafeOS
|
||||
SYSEXT_ID=openssh
|
||||
SYSEXT_SCOPE=portable
|
||||
PORTABLE_PREFIXES=sshd
|
||||
PORTABLE_PRETTY_NAME="OpenSSH Portable Service"
|
||||
EOF
|
||||
|
||||
# The default profiles mount the host's /etc/resolv.conf into our
|
||||
# image. For that the file to mount over needs to exist. Let's create
|
||||
# it here.
|
||||
touch /etc/resolv.conf
|
|
@ -24,8 +24,8 @@ generate_key_pair() {
|
|||
fi
|
||||
|
||||
# Default filenames
|
||||
PRIVATE_KEY_FILE="${IMAGE_ID}_${FILENAME_PREFIX}.key"
|
||||
CERTIFICATE_FILE="${IMAGE_ID}_${FILENAME_PREFIX}.crt"
|
||||
PRIVATE_KEY_FILE="${IMAGE_ID}.${FILENAME_PREFIX}.key"
|
||||
CERTIFICATE_FILE="${IMAGE_ID}.${FILENAME_PREFIX}.crt"
|
||||
|
||||
# Period of validity (in days) for the created certificate.
|
||||
# Defaults to 3650, i.e. 10 years.
|
||||
|
@ -79,7 +79,7 @@ generate_key_pair() {
|
|||
}
|
||||
|
||||
generate_secureboot_keys() {
|
||||
generate_key_pair "secureboot" "/CN=$IMAGE_ID UEFI CA $(date +%Y)" "rsa"
|
||||
generate_key_pair "secure-boot" "/CN=$IMAGE_ID UEFI CA $(date +%Y)" "rsa"
|
||||
}
|
||||
|
||||
generate_verity_keys() {
|
||||
|
|
Loading…
Reference in New Issue