[arch-general] kernel-install in archlinux
Is there any plan for moving ArchLinux to the kernel-install infrastructure[1] I've seen some talk about it from a year ago, but the discussion seems to have died off. My personal use case is to have a hook that self-signs kernel+initramfs+cmdline images for secure boot (using my own keys), and currently I have to do that manually whenever the initramfs is updated. [1] https://www.freedesktop.org/software/systemd/man/kernel-install.html [2] https://lists.archlinux.org/pipermail/arch-dev-public/2016-May/028014.html -- damjan
On 22-06-2017 12:58, Damjan Georgievski via arch-general wrote:
Is there any plan for moving ArchLinux to the kernel-install infrastructure[1]
I've seen some talk about it from a year ago, but the discussion seems to have died off.
My personal use case is to have a hook that self-signs kernel+initramfs+cmdline images for secure boot (using my own keys), and currently I have to do that manually whenever the initramfs is updated.
[1] https://www.freedesktop.org/software/systemd/man/kernel-install.html [2] https://lists.archlinux.org/pipermail/arch-dev-public/2016-May/028014.html
You may want to check 'man alpm-hooks'. You should be able to automate what you want to do. -- Mauro Santos
On 22 June 2017 at 14:42, Mauro Santos via arch-general <arch-general@archlinux.org> wrote:
On 22-06-2017 12:58, Damjan Georgievski via arch-general wrote:
Is there any plan for moving ArchLinux to the kernel-install infrastructure[1]
I've seen some talk about it from a year ago, but the discussion seems to have died off.
My personal use case is to have a hook that self-signs kernel+initramfs+cmdline images for secure boot (using my own keys), and currently I have to do that manually whenever the initramfs is updated.
[1] https://www.freedesktop.org/software/systemd/man/kernel-install.html [2] https://lists.archlinux.org/pipermail/arch-dev-public/2016-May/028014.html
You may want to check 'man alpm-hooks'. You should be able to automate what you want to do.
Unfortunately that's not enough, other hooks (which are unknown) can update the initramfs, and I can't hook on /boot/initramfs-* since it's not part of any package. ps. and yes, I already do have a hook that triggers on the linux package -- damjan
On 22-06-2017 15:20, Damjan Georgievski wrote:
Unfortunately that's not enough, other hooks (which are unknown) can update the initramfs, and I can't hook on /boot/initramfs-* since it's not part of any package.
I suppose the question is if any of the official packages provide a hook that does changes the initramfs. You can probably trigger your hook on a kernel update and give it a name that will make it run _after_ the stock initramfs update hook and any other hooks that change the initramfs. That said I have never played with custom hooks so I'm going by what the man page says. If there are some hooks which do not play well with what you want to do then maybe you can ask the maintainer/dev to make it run in a predictable way. I guess no one has looked into automating/integrating secure boot into arch but it would be a cool thing to have, even if not in the official repos (read: even if it is provided by a package on the AUR and there are some instruction/general guidelines on how to make it work). -- Mauro Santos
participants (2)
-
Damjan Georgievski
-
Mauro Santos