[arch-commits] Commit in (11 files)
David Runge
dvzrv at archlinux.org
Sat May 15 13:44:57 UTC 2021
Date: Saturday, May 15, 2021 @ 13:44:57
Author: dvzrv
Revision: 934643
Add ipxe as dependency for automation of all release artifacts.
Added:
ipxe/
ipxe/repos/
ipxe/trunk/
ipxe/trunk/PKGBUILD
ipxe/trunk/arch.ipxe
ipxe/trunk/codesigning_pierre_archlinux.pem
ipxe/trunk/default.ipxe
ipxe/trunk/dst_root_ca_x3.pem
ipxe/trunk/general.h
ipxe/trunk/letsencrypt_authority_x3.pem
ipxe/trunk/run_ipxe
----------------------------------+
PKGBUILD | 96 +++++++++++++++++++++++++++++++++++++
arch.ipxe | 4 +
codesigning_pierre_archlinux.pem | 30 +++++++++++
default.ipxe | 6 ++
dst_root_ca_x3.pem | 20 +++++++
general.h | 16 ++++++
letsencrypt_authority_x3.pem | 27 ++++++++++
run_ipxe | 43 ++++++++++++++++
8 files changed, 242 insertions(+)
Added: ipxe/trunk/PKGBUILD
===================================================================
--- ipxe/trunk/PKGBUILD (rev 0)
+++ ipxe/trunk/PKGBUILD 2021-05-15 13:44:57 UTC (rev 934643)
@@ -0,0 +1,96 @@
+# Maintainer: David Runge <dvzrv at archlinux.org>
+
+pkgname=ipxe
+pkgver=1.21.1
+pkgrel=1
+pkgdesc="Network bootloader"
+arch=('x86_64')
+url="https://ipxe.org"
+license=('GPL2' 'custom:UBDL')
+makedepends=('cdrtools')
+optdepends=(
+ 'bash: for run_ipxe'
+ 'qemu: for run_ipxe'
+ 'edk2-ovmf: for run_ipxe'
+)
+source=("$pkgname-$pkgver.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/refs/tags/v${pkgver}.tar.gz"
+ "arch.ipxe"
+ "dst_root_ca_x3.pem"
+ "letsencrypt_authority_x3.pem"
+ "codesigning_pierre_archlinux.pem"
+ "default.ipxe"
+ "general.h"
+ "run_${pkgname}")
+sha512sums=('47400975110ed4ab95835aa1b7c8d5a6917c19c5713c6ab88bc0741a3adcd62245a9c4251d1f46fffc45289c6b18bf893f86dbc3b67d3189c41b7f198367ecaa'
+ 'ec41e20333ce91b555d4f6a64f211323315a183466d8437404dc548287b96cc8aa4d2953bb5a496677f77e73b7b99752dc973688ade0ccab842fabb8f6127f47'
+ '1f52b62aa9e3ec0656ea3cb5c8e52eda924d58728e64bb03ca6c112858b91b13cf0a9328b105bb232973e240406b240ed14e72b5bd325e82e6fddf3126dbcc58'
+ '0fa893f751f0880c7d89c398cae9708f5ff04d466832fb6160a824395032259ac52e02a44da531d0f8bf7e310298b0067b1e8257f816d3223034f391ecba491d'
+ 'e3a8c74dcf95cb4b77ed379d2185ef56b6ab2f4c7bdaf5a68876d21aca4d7961b0d8090da7132c6f1797bdca24014dfea032129ee207282797b91e31b6dc4d48'
+ '9162f528cd0080b9231785795f08d3229c52ce3c18ca5a6efcfbea5028e103a294ddef79a0f28ab64b8d0cdcb9e6cdd7fee797766ad2c3d1dbc3891ddeb4b553'
+ '080b5b7f1a02d6e3a4691e0e65f12a554ede2a783284357f4ef940eb506fec7ec477dc3060c67cf31999af99eba26b0bfa1495cb2a5baa5af4c133bdca2152af'
+ '545680910b8b0cbe2dad8b4fd2745a1a58a176601fa3f3695c7f1750dccd67df78a04bc22c121cb8e78c58bdea85947c686e58ae20fca68c355710dc044f9a32')
+b2sums=('03871b5f89c6228a9082bb89c7b102d85e5f3afcd5fe0d93762e220fe162c9c3037a9918f30251fd103835d949335f99109a12559f560a5b686e65a7c24c6501'
+ '13f73fbd49867a087cbb036562f067ee30e3a3718402363fd6c6d318bb819dde5728510c1459d7bb5906bec37469b2046a2ad148175b6ea4fb58ce68ee614d91'
+ '417023f75b356003f60258522e4b68b46d0c4ebf8cb3f36faf47de300451cfc708e952b8bfa7e2579fa60c9c9cc5bdb49da5b2591b872087b7a19f6a1bdfa192'
+ 'a055d8af4df3554310d13b92f4937672293fde506d31dde3a345a802abb051549a06e4609a29b8aab26100e874abc84f4112585b011b6e532d0e60a22672d33b'
+ 'a61f76a2ecbf344bb26e064146e4c6821ee195c7b7579cbf8c61d60ded3c3946d53329a8c2e795435ef5498bec97042472f186c13b4e0dc274da34d047f8f326'
+ 'f38eec3584967f9a8d4f9f2cc39803de9fa21fd1406efe802c3422f6de30c79e4cd679e775a886f778a40aacb81b9c4120d7205178284cacf69fa7d43557a906'
+ 'a69a2dabf23b931aa062d20936510eda6bc9d6a61cded4b5e5960958b2a06642d527bb788b3fae9961dbf5d2ac18c63a6df69db52668cf904b75bd7366117b9b'
+ 'ee372696fcb35f886ea30d7989f2b795e4f7575ee666cfe951737781079d6a2c7bdf94b597a29f8bd580549d8a2267272f654aa0ce6d50b31e01769524201ea9')
+
+prepare() {
+ cd "$pkgname-$pkgver"
+ # symlink header with custom configuration into place
+ ln -sv "${srcdir}/general.h" src/config/local/
+}
+
+build() {
+ local _file _certs=""
+ # add certs
+ for _file in "${source[@]}"; do
+ if [[ "${_file}" == *.pem ]]; then
+ _certs+="${srcdir}/${_file},"
+ fi
+ done
+
+ cd "$pkgname-$pkgver"
+ # build arch specific images
+ # TODO: adapt arch.ipxe as soon as we can fix https://bugs.archlinux.org/task/70767
+ # NOTE: to debug issues with TLS or codesigning, add "DEBUG=open,tls,x509:3,certstore,privkey"
+ make -C src NO_WERROR=1 \
+ EMBED="$srcdir/arch.ipxe" \
+ CERT="${_certs}" \
+ TRUST="${_certs}" \
+ bin/ipxe.lkrn \
+ bin/ipxe.pxe \
+ bin-i386-efi/ipxe.efi \
+ bin-x86_64-efi/ipxe.efi
+
+ # move binaries out of the way
+ mv -v src/bin/ipxe{,-arch}.lkrn
+ mv -v src/bin/ipxe{,-arch}.pxe
+ mv -v src/bin-i386-efi/ipxe{,-arch}.efi
+ mv -v src/bin-x86_64-efi/ipxe{,-arch}.efi
+
+ # build default images
+ make -C src NO_WERROR=1 \
+ EMBED="$srcdir/default.ipxe" \
+ bin/ipxe.lkrn \
+ bin/ipxe.pxe \
+ bin-i386-efi/ipxe.efi \
+ bin-x86_64-efi/ipxe.efi
+
+}
+
+package() {
+ local _arch
+
+ cd "$pkgname-$pkgver"
+ install -vDm 644 src/bin/ipxe{,-arch}.{lkrn,pxe} -t "${pkgdir}/usr/share/${pkgname}/"
+ for _arch in i386 x86_64; do
+ install -vDm 644 "src/bin-${_arch}-efi/ipxe"{,-arch}.efi -t "${pkgdir}/usr/share/${pkgname}/${_arch}/"
+ done
+ install -vDm 644 COPYING.UBDL -t "${pkgdir}/usr/share/licenses/${pkgname}/"
+
+ install -vDm 755 ../"run_${pkgname}" -t "${pkgdir}/usr/bin"
+}
Added: ipxe/trunk/arch.ipxe
===================================================================
--- ipxe/trunk/arch.ipxe (rev 0)
+++ ipxe/trunk/arch.ipxe 2021-05-15 13:44:57 UTC (rev 934643)
@@ -0,0 +1,4 @@
+#!ipxe
+ifconf
+ntp pool.ntp.org
+chain https://ipxe.archlinux.org/releng/netboot/archlinux.ipxe || shell
Added: ipxe/trunk/codesigning_pierre_archlinux.pem
===================================================================
--- ipxe/trunk/codesigning_pierre_archlinux.pem (rev 0)
+++ ipxe/trunk/codesigning_pierre_archlinux.pem 2021-05-15 13:44:57 UTC (rev 934643)
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFOzCCAyOgAwIBAgIJAM/ujMJZQq3IMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
+BAYTAkRFMRcwFQYDVQQDDA5QaWVycmUgU2NobWl0ejEiMCAGCSqGSIb3DQEJARYT
+cGllcnJlQGFyY2hsaW51eC5kZTAeFw0xNjA2MDExNjQxNTZaFw0yNjA1MzAxNjQx
+NTZaMEoxCzAJBgNVBAYTAkRFMRcwFQYDVQQDDA5QaWVycmUgU2NobWl0ejEiMCAG
+CSqGSIb3DQEJARYTcGllcnJlQGFyY2hsaW51eC5kZTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBAMybf9uwe6O+FPUYR4ycBDcBJp0QOsUDSSw9c5EJsTJJ
+/0HDk+cFW9OdhxnRsxOPCYyrqE/FEusMyAyyyrZ1DVqprTegcqwqgZSmLNwBp+gP
+Dt10JuNQM7IFIs0p3CE6JyuLWJWjn+ZJuVa1Qwfg80wOv/CLkQEWP5ols3o4VroF
+CzJAKd4nVRf8JSyk+4Hka1udtqw4zEyDtaomZ661ZxBH3+PAoE2N+VcMPC3yTOBS
+4RuabUU4PotfFXMrWGfBLuxGK3IVH99rof2SFG719o0ZDOtVLuaCEAo4VywiYqO0
+qAKKBlH0XEvdOAG4KuHFFKQN1UTFRQ9yZXcfdNBnMYRW3QpbPfMcrFUDYvhHW4N/
+dH5JhKL0LDvvrn0Nr1C5OJbZSl2triPmJUJpMBRhcRut6ZH6FkNWLmavNV8Q9cpM
+1qXG0s/yH2RaBQ2+Le7YdKVrcy05SiYJoaZQovxrxQGzJDg9OuWiM49gjBHW32lm
+uK1C4o7B/sf65qZOCkZO2zagLCf8xxKEh/ftbdpnhBpLFbUqXT07Ve5rX26IUUT6
+C+N/dRIxXcmV0+iWOa/Isbo81oOebriHZl5659Fceae2wA8JoBaT7/m3rRSXOPyC
+4hABWbX0eRg3fhiObubTfH74Q1oeLCEClBx8N4sutvoMA0S4Q2VuUvFaB6VyN5w5
+AgMBAAGjJDAiMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkq
+hkiG9w0BAQsFAAOCAgEAirqIJj9KkT+uTgz4EphPZN2FbaxDcw0bxBrEX4t9E68K
+seAHkKJd9GPNGkky8JLI1XwfZ4ZTlzapRfAzPrFDk7Gb43qZeuITvCNfPrPMJ7xw
+JmvIw1ryMs9zV2WCNwVFT6EYeGQXW+F9/osP7oAIhFiGeOmDuy7qFkf7BGDCPAaS
+PlMs+YjGPJTHCbtJKV3VFDhAquQYXS6pQat+v1Nbq+53ijow9H7x+GMBz8dtPI4u
+AKjufH4V3XaxJwDUie73i8iavo9QBDA1HzYMhJ/bDymqyI3uxYkh4rsy9In/8V/z
+aZ5pUXT8HW569uQLpjbb5EKaARwXC7d9GO2rTeSDngzlU8KjeLBeR0zHx+P1TsTP
+R4SAvOSxzZGfYr04Qqwr7ivU92liJntoTcgyvvjELoXODvd4EaS2Sixb4s+eqrYI
+8GPTR1HmvknKbhaNI9caERNsnnKLWtkKkhmPmNkLaX+WQIFgcD/BkeeIbLkYA2Xp
+HCPrYuihUSN+7E80BUkbrSp+wohiieMr24LDE6H6BA/qp9Y8HwK7YsnePyaYxKL7
+CchxRmv5VmVo2bYKZvClVfB82n4yG43zR/YMVDTc5n0TqVq2/0AuOtnoiRfNUfzg
+GIaNoMJ8I0NHpB0aL9cIB9UALPY4dsVo/5TqUPgSEXki9fn2A54A8N2A5nqp0uY=
+-----END CERTIFICATE-----
Added: ipxe/trunk/default.ipxe
===================================================================
--- ipxe/trunk/default.ipxe (rev 0)
+++ ipxe/trunk/default.ipxe 2021-05-15 13:44:57 UTC (rev 934643)
@@ -0,0 +1,6 @@
+#!ipxe
+
+set next-server-port 80
+
+dhcp &&
+chain http://${next-server}:${next-server-port}/default.ipxe
Added: ipxe/trunk/dst_root_ca_x3.pem
===================================================================
--- ipxe/trunk/dst_root_ca_x3.pem (rev 0)
+++ ipxe/trunk/dst_root_ca_x3.pem 2021-05-15 13:44:57 UTC (rev 934643)
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
Added: ipxe/trunk/general.h
===================================================================
--- ipxe/trunk/general.h (rev 0)
+++ ipxe/trunk/general.h 2021-05-15 13:44:57 UTC (rev 934643)
@@ -0,0 +1,16 @@
+
+// disable unsafe options
+#undef CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */
+#undef CRYPTO_80211_WPA /* WPA Personal, authenticating with passphrase */
+
+// enable additional options
+#define NET_PROTO_IPV6 /* IPv6 protocol */
+#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
+#define DOWNLOAD_PROTO_NFS /* Network File System Protocol */
+#define IMAGE_TRUST_CMD /* Image trust management commands */
+#define NEIGHBOUR_CMD /* Neighbour management commands */
+#define NTP_CMD /* NTP commands */
+#define REBOOT_CMD /* Reboot command */
+#define PING_CMD /* Ping command */
+#define POWEROFF_CMD /* Power off command */
+#define CERT_CMD /* Certificate management commands */
Added: ipxe/trunk/letsencrypt_authority_x3.pem
===================================================================
--- ipxe/trunk/letsencrypt_authority_x3.pem (rev 0)
+++ ipxe/trunk/letsencrypt_authority_x3.pem 2021-05-15 13:44:57 UTC (rev 934643)
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
Added: ipxe/trunk/run_ipxe
===================================================================
--- ipxe/trunk/run_ipxe (rev 0)
+++ ipxe/trunk/run_ipxe 2021-05-15 13:44:57 UTC (rev 934643)
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ovmf_code=/usr/share/edk2-ovmf/x64/OVMF_CODE.fd
+ovmf_vars=/usr/share/edk2-ovmf/x64/OVMF_VARS.fd
+ipxe_image="${1}"
+
+if [[ ! -f "${ovmf_code}" ]]; then
+ printf "ERROR: %s is missing, install the edk2-ovmf package." "${ovmf_code}" >&2
+ exit 1
+fi
+if [[ ! -f "${ovmf_vars}" ]]; then
+ printf "ERROR: %s is missing, install the edk2-ovmf package." "${ovmf_vars}" >&2
+ exit 1
+fi
+if [[ ! -f "${ipxe_image}" ]]; then
+ echo "ERROR: No IPXE image to run provided as first argument." >&2
+ exit 1
+fi
+
+workdir=$(mktemp -d --tmpdir run_ipxe.XXXXXX)
+trap 'rm -rf $workdir' EXIT INT TERM QUIT
+
+cd "${workdir}"
+cp "${ovmf_vars}" efivars
+mkdir -p ./fat/EFI/Boot/
+cp "${ipxe_image}" ./fat/EFI/Boot/bootx64.efi
+
+exec qemu-system-x86_64 \
+ -boot order=d,menu=on,reboot-timeout=5000 \
+ -m "size=3072,slots=0,maxmem=$((3072*1024*1024))" \
+ -k en-us \
+ -name ipxe,process=ipxe_0 \
+ -device virtio-net-pci,romfile=,netdev=net0 \
+ -netdev user,ipv4,id=net0 \
+ -drive if=pflash,format=raw,unit=0,readonly,file="${ovmf_code}" \
+ -drive if=pflash,format=raw,unit=1,file=efivars \
+ -usb \
+ -enable-kvm \
+ -drive if=none,id=usb-fat,format=raw,file=fat:rw:./fat \
+ -device usb-storage,drive=usb-fat \
+ -vga virtio
Property changes on: ipxe/trunk/run_ipxe
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
More information about the arch-commits
mailing list