-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add make-boot-image service #11
base: main
Are you sure you want to change the base?
Conversation
Hi @XECDesign , would it be possible to get some feedback on this packaging approach? This service aims to create replacement images for linux-image--2712 packages that include the kernel directly into a signed ramdisk. I suspect I'll probably need a replacement linux-image-rpi-2712 meta-package too? |
Sorry, afraid I can't be of much help here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No issues with the approach, but your point on systemd service restarting is taken.
We do, however, need it to support 2711 first - as CM4 is a commercially available platform, and there are no 2712 platforms where we actively support secure boot at this time.
9f8ea1e
to
a1dddd1
Compare
69e9903
to
65eb33b
Compare
Signed-off-by: Richard Oliver <richard.oliver@raspberrypi.com>
65eb33b
to
fe4467c
Compare
Updated documentation, validator.py, inserted preinst script to remove /boot/firmware/config.txt This will have to be parked for-now as the cryptroot initramfs is unable to insmod the compressed .ko.xz modules. We can revisit this once the cryptroot image has been updated. |
|
||
A display name and email address in RFC 5322 mailbox format of the individual / | ||
team responsible for creating your boot-image packages. e.g. | ||
`Packaging Team <packaging-team@example.com>' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inconsistent formatting - maybe get this through a asciidoc preview tool?
@@ -1,5 +1,6 @@ | |||
## Format of return will be [Happy: bool, error: str] | |||
from os import path | |||
from email.utils import parseaddr, formataddr |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a core dep, or does it require an additional package?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's part of the Python standard library. It's provided by libpython3-stdlib in Debian, but this is a hard-dep of the python3 package. Even if we were to use python3-minimal, we would still get email.utils as part of libpython3.11-minimal
> [!CAUTION] | ||
> Support only exists for v8 kernels at this time. | ||
|
||
## Configuration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need to be expanded to include the vendor fields?
rpi-package-download@"$(systemd-escape "${1}")".service | ||
} | ||
|
||
KERNEL_2711="linux-image-${LINUX_IMAGE}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the run-around, but I would prefer this was named 'kernel_v8' or similar. Not a blocker.
@roliver-rpi Is this ready to review in earnest? |
No, the current cryptroot initramfs is unable to insmod the compressed .ko.xz modules that we take from the linux-image package. This should be parked until we update the cryptroot initramfs. |
No description provided.