IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
THese are generally recommended (and libvirt/gnome-boxes default to them
hence). They are mostly relevant for Windows, but I think it makes sense
to enable them anyway for Linux too, simply to excercise #28001, and
they shouldn't hurt.
Follow-ups for 74c4231ce5f6cddabc2500391a8d5fd69e89b79e.
Previously, the path is obtained from the fd, but it is closed in
sd_event_loop() to unpin the filesystem.
So, let's save the path when the event source is created, and make
sd_event_source_get_inotify_path() simply read it.
Otherwise uname is always NULL before calling `load_addons()`, so it's not being
checked if .uname matches between addons and UKI.
Fixes 68f85761e2eb1fd2243019980a64b174f07432c3
We look for the root fs on the device of the booted ESP, and for the
other partitions on the device of the root fs. On EFI systems this
generally boils down to the same, but there are cases where this doesn't
hold, hence document this properly.
Fixes: #31199
To hash long files (like initrd) add the funcion
make_pcrlock_record_from_stream, that will read a long file (or stdin)
to generate the digests of multiple hashes, redading block by block.
Use this new function in verb_lock_raw and verb_lock_kernel_initrd.
Signed-off-by: Alberto Planas <aplanas@suse.com>
This commit adds support for loading, measuring and handling a ".ucode"
UKI section. This section is functionally an initrd, intended for
microcode updates. As such it will always be passed to the kernel first.
Resolve at attach/detach/inspect time, so that the image is pinned and requires
re-attaching on update, given files are extracted from it so just passing
img.v/ to RootImage= is not enough to get a portable image updated
CentOS/Fedora use annobin which will complain if FORTIFY_SOURCE=0
is used so we disable those checks to avoid the warnings.
We also make sure that when we query the compilation flags so we can
add more, we set _fortify_level=0 and undefine _lto_flags so that we
don't get those flags in the result.
