PE-4296 Split the ZST file to 3GB chunks. #178
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vipsharm
changed the title
nianyush
approved these changes
May 2, 2024
nianyush
added a commit
that referenced
this pull request
May 10, 2024
* Initial FDE CanvOS build changes. Adding new targets for UKI ISO and Provider images * add a util to smartly link files with prefix Signed-off-by: Nianyu Shen <[email protected]> * add keys to gitignore Signed-off-by: Nianyu Shen <[email protected]> * fix normal flow Signed-off-by: Nianyu Shen <[email protected]> * fix normal iso Signed-off-by: Nianyu Shen <[email protected]> * add stylus_uki.yaml Signed-off-by: Nianyu Shen <[email protected]> * update os-builder & stylus image copy Signed-off-by: Nianyu Shen <[email protected]> * update enki args Signed-off-by: Nianyu Shen <[email protected]> * fix stylus uki Signed-off-by: Nianyu Shen <[email protected]> * fix userdata Signed-off-by: Nianyu Shen <[email protected]> * fix stylus copy Signed-off-by: Nianyu Shen <[email protected]> * link agent provider stylus in provider image Signed-off-by: Nianyu Shen <[email protected]> * link agent provider stylus Signed-off-by: Nianyu Shen <[email protected]> * Adding branding menu string. * Removing UKI target from non-secure ISO target * Fix auto-install * Minor fix. Adding branding for provider image. * use alpine as provider base image Signed-off-by: Nianyu Shen <[email protected]> * install kairos-agent to provider image and change base to ubuntu Signed-off-by: Nianyu Shen <[email protected]> * bump os builder version to v0.200.8 Signed-off-by: Nianyu Shen <[email protected]> * add reset stage Signed-off-by: Nianyu Shen <[email protected]> * remove line Signed-off-by: Nianyu Shen <[email protected]> * bump os-builder to 200.9 Signed-off-by: Nianyu Shen <[email protected]> * Bumping up Kairos version and Stylus unpack fix. * update dep Signed-off-by: Nianyu Shen <[email protected]> * fix tag Signed-off-by: Nianyu Shen <[email protected]> * Making target change to allow iso target for uki-iso. * Merging UKI and non-uki provider targets into build-provider-images. Also enabling K8S_VERSION through .arg file * support stylus pkg restore after reset * Fixing OEM size error. * refractor: stylus image extraction * fix: fix unpack in initramfs * Change to move private-keys to different folder. These keys can be copied out and not needed during ISO or upgrade image generation. * fix typo * Minor private key fix. * refractor: only execute uki stages if in uki boot mode * fix uki mode if condition * remove sbctl * bump OSBUILDER to v0.200.11 * use apt-get instead of apt * bump kairos version to v3.0.5 * add a hardcoded user to get logs during dev * Fixing the Base Image URL * Fixing ISO name Bumping Kairos version to 3.0.6 * Removing the container target for ISO. * Update stylus_uki.yaml * Adding key folder changes. Also handling extra params for MS keys, force auto enroll, custom keys. * Fixing custom keys generation * Fixing the image tag issue. (#167) * Update Earthfile * genkey target should not use any cache Signed-off-by: Nianyu Shen <[email protected]> * use - instead of _ as directory name and print out dir tree after key gen Signed-off-by: Nianyu Shen <[email protected]> * update .gitignore Signed-off-by: Nianyu Shen <[email protected]> * Ensure no error messages * fix typo Signed-off-by: Nianyu Shen <[email protected]> * PE-3405: Kairos 3.0.x upgrade (#164) * CIS hardening - enabled by default * Support UEFI boot for non-UKI ISO * add iso-disk-image for container disk image Signed-off-by: Nianyu Shen <[email protected]> * put ISO_NAME as global arg Signed-off-by: Nianyu Shen <[email protected]> * fix image tag Signed-off-by: Nianyu Shen <[email protected]> * Pe 3405 (#169) * fix jetson image Signed-off-by: Nianyu Shen <[email protected]> * Ensure kubeadm compatibility Install linux-headers package if /usr/src is empty when building for kubeadm Also "apt-mark hold" kernel packages if building for UKI Streamline "apt-mark hold" HWE logic * bump kairos to v3.0.7 Signed-off-by: Nianyu Shen <[email protected]> * add sbctl and mokutil in dockerfile Signed-off-by: Nianyu Shen <[email protected]> * add uki related variables to .arg.template and add readme about trusted boot (#170) Signed-off-by: Nianyu Shen <[email protected]> * add a script to smartly explain key usage and recommends under a folder Signed-off-by: Nianyu Shen <[email protected]> * rename comment.sh to keys.sh Signed-off-by: Nianyu Shen <[email protected]> * Add private CA instructions * Fix example cert location info * add bring your own key option to genkey Signed-off-by: Nianyu Shen <[email protected]> * add if exists Signed-off-by: Nianyu Shen <[email protected]> * PE-3405: Update kairos base image (#172) * update 4.4.0-alpha1 provider versions (#174) * base images changes * Don't concatenate the PK * Adjust messages * Phase out UKI_SELF_SIGNED_KEYS * base url change (#175) * update Signed-off-by: Nianyu Shen <[email protected]> * rename to 80_stylus_uki.yaml Signed-off-by: Nianyu Shen <[email protected]> * comment out sbctl Signed-off-by: Nianyu Shen <[email protected]> * updating kairos version 3.0.8 (#176) * Native Ubuntu Pro support * fix: content not copied into uki iso (#177) Signed-off-by: Nianyu Shen <[email protected]> * Simplify uki-build-iso * Update private CA instructions * Improve wording * correct extension * dynamic cryptsetup close * Correct procedure to uki-genkey * Add instructions for the TPM key * Split the ZST file to 3GB chunks. (#178) Co-authored-by: Nianyu Shen <[email protected]> * kairos upgrade to v3.0.9 and ubuntu-fips snapd remove (#179) * Fix broken pam settings * fix zst file missing error Signed-off-by: Nianyu Shen <[email protected]> * fix content split Signed-off-by: Nianyu Shen <[email protected]> * fix split eval * fix typo * Copy content for non-UKI iso * Fix logic * Generate secure-boot directory structuire * Only save artifacts when needed * support INCLUDE_MS_SECUREBOOT_KEYS for BYOK * Update .arg template instructions * Ignore privately generated keys * Improve private CA instructions * set INCLUDE_MS_SECUREBOOT_KEYS to false by default Signed-off-by: Nianyu Shen <[email protected]> * set INCLUDE_MS_SECUREBOOT_KEYS to true by default Signed-off-by: Nianyu Shen <[email protected]> * bump k3s provider version to 4.4.0-alpha2 (#180) * Don't install libpam-pwquality twice * Install correct yum packages * fix SPECTRO_PUB_REPO Signed-off-by: Nianyu Shen <[email protected]> * fix arch Signed-off-by: Nianyu Shen <[email protected]> * build slink Signed-off-by: Nianyu Shen <[email protected]> * add spc.tgz to gitignore Signed-off-by: Nianyu Shen <[email protected]> * add efi-size-check Signed-off-by: Nianyu Shen <[email protected]> --------- Signed-off-by: Nianyu Shen <[email protected]> Signed-off-by: Nianyu Shen <[email protected]> Co-authored-by: Nianyu Shen <[email protected]> Co-authored-by: Nianyu Shen <[email protected]> Co-authored-by: Kevin Reeuwijk <[email protected]> Co-authored-by: Arun Sharma <[email protected]> Co-authored-by: Kevin Reeuwijk <[email protected]> Co-authored-by: Santhosh <[email protected]> Co-authored-by: Piyush Kumar <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.