navos/navinstall
navos/navinstall
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity

fix
All checks were successful
ci/woodpecker/push/build Pipeline was successful
Details

Browse source
This commit is contained in:
JMARyA 2024-12-28 06:39:16 +01:00
parent 8a7ea6f8cf
commit b3e38cde60
Signed by: jmarya
GPG key ID: 901B2ADDF27C2263
4 changed files with 48 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.woodpecker/build.yml
View file

@ -12,3 +12,4 @@ steps:
from_secret: pacco_token from_secret: pacco_token
KEY: KEY:
from_secret: navos_key from_secret: navos_key

10
src/install/kernel.rs
View file

@ -1,16 +1,22 @@
// MKINITCPIO + UKI // MKINITCPIO + UKI
use crate::{print_status, run_command}; use crate::{config::DriveConfig, print_status, run_command};
use super::str_vec; use super::str_vec;
pub fn setup_mkinitcpio() { pub fn setup_mkinitcpio(conf: &DriveConfig) {
print_status("Writing /etc/mkinitcpio.d/linux.preset"); print_status("Writing /etc/mkinitcpio.d/linux.preset");
std::fs::write( std::fs::write(
"/mnt/etc/mkinitcpio.d/linux.preset", "/mnt/etc/mkinitcpio.d/linux.preset",
include_str!("../root/mkinitcpio/linux.preset"), include_str!("../root/mkinitcpio/linux.preset"),
) )
.unwrap(); .unwrap();
// Set kernel cmdline
// TODO : Encryption support
std::fs::create_dir_all("/mnt/etc/kernel").unwrap();
std::fs::write("/mnt/etc/kernel/cmdline", format!("root={}", conf.root)).unwrap();
// TODO : more configs // TODO : more configs
print_status("Writing /etc/mkinitcpio.conf"); print_status("Writing /etc/mkinitcpio.conf");
std::fs::write( std::fs::write(

2
src/install/mod.rs
View file

@ -119,7 +119,7 @@ pub fn install(conf: InstallConfig) {
} }
setup_zram(); setup_zram();
setup_mkinitcpio(); setup_mkinitcpio(&conf.drive);
setup_secure_boot(); setup_secure_boot();
if conf.general.encryption { if conf.general.encryption {

42
src/install/security.rs
View file

@ -53,15 +53,34 @@ pub fn setup_secure_boot() {
} }
} }
run_command(&vec!["sbctl".into(), "create-keys".into()], None, false); install_pkgs(&["sbctl", "sbsigntools"]);
run_command( run_command(
&str_vec(vec!["sbctl", "enroll-keys", "--microsoft"]), &vec![
"arch-chroot".into(),
"/mnt".into(),
"sbctl".into(),
"create-keys".into(),
],
None,
false,
);
run_command(
&str_vec(vec![
"arch-chroot",
"/mnt",
"sbctl",
"enroll-keys",
"--microsoft",
]),
None, None,
false, false,
); );
run_command( run_command(
&str_vec(vec![ &str_vec(vec![
"arch-chroot",
"/mnt",
"sbctl", "sbctl",
"sign", "sign",
"-s", "-s",
@ -73,6 +92,8 @@ pub fn setup_secure_boot() {
run_command( run_command(
&str_vec(vec![ &str_vec(vec![
"arch-chroot",
"/mnt",
"sbctl", "sbctl",
"sign", "sign",
"-s", "-s",
@ -84,6 +105,8 @@ pub fn setup_secure_boot() {
run_command( run_command(
&str_vec(vec![ &str_vec(vec![
"arch-chroot",
"/mnt",
"sbctl", "sbctl",
"sign", "sign",
"-s", "-s",
@ -94,10 +117,21 @@ pub fn setup_secure_boot() {
); );
run_command( run_command(
&str_vec(vec!["sbctl", "sign", "-s", "/boot/EFI/Boot/bootx64.efi"]), &str_vec(vec![
"arch-chroot",
"/mnt",
"sbctl",
"sign",
"-s",
"/boot/EFI/Boot/bootx64.efi",
]),
None, None,
false, false,
); );
run_command(&str_vec(vec!["sbctl", "verify"]), None, false); run_command(
&str_vec(vec!["arch-chroot", "/mnt", "sbctl", "verify"]),
None,
false,
);
} }