Discussion:
[arch-general] kernel-install in archlinux
Damjan Georgievski via arch-general
2017-06-22 11:58:47 UTC
Permalink
Is there any plan for moving ArchLinux to the kernel-install infrastructure[1]

I've seen some talk about it from a year ago, but the discussion seems
to have died off.

My personal use case is to have a hook that self-signs
kernel+initramfs+cmdline images for secure boot (using my own keys),
and currently I have to do that manually whenever the initramfs is
updated.




[1]
https://www.freedesktop.org/software/systemd/man/kernel-install.html
[2]
https://lists.archlinux.org/pipermail/arch-dev-public/2016-May/028014.html
--
damjan
Mauro Santos via arch-general
2017-06-22 12:42:56 UTC
Permalink
Post by Damjan Georgievski via arch-general
Is there any plan for moving ArchLinux to the kernel-install infrastructure[1]
I've seen some talk about it from a year ago, but the discussion seems
to have died off.
My personal use case is to have a hook that self-signs
kernel+initramfs+cmdline images for secure boot (using my own keys),
and currently I have to do that manually whenever the initramfs is
updated.
[1]
https://www.freedesktop.org/software/systemd/man/kernel-install.html
[2]
https://lists.archlinux.org/pipermail/arch-dev-public/2016-May/028014.html
You may want to check 'man alpm-hooks'. You should be able to automate
what you want to do.
--
Mauro Santos
Damjan Georgievski via arch-general
2017-06-22 14:20:19 UTC
Permalink
On 22 June 2017 at 14:42, Mauro Santos via arch-general
Post by Mauro Santos via arch-general
Post by Damjan Georgievski via arch-general
Is there any plan for moving ArchLinux to the kernel-install infrastructure[1]
I've seen some talk about it from a year ago, but the discussion seems
to have died off.
My personal use case is to have a hook that self-signs
kernel+initramfs+cmdline images for secure boot (using my own keys),
and currently I have to do that manually whenever the initramfs is
updated.
[1]
https://www.freedesktop.org/software/systemd/man/kernel-install.html
[2]
https://lists.archlinux.org/pipermail/arch-dev-public/2016-May/028014.html
You may want to check 'man alpm-hooks'. You should be able to automate
what you want to do.
Unfortunately that's not enough, other hooks (which are unknown) can
update the initramfs, and I can't hook on /boot/initramfs-* since it's
not part of any package.

ps. and yes, I already do have a hook that triggers on the linux package
--
damjan
Mauro Santos via arch-general
2017-06-22 15:10:42 UTC
Permalink
Post by Damjan Georgievski via arch-general
Unfortunately that's not enough, other hooks (which are unknown) can
update the initramfs, and I can't hook on /boot/initramfs-* since it's
not part of any package.
I suppose the question is if any of the official packages provide a hook
that does changes the initramfs.

You can probably trigger your hook on a kernel update and give it a name
that will make it run _after_ the stock initramfs update hook and any
other hooks that change the initramfs. That said I have never played
with custom hooks so I'm going by what the man page says.

If there are some hooks which do not play well with what you want to do
then maybe you can ask the maintainer/dev to make it run in a
predictable way. I guess no one has looked into automating/integrating
secure boot into arch but it would be a cool thing to have, even if not
in the official repos (read: even if it is provided by a package on the
AUR and there are some instruction/general guidelines on how to make it
work).
--
Mauro Santos
Loading...