From 9d391c092570909a9631c514600d2588b2cd5310 Mon Sep 17 00:00:00 2001 From: Jonathan Liu Date: Sat, 3 Dec 2022 20:56:18 +1100 Subject: Add Memtest86+ to x86_64 UEFI GRUB boot menu Implements #203. --- configs/releng/grub/grub.cfg | 5 +++++ configs/releng/packages.x86_64 | 1 + 2 files changed, 6 insertions(+) (limited to 'configs') diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg index 43fad0e..79ea2d2 100644 --- a/configs/releng/grub/grub.cfg +++ b/configs/releng/grub/grub.cfg @@ -46,6 +46,11 @@ menuentry "Arch Linux install medium with speakup screen reader (x86_64, UEFI)" if [ "${grub_platform}" == "efi" ]; then if [ "${grub_cpu}" == "x86_64" ]; then + menuentry "Run Memtest86+ (RAM test)" --class memtest86 --class gnu --class tool { + set gfxpayload=800x600,1024x768 + search --fs-uuid --no-floppy --set=root --label %ARCHISO_LABEL% + linux /%INSTALL_DIR%/boot/memtest.efi + } menuentry "UEFI Shell" { insmod chain search --no-floppy --set=root --label %ARCHISO_LABEL% diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 index 02ef538..5771920 100644 --- a/configs/releng/packages.x86_64 +++ b/configs/releng/packages.x86_64 @@ -60,6 +60,7 @@ man-pages mc mdadm memtest86+ +memtest86+-efi mkinitcpio mkinitcpio-archiso mkinitcpio-nfs-utils -- cgit v1.2.3-54-g00ecf From dedfe0364cd665a12bb7a4d6fdb3b978d02026ab Mon Sep 17 00:00:00 2001 From: nl6720 Date: Wed, 7 Dec 2022 08:46:59 +0200 Subject: configs/releng/syslinux/archiso_pxe-linux.cfg: replace checksum and verify with cms_verify=y Specify `cms_verify=y` in SYSLINUX/PXELINUX configuration to use OpenSSL CMS based method for verifying the root file system image against the code signing certificates in the initramfs. `checksum` and `verify` are removed since they essentially serve the same purpose and performing all the checks just needlessly delays boot. Additionally, the removal of `verify` allows to build the ISO without gpg, i.e. without using `mkarchiso`'s `-g` and `-G` options. Fixes #200 --- configs/releng/syslinux/archiso_pxe-linux.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'configs') diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg index d812402..0eb1705 100644 --- a/configs/releng/syslinux/archiso_pxe-linux.cfg +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -6,7 +6,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NBD) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} checksum verify +APPEND archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL% archiso_nbd_srv=${pxeserver} cms_verify=y SYSAPPEND 3 LABEL arch64_nfs @@ -17,7 +17,7 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, NFS) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt checksum verify +APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt cms_verify=y SYSAPPEND 3 LABEL arch64_http @@ -28,5 +28,5 @@ ENDTEXT MENU LABEL Arch Linux install medium (x86_64, HTTP) LINUX ::/%INSTALL_DIR%/boot/x86_64/vmlinuz-linux INITRD ::/%INSTALL_DIR%/boot/intel-ucode.img,::/%INSTALL_DIR%/boot/amd-ucode.img,::/%INSTALL_DIR%/boot/x86_64/initramfs-linux.img -APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ checksum verify +APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ cms_verify=y SYSAPPEND 3 -- cgit v1.2.3-54-g00ecf From 55a1b132a0bb6865d327726afdf21bc7e2d105db Mon Sep 17 00:00:00 2001 From: nl6720 Date: Sat, 17 Dec 2022 19:34:04 +0200 Subject: configs/baseline/profiledef.sh: use LZMA compression for the EROFS image Now that xz 5.4 is out and erofs-utils is built with LZMA support, it is possible to compress the EROFS image with LZMA for higher compression. `mkfs.erofs` trows a few warnings about using experimental features, but they should not be an issue. Nothing changes for the releng profile, for now at least. --- CHANGELOG.rst | 2 ++ configs/baseline/profiledef.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'configs') diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 400628a..4966b84 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,8 @@ Changed - Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the ``pacstrap`` invoked chroot should ever be allowed to write outside of it. - Error out early if any of the code signing certificate files passed with option ``-c`` do not exist. +- Use LZMA compressed EROFS image for the baseline profile. Now that xz 5.4 is out and erofs-utils is built with LZMA + support, using a higher compression is possible. Removed ------- diff --git a/configs/baseline/profiledef.sh b/configs/baseline/profiledef.sh index 4115581..ed486ca 100644 --- a/configs/baseline/profiledef.sh +++ b/configs/baseline/profiledef.sh @@ -14,7 +14,7 @@ bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito' arch="x86_64" pacman_conf="pacman.conf" airootfs_image_type="erofs" -airootfs_image_tool_options=('-zlz4hc,12' -E ztailpacking) +airootfs_image_tool_options=('-zlzma,9' -E ztailpacking) file_permissions=( ["/etc/shadow"]="0:0:400" ) -- cgit v1.2.3-54-g00ecf