install: Add block to config, disable tpm2-luks unless opted-in
#445
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To make adding a new field not require touching all the tests. Signed-off-by: Colin Walters <[email protected]>
jeckersb
requested changes
Apr 2, 2024
This allows the container image builder more control over `bootc install to-disk` in the installation config. Per discussion in bootc-dev#421 this one definitely requires integration by the base image, and not all of them will want it. (Or if the do want LUKS, they may want more control over it) The default value is `block: ["direct"]` which only enables the simple filesystem install. This change allows two different things: `block: []` With this, `bootc install to-disk` will just error out. It's a way to effectively disable it for those that want to use an external installer always. Another possibility is: `block: ["direct", "tpm2-luks"]` To explicitly re-enable the builtin tpm2-luks flow. Or, one could do just `block: ["tpm2-luks"]` to enforce encrypted installs. Signed-off-by: Colin Walters <[email protected]>
jeckersb
approved these changes
Apr 3, 2024
cgwalters
pushed a commit
to cgwalters/bootc
that referenced
this pull request
Nov 6, 2024
container/store: Write final commit with timestamp
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
tests: Use
..Default::default()for install configTo make adding a new field not require touching all the tests.
Signed-off-by: Colin Walters [email protected]
install: Add
blockto config, disable tpm2-luks unless opted-inThis allows the container image builder more control over
bootc install to-diskin the installation config. Per discussion in#421
this one definitely requires integration by the base image,
and not all of them will want it.
(Or if the do want LUKS, they may want more control over it)
The default value is
block: ["direct"]which only enablesthe simple filesystem install.
This change allows two different things:
block: []With this,
bootc install to-diskwill just error out. It'sa way to effectively disable it for those that want to use
an external installer always.
Another possibility is:
block: ["direct", "tpm2-luks"]To explicitly re-enable the builtin tpm2-luks flow.
Or, one could do just
block: ["tpm2-luks"]to enforce encrypted installs.Signed-off-by: Colin Walters [email protected]