Comments (4)
It is always recommended to build your own, the ones at boot.ipxe.org is only a convenience for those that really can't build.
If we get to a level where .efi versions are signed, it is likely that these will be published on GitHub, maybe even in a similar way that wimboot is, that way you will have digital signatures on them.
It would be nice if the boot.ipxe.org builds where done thru GitHub actions, and that way the extra signature step as well as reproducible builds could be there.
from ipxe.
I'm happy to do that work if it would be merged in
from ipxe.
We already have GitHub Actions that build a variety of targets, so the logical thing to do is probably to allow builds on the master branch to publish to boot.ipxe.org (or to make boot.ipxe.org URLs redirect to fetch the latest commit's corresponding build artifact on GitHub, if that is simpler).
There is some precedent in the https://github.com/ipxe/wimboot repository for using an SSH key provided as a GitHub Actions secret to access files (Windows images) that happen to be hosted on boot.ipxe.org, so a similar approach could be viable.
This would definitely require a separate job within build.yml, with dependencies on all three of x86
, arm64
, and arm32
, since we need binaries from all of them to create the combined ipxe.iso
image.
GitHub Actions are remarkably tedious to debug and to alter, and so my main goal has always been to keep them as simple as possible. As a rough goal: if you can implement the relevant "combining and publishing" job using no more lines of code than are currently used for the current arm64
job, then it has a chance of being mergeable.
Signing is a separate issue. I haven't looked in to what support exists within the GitHub Actions infrastructure for performing signing operations. For example: does it allow us to provide a secret password to an external RSA token, so that we can issue a trusted certificate for the RSA token's public key and use the GitHub Actions secret to allow signing of binaries with that key (without the token's private key ever being exposed)? I have no idea what kinds of facilities are provided, sorry.
from ipxe.
Signing might be possible thru scard over network interfaces, but not sure if that is possible in gh actions.
For the rest, publishing to gh pages might be possible. The first step here could be to publish artifacts from each job. (There should be an upload artifacts action available)
from ipxe.
Related Issues (20)
- Intel 82599 NIC fail to boot iPXE chainloading
- Booting Linux with long kernel arguments fails HOT 2
- Mellanox nic use commit 4bd064d ipxe.efi will happen DHCPDISCOVER failed,but use the latest master ipxe.efi will work ok HOT 2
- Windows pre-boot screen splits to multiple displays after EFI Sanboot
- sanboot selects removable bootable media in EFI Systems/Feature request to skip/filter removable media in sanboot
- Menus with Items Display Off over COM ports HOT 6
- Support OCSP Stapling HOT 1
- using "console --picture ..." without imgfree aferward , causes Initramfs unpacking failed: invalid magic at kernel start
- II followed your README file to compile it in the Ubuntu system, but it encountered an error. HOT 1
- dhcp + multi interfaces problem HOT 8
- Stopping when using the RTL8111H network card HOT 2
- realtek 8168/8169 doesn't work HOT 1
- TLS not supported on various domains HOT 2
- Build failure with gcc-14: error: type defaults to ‘int’ in declaration of ‘FILE_LICENCE’ [-Wimplicit-int] HOT 8
- How to boot windows (iscsi) ? HOT 1
- GCC14 issues HOT 7
- How to sign ROM for secure boot ?
- Compilation issue HOT 3
- Loading the ISO image to the RAM and perform OS installing
- initrd file size cause problems
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ipxe.