Comments (5)
(maybe some of them should be optional?)
Good question - my aim for this particular project always was to keep it very very minimal (and thus very opinionated), basically with a single code path, that everyone is testing. For such a critical security component, in the presence of existing bootloaders and customizable alternatives (example), I felt I wanted something with as little variation and cyclomatic complexity as possible, where every line of code counts.
What if some of the packages are reinstalled and not upgraded ?
This is interesting - reinstall is also considered an update:
Installations are considered an upgrade if the package or file is already present on the system regardless of whether the new package version is actually greater than the currently installed version. For Path triggers, this is true even if the file changes ownership from one package to another.
from arch-secure-boot.
I like the idea! On the initial installation you would probably get "Error: Secure Boot keys are not generated yet", but perhaps it's acceptable... Oooor what if we remove the Operation = Install
though from the hook? All the targets are hard dependencies of arch-secure-boot
anyway, so all we really care about if any of those files get updated on the system?
from arch-secure-boot.
What if some of the packages are reinstalled and not upgraded ? Or let's you already have arch-secure-boot installed and configured but after some time you decide to install fwupd
? I don't think removing Operation = Install
is the way to go. The most resilient option might be to create a new hook only for arch-secure-boot
that would only have Operation = Upgrade
EDIT: oh I didn't catch the fact that they are hard dependencies. (maybe some of them should be optional?) In that case I guess removing Operation = Install
would work indeed
from arch-secure-boot.
So apparently FYI, the update hook is being triggered as soon as it is being installed:
(1/1) upgrading arch-secure-boot
:: Running post-transaction hooks...
(1/4) Arming ConditionNeedsUpdate...
(2/4) Generating signed EFI boot files
Generating EFI images...
Signing Unsigned original image
I was expecting this not to be triggered until the next update, but that's nice
from arch-secure-boot.
That's interesting, very helpful for our case 😁
from arch-secure-boot.
Related Issues (11)
- Allow to set ucode HOT 1
- Confusing name of LTS image when using hardened kernel HOT 4
- generate-efi : only sign what has been updated HOT 4
- Does this must require linux-lts? HOT 7
- systemd 254-1 makes generate-efi create a corrupt efi HOT 7
- What's your backup strategy ? HOT 4
- Pacman hook not triggered on kernel update HOT 3
- Suggestions and thank you ! HOT 11
- initial-setup failed with "cat: '/boot/*-ucode.img': No such file or directory" HOT 2
- Dual boot system with windows HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from arch-secure-boot.