From 9481f68953802d692e0d25a966af863c253a9390 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Fri, 3 Jan 2025 13:36:56 -0500 Subject: [PATCH 1/9] fix script for extracting GPG sig key id --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 86c330a..4f6035f 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION := development GIT_REF := $(shell git log -1 --format=%H) GIT_AUTHOR := $(shell git log -1 --format=%an) -GIT_PUBKEY := $(shell git log -1 --format=%GP) +GIT_PUBKEY := $(shell git log -1 --format=%GK) GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso) export -- 2.40.1 From 2d9f19b890dc4a160a89efd1e99a828899453fa3 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Fri, 3 Jan 2025 13:37:19 -0500 Subject: [PATCH 2/9] remove sigs for old release --- dist/manifest.36C8AAA9.asc | 16 ---------------- dist/manifest.8E401478A3FBEF72.asc | 16 ---------------- 2 files changed, 32 deletions(-) delete mode 100644 dist/manifest.36C8AAA9.asc delete mode 100644 dist/manifest.8E401478A3FBEF72.asc diff --git a/dist/manifest.36C8AAA9.asc b/dist/manifest.36C8AAA9.asc deleted file mode 100644 index 07fed40..0000000 --- a/dist/manifest.36C8AAA9.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAma0fbsACgkQjkeh7DWh -VR0lYBAAsjKcqgoSM73lck4gSga3CWtTfZ/k7azr98HnUw5InTyTwvna2sRGL3jb -Q0pUhrPVQVmjXSyxD/hR/uLuiAfUn2Gyhp1MZS3C7jmFcRsxCJzNbByv/2bUS2+U -5TaCoxmM8SdxTqcBIyYylKzZ4ub0t3bCWUt2uPqdSqslgEReeqbzzE3jpmiUfmHE -daaZhZa3iPEr7vqq00jUGFuSEdxQCQkty0nZHzfGhHwbliiUGyH6/bb+u4v5eGYH -VEyRq0CWFgw5sywpSf3UZjR0fkd0do9z6Li1ggN2GV63I4oT3L1LltcMXtgfMp+B -SA3gz7/mJsMqM6H2ZWqUgJAZw/mZCGStftSnOTKdyEtpzagNNeePa5f4kM1ZuHF6 -ehSl1nbnCeCPfedS8+oUm3v8qWiFLXz4tmYvBnfDWaUXIYpNOrvJPtatdinTNRfl -nglyEt6Olc+3vEqkrEl7JFu13Gl92mbuhhelKjM/VDheHBUZ6yrso1aLbyruO+wm -RxL3pQSCNfAnIQpSdkXga5gVvbZDDISBast3qHFuZaZFbo2p24hw0HnLAfyCrxgF -JnN3x2qqRlTzQSrVr4EEXUwUqpt5LlnQ3kDLNVYhXuqTdmyETj1YGnAXkqV/D+Z7 -B7hlDdddXI5d0yDoYPAmF9N7XJCasdfutnO/8IfZ/eE989jYybE= -=eruT ------END PGP SIGNATURE----- diff --git a/dist/manifest.8E401478A3FBEF72.asc b/dist/manifest.8E401478A3FBEF72.asc deleted file mode 100644 index d52a164..0000000 --- a/dist/manifest.8E401478A3FBEF72.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEiII6deyqeGsP84sUjkAUeKP773IFAma0f0IACgkQjkAUeKP7 -73I33w//SaGbbM9z8SYsWhii1SBnfs6NVQSwdBoO20C4gFdmZkPVDak3QoCAioaC -GjlEOEDb7SXfWi3n2z72P97dswN6dG1IxQKR1N913IWzUUEXGR0phaC+o0P1/f74 -MXrcUDLwwJwZsA/0zMV6gHvONEqwgmfEO4WrEB/Ty7ueoJjsmQ2oauWytlh8CVDR -3HFwiVoAjRC2d0vKj0eL2n9pNQNEYKb+oJ/gq3sk2L8qPs1vThQguHADvqmi6V3w -+4tZqviksPXb+sve3VTsKFDbd5AXvcRY4TbPawQ5W7Aa6iK9W/yA10+zXvcHoGrA -6iMR94yI9eprBkqoeoxr2MHPk+8d9xXB16hY/h+OCPibkFFfPST9GDFcp0nk1JFH -b0bbpanBsxwN3IxTAL0a7iD2nxftZHjgiZib1lhdhLg35o9iou1V0fRPwdjepS3o -2TBvKhtNncUW/87ZhxhdkTI/iUvS0iem3KHUQXkM+ziOC5zGf+PYvMCuy2P0oSei -731aVOgxKbpEZHY0pTkuqG7U4+RWZ+KJEnxETcZWoCeY9DW/u2Dx5hukeZJbvmUo -111vBoziyocgKvKi5S3ctZaAwm2wNsE0TU/o5u9+Q5ST1wgsKJF+F0laCUQcDPwM -UyM5VznH31pChrlzRiUcsm0lMvDkx+JfTSBPOgzABMAcQ3YuTSk= -=e+q6 ------END PGP SIGNATURE----- -- 2.40.1 From f960a7977fa33dfec04c25fd2ee730e098c7097e Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Fri, 3 Jan 2025 13:37:43 -0500 Subject: [PATCH 3/9] add new manifest and release files --- dist/manifest.txt | 4 ++-- dist/release.env | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) mode change 100644 => 100755 dist/release.env diff --git a/dist/manifest.txt b/dist/manifest.txt index 8ac1f62..df03008 100644 --- a/dist/manifest.txt +++ b/dist/manifest.txt @@ -1,2 +1,2 @@ -fe92783ef775ccc5e32baefb26f951b7f37ed26ecbb4601a068e20b31bebadbb airgap.iso -b714c963bd8b1f3a38295821f0a3521bc64f97c1023c49d22a2e7433385b1a09 release.env +e3f552a55cbbca96cf8924b8dc2b62e3daaedb6420fb222533b2c5966528a088 airgap.iso +7a0ececdb6ad0814c9441266d144b6afa0c1090befa52783e6313c59da317cce release.env diff --git a/dist/release.env b/dist/release.env old mode 100644 new mode 100755 index 0213e93..bd105a0 --- a/dist/release.env +++ b/dist/release.env @@ -1,5 +1,5 @@ -VERSION=2024.8.1 -GIT_REF=ea623cc147741b0a753ce4ea7aabe512df9a2ef9 -GIT_AUTHOR=Lance R. Vick -GIT_PUBKEY=6B61ECD76088748C70590D55E90A401336C8AAA9 -GIT_TIMESTAMP=2024-08-08 00:34:41 -0700 +VERSION=2025.01.03 +GIT_REF=bb76f61615221d488643b7474931c3022834db7c +GIT_AUTHOR=Sam Ebstein +GIT_PUBKEY=6418F27A5E20ADD7 +GIT_TIMESTAMP=2024-10-05 07:42:49 -0700 -- 2.40.1 From 0e40ba5380f635f65a22737fb3f9b01c21784699 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Fri, 3 Jan 2025 13:37:55 -0500 Subject: [PATCH 4/9] add sig for new release --- dist/manifest.DC4B7D1F52E0BA4D.asc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 dist/manifest.DC4B7D1F52E0BA4D.asc diff --git a/dist/manifest.DC4B7D1F52E0BA4D.asc b/dist/manifest.DC4B7D1F52E0BA4D.asc new file mode 100644 index 0000000..51adac7 --- /dev/null +++ b/dist/manifest.DC4B7D1F52E0BA4D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4QZ4HgB6uRyYnbMyRKhs/x/fDoUFAmd4LgAACgkQRKhs/x/f +DoXmNg/9HwJgEd0nJ5JPXRnPhGjIJ9R53+4XJ4AKhM7bfuGhisSeSLDafv6yRox4 +JZcYXnSlj3Vn+OaDPiU7SOGdzFoSv8CHtTgAICh1JMG9LcrJ4qDrLg7T9ASQyTSI +ZGeoe3Kc5JXMc7wOAubmYPXTAS/m8X7lt/Kau93SHTV/aDcI5aGZs9w+gsFy+67r +uNBwP/Y4q4iZ1gSEjxUEGs6cLGBZ0VepdTTJaORGYkztYGGnHFqQ+MBOFMC8dSFD +acvsThrHqQYYaBccB1wZIIsYtq7qxwaREFw3CfOu6h3PhkQopkQeFOQLsZfkres3 +LuzMbaU/3/IvODZo9eTGIYHi8YrfxhNhEZ2NnDYrXvw9Q3GHJqs6r751XFkCFy73 +/LJBiXRpUzlbk5RpT2c8dytBoZgh+sBUXlLnx5RoheQQmxcrXgcEAJMN4wecpvnv ++4RioLcxtqM4ZSowtBMizceKgmm0kVCN2tLbK2UH+KzDncJGytVXAEPcxHF4mRDe +SZjO3tYT3YGEnl/DgrBKvo+/wxg63N6JIYAoJq4zmUtdOkb/jKGisHVW6sejAX23 +UXh1oK07EBaPRVnXXCKM+Lao8ae0d2SJiF36PXiJ++TiqW+Wn6Oox/gcUfx+/k8U +GrHdo7G3s472pjpqQIU/zvqZWj+41elbkdRQSdQvS2gtX3yB/wo= +=X2zn +-----END PGP SIGNATURE----- -- 2.40.1 From 0cc0941582860d2be0290453ef23f6b787fbd17a Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 6 Jan 2025 09:26:30 -0500 Subject: [PATCH 5/9] fix readme with proper reproduce command --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 81295e9..faf424c 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ make release ### Reproduce an existing release ``` -make attest +make reproduce ``` ### Sign an existing release -- 2.40.1 From c0b3ac2278bf9f21ddb6a789591746eccef8b72b Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 6 Jan 2025 09:32:16 -0500 Subject: [PATCH 6/9] remove duplicate jq import --- Containerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Containerfile b/Containerfile index 37d5996..176fca7 100644 --- a/Containerfile +++ b/Containerfile @@ -14,7 +14,6 @@ FROM stagex/gpg:sx2024.09.0@sha256:f63555b39740db63b34c06894a4a9d5e125d04f5d51e7 FROM stagex/grub:sx2024.09.0@sha256:a14c60f152c759185e5702e910053cb5c0d9eee11f43d8d5d40a84123aece9fd AS grub FROM stagex/ipxe:sx2024.09.0@sha256:5791d9b42c7e9099a0180c4fe6cc4b8e9afc9e6b9ec392099c65c53b71db7908 AS ipxe FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq -FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq FROM stagex/keyfork:sx2024.09.0@sha256:2288c1d769a0c3c535835019ad4919cc45b094492b5aa959a0eaf1e883a96214 AS keyfork FROM stagex/libaio:sx2024.09.0@sha256:c8d6dd6f3e6fbda73ac0620b2bc4b4cfe6fa504bf7a17eee3bb56e286c394b8b AS libaio FROM stagex/libassuan:sx2024.09.0@sha256:1f31e888ab3f02634009d1a38acca9f25deb827432eb91392e21fd75128a44aa AS libassuan -- 2.40.1 From b46d8e0b71e12cefed594e8d668f8c439fb43fc5 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 6 Jan 2025 09:44:44 -0500 Subject: [PATCH 7/9] fix casing for dockerfile 'as' instruction --- Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containerfile b/Containerfile index 176fca7..a9ee653 100644 --- a/Containerfile +++ b/Containerfile @@ -65,7 +65,7 @@ COPY --from=mtools . / COPY --from=xz . / COPY --from=grub . / -FROM base as dev +FROM base AS dev COPY --from=gcc . / COPY --from=glib . / COPY --from=alsa-lib . / -- 2.40.1 From 32c8c3d26af091dbef5e185e35046b7debe314e2 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 6 Jan 2025 10:22:08 -0500 Subject: [PATCH 8/9] clean up makefile --- Makefile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 4f6035f..756cd97 100644 --- a/Makefile +++ b/Makefile @@ -7,11 +7,13 @@ export ## Use env vars from latest release when reproducing ifdef REPRODUCE -include dist/release.env -export + include dist/release.env + export endif + +## Prevents use of caching when building docker image ifdef NOCACHE -NO_CACHE := --no-cache + NO_CACHE := --no-cache endif .DEFAULT_GOAL := @@ -70,7 +72,7 @@ vm: out/dev-shell.digest out/airgap.iso out/sdcard.img -nographic; \ " -## Signing, Verification, and Release Targets +## Release, Signing, Verification, and Reproduction Targets .PHONY: clean clean: -- 2.40.1 From a677bad039ba788c58845a1cfce1f5484ac7fbbe Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 6 Jan 2025 10:22:57 -0500 Subject: [PATCH 9/9] update release files and add sig --- dist/manifest.DC4B7D1F52E0BA4D.asc | 26 +++++++++++++------------- dist/manifest.txt | 4 ++-- dist/release.env | 10 +++++----- 3 files changed, 20 insertions(+), 20 deletions(-) mode change 100755 => 100644 dist/release.env diff --git a/dist/manifest.DC4B7D1F52E0BA4D.asc b/dist/manifest.DC4B7D1F52E0BA4D.asc index 51adac7..2e3d3a5 100644 --- a/dist/manifest.DC4B7D1F52E0BA4D.asc +++ b/dist/manifest.DC4B7D1F52E0BA4D.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEE4QZ4HgB6uRyYnbMyRKhs/x/fDoUFAmd4LgAACgkQRKhs/x/f -DoXmNg/9HwJgEd0nJ5JPXRnPhGjIJ9R53+4XJ4AKhM7bfuGhisSeSLDafv6yRox4 -JZcYXnSlj3Vn+OaDPiU7SOGdzFoSv8CHtTgAICh1JMG9LcrJ4qDrLg7T9ASQyTSI -ZGeoe3Kc5JXMc7wOAubmYPXTAS/m8X7lt/Kau93SHTV/aDcI5aGZs9w+gsFy+67r -uNBwP/Y4q4iZ1gSEjxUEGs6cLGBZ0VepdTTJaORGYkztYGGnHFqQ+MBOFMC8dSFD -acvsThrHqQYYaBccB1wZIIsYtq7qxwaREFw3CfOu6h3PhkQopkQeFOQLsZfkres3 -LuzMbaU/3/IvODZo9eTGIYHi8YrfxhNhEZ2NnDYrXvw9Q3GHJqs6r751XFkCFy73 -/LJBiXRpUzlbk5RpT2c8dytBoZgh+sBUXlLnx5RoheQQmxcrXgcEAJMN4wecpvnv -+4RioLcxtqM4ZSowtBMizceKgmm0kVCN2tLbK2UH+KzDncJGytVXAEPcxHF4mRDe -SZjO3tYT3YGEnl/DgrBKvo+/wxg63N6JIYAoJq4zmUtdOkb/jKGisHVW6sejAX23 -UXh1oK07EBaPRVnXXCKM+Lao8ae0d2SJiF36PXiJ++TiqW+Wn6Oox/gcUfx+/k8U -GrHdo7G3s472pjpqQIU/zvqZWj+41elbkdRQSdQvS2gtX3yB/wo= -=X2zn +iQIzBAABCgAdFiEE4QZ4HgB6uRyYnbMyRKhs/x/fDoUFAmd788QACgkQRKhs/x/f +DoX9UxAA0jJOkVvo/HU0G+n/ObcYK511VpLlFEzFJ0fRnQzWeSCUNaCxB9cSuapn +Go/Vcje4FUMrCIxwhcxW1+V2HkhiewYhOGVYL7YHidma5jPdw2iKejnlaijnez+D +b1Vg/Hma7cancwt7mPnC1+QNdUSAppL81BNH4cy+Z5kxNMix/zAtC23zg9GlqICl +la8+J2i4VoDI4Y/u9Mar2G9scYrGVOEIGrTH9TzTy0amtT3iuL7slk7jNifz81F/ +oqyOvHtOD1L834u+Fj+ZNWMVRHHvvXDN1/f6rKZ/EdV3nHZnyqiTc3/EN/eezNEC +RxF3rvradcyUQ3Bg975/tuECmc/C4IhHu2e1fGGsB4wb2s0zyb2YlulHwopOrzi0 +nPm0FSnQ4bGA+wnJxyp094/qflk3j2pkRNXNQJKgHzrQicnEz+BK0Vfgfp5Uon77 +vBOnxxmeB8PhwB4ZJZGOXDKNYeyc4bGuNcYa7GYJbssFKD2+d+ORI2V4truP0Ygg +qOJS4s18uQitsu6AIxxpsbEf3bEVP4z6YuMf97IoEaHGqVl8k/+v+xcyi4zQiMFX +SGXLFtE3MVOguLBp/N40BDFu0pHPWZ3o6QaPJqg6+zby6iLbb3/xMcAwXylA5FLf +A5DJQ69qvRJdPgPA24UwP/9RpBRv7Rsydf7MDLJJN0b+nUG/pp0= +=66iY -----END PGP SIGNATURE----- diff --git a/dist/manifest.txt b/dist/manifest.txt index df03008..433be3f 100644 --- a/dist/manifest.txt +++ b/dist/manifest.txt @@ -1,2 +1,2 @@ -e3f552a55cbbca96cf8924b8dc2b62e3daaedb6420fb222533b2c5966528a088 airgap.iso -7a0ececdb6ad0814c9441266d144b6afa0c1090befa52783e6313c59da317cce release.env +297dd11232e27938b5a27e6c7692a702adef5d633bd82a93003de5016cebede6 airgap.iso +f7774d13cc7e40705ef4bc2555b0c19443fb6f98e194041a7ee85aaabf6d18cb release.env diff --git a/dist/release.env b/dist/release.env old mode 100755 new mode 100644 index bd105a0..a2a1f51 --- a/dist/release.env +++ b/dist/release.env @@ -1,5 +1,5 @@ -VERSION=2025.01.03 -GIT_REF=bb76f61615221d488643b7474931c3022834db7c -GIT_AUTHOR=Sam Ebstein -GIT_PUBKEY=6418F27A5E20ADD7 -GIT_TIMESTAMP=2024-10-05 07:42:49 -0700 +VERSION=2025.01.06 +GIT_REF=b46d8e0b71e12cefed594e8d668f8c439fb43fc5 +GIT_AUTHOR=Anton Livaja +GIT_PUBKEY=44A86CFF1FDF0E85 +GIT_TIMESTAMP=2025-01-06 09:44:44 -0500 -- 2.40.1