Merge main into trunk/l2-buiilder-uni #139
Merged
Merged
Conversation
… all needed tool to development shell
Shell scripts should use #!/usr/bin/env bash and flake.nix should add all needed tools to development shell
Removed integration contact information from readme.
Update readme to remove integration messaging details
Pulls in Debian's linux-source-6.19_6.19.13-1~bpo13+1 from
trixie-backports, which carries upstream a664bf3d603d
('crypto: algif_aead - Revert to operating out-of-place') and
its authencesn follow-up. trixie's 6.18 line is still listed
as vulnerable on the security tracker.
Refs:
- https://security-tracker.debian.org/tracker/CVE-2026-31431
- https://snapshot.debian.org/package/linux/6.19.13-1~bpo13%2B1/
- https://metadata.ftp-master.debian.org/changelogs//main/l/linux/linux_6.19.13-1~bpo13+1_changelog (line 168)
- https://git.kernel.org/linus/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
chore: memory optimizations
Bump kernel to 6.19 + Debian snapshot 20260430 to fix CVE-2026-31431
* Dynamically size ESP partition to support images > 512MB * Update to corresponding gcp measure commit
* Log TDX measurements on boot * Use perl script rather than attested-tls-proxy for measurement logging * Switch to systemd oneshot service
Add the security section to the TEE seacher page.
Add CODEOWNERS
l2: cumulative updates for builder uni
0x416e746f6e
changed the base branch from
trunk/l2-builder-uni
to
trunk/l2-builder-uni-main
0x416e746f6e
approved these changes
May 25, 2026
Comment on lines
50
to
56
| # Enable chrony service | ||
| mkosi-chroot systemctl add-wants minimal.target \ | ||
| chrony.service \ | ||
| print-measurements.service \ | ||
| systemd-resolved.service \ | ||
| systemd-networkd.service \ | ||
| systemd-networkd-wait-online.service |
Member
There was a problem hiding this comment.
issue:
the comment line above is very outdated
| systemd-repart --empty=create \ | ||
| --size=${DISK_GIB}G \ | ||
| --definitions="${REPART_TMPDIR}" \ | ||
| --copy-source=${OUTPUTDIR} \ |
Member
There was a problem hiding this comment.
issue:
the build is broken with this line:
systemd-repart: unrecognized option '--copy-source=/work/out'
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.