openslx-ng/ipxe.git/contrib, branch openslx

[cloud] Remove AWS public image access block only if not already unblocked

2025-10-20T11:58:03+00:00

Signed-off-by: Michael Brown

[cloud] Remove AWS public image access block automatically if needed

2025-10-17T13:22:21+00:00

Making images public is blocked by default in new AWS regions. Remove this block automatically whenever creating a public image. Signed-off-by: Michael Brown

[crypto] Switch to using python-asn1crypto instead of python-asn1

2025-04-11T11:40:22+00:00

Version 3.0.0 of python-asn1 has a serious defect that causes it to generate invalid DER. Fix by switching to the asn1crypto module, which also allows for simpler code to be used. Signed-off-by: Michael Brown

[crypto] Update cmsdetach to work with python-asn1 version 3.0.0

2025-03-17T11:48:06+00:00

The python-asn1 documentation indicates that end of file may be detected either by obtaining a True value from .eof() or by obtaining a None value from .peek(), but does not mention any way to detect the end of a constructed tag (rather than the end of the overall file). We currently use .eof() to detect the end of a constructed tag, based on the observed behaviour of the library. The behaviour of .eof() changed between versions 2.8.0 and 3.0.0, such that .eof() no longer returns True at the end of a constructed tag. Switch to testing for a None value returned from .peek() to determine when we have reached the end of a constructed tag, since this works on both newer and older versions. Continue to treat .eof() as a necessary but not sufficient condition for reaching the overall end of file, to maintain compatibility with older versions. Signed-off-by: Michael Brown

[contrib] Update bochsrc.txt to work with current versions

2025-03-14T12:46:02+00:00

Signed-off-by: Michael Brown

[cloud] Add ability to delete old AMI images

2024-09-09T14:02:27+00:00

Add the "--retain " option to limit the number of retained old AMI images (within the same family, architecture, and public visibility). Signed-off-by: Michael Brown

[cloud] Add family and architecture tags to AWS snapshots and images

2024-09-06T14:09:12+00:00

Allow for easier identification of images and snapshots created by the aws-import script by adding tags for image family (e.g. "iPXE") and architecture (e.g. "x86_64") to both. Signed-off-by: Michael Brown

[crypto] Add cmsdetach script for detaching encrypted data from CMS messages

2024-08-28T15:17:14+00:00

The openssl toolchain does not currently seem to support creating CMS envelopedData or authEnvelopedData messages with detached encrypted data. Add a standalone tool "cmsdetach" that can be used to detach the encrypted data from a CMS message. For example: openssl cms -encrypt -binary -aes-256-gcm -recip client.crt \ -in bootfile -outform DER -out bootfile.cms cmsdetach bootfile.cms --data bootfile.dat --envelope bootfile.env Signed-off-by: Michael Brown

[contrib] Remove obsolete rom-o-matic code

2024-08-20T09:22:18+00:00

The rom-o-matic code does not form part of the iPXE codebase, has not been maintained for over a decade, and does not appear to still be in use anywhere in the world. It does, however, result in a large number of false positive security vulnerability reports from some low quality automated code analysis tools such as Fortify SCA. Remove this unused and obsolete code to reduce the burden of responding to these false positives. Signed-off-by: Michael Brown

[cloud] Add utility to read INT13CON partition in Google Compute Engine

2024-07-30T15:11:28+00:00

Following the example of aws-int13con, add a utility that can be used to read the INT13 console log from a used iPXE boot disk in Google Compute Engine. There seems to be no easy way to directly read the contents of either a disk image or a snapshot in Google Cloud. Work around this limitation by creating a snapshot and attaching this snapshot as a data disk to a temporary Linux instance, which is then used to echo the INT13 console log to the serial port. Signed-off-by: Michael Brown