Readit NewsThe most glaring one is the recommendation to use `rng-tools`, which is not needed anymore for the past couple of years.
It was written 6 years ago, and at that point it probably was not great either?
Anyone here made it work? If UEFI can do it, what is the bootloader for?
You can use `efibootmgr` to insert the `vmlinuz` binary as a boot entry. But honestly, you are better off using a proper bootloader as it makes things a lot simpler for you to manage.
The UEFI bootloader menu is mediocre if you are lucky, terrible in most cases.
The Arch wiki also adds some additional warnings that you may want to check into. For instance, my Thinkpad with an Nvidia GPU will be bricked if I use the normal API to load secure boot keys, because on boot certain firmware is executed before the setup utility, which means that if that firmware fails verification, the entire laptop becomes unbootable. The workaround (load keys through the UEFI setup utility instead of any other tools) doesn't let me get rid of the manufacturer keys and take full control, unfortunately. I'll keep Lenovo's choices here in mind next time I buy a laptop.
Thanks to updates to sbctl, you can create keys with `sbctl create-keys` rather than typing out complex openssl commands. sbctl's `enroll-keys` should also make the key enrollment procedure easier.
Your distro probably also comes with an optional package manager hook so you don't need to repeat the sign commands every time your bootloader updates.
I mean, reading Rod Smiths post is what originally made me write secure boot tooling many years ago. I didn't understand why it had to be soooo complicated.
If you read the original `efi-roller` project I started out with you'll see it's largely just a wrapper around the stuff in Rod Smiths book, that was later refined by actually implementing a proper library in Go and tooling on top.
Along with the glibc hacks needed by WSL1.
(I was part of the discussion and also very adamant about this not happening)
That said, the kernel they distribute is open source and you're not limited to just the distros they're working with directly. There are a number of third party (e.g. there's no Arch from Arch or Microsoft, but there's a completely compatible third party package that gives you Arch in WSL2)
No longer true since last month.
https://lists.archlinux.org/archives/list/arch-dev-public@li...
The Linux port has not been maintained for 3 years. Has unmerged rowhammer fixes and generally a yolo auth system best described as "dangerous". You are better off using a well maintained project, that includes the CVEs^Wwarts.
It's a mistake to think that `doas` on Linux is the same as `doas` on BSD.
There aren't really clear generations in Linux distros, but as an approximation:
Debian is pretty old, but it's a 2nd gen distro, borne from dissatisfaction with the very early SLS.
So was Slackware, but it took SLS and improved it. Slackware is arguably the oldest surviving distro.
SuSE has roots as a German version of Slackware. Red Hat's package manager was bolted on later.
Gentoo and Arch are relatively modern, being 21st century projects. Arguably, they're 3rd gen.
Fedora is a 4th gen distro, younger than any of the others here. Its ancestor was Red Hat Linux, which was contemporaneous with Debian -- but was left behind by Debian's technical encancements: in 1996 or so, Debian introduced `apt`, a package manager with automatic recursive dependency resolution. This put it far in the lead of Red Hat, which still only had RPM and no dependency resolution.
Red Hat went in another direction. Red Hat Linux 7 became RHEL, a commercial, paid-for, supported distro.
The free RHL went on for 2 more versions, reaching Red Hat Linux 9, which then became Fedora Core, version 1 of the free unsupported community distro.
RHL was killed off after v9.
Scratches their own itch, check.
> So was Slackware, but it took SLS and improved it. Slackware is arguably the oldest surviving distro.
Itch scratching, check.
>SuSE has roots as a German version of Slackware. Red Hat's package manager was bolted on later.
Pretty sure this was itch scratching as well.
> Gentoo and Arch are relatively modern, being 21st century projects. Arguably, they're 3rd gen.
Both are itch scratching projects!
> Fedora is a 4th gen distro, younger than any of the others here. Its ancestor was Red Hat Linux, which was contemporaneous with Debian -- but was left behind by Debian's technical encancements: in 1996 or so, Debian introduced `apt`, a package manager with automatic recursive dependency resolution. This put it far in the lead of Red Hat, which still only had RPM and no dependency resolution.
Arch and Gentoo are from 2002, and Fedora from 2003.
Fedora was based on someone starting to package FOSS software for RHEL, more itch scratching!
These people have now moved to NixOS.
Not really.
The meme is from 4chan and the /g/ board that had some origins around 2011/2012. Gentoo was the main meme before this.
After 2012'ish the meme-culture from 4chan became mainstream internet culture with the popularity of reddit. Nothing has really progressed beyond that.
> These people have now moved to NixOS.
[citation needed]