[00:10] I jsut look at the source code to usb-imagewriter [00:10] and cry [00:10] one of these days I will find a tool that works ;( [00:11] antarus: dd ? or usb-creator. both can flash desktop/iso and armhf/sdcard images [00:12] antarus: and usb-imagewriter was removed from the archive. last release it was published in was quantal. [00:15] xnox: yeah I tnoiced [00:16] xnox: I haven't tried usb-creator yet [00:16] I'm too stupid to use dd [00:16] isnt' there some magical thing I need to do to make it bootable? [00:32] antarus: No, dding our ISOs to a USB stick should Just Work. [00:33] antarus: dd if=foo.iso of=/dev/sdb bs=4M [00:33] antarus: That's all there is to it. [00:33] antarus: You only need fancy things like usb-creator if you're trying to create a key with persistent session support and such. [00:40] excellent [00:40] I guess easier than burning ISOs [00:40] stupid cdrecord [00:40] we still use PXE at work, so I ignore everything else ;) [00:45] antarus: Yeah, I netboot a lot at home too, just to avoid sneakernetting things around. [00:45] 10 minutes of bootp/tftp setup for a lifetime of laziness. [00:46] have you set up booting over the network with UEFI? [00:47] Nope. No UEFI-only machines here that I need to care about, so I'll wait until people like cjwatson and stgraber tell me that it's dirt easy and it all Just Works, and cargo-cult someone else's setup. :P [00:47] we are also avoiding this [00:47] ;) [00:48] mostly we want to do some form of secure network booting [00:49] my current plan (not yet staffed) is to write an android app that downloads a Goobuntu image to your phone over wifi, and you plug your phone into yoru workstation and the phone is responsible for image verification [00:49] which is slightly better than unencrypted tftp ;) [00:49] afaik though, I think you need to root your phone to be able to do it [00:49] which is not so nice ;( [01:03] antarus: why not use ipxe and https [01:03] iirc you can embed your own CA, so you could verify all the images that way [01:05] devicenull: not following how I get my secure verifiably copy of ipxe? [01:05] dd it onto a usb stick ;) [01:05] or burn it into the NIC [01:07] well thats the ticket innit ;) [01:07] well at least you only need dd :) [01:07] teh support org wants to move away from a centralized inventory process [01:07] so it might be tricky ;) [01:08] thats why I nominally like the phone idea [01:08] everyeon already has one, we nominally trust the phone anyway [01:10] I'm not following how having the phone implies no central inventory [01:13] ahh [01:13] well the former implies a supply chain problem [01:13] buying USb sticks [01:13] managing the versions of stuff on them [01:14] how do you get sticks to weird locations like the middle of Africa [01:15] an app on the phone may disallow you from using an older copy of the software [01:15] users already have phones (so no procurement issues) [01:16] I'm not familiar enough with putting new firmware on NICs to really evaluate that one..but it nominally has similar problems === FourDollars_ is now known as FourDollars === maxb_ is now known as maxb [10:26] antarus: I haven't tried it myself yet but I know slangasek got UEFI netboot working over both IPv4 and IPv6 using grub and shim, so booting machines that have secureboot enabled. [10:27] antarus: from what I remember the actual setup is trivial, the problems were with shim being buggy and needing fixing (which we've now done) [10:28] antarus: on the dhcp server side all you have to do is point to shim's .efi binary rather than pxelinux.0 (you'll likely want to vendor/platform check to only have that done for EFI machines) and on the tftp server side you need to have a directory with shim.efi, grub.efi and any required config. [10:29] I haven't tried this myself (well, I did but it was broken back then) but it's on my home todo list as I've got to rebuild my tftp server anyway (but I'm not home now so it'll have to wait until I'm back on the other continent) [21:49] stgraber: good to hear someone got it working ;)