- cross-posted to:
- homelab@selfhosted.forum
- cross-posted to:
- homelab@selfhosted.forum
Readme updated today:
This repository is no longer actively maintained.
The TrueNAS build system previously hosted here has been moved to an internal infrastructure. This transition was necessary to meet new security requirements, including support for Secure Boot and related platform integrity features that require tighter control over the build and signing pipeline.
No further updates, pull requests, or issues will be accepted. Existing content is preserved here for historical reference only.
https://github.com/truenas/scale-build
Wondering if this is just the first step towards doing a minio in the future.
Pardon my ignorance, but why would something have to be closed source in order to optionally provide secure boot? Couldn’t you provide the secure-boot-enabled binaries in addition to the source for everything except the boot keys?
You sign binaries, right? You don’t sign source.
If anyone builds from source they would just have to go through the arduous signing process themselves.
This is also something I don’t fully understand. Unfortunately it’s not easy to find what the requirements are to get a bootloader signed by MS. It’s possible I’m mixing up these requirements with requirements for something else that requires a NDA, but it’s really not that simple to find the requirements online.
It’s possible that the latter is actually the case and it’s not secure boot that requires it to be closed source. It’s also possible I’m entirely mistaken and they don’t need to make it closed source at all. I wish TrueNAS would give more details why it needs to be closed source - whether it’s due to a NDA or whatnot.