Readme updated today:
This repository is no longer actively maintained.
The TrueNAS build system previously hosted here has been moved to an internal infrastructure. This transition was necessary to meet new security requirements, including support for Secure Boot and related platform integrity features that require tighter control over the build and signing pipeline.
No further updates, pull requests, or issues will be accepted. Existing content is preserved here for historical reference only.
https://github.com/truenas/scale-build
Wondering if this is just the first step towards doing a minio in the future.
Secure boot is dumb, but explains why they’d need a repo to be closed source. To summarize it briefly, you need your bootloader to be signed to work at all with secure boot, which means you have two options: self-sign (which defeats the purpose, though some Linux distros let you do this if you want), or follow all the requirements imposed by Microsoft. As far as I’m aware, one of those requirements is that it must be closed source.
Pardon my ignorance, but why would something have to be closed source in order to optionally provide secure boot? Couldn’t you provide the secure-boot-enabled binaries in addition to the source for everything except the boot keys?
You sign binaries, right? You don’t sign source.
If anyone builds from source they would just have to go through the arduous signing process themselves.
Self sign doesn’t defeat the purpose, you can add your own keys to your bios that you use to sign your kernel. I do that and have a secure booted Arch Linux installed.
I’ve heard others say that you can just use private keys, Debian does that.
Though I’m not very knowledgeable in this, others can hopefully clarify.