Skip to content

Bump lanzaboote from v0.4.3 to v1.0.0#29

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nix/lanzaboote-v1.0.0
Open

Bump lanzaboote from v0.4.3 to v1.0.0#29
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nix/lanzaboote-v1.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 19, 2026
edited
Loading

Bumps lanzaboote from v0.4.3 to v1.0.0.

Release notes

Sourced from lanzaboote's releases.

v1.0.0

See the Changelog for more details.

New Contributors

Diff to the the last version: nix-community/lanzaboote@v0.4.3...v1.0.0

Changelog

Sourced from lanzaboote's changelog.

1.0.0

Added

  • You can now use Lanzaboote completely without flakes or flake-compat, explicitly controlling all dependencies:

    system = builtins.currentSystem;
pkgs = import sources.nixpkgs { inherit system; };
lanzaboote = import sources.lanzaboote {
inherit system pkgs;
rust-overlay = sources.rust-overlay;
crane = import sources.crane { inherit pkgs; };
};

    However, this is optional. You can also just provide an empty attrset { } and rely on the versions of the dependencies we have pinned.

  • Added the option boot.lanzaboote.autoGenerateKeys.enable which allows you to automatically generate Secure Boot keys in a systemd service if they do not exist yet. Please read the docs for more info.

  • Added the options boot.lanzaboote.autoEnrollKeys.* which allow you to automatically enroll your Secure Boot keys into the firmware. A systemd service prepares everything and systemd-boot finally enrolls the keys on the next boot. Please read the docs for more info.

  • Added the option boot.lanzaboote.allowUnsigned which enables installing unsigned artifacts to the ESP. This is useful for automatic provisioning of systems with Secure Boot.

  • Added support for multiple ESPs. You can configure additional ESPs that you want Lanzaboote to install boot artifacts to via boot.lanzaboote.extraEfiSysMountPoints = [ "/boot2" ];:

Changed

  • Changed the non-flakes Nix interface of Lanzaboote. Now needs to be called with an argument: lanzaboote = import sources.lanzaboote { };.
  • boot.lanzaboote.pkiBundle now uses the type externalPath and thus cannot point to Nix Store paths anymore.

Removed

  • Removed the internal option boot.lanzaboote.enrollKeys that was only intended for testing without replacement.
Commits
  • e8c096a Merge pull request #514 from nikstur/prepare-0.5.0
  • 2113ff6 treewide: release 1.0.0
  • a2b9fef changelog: add entry about extraEfiSysMountPoints
  • d125c8b Merge pull request #516 from nix-community/renovate/lock-file-maintenance
  • a107ab1 chore(deps): lock file maintenance
  • 4f5fc14 Merge pull request #509 from nikstur/auto-generate-enroll
  • ac12fb1 docs: init auto-{generate,enroll}-keys and auto provisioning
  • a739876 module: add autoGenerateKeys and autoEnrollKeys option
  • 8c91788 module: use externalPath for pkiBundle
  • 8af9ea4 shell.nix: fix local clippy and rustfmt
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies nix Pull requests that update nix code labels Apr 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/nix/lanzaboote-v1.0.0 branch from 68a5102 to 314e4c4 Compare April 24, 2026 11:36
@rake5k rake5k force-pushed the main branch 3 times, most recently from d8c1e04 to 540e4c1 Compare April 26, 2026 18:20
@dependabot dependabot Bot force-pushed the dependabot/nix/lanzaboote-v1.0.0 branch 2 times, most recently from 4494fdc to fb01fd6 Compare May 3, 2026 11:22
@dependabot dependabot Bot force-pushed the dependabot/nix/lanzaboote-v1.0.0 branch 2 times, most recently from 1b36cf3 to 78540ed Compare May 9, 2026 22:09
@dependabot
Bump lanzaboote from v0.4.3 to v1.0.0
75dbc39 
Bumps [lanzaboote](https://github.com/nix-community/lanzaboote) from v0.4.3 to v1.0.0.
- [Release notes](https://github.com/nix-community/lanzaboote/releases)
- [Changelog](https://github.com/nix-community/lanzaboote/blob/master/CHANGELOG.md)
- [Commits](nix-community/lanzaboote@88b8a56...e8c096a)

---
updated-dependencies:
- dependency-name: lanzaboote
  dependency-version: e8c096ade12ec9130ff931b0f0e25d2f1bc63607
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/nix/lanzaboote-v1.0.0 branch from 78540ed to 75dbc39 Compare May 10, 2026 11:32
@rake5k rake5k force-pushed the main branch 14 times, most recently from b188984 to 7347943 Compare May 15, 2026 12:49
@rake5k rake5k force-pushed the main branch 30 times, most recently from cb644c6 to 2aa7824 Compare May 19, 2026 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies nix Pull requests that update nix code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants