mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-07 21:16:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

build_image: clean up PCR policy generation

Browse Source 
Pass as an argument to finish_image like most other things.
This commit is contained in:
Michael Marineau 2016-09-19 12:09:27 -07:00
parent 300722d7cb
commit 1092afd240
2 changed files with 26 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
build_library/build_image_util.sh
View File

@ -287,12 +287,10 @@ finish_image() {
local root_fs_dir="$3"
local image_contents="$4"
local image_kernel="$5"
local install_grub=0
local pcr_policy="$6"
local install_grub=0
local disk_img="${BUILD_DIR}/${image_name}"
local pcr_policy="${image_name%.bin}_pcr_policy.zip"
local pcr_dir="${BUILD_DIR}/pcrs"
mkdir -p "${pcr_dir}"
# Copy kernel to support dm-verity boots
sudo mkdir -p "${root_fs_dir}/boot/coreos"
@ -376,7 +374,13 @@ finish_image() {
"${BUILD_DIR}/${image_kernel}"
fi
${BUILD_LIBRARY_DIR}/generate_kernel_hash.sh "${root_fs_dir}/boot/coreos/vmlinuz-a" ${COREOS_VERSION} >${pcr_dir}/kernel.config
if [[ -n "${pcr_policy}" ]]; then
mkdir -p "${BUILD_DIR}/pcrs"
${BUILD_LIBRARY_DIR}/generate_kernel_hash.sh \
"${root_fs_dir}/boot/coreos/vmlinuz-a" ${COREOS_VERSION} \
>"${BUILD_DIR}/pcrs/kernel.config"
fi
rm -rf "${BUILD_DIR}"/configroot
cleanup_mounts "${root_fs_dir}"
trap - EXIT
@ -403,9 +407,15 @@ finish_image() {
--noverity
fi
done
${BUILD_LIBRARY_DIR}/generate_grub_hashes.py ${disk_img} /usr/lib/grub/ ${pcr_dir} ${COREOS_VERSION}
fi
pushd ${BUILD_DIR}
zip -r -9 $pcr_policy pcrs
popd
if [[ -n "${pcr_policy}" ]]; then
${BUILD_LIBRARY_DIR}/generate_grub_hashes.py \
"${disk_img}" /usr/lib/grub/ "${BUILD_DIR}/pcrs" ${COREOS_VERSION}
info "Generating $pcr_policy"
pushd "${BUILD_DIR}" >/dev/null
zip --quiet -r -9 "${BUILD_DIR}/${pcr_policy}" pcrs
popd >/dev/null
fi
}

8
build_library/prod_image_util.sh
View File

@ -113,7 +113,13 @@ EOF
sudo mv -n ${root_fs_dir}/etc/pam.d/* ${root_fs_dir}/usr/lib/pam.d/
sudo rmdir ${root_fs_dir}/etc/pam.d
finish_image "${image_name}" "${disk_layout}" "${root_fs_dir}" "${image_contents}" "${image_kernel}"
finish_image \
"${image_name}" \
"${disk_layout}" \
"${root_fs_dir}" \
"${image_contents}" \
"${image_kernel}" \
"${image_pcr_policy}"
upload_image -d "${BUILD_DIR}/${image_name}.bz2.DIGESTS" \
"${BUILD_DIR}/${image_contents}" \