Merge pull request #690 from bgilbert/cleanups

Drop qemu_xen and secure_demo image types

build_library/disk_layout.json

@@ -158,41 +158,6 @@
         "blocks":"6291456"
       }
     },
-    "secure_demo":{
-      "1":{
-        "label":"EFI-SYSTEM",
-        "fs_label":"EFI-SYSTEM",
-        "type":"efi",
-        "blocks":"2097152",
-        "fs_type":"vfat",
-        "mount":"/",
-        "features": []
-      },
-      "2":{
-        "type":"blank"
-      },
-      "3":{
-        "type":"blank"
-      },
-      "4":{
-        "type":"blank"
-      },
-      "5":{
-        "type":"blank"
-      },
-      "6":{
-        "type":"blank"
-      },
-      "7":{
-        "type":"blank"
-      },
-      "8":{
-        "type":"blank"
-      },
-      "9":{
-        "type":"blank"
-      }
-    },
     "interoute":{
       "9":{
         "label":"ROOT",

build_library/qemu_xen.sh

@@ -1,51 +0,0 @@
-#!/bin/sh
-
-SCRIPT_DIR="`dirname "$0"`"
-VM_NAME=
-VM_IMAGE=
-VM_MEMORY=
-VM_NCPUS="`grep -c ^processor /proc/cpuinfo`"
-SSH_PORT=2222
-USAGE="Usage: $0 [-p PORT] [--] [qemu options...]
-Options:
-    -p PORT     The port on localhost to map to the VM's sshd. [2222]
-    -h          this ;-)
-
-QEMU wrapper script for a VM that is compatible with Xen:
- - No x2apic, everything APIC related breaks when it is on.
- - No virtio, simply does not work whatsoever under Xen.
-
-Any arguments after -p will be passed through to qemu, -- may be
-used as an explicit separator. See the qemu(1) man page for more details.
-"
-
-while [ $# -ge 1 ]; do
-    case "$1" in
-        -p|-ssh-port)
-            SSH_PORT="$2"
-            shift 2 ;;
-        -v|-verbose)
-            set -x
-            shift ;;
-        -h|-help|--help)
-            echo "$USAGE"
-            exit ;;
-        --)
-            shift
-            break ;;
-        *)
-            break ;;
-    esac
-done
-
-qemu-system-x86_64 \
-    -machine accel=kvm \
-    -cpu host,-x2apic \
-    -smp "${VM_NCPUS}" \
-    -name "$VM_NAME" \
-    -m ${VM_MEMORY} \
-    -net nic,vlan=0,model=e1000 \
-    -net user,vlan=0,hostfwd=tcp::"${SSH_PORT}"-:22,hostname="${VM_NAME}" \
-    -drive if=scsi,file="${SCRIPT_DIR}/${VM_IMAGE}" \
-    "$@"
-exit $?

build_library/secure_demo/CoreOS-Boot-Signer.crt

@@ -1,76 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-    Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=US, ST=CA, L=SF, O=CoreOS, CN=CoreOS Boot CA/emailAddress=george.tankersley@gmail.com
-        Validity
-            Not Before: Jan  1 00:00:00 1970 GMT
-            Not After : Oct 31 06:53:45 2024 GMT
-        Subject: C=US, ST=CA, L=SF, O=CoreOS, CN=CoreOS Boot Signer/emailAddress=george.tankersley@gmail.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
-                Modulus:
-                    00:b4:35:c8:8c:86:8f:89:4f:d8:63:f6:a3:80:db:
-                    7e:da:dc:53:6e:66:77:0d:1a:7e:0d:b2:3e:6a:85:
-                    1c:d9:1c:f9:48:ce:80:e7:31:c2:b3:e1:e4:2b:2b:
-                    1f:45:16:0b:52:57:8a:fc:7b:fd:ba:81:8b:35:13:
-                    4a:54:2a:be:35:0f:f4:ea:26:38:50:59:0b:9b:9c:
-                    88:a3:c9:01:08:fe:43:5d:f1:ef:15:6d:6d:03:06:
-                    3c:ab:c5:b8:93:79:84:ba:6b:f6:7b:59:8b:74:c2:
-                    2b:2d:a2:e9:e9:82:3f:f5:32:b5:b9:31:f4:9c:4b:
-                    e0:84:a0:40:44:01:e1:63:4d:da:a8:c7:3f:76:8e:
-                    09:6a:ce:b9:75:32:56:9c:39:5a:44:94:b5:4d:76:
-                    64:b0:4e:42:ee:99:5f:9b:96:cb:e7:50:f1:10:2a:
-                    09:8c:49:62:5d:e4:b9:29:2b:a7:4a:77:b4:7c:d4:
-                    4b:4e:1f:84:ce:9a:be:e1:44:95:29:cd:35:09:ec:
-                    c0:cc:a2:31:91:d1:fd:a9:ce:1a:79:3f:2a:9b:94:
-                    f2:49:60:7c:ba:f0:1b:62:24:4e:35:39:bb:9b:a1:
-                    19:42:04:cb:9b:e0:5a:a5:52:3f:ec:b1:8e:2a:07:
-                    20:0f:56:6b:38:55:5e:06:59:dd:57:e5:20:16:47:
-                    dc:e9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: 
-                Digital Signature
-            X509v3 Extended Key Usage: 
-                Code Signing
-    Signature Algorithm: sha256WithRSAEncryption
-         c1:e9:22:50:29:21:26:e8:57:1e:06:ce:f5:0c:47:5f:5d:51:
-         57:e2:64:10:75:1b:ca:9b:f0:0f:38:81:91:8d:4e:c1:11:19:
-         e3:e9:db:6a:9e:36:66:f8:89:1d:7f:2e:8a:50:1d:0b:5a:c7:
-         d4:c5:60:3c:ba:0c:78:1c:40:bd:3c:80:aa:73:ce:04:4e:2c:
-         d9:da:5d:6c:19:bf:6e:9e:e5:ba:0e:3a:14:d1:e9:d0:17:0b:
-         98:00:ab:3d:18:b7:27:04:2f:15:7f:6d:57:03:11:29:c0:d4:
-         86:25:14:e4:91:06:7e:5d:59:ac:3a:67:95:e0:7d:c8:f5:08:
-         74:2e:9b:68:af:65:db:25:8b:8a:ae:33:f4:62:4c:10:7c:f4:
-         70:25:68:d1:b1:74:43:14:a7:4f:35:b7:5c:30:ca:8b:84:24:
-         3a:08:ff:f6:47:79:c6:b4:ef:cc:80:b0:52:2b:19:57:94:0e:
-         d2:cd:55:23:ee:1e:32:13:53:8e:1e:2c:46:99:23:0c:c7:2c:
-         df:81:6d:60:bd:8a:51:77:69:cf:cc:11:9f:ba:5c:f3:e2:9a:
-         0f:de:a9:f4:a5:8d:a8:86:a2:9e:00:82:24:c7:17:3c:14:1a:
-         db:04:4c:91:33:05:87:49:69:ea:b3:8d:8e:f9:3a:2c:85:65:
-         95:6b:6a:cb
------BEGIN CERTIFICATE-----
-MIIDoDCCAoigAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJVUzEL
-MAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMQ8wDQYDVQQKDAZDb3JlT1MxFzAVBgNV
-BAMMDkNvcmVPUyBCb290IENBMSowKAYJKoZIhvcNAQkBFhtnZW9yZ2UudGFua2Vy
-c2xleUBnbWFpbC5jb20wIBgPMTk3MDAxMDEwMDAwMDBaFw0yNDEwMzEwNjUzNDVa
-MIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMQ8wDQYD
-VQQKDAZDb3JlT1MxGzAZBgNVBAMMEkNvcmVPUyBCb290IFNpZ25lcjEqMCgGCSqG
-SIb3DQEJARYbZ2VvcmdlLnRhbmtlcnNsZXlAZ21haWwuY29tMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDXIjIaPiU/YY/ajgNt+2txTbmZ3DRp+DbI+
-aoUc2Rz5SM6A5zHCs+HkKysfRRYLUleK/Hv9uoGLNRNKVCq+NQ/06iY4UFkLm5yI
-o8kBCP5DXfHvFW1tAwY8q8W4k3mEumv2e1mLdMIrLaLp6YI/9TK1uTH0nEvghKBA
-RAHhY03aqMc/do4Jas65dTJWnDlaRJS1TXZksE5C7plfm5bL51DxECoJjEliXeS5
-KSunSne0fNRLTh+Ezpq+4USVKc01CezAzKIxkdH9qc4aeT8qm5TySWB8uvAbYiRO
-NTm7m6EZQgTLm+BapVI/7LGOKgcgD1ZrOFVeBlndV+UgFkfc6QIDAQABoyQwIjAL
-BgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQAD
-ggEBAMHpIlApISboVx4GzvUMR19dUVfiZBB1G8qb8A84gZGNTsERGePp22qeNmb4
-iR1/LopQHQtax9TFYDy6DHgcQL08gKpzzgROLNnaXWwZv26e5boOOhTR6dAXC5gA
-qz0YtycELxV/bVcDESnA1IYlFOSRBn5dWaw6Z5Xgfcj1CHQum2ivZdsli4quM/Ri
-TBB89HAlaNGxdEMUp081t1wwyouEJDoI//ZHeca078yAsFIrGVeUDtLNVSPuHjIT
-U44eLEaZIwzHLN+BbWC9ilF3ac/MEZ+6XPPimg/eqfSljaiGop4AgiTHFzwUGtsE
-TJEzBYdJaeqzjY75OiyFZZVrass=
------END CERTIFICATE-----

build_library/secure_demo/CoreOS-Boot-Signer.key

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0NciMho+JT9hj
-9qOA237a3FNuZncNGn4Nsj5qhRzZHPlIzoDnMcKz4eQrKx9FFgtSV4r8e/26gYs1
-E0pUKr41D/TqJjhQWQubnIijyQEI/kNd8e8VbW0DBjyrxbiTeYS6a/Z7WYt0wist
-ounpgj/1MrW5MfScS+CEoEBEAeFjTdqoxz92jglqzrl1MlacOVpElLVNdmSwTkLu
-mV+blsvnUPEQKgmMSWJd5LkpK6dKd7R81EtOH4TOmr7hRJUpzTUJ7MDMojGR0f2p
-zhp5PyqblPJJYHy68BtiJE41ObuboRlCBMub4FqlUj/ssY4qByAPVms4VV4GWd1X
-5SAWR9zpAgMBAAECggEAZgmeCJOYanNfXxqj8a5W4a2nP/ecqTq67R5j4QSGFRkm
-vWbP7hhq2lepThgYmJGmz3TqKZQ7UoNPQzos+ANLt9fVIU+Ky1PgErhLVhHWGDWA
-B42ZhlRzSSca61gE7tv7n2LKKYXGRNI8iJaaQ7GQbVHNO5Nhoa4E7pOeT+OQrxzO
-vSTuXJMCDzvZTCV0quvaSNE+nWQYda6X/Gthhpy4Qp1M7iKxoOekP88v1IVMBLzP
-Zj6ExMEiK/SZQcnRx0CeCIOayht8YVwtsFTzWZgcgcxQZMVoBYA5DRdKF8PDy0N3
-PhTxfIWurJf9PUR/gF4tOyaAoBI0N6MkRoKYmT3QAQKBgQDddASBIIC32DRVi4jy
-9i433b3JVTuLnGCjDtGflGiXM2mf58oFFPhua8Mh29F9FKWHj+B/yn47HF/bikoh
-OeB8RaZClj+EFXeSmjjZF3QEg2GDMHZB0yvytgb9mr5lNcNF3JsosUQuLY7+VVSR
-UPjnhjcnKkzQv7fK18E2+aoagQKBgQDQUq0VsSJT9T4UtvpgFhN8xWlKTJjaDxsI
-2lIgUkBX+VJ41+kHZNioZOc61TkMCOPyIHyeUYEQbcZmkNL3nR9uxr9kXyC1ShIu
-Q+mrzIHzuGKNJBQdMWNrm+nwOF5IafSoQRievU35gvKt+evJg9SJNvIYGwnt+/AA
-YwHyd7f+aQKBgExIPZD5UD2D1SsugIMot+z4jfp/SJ6jxEoGvcCZj5md1SGG53ju
-q1Dl//Z20OekKAzVS8DZULgt4vst3LErTZ+hIk9HkCOAfYrbYv+s64LuerWFCQdN
-pZLajvfmyPT2GwjCoBPZVCIQAXSskg/oc4TVH8R29rTlhXry7RRx1d2BAoGAVw1V
-Wq0shR0EFi/oLGLNPeRYfT3I2cZaK7bffrYgQSLkfa7rp7VSe/u+TG1xa0AD0NgW
-eynf3vegYpe+MM6tpeLTc6P0zQzo0AB9EtdgrnGsbQJYjWJoAz2h4koLzALKw8x/
-90Vv4gYAVwcKqqi2FaiqPbx+x73xqpe05pd0gZECgYEAh8vSHk3w7Od0AKOsfn4q
-vVy1MjNBzX3p1+2IHJLDeM9ibTUmfWP+Y7cL5+m0eNasq/gvgBKMNAA+C9h6lEiZ
-Soe27lfYBY3ro0ksdYeNGx7rKgBLIi/YRmxvTTlDcUrEkaunfuGCXzLy6X6USI+c
-jsLjKF+tu3r+iYx4OU3xWpI=
------END PRIVATE KEY-----

build_library/secure_demo/cloud-config.yaml

@@ -1,7 +0,0 @@
-#cloud-config
-
-hostname: secure_demo
-
-users:
-  - name: core
-    coreos-ssh-import-github: marineam

build_library/secure_demo/grub.cfg

@@ -1,20 +0,0 @@
-# Load any and all video drivers.
-# Required under UEFI to boot Linux with a working console.
-insmod all_video
-
-# Use both default text console and ttyS0
-serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
-terminal_input console serial
-terminal_output console serial
-
-# Find the UEFI system partition
-insmod part_gpt
-search --set=root --label EFI-SYSTEM
-
-# Do that thing!
-echo "Loading /coreos/vmlinuz ..."
-linuxefi /coreos/vmlinuz module.sig_enforce=1 console=tty0 console=ttyS0,115200n8 rootfstype=btrfs cloud-config-url=https://storage.googleapis.com/users.developer.core-os.net/marineam/cloud-config.yaml
-echo "Loading /coreos/initrd ..."
-initrdefi /coreos/initrd
-echo "Booting..."
-boot

build_library/test_oem_pkgs

@@ -29,9 +29,6 @@ oem_uses() {
 }
 
 for oem in "${VALID_OEM_PACKAGES[@]/#/oem-}"; do
-  # experimental thingy for testing, generally unused.
-  [[ "${oem}" == oem-xendom0 ]] && continue
-
   uses=( $(oem_uses "${oem}") )
   if [[ ${#uses} -eq 0 ]]; then
     uses=( "" )

build_library/vm_image_util.sh

@@ -15,7 +15,6 @@ VALID_IMG_TYPES=(
     qemu
     qemu_uefi
     qemu_uefi_secure
-    qemu_xen
     rackspace
     rackspace_onmetal
     rackspace_vhd
@@ -37,7 +36,6 @@ VALID_IMG_TYPES=(
     exoscale
     azure
     hyperv
-    secure_demo
     niftycloud
     cloudsigma
     packet
@@ -55,7 +53,6 @@ VALID_OEM_PACKAGES=(
     hyperv
     rackspace
     rackspace-onmetal
-    xendom0
     vagrant
     vagrant-key
     vmware
@@ -132,12 +129,6 @@ IMG_qemu_uefi_secure_DISK_FORMAT=qcow2
 IMG_qemu_uefi_secure_DISK_LAYOUT=vm
 IMG_qemu_uefi_secure_CONF_FORMAT=qemu_uefi_secure
 
-IMG_qemu_xen_DISK_FORMAT=qcow2
-IMG_qemu_xen_DISK_LAYOUT=vm
-IMG_qemu_xen_CONF_FORMAT=qemu_xen
-IMG_qemu_xen_OEM_PACKAGE=oem-xendom0
-IMG_qemu_xen_MEM=2048
-
 ## xen
 IMG_xen_CONF_FORMAT=xl
 
@@ -269,11 +260,6 @@ IMG_azure_OEM_PACKAGE=oem-azure
 IMG_hyperv_DISK_FORMAT=vhd
 IMG_hyperv_OEM_PACKAGE=oem-hyperv
 
-## secure boot demo
-IMG_secure_demo_PARTITIONED_IMG=0
-IMG_secure_demo_DISK_FORMAT=secure_demo
-IMG_secure_demo_CONF_FORMAT=qemu_uefi
-
 ## niftycloud
 IMG_niftycloud_DISK_FORMAT=vmdk_stream
 IMG_niftycloud_DISK_LAYOUT=vm
@@ -407,7 +393,6 @@ _disk_ext() {
         vmdk_scsi) echo vmdk;;
         vmdk_stream) echo vmdk;;
         hdd) echo hdd;;
-        secure_demo) echo bin;;
         *) echo "${disk_format}";;
     esac
 }
@@ -762,21 +747,6 @@ _write_qemu_uefi_secure_conf() {
     flash-var "$(_dst_dir)/${flash_rw}" "db" "${VM_TMP_DIR}/DB.esl"
 }
 
-_write_qemu_xen_conf() {
-    local script="$(_dst_dir)/$(_dst_name ".sh")"
-    local dst_name=$(basename "$VM_DST_IMG")
-    local vm_mem="$(_get_vm_opt MEM)"
-
-    sed -e "s%^VM_NAME=.*%VM_NAME='${VM_NAME}'%" \
-        -e "s%^VM_IMAGE=.*%VM_IMAGE='${dst_name}'%" \
-        -e "s%^VM_MEMORY=.*%VM_MEMORY='${vm_mem}'%" \
-        "${BUILD_LIBRARY_DIR}/qemu_xen.sh" > "${script}"
-    checkbashisms --posix "${script}" || die
-    chmod +x "${script}"
-
-    VM_GENERATED_FILES+=( "${script}" )
-}
-
 _write_pxe_conf() {
     local script="$(_dst_dir)/$(_dst_name ".sh")"
     local vmlinuz_name="$(_dst_name ".vmlinuz")"
@@ -1176,54 +1146,6 @@ _write_pvm_tgz_bundle() {
     VM_GENERATED_FILES+=( "${tgz}" )
 }
 
-_write_secure_demo_disk() {
-    local dst_img="$2"
-    local tmp_esp="${VM_TMP_DIR}/esp"
-
-    grub-mkstandalone \
-        --output="${VM_TMP_DIR}/grub.efi" \
-        --format=x86_64-efi \
-        --modules=verify \
-        --pubkey="${BUILD_LIBRARY_DIR}/secure_demo/CoreOS-Grub-Singing-Key.gpg" \
-        "/boot/grub/grub.cfg=${BUILD_LIBRARY_DIR}/secure_demo/grub.cfg"
-    sbsign --key "${BUILD_LIBRARY_DIR}/secure_demo/CoreOS-Boot-Signer.key" \
-        --cert "${BUILD_LIBRARY_DIR}/secure_demo/CoreOS-Boot-Signer.crt" \
-        "${VM_TMP_DIR}/grub.efi"
-
-    cp "${VM_TMP_ROOT}/usr/boot/vmlinuz" "${VM_TMP_DIR}/vmlinuz"
-    sbsign --key "${BUILD_LIBRARY_DIR}/secure_demo/CoreOS-Boot-Signer.key" \
-        --cert "${BUILD_LIBRARY_DIR}/secure_demo/CoreOS-Boot-Signer.crt" \
-        "${VM_TMP_DIR}/vmlinuz"
-    gpg --detach-sign --local-user BA076BAA \
-        --output "${VM_TMP_DIR}/vmlinuz.sig" \
-        "${VM_TMP_DIR}/vmlinuz.signed"
-
-    _write_cpio_common "ignored" "${VM_TMP_DIR}/initrd"
-    gpg --detach-sign --local-user BA076BAA "${VM_TMP_DIR}/initrd"
-
-    "${BUILD_LIBRARY_DIR}/disk_util" \
-        --disk_layout="secure_demo" format "${dst_img}"
-    "${BUILD_LIBRARY_DIR}/disk_util" \
-        --disk_layout="secure_demo" mount "${dst_img}" "${tmp_esp}"
-
-    sudo mkdir -p "${tmp_esp}/EFI/boot"
-    sudo cp "${BUILD_LIBRARY_DIR}/secure_demo/bootx64.efi" \
-            "${BUILD_LIBRARY_DIR}/secure_demo/lockdown.efi" \
-            "${tmp_esp}/EFI/boot"
-    sudo cp "${VM_TMP_DIR}/grub.efi.signed" "${tmp_esp}/EFI/boot/grub.efi"
-
-    sudo mkdir -p "${tmp_esp}/coreos"
-    sudo cp "${VM_TMP_DIR}/vmlinuz.signed" "${tmp_esp}/coreos/vmlinuz"
-    sudo cp "${VM_TMP_DIR}/initrd"{,.sig} \
-        "${VM_TMP_DIR}/vmlinuz.sig" \
-        "${tmp_esp}/coreos"
-
-    "${BUILD_LIBRARY_DIR}/disk_util" \
-        --disk_layout="secure_demo" umount "${tmp_esp}"
-
-    VM_GENERATED_FILES+=( "${dst_img}" )
-}
-
 vm_cleanup() {
     info "Cleaning up temporary files"
     if mountpoint -q "${VM_TMP_ROOT}"; then