mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-04 19:56:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2550 from flatcar/chewi/sbsign-update-payload

Browse Source 
Delay generating test update payload in official builds
This commit is contained in:
James Le Cuirot 2025-01-02 09:55:34 +00:00 committed by GitHub
commit 299773a9fd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
build_image
View File

@ -177,7 +177,8 @@ if [[ "${PROD_IMAGE}" -eq 1 ]]; then
if [[ ${FLAGS_extract_update} -eq ${FLAGS_TRUE} ]]; then
extract_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
fi
if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then
# TODO: Un-nobble this later when we have passed the shim review.
if [[ ${FLAGS_generate_update} -eq ${FLAGS_TRUE} ]]; then # && ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
fi
if [[ "${PROD_TAR}" -eq 1 ]]; then

4
build_library/build_image_util.sh
View File

@ -79,7 +79,9 @@ generate_update() {
local devkey="/usr/share/update_engine/update-payload-key.key.pem"
# Extract the partition if it isn't extracted already.
[[ -s ${update} ]] || extract_update "${image_name}" "${disk_layout}"
[[ -s ${update} ]] ||
"${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \
extract "${BUILD_DIR}/${image_name}" "USR-A" "${update}"
echo "Generating update payload, signed with a dev key"
delta_generator \

7
ci-automation/sbsign_image.sh
View File

@ -82,14 +82,17 @@ function _sbsign_image_impl() {
local sdk_image="$(docker_image_fullname "${sdk_name}" "${docker_sdk_vernum}")"
echo "docker image rm -f '${sdk_image}'" >> ./ci-cleanup.sh
./run_sdk_container -x ./ci-cleanup.sh -v "${FLATCAR_VERSION}" -U -C "${sdk_image}" \
local docker_vernum="$(vernum_to_docker_image_version "${FLATCAR_VERSION}")"
local sbsign_container="flatcar-sbsign-image-${arch}-${docker_vernum}"
./run_sdk_container -x ./ci-cleanup.sh -n "${sbsign_container}" -v "${FLATCAR_VERSION}" -U -C "${sdk_image}" \
./sbsign_image --board="${arch}-usr" \
--group="${channel}" --version="${FLATCAR_VERSION}" \
--output_root="${CONTAINER_IMAGE_ROOT}" \
--only_store_compressed
# Delete uncompressed generic image before signing and upload
rm "${images_local}/flatcar_production_image.bin"
# Also delete update image because it will be unchanged
rm "${images_local}"/flatcar_production_{image,update}.bin
create_digests "${SIGNER}" "${images_local}"/*
sign_artifacts "${SIGNER}" "${images_local}"/*
copy_to_buildcache "${images_remote}"/ "${images_local}"/*

5
sbsign_image
View File

@ -61,8 +61,11 @@ switch_to_strict_mode
# Create the output directory and temporary mount points.
mkdir -p "${BUILD_DIR}"
DISK_LAYOUT="${FLAGS_disk_layout:-base}"
fix_mtab
sbsign_prod_image "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${FLAGS_disk_layout:-base}"
sbsign_prod_image "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
generate_update "${FLATCAR_PRODUCTION_IMAGE_NAME}" "${DISK_LAYOUT}"
echo "Done. ${FLATCAR_PRODUCTION_IMAGE_NAME} and associated files are now signed for Secure Boot in ${BUILD_DIR}."
command_completed