mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-11 06:56:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,131 Commits 621 Branches 390 Tags 160 MiB
2880de9a89
Commit Graph

4131 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Michael
e80eddd0c8 release_util: support signing directories 2017-03-30 16:53:10 -07:00
David Michael
6b86520bf4 release_util: store file signatures in their own directory 
This allows signing files under paths owned by other users.
 2017-03-30 16:52:44 -07:00
Benjamin Gilbert
d0e89d1752 build_image_util: Don't query the $BUILD_DIR vdb 
Jenkins uses separate chroots for package and image builds, so
$BUILD_DIR may not have the relevant packages installed.
 2017-03-30 15:43:56 -07:00
Benjamin Gilbert
d8fb403f69 build_image_util: Fix warnings when building OEM ACIs 
INFO    build_oem_aci: Writing coreos_oem_gce_aci_stage_packages.txt
    awk: cmd. line:1: fatal: cannot open file `/build/amd64-usr/var/db/pkg//DEPEND' for reading (No such file or directory)
    INFO    build_oem_aci: Writing coreos_oem_gce_aci_stage_licenses.txt
    awk: cmd. line:1: fatal: cannot open file `/build/amd64-usr/var/db/pkg//DEPEND' for reading (No such file or directory)
 2017-03-29 16:31:05 -07:00
David Michael
66dca6ab85 Merge pull request #657 from dm0-/perl-glsa 
Update Perl to fix the last GLSA
 2017-03-23 19:58:35 -07:00
Benjamin Gilbert
d234da9ffc Merge pull request #651 from bgilbert/firstboot-file 
Set coreos.first_boot based on existence of file in ESP
 2017-03-23 18:29:41 -07:00
David Michael
43807d6763 catalyst: temporarily disable update_seed 
This can be reverted once there is a version of the SDK containing
the updated Perl 5.22 packages.
 2017-03-21 21:12:40 -07:00
David Michael
09efc42e8f update_chroot: fix SDK updates during the Perl 5.22 upgrade 2017-03-21 18:52:05 -07:00
David Michael
28f5d7f276 update_chroot: store emerge flags in arrays 2017-03-21 18:36:43 -07:00
Michael Marineau
6a4e78937d Merge pull request #647 from glevand/for-merge-jenkins 
Fixups for jenkins
 2017-03-20 16:02:25 -07:00
Geoff Levand
5a76e4e5e9 load_environment_var: Pickup COREOS_BUILD_ID 
Change the setting of COREOS_BUILD_ID so that its value, in order of
preference, is set to

  A value set in the environment.
  A value provided in manifest's version.txt.
  A fall back value of the current time-date.

Signed-off-by: Geoff Levand <geoff@infradead.org>
 2017-03-20 15:36:03 -07:00
Geoff Levand
aa259bf685 load_environment_var: Strip double quotes 
To allow double quoted values to be processed correctly.

Signed-off-by: Geoff Levand <geoff@infradead.org>
 2017-03-20 15:36:03 -07:00
Geoff Levand
1c16018906 Remove old Jenkins jobs 
The new Jenkins jobs are hosed at:

  https://github.com/coreos/jenkins-os

Signed-off-by: Geoff Levand <geoff@infradead.org>
 2017-03-20 15:36:03 -07:00
Alex Crawford
09fd7a37c1 Merge pull request #653 from crawford/bash 
*: don't hardcode path to bash
 2017-03-20 15:26:31 -07:00
Alex Crawford
e304fb9557 Merge pull request #655 from glevand/for-merge-os-release 
os-release: Add COREOS_BOARD variable
 2017-03-15 17:30:24 -07:00
Alex Crawford
9b2bcb3622 Merge pull request #656 from crawford/licenses 
build_library: upload image licenses
 2017-03-15 17:29:21 -07:00
Alex Crawford
b924c5ce6c build_library: upload image licenses 
We've always generated these license manifests (detailing which ebuilds
are covered by which license), but never published them. This adds these
manifests to the list of published files so that they are publicly
available.
 2017-03-15 14:11:01 -07:00
Geoff Levand
3b8c558367 os-release: Add COREOS_BOARD variable 
os-release is requested in bug reports, and knowing which board
the problem occurred on is often helpful.

Signed-off-by: Geoff Levand <geoff@infradead.org>
 2017-03-14 09:45:24 -07:00
Euan Kemp
8240215fe2 Merge pull request #650 from euank/docker-aci 
Initial docker-aci build thing
 2017-03-08 13:30:54 -08:00
Euan Kemp
b8589683b8 build_docker_aci: include 'extra' version number 
This allows for multiple iterations with the same package version if
needed.
 2017-03-06 16:07:26 -08:00
Euan Kemp
ada33ad411 build_docker_aci: update version / file logic 2017-03-06 16:07:26 -08:00
Alex Crawford
d8ea06c5c5 *: don't hardcode path to bash 
Bash isn't always at this location. These scripts in particular are
being updated because they are called from outside of the SDK.
 2017-03-02 14:00:11 -08:00
David Michael
89fb15ae08 Merge pull request #652 from dm0-/revert-sb 
Revert Secure Boot signing changes
 2017-03-01 18:11:52 -08:00
David Michael
aa772ea048 Revert "offline_signing: sign UEFI binaries for Secure Boot" 
This reverts commit 40b60875d0.
 2017-03-01 18:09:53 -08:00
David Michael
828ae7b561 Revert "offline_signing: download all UEFI binaries" 
This reverts commit d91c0c398f.
 2017-03-01 18:09:53 -08:00
Benjamin Gilbert
9e1c23f3f4 grub: Set coreos.first_boot based on existence of file in ESP 
Detect first boot based on the existence of a coreos/first_boot file
in the EFI partition, and set "coreos.first_boot=detected" command line
argument when found. We use "detected" rather than "1" so the initramfs
knows that it should mount the ESP and delete the file. This lets us
defer clearing the first-boot flag until Ignition has run successfully,
without having to change the disk GUID after filesystems are mounted.

Continue detecting the first-boot disk GUID and adding the command-line
argument to randomize it, since we still want unique disk GUIDs
regardless of Ignition.
 2017-03-01 16:10:21 -08:00
Benjamin Gilbert
0b010279e0 build_image: Create /boot/coreos/first_boot 2017-03-01 15:54:05 -08:00
Euan Kemp
1186d2875a Initial checkin of docker-aci build script 2017-03-01 14:59:43 -08:00
Euan Kemp
20325a547f build_image_util: allow unchecked emerges too 
This is useful for emerges that are meant for incomplete rootfs's, such
as ACI building emerges. There are cases where the #! check is expected
to fail while doing those.
 2017-03-01 10:52:17 -08:00
Benjamin Gilbert
37d22d0ff3 Merge pull request #648 from bgilbert/sdk-version-keep 
tag_release: Semi-document "keep" argument to --sdk_version
 2017-02-27 14:19:07 -08:00
Benjamin Gilbert
7965d657c7 tag_release: Semi-document "keep" argument to --sdk_version 2017-02-27 13:48:44 -08:00
Euan Kemp
18076b8bdb Merge pull request #642 from euank/symlink-checker 
check_root: add check for broken symlinks
 2017-02-17 16:18:45 -08:00
Euan Kemp
3eea9d2701 check_root: fix lint warnings 
Per `flake8-3`'s recommendations
 2017-02-17 16:00:33 -08:00
Euan Kemp
2596099207 check_root: add check for broken symlinks 2017-02-17 15:51:31 -08:00
David Michael
1538d40fe9 Merge pull request #641 from dm0-/toolchain 
toolchain: always run gcc-config
 2017-02-17 11:38:16 -08:00
David Michael
3d68362d02 toolchain: always run gcc-config 2017-02-16 17:54:06 -08:00
David Michael
06c80eb38a Merge pull request #640 from dm0-/secure-boot 
Add Secure Boot to the offline signing process
 2017-02-06 13:32:27 -08:00
David Michael
40b60875d0 offline_signing: sign UEFI binaries for Secure Boot 2017-02-06 13:29:15 -08:00
David Michael
d91c0c398f offline_signing: download all UEFI binaries 2017-02-06 13:29:14 -08:00
Benjamin Gilbert
7bab03e772 Merge pull request #638 from bgilbert/reinject 
Add script to inject kernel/GRUB/shim
 2017-02-02 17:39:08 -08:00
Benjamin Gilbert
5541e1521e Merge pull request #639 from bgilbert/other-boards 
build_image: Correctly disable verity on unsupported boards
 2017-02-02 17:18:22 -08:00
Benjamin Gilbert
d8d7b1ee86 Merge pull request #636 from bgilbert/secure-boot 
build_image: Extract and upload GRUB/shim EFI images for signing
 2017-02-02 17:17:53 -08:00
Benjamin Gilbert
b11d3a7c1d build_image: Correctly disable verity on unsupported boards 
Fixes up missing bit from e630a36e50.
 2017-02-02 17:08:01 -08:00
Benjamin Gilbert
e65d5101cf build_image: Extract and upload GRUB/shim EFI images for signing 
On arm64, extract only GRUB, since there is no shim.  On dev builds,
extract neither.
 2017-02-02 17:00:15 -08:00
Benjamin Gilbert
f16226acb5 grub_install: Install shim in official amd64 builds 2017-02-02 16:58:52 -08:00
Benjamin Gilbert
dd3fbb8ece image_inject_bootchain: New script to inject kernel/GRUB/shim 
Add script to replace the unsigned kernel, EFI GRUB, and shim in an
image's EFI System Partition with (externally-produced) signed ones.
 2017-02-02 16:53:16 -08:00
Benjamin Gilbert
5443a101f7 build_image: Move one message to logging framework 2017-02-02 16:51:58 -08:00
David Michael
7419751493 Merge pull request #637 from dm0-/fix-verity 
Fix verity in our automated builds
 2017-02-02 16:48:11 -08:00
David Michael
e630a36e50 Revert "build_image: Remove disable_read_write variable" 
This reverts commit a7ffba9a9f.

The build_image script can build multiple formats.  When our
releases and automated builds are creating developer containers and
production images from the same command, the verity flag would be
disabled while building the container and remain disabled when building
the production image.  This resulted in no verity in all our builds.
 2017-02-02 15:08:43 -08:00
Benjamin Gilbert
8751c85494 image_set_group: Move generic setup/teardown code into a library 2017-02-02 12:51:35 -08:00