Apparently `local -x FOO` does not locally export an already existing
variable, but rather does some whole weird lot of nothing - it shadows
an existing variable with a new unset one, but it won't export it
until it gets assigned.
We previously did the AKV signing in the image job but temporarily
nobbled that code path while we completed the shim review.
Now the AKV signing has been split out into a separate job that will
only be invoked once changes to the jenkins-os repo have been merged.
The only thing we now need to nobble here is copying the signed shim. In
the meantime, we copy the unsigned shim instead. Revert this commit once
the shim review is complete.
We only want to do the signing in Azure, not the whole image job. This
new job downloads the unsigned image, signs it, and replaces it.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
The --extract_update option used to do exactly that, just extract the
USR-A partition for updates and no more. Now it does the same thing as
--generate_update, except it names the file flatcar_test_update.gz
rather than flatcar_production_update.gz. --generate_update is never
actually used because official update payloads are manually generated
with the generate_payload script later on.
Resolve this confusion by deduplicating the common code between them.
Any update payload produced during this stage of the build is only
useful for testing, so change --generate_update to always create
flatcar_test_update.gz. --generate_update now implies --extract_update
and both are enabled by default.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Now that the previous git clone method does not work any more with the
current eclass, we need to download source tarball directly from GitHub
archive, and specify source directory name correspondingly.
Update ue-rs mainly to update dependency crates, as well as
to address security warning around futures-util crate.
Pulls in https://github.com/flatcar/ue-rs/pull/58
- drop `pkg_postint`
- create `/etc/ssl` with tmpfiles
- continue shipping app-misc/c_rehash
- mark as stable
- drop non-used files
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
We were supposed to collect allowed users and allowed groups into
separate arrays. Due to the copy-paste mistake, we overwrote allowed
users array with allowed groups while leaving the array for allowed
groups empty, so we ended up passing only allowed groups instead of
both.
