Adapt to new secureboot signing code

1) Register an ssh-key allowing access to the signing server from within LAT. 2) Provide a means to bypass poat iso build signing, as the signing should have oddured within LAT. Story: 2009221 Task: 47358 Signed-off-by: Scott Little <scott.little@windriver.com> Change-Id: If450ed2f67ef3e094f8370d9857c8bdf506a9571
2023-03-07 16:26:21 -05:00 · 2023-03-07 16:26:21 -05:00 · 186fc0af4c
parent e3c8a01e58
commit 186fc0af4c
3 changed files with 15 additions and 0 deletions
--- a/pipelines/monolithic.Jenkinsfile
+++ b/pipelines/monolithic.Jenkinsfile
@ -163,6 +163,9 @@ pipeline {
        booleanParam (
            name: 'BUILD_ISO'
        )
+        booleanParam (
+            name: 'POST_ISO_SIGNING'
+        )
        booleanParam (
            name: 'BUILD_RT'
        )
--- a/pipelines/parts/build-iso.Jenkinsfile
+++ b/pipelines/parts/build-iso.Jenkinsfile
@ -43,6 +43,9 @@ pipeline {
        booleanParam (
            name: 'BUILD_ISO'
        )
+        booleanParam (
+            name: 'POST_ISO_SIGNING'
+        )
    }
    stages {
        stage ("build-iso") {
@ -51,6 +54,7 @@ pipeline {
            }
        }
        stage ("sign-iso") {
+            when { expression { params.POST_ISO_SIGNING } }
            steps {
                sh ("${Constants.SCRIPTS_DIR}/sign-iso.sh")
            }
--- a/scripts/start-containers.sh
+++ b/scripts/start-containers.sh
@ -39,6 +39,14 @@ while [[ "$(stx control status | grep -i running | wc -l)" -lt 6 ]] ; do
 done
 stx control status

+# Add ssh access key to signing server
+if [ -f ~/.ssh/id_rsa ]; then
+    notice "Registering signing server access key"
+    stx control keys-add --key-type=signing-server --key=~/.ssh/id_rsa
+else
+    notice "Signing server access key not found"
+fi
+
 # finish setup
 stx build prepare