39 lines
1.1 KiB
Bash
Executable File
39 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#
|
|
# Copyright (c) 2022 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
set -e
|
|
source $(dirname "$0")/lib/job_utils.sh
|
|
|
|
require_job_env BUILD_HOME
|
|
require_job_env BUILD_ISO
|
|
|
|
load_build_env
|
|
|
|
require_job_env SECUREBOOT_FORMAL
|
|
require_job_env SIGN_ISO_FORMAL
|
|
|
|
$BUILD_ISO || bail "BUILD_ISO=false, bailing out"
|
|
|
|
if $SECUREBOOT_FORMAL ; then
|
|
notice "signing secureboot packages"
|
|
[[ -n "$SIGNING_SERVER" ]] || die "SECUREBOOT_FORMAL requires SIGNING_SERVER"
|
|
sign_secure_boot_env="SIGNING_SERVER=${SIGNING_USER:-signing}@${SIGNING_SERVER}"
|
|
stx_docker_cmd $DRY_RUN_ARG "$sign_secure_boot_env PATH=\$MY_REPO/build-tools:\$PATH sign-secure-boot_debian"
|
|
fi
|
|
|
|
build_img_args=
|
|
# Job is configured to sign the ISO with official keys.
|
|
if $SIGN_ISO_FORMAL ; then
|
|
[[ -n "$SIGNING_SERVER" ]] || die "SIGN_ISO_FORMAL requires SIGNING_SERVER"
|
|
# Don't sign ISO with developer keys; we will sign it separately
|
|
# in sign-iso.sh
|
|
build_img_args+=" --no-sign"
|
|
fi
|
|
notice "building STD ISO"
|
|
stx_docker_cmd $DRY_RUN_ARG "build-image $build_img_args"
|