Update secure-boot script paths
This commit updates the sign-secure-boot_debian script to use the env variables instead of paths. Story: 2009221 Task: 47097 Signed-off-by: Luis Sampaio <luis.sampaio@windriver.com> Change-Id: Ie44deb905bf23afb0a000f2eccc1cdf5d1469054
This commit is contained in:
parent
5230eb48f5
commit
7f072e4462
@ -31,7 +31,7 @@ if [ -z "${SIGNING_SERVER}" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Get shim deb version number.
|
# Get shim deb version number.
|
||||||
SHIM_DEB=$(ls /localdisk/loadbuild/${USER}/stx/std/shim/shim-unsigned_*_amd64.deb)
|
SHIM_DEB=$(ls ${MY_WORKSPACE}/std/shim/shim-unsigned_*_amd64.deb)
|
||||||
SHIM_DEB=${SHIM_DEB##*/}
|
SHIM_DEB=${SHIM_DEB##*/}
|
||||||
if [ -z "${SHIM_DEB}" ]; then
|
if [ -z "${SHIM_DEB}" ]; then
|
||||||
echo "No shim-unsigned deb!"
|
echo "No shim-unsigned deb!"
|
||||||
@ -44,7 +44,7 @@ if [ -z "${SHIM_VERSION}" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Get grub-efi deb version number.
|
# Get grub-efi deb version number.
|
||||||
GRUB_EFI_DEB=$(ls /localdisk/loadbuild/${USER}/stx/std/grub-efi/grub-efi-amd64_*_amd64.deb)
|
GRUB_EFI_DEB=$(ls ${MY_WORKSPACE}/std/grub-efi/grub-efi-amd64_*_amd64.deb)
|
||||||
GRUB_EFI_DEB=${GRUB_EFI_DEB##*/}
|
GRUB_EFI_DEB=${GRUB_EFI_DEB##*/}
|
||||||
if [ -z "${GRUB_EFI_DEB}" ]; then
|
if [ -z "${GRUB_EFI_DEB}" ]; then
|
||||||
echo "No grub-efi-amd64 deb!"
|
echo "No grub-efi-amd64 deb!"
|
||||||
@ -68,7 +68,7 @@ if [ -z "${UPLOAD_PATH}" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
echo "***(1) Start signing shim***"
|
echo "***(1) Start signing shim***"
|
||||||
cd /localdisk/loadbuild/${USER}/stx/std/shim
|
cd ${MY_WORKSPACE}/std/shim
|
||||||
ls sign > /dev/null && echo "Removing old sign folder!" && sudo rm sign -rf
|
ls sign > /dev/null && echo "Removing old sign folder!" && sudo rm sign -rf
|
||||||
mkdir sign
|
mkdir sign
|
||||||
cp shim-unsigned_${SHIM_VERSION}_amd64.deb ./sign \
|
cp shim-unsigned_${SHIM_VERSION}_amd64.deb ./sign \
|
||||||
@ -112,7 +112,7 @@ repo_manage.py upload_pkg -r deb-local-build -p ./shim-unsigned_${SHIM_VERSION}_
|
|||||||
echo "***Finish signing shim***"
|
echo "***Finish signing shim***"
|
||||||
|
|
||||||
echo "***(2) Start signing grub***"
|
echo "***(2) Start signing grub***"
|
||||||
cd /localdisk/loadbuild/${USER}/stx/std/grub-efi
|
cd ${MY_WORKSPACE}/std/grub-efi
|
||||||
ls sign > /dev/null && echo "Removing old sign folder!" && sudo rm sign -rf
|
ls sign > /dev/null && echo "Removing old sign folder!" && sudo rm sign -rf
|
||||||
mkdir sign
|
mkdir sign
|
||||||
cp grub-efi-amd64_${GRUB_EFI_VERSION}_amd64.deb ./sign \
|
cp grub-efi-amd64_${GRUB_EFI_VERSION}_amd64.deb ./sign \
|
||||||
@ -146,11 +146,11 @@ echo "***Finish signing grub***"
|
|||||||
|
|
||||||
echo "***(3) Prepare gpg signing for lat genimage***"
|
echo "***(3) Prepare gpg signing for lat genimage***"
|
||||||
# The gpg signings are done when build-image. Here prepare the setting file for lat.
|
# The gpg signings are done when build-image. Here prepare the setting file for lat.
|
||||||
YAML_FILE=/localdisk/designer/${USER}/stx/stx-tools/debian-mirror-tools/config/debian/common/base-bullseye.yaml
|
YAML_FILE=${MY_REPO_ROOT_DIR}/stx-tools/debian-mirror-tools/config/debian/common/base-bullseye.yaml
|
||||||
# Definition for signing part of rootfs-post-scripts, which is used to sign kernel std/rt images and LockDown.efi.
|
# Definition for signing part of rootfs-post-scripts, which is used to sign kernel std/rt images and LockDown.efi.
|
||||||
ROOTFS_SIGNING_FILE=/localdisk/designer/${USER}/stx/cgcs-root/build-tools/sign_rootfs-post-scripts
|
ROOTFS_SIGNING_FILE=${MY_REPO_ROOT_DIR}/cgcs-root/build-tools/sign_rootfs-post-scripts
|
||||||
# Definition for initramfs-sign-script, which is used to sign initramfs and mini initrd.
|
# Definition for initramfs-sign-script, which is used to sign initramfs and mini initrd.
|
||||||
INITRAMFS_SIGNING_FILE=/localdisk/designer/${USER}/stx/cgcs-root/build-tools/sign_initramfs-sign-script
|
INITRAMFS_SIGNING_FILE=${MY_REPO_ROOT_DIR}/cgcs-root/build-tools/sign_initramfs-sign-script
|
||||||
|
|
||||||
# Enable secure boot when building for secure boot.
|
# Enable secure boot when building for secure boot.
|
||||||
sed -i "s/EFI_SECURE_BOOT: disable/EFI_SECURE_BOOT: enable/g" ${YAML_FILE}
|
sed -i "s/EFI_SECURE_BOOT: disable/EFI_SECURE_BOOT: enable/g" ${YAML_FILE}
|
||||||
|
Loading…
Reference in New Issue
Block a user