From f12b149a357390efc57869d114815c490e387cb8 Mon Sep 17 00:00:00 2001
From: Kyle MacLeod <kyle.macleod@windriver.com>
Date: Wed, 28 Jun 2023 16:13:51 -0400
Subject: [PATCH] Support gpg-verify=false for subcloud remote ostree pull

This commit supports the developer use-case of a system controller
ostree repo configured with gpg-verify=false. In such cases, the
subcloud ostree repo instances must also be configured with
gpg-verify=false, or the ostree pull will fail.

We first check if the system controller is configured with
gpg-verify=false.  If so, then the 'instgpg=0' boot parameter is added
to miniboot ISO. This will trigger the appropriate configuration in both
the miniboot kickstart and the LAT /install script.

A minor fix is also included where missing initramfs .sig files would
fail the install. Some developer builds do not contain the .sig files,
which causes remote subcloud install failures without this fix.

Test Plan:
PASS:
- Install subcloud with non-GPG signed ostree commits present on system
  controller. Ensure the ostree pull is successful on subcloud, with a
  successful install.
- Ensure normal subcloud installation is successful

Story: 2010611
Task: 48308

Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>
Change-Id: I25333f75e6592d7c8dd40f509c5316a02e366f85
---
 utilities/platform-util/scripts/gen-bootloader-iso.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/utilities/platform-util/scripts/gen-bootloader-iso.sh b/utilities/platform-util/scripts/gen-bootloader-iso.sh
index 70503ad0..affdccc4 100755
--- a/utilities/platform-util/scripts/gen-bootloader-iso.sh
+++ b/utilities/platform-util/scripts/gen-bootloader-iso.sh
@@ -205,7 +205,7 @@ function parse_arguments {
     local longopts opts
     longopts="input:,addon:,param:,default-boot:,timeout:,lock-timeout:,patches-from-iso"
     longopts="${longopts},base-url:,www-root:,id:,delete"
-    longopts="${longopts},base-url:,repack,initrd:,no-cache"
+    longopts="${longopts},repack,initrd:,no-cache"
     longopts="${longopts},boot-gateway:,boot-hostname:,boot-interface:,boot-ip:,boot-netmask:"
     longopts="${longopts},help,verbose"
 
@@ -485,6 +485,10 @@ function generate_boot_cfg {
     BOOT_ARGS_COMMON="${BOOT_ARGS_COMMON} BLM=2506 FSZ=32 BSZ=512 RSZ=20480 VSZ=20480 instdev=${instdev}"
     BOOT_ARGS_COMMON="${BOOT_ARGS_COMMON} inst_ostree_root=/dev/mapper/cgts--vg-root--lv"
     BOOT_ARGS_COMMON="${BOOT_ARGS_COMMON} inst_ostree_var=/dev/mapper/cgts--vg-var--lv"
+    if grep -q 'gpg-verify=false' "${WWW_ROOT_DIR}/ostree_repo/config"; then
+        log_info "Found gpg-verify=false, including instgpg=0"
+        BOOT_ARGS_COMMON="${BOOT_ARGS_COMMON} instgpg=0"
+    fi
     if [ -n "$VERBOSE" ]; then
         # pass this through to the miniboot.cfg kickstart to turn on debug:
         BOOT_ARGS_COMMON="${BOOT_ARGS_COMMON} debug_kickstart"
@@ -654,8 +658,9 @@ function create_miniboot_iso {
         log_info "Trimming miniboot ISO content"
         log_path_size "$BUILDDIR" "Size of extracted miniboot before trim"
         # Remove unused kernel images:
-        rm "$BUILDDIR"/{bzImage,bzImage.sig,bzImage-rt,bzImage-rt.sig}
+        rm "${BUILDDIR}"/{bzImage,bzImage-rt}
         check_rc_exit $? "failed to trim miniboot iso files"
+        rm "${BUILDDIR}"/{bzImage.sig,bzImage-rt.sig} || log_warn "failed to remove bzImage{-rt}.sig files"
         log_path_size "$BUILDDIR" "Size of extracted miniboot after trim"
     fi