mirror of
https://github.com/containers/bootc.git
synced 2026-02-05 15:45:53 +01:00
6f69534f9b
Main goal is to reduce signing logic duplication between the systemd-boot and UKI generation. However, this quickly snowballed into wanting to actually verify by providing a custom secure boot keys to bcvk that things worked. This depends on https://github.com/bootc-dev/bcvk/pull/170 Now as part of that, I ran into what I think are bugs in pesign; this cuts things back over to using sbsign. I'll file a tracker for that separately. Finally as part of this, just remove the TMT example that builds a sealed image but doesn't actually verify it works - it's already drifted from what we do outside here. Ultimately what we need is to shift some of this into the Fedora examples and we just fetch it here anyways. Assisted-by: Claude Code (Sonnet 4.5) Signed-off-by: Colin Walters <walters@verbum.org>
26 lines
957 B
Bash
Executable File
26 lines
957 B
Bash
Executable File
#!/bin/bash
|
|
# Install bootc RPM and perform post-installation setup
|
|
set -xeuo pipefail
|
|
|
|
RPM_DIR="${1:-/tmp}"
|
|
|
|
# Install the RPM package
|
|
# Use rpm -Uvh with --oldpackage to allow replacing with dev version
|
|
rpm -Uvh --oldpackage "${RPM_DIR}"/*.rpm
|
|
# Note: we don't need to clean up the source directory since it's a bind mount
|
|
|
|
# Regenerate initramfs if we have initramfs-setup
|
|
kver=$(cd /usr/lib/modules && echo *)
|
|
# DRACUT_NO_XATTR=1 is the default in newer base images, and
|
|
# we have --add bootc here until the change to add the module in base
|
|
# images lands.
|
|
env DRACUT_NO_XATTR=1 dracut --add bootc -vf /usr/lib/modules/$kver/initramfs.img $kver
|
|
|
|
# Only in this containerfile, inject a file which signifies
|
|
# this comes from this development image. This can be used in
|
|
# tests to know we're doing upstream CI.
|
|
touch /usr/lib/.bootc-dev-stamp
|
|
|
|
# Workaround for https://github.com/bootc-dev/bootc/issues/1546
|
|
rm -rf /root/buildinfo /var/roothome/buildinfo
|