From fb650c058ca2e6558884502c3b93fa5896f22b61 Mon Sep 17 00:00:00 2001 From: Nahum Shalman Date: Tue, 12 Dec 2023 20:21:00 +0000 Subject: [PATCH] ipxe/ipxe#606: need to embed certificates Relates to: #117 Signed-off-by: Nahum Shalman --- binary/script/build_and_pr.sh | 3 +++ binary/script/build_ipxe.sh | 10 ++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/binary/script/build_and_pr.sh b/binary/script/build_and_pr.sh index 5eedfdb..fdbdc3a 100755 --- a/binary/script/build_and_pr.sh +++ b/binary/script/build_and_pr.sh @@ -6,6 +6,9 @@ set -uxo pipefail tracked_files=( "./script/build_ipxe.sh" "./script/build_and_pr.sh" + "./script/ipxe-customizations/ca.pem" + "./script/ipxe-customizations/isrgrootx1.pem" + "./script/ipxe-customizations/lets-encrypt-r3.pem" "./script/ipxe-customizations/console.h" "./script/ipxe-customizations/isa.h" "./script/ipxe-customizations/colour.h" diff --git a/binary/script/build_ipxe.sh b/binary/script/build_ipxe.sh index 7e67033..dc27c49 100755 --- a/binary/script/build_ipxe.sh +++ b/binary/script/build_ipxe.sh @@ -4,6 +4,10 @@ set -eux +#XXX Workaround for https://github.com/ipxe/ipxe/issues/606 +CERT=ca.pem,isrgrootx1.pem,lets-encrypt-r3.pem +TRUST=ca.pem,isrgrootx1.pem,lets-encrypt-r3.pem + # build_ipxe will run the make target in the upstream ipxe source # that will build an ipxe binary. function build_ipxe() { @@ -13,9 +17,9 @@ function build_ipxe() { local embed_path="$4" if [ -z "${env_opts}" ]; then - make -C "${ipxe_dir}"/src EMBED="${embed_path}" "${ipxe_bin}" + make -C "${ipxe_dir}"/src EMBED="${embed_path}" CERT="${CERT}" TRUST="${TRUST}" "${ipxe_bin}" else - make -C "${ipxe_dir}"/src "${env_opts}" EMBED="${embed_path}" "${ipxe_bin}" + make -C "${ipxe_dir}"/src "${env_opts}" EMBED="${embed_path}" CERT="${CERT}" TRUST="${TRUST}" "${ipxe_bin}" fi } @@ -43,6 +47,8 @@ function copy_common_files() { cp -a binary/script/ipxe-customizations/common.h "${ipxe_dir}"/src/config/local/ cp -a binary/script/ipxe-customizations/console.h "${ipxe_dir}"/src/config/local/ cp -a binary/script/ipxe-customizations/crypto.h "${ipxe_dir}"/src/config/local/ + #XXX Workaround for https://github.com/ipxe/ipxe/issues/606 + cp -a binary/script/ipxe-customizations/{ca.pem,isrgrootx1.pem,lets-encrypt-r3.pem} "${ipxe_dir}"/src } # copy_custom_files will copy in any custom header files based on a requested ipxe binary.