diff --git a/Dockerfile b/Dockerfile index 8f9b649..ed542eb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,6 @@ FROM amd64/golang:latest ARG TAMAGO_VERSION -ARG PROTOC_VERSION -ARG PROTOC_GEN_GO_VERSION # Install dependencies. RUN apt-get update && apt-get install -y make @@ -27,4 +25,4 @@ WORKDIR /build COPY . . -RUN make trusted_os +RUN make trusted_os_release diff --git a/Makefile b/Makefile index 8b91555..e46180b 100644 --- a/Makefile +++ b/Makefile @@ -54,15 +54,15 @@ GOFLAGS = -tags ${BUILD_TAGS} -trimpath -ldflags "-s -w -T ${TEXT_START} -E ${EN #### primary targets #### -all: trusted_os_embedded_applet witnessctl +all: trusted_os_embedded_applet_signed witnessctl elf: $(APP).elf -# This target builds the Trusted OS without signing it as it is intended to be -# used by the GCP build process and signed there. +# This target is only used for dev builds, since the proto definitions may +# change in development and require re-compilation of protos. trusted_os: APP=trusted_os trusted_os: DIR=$(CURDIR)/trusted_os -trusted_os: create_dummy_applet elf +trusted_os: create_dummy_applet proto elf trusted_os_signed: trusted_os echo "signing Trusted OS" @@ -74,10 +74,10 @@ trusted_os_signed: trusted_os ${SIGN} -S -s ${OS_PRIVATE_KEY2} -m ${CURDIR}/bin/trusted_os.elf -x ${CURDIR}/bin/trusted_os.sig2; \ fi -trusted_os_embedded_applet: APP=trusted_os -trusted_os_embedded_applet: DIR=$(CURDIR)/trusted_os -trusted_os_embedded_applet: check_os_env copy_applet elf imx -trusted_os_embedded_applet: +trusted_os_embedded_applet_signed: APP=trusted_os +trusted_os_embedded_applet_signed: DIR=$(CURDIR)/trusted_os +trusted_os_embedded_applet_signed: check_os_env copy_applet proto elf imx +trusted_os_embedded_applet_signed: echo "signing Trusted OS" @if [ "${SIGN_PWD}" != "" ]; then \ echo -e "${SIGN_PWD}\n" | ${SIGN} -S -s ${OS_PRIVATE_KEY1} -m ${CURDIR}/bin/trusted_os.elf -x ${CURDIR}/bin/trusted_os.sig1; \ @@ -93,6 +93,12 @@ witnessctl: check_tamago -ldflags "-s -w -X 'main.Build=${BUILD}' -X 'main.Revision=${REV}'" \ -o $(CURDIR)/bin/witnessctl +# This target builds the Trusted OS without signing it as it is intended to be +# used by the GCP build process and signed there. +trusted_os_release: APP=trusted_os +trusted_os_release: DIR=$(CURDIR)/trusted_os +trusted_os_release: create_dummy_applet elf + #### ARM targets #### imx: $(APP).imx @@ -173,5 +179,5 @@ qemu-gdb: #### application target #### -$(APP).elf: check_tamago proto +$(APP).elf: check_tamago cd $(DIR) && $(GOENV) $(TAMAGO) build -tags ${BUILD_TAGS} $(GOFLAGS) -o $(CURDIR)/bin/$(APP).elf diff --git a/release/cloudbuild_ci.yaml b/release/cloudbuild_ci.yaml index ee6df7e..d19bc92 100644 --- a/release/cloudbuild_ci.yaml +++ b/release/cloudbuild_ci.yaml @@ -6,10 +6,6 @@ steps: - build - --build-arg - TAMAGO_VERSION=${_TAMAGO_VERSION} - - --build-arg - - PROTOC_VERSION=${_PROTOC_VERSION} - - --build-arg - - PROTOC_GEN_GO_VERSION=${_PROTOC_GEN_GO_VERSION} - -t - builder-image # Path is relative to the root of the repo. @@ -75,8 +71,6 @@ substitutions: # Build-related. _TRUSTED_OS_BUCKET: trusted-os-artifacts-ci _TAMAGO_VERSION: '1.20.6' - _PROTOC_VERSION: '24.2' - _PROTOC_GEN_GO_VERSION: '1.28.1' _TEST_TAG_NAME: '0.1.2' # Signing-related. _REGION: europe-west2