All of lore.kernel.org
 help / color / mirror / Atom feed
* [cip-dev][isar-cip-core][RFC PATCH] kas/opt/ebg-secure-boot-*: Make Backports for OVMF version depended
@ 2021-12-17 14:22 Q. Gylstorff
  2021-12-17 14:34 ` Jan Kiszka
  0 siblings, 1 reply; 2+ messages in thread
From: Q. Gylstorff @ 2021-12-17 14:22 UTC (permalink / raw)
  To: cip-dev, jan.kiszka, srinuvasan.a

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

For Debian Buster we need to backport a new version of the OVMF package
with contains the necessary option for secureboot with qemu.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 kas/opt/ebg-secure-boot-base.yml     | 6 ++++++
 kas/opt/ebg-secure-boot-snakeoil.yml | 4 ----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
index 8f769b6..5a3d751 100644
--- a/kas/opt/ebg-secure-boot-base.yml
+++ b/kas/opt/ebg-secure-boot-base.yml
@@ -19,3 +19,9 @@ local_conf_header:
     IMAGE_INSTALL += "initramfs-abrootfs-secureboot"
     SWU_DESCRIPTION = "secureboot"
     SWUPDATE_ROUND_ROBIN_HANDLER_CONFIG = "secureboot/swupdate.handler.${SWUPDATE_BOOTLOADER}.ini"
+
+  ovmf: |
+    # snakeoil certs are only part of backports, for Debian 11 and later the are not necessary
+    OVERRIDES_append = ":${BASE_DISTRO_CODENAME}"
+    DISTRO_APT_SOURCES_append_buster = " conf/distro/debian-buster-backports.list"
+    DISTRO_APT_PREFERENCES_append_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 807b0d7..9a3ff94 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -32,7 +32,3 @@ local_conf_header:
     IMAGER_BUILD_DEPS += "ebg-secure-boot-snakeoil ovmf-binaries"
     IMAGER_INSTALL += "ebg-secure-boot-snakeoil"
 
-  ovmf: |
-    # snakeoil certs are only part of backports
-    DISTRO_APT_SOURCES_append = " conf/distro/debian-buster-backports.list"
-    DISTRO_APT_PREFERENCES_append = " conf/distro/preferences.ovmf-snakeoil.conf"
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [cip-dev][isar-cip-core][RFC PATCH] kas/opt/ebg-secure-boot-*: Make Backports for OVMF version depended
  2021-12-17 14:22 [cip-dev][isar-cip-core][RFC PATCH] kas/opt/ebg-secure-boot-*: Make Backports for OVMF version depended Q. Gylstorff
@ 2021-12-17 14:34 ` Jan Kiszka
  0 siblings, 0 replies; 2+ messages in thread
From: Jan Kiszka @ 2021-12-17 14:34 UTC (permalink / raw)
  To: Q. Gylstorff, cip-dev, srinuvasan.a

On 17.12.21 15:22, Q. Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> For Debian Buster we need to backport a new version of the OVMF package
> with contains the necessary option for secureboot with qemu.
> 
> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> ---
>  kas/opt/ebg-secure-boot-base.yml     | 6 ++++++
>  kas/opt/ebg-secure-boot-snakeoil.yml | 4 ----
>  2 files changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
> index 8f769b6..5a3d751 100644
> --- a/kas/opt/ebg-secure-boot-base.yml
> +++ b/kas/opt/ebg-secure-boot-base.yml
> @@ -19,3 +19,9 @@ local_conf_header:
>      IMAGE_INSTALL += "initramfs-abrootfs-secureboot"
>      SWU_DESCRIPTION = "secureboot"
>      SWUPDATE_ROUND_ROBIN_HANDLER_CONFIG = "secureboot/swupdate.handler.${SWUPDATE_BOOTLOADER}.ini"
> +
> +  ovmf: |
> +    # snakeoil certs are only part of backports, for Debian 11 and later the are not necessary

Why moving this block here? It talks about "snakeoil", but the related
file for that is below?

> +    OVERRIDES_append = ":${BASE_DISTRO_CODENAME}"
> +    DISTRO_APT_SOURCES_append_buster = " conf/distro/debian-buster-backports.list"
> +    DISTRO_APT_PREFERENCES_append_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
> diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
> index 807b0d7..9a3ff94 100644
> --- a/kas/opt/ebg-secure-boot-snakeoil.yml
> +++ b/kas/opt/ebg-secure-boot-snakeoil.yml
> @@ -32,7 +32,3 @@ local_conf_header:
>      IMAGER_BUILD_DEPS += "ebg-secure-boot-snakeoil ovmf-binaries"
>      IMAGER_INSTALL += "ebg-secure-boot-snakeoil"
>  
> -  ovmf: |
> -    # snakeoil certs are only part of backports
> -    DISTRO_APT_SOURCES_append = " conf/distro/debian-buster-backports.list"
> -    DISTRO_APT_PREFERENCES_append = " conf/distro/preferences.ovmf-snakeoil.conf"
> 

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-17 14:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-17 14:22 [cip-dev][isar-cip-core][RFC PATCH] kas/opt/ebg-secure-boot-*: Make Backports for OVMF version depended Q. Gylstorff
2021-12-17 14:34 ` Jan Kiszka

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.