search

coreos / coreos-assembler

Tooling container to assemble CoreOS-like systems
https://coreos.github.io/coreos-assembler/
Apache License 2.0
347 stars 168 forks source link

qemu-secex: improve localbuild #3927

Closed nikita-dubrovskii closed 2 weeks ago

nikita-dubrovskii commented 3 weeks ago

Automatically generates genprotimgvm during build, when official one is not available and/or there is no so-called "IBM Universal Hostkey". Main goal is to support local/custom build of qemu-secex target. Assuming there is a valid hostkey, now it's possible to generate coreos.qemu-secex.qcow2 just by running: 

cosa cmd-buildextend-secex --hostkey /srv/HKD-dev.crt

If later there is a need to build some other variant, user can use previously generated genprotimgvm:

cosa buildextend-secex --force --genprotimgvm /srv/fake-secure-vm.qcow2
dustymabe commented 2 weeks ago

hey @nikita-dubrovskii - if possible can we hold this until https://github.com/coreos/coreos-assembler/pull/3930 merges?

There are a bunch of changes in there, including moving code in buildextend-metal around quite a bit and I'd prefer not to have to do merges conflict resolution for all of those commits.

nikita-dubrovskii commented 2 weeks ago

hey @nikita-dubrovskii - if possible can we hold this until #3930 merges?

There are a bunch of changes in there, including moving code in buildextend-metal around quite a bit and I'd prefer not to have to do merges conflict resolution for all of those commits.

No worries, this can wait. Mind a review?

dustymabe commented 2 weeks ago

No worries, this can wait. Mind a review?

The other PR merged now. You'll need to put this logic inside cmd-osbuild now.

dustymabe commented 2 weeks ago

genprotimg.bu: add coreos-genprotimg-generator

This fixes an issue when during firstboot system tried to mount genprotimg partition.

I'm trying to figure out why it was trying to mount on first boot with the units that existed before this change.. Does ConditionKernelCommandLine=!ignition.firstboot not work on a .mount unit?

nikita-dubrovskii commented 2 weeks ago

genprotimg.bu: add coreos-genprotimg-generator This fixes an issue when during firstboot system tried to mount genprotimg partition.

I'm trying to figure out why it was trying to mount on first boot with the units that existed before this change.. Does ConditionKernelCommandLine=!ignition.firstboot not work on a .mount unit?

It doesn't. As i got from docs - generator with condition(s) should be used.