WIP: osbuild: add support for qemu-secex localbuild #3764
Conversation
There was a problem hiding this comment.
I don't feel qualified to comment on the osbuild part, though i looked over it and i did not find anything that looked wrong to me.
One question, how is the naming scheme of the patch files, since normally i would expect the numbers to show the order they need to be applied in and for them to unique? But here is see 0001 is used twice?
src/cmd-buildextend-metal
Outdated
| elif [[ -f "${hostkey}" ]]; then | ||
| OSBUILD_SUPPORTED=1 | ||
| osbuild_mpp_config="coreos.osbuild.s390x.secex.mpp.yaml" | ||
| osbuild_extra_args+=("--pubkey" "${ignition_pubkey}") |
There was a problem hiding this comment.
I'm not that knowledgeable about how osbuild works and is implemented, but shouldn't the hostkey also be added here somewhere? Otherwise how does it know where the hostkey is for signing later?
There was a problem hiding this comment.
I think you're right. It looks like the template is assuming it's at /srv/secex-hostkey?
they are written to stdout using |
| @@ -0,0 +1,115 @@ | |||
| # This file defines the artifact to be used for the qemu platform. | |||
src/runvm-osbuild
Outdated
| @@ -11,6 +11,7 @@ Options: | |||
| --help: show this help | |||
| --mpp: the path to the OSBuild mpp.yaml file | |||
| --filepath: where to write the created image file | |||
| --pubkey: where to write the created Ignition GPG public key | |||
There was a problem hiding this comment.
Feels like this should be more specific, e.g. --secex-ign-pubkey.
src/cmd-buildextend-metal
Outdated
| elif [[ -f "${hostkey}" ]]; then | ||
| OSBUILD_SUPPORTED=1 | ||
| osbuild_mpp_config="coreos.osbuild.s390x.secex.mpp.yaml" | ||
| osbuild_extra_args+=("--pubkey" "${ignition_pubkey}") |
There was a problem hiding this comment.
I think you're right. It looks like the template is assuming it's at /srv/secex-hostkey?
| cloud_image_size_mb: $cloud_image_size_mb | ||
| bios_boot_size_mb: 1 | ||
| ppc_prep_size_mb: 4 | ||
| reserved_part_size_mb: 1 |
There was a problem hiding this comment.
yep, i tried to make secex.mpp and s390x.mpp similar. But can drop those vars
…ion GPG public key
|
@nikita-dubrovskii: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Discussion also goes in: dustymabe/osbuild#22