Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: kernel signing cache kernels #9

Merged
merged 5 commits into from
Jul 11, 2024
Merged

feat: kernel signing cache kernels #9

merged 5 commits into from
Jul 11, 2024

Conversation

m2Giles
Copy link
Member

@m2Giles m2Giles commented Jul 11, 2024

Still need to implement the workflow changes for copying in actual key.

Thank you for contributing to the Universal Blue project!

Please read the Contributor's Guide before submitting a pull request.

bsherman
bsherman requested changes Jul 11, 2024
View reviewed changes
fetch.sh Outdated Show resolved Hide resolved
@m2Giles m2Giles marked this pull request as ready for review July 11, 2024 15:11
p5
p5 reviewed Jul 11, 2024
View reviewed changes
.github/workflows/reusable-build.yml
@@ -166,6 +166,21 @@ jobs:
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/1728152?s=200&v=4

- name: Retrieve Signing Key
if: (github.event_name == 'scheduled' || github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group') && github.event_name != 'pull_request'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't think about it now, but it might be worth having a sample signing key that runs on PRs to make it easier to debug in future

Copy link
Member

@p5 p5 Jul 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, we have signing keys added in this PR anyway. Any reason not to (at a later date) use the .test keys in this step during pull requests?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do, you can see in fetch.sh if the private-key is 0 bytes, we copy the test keys over.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ohhh, sorry. We don't need to retrieve them since they are already in the repo 🤦

p5
p5 approved these changes Jul 11, 2024
View reviewed changes
Copy link
Member

@p5 p5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks awesome!

m2Giles
m2Giles commented Jul 11, 2024
View reviewed changes
fetch.sh
fi

if [[ "${kernel_flavor}" =~ fsync ]]; then
dnf download -y \
kernel-headers-"${kernel_version}"
fi

if [[ ! -s /tmp/certs/private_key.priv ]]; then
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@p5 Here is the logic for signing during PRs.

@m2Giles m2Giles enabled auto-merge July 11, 2024 15:25
@m2Giles m2Giles added this pull request to the merge queue Jul 11, 2024
Merged via the queue into main with commit 425026e Jul 11, 2024
11 checks passed
@m2Giles m2Giles deleted the kernel-signing branch July 11, 2024 15:30
@github-actions github-actions bot mentioned this pull request Jul 11, 2024
Closed
@bsherman bsherman mentioned this pull request Jul 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@p5 p5 p5 approved these changes

@bsherman bsherman bsherman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@m2Giles @bsherman @p5