Skip to content

Commit

Permalink
feat: Add kernel signer to sign Fedora kernel with ublue's keys for s…
Browse files Browse the repository at this point in the history
…ecure boot (ublue-os#1404)
  • Loading branch information
KyleGospo authored Jun 18, 2024
1 parent 71725b9 commit d709382
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/reusable-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -144,14 +144,18 @@ jobs:
if [[ "$IS_LATEST_VERSION" == "true" ]] && \
[[ "$IS_STABLE_VERSION" == "true" ]]; then
BUILD_TAGS+=("testing")
echo "DEFAULT_TAG=testing" >> $GITHUB_ENV
elif [[ "$IS_GTS_VERSION" == "true" ]]; then
BUILD_TAGS+=("gts-testing")
echo "DEFAULT_TAG=gts-testing" >> $GITHUB_ENV
fi
elif [[ "$IS_LATEST_VERSION" == "true" ]] && \
[[ "$IS_STABLE_VERSION" == "true" ]]; then
BUILD_TAGS+=("latest")
echo "DEFAULT_TAG=latest" >> $GITHUB_ENV
elif [[ "$IS_GTS_VERSION" == "true" ]]; then
BUILD_TAGS+=("gts")
echo "DEFAULT_TAG=gts" >> $GITHUB_ENV
fi
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
Expand Down Expand Up @@ -221,6 +225,16 @@ jobs:
extra-args: |
--target=${{ env.TARGET_NAME }}
- name: Sign kernel
uses: ublue-os/[email protected]
with:
image: ${{ steps.build_image.outputs.image }}
default-tag: ${{ env.DEFAULT_TAG }}
privkey: ${{ secrets.AKMOD_PRIVKEY_20230518 }}
pubkey: /etc/pki/akmods/certs/akmods-ublue.der
tags: ${{ steps.build_image.outputs.tags }}
strip: false

# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
Expand Down

0 comments on commit d709382

Please sign in to comment.