Skip to content

Commit

Permalink
Preparations for release 3.0
Browse files Browse the repository at this point in the history
* Rauc updates & install initial implementation
* Try build initrd without firmwares and kernel modules
* Shellcheck
* Use kas for dependency management
* Include intel cpu microcode update to initrd
* Include vex class
* Update dependencies
* Split modules sign and secure boot keys
* Fix tmp certificates files naming
  • Loading branch information
dimonzozo committed Oct 31, 2024
1 parent eede08f commit f818872
Show file tree
Hide file tree
Showing 24 changed files with 1,319 additions and 181 deletions.
5 changes: 4 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1 +1,4 @@
repositories/*
/build
/poky
/meta-*/
!meta-enapter-linux
4 changes: 2 additions & 2 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ variables:
DOCKER_BUILDKIT: 1
COMPOSE_HTTP_TIMEOUT: 600
BUILD_STORAGE_DIR: /home/gitlab-runner
GIT_STRATEGY: clone

Build Image:
when: manual
Expand All @@ -18,7 +19,6 @@ Build Image:
script:
- set -o allexport && source configs/versions.env && set +o allexport
- source ./bin/prepare-environments.sh
- ./bin/fetch-repositories.sh configs/repositories.conf
- docker-compose -f docker-compose-buildagent.yml run --rm intel-x86-64-build

Git Pull:
Expand All @@ -27,7 +27,7 @@ Git Pull:
tags:
- yocto
script:
- ./bin/fetch-repositories.sh configs/repositories.conf
- echo "Done."

Release:
when: manual
Expand Down
11 changes: 0 additions & 11 deletions bin/fetch-repositories.sh

This file was deleted.

57 changes: 0 additions & 57 deletions bin/git-fetch.sh

This file was deleted.

25 changes: 16 additions & 9 deletions bin/prepare-environments.sh
Original file line number Diff line number Diff line change
@@ -1,23 +1,30 @@
# SPDX-FileCopyrightText: 2024 Enapter <developers@enapter.com>
# SPDX-License-Identifier: Apache-2.0

export BB_ENV_PASSTHROUGH_ADDITIONS="$BB_ENV_PASSTHROUGH_ADDITIONS DISTRO_VERSION DL_DIR SSTATE_DIR TMPDIR SECURE_BOOT_SIGNING_KEY SECURE_BOOT_SIGNING_CERT SECURE_BOOT_SIGNING_CERT_DER"

export SECURE_BOOT_SIGNING_CERT="/home/build/secure_boot_signing/sign.crt"
export SECURE_BOOT_SIGNING_CERT="/home/build/secure_boot_signing/sign.pem"
export SECURE_BOOT_SIGNING_KEY="/home/build/secure_boot_signing/sign.key"
export SECURE_BOOT_SIGNING_CERT_DER="/home/build/secure_boot_signing/sign.cer"
export SECURE_BOOT_SIGNING_CERT_DER="/home/build/secure_boot_signing/sign.der"

export MODSIGN_SIGNING_CERT="/home/build/modules_signing/sign.pem"
export MODSIGN_SIGNING_KEY="/home/build/modules_signing/sign.key"

export RAUC_CERT="/home/build/rauc/production.pem"
export RAUC_KEY="/home/build/rauc/production.key"
export RAUC_KEYRING="/home/build/rauc/ca.cert.pem"

if [ -z "$CI_COMMIT_TAG" ]; then
export DISTRO_VERSION="${ENAPTER_LINUX_BASE_VERSION}-dev-${CI_PIPELINE_ID:-${CI_COMMIT_SHORT_SHA:-unknown}}"
else
export DISTRO_VERSION="$CI_COMMIT_TAG"
export DISTRO_VERSION="${CI_COMMIT_TAG:-$CI_COMMIT_REF_SLUG}.$CI_PIPELINE_ID"
fi

export DISTRO="enapter-industrial-linux"

export IMG_ARTIFACT_NAME="enapter-industrial-linux-${DISTRO_VERSION}.zip"
export IMG_FILE_ARTIFACT_NAME="enapter-industrial-linux-${DISTRO_VERSION}.img"
export UPDATE_ARTIFACT_NAME="enapter-industrial-linux-update-${DISTRO_VERSION}.zip"
export RAUC_UPDATE_ARTIFACT_NAME="enapter-industrial-linux-update-${DISTRO_VERSION}.raucb"
export VMDK_ARTIFACT_NAME="enapter-industrial-linux-${DISTRO_VERSION}.vmdk"

export SSTATE_DIR=/home/build/sstate-cache
export DL_DIR=/home/build/downloads
export TMPDIR=/home/build/tmp
export VEX_ARTIFACT_NAME="enapter-industrial-linux-${DISTRO_VERSION}-vex.json"
export ROOTFS_SPDX_ARTIFACT_NAME="enapter-industrial-linux-${DISTRO_VERSION}-rootfs-spdx.zip"
export INITRAMFS_SPDX_ARTIFACT_NAME="enapter-industrial-linux-${DISTRO_VERSION}-initrd-spdx.zip"
15 changes: 14 additions & 1 deletion bin/upload-artifacts.sh
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,22 @@ release_id=$(echo "$create_release_response" | jq '.id')

cd "$artifacts_dir"

sha256sum -b "$IMG_ARTIFACT_NAME" "$UPDATE_ARTIFACT_NAME" "$VMDK_ARTIFACT_NAME" > "$sha256sums_name"
sha256sum -b "$IMG_ARTIFACT_NAME" "$UPDATE_ARTIFACT_NAME" "$VMDK_ARTIFACT_NAME" "$RAUC_UPDATE_ARTIFACT_NAME" > "$sha256sums_name"

upload_asset "$release_id" "$IMG_ARTIFACT_NAME" "$IMG_ARTIFACT_NAME"
upload_asset "$release_id" "$UPDATE_ARTIFACT_NAME" "$UPDATE_ARTIFACT_NAME"
upload_asset "$release_id" "$VMDK_ARTIFACT_NAME" "$VMDK_ARTIFACT_NAME"
upload_asset "$release_id" "$RAUC_UPDATE_ARTIFACT_NAME" "$RAUC_UPDATE_ARTIFACT_NAME"
upload_asset "$release_id" "$sha256sums_name" "$sha256sums_name"

if [ -e "$VEX_ARTIFACT_NAME" ]; then
upload_asset "$release_id" "$VEX_ARTIFACT_NAME" "$VEX_ARTIFACT_NAME"
fi

if [ -e "$ROOTFS_SPDX_ARTIFACT_NAME" ]; then
upload_asset "$release_id" "$ROOTFS_SPDX_ARTIFACT_NAME" "$ROOTFS_SPDX_ARTIFACT_NAME"
fi

if [ -e "$INITRAMFS_SPDX_ARTIFACT_NAME" ]; then
upload_asset "$release_id" "$INITRAMFS_SPDX_ARTIFACT_NAME" "$INITRAMFS_SPDX_ARTIFACT_NAME"
fi
88 changes: 88 additions & 0 deletions configs/enapter-industrial-linux.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# SPDX-FileCopyrightText: 2024 Enapter <developers@enapter.com>
# SPDX-License-Identifier: Apache-2.0

header:
version: 17

distro: enapter-industrial-linux
target: enapter-industrial-linux-image
machine: intel-corei7-64

env:
DISTRO: null
DISTRO_VERSION: null
DL_DIR: /home/build/downloads
IMG_ARTIFACT_NAME: null
IMG_FILE_ARTIFACT_NAME: null
INITRAMFS_SPDX_ARTIFACT_NAME: null
MODSIGN_SIGNING_CERT: null
MODSIGN_SIGNING_KEY: null
NVDCVE_API_KEY: null
RAUC_CERT: null
RAUC_KEY: null
RAUC_KEYRING: null
RAUC_UPDATE_ARTIFACT_NAME: null
ROOTFS_SPDX_ARTIFACT_NAME: null
SECURE_BOOT_SIGNING_CERT: null
SECURE_BOOT_SIGNING_CERT_DER: null
SECURE_BOOT_SIGNING_KEY: null
SSTATE_DIR: /home/build/sstate-cache
TMPDIR: /home/build/tmp
UPDATE_ARTIFACT_NAME: null
VEX_ARTIFACT_NAME: null
VMDK_ARTIFACT_NAME: null

repos:
meta-enapter-linux:
layers:
meta-enapter-linux:

poky:
url: 'git://git.yoctoproject.org/poky.git'
tag: 'yocto-5.0.4'
patches:
patch0:
repo: meta-enapter-linux
path: configs/patches/0001-Backport-vex.bbclass-and-dependencies.patch
layers:
meta:
meta-poky:
meta-yocto-bsp:

meta-enapter:
url: 'https://github.com/enapter/meta-enapter'
branch: 'release/3.0'
layers:
meta-enapter-core:

meta-intel:
url: 'git://git.yoctoproject.org/meta-intel.git'
commit: 'c2bc8e27e9cc83654a23e8d89525fd9b1e781eb6'

meta-openembedded:
url: 'git://git.openembedded.org/meta-openembedded'
commit: '2e3126c9c16bb3df0560f6b3896d01539a3bfad7'
layers:
meta-filesystems:
meta-initramfs:
meta-networking:
meta-oe:
meta-perl:
meta-python:
meta-webserver:

meta-rauc:
url: 'https://github.com/rauc/meta-rauc.git'
commit: '1e3e6b334defd7fbf95cb43d23975e7b3de4b520'

meta-virtualization:
url: 'git://git.yoctoproject.org/meta-virtualization'
commit: '6f3c1d8f90947408a6587be222fec575a1ca5195'

local_conf_header:
10-base: |
CONF_VERSION = "2"
SPDX_PRETTY = "1"
IMAGE_FSTYPES = "wic ext4"
SKIP_META_VIRT_SANITY_CHECK = "1"
INHERIT += "rm_work vex"
Loading

0 comments on commit f818872

Please sign in to comment.