From 06e4a2d9ca2ba76c918014b6291aafdb7166e4c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20=C5=A0urda?= Date: Tue, 20 Sep 2022 19:28:10 +0800 Subject: [PATCH] Add iPXE root CA cert --- buildbot/buildbot_steps.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/buildbot/buildbot_steps.sh b/buildbot/buildbot_steps.sh index 92f58a9..89f32a1 100755 --- a/buildbot/buildbot_steps.sh +++ b/buildbot/buildbot_steps.sh @@ -46,6 +46,9 @@ function sed_enabled_ipxe_features() { "${ipxe_src_dir}/src/config/general.h" done + echo "Downloading default iPXE CA certificate" + wget -O ipxe_root_ca.crt https://ipxe.org/_media/certs/ca.crt + return 0 } @@ -79,7 +82,7 @@ function make_ipxe_lkrn() { curr="$(pwd)" cd "${ipxe_src_dir}/src/" || return 1 - make bin/ipxe.lkrn EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2 + make bin/ipxe.lkrn EMBED="${embed_file}" CERT="ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="ipxe_root_ca.crt,${ca_cert}" || return 2 cd "$curr" return 0 @@ -115,7 +118,7 @@ function make_ipxe_iso() { curr="$(pwd)" cd "${ipxe_src_dir}/src/" || return 1 - make bin/ipxe.iso EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2 + make bin/ipxe.iso EMBED="${embed_file}" CERT="ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="ipxe_root_ca.crt,${ca_cert}" || return 2 cd "$curr" return 0 @@ -151,7 +154,7 @@ function make_ipxe_dsk() { curr="$(pwd)" cd "${ipxe_src_dir}/src/" || return 1 - make bin/ipxe.usb EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2 + make bin/ipxe.usb EMBED="${embed_file}" CERT="ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="ipxe_root_ca.crt,${ca_cert}" || return 2 cd "$curr" return 0 @@ -187,7 +190,7 @@ function make_ipxe_pxe() { curr="$(pwd)" cd "${ipxe_src_dir}/src/" || return 1 - make bin/ipxe.pxe EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2 + make bin/ipxe.pxe EMBED="${embed_file}" CERT="ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="ipxe_root_ca.crt,${ca_cert}" || return 2 cd "$curr" return 0 @@ -227,7 +230,7 @@ function make_ipxe_efi() { curr="$(pwd)" cd "${ipxe_src_dir}/src/" || return 1 - make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="${signing_cert},${ca_cert}" TRUST="${ca_cert}" || return 2 + make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="ipxe_root_ca.crt,${ca_cert}" || return 2 mv bin-x86_64-efi/ipxe.efi bin/ sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi