forked from Sysdeploy/ipxe_scripts
Cert fix
- reduce cert debug level - manually add current Letsencrypt certs
This commit is contained in:
parent
343e4a5666
commit
879d196089
|
@ -1,5 +1,6 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
LE_CERT=isrg-root-x1.pem,isrg-root-x2.pem
|
||||||
|
|
||||||
function clone_ipxe_upstream() {
|
function clone_ipxe_upstream() {
|
||||||
local ipxe_src_dir="$1"
|
local ipxe_src_dir="$1"
|
||||||
|
@ -47,7 +48,8 @@ function sed_enabled_ipxe_features() {
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "Downloading default iPXE CA certificate"
|
echo "Downloading default iPXE CA certificate"
|
||||||
wget -O ipxe_root_ca.crt https://ipxe.org/_media/certs/ca.crt
|
cd ipxe/src
|
||||||
|
wget https://letsencrypt.org/certs/isrg-root-x{1,2}.pem
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
@ -82,7 +84,7 @@ function make_ipxe_lkrn() {
|
||||||
curr="$(pwd)"
|
curr="$(pwd)"
|
||||||
cd "${ipxe_src_dir}/src/" || return 1
|
cd "${ipxe_src_dir}/src/" || return 1
|
||||||
|
|
||||||
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" DEBUG=x509:15 || return 2
|
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" DEBUG=x509 || return 2
|
||||||
|
|
||||||
cd "$curr"
|
cd "$curr"
|
||||||
return 0
|
return 0
|
||||||
|
@ -118,7 +120,7 @@ function make_ipxe_iso() {
|
||||||
curr="$(pwd)"
|
curr="$(pwd)"
|
||||||
cd "${ipxe_src_dir}/src/" || return 1
|
cd "${ipxe_src_dir}/src/" || return 1
|
||||||
|
|
||||||
make bin/ipxe.iso EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" DEBUG=x509:15 || return 2
|
make bin/ipxe.iso EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" DEBUG=x509 || return 2
|
||||||
|
|
||||||
cd "$curr"
|
cd "$curr"
|
||||||
return 0
|
return 0
|
||||||
|
@ -154,7 +156,7 @@ function make_ipxe_dsk() {
|
||||||
curr="$(pwd)"
|
curr="$(pwd)"
|
||||||
cd "${ipxe_src_dir}/src/" || return 1
|
cd "${ipxe_src_dir}/src/" || return 1
|
||||||
|
|
||||||
make bin/ipxe.usb EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
|
make bin/ipxe.usb EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
|
||||||
|
|
||||||
cd "$curr"
|
cd "$curr"
|
||||||
return 0
|
return 0
|
||||||
|
@ -190,7 +192,7 @@ function make_ipxe_pxe() {
|
||||||
curr="$(pwd)"
|
curr="$(pwd)"
|
||||||
cd "${ipxe_src_dir}/src/" || return 1
|
cd "${ipxe_src_dir}/src/" || return 1
|
||||||
|
|
||||||
make bin/ipxe.pxe EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
|
make bin/ipxe.pxe EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
|
||||||
|
|
||||||
cd "$curr"
|
cd "$curr"
|
||||||
return 0
|
return 0
|
||||||
|
@ -230,7 +232,7 @@ function make_ipxe_efi() {
|
||||||
curr="$(pwd)"
|
curr="$(pwd)"
|
||||||
cd "${ipxe_src_dir}/src/" || return 1
|
cd "${ipxe_src_dir}/src/" || return 1
|
||||||
|
|
||||||
make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
|
make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
|
||||||
mv bin-x86_64-efi/ipxe.efi bin/
|
mv bin-x86_64-efi/ipxe.efi bin/
|
||||||
sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi
|
sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user