- reduce cert debug level
- manually add current Letsencrypt certs
This commit is contained in:
Peter Šurda 2022-09-20 20:47:43 +08:00
parent 343e4a5666
commit 879d196089
Signed by: PeterSurda
GPG Key ID: 3E47497CF67ABB95

View File

@ -1,5 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
LE_CERT=isrg-root-x1.pem,isrg-root-x2.pem
function clone_ipxe_upstream() { function clone_ipxe_upstream() {
local ipxe_src_dir="$1" local ipxe_src_dir="$1"
@ -47,7 +48,8 @@ function sed_enabled_ipxe_features() {
done done
echo "Downloading default iPXE CA certificate" echo "Downloading default iPXE CA certificate"
wget -O ipxe_root_ca.crt https://ipxe.org/_media/certs/ca.crt cd ipxe/src
wget https://letsencrypt.org/certs/isrg-root-x{1,2}.pem
return 0 return 0
} }
@ -82,7 +84,7 @@ function make_ipxe_lkrn() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.lkrn EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" DEBUG=x509:15 || return 2 make bin/ipxe.lkrn EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" DEBUG=x509 || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -118,7 +120,7 @@ function make_ipxe_iso() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.iso EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" DEBUG=x509:15 || return 2 make bin/ipxe.iso EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" DEBUG=x509 || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -154,7 +156,7 @@ function make_ipxe_dsk() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.usb EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2 make bin/ipxe.usb EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -190,7 +192,7 @@ function make_ipxe_pxe() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin/ipxe.pxe EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2 make bin/ipxe.pxe EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
cd "$curr" cd "$curr"
return 0 return 0
@ -230,7 +232,7 @@ function make_ipxe_efi() {
curr="$(pwd)" curr="$(pwd)"
cd "${ipxe_src_dir}/src/" || return 1 cd "${ipxe_src_dir}/src/" || return 1
make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2 make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
mv bin-x86_64-efi/ipxe.efi bin/ mv bin-x86_64-efi/ipxe.efi bin/
sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi