Cert fix

- reduce cert debug level - manually add current Letsencrypt certs
2022-09-20 20:47:43 +08:00 · 2022-09-20 20:47:43 +08:00 · 879d196089
commit 879d196089
parent 343e4a5666
1 changed files with 8 additions and 6 deletions
--- a/buildbot/buildbot_steps.sh
+++ b/buildbot/buildbot_steps.sh
@ -1,5 +1,6 @@
 #!/usr/bin/env bash

+LE_CERT=isrg-root-x1.pem,isrg-root-x2.pem

 function clone_ipxe_upstream() {
    local ipxe_src_dir="$1"
@ -47,7 +48,8 @@ function sed_enabled_ipxe_features() {
    done 

    echo "Downloading default iPXE CA certificate"
-    wget -O ipxe_root_ca.crt https://ipxe.org/_media/certs/ca.crt
+    cd ipxe/src
+    wget https://letsencrypt.org/certs/isrg-root-x{1,2}.pem

    return 0
 }
@ -82,7 +84,7 @@ function make_ipxe_lkrn() {
    curr="$(pwd)"
    cd "${ipxe_src_dir}/src/" || return 1

-    make bin/ipxe.lkrn EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" DEBUG=x509:15 || return 2
+    make bin/ipxe.lkrn EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" DEBUG=x509 || return 2

    cd "$curr"
    return 0
@ -118,7 +120,7 @@ function make_ipxe_iso() {
    curr="$(pwd)"
    cd "${ipxe_src_dir}/src/" || return 1

-    make bin/ipxe.iso EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" DEBUG=x509:15 || return 2
+    make bin/ipxe.iso EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" DEBUG=x509 || return 2

    cd "$curr"
    return 0
@ -154,7 +156,7 @@ function make_ipxe_dsk() {
    curr="$(pwd)"
    cd "${ipxe_src_dir}/src/" || return 1

-    make bin/ipxe.usb EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
+    make bin/ipxe.usb EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2

    cd "$curr"
    return 0
@ -190,7 +192,7 @@ function make_ipxe_pxe() {
    curr="$(pwd)"
    cd "${ipxe_src_dir}/src/" || return 1

-    make bin/ipxe.pxe EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
+    make bin/ipxe.pxe EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2

    cd "$curr"
    return 0
@ -230,7 +232,7 @@ function make_ipxe_efi() {
    curr="$(pwd)"
    cd "${ipxe_src_dir}/src/" || return 1

-    make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="../../ipxe_root_ca.crt,${signing_cert},${ca_cert}" TRUST="../../ipxe_root_ca.crt,${ca_cert}" || return 2
+    make bin-x86_64-efi/ipxe.efi EMBED="${embed_file}" CERT="$LE_CERT,${signing_cert},${ca_cert}" TRUST="$LE_CERT,${ca_cert}" || return 2
    mv bin-x86_64-efi/ipxe.efi bin/
    sbsign --key ${efi_key} --cert ${efi_cert} --output bin/ipxe.efi bin/ipxe.efi