From 9f4f9f3759e178af9fedd28884815b8b92fad74e Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Fri, 25 Aug 2023 11:55:38 -0500 Subject: [PATCH] bump bootkit layer version artifacts.go is fetching a bootkit layer to update the artifacts. Move the definition of it to Makefile, and allow the caller to specify it. This is still not how it should be - trust should use the bootkit api. But then it should still allow the user to specify the version. Signed-off-by: Serge Hallyn --- Makefile | 5 ++++- cmd/trust/keyset.go | 8 +++++++- pkg/trust/artifacts.go | 4 ++-- pkg/trust/const.go | 1 + 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 4c1c82b..1278253 100644 --- a/Makefile +++ b/Makefile @@ -5,10 +5,13 @@ ifeq ($(MAIN_VERSION),$(filter $(MAIN_VERSION), "", no-git)) $(error "Bad value for MAIN_VERSION: '$(MAIN_VERSION)'") endif +BOOTKIT_VERSION ?= "v0.0.10.230825" + GO_SRC_DIRS := pkg/ cmd/ GO_SRC := $(shell find $(GO_SRC_DIRS) -name "*.go") -VERSION_LDFLAGS=-X github.com/project-machine/trust/pkg/trust.Version=$(MAIN_VERSION) +VERSION_LDFLAGS=-X github.com/project-machine/trust/pkg/trust.Version=$(MAIN_VERSION) \ + -X github.com/project-machine/trust/pkg/trust.BootkitVersion=$(BOOTKIT_VERSION) trust: .made-gofmt $(GO_SRC) go build -buildvcs=false -ldflags "$(VERSION_LDFLAGS)" -o trust ./cmd/trust/ diff --git a/cmd/trust/keyset.go b/cmd/trust/keyset.go index b630b25..55b9b68 100644 --- a/cmd/trust/keyset.go +++ b/cmd/trust/keyset.go @@ -253,6 +253,11 @@ var keysetCmd = cli.Command{ Name: "org, Org, organization", Usage: "X509-Organization field to add to certificates when generating a new keyset. (optional)", }, + cli.StringFlag{ + Name: "bootkit-version", + Usage: "Version of bootkit artifacts to use", + Value: trust.BootkitVersion, + }, }, }, { @@ -315,6 +320,7 @@ func doAddKeyset(ctx *cli.Context) error { return errors.New("Please specify keyset name") } + bootkitVersion := ctx.String("bootkit-version") Org := ctx.StringSlice("org") if Org == nil { log.Infof("X509-Organization field for new certificates not specified.") @@ -346,7 +352,7 @@ func doAddKeyset(ctx *cli.Context) error { } // Now create the bootkit artifacts - if err = trust.SetupBootkit(keysetName); err != nil { + if err = trust.SetupBootkit(keysetName, bootkitVersion); err != nil { return fmt.Errorf("Failed creating bootkit artifacts for keyset %q: (%w)", keysetName, err) } diff --git a/pkg/trust/artifacts.go b/pkg/trust/artifacts.go index 98d7c41..9f326f0 100644 --- a/pkg/trust/artifacts.go +++ b/pkg/trust/artifacts.go @@ -163,7 +163,7 @@ func UpdateShim(inShim, newShim, keysetPath string) error { return nil } -func SetupBootkit(keysetName string) error { +func SetupBootkit(keysetName, bootkitVersion string) error { // TODO - we have to fix this by // a. having bootkit generate arm64 // b. changing the bootkit layer naming to reflect arch @@ -185,7 +185,7 @@ func SetupBootkit(keysetName string) error { return errors.Wrapf(err, "couldn't find home dir") } ociDir := filepath.Join(home, ".cache", "machine", "trust", "bootkit", "oci") - bootkitLayer := "bootkit:0.0.5.230327-squashfs" + bootkitLayer := "bootkit:" + bootkitVersion + "-squashfs" EnsureDir(ociDir) cachedOci := fmt.Sprintf("oci:%s:%s", ociDir, bootkitLayer) err = lib.ImageCopy(lib.ImageCopyOpts{ diff --git a/pkg/trust/const.go b/pkg/trust/const.go index e810c38..ae0eb8d 100644 --- a/pkg/trust/const.go +++ b/pkg/trust/const.go @@ -57,3 +57,4 @@ var SBFPartitionTypeID = [16]byte{ const MiB, GiB = uint64(1024 * 1024), uint64(1024 * 1024 * 1024) var Version string +var BootkitVersion string