Li Zhou 8171154a6b secure boot: move pub key to git repo
New git repo cgcs-root/public-keys is available now for public
keys used in secure boot process.
This commit moves the keys from integ to the git repo.
Keys involved:
  boot_pub_key
  tis-boot.crt
  tis-shim.der

For grub-efi, the "src_files" in meta_data.yaml can't cause
the files copied to source code dir when "dl_hook" exists.
So remove the useless "src_files" settings here.

Test plan:
  The tests are done with all the changes which involve
public-keys/integ/root repos for this enhancement about pub keys.
 - PASS: rebuild gurb-efi/efitools/shim packages;
 - PASS: follow the process to build iso image for secure boot;
 - PASS: installation test on AIO-DX lab with secure boot enabled.

Story: 2009221
Task: 47358

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: I8cde2acfbe90872151f871c3e01a0e45ad8c4c6c
2023-02-14 01:03:04 -05:00

43 lines
1.2 KiB
Bash
Executable File

#!/bin/bash
#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. The ASF licenses this
# file to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# The only parameter is the name of the folder where the source code
# is extracted to. Pay attention to that the extracted package should
# be put at the same path where this script is located.
# Tools needed: tar
tar xvf grub2_2.06.orig.tar.xz
if [ $? -ne 0 ]
then
echo "tar failed: orig source!"
exit 1
fi
mv grub-2.06 $1
cd $1
tar xvf ../grub2_2.06-1.debian.tar.xz
if [ $? -ne 0 ]
then
echo "tar failed: debian folder!"
exit 1
fi
cp ../local_debian/files/* ./
cp ${MY_REPO}/public-keys/boot_pub_key ./