starlingx/tools
Code Issues Proposed changes
tools/stx/dockerfiles/stx-lat-tool.Dockerfile
Hongxu Jia ba70066c78 Debian: LAT: upgrade to 20220610 
In the new lat-sdk.sh, the shim binary for secure boot has been
updated which is signed by tis-boot key.

In other words, in the trusted chains, we only replace DB with
tis-boot, and other still use built-in certs

DB --> MOK --> Grub GPG --> kernel/initramfs/grub.cfg

In this way, the debian secure boot image could boot on the host
in which the BIOS has been inserted with tis-boot key

Test Plan:

Pass: Rebuild container lat
Pass: build-image --std
Pass: Do secure boot install on qemu

Story: 2008846
Task: 45591

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Change-Id: Ic35820beb7c911cb37dac8916bfce9e3d9a112b8
2022-06-10 23:33:11 +08:00

65 lines
2.5 KiB
Docker
Raw Blame History

# Copyright (c) 2021 Wind River Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM debian:bullseye
MAINTAINER Chen Qi <Qi.Chen@windriver.com>
ARG LAT_BINARY_RESOURCE_PATH=http://mirror.starlingx.cengn.ca/mirror/lat-sdk/lat-sdk-20220610
# Install necessary packages
RUN apt-get -y update && apt-get --no-install-recommends -y install \
python3 \
xz-utils \
file \
bzip2 \
procps \
tini \
wget \
locales-all \
python3-yaml && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
mkdir -p /opt/LAT/SDK
# Insert pubkey of the package repository
COPY stx/toCOPY/builder/pubkey.rsa /opt/LAT/
# Prepare executables
COPY stx/toCOPY/lat-tool/lat/ /opt/LAT/lat
# Download & install LAT SDK.
RUN wget --quiet ${LAT_BINARY_RESOURCE_PATH}/lat-sdk.sh --output-document=/opt/LAT/AppSDK.sh && \
chmod +x /opt/LAT/AppSDK.sh && \
/opt/LAT/AppSDK.sh -d /opt/LAT/SDK -y && \
rm -f /opt/LAT/AppSDK.sh
# Fix: Use Debian CDN address for geo-frendly servers
RUN sed -i 's/ftp.cn.debian.org/deb.debian.org/g' /opt/LAT/SDK/sysroots/x86_64-wrlinuxsdk-linux/usr/lib/python3.10/site-packages/genimage/debian_constant.py
# Fix: Align DEFAULT_INITRD_NAME with our custom names
RUN sed -i 's/debian-initramfs-ostree-image/starlingx-initramfs-ostree-image/g' /opt/LAT/SDK/sysroots/x86_64-wrlinuxsdk-linux/usr/lib/python3.10/site-packages/genimage/debian_constant.py
# Fix: Align kernel with custom starlingx kernel
RUN sed -i 's/linux-image-amd64/linux-image-5.10.0-6-amd64-unsigned/g' /opt/LAT/SDK/sysroots/x86_64-wrlinuxsdk-linux/usr/lib/python3.10/site-packages/genimage/debian_constant.py
RUN sed -i 's/Wind River Linux Graphics development .* ostree/StarlingX ostree/g' /opt/LAT/SDK/sysroots/corei7-64-wrs-linux/boot/efi/EFI/BOOT/grub.cfg
# Add vimrc
RUN mkdir /etc/vim
COPY stx/toCOPY/common/vimrc.local /etc/vim/vimrc.local
RUN chmod 0644 /etc/vim/vimrc.local
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["/opt/LAT/lat/latd"]
View Git Blame Copy Permalink