[isar-cip-core][RFC PATCH] kas/opt/ebg-secure-boot-*: Make Backports for OVMF version depended


Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

For Debian Buster we need to backport a new version of the OVMF package
with contains the necessary option for secureboot with qemu.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas/opt/ebg-secure-boot-base.yml | 6 ++++++
kas/opt/ebg-secure-boot-snakeoil.yml | 4 ----
2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
index 8f769b6..5a3d751 100644
--- a/kas/opt/ebg-secure-boot-base.yml
+++ b/kas/opt/ebg-secure-boot-base.yml
@@ -19,3 +19,9 @@ local_conf_header:
IMAGE_INSTALL += "initramfs-abrootfs-secureboot"
SWU_DESCRIPTION = "secureboot"
SWUPDATE_ROUND_ROBIN_HANDLER_CONFIG = "secureboot/swupdate.handler.${SWUPDATE_BOOTLOADER}.ini"
+
+ ovmf: |
+ # snakeoil certs are only part of backports, for Debian 11 and later the are not necessary
+ OVERRIDES_append = ":${BASE_DISTRO_CODENAME}"
+ DISTRO_APT_SOURCES_append_buster = " conf/distro/debian-buster-backports.list"
+ DISTRO_APT_PREFERENCES_append_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 807b0d7..9a3ff94 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -32,7 +32,3 @@ local_conf_header:
IMAGER_BUILD_DEPS += "ebg-secure-boot-snakeoil ovmf-binaries"
IMAGER_INSTALL += "ebg-secure-boot-snakeoil"

- ovmf: |
- # snakeoil certs are only part of backports
- DISTRO_APT_SOURCES_append = " conf/distro/debian-buster-backports.list"
- DISTRO_APT_PREFERENCES_append = " conf/distro/preferences.ovmf-snakeoil.conf"
--
2.34.1


Jan Kiszka
 

On 17.12.21 15:22, Q. Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

For Debian Buster we need to backport a new version of the OVMF package
with contains the necessary option for secureboot with qemu.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...>
---
kas/opt/ebg-secure-boot-base.yml | 6 ++++++
kas/opt/ebg-secure-boot-snakeoil.yml | 4 ----
2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/kas/opt/ebg-secure-boot-base.yml b/kas/opt/ebg-secure-boot-base.yml
index 8f769b6..5a3d751 100644
--- a/kas/opt/ebg-secure-boot-base.yml
+++ b/kas/opt/ebg-secure-boot-base.yml
@@ -19,3 +19,9 @@ local_conf_header:
IMAGE_INSTALL += "initramfs-abrootfs-secureboot"
SWU_DESCRIPTION = "secureboot"
SWUPDATE_ROUND_ROBIN_HANDLER_CONFIG = "secureboot/swupdate.handler.${SWUPDATE_BOOTLOADER}.ini"
+
+ ovmf: |
+ # snakeoil certs are only part of backports, for Debian 11 and later the are not necessary
Why moving this block here? It talks about "snakeoil", but the related
file for that is below?

+ OVERRIDES_append = ":${BASE_DISTRO_CODENAME}"
+ DISTRO_APT_SOURCES_append_buster = " conf/distro/debian-buster-backports.list"
+ DISTRO_APT_PREFERENCES_append_buster = " conf/distro/preferences.ovmf-snakeoil.conf"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 807b0d7..9a3ff94 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -32,7 +32,3 @@ local_conf_header:
IMAGER_BUILD_DEPS += "ebg-secure-boot-snakeoil ovmf-binaries"
IMAGER_INSTALL += "ebg-secure-boot-snakeoil"

- ovmf: |
- # snakeoil certs are only part of backports
- DISTRO_APT_SOURCES_append = " conf/distro/debian-buster-backports.list"
- DISTRO_APT_PREFERENCES_append = " conf/distro/preferences.ovmf-snakeoil.conf"
Jan

--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux