77 lines
1.9 KiB
Bash
77 lines
1.9 KiB
Bash
|
#!/usr/bin/env bash
|
||
|
|
||
|
set -euxo pipefail
|
||
|
|
||
|
if [ -z "$1" ]; then
|
||
|
$0 setup-builddeps
|
||
|
$0 setup-secureboot
|
||
|
$0 build-packages
|
||
|
$0 sign-packages
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
dnf()
|
||
|
{
|
||
|
command dnf -y "$@"
|
||
|
}
|
||
|
|
||
|
case "$1" in
|
||
|
setup-builddeps)
|
||
|
# Setup build environment
|
||
|
dnf distro-sync
|
||
|
dnf install @rpm-development-tools git rpm-sign
|
||
|
|
||
|
# Install build dependencies
|
||
|
dnf builddep kernel
|
||
|
|
||
|
# Install additional build dependencies
|
||
|
dnf install sbsigntools
|
||
|
;;
|
||
|
setup-secureboot)
|
||
|
if [ -z "${SB_KEY:-}" ]; then
|
||
|
echo "WARNING: No secureboot key configured, skipping signing."
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
# Install the surface secureboot certificate
|
||
|
echo "${SB_KEY}" | base64 -d > pkg/fedora/kernel-surface/secureboot/MOK.key
|
||
|
cp pkg/keys/surface.crt pkg/fedora/kernel-surface/secureboot/MOK.crt
|
||
|
;;
|
||
|
build-packages)
|
||
|
pushd pkg/fedora/kernel-surface || exit 1
|
||
|
|
||
|
# setup git
|
||
|
git config --global user.name "surfacebot"
|
||
|
git config --global user.email "surfacebot@users.noreply.github.com"
|
||
|
|
||
|
# Build source RPM packages
|
||
|
python3 build-linux-surface.py --mode srpm --ark-dir kernel-ark --outdir srpm
|
||
|
|
||
|
# Remove the kernel-ark tree to get as much free disk space as possible
|
||
|
rm -rf kernel-ark
|
||
|
|
||
|
# Build binary RPM packages
|
||
|
find srpm -name '*.src.rpm' -type f -exec rpmbuild -rb \
|
||
|
--define "_topdir ${PWD}/rpmbuild" --define "_rpmdir ${PWD}/out" {} \;
|
||
|
|
||
|
popd || exit 1
|
||
|
;;
|
||
|
sign-packages)
|
||
|
if [ -z "${GPG_KEY:-}" ] || [ -z "${GPG_KEY_ID:-}" ]; then
|
||
|
echo "WARNING: No GPG key configured, skipping signing."
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
pushd pkg/fedora/kernel-surface/out/x86_64 || exit 1
|
||
|
|
||
|
# import GPG key
|
||
|
echo "${GPG_KEY}" | base64 -d | gpg --import --no-tty --batch --yes
|
||
|
|
||
|
# sign packages
|
||
|
find . -name '*.rpm' -type f -exec \
|
||
|
rpm --resign {} --define "_gpg_name ${GPG_KEY_ID}" \;
|
||
|
|
||
|
popd || exit 1
|
||
|
;;
|
||
|
esac
|