Upgrade images to Fedora 37

This commit is contained in:
Malte Poll 2022-11-17 12:12:00 +01:00 committed by Malte Poll
parent 56dccb77b4
commit 239b9f6c26
5 changed files with 42 additions and 42 deletions

View File

@ -158,9 +158,9 @@ runs:
echo "region=eu-central-1" >> $GITHUB_OUTPUT echo "region=eu-central-1" >> $GITHUB_OUTPUT
echo "replicationRegions=us-east-2 ap-south-1" >> $GITHUB_OUTPUT echo "replicationRegions=us-east-2 ap-south-1" >> $GITHUB_OUTPUT
echo "bucket=constellation-images" >> $GITHUB_OUTPUT echo "bucket=constellation-images" >> $GITHUB_OUTPUT
echo "efivarsPath=${basePath}/mkosi.output.aws/fedora~36/efivars.bin" >> $GITHUB_OUTPUT echo "efivarsPath=${basePath}/mkosi.output.aws/fedora~37/efivars.bin" >> $GITHUB_OUTPUT
echo "imagePath=${basePath}/mkosi.output.aws/fedora~36/image.raw" >> $GITHUB_OUTPUT echo "imagePath=${basePath}/mkosi.output.aws/fedora~37/image.raw" >> $GITHUB_OUTPUT
echo "jsonOutput=${basePath}/mkosi.output.aws/fedora~36/image-upload.json" >> $GITHUB_OUTPUT echo "jsonOutput=${basePath}/mkosi.output.aws/fedora~37/image-upload.json" >> $GITHUB_OUTPUT
echo "imageFilename=image-$(date +%s).raw" >> $GITHUB_OUTPUT echo "imageFilename=image-$(date +%s).raw" >> $GITHUB_OUTPUT
if [ "${imageType}" = release ] if [ "${imageType}" = release ]
then then
@ -198,9 +198,9 @@ runs:
echo "replicationRegions=northeurope eastus westeurope westus" >> $GITHUB_OUTPUT echo "replicationRegions=northeurope eastus westeurope westus" >> $GITHUB_OUTPUT
echo "sku=constellation" >> $GITHUB_OUTPUT echo "sku=constellation" >> $GITHUB_OUTPUT
echo "publisher=edgelesssys" >> $GITHUB_OUTPUT echo "publisher=edgelesssys" >> $GITHUB_OUTPUT
echo "rawImagePath=${basePath}/mkosi.output.azure/fedora~36/image.raw" >> $GITHUB_OUTPUT echo "rawImagePath=${basePath}/mkosi.output.azure/fedora~37/image.raw" >> $GITHUB_OUTPUT
echo "imagePath=${basePath}/mkosi.output.azure/fedora~36/image.vhd" >> $GITHUB_OUTPUT echo "imagePath=${basePath}/mkosi.output.azure/fedora~37/image.vhd" >> $GITHUB_OUTPUT
echo "jsonOutput=${basePath}/mkosi.output.azure/fedora~36/image-upload${uploadVariant}.json" >> $GITHUB_OUTPUT echo "jsonOutput=${basePath}/mkosi.output.azure/fedora~37/image-upload${uploadVariant}.json" >> $GITHUB_OUTPUT
# TODO: set default security type to "ConfidentialVM" once replication is possible # TODO: set default security type to "ConfidentialVM" once replication is possible
securityType=${{ inputs.uploadVariant }} securityType=${{ inputs.uploadVariant }}
if [ -z "${securityType}" ]; then if [ -z "${securityType}" ]; then
@ -252,9 +252,9 @@ runs:
echo "project=constellation-images" >> $GITHUB_OUTPUT echo "project=constellation-images" >> $GITHUB_OUTPUT
echo "bucket=constellation-images" >> $GITHUB_OUTPUT echo "bucket=constellation-images" >> $GITHUB_OUTPUT
echo "region=europe-west3" >> $GITHUB_OUTPUT echo "region=europe-west3" >> $GITHUB_OUTPUT
echo "rawImagePath=${basePath}/mkosi.output.gcp/fedora~36/image.raw" >> $GITHUB_OUTPUT echo "rawImagePath=${basePath}/mkosi.output.gcp/fedora~37/image.raw" >> $GITHUB_OUTPUT
echo "imagePath=${basePath}/mkosi.output.gcp/fedora~36/image.tar.gz" >> $GITHUB_OUTPUT echo "imagePath=${basePath}/mkosi.output.gcp/fedora~37/image.tar.gz" >> $GITHUB_OUTPUT
echo "jsonOutput=${basePath}/mkosi.output.gcp/fedora~36/image-upload.json" >> $GITHUB_OUTPUT echo "jsonOutput=${basePath}/mkosi.output.gcp/fedora~37/image-upload.json" >> $GITHUB_OUTPUT
if [ "${imageType}" = release ] if [ "${imageType}" = release ]
then then
echo "imageName=constellation-${imageVersion//./-}" >> $GITHUB_OUTPUT echo "imageName=constellation-${imageVersion//./-}" >> $GITHUB_OUTPUT
@ -280,5 +280,5 @@ runs:
run: | run: |
echo "bucket=cdn-constellation-backend" >> $GITHUB_OUTPUT echo "bucket=cdn-constellation-backend" >> $GITHUB_OUTPUT
echo "baseUrl=https://cdn.confidential.cloud" >> $GITHUB_OUTPUT echo "baseUrl=https://cdn.confidential.cloud" >> $GITHUB_OUTPUT
echo "imagePath=${basePath}/mkosi.output.qemu/fedora~36/image.raw" >> $GITHUB_OUTPUT echo "imagePath=${basePath}/mkosi.output.qemu/fedora~37/image.raw" >> $GITHUB_OUTPUT
echo "jsonOutput=${basePath}/mkosi.output.qemu/fedora~36/image-upload.json" >> $GITHUB_OUTPUT echo "jsonOutput=${basePath}/mkosi.output.qemu/fedora~37/image-upload.json" >> $GITHUB_OUTPUT

View File

@ -217,14 +217,14 @@ jobs:
echo "image-raw-changelog-${{ matrix.csp }}-sha256=$(sha256sum image.raw.changelog | head -c 64)" echo "image-raw-changelog-${{ matrix.csp }}-sha256=$(sha256sum image.raw.changelog | head -c 64)"
echo "image-raw-manifest-${{ matrix.csp }}-sha256=$(sha256sum image.raw.manifest | head -c 64)" echo "image-raw-manifest-${{ matrix.csp }}-sha256=$(sha256sum image.raw.manifest | head -c 64)"
} >> "$GITHUB_OUTPUT" } >> "$GITHUB_OUTPUT"
working-directory: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36 working-directory: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37
continue-on-error: true continue-on-error: true
- name: Upload raw OS image as artifact - name: Upload raw OS image as artifact
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
with: with:
name: image-${{ matrix.csp }} name: image-${{ matrix.csp }}
path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.raw
if: always() if: always()
continue-on-error: true continue-on-error: true
@ -233,13 +233,13 @@ jobs:
with: with:
name: parts-${{ matrix.csp }} name: parts-${{ matrix.csp }}
path: | path: |
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.cmdline ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.cmdline
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.efi ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.efi
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.initrd ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.initrd
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.raw ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.root.raw
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.roothash ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.root.roothash
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.root.verity ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.root.verity
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.vmlinuz ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.vmlinuz
if: always() if: always()
continue-on-error: true continue-on-error: true
@ -248,8 +248,8 @@ jobs:
with: with:
name: manifest-${{ matrix.csp }} name: manifest-${{ matrix.csp }}
path: | path: |
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw.changelog ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.raw.changelog
${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw.manifest ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.raw.manifest
if: always() if: always()
continue-on-error: true continue-on-error: true
@ -278,7 +278,7 @@ jobs:
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1 uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
with: with:
name: image-${{ matrix.csp }} name: image-${{ matrix.csp }}
path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36 path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37
- name: Configure input variables - name: Configure input variables
id: vars id: vars

View File

@ -14,9 +14,9 @@ certs := $(PKI)/PK.cer $(PKI)/KEK.cer $(PKI)/db.cer
all: $(csps) all: $(csps)
$(csps): %: mkosi.output.%/fedora~36/image.raw $(csps): %: mkosi.output.%/fedora~37/image.raw
mkosi.output.%/fedora~36/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-certs mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-certs
mkosi --config mkosi.files/mkosi.$*.conf --image-version=$(IMAGE_VERSION) build mkosi --config mkosi.files/mkosi.$*.conf --image-version=$(IMAGE_VERSION) build
secure-boot/signed-shim.sh $@ secure-boot/signed-shim.sh $@
@if [ -n $(SUDO_UID) ] && [ -n $(SUDO_GID) ]; then \ @if [ -n $(SUDO_UID) ] && [ -n $(SUDO_GID) ]; then \

View File

@ -75,7 +75,7 @@ After that, you can build the image with:
sudo make -j $(nproc) sudo make -j $(nproc)
``` ```
Raw images will be placed in `mkosi.output.<CSP>/fedora~36/image.raw`. Raw images will be placed in `mkosi.output.<CSP>/fedora~37/image.raw`.
## Prepare Secure Boot ## Prepare Secure Boot
@ -87,7 +87,7 @@ For QEMU and Azure, you can pre-generate the NVRAM variables for secure boot. Th
<summary><a id="qemu-secure-boot">libvirt / QEMU / KVM</a></summary> <summary><a id="qemu-secure-boot">libvirt / QEMU / KVM</a></summary>
```sh ```sh
secure-boot/generate_nvram_vars.sh mkosi.output.qemu/fedora~36/image.raw secure-boot/generate_nvram_vars.sh mkosi.output.qemu/fedora~37/image.raw
``` ```
</details> </details>
@ -109,10 +109,10 @@ export AZURE_REGION=northeurope
export AZURE_REPLICATION_REGIONS= export AZURE_REPLICATION_REGIONS=
export AZURE_DISK_NAME=constellation-$(date +%s) export AZURE_DISK_NAME=constellation-$(date +%s)
export AZURE_SNAPSHOT_NAME=${AZURE_DISK_NAME} export AZURE_SNAPSHOT_NAME=${AZURE_DISK_NAME}
export AZURE_RAW_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~36/image.raw export AZURE_RAW_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~37/image.raw
export AZURE_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~36/image.vhd export AZURE_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~37/image.vhd
export AZURE_VMGS_FILENAME=${AZURE_SECURITY_TYPE}.vmgs export AZURE_VMGS_FILENAME=${AZURE_SECURITY_TYPE}.vmgs
export AZURE_JSON_OUTPUT=${PWD}/mkosi.output.azure/fedora~36/image-upload.json export AZURE_JSON_OUTPUT=${PWD}/mkosi.output.azure/fedora~37/image-upload.json
export BLOBS_DIR=${PWD}/blobs export BLOBS_DIR=${PWD}/blobs
upload/pack.sh azure "${AZURE_RAW_IMAGE_PATH}" "${AZURE_IMAGE_PATH}" upload/pack.sh azure "${AZURE_RAW_IMAGE_PATH}" "${AZURE_IMAGE_PATH}"
upload/upload_azure.sh --disk-name "${AZURE_DISK_NAME}-setup-secure-boot" "" upload/upload_azure.sh --disk-name "${AZURE_DISK_NAME}-setup-secure-boot" ""
@ -156,10 +156,10 @@ export PKI=${PWD}/pki
export AWS_REGION=eu-central-1 export AWS_REGION=eu-central-1
export AWS_REPLICATION_REGIONS="us-east-2" export AWS_REPLICATION_REGIONS="us-east-2"
export AWS_BUCKET=constellation-images export AWS_BUCKET=constellation-images
export AWS_EFIVARS_PATH=${PWD}/mkosi.output.aws/fedora~36/efivars.bin export AWS_EFIVARS_PATH=${PWD}/mkosi.output.aws/fedora~37/efivars.bin
export AWS_IMAGE_PATH=${PWD}/mkosi.output.aws/fedora~36/image.raw export AWS_IMAGE_PATH=${PWD}/mkosi.output.aws/fedora~37/image.raw
export AWS_IMAGE_FILENAME=image-$(date +%s).raw export AWS_IMAGE_FILENAME=image-$(date +%s).raw
export AWS_JSON_OUTPUT=${PWD}/mkosi.output.aws/fedora~36/image-upload.json export AWS_JSON_OUTPUT=${PWD}/mkosi.output.aws/fedora~37/image-upload.json
secure-boot/aws/create_uefivars.sh "${AWS_EFIVARS_PATH}" secure-boot/aws/create_uefivars.sh "${AWS_EFIVARS_PATH}"
upload/upload_aws.sh upload/upload_aws.sh
``` ```
@ -185,10 +185,10 @@ export PKI=${PWD}/pki
export GCP_PROJECT=constellation-images export GCP_PROJECT=constellation-images
export GCP_REGION=europe-west3 export GCP_REGION=europe-west3
export GCP_BUCKET=constellation-images export GCP_BUCKET=constellation-images
export GCP_RAW_IMAGE_PATH=${PWD}/mkosi.output.gcp/fedora~36/image.raw export GCP_RAW_IMAGE_PATH=${PWD}/mkosi.output.gcp/fedora~37/image.raw
export GCP_IMAGE_FILENAME=$(date +%s).tar.gz export GCP_IMAGE_FILENAME=$(date +%s).tar.gz
export GCP_IMAGE_PATH=${PWD}/mkosi.output.gcp/fedora~36/image.tar.gz export GCP_IMAGE_PATH=${PWD}/mkosi.output.gcp/fedora~37/image.tar.gz
export GCP_JSON_OUTPUT=${PWD}/mkosi.output.gcp/fedora~36/image-upload.json export GCP_JSON_OUTPUT=${PWD}/mkosi.output.gcp/fedora~37/image-upload.json
upload/pack.sh gcp ${GCP_RAW_IMAGE_PATH} ${GCP_IMAGE_PATH} upload/pack.sh gcp ${GCP_RAW_IMAGE_PATH} ${GCP_IMAGE_PATH}
upload/upload_gcp.sh upload/upload_gcp.sh
``` ```
@ -228,9 +228,9 @@ export AZURE_IMAGE_OFFER=constellation
export AZURE_SKU=constellation export AZURE_SKU=constellation
export AZURE_PUBLISHER=edgelesssys export AZURE_PUBLISHER=edgelesssys
export AZURE_DISK_NAME=constellation-$(date +%s) export AZURE_DISK_NAME=constellation-$(date +%s)
export AZURE_RAW_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~36/image.raw export AZURE_RAW_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~37/image.raw
export AZURE_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~36/image.vhd export AZURE_IMAGE_PATH=${PWD}/mkosi.output.azure/fedora~37/image.vhd
export AZURE_JSON_OUTPUT=${PWD}/mkosi.output.azure/fedora~36/image-upload.json export AZURE_JSON_OUTPUT=${PWD}/mkosi.output.azure/fedora~37/image-upload.json
upload/pack.sh azure "${AZURE_RAW_IMAGE_PATH}" "${AZURE_IMAGE_PATH}" upload/pack.sh azure "${AZURE_RAW_IMAGE_PATH}" "${AZURE_IMAGE_PATH}"
upload/upload_azure.sh -g --disk-name "${AZURE_DISK_NAME}" "${AZURE_VMGS_PATH}" upload/upload_azure.sh -g --disk-name "${AZURE_DISK_NAME}" "${AZURE_VMGS_PATH}"
``` ```
@ -248,8 +248,8 @@ upload/upload_azure.sh -g --disk-name "${AZURE_DISK_NAME}" "${AZURE_VMGS_PATH}"
export IMAGE_VERSION_UID= # e.g. "test123" or "v2.1.0" export IMAGE_VERSION_UID= # e.g. "test123" or "v2.1.0"
export QEMU_BUCKET=cdn-constellation-backend export QEMU_BUCKET=cdn-constellation-backend
export QEMU_BASE_URL="https://cdn.confidential.cloud" export QEMU_BASE_URL="https://cdn.confidential.cloud"
export QEMU_IMAGE_PATH=${PWD}/mkosi.output.qemu/fedora~36/image.raw export QEMU_IMAGE_PATH=${PWD}/mkosi.output.qemu/fedora~37/image.raw
export QEMU_JSON_OUTPUT=${PWD}/mkosi.output.qemu/fedora~36/image-upload.json export QEMU_JSON_OUTPUT=${PWD}/mkosi.output.qemu/fedora~37/image-upload.json
upload/upload_qemu.sh upload/upload_qemu.sh
``` ```

View File

@ -1,6 +1,6 @@
[Distribution] [Distribution]
Distribution=fedora Distribution=fedora
Release=36 Release=37
[Output] [Output]
Format=gpt_squashfs Format=gpt_squashfs