Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-25 23:49:37 -05:00
Code Issues Packages Projects Releases Wiki Activity

image: use systemd-dissect from the host when calculating measurements (#2473)

Browse Source 
* image: use systemd-dissect from the host when calculating measurements

* ci: setup bazel and nix toolchains before merging os image measurements
This commit is contained in:
Malte Poll 2023-10-17 13:26:07 +02:00 committed by GitHub
parent ac8a464d7e
commit e93de82c0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build-os-image.yml vendored
View File

@ -545,6 +545,10 @@ jobs:
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
- uses: ./.github/actions/setup_bazel_nix
with:
useCache: "false"
- name: Download measurements - name: Download measurements
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:

11
image/measured-boot/cmd/BUILD.bazel
View File

@ -21,8 +21,13 @@ go_binary(
], ],
embed = [":cmd_lib"], embed = [":cmd_lib"],
# keep # keep
env = { # TODO(malt3): The commented out env variable
"DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)", # means we are using `systemd-dissect` from the host.
}, # `systemd-dissect` from nixpkgs breaks GitHub actions runners
# for unknown reasons.
# Fix this.
# env = {
# "DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)",
# },
visibility = ["//visibility:public"], visibility = ["//visibility:public"],
) )