mirror of
https://github.com/mirage/qubes-mirage-firewall.git
synced 2024-12-24 22:59:31 -05:00
WIP: update the salt script + releases files
This commit is contained in:
parent
fc75cce37c
commit
de9a6ccc86
2
.github/workflows/docker.yml
vendored
2
.github/workflows/docker.yml
vendored
@ -23,7 +23,7 @@ jobs:
|
|||||||
|
|
||||||
- run: ./build-with.sh docker
|
- run: ./build-with.sh docker
|
||||||
|
|
||||||
- run: sh -exc 'if [ $(sha256sum dist/qubes-firewall.xen | cut -d " " -f 1) = $(grep "SHA2 last known" build-with.sh | rev | cut -d ":" -f 1 | rev | cut -d "\"" -f 1 | tr -d " ") ]; then echo "SHA256 MATCHES"; else exit 42; fi'
|
- run: sh -exc 'if [ $(sha256sum dist/qubes-firewall.xen) = $(cat qubes-firewall.sha256) ]; then echo "SHA256 MATCHES"; else exit 42; fi'
|
||||||
|
|
||||||
- name: Upload Artifact
|
- name: Upload Artifact
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v3
|
||||||
|
2
.github/workflows/podman.yml
vendored
2
.github/workflows/podman.yml
vendored
@ -23,7 +23,7 @@ jobs:
|
|||||||
|
|
||||||
- run: ./build-with.sh podman
|
- run: ./build-with.sh podman
|
||||||
|
|
||||||
- run: sh -exc 'if [ $(sha256sum dist/qubes-firewall.xen | cut -d " " -f 1) = $(grep "SHA2 last known" build-with.sh | rev | cut -d ":" -f 1 | rev | cut -d "\"" -f 1 | tr -d " ") ]; then echo "SHA256 MATCHES"; else exit 42; fi'
|
- run: sh -exc 'if [ $(sha256sum dist/qubes-firewall.xen) = $(cat qubes-firewall.sha256) ]; then echo "SHA256 MATCHES"; else exit 42; fi'
|
||||||
|
|
||||||
- name: Upload Artifact
|
- name: Upload Artifact
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v3
|
||||||
|
@ -32,4 +32,4 @@ WORKDIR /tmp/orb-build
|
|||||||
CMD opam exec -- sh -exc 'mirage configure -t xen --extra-repos=\
|
CMD opam exec -- sh -exc 'mirage configure -t xen --extra-repos=\
|
||||||
opam-overlays:https://github.com/dune-universe/opam-overlays.git#4e75ee36715b27550d5bdb87686bb4ae4c9e89c4,\
|
opam-overlays:https://github.com/dune-universe/opam-overlays.git#4e75ee36715b27550d5bdb87686bb4ae4c9e89c4,\
|
||||||
mirage-overlays:https://github.com/dune-universe/mirage-opam-overlays.git#797cb363df3ff763c43c8fbec5cd44de2878757e \
|
mirage-overlays:https://github.com/dune-universe/mirage-opam-overlays.git#797cb363df3ff763c43c8fbec5cd44de2878757e \
|
||||||
&& make depend && make tar'
|
&& make depend && make unikernel'
|
||||||
|
@ -1,13 +1,8 @@
|
|||||||
tar: build
|
unikernel: build
|
||||||
rm -rf _build/mirage-firewall
|
|
||||||
mkdir _build/mirage-firewall
|
|
||||||
cp dist/qubes-firewall.xen dist/qubes-firewall.xen.debug
|
cp dist/qubes-firewall.xen dist/qubes-firewall.xen.debug
|
||||||
strip dist/qubes-firewall.xen
|
strip dist/qubes-firewall.xen
|
||||||
cp dist/qubes-firewall.xen _build/mirage-firewall/vmlinuz
|
cp dist/qubes-firewall.xen .
|
||||||
touch _build/mirage-firewall/modules.img
|
sha256sum qubes-firewall.xen
|
||||||
cat /dev/null | gzip -n > _build/mirage-firewall/initramfs
|
|
||||||
tar cjf mirage-firewall.tar.bz2 -C _build --mtime=./build-with.sh mirage-firewall
|
|
||||||
sha256sum mirage-firewall.tar.bz2 > mirage-firewall.sha256
|
|
||||||
|
|
||||||
fetchmotron: qubes_firewall.xen
|
fetchmotron: qubes_firewall.xen
|
||||||
test-mirage qubes_firewall.xen mirage-fw-test &
|
test-mirage qubes_firewall.xen mirage-fw-test &
|
||||||
|
@ -10,7 +10,8 @@
|
|||||||
{% set DownloadVM = "DownloadVmMirage" %}
|
{% set DownloadVM = "DownloadVmMirage" %}
|
||||||
{% set MirageFW = "sys-mirage-fw" %}
|
{% set MirageFW = "sys-mirage-fw" %}
|
||||||
{% set GithubUrl = "https://github.com/mirage/qubes-mirage-firewall" %}
|
{% set GithubUrl = "https://github.com/mirage/qubes-mirage-firewall" %}
|
||||||
{% set Filename = "mirage-firewall.tar.bz2" %}
|
{% set Kernel = "qubes-firewall.xen" %}
|
||||||
|
{% set Shasum = "qubes-firewall-release.sha256" %}
|
||||||
{% set MirageInstallDir = "/var/lib/qubes/vm-kernels/mirage-firewall" %}
|
{% set MirageInstallDir = "/var/lib/qubes/vm-kernels/mirage-firewall" %}
|
||||||
|
|
||||||
#download and install the latest version
|
#download and install the latest version
|
||||||
@ -28,13 +29,14 @@ create-downloader-VM:
|
|||||||
- template: {{ DownloadVMTemplate }}
|
- template: {{ DownloadVMTemplate }}
|
||||||
- include-in-backups: false
|
- include-in-backups: false
|
||||||
|
|
||||||
{% set DownloadBinary = GithubUrl ~ "/releases/download/" ~ Release ~ "/" ~ Filename %}
|
{% set DownloadBinary = GithubUrl ~ "/releases/download/" ~ Release ~ "/" ~ Kernel %}
|
||||||
|
{% set DownloadShasum = GithubUrl ~ "/releases/download/" ~ Release ~ "/" ~ Shasum %}
|
||||||
|
|
||||||
download-and-unpack-in-DownloadVM4mirage:
|
download-and-unpack-in-DownloadVM4mirage:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- names:
|
- names:
|
||||||
- qvm-run --pass-io {{ DownloadVM }} {{ "curl -L -O " ~ DownloadBinary }}
|
- qvm-run --pass-io {{ DownloadVM }} {{ "curl -L -O " ~ DownloadBinary }}
|
||||||
- qvm-run --pass-io {{ DownloadVM }} {{ "tar -xvjf " ~ Filename }}
|
- qvm-run --pass-io {{ DownloadVM }} {{ "curl -L -O " ~ DownloadShasum }}
|
||||||
- require:
|
- require:
|
||||||
- create-downloader-VM
|
- create-downloader-VM
|
||||||
|
|
||||||
@ -42,15 +44,15 @@ download-and-unpack-in-DownloadVM4mirage:
|
|||||||
check-checksum-in-DownloadVM:
|
check-checksum-in-DownloadVM:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- names:
|
- names:
|
||||||
- qvm-run --pass-io {{ DownloadVM }} {{ "\"echo \\\"Checksum of last build on github:\\\";curl -s https://raw.githubusercontent.com/mirage/qubes-mirage-firewall/main/build-with.sh | grep \\\"SHA2 last known:\\\" | cut -d\' \' -f5 | tr -d \\\\\\\"\"" }}
|
- qvm-run --pass-io {{ DownloadVM }} {{ "\"echo \\\"Checksum of release on github:\\\";cat " ~ Shasum ~ " | cut -d\' \' -f1\"" }}
|
||||||
- qvm-run --pass-io {{ DownloadVM }} {{ "\"echo \\\"Checksum of downloaded local file:\\\";sha256sum ~/mirage-firewall/vmlinuz | cut -d\' \' -f1\"" }}
|
- qvm-run --pass-io {{ DownloadVM }} {{ "\"echo \\\"Checksum of downloaded local file:\\\";sha256sum " ~ Kernel ~ " | cut -d\' \' -f1\"" }}
|
||||||
- qvm-run --pass-io {{ DownloadVM }} {{ "\"diff <(curl -s https://raw.githubusercontent.com/mirage/qubes-mirage-firewall/main/build-with.sh | grep \\\"SHA2 last known:\\\" | cut -d\' \' -f5 | tr -d \\\\\\\") <(sha256sum ~/mirage-firewall/vmlinuz | cut -d\' \' -f1) && echo \\\"Checksums DO match.\\\" || (echo \\\"Checksums do NOT match.\\\";exit 101)\"" }} #~/mirage-firewall/modules.img
|
- qvm-run --pass-io {{ DownloadVM }} {{ "\"diff <(cat " ~ Shasum ~ " | cut -d\' \' -f1) <(sha256sum " ~ Kernel ~ " | cut -d\' \' -f1) && echo \\\"Checksums DO match.\\\" || (echo \\\"Checksums do NOT match.\\\";exit 101)\"" }}
|
||||||
- require:
|
- require:
|
||||||
- download-and-unpack-in-DownloadVM4mirage
|
- download-and-unpack-in-DownloadVM4mirage
|
||||||
|
|
||||||
copy-mirage-kernel-to-dom0:
|
copy-mirage-kernel-to-dom0:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- name: mkdir -p {{ MirageInstallDir }}; qvm-run --pass-io --no-gui {{ DownloadVM }} "cat ~/mirage-firewall/vmlinuz" > {{ MirageInstallDir ~ "/vmlinuz" }}
|
- name: mkdir -p {{ MirageInstallDir }}; qvm-run --pass-io --no-gui {{ DownloadVM }} "cat " ~ Kernel > {{ MirageInstallDir ~ "/" ~ Kernel }}
|
||||||
- require:
|
- require:
|
||||||
- download-and-unpack-in-DownloadVM4mirage
|
- download-and-unpack-in-DownloadVM4mirage
|
||||||
- check-checksum-in-DownloadVM
|
- check-checksum-in-DownloadVM
|
||||||
@ -90,7 +92,7 @@ create-sys-mirage-fw:
|
|||||||
cleanup-in-DownloadVM:
|
cleanup-in-DownloadVM:
|
||||||
cmd.run:
|
cmd.run:
|
||||||
- names:
|
- names:
|
||||||
- qvm-run -a --pass-io --no-gui {{ DownloadVM }} "{{ "rm " ~ Filename ~ "; rm -R ~/mirage-firewall" }}"
|
- qvm-run -a --pass-io --no-gui {{ DownloadVM }} "{{ "rm " ~ Kernel ~ " " ~ Shasum }}"
|
||||||
- require:
|
- require:
|
||||||
- create-initramfs
|
- create-initramfs
|
||||||
|
|
||||||
|
@ -19,6 +19,7 @@ echo Building $builder image with dependencies..
|
|||||||
$builder build -t qubes-mirage-firewall .
|
$builder build -t qubes-mirage-firewall .
|
||||||
echo Building Firewall...
|
echo Building Firewall...
|
||||||
$builder run --rm -i -v `pwd`:/tmp/orb-build:Z qubes-mirage-firewall
|
$builder run --rm -i -v `pwd`:/tmp/orb-build:Z qubes-mirage-firewall
|
||||||
echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen)"
|
echo "SHA2 of build: $(sha256sum ./dist/qubes-firewall.xen | cut -d' ' -f1)"
|
||||||
echo "SHA2 last known: 78a1ee52574b9a4fc5eda265922bcbcface90f7c43ed7a68dc8e201a2ac0a7dc"
|
echo "SHA2 current head: $(cat qubes-firewall.sha256 | cut -d' ' -f1)"
|
||||||
echo "(hashes should match for released versions)"
|
echo "SHA2 last release: $(cat qubes-firewall-release.sha256 | cut -d' ' -f1)"
|
||||||
|
echo "(hashes should match for head versions)"
|
||||||
|
1
qubes-firewall-release.sha256
Normal file
1
qubes-firewall-release.sha256
Normal file
@ -0,0 +1 @@
|
|||||||
|
78a1ee52574b9a4fc5eda265922bcbcface90f7c43ed7a68dc8e201a2ac0a7dc dist/qubes-firewall.xen
|
1
qubes-firewall.sha256
Normal file
1
qubes-firewall.sha256
Normal file
@ -0,0 +1 @@
|
|||||||
|
78a1ee52574b9a4fc5eda265922bcbcface90f7c43ed7a68dc8e201a2ac0a7dc dist/qubes-firewall.xen
|
Loading…
Reference in New Issue
Block a user