mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-10-23 13:13:21 +00:00
build: Fix nvidia kernel breakage
On commit 9602ba6ccc
, from February this
year, we've introduced a check to ensure that the files needed for
signing the kernel build are present. However, we've noticed last week
that there were a reasonable amount of wrong assumptions with the
workflow. :-)
Zvonko fixed the majority of those, but this bit was left and it'd cause
breakages when using kernel that was cached ... although passing when
building new kernels.
Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
This commit is contained in:
committed by
Fabiano Fidêncio
parent
8b06f3d95d
commit
fb43d3419f
@@ -1346,9 +1346,16 @@ handle_build() {
|
|||||||
pushd "${kernel_headers_dir}"
|
pushd "${kernel_headers_dir}"
|
||||||
find . -type f -name "*.${KERNEL_HEADERS_PKG_TYPE}" -exec tar -rvf kernel-headers.tar {} +
|
find . -type f -name "*.${KERNEL_HEADERS_PKG_TYPE}" -exec tar -rvf kernel-headers.tar {} +
|
||||||
if [ -n "${KBUILD_SIGN_PIN}" ]; then
|
if [ -n "${KBUILD_SIGN_PIN}" ]; then
|
||||||
head -n1 kata-linux-*/certs/signing_key.pem | grep -q "ENCRYPTED PRIVATE KEY" || die "signing_key.pem is not encrypted"
|
# For those 2 we can simply do a `|| true` as the signing_key.{pem,x509} are either:
|
||||||
mv kata-linux-*/certs/signing_key.pem .
|
# * already in ., as we're using a cached tarball
|
||||||
mv kata-linux-*/certs/signing_key.x509 .
|
# * will be moved here, in case we had built the kernel
|
||||||
|
mv kata-linux-*/certs/signing_key.pem . || true
|
||||||
|
mv kata-linux-*/certs/signing_key.x509 . || true
|
||||||
|
|
||||||
|
# Then we can check for the key on ., as it should always be here on both cases
|
||||||
|
# (cached or built kernel).
|
||||||
|
head -n1 "signing_key.pem" | grep -q "ENCRYPTED PRIVATE KEY" || die "signing_key.pem is not encrypted"
|
||||||
|
|
||||||
tar -rvf kernel-headers.tar signing_key.pem signing_key.x509 --remove-files
|
tar -rvf kernel-headers.tar signing_key.pem signing_key.x509 --remove-files
|
||||||
fi
|
fi
|
||||||
zstd -T0 kernel-headers.tar -o kernel-headers.tar.zst
|
zstd -T0 kernel-headers.tar -o kernel-headers.tar.zst
|
||||||
|
Reference in New Issue
Block a user