Bump enki to include microsoft certs (#154 )

https://github.com/kairos-io/kairos/issues/2377 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
Update quay.io/luet/base Docker tag to v0.35.1
2025-12-24 20:34:11 +00:00 · 2024-03-22 11:38:52 +02:00 · 2024-03-15 13:59:42 +00:00 · 2024-03-15 13:59:05 +00:00 · 2024-03-13 10:40:05 +01:00 · 2024-03-13 10:24:08 +01:00
8 changed files with 37 additions and 59 deletions
--- a/tools-image/Dockerfile
+++ b/tools-image/Dockerfile
@@ -1,7 +1,7 @@
 # https://quay.io/repository/kairos/packages?tab=tags&tag=latest
 ARG LEAP_VERSION=15.5
-ARG LUET_VERSION=0.35.0
-ARG ENKI_VERSION=v0.0.16
+ARG LUET_VERSION=0.35.1
+ARG ENKI_VERSION=v0.0.25

 FROM quay.io/luet/base:$LUET_VERSION AS luet
 FROM quay.io/kairos/enki:${ENKI_VERSION} as enki
@@ -9,9 +9,10 @@ FROM quay.io/kairos/enki:${ENKI_VERSION} as enki
 FROM opensuse/leap:$LEAP_VERSION as default
 RUN zypper ref && zypper dup -y
 ## ISO+ Arm image + Netboot + cloud images Build depedencies
-RUN zypper ref && zypper in -y bc qemu-tools jq cdrtools docker git curl gptfdisk kpartx sudo xfsprogs parted util-linux-systemd e2fsprogs curl util-linux udev rsync grub2 dosfstools grub2-x86_64-efi squashfs mtools xorriso lvm2 zstd
-
-
+RUN zypper ref && zypper in -y bc qemu-tools jq cdrtools docker git curl gptfdisk kpartx sudo xfsprogs parted  \
+    util-linux-systemd e2fsprogs curl util-linux udev rsync grub2 dosfstools grub2-x86_64-efi squashfs mtools xorriso lvm2 zstd
+RUN zypper in -y python311-pip python311-cryptography sbsigntools tpm2-* # ukify deps
+RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1  # make python3.11 the default python3 for ukify
 COPY --from=luet /usr/bin/luet /usr/bin/luet
 ENV LUET_NOLOCK=true
 ENV TMPDIR=/tmp
@@ -23,20 +24,20 @@ COPY luet-amd64.yaml /tmp/luet-amd64.yaml
 RUN mkdir -p /etc/luet/
 RUN cp /tmp/luet-${TARGETARCH}.yaml /etc/luet/luet.yaml

+## Uki artifacts, will be set under the /usr/kairos directory
+RUN luet install -y system/systemd-boot
+
+# ukify + measure
+RUN luet install -y system/systemd-ukify
+# ukify deps that are not in the suse repos as packages. ukify package provides this so we have the exact versions needed
+RUN pip3 install -r /usr/kairos/ukify-requirements.txt
+
 ## Live CD artifacts
 RUN luet install -y livecd/grub2 --system-target /grub2
 RUN luet install -y livecd/grub2-efi-image --system-target /efi

 ## RPI64
-RUN luet install -y firmware/raspberrypi-firmware firmware/raspberrypi-firmware-config firmware/raspberrypi-firmware-dt --system-target /rpi/
-
-COPY luet-arm64-old.yaml /tmp/luet-arm64.yaml
-COPY luet-amd64-old.yaml /tmp/luet-amd64.yaml
-RUN cp /tmp/luet-${TARGETARCH}.yaml /etc/luet/luet.yaml
-RUN luet install -y firmware/u-boot-rpi64 --system-target /rpi/
-
-COPY luet-arm64.yaml /tmp/luet-arm64.yaml
-COPY luet-amd64.yaml /tmp/luet-amd64.yaml
+RUN luet install -y firmware/u-boot-rpi64 firmware/raspberrypi-firmware firmware/raspberrypi-firmware-config firmware/raspberrypi-firmware-dt --system-target /rpi/

 ## PineBook64 Pro
 RUN luet install -y arm-vendor-blob/u-boot-rockchip --system-target /pinebookpro/u-boot
--- a/tools-image/arm/boards/rpi4.sh
+++ b/tools-image/arm/boards/rpi4.sh
@@ -2,8 +2,6 @@

 partprobe

-kpartx -va $DRIVE
-
 image=$1

 if [ -z "$image" ]; then
--- a/tools-image/build-arm-image.sh
+++ b/tools-image/build-arm-image.sh
@@ -73,8 +73,12 @@ cleanup() {
  fi

  losetup -D "${LOOP}" || true;
-  dmsetup remove KairosVG-oem || true;
-  dmsetup remove KairosVG-recovery || true;
+  losetup -D "${DRIVE}" || true;
+
+  if [ "$model" == "rpi3" ]; then
+    dmsetup remove KairosVG-oem || true;
+    dmsetup remove KairosVG-recovery || true;
+  fi
 }

 ensure_dir_structure() {
@@ -364,14 +368,19 @@ if [ "$model" == "rpi3" ]; then
    sgdisk -m 1:2:3:4 ${output_image}
    sfdisk --part-type ${output_image} 1 c
 elif [ "$model" == "rpi4" ]; then
-    echo "label: gpt" | sfdisk "${output_image}"
-    sgdisk -n 1:8192:+96M -c 1:EFI -t 1:0c00 ${output_image}
+    sgdisk -n 1:0:+96M -c 1:EFI -t 1:ef00 ${output_image}
+    partprobe
    sgdisk -n 2:0:+${state_size}M -c 2:state -t 2:8300 ${output_image}
+    partprobe
    sgdisk -n 3:0:+${recovery_size}M -c 3:recovery -t 3:8300 ${output_image}
+    partprobe
    sgdisk -n 4:0:+${oem_size}M -c 4:oem -t 4:8300 ${output_image}
+    partprobe
    sgdisk -n 5:0:+64M -c 5:persistent -t 5:8300 ${output_image}
-    sgdisk -g ${output_image}
-    sgdisk -m 1:2:3:4:5 ${output_image}
+    partprobe
+    # Move backup header to end of disk
+    sgdisk -e ${output_image}
+    sgdisk -v ${output_image}
 else
    sgdisk -n 1:8192:+16M -c 1:EFI -t 1:0700 ${output_image}
    sgdisk -n 2:0:+${state_size}M -c 2:state -t 2:8300 ${output_image}
@@ -423,12 +432,12 @@ fi
 # Create partitions (RECOVERY, STATE, COS_PERSISTENT)
 mkfs.vfat -F 32 ${efi}
 fatlabel ${efi} COS_GRUB
-mkfs.ext4 -F -L ${STATE_LABEL} $state
-mkfs.ext4 -F -L ${PERSISTENT_LABEL} $persistent
+mkfs.ext3 -F -L ${STATE_LABEL} $state
+mkfs.ext3 -F -L ${PERSISTENT_LABEL} $persistent

 if [ "$model" == 'rpi4' ]; then
-  mkfs.ext4 -F -L ${RECOVERY_LABEL} $recovery
-  mkfs.ext4 -F -L ${OEM_LABEL} $oem
+  mkfs.ext3 -F -L ${RECOVERY_LABEL} $recovery
+  mkfs.ext3 -F -L ${OEM_LABEL} $oem
 else
  pvcreate $recovery
  vgcreate KairosVG $recovery
--- a/tools-image/entrypoint.sh
+++ b/tools-image/entrypoint.sh
@@ -2,4 +2,4 @@

 set -ex

-enki --config-dir /config $@
+enki --config-dir /config "$@"
--- a/tools-image/luet-amd64-old.yaml
+++ b/tools-image/luet-amd64-old.yaml
@@ -1,15 +0,0 @@
-general:
-  debug: false
-  spinner_charset: 9
-logging:
-  enable_emoji: false
-repositories:
-  - name: "kairos"
-    description: "kairos repository"
-    type: "docker"
-    cached: true
-    enable: true
-    priority: 2
-    urls:
-      - "quay.io/kairos/packages"
-    reference: 20240202131847-repository.yaml
--- a/tools-image/luet-amd64.yaml
+++ b/tools-image/luet-amd64.yaml
@@ -12,4 +12,4 @@ repositories:
    priority: 2
    urls:
      - "quay.io/kairos/packages"
-    reference: 20240207153537-repository.yaml
+    reference: 20240306154541-repository.yaml
--- a/tools-image/luet-arm64-old.yaml
+++ b/tools-image/luet-arm64-old.yaml
@@ -1,15 +0,0 @@
-general:
-  debug: false
-  spinner_charset: 9
-logging:
-  enable_emoji: false
-repositories:
-  - name: "kairos-arm64"
-    description: "kairos repository arm64"
-    type: "docker"
-    cached: true
-    enable: true
-    priority: 2
-    urls:
-      - "quay.io/kairos/packages-arm64"
-    reference: 20240202135656-repository.yaml
--- a/tools-image/luet-arm64.yaml
+++ b/tools-image/luet-arm64.yaml
@@ -12,4 +12,4 @@ repositories:
    priority: 2
    urls:
      - "quay.io/kairos/packages-arm64"
-    reference: 20240207154912-repository.yaml
+    reference: 20240306155559-repository.yaml
Author	SHA1	Message	Date
Dimitris Karakasilis	8b2fac5bbb	Bump enki to include microsoft certs (#154 ) https://github.com/kairos-io/kairos/issues/2377 Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2024-03-22 11:38:52 +02:00
renovate[bot]	2806239183	Update quay.io/luet/base Docker tag to v0.35.1	2024-03-15 13:59:42 +00:00
renovate[bot]	66c7aa5fb3	Update quay.io/kairos/enki Docker tag to v0.0.23	2024-03-15 13:59:05 +00:00
Mauro Morales	a6d03cffdf	Merge pull request #151 from kairos-io/mauromorales-patch-1 Update Enki to v0.0.22	2024-03-13 10:40:05 +01:00
Mauro Morales	b21a5725a8	Update Enki to v0.0.22 Signed-off-by: Mauro Morales <mauro.morales@spectrocloud.com>	2024-03-13 10:24:08 +01:00
Itxaka	46d1e8547b	Update Dockerfile Signed-off-by: Itxaka <itxakaserrano@gmail.com>	2024-03-07 21:09:30 +01:00
Itxaka	29b4eb5964	Merge pull request #148 from ci-forks/create-pull-request/patch	2024-03-07 20:46:20 +01:00
mudler	0340dbf5bf	⬆️ Update repositories Signed-off-by: GitHub <noreply@github.com>	2024-03-06 20:07:01 +00:00
Itxaka	2a55c3e080	Merge pull request #147 from ci-forks/create-pull-request/patch	2024-02-27 10:12:20 +01:00
Itxaka	beabe36c36	Update Dockerfile Signed-off-by: Itxaka <itxakaserrano@gmail.com>	2024-02-27 10:11:38 +01:00
mudler	9af9939367	⬆️ Update repositories Signed-off-by: GitHub <noreply@github.com>	2024-02-22 20:06:47 +00:00
Itxaka	0fe28a034f	Update Dockerfile Signed-off-by: Itxaka <itxakaserrano@gmail.com>	2024-02-22 00:23:31 +01:00
Itxaka	db9c52985b	install the proper arch for systemd-boot Signed-off-by: Itxaka <itxakaserrano@gmail.com>	2024-02-21 20:59:13 +01:00
Itxaka	fbe3874152	Merge pull request #144 from ci-forks/create-pull-request/patch	2024-02-21 20:16:07 +01:00
Itxaka	77756071c6	⬆️ Update repositories Signed-off-by: GitHub <noreply@github.com>	2024-02-21 19:15:11 +00:00
Dimitris Karakasilis	ee5df3f0ea	Bump enki version (#145 ) Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>	2024-02-19 18:23:28 +02:00
Itxaka	cbc77a5493	Merge pull request #143 from kairos-io/ukify	2024-02-19 16:04:21 +01:00
Itxaka	7813c2eec4	Revert to using leap as base image for tool image Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-19 16:03:55 +01:00
Itxaka	32cd7c76cb	Use ukify from packages Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-17 11:11:30 +01:00
Itxaka	82c9a08353	Merge pull request #142 from kairos-io/Itxaka-patch-1	2024-02-16 20:11:19 +01:00
Itxaka	dcd3b4be97	Update Dockerfile Signed-off-by: Itxaka <itxakaserrano@gmail.com>	2024-02-16 20:11:01 +01:00
Itxaka	cedc294836	Merge pull request #141 from kairos-io/systemd_boot_artifacts	2024-02-16 17:29:51 +01:00
Itxaka	c0fc19b345	Update tools-image/Dockerfile Co-authored-by: Mauro Morales <mauro.morales@spectrocloud.com> Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-16 16:52:57 +01:00
Itxaka	40477e3ceb	Provide systemd-boot artifacts on osbuilder image Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-16 12:20:20 +01:00
Ettore Di Giacinto	7df2f481f8	fix(entrypoint.sh): quote when passing-by arguments (#140 ) Signed-off-by: Ettore Di Giacinto <mudler@users.noreply.github.com>	2024-02-15 18:07:25 +01:00
Itxaka	907b32d5e5	Merge pull request #139 from kairos-io/bump_fedora	2024-02-14 11:12:47 +01:00
Itxaka	446807680b	Merge branch 'master' into bump_fedora Signed-off-by: Itxaka <itxakaserrano@gmail.com>	2024-02-14 11:12:41 +01:00
Itxaka	e118e769fe	Improve osbuidler arm scripts Use ext3 for partitions Do not let the rpi4 script recreate the mapping Only call dmsetup if we are on rpi3 Try to remove the final image loop device as well Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-14 11:11:25 +01:00
Itxaka	97b58723a9	Merge pull request #133 from ci-forks/create-pull-request/patch	2024-02-12 14:41:53 +01:00
Itxaka	8570a9ed85	revert small sgdisk change Signed-off-by: Itxaka <itxakaserrano@gmail.com>	2024-02-12 14:41:45 +01:00
mudler	aa04578df9	⬆️ Update repositories Signed-off-by: GitHub <noreply@github.com>	2024-02-11 20:07:05 +00:00
Itxaka	39cfe7af30	Merge pull request #137 from kairos-io/bump_fedora	2024-02-10 17:14:03 +01:00
Itxaka	10d5f627fc	Use fedora 40 Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-10 17:13:39 +01:00
Itxaka	89dec58dd9	Merge pull request #136 from kairos-io/bump_fedora	2024-02-10 11:20:29 +01:00
Itxaka	54ae9607ee	Use Fedora 38 Looks like fedora 39 is broken Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-10 11:20:02 +01:00
Itxaka	ddb88c0e2e	Merge pull request #135 from kairos-io/bump_fedora	2024-02-10 10:48:00 +01:00
Itxaka	2c18ce3fbd	Use fedora 40 for os tools container Fixes an issue with sgdisk creating the disk images properly Alos removes some uneeded options from the rpi4 disk cration: - `-g` option mean to transform mbr to gptt, but the disk was already gpt - `-m` option tried to make the disk mbr from gpt... not sure why that was there - creating the disk with gpt. There is no need as sgdisk will default to create a gpt disk Signed-off-by: Itxaka <itxaka@kairos.io>	2024-02-10 10:45:52 +01:00