Skip to content

Commit

Permalink
generate sbkeys scripts: change docker mounts
Browse files Browse the repository at this point in the history 
Because the new Twoliter build tool will execute docker run commands
from within a container that has the host docker socket mounted, it is
necessary for "inner" and "outer" bind mount paths to match.

Additionally, it was found that generate-aws-sbkeys needed
--network=host on at least some systems.
  • Loading branch information
@webern
webern committed Jul 25, 2023
1 parent e719c71 commit a8259be
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 11 deletions.
13 changes: 7 additions & 6 deletions sbkeys/generate-aws-sbkeys
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,11 +117,12 @@ mkdir -p "${OUTPUT_DIR}"

if [ -n "${SDK_IMAGE:-}" ] ; then
docker run -a stdin -a stdout -a stderr --rm \
--network=host \
--user "$(id -u):$(id -g)" \
--security-opt label:disable \
-v "${OUTPUT_DIR}":/tmp/output \
-v "${SBKEYS_SCRIPT}":/tmp/sbkeys \
-v "${AWS_KMS_PKCS11_CONF}":/tmp/aws-kms-pkcs11-conf \
-v "${OUTPUT_DIR}":"${OUTPUT_DIR}" \
-v "${SBKEYS_SCRIPT}":"${SBKEYS_SCRIPT}" \
-v "${AWS_KMS_PKCS11_CONF}":"${AWS_KMS_PKCS11_CONF}" \
${AWS_ACCESS_KEY_ID:+-e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID} \
${AWS_SECRET_ACCESS_KEY:+-e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY} \
${AWS_SESSION_TOKEN:+-e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN} \
Expand All @@ -134,10 +135,10 @@ if [ -n "${SDK_IMAGE:-}" ] ; then
-e SHIM_SIGN_KEY="${SHIM_SIGN_KEY}" \
-e CODE_SIGN_KEY="${CODE_SIGN_KEY}" \
-e CONFIG_SIGN_KEY="${CONFIG_SIGN_KEY}" \
-e AWS_KMS_PKCS11_CONF="/tmp/aws-kms-pkcs11-conf" \
-e OUTPUT_DIR="/tmp/output" \
-e AWS_KMS_PKCS11_CONF="${AWS_KMS_PKCS11_CONF}" \
-e OUTPUT_DIR="${OUTPUT_DIR}" \
-w /tmp \
"${SDK_IMAGE}" bash /tmp/sbkeys
"${SDK_IMAGE}" bash "${SBKEYS_SCRIPT}"
else
export PK_CA KEK_CA DB_CA VENDOR_CA
export CODE_SIGN_KEY CONFIG_SIGN_KEY SHIM_SIGN_KEY
Expand Down
9 changes: 4 additions & 5 deletions sbkeys/generate-local-sbkeys
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,10 @@ if [ -n "${SDK_IMAGE:-}" ] ; then
docker run -a stdin -a stdout -a stderr --rm \
--user "$(id -u):$(id -g)" \
--security-opt label:disable \
-v "${OUTPUT_DIR}":/tmp/output \
-v "${SBKEYS_SCRIPT}":/tmp/sbkeys \
-e OUTPUT_DIR="/tmp/output" \
-w /tmp \
"${SDK_IMAGE}" bash /tmp/sbkeys
-v "${OUTPUT_DIR}":"${OUTPUT_DIR}" \
-v "${SBKEYS_SCRIPT}":"${SBKEYS_SCRIPT}" \
-e OUTPUT_DIR="${OUTPUT_DIR}" \
"${SDK_IMAGE}" bash "${SBKEYS_SCRIPT}"
else
export OUTPUT_DIR
bash "${SBKEYS_SCRIPT}"
Expand Down

0 comments on commit a8259be

Please sign in to comment.