Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

workflows: yocto-build-deploy: add PKI signing key ID #474

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

alexgg
Copy link
Collaborator

@alexgg alexgg commented Dec 18, 2024

Change-type: patch

@alexgg alexgg marked this pull request as draft December 18, 2024 12:59
@alexgg alexgg temporarily deployed to balena-staging.com December 18, 2024 12:59 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 18, 2024 13:32 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 18, 2024 13:32 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 18, 2024 13:32 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-staging.com December 18, 2024 15:18 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 18, 2024 15:51 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 18, 2024 15:51 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 18, 2024 15:51 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-staging.com December 19, 2024 11:12 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 19, 2024 11:45 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 19, 2024 11:45 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-staging.com December 20, 2024 10:27 — with GitHub Actions Inactive
@alexgg alexgg marked this pull request as ready for review December 20, 2024 10:39
@alexgg alexgg temporarily deployed to balena-cloud.com December 20, 2024 11:31 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 20, 2024 11:31 — with GitHub Actions Inactive
@alexgg alexgg temporarily deployed to balena-cloud.com December 20, 2024 11:31 — with GitHub Actions Inactive
@klutchell
Copy link
Contributor

klutchell commented Dec 20, 2024

Before merging this, we should probably define the variable in the repository for safe-settings to apply.

So you'll need a top-level variables property here or here.

I guess you have the default in place, so we don't have to wait. Is that default meant to apply to all device repos?

This allows the build step to access private repositories via SSH.

Change-type: patch
Signed-off-by: Alex Gonzalez <[email protected]>
Change-type: patch
Signed-off-by: Alex Gonzalez <[email protected]>
This allows to set specific environments for custom secrets support.

Change-type: patch
Signed-off-by: Alex Gonzalez <[email protected]>
Secure boots builds used to end up with a mismatch between the kernel
and modules signatures because of the use of cache - to avoid this we
temporarily forced builds without cache.

With the fix in meta-balena 389054e84c0b1fd382d737c39fb2bb02c2b3e9b2,
kernel modules are always set not to use cache and this problem should
no longer happen.

At least during the i.MX secure boot local builds with cache never hit
the problem.

Remove the setting not to use cache.

Change-type: revert to building secure boot with cache
Signed-off-by: Alex Gonzalez <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants