Skip to content

Several adjustments/fixes #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Several adjustments/fixes #1

wants to merge 10 commits into from

Conversation

marmarek
Copy link
Member

See individual commit messages for details.

@marmarek
Fix handling linux/xen version
e17fa16 
Use .fcXX directly, instead of %{?dist}, as the latter may have "devel"
build number added by the qubes-builder.
Append .fcXX to XEN_VERSION/LINUX_VERSION directly.
This avoids repeating the same pattern over and over.
@marmarek
Reduce build dependencies
7387d5d 
Since actual pesign is called via socket/qrexec, it isn't really a
direct build dependency - remove it.
@marmarek
Reformat %build section
b77e308 
Wrap long lines to ease reading.
No functional change.
@marmarek
Increase signing timeout
8e8e1a8 
socat has 0.5s timeout by default, which means it will exit after 0.5s
since finishing sending the data. When signing with a HVM, this is too
little and exits before receiving signed file.

Increase the timeout to 30s.
@marmarek
Fail the build if signing fails
8753a3c 
socat (and socket forwarding in general) does not carry over qrexec
service exit code. The service is written in a way to not output
anything if signing fails, so simply check for non-emptiness of the
result.

QubesOS/qubes-issues#8206
@marmarek
Package the signed file
ed6d896 
Perviously, only unsigned file was packages, even though signed one was
next to it. Package the signed one instead.

QubesOS/qubes-issues#8206
@marmarek
Bump version to Xen 4.19.1-2 and Linux 6.12.5-2
7efc1af
@marmarek
Move qubes-builderv2 setup instructions to qubes-builderv2 docs
2c46f07 
It makes more sense there. This includes also removing
qubes-pesign.service from here, and converting it to systemd socket
service while moving.

QubesOS/qubes-issues#8206
@marmarek marmarek mentioned this pull request Jan 10, 2025
Open
@marmarek
Copy link
Member Author

PipelineRetry

@marmarek
ci: allow choosing CI branch
2b4792f
@marmarek
ci: disable repro job, enable repo for openqa
50c4472 
Testing reproducibility doesn't make much sense here, as reproducing the
package requires access to the signing key.
@marmarek marmarek mentioned this pull request Jan 18, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@marmarek