Commit df64f377 authored by Ophélie Gagnard's avatar Ophélie Gagnard

WIP: Implement keys management.

parent fc021f50
...@@ -46,9 +46,14 @@ install-no-dracut: ...@@ -46,9 +46,14 @@ install-no-dracut:
install -d $(DESTDIR)$(PREFIX)/lib install -d $(DESTDIR)$(PREFIX)/lib
install -m 644 lib/fluentbit_wendelin.so $(DESTDIR)$(PREFIX)/lib/fluentbit_wendelin.so install -m 644 lib/fluentbit_wendelin.so $(DESTDIR)$(PREFIX)/lib/fluentbit_wendelin.so
uninstall-no-dracut:
rm -rf $(DESTDIR)$(PREFIX)/bin
rm -rf $(DESTDIT)$(PREFIX)/etc
rm -rf $(DESTDIR)$(PREFIX)/lib
no-dracut: bin/metadata-collect-agent lib/fluentbit_wendelin.so bin/fluent-bit no-dracut: bin/metadata-collect-agent lib/fluentbit_wendelin.so bin/fluent-bit
clean-no-dracut: clean-no-dracut: uninstall-no-dracut
rm -rf build/ rm -rf build/
rm -rf bin/ rm -rf bin/
rm -rf lib/ rm -rf lib/
...@@ -75,14 +80,61 @@ install-dracut-module: ...@@ -75,14 +80,61 @@ install-dracut-module:
install -m 644 dracut.module/90metadata-collect/fluentbit_wendelin.so /usr/lib/dracut/module.d/90metadata-collect/ install -m 644 dracut.module/90metadata-collect/fluentbit_wendelin.so /usr/lib/dracut/module.d/90metadata-collect/
install -m 744 dracut.module/90metadata-collect/fluent-bit /usr/lib/dracut/module.d/90metadata-collect/ install -m 744 dracut.module/90metadata-collect/fluent-bit /usr/lib/dracut/module.d/90metadata-collect/
clean-dracut: uninstall-dracut-module:
rm -rf /usr/lib/dracut/module.d/90metadata-collect
rm -f dracut.module/90metadata-collect/collect.sh rm -f dracut.module/90metadata-collect/collect.sh
rm -f dracut.module/90metadata-collect/flb.conf rm -f dracut.module/90metadata-collect/flb.conf
rm -f dracut.module/90metadata-collect/metadata-collect-agent rm -f dracut.module/90metadata-collect/metadata-collect-agent
rm -f dracut.module/90metadata-collect/fluentbit_wendelin.so rm -f dracut.module/90metadata-collect/fluentbit_wendelin.so
rm -f dracut.module/90metadata-collect/fluent-bit rm -f dracut.module/90metadata-collect/fluent-bit
clean: clean-no-dracut clean-dracut clean-dracut: uninstall-dracut-module
rm -rf /usr/lib/dracut/module.d/90metadata-collect
uefi-keys/:
mkdir -p build/uefi-keys/ ;\
cp installation/mkkeys.sh build/uefi-keys/ ;\
cd build/uefi-keys/ ;\
./mkkeys.sh
install -d uefi-keys/
install -d KEYS_to-save-elswhere-and-shred/
cp build/uefi-keys/DB.cer uefi-keys/
cp build/uefi-keys/DB.crt uefi-keys/
cp build/uefi-keys/DB.key uefi-keys/
rm -f build/uefi-keys/mkkeys.sh
mv build/uefi-keys/* KEYS_to-save-elswhere-and-shred/
# TO USE YOUR OWN KEYS (recommanded), CREATE THE uefi-keys DIRECTORY *BEFORE* USING MAKE
generate-keys: uefi-keys/
install-keys:
uninstall-keys:
clean-keys:
shred -uf uefi-keys/*
rm -rf uefi-keys/
shred -uf KEYS_to-save-elsewhere-and-shred/*
rm -rf KEYS_to-save-elsewhere-and-shred/*
shred -uf uefi-keys/DB.cer uefi-keys/DB.crt uefi-keys/DB.key
shred -uf KEYS_to-save-elsewhere-and-shred/DB.auth
shred -uf KEYS_to-save-elsewhere-and-shred/DB.cer
shred -uf KEYS_to-save-elsewhere-and-shred/DB.crt
shred -uf KEYS_to-save-elsewhere-and-shred/DB.esl
shred -uf KEYS_to-save-elsewhere-and-shred/DB.key
shred -uf KEYS_to-save-elsewhere-and-shred/KEK.auth
shred -uf KEYS_to-save-elsewhere-and-shred/KEK.cer
shred -uf KEYS_to-save-elsewhere-and-shred/KEK.crt
shred -uf KEYS_to-save-elsewhere-and-shred/KEK.esl
shred -uf KEYS_to-save-elsewhere-and-shred/KEK.key
shred -uf KEYS_to-save-elsewhere-and-shred/PK.auth
shred -uf KEYS_to-save-elsewhere-and-shred/PK.cer
shred -uf KEYS_to-save-elsewhere-and-shred/PK.crt
shred -uf KEYS_to-save-elsewhere-and-shred/PK.esl
shred -uf KEYS_to-save-elsewhere-and-shred/PK.key
shred -uf KEYS_to-save-elsewhere-and-shred/myGUID.txt
shred -uf KEYS_to-save-elsewhere-and-shred/noPK.auth
shred -uf KEYS_to-save-elsewhere-and-shred/DB.auth
clean: clean-no-dracut clean-dracut clean-keys
.PHONY: no-dracut install-no-dracut clean-no-dracut dracut-module install-dracut-module .PHONY: no-dracut install-no-dracut uninstall-no-dracut clean-no-dracut dracut-module install-dracut-module uninstall-dracut-module generate-keys install-keys uninstall-keys clean-keys
...@@ -5,6 +5,6 @@ reproducible=yes ...@@ -5,6 +5,6 @@ reproducible=yes
compress=xz compress=xz
uefi=yes uefi=yes
uefi_stub=/usr/lib/systemd/boot/efi/linuxx64.efi.stub uefi_stub=/usr/lib/systemd/boot/efi/linuxx64.efi.stub
uefi_secureboot_cert=/etc/uefi-key/db.crt uefi_secureboot_cert=/etc/uefi-keys/db.crt
uefi_secureboot_key=/etc/uefi-key/db.key uefi_secureboot_key=/etc/uefi-keys/db.key
add_dracutmodules="metadata-collect" add_dracutmodules="metadata-collect"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment