-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop tboot #2
Drop tboot #2
Conversation
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
Neither TBoot nor TrenchBoot extend PCR19, which resulted in failure in sanity check. Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
494d7c3
to
f52c598
Compare
@SergiiDmytruk @TomaszAIR it seems qubes-dom0-package job does not correctly build AEM package. The resulting RPM does not contain changes from our fork (nor this PR) - checked by extracting the source from archive and by checking the RPM requirements (tboot still present). Do you have some ideas what is causing it? |
489812e
to
241b2f5
Compare
Not sure yet, trying it out locally (update: build finished without local changes in the package). I would expect build to fail if something went wrong with patches. I do see suspicious |
c17bf5b
to
6c33a39
Compare
I don't see patches being applied in the log, like this (from
Something might be missing from spec file. |
6c33a39
to
e50d4a2
Compare
This is full repo, not just a set of patches that should be applied on top of another base, so it is built differently. I'm pursuing some hacker approach, but I think we can also modify parameters set in |
fbaf6c0
to
6003e20
Compare
OK, now I have all the |
Building a package hardlinks components files to rootfs directory. Hardlinking works only within file-system. I found a way to make it apply patches: %prep
%patch 0 -p1
...
%patch 5 -p1 |
|
I thought By the way, |
e1778ae
to
90d84bb
Compare
90d84bb
to
4ee1c75
Compare
Seems I've got it to build with our changes. No patches are created, most annoying thing is that I had to disable checking for commit signatures with |
No description provided.