s390x: add ignition-gpg-key to schema

Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>
coreos · Feb 9, 2023 · 7a3f0be · 7a3f0be
1 parent f2d18c6
commit 7a3f0be
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 39 deletions.
diff --git a/pkg/builds/cosa_v1.go b/pkg/builds/cosa_v1.go
@@ -1,7 +1,7 @@
 package builds
 
 // generated by 'make schema'
-// source hash: ce57421ef973f926c59065fd4eb122d5d22fe76681f952376091631178ce5dc1
+// source hash: f8319b5162558461db9e0780f6b8a670e6e8bcaddc3bed4adf323cd2cdac8e00
 
 type AdvisoryDiff []AdvisoryDiffItems
 
@@ -83,36 +83,37 @@ type Build struct {
 }
 
 type BuildArtifacts struct {
-	Aliyun              *Artifact `json:"aliyun,omitempty"`
-	Aws                 *Artifact `json:"aws,omitempty"`
-	Azure               *Artifact `json:"azure,omitempty"`
-	AzureStack          *Artifact `json:"azurestack,omitempty"`
-	Dasd                *Artifact `json:"dasd,omitempty"`
-	DigitalOcean        *Artifact `json:"digitalocean,omitempty"`
-	Exoscale            *Artifact `json:"exoscale,omitempty"`
-	ExtensionsContainer *Artifact `json:"extensions-container,omitempty"`
-	Gcp                 *Artifact `json:"gcp,omitempty"`
-	IbmCloud            *Artifact `json:"ibmcloud,omitempty"`
-	Initramfs           *Artifact `json:"initramfs,omitempty"`
-	Iso                 *Artifact `json:"iso,omitempty"`
-	Kernel              *Artifact `json:"kernel,omitempty"`
-	KubeVirt            *Artifact `json:"kubevirt,omitempty"`
-	LegacyOscontainer   *Artifact `json:"legacy-oscontainer,omitempty"`
-	LiveInitramfs       *Artifact `json:"live-initramfs,omitempty"`
-	LiveIso             *Artifact `json:"live-iso,omitempty"`
-	LiveKernel          *Artifact `json:"live-kernel,omitempty"`
-	LiveRootfs          *Artifact `json:"live-rootfs,omitempty"`
-	Metal               *Artifact `json:"metal,omitempty"`
-	Metal4KNative       *Artifact `json:"metal4k,omitempty"`
-	Nutanix             *Artifact `json:"nutanix,omitempty"`
-	OpenStack           *Artifact `json:"openstack,omitempty"`
-	Ostree              Artifact  `json:"ostree"`
-	PowerVirtualServer  *Artifact `json:"powervs,omitempty"`
-	Qemu                *Artifact `json:"qemu,omitempty"`
-	SecureExecutionQemu *Artifact `json:"qemu-secex,omitempty"`
-	VirtualBox          *Artifact `json:"virtualbox,omitempty"`
-	Vmware              *Artifact `json:"vmware,omitempty"`
-	Vultr               *Artifact `json:"vultr,omitempty"`
+	Aliyun                              *Artifact `json:"aliyun,omitempty"`
+	Aws                                 *Artifact `json:"aws,omitempty"`
+	Azure                               *Artifact `json:"azure,omitempty"`
+	AzureStack                          *Artifact `json:"azurestack,omitempty"`
+	Dasd                                *Artifact `json:"dasd,omitempty"`
+	DigitalOcean                        *Artifact `json:"digitalocean,omitempty"`
+	Exoscale                            *Artifact `json:"exoscale,omitempty"`
+	ExtensionsContainer                 *Artifact `json:"extensions-container,omitempty"`
+	Gcp                                 *Artifact `json:"gcp,omitempty"`
+	IbmCloud                            *Artifact `json:"ibmcloud,omitempty"`
+	Initramfs                           *Artifact `json:"initramfs,omitempty"`
+	Iso                                 *Artifact `json:"iso,omitempty"`
+	Kernel                              *Artifact `json:"kernel,omitempty"`
+	KubeVirt                            *Artifact `json:"kubevirt,omitempty"`
+	LegacyOscontainer                   *Artifact `json:"legacy-oscontainer,omitempty"`
+	LiveInitramfs                       *Artifact `json:"live-initramfs,omitempty"`
+	LiveIso                             *Artifact `json:"live-iso,omitempty"`
+	LiveKernel                          *Artifact `json:"live-kernel,omitempty"`
+	LiveRootfs                          *Artifact `json:"live-rootfs,omitempty"`
+	Metal                               *Artifact `json:"metal,omitempty"`
+	Metal4KNative                       *Artifact `json:"metal4k,omitempty"`
+	Nutanix                             *Artifact `json:"nutanix,omitempty"`
+	OpenStack                           *Artifact `json:"openstack,omitempty"`
+	Ostree                              Artifact  `json:"ostree"`
+	PowerVirtualServer                  *Artifact `json:"powervs,omitempty"`
+	Qemu                                *Artifact `json:"qemu,omitempty"`
+	SecureExecutionIgnitionGpgPublicKey *Artifact `json:"ignition-gpg-key,omitempty"`
+	SecureExecutionQemu                 *Artifact `json:"qemu-secex,omitempty"`
+	VirtualBox                          *Artifact `json:"virtualbox,omitempty"`
+	Vmware                              *Artifact `json:"vmware,omitempty"`
+	Vultr                               *Artifact `json:"vultr,omitempty"`
 }
 
 type Cloudartifact struct {

diff --git a/pkg/builds/schema_doc.go b/pkg/builds/schema_doc.go
@@ -1,5 +1,5 @@
 // Generated by ./generate-schema.sh
-// Source hash: ce57421ef973f926c59065fd4eb122d5d22fe76681f952376091631178ce5dc1
+// Source hash: f8319b5162558461db9e0780f6b8a670e6e8bcaddc3bed4adf323cd2cdac8e00
 // DO NOT EDIT
 
 package builds
@@ -477,7 +477,8 @@ var generatedSchemaJSON = `{
         "virtualbox",
         "vmware",
         "vultr",
-        "qemu-secex"
+        "qemu-secex",
+        "ignition-gpg-key"
       ],
       "properties": {
         "ostree": {
@@ -522,6 +523,12 @@ var generatedSchemaJSON = `{
           "title": "Secure Execution Qemu",
           "$ref": "#/definitions/artifact"
         },
+	"ignition-gpg-key": {
+          "$id": "#/properties/images/properties/ignition-gpg-key",
+          "type": "object",
+          "title": "Secure Execution Ignition GPG public key",
+          "$ref": "#/definitions/artifact"
+        },
         "metal": {
           "$id": "#/properties/images/properties/metal",
           "type": "object",

diff --git a/src/cmd-buildextend-metal b/src/cmd-buildextend-metal
@@ -289,13 +289,27 @@ j['images']['${image_type}${image_suffix}'] = {
 json.dump(j, sys.stdout, indent=4)
 " | jq -s add > "meta.json.new"
 
+# one more artifact for Secure Execution
+if [[ -n "${ignition_pubkey}" ]]; then
+    gpg_key=${name}-${build}-ignition-secex-key.gpg.pub
+    cat "meta.json.new" | python3 -c "
+import sys, json
+j = json.load(sys.stdin)
+j['images']['ignition-gpg-key'] = {
+    'path': '${gpg_key}',
+    'sha256': '$(sha256sum_str < "${ignition_pubkey}")',
+    'size': $(stat -c '%s' "${ignition_pubkey}")
+}
+json.dump(j, sys.stdout, indent=4)
+" | jq -s add > "key.json"
+    mv key.json meta.json.new
+    /usr/lib/coreos-assembler/finalize-artifact "${ignition_pubkey}" "${builddir}/${gpg_key}"
+fi
+
 # and now the crucial bits
 cosa meta --workdir "${workdir}" --build "${build}" --artifact "${image_type}" --artifact-json "$(readlink -f meta.json.new)"
 /usr/lib/coreos-assembler/finalize-artifact "${img}" "${builddir}/${img}"
 
-if [[ -n "${ignition_pubkey}" ]]; then
-    /usr/lib/coreos-assembler/finalize-artifact "${ignition_pubkey}" "${builddir}/ignition.gpg.pub"
-fi
 # Quiet for the rest of this so the last thing we see is a success message
 set +x
 # clean up the tmpild

diff --git a/src/cmd-generate-release-meta b/src/cmd-generate-release-meta
@@ -155,8 +155,9 @@ def append_build(out, input_):
                     "url": cloud_dict[url_field]
                 }
     # IBM Secure Execution specific additions
-    if input_.get("images", {}).get("qemu-secex", None) is not None:
-        arch_dict["media"]["qemu-secex"]["artifacts"]["ignition-gpg-key"] = url_builder(out.get('stream'), out.get('release'), arch, "ignition.gpg.pub")
+    i = input_.get("images", {}).get("ignition-gpg-key", None)
+    if i is not None:
+        arch_dict["media"].setdefault("ignition-gpg-key", {}).update(artifact(i))
 
     # GCP specific additions
     if input_.get("gcp", None) is not None:

diff --git a/src/v1.json b/src/v1.json
@@ -471,7 +471,8 @@
         "virtualbox",
         "vmware",
         "vultr",
-        "qemu-secex"
+        "qemu-secex",
+        "ignition-gpg-key"
       ],
       "properties": {
         "ostree": {
@@ -516,6 +517,12 @@
           "title": "Secure Execution Qemu",
           "$ref": "#/definitions/artifact"
         },
+	"ignition-gpg-key": {
+          "$id": "#/properties/images/properties/ignition-gpg-key",
+          "type": "object",
+          "title": "Secure Execution Ignition GPG public key",
+          "$ref": "#/definitions/artifact"
+        },
         "metal": {
           "$id": "#/properties/images/properties/metal",
           "type": "object",