s390x: generate GPG keys for Ignition config protection #3055
Commits on Feb 16, 2023
-
s390x: generate GPG keys for Ignition config protection
During `cosa buildextend-secex` a pair of GPG keys is randomly generated, where private key becomes part of `sdboot` image, and public key becomes part of build artifacts. User than can encrypt his Ignition config: ``` gpg --recipient-file /path/to/ignition.gpg.pub --output /path/to/config.ign.gpg --armor --encrypt /path/to/config.ign ``` And attach it to `qemu-kvm` as a disk: ``` -drive if=none,id=ignition,format=raw,file=/path/to/config.ign.gpg,readonly=on \ -device virtio-blk,serial=ignition.gpg,iommu_platform=on,drive=ignition ```
-
s390x: add ignition-gpg-key to schema
Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>
-
s390x: support Ignition private key for official builds
Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.