Skip to content

Commit

Permalink
Revert "Support to use the same certificate to sign image (sonic-net#140
Browse files Browse the repository at this point in the history
)" (sonic-net#156)

This reverts commit 17aa5f2.
  • Loading branch information
qiluo-msft authored Sep 1, 2020
1 parent cb33950 commit 4a31bbc
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 46 deletions.
15 changes: 1 addition & 14 deletions jenkins/broadcom/buildimage-brcm-all-pr/Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,6 @@ pipeline {

}

environment {
TMP_PATH=sh(script: "mktemp -d", returnStdout: true).trim()
}

stages {
stage('Prepare') {
steps {
Expand All @@ -28,23 +24,17 @@ pipeline {
}

stage('Build') {
options {
azureKeyVault([[envVariable: 'PFX_FILE', name: 'sonic-signing-cert', secretType: 'Certificate']])
}
steps {
sh '''#!/bin/bash -xe
git submodule foreach --recursive '[ -f .git ] && echo "gitdir: $(realpath --relative-to=. $(cut -d" " -f2 .git))" > .git'
scripts/convert-pfx-cert-format.sh -p $PFX_FILE -k $TMP_PATH/signing.key -c $TMP_PATH/signing.cert -a $TMP_PATH/ca.cert
SONIC_OVERRIDE_BUILD_VARS="SIGNING_KEY=/tmp/certs/signing.key SIGNING_CERT=/tmp/certs/signing.cert CA_CERT=/tmp/certs/ca.cert"
DOCKER_BUILDER_MOUNT="$(pwd):/sonic -v $TMP_PATH:/tmp/certs"
CACHE_OPTIONS="SONIC_DPKG_CACHE_METHOD=rcache SONIC_DPKG_CACHE_SOURCE=/nfs/dpkg_cache/broadcom"
make configure PLATFORM=broadcom
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS target/sonic-broadcom.bin
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS target/sonic-broadcom.raw
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS ENABLE_IMAGE_SIGNATURE=y SONIC_OVERRIDE_BUILD_VARS="${SONIC_OVERRIDE_BUILD_VARS}" DOCKER_BUILDER_MOUNT="${DOCKER_BUILDER_MOUNT}" target/sonic-aboot-broadcom.swi
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS ENABLE_IMAGE_SIGNATURE=y target/sonic-aboot-broadcom.swi
'''
}
}
Expand All @@ -58,8 +48,5 @@ make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS ENABLE_IMAGE_SIGNATURE=y SONIC_OVE
success {
archiveArtifacts(artifacts: 'target/**')
}
cleanup {
sh "[ -d $TMP_PATH ] && rm -rf $TMP_PATH"
}
}
}
14 changes: 1 addition & 13 deletions jenkins/broadcom/buildimage-brcm-all-released-pr/Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@ pipeline {
buildDiscarder(logRotator(artifactDaysToKeepStr: '', artifactNumToKeepStr: '', daysToKeepStr: '', numToKeepStr: '60'))

}
environment {
TMP_PATH=sh(script: "mktemp -d", returnStdout: true).trim()
}

stages {
stage('Prepare') {
Expand All @@ -27,22 +24,16 @@ pipeline {
}

stage('Build') {
options {
azureKeyVault([[envVariable: 'PFX_FILE', name: 'sonic-signing-cert', secretType: 'Certificate']])
}
steps {
sh '''#!/bin/bash -xe
git submodule foreach --recursive '[ -f .git ] && echo "gitdir: $(realpath --relative-to=. $(cut -d" " -f2 .git))" > .git'
make configure PLATFORM=broadcom
scripts/convert-pfx-cert-format.sh -p $PFX_FILE -k $TMP_PATH/signing.key -c $TMP_PATH/signing.cert -a $TMP_PATH/ca.cert
SONIC_OVERRIDE_BUILD_VARS="SIGNING_KEY=/tmp/certs/signing.key SIGNING_CERT=/tmp/certs/signing.cert CA_CERT=/tmp/certs/ca.cert"
DOCKER_BUILDER_MOUNT="$(pwd):/sonic -v $TMP_PATH:/tmp/certs"
make SONIC_CONFIG_BUILD_JOBS=1 target/sonic-broadcom.bin
make SONIC_CONFIG_BUILD_JOBS=1 target/sonic-broadcom.raw
make SONIC_CONFIG_BUILD_JOBS=1 ENABLE_IMAGE_SIGNATURE=y SONIC_OVERRIDE_BUILD_VARS="${SONIC_OVERRIDE_BUILD_VARS}" DOCKER_BUILDER_MOUNT="${DOCKER_BUILDER_MOUNT}" target/sonic-aboot-broadcom.swi
make SONIC_CONFIG_BUILD_JOBS=1 ENABLE_IMAGE_SIGNATURE=y target/sonic-aboot-broadcom.swi
'''
}
}
Expand All @@ -53,8 +44,5 @@ make SONIC_CONFIG_BUILD_JOBS=1 ENABLE_IMAGE_SIGNATURE=y SONIC_OVERRIDE_BUILD_VAR
success {
archiveArtifacts(artifacts: 'target/**')
}
cleanup {
sh "[ -d $TMP_PATH ] && rm -rf $TMP_PATH"
}
}
}
10 changes: 1 addition & 9 deletions jenkins/broadcom/buildimage-brcm-all/Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ pipeline {

environment {
SONIC_TEAM_WEBHOOK = credentials('public-jenkins-builder')
TMP_PATH=sh(script: "mktemp -d", returnStdout: true).trim()
}

triggers {
Expand All @@ -33,23 +32,17 @@ pipeline {
}

stage('Build') {
options {
azureKeyVault([[envVariable: 'PFX_FILE', name: 'sonic-signing-cert', secretType: 'Certificate']])
}
steps {
sh '''#!/bin/bash -xe
git submodule foreach --recursive '[ -f .git ] && echo "gitdir: $(realpath --relative-to=. $(cut -d" " -f2 .git))" > .git'
scripts/convert-pfx-cert-format.sh -p $PFX_FILE -k $TMP_PATH/signing.key -c $TMP_PATH/signing.cert -a $TMP_PATH/ca.cert
SONIC_OVERRIDE_BUILD_VARS="SIGNING_KEY=/tmp/certs/signing.key SIGNING_CERT=/tmp/certs/signing.cert CA_CERT=/tmp/certs/ca.cert"
DOCKER_BUILDER_MOUNT="$(pwd):/sonic -v $TMP_PATH:/tmp/certs"
CACHE_OPTIONS="SONIC_DPKG_CACHE_METHOD=wcache SONIC_DPKG_CACHE_SOURCE=/nfs/dpkg_cache/broadcom"
make configure PLATFORM=broadcom
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS INSTALL_DEBUG_TOOLS=y target/sonic-broadcom.bin
mv target/sonic-broadcom.bin target/sonic-broadcom-dbg.bin
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS target/sonic-broadcom.bin
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS ENABLE_IMAGE_SIGNATURE=y SONIC_OVERRIDE_BUILD_VARS="${SONIC_OVERRIDE_BUILD_VARS}" DOCKER_BUILDER_MOUNT="${DOCKER_BUILDER_MOUNT}" target/sonic-aboot-broadcom.swi
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS ENABLE_IMAGE_SIGNATURE=y target/sonic-aboot-broadcom.swi
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS target/sonic-broadcom.raw
make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS target/docker-syncd-brcm-rpc.gz target/docker-ptf-brcm.gz target/docker-saiserver-brcm.gz
'''
Expand All @@ -72,7 +65,6 @@ make SONIC_CONFIG_BUILD_JOBS=1 $CACHE_OPTIONS target/docker-syncd-brcm-rpc.gz ta
}
cleanup {
cleanWs(disableDeferredWipeout: false, deleteDirs: true, notFailBuild: true)
sh "[ -d $TMP_PATH ] && rm -rf $TMP_PATH"
}
}
}
11 changes: 1 addition & 10 deletions jenkins/broadcom/buildimage-brcm-buster/Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ pipeline {

environment {
SONIC_TEAM_WEBHOOK = credentials('public-jenkins-builder')
TMP_PATH=sh(script: "mktemp -d", returnStdout: true).trim()
}

triggers {
Expand All @@ -33,22 +32,15 @@ pipeline {
}

stage('Build') {
options {
azureKeyVault([[envVariable: 'PFX_FILE', name: 'sonic-signing-cert', secretType: 'Certificate']])
}
steps {
sh '''#!/bin/bash -xe
git submodule foreach --recursive '[ -f .git ] && echo "gitdir: $(realpath --relative-to=. $(cut -d" " -f2 .git))" > .git'
make configure PLATFORM=broadcom
scripts/convert-pfx-cert-format.sh -p $PFX_FILE -k $TMP_PATH/signing.key -c $TMP_PATH/signing.cert -a $TMP_PATH/ca.cert
SONIC_OVERRIDE_BUILD_VARS="SIGNING_KEY=/tmp/certs/signing.key SIGNING_CERT=/tmp/certs/signing.cert CA_CERT=/tmp/certs/ca.cert"
DOCKER_BUILDER_MOUNT="$(pwd):/sonic -v $TMP_PATH:/tmp/certs"
CACHE_OPTIONS="SONIC_DPKG_CACHE_METHOD=rwcache SONIC_DPKG_CACHE_SOURCE=/nfs/dpkg_cache/broadcom"
make SONIC_CONFIG_BUILD_JOBS=1 INSTALL_DEBUG_TOOLS=y $CACHE_OPTIONS target/sonic-broadcom.bin
# make SONIC_CONFIG_BUILD_JOBS=1 ENABLE_IMAGE_SIGNATURE=y SONIC_OVERRIDE_BUILD_VARS="${SONIC_OVERRIDE_BUILD_VARS}" DOCKER_BUILDER_MOUNT="${DOCKER_BUILDER_MOUNT}" target/sonic-aboot-broadcom.swi
# make SONIC_CONFIG_BUILD_JOBS=1 ENABLE_IMAGE_SIGNATURE=y target/sonic-aboot-broadcom.swi
# make SONIC_CONFIG_BUILD_JOBS=1 target/sonic-broadcom.raw
# make SONIC_CONFIG_BUILD_JOBS=1 target/docker-syncd-brcm-rpc.gz target/docker-ptf-brcm.gz target/docker-saiserver-brcm.gz
'''
Expand All @@ -71,7 +63,6 @@ make SONIC_CONFIG_BUILD_JOBS=1 INSTALL_DEBUG_TOOLS=y $CACHE_OPTIONS target/sonic
}
cleanup {
cleanWs(disableDeferredWipeout: false, deleteDirs: true, notFailBuild: true)
sh "[ -d $TMP_PATH ] && rm -rf $TMP_PATH"
}
}
}

0 comments on commit 4a31bbc

Please sign in to comment.