Skip to content

shim: skip verification for multiple signatures once one of them is matched #851

shim: skip verification for multiple signatures once one of them is matched

shim: skip verification for multiple signatures once one of them is matched #851

Workflow file for this run

name: pull-request
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
cross-build-pull-request:
runs-on: ubuntu-20.04
container: vathpela/efi-ci:${{ matrix.distro }}-x64
name: ${{ matrix.distro }} ${{ matrix.efiarch }} cross-build
strategy:
fail-fast: false
matrix:
include:
- arch: amd64
efiarch: aa64
gccarch: aarch64
makearch: aarch64
distro: f36
- arch: amd64
efiarch: aa64
gccarch: aarch64
makearch: aarch64
distro: f35
- arch: amd64
efiarch: arm
gccarch: arm
makearch: arm
distro: f36
- arch: amd64
efiarch: arm
gccarch: arm
makearch: arm
distro: f35
- arch: amd64
efiarch: arm
gccarch: arm
makearch: arm
distro: f34
- arch: amd64
efiarch: x64
gccarch: x86_64
makearch: x86_64
distro: f36
- arch: amd64
efiarch: x64
gccarch: x86_64
makearch: x86_64
distro: f35
- arch: amd64
efiarch: x64
gccarch: x86_64
makearch: x86_64
distro: f34
- arch: amd64
efiarch: ia32
gccarch: x86_64
makearch: ia32
distro: f36
- arch: amd64
efiarch: ia32
gccarch: x86_64
makearch: ia32
distro: f35
- arch: amd64
efiarch: ia32
gccarch: x86_64
makearch: ia32
distro: f34
steps:
- name: Checkout
uses: actions/checkout@v2
with:
# otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger)
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
submodules: recursive
- name: Update submodules on ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: update-submodules
run: |
make update
- name: Make a build directory for ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: builddir
run: |
rm -rf build-${{ matrix.distro }}-${{ matrix.efiarch }}
mkdir build-${{ matrix.distro }}-${{ matrix.efiarch }}
cd build-${{ matrix.distro }}-${{ matrix.efiarch }}
- name: Do the build on ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: build
run: |
pwd
cd build-${{ matrix.distro }}-${{ matrix.efiarch }}
make TOPDIR=.. -f ../Makefile CROSS_COMPILE=${{ matrix.gccarch }}-linux-gnu- ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true all
- name: Install on ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: install
run: |
pwd
cd build-${{ matrix.distro }}-${{ matrix.efiarch }}
make TOPDIR=.. -f ../Makefile CROSS_COMPILE=${{ matrix.gccarch }}-linux-gnu- ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install
echo 'results:'
find /destdir -type f
build-pull-request-intel:
runs-on: ubuntu-20.04
container: vathpela/efi-ci:${{ matrix.distro }}-x64
name: ${{ matrix.distro }} ${{ matrix.efiarch }} build
strategy:
matrix:
include:
- arch: amd64
efiarch: x64
makearch: x86_64
distro: f36
- arch: amd64
efiarch: x64
makearch: x86_64
distro: f35
- arch: amd64
efiarch: x64
makearch: x86_64
distro: f34
- arch: amd64
efiarch: x64
makearch: x86_64
distro: centos9
- arch: amd64
efiarch: x64
makearch: x86_64
distro: centos8
- arch: amd64
efiarch: ia32
makearch: ia32
distro: f36
- arch: amd64
efiarch: ia32
makearch: ia32
distro: f35
- arch: amd64
efiarch: ia32
makearch: ia32
distro: f34
- arch: amd64
efiarch: ia32
makearch: ia32
distro: centos8
steps:
- name: Checkout
uses: actions/checkout@v2
with:
# otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger)
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
submodules: recursive
- name: Update submodules on ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: update-submodules
run: |
make update
- name: Do 'make clean' on ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: clean
run: |
make ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true clean
- name: Run tests on ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: test
run: |
make ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true test
- name: Do the build on ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: build
run: |
make ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true all
- name: Install on ${{ matrix.distro }} for ${{ matrix.efiarch }}
id: install
run: |
make ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install
echo 'results:'
find /destdir -type f