cache/determinism fixes and doc updates
This commit is contained in:
parent
74bf27bc66
commit
721ffad1f0
8
Makefile
8
Makefile
|
@ -8,8 +8,9 @@ export
|
|||
|
||||
## Use env vars from latest release when reproducing
|
||||
ifdef REPRODUCE
|
||||
include dist/release.env
|
||||
export
|
||||
include dist/release.env
|
||||
NO_CACHE := --no-cache
|
||||
export
|
||||
endif
|
||||
|
||||
.DEFAULT_GOAL :=
|
||||
|
@ -24,12 +25,13 @@ default: \
|
|||
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
|
||||
docker build \
|
||||
--progress=plain \
|
||||
--output type=local,dest=out \
|
||||
--output type=local,rewrite-timestamp=true,dest=out \
|
||||
--build-arg VERSION="$(VERSION)" \
|
||||
--build-arg GIT_REF="$(GIT_REF)" \
|
||||
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
|
||||
--build-arg GIT_KEY="$(GIT_KEY)" \
|
||||
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
|
||||
$(NO_CACHE) \
|
||||
-f Containerfile \
|
||||
.
|
||||
|
||||
|
|
12
README.md
12
README.md
|
@ -66,6 +66,18 @@ make attest
|
|||
make sign
|
||||
```
|
||||
|
||||
## Provisioning ##
|
||||
|
||||
1. Write airgap.iso to CD-ROM or SD Card
|
||||
a. `dd if=out/airgap.iso of=/dev/sda bs=1M conv=sync status=progress`
|
||||
b. `cdrecord out/airgap.iso`
|
||||
|
||||
2. Verify media still produces expected hash
|
||||
```
|
||||
sha256sum out/airgap.iso
|
||||
head -c $(stat -c '%s' airgap.iso) /dev/sda | sha256sum
|
||||
```
|
||||
|
||||
## Setup ##
|
||||
|
||||
Assumes target is running Pureboot or Coreboot/heads
|
||||
|
|
Loading…
Reference in New Issue