55a6faf925
Why I did it [Ci]: Support to sign image for cisco-8000 uefi secure boot
34 lines
1.1 KiB
YAML
34 lines
1.1 KiB
YAML
parameters:
|
|
- name: connectionName
|
|
type: string
|
|
default: sonic-dev-connection
|
|
- name: kevaultName
|
|
type: string
|
|
default: sonic-kv
|
|
- name: certificateName
|
|
type: string
|
|
default: sonic-secure-boot
|
|
|
|
steps:
|
|
- task: AzureKeyVault@2
|
|
inputs:
|
|
connectedServiceName: ${{ parameters.connectionName }}
|
|
keyVaultName: ${{ parameters.kevaultName }}
|
|
secretsFilter: ${{ parameters.certificateName }}
|
|
|
|
- script: |
|
|
set -e
|
|
TMP_FILE=$(mktemp)
|
|
echo "$CERTIFICATE" | base64 -d > $TMP_FILE
|
|
sudo mkdir -p /etc/certificates
|
|
mkdir -p $(Build.StagingDirectory)/target
|
|
# Save the public key
|
|
openssl pkcs12 -in $TMP_FILE -clcerts --nokeys -nodes -passin pass: | sed -z -e "s/.*\(-----BEGIN CERTIFICATE\)/\1/" > $(SIGNING_CERT)
|
|
# Save the private key
|
|
openssl pkcs12 -in $TMP_FILE -nocerts -nodes -passin pass: | sed -z -e "s/.*\(-----BEGIN PRIVATE KEY\)/\1/" | sudo tee $(SIGNING_KEY) 1>/dev/null
|
|
ls -lt $(SIGNING_CERT) $(SIGNING_KEY)
|
|
rm $TMP_FILE
|
|
env:
|
|
CERTIFICATE: $(${{ parameters.certificateName }})
|
|
displayName: "Save certificate"
|