From 92d900ba2f71e867d1ea672d8716bcac4fe54f35 Mon Sep 17 00:00:00 2001
From: Samuel Dolt <samuel.dolt@netmodule.com>
Date: Mon, 30 Jan 2023 15:31:13 +0100
Subject: [PATCH] fix(coreos-efi-secureboot): only install sb key if needed

Checking for COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR
was not done properly resulting of the key always being
installed inside the EFI partition.
---
 .../classes/coreos-efi-secureboot.bbclass            |  4 ++--
 .../classes/coreos-image-ci.bbclass                  | 12 +++++-------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/layers/meta-belden-coreos-bsp/classes/coreos-efi-secureboot.bbclass b/layers/meta-belden-coreos-bsp/classes/coreos-efi-secureboot.bbclass
index 20a8e94..d95beeb 100644
--- a/layers/meta-belden-coreos-bsp/classes/coreos-efi-secureboot.bbclass
+++ b/layers/meta-belden-coreos-bsp/classes/coreos-efi-secureboot.bbclass
@@ -18,14 +18,14 @@ HOSTTOOLS += "sbsign"
 # before running wic
 do_image_wic[depends] += "efi-secureboot-keys:do_deploy"
 
-
+COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR ??= "0"
 def get_coreos_secureboot_efi_boot_files(d):
     """
         Return the list of pubkey file inside deploy if 
         COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR is set or an empty string
         otherwise
     """
-    if d.getVar('COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR', True):
+    if d.getVar('COREOS_EFI_SECUREBOOT_INSTALL_PUBKEY_IN_EFIDIR') == '1':
         return "db.auth KEK.auth PK.auth db.esl KEK.esl PK.esl db.crt KEK.crt PK.crt db.der KEK.der PK.der"
     return ""
 
diff --git a/layers/meta-belden-coreos/classes/coreos-image-ci.bbclass b/layers/meta-belden-coreos/classes/coreos-image-ci.bbclass
index 35d6c22..82b5fc9 100644
--- a/layers/meta-belden-coreos/classes/coreos-image-ci.bbclass
+++ b/layers/meta-belden-coreos/classes/coreos-image-ci.bbclass
@@ -15,7 +15,7 @@ def get_coreos_ci_artifacts(d):
     
     if(bb.utils.contains('IMAGE_FSTYPES', 'oci', True, False, d)):
 
-        artifacts.append(d.getVar('IMAGE_NAME') + '.rootfs-oci.tar')
+        artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.rootfs-oci.tar')
         
         # Special case for container, we just need the OCI tarball
         return " ".join(artifacts)
@@ -24,13 +24,13 @@ def get_coreos_ci_artifacts(d):
     # ==========================================================================
 
     if(bb.utils.contains('IMAGE_FSTYPES', 'wic.xz', True, False, d)):
-        artifacts.append(d.getVar('IMAGE_NAME') + '.wic.xz')
+        artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.wic.xz')
     
     if(bb.utils.contains('IMAGE_FSTYPES', 'wic.bmap', True, False, d)):
-        artifacts.append(d.getVar('IMAGE_NAME') + '.wic.bmap')
+        artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.wic.bmap')
 
     if(d.getVar('COREOS_IMAGE_GENERATE_SWU') == '1'):
-        artifacts.append(d.getVar('IMAGE_NAME') + '.swu')
+        artifacts.append(d.getVar('IMAGE_LINK_NAME') + '.swu')
 
     # Kernel
     # ==========================================================================
@@ -78,13 +78,11 @@ COREOS_CI_DEPLOY_ARTIFACTS += "${@get_coreos_ci_artifacts(d)}"
 do_deploy_ci() {
     # Create the .ci-artifacts file inside the deploy directory
     cd "${DEPLOY_DIR_IMAGE}"
-    output="${IMAGE_NAME}.ci-artifacts"
+    output="${IMAGE_LINK_NAME}.ci-artifacts"
 
     rm -f "${output}"
     for file in ${COREOS_CI_DEPLOY_ARTIFACTS}; do
         echo $file >> $output
     done
-
-    ln -sf "${output}" "${IMAGE_LINK_NAME}.ci-artifacts"
 } 
 addtask deploy_ci after do_image before do_build
\ No newline at end of file