feat: Allow users to override secure boot key and password (#40)

* feat: Allow users to override secure boot key and password when using container or action * fix: follow redirects * chore: update docs * fix: added comments and removed additional \n * fix: removed defaults * fix: added conditional for adding public key * chore(ci): Added additional test for secure boot * chore(ci): fixed up workflows to match production * fix(ci): added workflow dispatch to test * fix(ci): fixed version and added IMAGE_TAG * chore(ci): changed to bluefin to test both 38 and 39 secure boot * chore(ci): added required variables to entrypoint * chore(ci): added merge_group and added paths-ignore * chore(ci): updated description * chore(ci): set to Silverblue since we are testing Bluefin * chore(ci): Fixed secure boot key not found error Received error in anaconda when check was hit, need to set as a soft failure to exit the script early without stopping anaconda installation. * chore: fixed formatting * chore: fixed whitespace * chore(ci): Removed duplicate test * chore: fix whitespace * chore(ci): fixed test and removed upload to Github Artifacts * chore: updated README * fix: set password to ublue default * fix: changed enrollment password in containerfile
2025-12-25 10:57:55 +01:00 · 2024-02-27 18:06:38 -06:00 · 2024-02-27 18:06:38 -06:00 · f70e8ea027
commit f70e8ea027
parent 3401b10c56
10 changed files with 99 additions and 39 deletions
--- a/README.md
+++ b/README.md
@ -37,19 +37,24 @@ sudo podman run --rm --privileged --volume .:/isogenerator/output -e VERSION=39
 ## Customizing
 The following variables can be used to customize the create image.

-| Variable          | Description                                              | Default Value          |
-| ----------------- | -------------------------------------------------------- | ---------------------- |
-| ARCH              | Architecture for image to build                          | x86_64                 |
-| VERSION           | Fedora version of installer to build                     | 39                     |
-| IMAGE_REPO        | Repository containing the source container image         | ghcr.io/ublue-os       |
-| IMAGE_NAME        | Name of the source container image                       | base-main              |
-| IMAGE_TAG         | Tag of the source container image                        | *VERSION*              |
-| EXTRA_BOOT_PARAMS | Extra params used by grub to boot the anaconda installer | \[empty\]              |
-| VARIANT           | Source container variant\*                               | Kinoite                |
-| WEB_UI            | Enable Anaconda WebUI (experimental)                     | false                  |
+| Variable            | Description                                                  | Default Value          |
+| -----------------   | ------------------------------------------------------------ | ---------------------- |
+| ARCH                | Architecture for image to build                              | x86_64                 |
+| VERSION             | Fedora version of installer to build                         | 39                     |
+| IMAGE_REPO          | Repository containing the source container image             | ghcr.io/ublue-os       |
+| IMAGE_NAME          | Name of the source container image                           | base-main              |
+| IMAGE_TAG           | Tag of the source container image                            | *VERSION*              |
+| EXTRA_BOOT_PARAMS   | Extra params used by grub to boot the anaconda installer     | \[empty\]              |
+| VARIANT             | Source container variant\*                                   | Kinoite                |
+| WEB_UI              | Enable Anaconda WebUI (experimental)                         | false                  |
+| ENROLLMENT_PASSWORD | Password used to enroll secure boot key into BIOS\*\*        | isogenerator           |
+| SECURE_BOOT_KEY_URL | URL used to download your secure boot key for enrollment\*\* | \[empty\]              |

-Available options for VARIANT can be found by running `dnf provides system-release`. 
-Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite
+\*Available options for VARIANT can be found by running `dnf provides system-release`. Variant will be the third item in the package name. Example: `fedora-release-kinoite-39-34.noarch` will be kinoite
+
+\*\*NOTE: ENROLLMENT_PASSWORD and SECURE_BOOT_KEY_URL are not required. They are only required if you are creating specific kernel modules or if you are using Universal Blue Kernel Modules.
+
+Our public key for our kmods is located here: https://github.com/ublue-os/akmods/raw/main/certs/public_key.der

 ## VSCode Dev Container
 There is a dev container configuration provided for development. By default it will use the existing container image available at `ghcr.io/ublue-os/isogenerator`, however, you can have it build a new image by editing `.devcontainer/devcontainer.json` and replacing `image` with `build`. `Ctrl+/` can be used to comment and uncomment blocks of code within VSCode.