Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add image_signatures_db to googlecompute builder #113

Open
hc-github-team-packer opened this issue Aug 31, 2022 · 1 comment
Open

Add image_signatures_db to googlecompute builder #113

hc-github-team-packer opened this issue Aug 31, 2022 · 1 comment
Labels
enhancement good first issue

Comments

@hc-github-team-packer
Copy link

This issue was originally opened by @sas1su in hashicorp/packer#11965 and has been migrated to this repository. The original issue description is below.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Please search the existing issues for relevant feature requests, and use the
reaction feature
(https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/)
to add upvotes to pre-existing requests.

Description

We have some requirement to build custom GCP images with additional trusted certificate to sign the boot file. Currently the process seems to be 1) googlecompute builder to build an image 2) googlecompute-export to cloud storage 3) googlecompute-import to add certificates [1] .

Use Case(s)

Step 2) and 3) can be avoided

Potential configuration

source "googlecompute" "basic-example" {
  project_id = "my project"
  source_image = "debian-9-stretch-v20200805"
  ssh_username = "packer"
  zone = "us-central1-a"
image_signatures_db = ["cert1","cert2"]
}

Potential References

[1] https://www.packer.io/plugins/post-processors/googlecompute/googlecompute-import#image_signatures_db
[2] https://cloud.google.com/sdk/gcloud/reference/compute/images/create#--signature-database-file
@github-actions github-actions bot mentioned this issue Aug 31, 2022
Closed
@smartyr73
Copy link

I also have this requirement. I currently work around this issue by using a post-processor that runs a shell local script to create the image with the certificates baked in e.g.

gcloud compute images create [IMAGE_NAME]
--source-disk [SOURCE_DISK]
--source-disk-zone [ZONE]
--platform-key-file=<file.der>
--key-exchange-key-file=<file.der>
--signature-database-file=<file.bin>,<file.der>
--forbidden-database-file=<file.bin>
--guest-os-features="UEFI_COMPATIBLE[,WINDOWS]"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nywilken @smartyr73 @hc-github-team-packer