qemu-secex: drop hardcoded 'secex-hostkey' name and inject user-provided file instead

Author: nikita-dubrovskii

src/cmd-buildextend-metal

@@ -236,15 +236,22 @@ if [[ "${image_type}" == "qemu-secex" ]]; then
             fatal "No hostkey and no genprotimgvm provided"
         fi
         echo "Generating genprotimgvm locally"
-        ignition=$(mktemp -p "${tmp_builddir}")
-        butane -p -d "$(dirname "${hostkey}")" /usr/lib/coreos-assembler/secex-genprotimgvm-scripts/genprotimg.bu -o "${ignition}"
+        ignition_cfg=$(mktemp -p "${tmp_builddir}")
+        butane_cfg=$(mktemp -p "${tmp_builddir}")
+
+        echo "Inject user-provided hostkey into config"
+        hostkey_name=$(basename "${hostkey}")
+        hostkey_path=$(dirname "${hostkey}")
+        cp /usr/lib/coreos-assembler/secex-genprotimgvm-scripts/genprotimg.bu "${butane_cfg}"
+        sed -i 's/HOSTKEY-FILE/'"${hostkey_name}"'/g' "${butane_cfg}"
+        butane -p -d "${hostkey_path}" "${butane_cfg}" -o "${ignition_cfg}"
 
         genprotimgvm=/srv/fake-secure-vm.qcow2
         cp "/srv/builds/latest/${basearch}/${name}-${build}-qemu.${basearch}.${image_format}" "${genprotimgvm}"
         chmod +w "${genprotimgvm}"
         genvm_args=("-drive" "if=none,id=hda,file=${genprotimgvm},auto-read-only=off,cache=unsafe" \
                     "-device" "virtio-blk,drive=hda,bootindex=1")
-        kola qemuexec -i "${ignition}" -- "${genvm_args[@]}"
+        kola qemuexec -i "${ignition_cfg}" -- "${genvm_args[@]}"
     fi
 
     # Basic qemu args:

src/secex-genprotimgvm-scripts/genprotimg.bu

@@ -13,7 +13,7 @@ storage:
     - path: /etc/se-hostkeys/ibm-z-hostkey-1
       overwrite: true
       contents:
-        local: secex-hostkey
+        local: HOSTKEY-FILE
     - path: /etc/do_genprotimg
       overwrite: true
       mode: 0755