qemu-secex: generate fake-secure-vm.qcow2 for local build

Author: nikita-dubrovskii

src/cmd-buildextend-metal

@@ -27,11 +27,12 @@ EOF
 
 # Parse options
 genprotimgvm=/data.secex/genprotimgvm.qcow2
+hostkey=/srv/secex-hostkey
 ignition_pubkey=
 rc=0
 build=
 force=
-options=$(getopt --options h --longoptions help,force,build:,genprotimgvm: -- "$@") || rc=$?
+options=$(getopt --options h --longoptions help,force,build:,genprotimgvm:,hostkey: -- "$@") || rc=$?
 [ $rc -eq 0 ] || {
     print_help
     exit 1
@@ -54,6 +55,10 @@ while true; do
             genprotimgvm="$2"
             shift
             ;;
+        --hostkey)
+            hostkey="$2"
+            shift
+            ;;
         --)
             shift
             break
@@ -227,7 +232,19 @@ runvm_with_cache_snapshot "$snapshot" -- /usr/lib/coreos-assembler/runvm-osbuild
 
 if [[ "${image_type}" == "qemu-secex" ]]; then
     if [ ! -f "${genprotimgvm}" ]; then
-        fatal "No genprotimgvm provided at ${genprotimgvm}"
+        if [ ! -f "${hostkey}" ]; then
+            fatal "No hostkey and no genprotimgvm provided"
+        fi
+        echo "Generating genprotimgvm locally"
+        ignition=$(mktemp -p "${tmp_builddir}")
+        butane -p -d "$(dirname "${hostkey}")" /usr/lib/coreos-assembler/secex-genprotimgvm-scripts/genprotimg.bu -o "${ignition}"
+
+        genprotimgvm=/srv/fake-secure-vm.qcow2
+        cp "/srv/builds/latest/${basearch}/${name}-${build}-qemu.${basearch}.${image_format}" "${genprotimgvm}"
+        chmod +w "${genprotimgvm}"
+        genvm_args=("-drive" "if=none,id=hda,file=${genprotimgvm},auto-read-only=off,cache=unsafe" \
+                    "-device" "virtio-blk,drive=hda,bootindex=1")
+        kola qemuexec -i "${ignition}" -- "${genvm_args[@]}"
     fi
 
     # Basic qemu args: