Skip to content

Commit

Permalink
update CI script
Browse files Browse the repository at this point in the history
- Avoid using deprecated tool: apt-key.
- Use checked-in key to avoid malware.
  • Loading branch information
Taowyoo committed Jan 11, 2024
1 parent 5c37816 commit f80b250
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,15 @@ jobs:

- name: Install additional dependencies
run: |
sudo apt-key adv --fetch-keys 'https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key'
sudo add-apt-repository 'deb https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main'
sudo apt-key adv --fetch-keys 'https://apt.llvm.org/llvm-snapshot.gpg.key'
sudo add-apt-repository 'deb http://apt.llvm.org/focal/ llvm-toolchain-focal-11 main'
# install gpg
sudo apt-get update -y && sudo apt install -y gpg
# Add intel-sgx package repository, key is download from https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
cat intel-sgx-deb.key | gpg --dearmor | sudo tee /usr/share/keyrings/intel-sgx-deb.gpg > /dev/null
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/intel-sgx-deb.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" | sudo tee /etc/apt/sources.list.d/intel-sgx-deb.list > /dev/null
# Add llbm package repository, key is download from https://apt.llvm.org/llvm-snapshot.gpg.key
cat llvm-snapshot.gpg.key | gpg --dearmor | sudo tee /usr/share/keyrings/llvm-snapshot.gpg > /dev/null
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/llvm-snapshot.gpg] http://apt.llvm.org/focal/ llvm-toolchain-focal-11 main" | sudo tee /etc/apt/sources.list.d/llvm-snapshot.list > /dev/null
# Install dependencies for build & test
sudo apt-get update -y
sudo apt-get install -y faketime protobuf-compiler libsgx-dcap-ql-dev clang-11 musl-tools gcc-multilib
Expand Down

0 comments on commit f80b250

Please sign in to comment.