spectrocloud · kpiyush17 · Mar 4, 2024 · Mar 6, 2024 · Mar 6, 2024 · Mar 6, 2024
diff --git a/.arg.template b/.arg.template
@@ -10,4 +10,9 @@ HTTPS_PROXY=
 HTTP_PROXY=
 PROXY_CERT_PATH=
 UPDATE_KERNEL=false
-CLUSTERCONFIG=spc.tgz
+CLUSTERCONFIG=spc.tgz
+CIS_HARDENING=true
+IS_UKI=false
+UKI_SELF_SIGNED_KEYS=true
+INCLUDE_MS_SECUREBOOT_KEYS=true
+AUTO_ENROLL_SECUREBOOT_KEYS=false
diff --git a/.earthlyignore b/.earthlyignore
@@ -0,0 +1,2 @@
+local/
+build/*
diff --git a/.gitignore b/.gitignore
@@ -9,4 +9,9 @@ content-*/*
 *.arg
 .idea
 
-.DS_Store
+.DS_Store
+
+build/
+local/
+keys/
+secure-boot/
diff --git a/Dockerfile b/Dockerfile
@@ -23,6 +23,18 @@ RUN if [ "${OS_DISTRIBUTION}" = "opensuse-leap" ] && [ "${PROXY_CERT_PATH}" != "
 
 ### To install the nginx package for Ubuntu  ###
 
+#TODO: Remove the following line. This is only for dev purpose.
+# RUN useradd -m kairos && echo "kairos:kairos" | chpasswd
+# RUN adduser kairos sudo
+# RUN echo '%sudo ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
+
+# sbctl and mokutil are useful tools to check secure boot status, manage secure boot keys.
+RUN curl -Ls https://github.com/Foxboron/sbctl/releases/download/0.13/sbctl-0.13-linux-amd64.tar.gz | tar -xvzf - && mv sbctl/sbctl /usr/bin/sbctl
+RUN chmod +x /usr/bin/sbctl
+RUN apt-get update && apt-get install -y \
+    mokutil \
+    && apt-get clean
+
 # RUN apt-get update && apt-get install nginx -y
 ### or