image: use systemd-dissect from the host when calculating measurements (

#2473) * image: use systemd-dissect from the host when calculating measurements * ci: setup bazel and nix toolchains before merging os image measurements
edgelesssys · Oct 17, 2023 · 0ee1df9 · 0ee1df9
1 parent 048aefa
commit 0ee1df9
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml
@@ -545,6 +545,10 @@ jobs:
         with:
           ref: ${{ inputs.ref || github.head_ref }}
 
+      - uses: ./.github/actions/setup_bazel_nix
+        with:
+          useCache: "false"
+
       - name: Download measurements
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:

diff --git a/image/measured-boot/cmd/BUILD.bazel b/image/measured-boot/cmd/BUILD.bazel
@@ -21,8 +21,13 @@ go_binary(
     ],
     embed = [":cmd_lib"],
     # keep
-    env = {
-        "DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)",
-    },
+    # TODO(malt3): The commented out env variable
+    # means we are using `systemd-dissect` from the host.
+    # `systemd-dissect` from nixpkgs breaks GitHub actions runners
+    # for unknown reasons.
+    # Fix this.
+    # env = {
+    #     "DISSECT_TOOLCHAIN": "$(rootpath @systemd//:bin/systemd-dissect)",
+    # },
     visibility = ["//visibility:public"],
 )