Nits

Gareth Widlansky · Gareth Widlansky · commit 5f64268ae7cb · 2025-12-01T11:22:36.000-05:00
Signed-off-by: Gareth Widlansky &lt;gareth.widlansky@proton.me&gt;
diff --git a/Dockerfile.cfsuki b/Dockerfile.cfsuki
@@ -24,7 +24,7 @@ RUN --mount=type=secret,id=key \
     --mount=type=secret,id=cert \
     --mount=type=bind,from=base,target=/target \
      <<EOF
-    set -eux
+    set -xeuo pipefail
 
     # Should be generated externally
     test -n "${COMPOSEFS_FSVERITY}"
@@ -66,7 +66,7 @@ cp /run/kernel/boot/$kver.efi $target
 rm -v /usr/lib/modules/${kver}/{vmlinuz,initramfs.img}
 # Symlink into the /usr/lib/modules location
 ln -sr $target /usr/lib/modules/${kver}/$(basename $kver.efi)
-bootc container lint # --fatal-warnings no fatal warning
+bootc container lint --fatal-warnings
 EOF
 
 FROM base as final-final
diff --git a/Dockerfile.sdboot b/Dockerfile.sdboot
@@ -13,13 +13,13 @@ dnf clean all
 EORUN
 
 
-FROM buildroot-base as kernel
+FROM buildroot-base as signer
 # Sign sdboot and put it on the target first
 RUN --mount=type=secret,id=key \
     --mount=type=secret,id=cert \
     --mount=type=bind,from=base-unsigned,target=/target \
-<<EORUN
-set -eux
+    <<EORUN
+    set -xeuo pipefail
 
     # pesign uses NSS database so create it from input cert/key
     mkdir pesign
@@ -41,9 +41,9 @@ EORUN
 
 
 FROM base-unsigned as final
-RUN --mount=type=bind,from=kernel,target=/run/sdboot \
-    <<EORUN 
-    set -eux
+RUN --mount=type=bind,from=signer,target=/run/sdboot \
+    <<EORUN
+    set -xeuo pipefail
     sdboot=/usr/lib/systemd/boot/efi/systemd-bootx64.efi
     # copy signed sdboot from buildroot
     cp "/run/sdboot/sdboot.efi" ${sdboot}
