From patchwork Fri Jun 4 19:02:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alper Nebi Yasak X-Patchwork-Id: 1488051 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=E8LUPLUJ; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FxXGL2LFWz9sPf for ; Sat, 5 Jun 2021 05:03:06 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 573B582F04; Fri, 4 Jun 2021 21:02:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="E8LUPLUJ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 36EB982EC9; Fri, 4 Jun 2021 21:02:46 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 25B1082EBC for ; Fri, 4 Jun 2021 21:02:43 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=alpernebiyasak@gmail.com Received: by mail-ed1-x532.google.com with SMTP id u24so12279792edy.11 for ; Fri, 04 Jun 2021 12:02:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SJYMaNlGvargRrm3OMkeJ+38QsvenMgb59sRdjb5EGo=; b=E8LUPLUJcd9Kv9bdCFenqLeAgPBxrQSF/S2XKyrBe+v0D8Q8jjMG25wxLzVT7GiMeZ C0CcUjlxBvb5C/pwrHGZKDqfaqGX9cXzuMs2gIJWlnS36r9Ur67U/bXchckwPeh3RHih x7E8Z+aBh/X1LehhV6qIPceJNSmLeXldRLy0VBXgXvRWUM6l20NSyLwX1/hgwj2+DJbz 1x6TBJpcLtkc0Yqyb7LtDc0OagylF1rn1xqyvVA9/SgSTGaFl8LXjfVPdscESP6Bg5lS QIZj0SG3BoM84bp1txnGFZy5D9aQDA3c474elzTUa498EVmrZwIKAM2U9A4EZm5G5WCq H+bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SJYMaNlGvargRrm3OMkeJ+38QsvenMgb59sRdjb5EGo=; b=Ovz6HI1VsoACM+r7V5om0M/M5LOT9OdZJxKWfTATlw7bogt7AGI26uRch1j9b1WaPw Ebi2nigy7glxq6TW5wAJZUMRiRDgxap+Udm3augejz7zIESE6CctCkiDbmtxeQ6iQuFT cLjNs6OozZX+eaQ3NAO9FGbVdxhOSWUU1L/XwoL5plb5GrLIe6HLToVCC92lQK7WTh/r pRl5vD6wHGczl23PIfYSv9PXc6mWLE2X+btZDmvbA+I89atl+WdHqoACvSa49bU2P3hC C9j5NzGCv7ldKgoeDWulXFNUYIrXF0ljI4NFa3ilxmxipAQAyHyZ8vC53n0wsQa+DXIZ IlDg== X-Gm-Message-State: AOAM533v2hnThcLXNvvrzECL1xrSRr/f/HcEhm6Ez4+w9QEraMAJ3WZj wodYSxDYw0kiblRIYxl7e+kmVvULvOM= X-Google-Smtp-Source: ABdhPJynwUcpxIJ815LnR67E23PGwJ1VWgW9+Looeyn+zEgQULbogZYt2kJY7w8NsfWG5QpAXukPmA== X-Received: by 2002:a05:6402:27c9:: with SMTP id c9mr6318759ede.371.1622833362421; Fri, 04 Jun 2021 12:02:42 -0700 (PDT) Received: from localhost.localdomain ([178.233.26.119]) by smtp.gmail.com with ESMTPSA id n2sm3668819edi.32.2021.06.04.12.02.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jun 2021 12:02:41 -0700 (PDT) From: Alper Nebi Yasak To: u-boot@lists.denx.de Cc: Bin Meng , Heinrich Schuchardt , Tom Rini , Daniel Schwierzeck , Simon Glass , Marek Vasut , Alper Nebi Yasak Subject: [PATCH 1/4] tools: docker: Install a readable kernel for libguestfs-tools Date: Fri, 4 Jun 2021 22:02:03 +0300 Message-Id: <20210604190207.44805-2-alpernebiyasak@gmail.com> X-Mailer: git-send-email 2.32.0.rc2 In-Reply-To: <20210604190207.44805-1-alpernebiyasak@gmail.com> References: <20210604190207.44805-1-alpernebiyasak@gmail.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean The filesystem and EFI (capsule and secure boot) test setups try to use guestmount and virt-make-fs respectively to prepare disk images to run tests on. However, these libguestfs tools need a kernel image and fail with the following message (revealed in debug/trace mode) if it can't find one: supermin: failed to find a suitable kernel (host_cpu=x86_64). I looked for kernels in /boot and modules in /lib/modules. If this is a Xen guest, and you only have Xen domU kernels installed, try installing a fullvirt kernel (only for supermin use, you shouldn't boot the Xen guest with it). This failure then causes these tests to be skipped in CIs. Install a kernel package in the Docker containers so the CIs can run these tests with libguestfs tools again (assuming the container is run with necessary host devices and privileges). As this kernel would be only used for virtualization, we can use the kernel package specialized for that. On Ubuntu systems kernel images are not readable by non-root users, so explicitly add read permissions with chmod as well. Signed-off-by: Alper Nebi Yasak Acked-by: Heinrich Schuchardt --- tools/docker/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile index d2f0074ee8a6..563b16639e54 100644 --- a/tools/docker/Dockerfile +++ b/tools/docker/Dockerfile @@ -71,6 +71,7 @@ RUN apt-get update && apt-get install -y \ libssl-dev \ libudev-dev \ libusb-1.0-0-dev \ + linux-image-kvm \ lzma-alone \ lzop \ mount \ @@ -99,6 +100,9 @@ RUN apt-get update && apt-get install -y \ zip \ && rm -rf /var/lib/apt/lists/* +# Make kernels readable for libguestfs tools to work correctly +RUN chmod +r /boot/vmlinu* /lib/modules/*/vmlinu* || true + # Manually install libmpfr4 for the toolchains RUN wget http://mirrors.kernel.org/ubuntu/pool/main/m/mpfr4/libmpfr4_3.1.4-1_amd64.deb && dpkg -i libmpfr4_3.1.4-1_amd64.deb && rm libmpfr4_3.1.4-1_amd64.deb From patchwork Fri Jun 4 19:02:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alper Nebi Yasak X-Patchwork-Id: 1488052 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=asLQRFaF; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FxXGb0sDyz9sPf for ; Sat, 5 Jun 2021 05:03:18 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DDC8482F0D; Fri, 4 Jun 2021 21:02:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="asLQRFaF"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id BE0A582EF0; Fri, 4 Jun 2021 21:02:50 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1129082EBF for ; Fri, 4 Jun 2021 21:02:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=alpernebiyasak@gmail.com Received: by mail-ed1-x52a.google.com with SMTP id dg27so12278227edb.12 for ; Fri, 04 Jun 2021 12:02:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9cJyEOVJGvCb9hOXdnwedvJJlc+Vv7SJYdBYVwmbtrc=; b=asLQRFaFmqNucWk+1MmAJRinUaDaIU3lNbbMaAa27NWC0B1ZPRe0qgnxQ7SClOmKBx dpgevIgsxX0rs3na4a+2Z2wk9dSfv144oIQkUdUF/WM3f1DFskKxAgNXRK7YhMNfgf5h QqJvJyuKuxH6teLI8ZrXIiw+w6dwJG2VXPgtjEwzdlto0+SxGlLjKEWg/rn3vbRe1lRm NoBAP7kUrzZr1tvqkIhLDK+hfDFAp+WQH4i+mBJX/Ev25TF+zbJoYyOnyEeutyy5Gida rEq5Hig/YUFRg9YHXmwggAy5ZA/2FWUQxjPP6d2goQqEPuTpdOkgJLcQm5j9YeFE0Vgq GQFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9cJyEOVJGvCb9hOXdnwedvJJlc+Vv7SJYdBYVwmbtrc=; b=P3HxP+jtjQyVYl/8acGrXB4Xl4sAlYw2y6yUSZTbzCp5Rs/3JJNqg31+/Iv0yixbIV rD90upaf2AEZo17klS8epMFVg97cxUaIsodLV4Lq//eJfuwoIduDOcXTmJyz11+plcqS /tDOhlBUCq0/5mqiq0z2RIdwchgGoFyCYtvtEpzTRlM8s30daRGCWE/RVV3dwUuaAcHK 2H0mfwkd8nNBU7RWPRafe2uj3fLTxe0aA1+KQ96ZDX3I30il1oxuNRBX0bh+S36J42aV nm1HpRJiYViN2vJbspvzhp6MX4oxsw37h6W402AmhvMwecjqqwPgU1qSzBJGDgdNFRxU DM5A== X-Gm-Message-State: AOAM530CdBQ4qxfCzKsvIIxgn6RLMoCupwLHQxC8hqu4x181BU+3ETkG mvB944gTkBW/jcEHK+Egr6wXbY9UBUE= X-Google-Smtp-Source: ABdhPJxvBJC73x9q3KBpMGJE/96w8IrnR3Z3o1raDuRS7OggwIN+wXbvpO1PqTV6fc9kyMD3hksi8Q== X-Received: by 2002:a05:6402:3101:: with SMTP id dc1mr6214044edb.324.1622833365566; Fri, 04 Jun 2021 12:02:45 -0700 (PDT) Received: from localhost.localdomain ([178.233.26.119]) by smtp.gmail.com with ESMTPSA id n2sm3668819edi.32.2021.06.04.12.02.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jun 2021 12:02:45 -0700 (PDT) From: Alper Nebi Yasak To: u-boot@lists.denx.de Cc: Bin Meng , Heinrich Schuchardt , Tom Rini , Daniel Schwierzeck , Simon Glass , Marek Vasut , Alper Nebi Yasak Subject: [PATCH 2/4] Azure: Add fuse device for sandbox test.py tests Date: Fri, 4 Jun 2021 22:02:04 +0300 Message-Id: <20210604190207.44805-3-alpernebiyasak@gmail.com> X-Mailer: git-send-email 2.32.0.rc2 In-Reply-To: <20210604190207.44805-1-alpernebiyasak@gmail.com> References: <20210604190207.44805-1-alpernebiyasak@gmail.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean The EFI secure boot and capsule test setups need to prepare disk images for their tests using virt-make-fs, which requires access to the host fuse device. This is not exposed to the docker container by default and has to be added explicitly. Since these tests are marked to run only on the sandbox board, add the fuse device only when testing on sandbox. Signed-off-by: Alper Nebi Yasak --- .azure-pipelines.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 35ab7f30b276..a4d796c41895 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -318,7 +318,15 @@ jobs: # as sandbox testing need create files like spi flash images, etc. # (TODO: clean up this in the future) chmod 777 . - docker run -v $PWD:$(work_dir) $(ci_runner_image) /bin/bash $(work_dir)/test.sh + # Some EFI tests need extra docker args to run + set -- + if [[ "${TEST_PY_BD}" == "sandbox" ]]; then + # virt-make-fs needs the fuse device + if modprobe fuse; then + set -- "$@" --device /dev/fuse:/dev/fuse + fi + fi + docker run "$@" -v $PWD:$(work_dir) $(ci_runner_image) /bin/bash $(work_dir)/test.sh - job: build_the_world displayName: 'Build the World' From patchwork Fri Jun 4 19:02:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alper Nebi Yasak X-Patchwork-Id: 1488053 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=qrLHutXp; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FxXGn0v2Sz9sPf for ; Sat, 5 Jun 2021 05:03:29 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8698B82EF0; Fri, 4 Jun 2021 21:02:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="qrLHutXp"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8358382F1C; Fri, 4 Jun 2021 21:02:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 23A6E82EFE for ; Fri, 4 Jun 2021 21:02:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=alpernebiyasak@gmail.com Received: by mail-ej1-x630.google.com with SMTP id c10so15989102eja.11 for ; Fri, 04 Jun 2021 12:02:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ViIig1Htt87QHZeNnB983I3TQnp0qljAFGmqRTmRfz8=; b=qrLHutXpWprlV6c8egz3W7Njn/ow/StOjwtr7T3g34L0+DHsZYMAR6xbhgWSqDk541 5RvgvCkSAJqZAMUOhz4nP8ofg+5sUJTrhXrFYRSOBqm/OFgRaR3ledZq5pmoE0klaSc+ YrBdOXZXYFvUzM9FVtBh7YxmDVknza5lL3bwF+CP/4pnwkDEO6vFvh/oKudjSDQyhtgR vwS1ejN7qsGx74/7IudA5qlQfz69CNk4LOzQb2NVw5IPBLsFJ3u2a3g3gF4uK4et4OeD 1+TNz9D0p9UHh0GAVUVUsLyJeM4qjUIbTDHVwhNw7VStiKnmu8p/SIbDUb496pggcOnc y4lQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ViIig1Htt87QHZeNnB983I3TQnp0qljAFGmqRTmRfz8=; b=CkaiLiLDCPD4jcXCRdCwuoVkb4uRBsHMMkiPGvxQ6zzOD9w7+KdOSN6uIWE4PL/AZu SVcz6pGT9K0So1/lFwzcjsiJ6kiFm2zlkDE8ucpwcK8JoBVu4do7Vzan7tjrejMGMFuN Gds3eJuTZgMJRgmdZYP7Y33itfBKdW2NjIjYqa10c+lOeehbsWRTr6IrboKzoWkffFi3 Pre7hlURe1xJUzal6LTTgIPV73j+vqrUfG3oDaTEO2m7R2+cex/8OfzESrKJTmVQ/u6k ViBveQA8+wsNJry2z/yaoGO1W04jG8cWtFhQ39mya2svWL1Ti94MfmRHST/iIaklKbOa xCOQ== X-Gm-Message-State: AOAM530JiIVNzGtqVX5uXM7nImwU22vzNPvwmmhwLJNfFE0KcqWRi3AV 8d4EflxTv77wBwc1UgrA0KOym0qvm8U= X-Google-Smtp-Source: ABdhPJzIpCPoWAhP4vtMViqbw1efaPlqq/EGVh9vn2UucRYaypT/4f4wWDXBCUERrkJoehpe8+40iQ== X-Received: by 2002:a17:906:22c7:: with SMTP id q7mr5524736eja.547.1622833368437; Fri, 04 Jun 2021 12:02:48 -0700 (PDT) Received: from localhost.localdomain ([178.233.26.119]) by smtp.gmail.com with ESMTPSA id n2sm3668819edi.32.2021.06.04.12.02.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jun 2021 12:02:48 -0700 (PDT) From: Alper Nebi Yasak To: u-boot@lists.denx.de Cc: Bin Meng , Heinrich Schuchardt , Tom Rini , Daniel Schwierzeck , Simon Glass , Marek Vasut , Alper Nebi Yasak Subject: [PATCH 3/4] Azure: Add loop devices and CAP_SYS_ADMIN for sandbox test.py tests Date: Fri, 4 Jun 2021 22:02:05 +0300 Message-Id: <20210604190207.44805-4-alpernebiyasak@gmail.com> X-Mailer: git-send-email 2.32.0.rc2 In-Reply-To: <20210604190207.44805-1-alpernebiyasak@gmail.com> References: <20210604190207.44805-1-alpernebiyasak@gmail.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean The filesystem test setup needs to prepare disk images for its tests, with either guestmount or loop mounts. The former requires access to the host fuse device (added in a previous patch), the latter requires access to host loop devices. Both mounts also need additional privileges since docker's default configuration prevents the containers from mounting filesystems (for host security). Add any available loop devices to the container and try to add as few privileges as possible to run these tests, which narrow down to adding SYS_ADMIN capability and disabling apparmor confinement. However, this much still seems to be insecure enough to let malicious container processes escape as root on the host system [1]. [1] https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/ Since the mentioned tests are marked to run only on the sandbox board, add these additional devices and privileges only when testing with that. An alternative to using mounts is modifying the filesystem tests to use virt-make-fs (like some EFI tests do), but it fails to generate a partitionless FAT filesystem image on Debian systems. Other more feasible alternatives are using guestfish or directly using libguestfs Python bindings to create and populate the images, but switching the test setups to these is nontrivial and is left as future work. Signed-off-by: Alper Nebi Yasak --- .azure-pipelines.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index a4d796c41895..3ec396ae8905 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -318,13 +318,23 @@ jobs: # as sandbox testing need create files like spi flash images, etc. # (TODO: clean up this in the future) chmod 777 . - # Some EFI tests need extra docker args to run + # Filesystem tests and some EFI tests need extra docker args to run set -- if [[ "${TEST_PY_BD}" == "sandbox" ]]; then - # virt-make-fs needs the fuse device + # virt-make-fs, guestmount, etc. need the fuse device if modprobe fuse; then set -- "$@" --device /dev/fuse:/dev/fuse fi + # mount -o loop needs the loop devices + if modprobe loop; then + for d in $(find /dev -maxdepth 1 -name 'loop*'); do + set -- "$@" --device $d:$d + done + fi + # Needed for mount syscall (for guestmount as well) + set -- "$@" --cap-add SYS_ADMIN + # Default apparmor profile denies mounts + set -- "$@" --security-opt apparmor=unconfined fi docker run "$@" -v $PWD:$(work_dir) $(ci_runner_image) /bin/bash $(work_dir)/test.sh From patchwork Fri Jun 4 19:02:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alper Nebi Yasak X-Patchwork-Id: 1488054 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=ZTFHDai5; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FxXH02ZHPz9sPf for ; Sat, 5 Jun 2021 05:03:40 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 718B782F24; Fri, 4 Jun 2021 21:02:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="ZTFHDai5"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0C53082F1C; Fri, 4 Jun 2021 21:02:55 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id AF7CB82EF0 for ; Fri, 4 Jun 2021 21:02:51 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=alpernebiyasak@gmail.com Received: by mail-ed1-x52d.google.com with SMTP id g18so10309807edq.8 for ; Fri, 04 Jun 2021 12:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9sbQUevDY3HEAnslrhuWcc8RxRiXUpx8QWUxevppfaY=; b=ZTFHDai5h3m7qCLu3hcr0VeavrztKDqMtFuOspAkNOsqimPzJ6OL9gbyViEUSJEDhD 51bpTvce4+1lNan+Th/51vLKnV//BQYnxRUbTOns9TgciH1j16MjxVuYKHyRHD+WeSOL ydos/ZhpVAcDNB5FS5K5EOQzkpBJwZ2F+bqsIFORoGyDyXkrSl12+La2KTTkn7CV3Z8N FsXCLFP/KY2sPv5kSBDyo5Fqb6hQ7KyuNGF/ZQ7Gt99C/5nVJ/v9fbLSdCnpskl6g2R/ nsKxCmN20c5lgZfm/aE+h4qWU060OJQXFYO19O74mIeXsy9jwJMBgcePAKnAqX/45GbM yCdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9sbQUevDY3HEAnslrhuWcc8RxRiXUpx8QWUxevppfaY=; b=KlGGN9UO8mi4TsGBbiJJ0iSczSkyZQjRsTqVb7cTfVHoE5NnpDXmt/AU4P9xfROE/L mabBYxD322H16MouQL3N1wyjSRexUYAUHFNXYhJtQNRnjMktewbZCIE1I6ntgvC0yl8T U9OLHe5XOe2tFUEUHd7E3w5b0dGlfuAq/jwXQBu6PVI5IyLQBUNe6S2B+49gnFzJ8DUj k8Yzhy0to7Co5FdMfRBX5T6htAowkdhTbSqIk3bWyCASRsoRaKh/adnGV5JwAJJHbLo9 1AfrdG73UJp9pfeTxZiG5NVVzHumVFpZ0ikxXzJGg/u+hc3iXFAWNEPn7KcVYIWjMuZn s38Q== X-Gm-Message-State: AOAM531O4tbDfqYEsZcb+TWzUyj+K/qZ4fGsNYFZPV96SJ/IFs7yCJBz iyPAMZXPEyI6cVP/BfdHvHK/V2QCEuA= X-Google-Smtp-Source: ABdhPJwHLj+KN2PiwTNINH8C6kqJsVf+bRcv0QMxP6riTMhzrDGfr9wAsb3Angppu/VeisHYPZ6fSA== X-Received: by 2002:a05:6402:368:: with SMTP id s8mr6372488edw.129.1622833371172; Fri, 04 Jun 2021 12:02:51 -0700 (PDT) Received: from localhost.localdomain ([178.233.26.119]) by smtp.gmail.com with ESMTPSA id n2sm3668819edi.32.2021.06.04.12.02.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 04 Jun 2021 12:02:50 -0700 (PDT) From: Alper Nebi Yasak To: u-boot@lists.denx.de Cc: Bin Meng , Heinrich Schuchardt , Tom Rini , Daniel Schwierzeck , Simon Glass , Marek Vasut , Alper Nebi Yasak Subject: [PATCH 4/4] Azure/GitLab: Install a readable kernel for libguestfs-tools Date: Fri, 4 Jun 2021 22:02:06 +0300 Message-Id: <20210604190207.44805-5-alpernebiyasak@gmail.com> X-Mailer: git-send-email 2.32.0.rc2 In-Reply-To: <20210604190207.44805-1-alpernebiyasak@gmail.com> References: <20210604190207.44805-1-alpernebiyasak@gmail.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean Some sandbox-only test setups use virt-make-fs and guestmount, which require a readable kernel to work. However, no such kernel is currently available on the Docker container image that is used to run the tests on CIs. Although a previous patch adds a kernel package to the Dockerfile used to build the container, try to explicitly install it in the CI scripts so that it's not immediately necessary to rebuild the container for that change. Signed-off-by: Alper Nebi Yasak --- .azure-pipelines.yml | 5 +++++ .gitlab-ci.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 3ec396ae8905..fe82cc57feb0 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -293,6 +293,11 @@ jobs: wget -O - https://github.com/riscv/opensbi/releases/download/v0.9/opensbi-0.9-rv-bin.tar.xz | tar -C /tmp -xJ; export OPENSBI=/tmp/opensbi-0.9-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin; fi + if [[ "${TEST_PY_BD}" == "sandbox" ]]; then + sudo apt update + sudo apt install -y linux-image-kvm + sudo chmod +r /boot/vmlinu* /lib/modules/*/vmlinu* || true + fi # the below corresponds to .gitlab-ci.yml "script" cd ${WORK_DIR} export UBOOT_TRAVIS_BUILD_DIR=/tmp/${TEST_PY_BD}; diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d072e833a3de..be3be8e045e5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,6 +27,11 @@ stages: wget -O - https://github.com/riscv/opensbi/releases/download/v0.9/opensbi-0.9-rv-bin.tar.xz | tar -C /tmp -xJ; export OPENSBI=/tmp/opensbi-0.9-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin; fi + - if [[ "${TEST_PY_BD}" == "sandbox" ]]; then + sudo apt update; + sudo apt install -y linux-image-kvm; + sudo chmod +r /boot/vmlinu* /lib/modules/*/vmlinu* || true; + fi after_script: - rm -rf /tmp/uboot-test-hooks /tmp/venv