[PATCH 0/4] Fix CIs skipping filesystem, EFI secure boot and EFI capsule tests

Alper Nebi Yasak alpernebiyasak at gmail.com
Fri Jun 4 21:02:02 CEST 2021


After my previous patch to fix filesystem tests [1] was merged, I
noticed the GitLab CI was still skipping them and wanted to figure out
why. In short: libguestfs tools (virt-make-fs, guestmount) fail because
they need an installed kernel and the host /dev/fuse device, loop mounts
need the host /dev/loop* devices, and mounting filesystems (loop and
guestmount) fails because Docker containers need extra permissions to
mount devices normally disabled for host security.

[1] https://patchwork.ozlabs.org/project/uboot/patch/20210520190947.21773-1-alpernebiyasak@gmail.com/

Patch #1 is meant to install a kernel into the container image that
libguestfs can use, but the image will need to be regenerated manually.
The need to regenerate it can be postponed with patch #4.

Patch #2 makes virt-make-fs work, which should make these EFI tests run
again. But guestmount doesn't work with this much because it needs more
permissions to actually mount a filesystem.

Patch #3 makes mounting filesystems and loop devices work, which should
make the filesystem tests run again. This is separate from patch #2
because the parts using guestmount can theoretically be rewritten to use
guestfish which would make the filesystem tests work without this patch,
and giving mount permissions to the container processes seem to be
insecure. So, this patch can be dropped if you think the impact isn't
worth it.

Patch #4 is actually for me to test the effects of patch #1 easier on
Azure (via U-Boot GitHub repo) and locally with 'gitlab-runner exec
docker'. It can be dropped if/when the container image is regenerated
with patch #1 applied.

I've pushed this as a GitHub pull request [2] (along with some other
fixes to the filesystem test setup I'll send as patches shortly), so it
would run on Azure and can be compared to the current master branch.

Before this series the "test.py sandbox" job results in [3]:

> [...]
> SKIPPED [3] /u/test/py/tests/test_efi_capsule/conftest.py:68: Setup failed: virt-make-fs --partition=gpt --size=+1M --type=vfat /tmp/sandbox/persistent-data/test_efi_capsule /tmp/sandbox/persistent-data/test_efi_capsule.img
> SKIPPED [14] /u/test/py/tests/test_efi_secboot/conftest.py:119: Setup failed: virt-make-fs --partition=gpt --size=+1M --type=vfat /tmp/sandbox/mnt_efisecure /tmp/sandbox/persistent-data/test_efi_secboot.img
> SKIPPED [3] /u/test/py/tests/test_efi_secboot/conftest.py:235: Setup failed: virt-make-fs --partition=gpt --size=+1M --type=vfat /tmp/sandbox/persistent-data/mnt_efi_secboot_intca /tmp/sandbox/persistent-data/test_efi_secboot_intca.img
> SKIPPED [13] /u/test/py/tests/test_fs/conftest.py:289: Mounting to folder failed for filesystem: fat16. Command 'guestmount -a /tmp/sandbox/persistent-data/3GB.fat16.img -m /dev/sda /tmp/sandbox/persistent-data/mnt' returned non-zero exit status 1.
> SKIPPED [13] /u/test/py/tests/test_fs/conftest.py:289: Mounting to folder failed for filesystem: fat32. Command 'guestmount -a /tmp/sandbox/persistent-data/3GB.fat32.img -m /dev/sda /tmp/sandbox/persistent-data/mnt' returned non-zero exit status 1.
> SKIPPED [13] /u/test/py/tests/test_fs/conftest.py:289: Mounting to folder failed for filesystem: ext4. Command 'guestmount -a /tmp/sandbox/persistent-data/3GB.ext4.img -m /dev/sda /tmp/sandbox/persistent-data/mnt' returned non-zero exit status 1.
> SKIPPED [11] /u/test/py/tests/test_fs/conftest.py:411: Mounting to folder failed for filesystem: fat16. Command 'guestmount -a /tmp/sandbox/persistent-data/128MB.fat16.img -m /dev/sda /tmp/sandbox/persistent-data/mnt' returned non-zero exit status 1.
> SKIPPED [11] /u/test/py/tests/test_fs/conftest.py:411: Mounting to folder failed for filesystem: fat32. Command 'guestmount -a /tmp/sandbox/persistent-data/128MB.fat32.img -m /dev/sda /tmp/sandbox/persistent-data/mnt' returned non-zero exit status 1.
> SKIPPED [4] /u/test/py/tests/test_fs/conftest.py:623: Mounting to folder failed for filesystem: ext4. Command 'guestmount -a /tmp/sandbox/persistent-data/1GB.ext4.img -m /dev/sda /tmp/sandbox/persistent-data/mnt' returned non-zero exit status 1.
> SKIPPED [7] /u/test/py/tests/test_fs/conftest.py:540: Mounting to folder failed for filesystem: fat16. Command 'guestmount -a /tmp/sandbox/persistent-data/128MB.fat16.img -m /dev/sda /tmp/sandbox/persistent-data/mnt' returned non-zero exit status 1.
> SKIPPED [7] /u/test/py/tests/test_fs/conftest.py:540: Mounting to folder failed for filesystem: fat32. Command 'guestmount -a /tmp/sandbox/persistent-data/128MB.fat32.img -m /dev/sda /tmp/sandbox/persistent-data/mnt' returned non-zero exit status 1.
> =========== 650 passed, 162 skipped, 2 warnings in 117.68s (0:01:57) ===========

After this series the tests can be run [4], with the other fixes making
all the quoted tests above succeed:

> [...]
> =========== 749 passed, 63 skipped, 2 warnings in 353.09s (0:05:53) ============

[2] https://github.com/u-boot/u-boot/pull/78
[3] https://dev.azure.com/u-boot/u-boot/_build/results?buildId=2322&view=logs&j=50449d1b-398e-53ae-48fa-6bf338edeb51&t=97605dd2-f5a5-5dd7-2118-315ffdc8bcd6&l=517
[4] https://dev.azure.com/u-boot/u-boot/_build/results?buildId=2333&view=logs&j=50449d1b-398e-53ae-48fa-6bf338edeb51&t=97605dd2-f5a5-5dd7-2118-315ffdc8bcd6&l=657

This also exposes the following failure in the "test.py sandbox_clang"
job [5], but the CIs have been skipping that test so far:

> => => setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx
> No EFI system partition
> Failed to persist EFI variables
> => => printenv -e -n -guid d719b2cb-3d3a-4596-a3bc-dad00e67656f dbx
> Error: "dbx" not defined

> [...]
> FAILED test/py/tests/test_efi_secboot/test_authvar.py::TestEfiAuthVar::test_efi_var_auth1
> ====== 1 failed, 748 passed, 63 skipped, 3 warnings in 309.82s (0:05:09) =======

I can reproduce the failure locally on the current master branch with
the following commands, so it's not due to this series:

   $ tools/buildman/buildman -O clang -o build-sandbox -w --boards="sandbox"
   $ test/py/test.py --bd sandbox -k test_authvar.py

[5] https://dev.azure.com/u-boot/u-boot/_build/results?buildId=2333&view=logs&j=f22b025e-3f3e-5478-618e-bef68154f752&t=0594e91d-c1b1-5d5d-b353-a764bbd01b55&l=1114

Similar changes to patch #2, #3 should be applicable to the GitLab CI
and probably necessary to get the same effect, but I don't think it's
configuration is accessible to me.


Alper Nebi Yasak (4):
  tools: docker: Install a readable kernel for libguestfs-tools
  Azure: Add fuse device for sandbox test.py tests
  Azure: Add loop devices and CAP_SYS_ADMIN for sandbox test.py tests
  Azure/GitLab: Install a readable kernel for libguestfs-tools

 .azure-pipelines.yml    | 25 ++++++++++++++++++++++++-
 .gitlab-ci.yml          |  5 +++++
 tools/docker/Dockerfile |  4 ++++
 3 files changed, 33 insertions(+), 1 deletion(-)

-- 
2.32.0.rc2



More information about the U-Boot mailing list