[PATCH v4 08/12] CI: capsule: Setup the files needed for capsule update testing
Sughosh Ganu
sughosh.ganu at linaro.org
Mon Jul 17 13:18:56 CEST 2023
hi Simon,
On Sun, 16 Jul 2023 at 05:12, Simon Glass <sjg at chromium.org> wrote:
>
> Hi,
>
> On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> >
> > Support has being added through earlier commits to build capsules
> > and embed the public key needed for capsule authentication as part of
> > u-boot build.
> >
> > From the testing point-of-view, this means the input files needed for
> > generating the above have to be setup before invoking the build. Set
> > this up in the CI configuration files for testing the capsule update
> > feature.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > ---
> > Changes since V3:
> > * Remove whitespace in the command to generate capsule keys.
> >
> > .azure-pipelines.yml | 24 ++++++++++++++++++++++++
> > .gitlab-ci.yml | 22 ++++++++++++++++++++++
>
> Can you add this to the Dockerfile instead? It looks like this will
> run on each build.
Okay. Let me try this out.
-sughosh
>
> > 2 files changed, 46 insertions(+)
> >
> > diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
> > index 06c46b681c..d732ba443d 100644
> > --- a/.azure-pipelines.yml
> > +++ b/.azure-pipelines.yml
> > @@ -398,6 +398,17 @@ stages:
> > wget -O - https://github.com/riscv-software-src/opensbi/releases/download/v1.2/opensbi-1.2-rv-bin.tar.xz | tar -C /tmp -xJ;
> > export OPENSBI=/tmp/opensbi-1.2-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin;
> > fi
> > + mkdir -p /tmp/capsules/;
> > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old;
> > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > + if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl;
> > + fi
> > +
> > # the below corresponds to .gitlab-ci.yml "script"
> > cd ${WORK_DIR}
> > export UBOOT_TRAVIS_BUILD_DIR=/tmp/${TEST_PY_BD};
> > @@ -582,6 +593,19 @@ stages:
> > cd ${WORK_DIR}
> > # make environment variables available as tests are running inside a container
> > export BUILDMAN="${BUILDMAN}"
> > + if [[ "${BUILDMAN}" == "sandbox" ]] || [[ "${BUILDMAN}" == "sandbox x86" ]]; then
> > + if [ ! -d "/tmp/capsules/" ]; then
> > + mkdir -p /tmp/capsules/;
> > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old;
> > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > +
> > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl;
> > + fi
> > + fi
> > git config --global --add safe.directory ${WORK_DIR}
> > EOF
> > cat << "EOF" >> build.sh
> > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> > index cfd58513c3..aec6ffaf1c 100644
> > --- a/.gitlab-ci.yml
> > +++ b/.gitlab-ci.yml
> > @@ -37,6 +37,17 @@ stages:
> > export OPENSBI=/tmp/opensbi-1.2-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin;
> > fi
> >
> > + - mkdir -p /tmp/capsules/;
> > + - echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old;
> > + - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> > + - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> > + - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > + - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == "sandbox_flattree" ]]; then
> > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl;
> > + fi
> > +
> > after_script:
> > - cp -v /tmp/${TEST_PY_BD}/*.{html,css} .
> > - rm -rf /tmp/uboot-test-hooks /tmp/venv
> > @@ -131,6 +142,17 @@ build all other platforms:
> > stage: world build
> > script:
> > - ret=0;
> > + if [ ! -d "/tmp/capsules/" ]; then
> > + mkdir -p /tmp/capsules/;
> > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old;
> > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new;
> > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old;
> > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new;
> > +
> > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days 365;
> > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days 365;
> > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt /tmp/capsules/SIGNER.esl;
> > + fi
> > git config --global --add safe.directory "${CI_PROJECT_DIR}";
> > ./tools/buildman/buildman -o /tmp -PEWM -x arm,powerpc || ret=$?;
> > if [[ $ret -ne 0 ]]; then
> > --
> > 2.34.1
> >
>
> Regards,
> Simon
More information about the U-Boot
mailing list