[PATCH v5 06/12] Dockerfile: capsule: Setup the files needed for capsule update testing

Tom Rini trini at konsulko.com
Wed Jul 26 00:56:01 CEST 2023 

On Tue, Jul 25, 2023 at 04:52:38PM -0600, Simon Glass wrote:
> On Tue, 25 Jul 2023 at 02:58, Sughosh Ganu <sughosh.ganu at linaro.org> wrote:
> >
> > Support has being added through earlier commits to build capsules
> > and embed the public key needed for capsule authentication as part of
> > u-boot build.
> >
> > From the testing point-of-view, this means the input files needed for
> > generating the above have to be setup before invoking the build. Set
> > this up in the CI configuration docker file for testing the capsule
> > update feature.
> >
> > Signed-off-by: Sughosh Ganu <sughosh.ganu at linaro.org>
> > ---
> > Changes since V4:
> > * New patch which moves the setting up of the files needed for testing
> >   the EFI capsule update feature to the Dockerfile.
> >
> > Note: Earlier, this setup was being done in the azure and gitlab yaml
> > files. Now that this has been moved to the Dockerfile, this will
> > require generating a new container image and referencing that image in
> > the yaml files for the CI to work when these patches get applied.
> >
> >  tools/docker/Dockerfile | 12 ++++++++++++
> >  1 file changed, 12 insertions(+)
> >
> > diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
> > index 3d2b64a355..294a0b0a53 100644
> > --- a/tools/docker/Dockerfile
> > +++ b/tools/docker/Dockerfile
> > @@ -206,6 +206,18 @@ RUN mkdir -p /opt/nokia && \
> >         cp /tmp/qemu-linaro/arm-softmmu/qemu-system-arm /opt/nokia && \
> >         rm -rf /tmp/qemu-linaro
> >
> > +# Set up capsule files for UEFI capsule update testing
> > +RUN mkdir -p /tmp/capsules && \
> > +    cd /tmp/capsules/ && \
> 
> You can just use ${UBOOT_TRAVIS_BUILD_DIR} here

That's not present in Dockerfiles, only at runtime within jobs (because
we set it).

> > +    echo -n "u-boot:Old" > u-boot.bin.old && \
> > +    echo -n "u-boot:New" > u-boot.bin.new && \
> > +    echo -n "u-boot-env:Old" > u-boot.env.old && \
> > +    echo -n "u-boot-env:New" > u-boot.env.new && \
> 
> We don't want these files, just the certs, since they are the things
> that take a long time:
> 
> > +    openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER.key -out SIGNER.crt -nodes -days 365 && \
> > +    openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ -keyout SIGNER2.key -out SIGNER2.crt -nodes -days 365 && \
> > +    cert-to-efi-sig-list SIGNER.crt SIGNER.esl && \
> > +    chmod -R uog+rw /tmp/capsules/

How long does it even take to make these certs? I'm not sure it's great
to make these and stage them in /tmp and expect them to be around at
test time.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230725/e346197a/attachment.sig>

More information about the U-Boot mailing list