Hi, On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu <sughosh.g...@linaro.org> wrote: > > Support has being added through earlier commits to build capsules > and embed the public key needed for capsule authentication as part of > u-boot build. > > From the testing point-of-view, this means the input files needed for > generating the above have to be setup before invoking the build. Set > this up in the CI configuration files for testing the capsule update > feature. > > Signed-off-by: Sughosh Ganu <sughosh.g...@linaro.org> > --- > Changes since V3: > * Remove whitespace in the command to generate capsule keys. > > .azure-pipelines.yml | 24 ++++++++++++++++++++++++ > .gitlab-ci.yml | 22 ++++++++++++++++++++++
Can you add this to the Dockerfile instead? It looks like this will run on each build. > 2 files changed, 46 insertions(+) > > diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml > index 06c46b681c..d732ba443d 100644 > --- a/.azure-pipelines.yml > +++ b/.azure-pipelines.yml > @@ -398,6 +398,17 @@ stages: > wget -O - > https://github.com/riscv-software-src/opensbi/releases/download/v1.2/opensbi-1.2-rv-bin.tar.xz > | tar -C /tmp -xJ; > export > OPENSBI=/tmp/opensbi-1.2-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin; > fi > + mkdir -p /tmp/capsules/; > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > + if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == > "sandbox_flattree" ]]; then > + openssl req -x509 -sha256 -newkey rsa:2048 -subj > /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out > /tmp/capsules/SIGNER.crt -nodes -days 365; > + openssl req -x509 -sha256 -newkey rsa:2048 -subj > /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out > /tmp/capsules/SIGNER2.crt -nodes -days 365; > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt > /tmp/capsules/SIGNER.esl; > + fi > + > # the below corresponds to .gitlab-ci.yml "script" > cd ${WORK_DIR} > export UBOOT_TRAVIS_BUILD_DIR=/tmp/${TEST_PY_BD}; > @@ -582,6 +593,19 @@ stages: > cd ${WORK_DIR} > # make environment variables available as tests are running inside > a container > export BUILDMAN="${BUILDMAN}" > + if [[ "${BUILDMAN}" == "sandbox" ]] || [[ "${BUILDMAN}" == > "sandbox x86" ]]; then > + if [ ! -d "/tmp/capsules/" ]; then > + mkdir -p /tmp/capsules/; > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > + > + openssl req -x509 -sha256 -newkey rsa:2048 -subj > /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out > /tmp/capsules/SIGNER.crt -nodes -days 365; > + openssl req -x509 -sha256 -newkey rsa:2048 -subj > /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out > /tmp/capsules/SIGNER2.crt -nodes -days 365; > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt > /tmp/capsules/SIGNER.esl; > + fi > + fi > git config --global --add safe.directory ${WORK_DIR} > EOF > cat << "EOF" >> build.sh > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml > index cfd58513c3..aec6ffaf1c 100644 > --- a/.gitlab-ci.yml > +++ b/.gitlab-ci.yml > @@ -37,6 +37,17 @@ stages: > export > OPENSBI=/tmp/opensbi-1.2-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin; > fi > > + - mkdir -p /tmp/capsules/; > + - echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; > + - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > + - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > + - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > + - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == > "sandbox_flattree" ]]; then > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ > -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days > 365; > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ > -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days > 365; > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt > /tmp/capsules/SIGNER.esl; > + fi > + > after_script: > - cp -v /tmp/${TEST_PY_BD}/*.{html,css} . > - rm -rf /tmp/uboot-test-hooks /tmp/venv > @@ -131,6 +142,17 @@ build all other platforms: > stage: world build > script: > - ret=0; > + if [ ! -d "/tmp/capsules/" ]; then > + mkdir -p /tmp/capsules/; > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > + > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ > -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days > 365; > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ > -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes -days > 365; > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt > /tmp/capsules/SIGNER.esl; > + fi > git config --global --add safe.directory "${CI_PROJECT_DIR}"; > ./tools/buildman/buildman -o /tmp -PEWM -x arm,powerpc || ret=$?; > if [[ $ret -ne 0 ]]; then > -- > 2.34.1 > Regards, Simon
