hi Simon, On Sun, 16 Jul 2023 at 05:12, Simon Glass <s...@chromium.org> wrote: > > Hi, > > On Sat, 15 Jul 2023 at 07:46, Sughosh Ganu <sughosh.g...@linaro.org> wrote: > > > > Support has being added through earlier commits to build capsules > > and embed the public key needed for capsule authentication as part of > > u-boot build. > > > > From the testing point-of-view, this means the input files needed for > > generating the above have to be setup before invoking the build. Set > > this up in the CI configuration files for testing the capsule update > > feature. > > > > Signed-off-by: Sughosh Ganu <sughosh.g...@linaro.org> > > --- > > Changes since V3: > > * Remove whitespace in the command to generate capsule keys. > > > > .azure-pipelines.yml | 24 ++++++++++++++++++++++++ > > .gitlab-ci.yml | 22 ++++++++++++++++++++++ > > Can you add this to the Dockerfile instead? It looks like this will > run on each build.
Okay. Let me try this out. -sughosh > > > 2 files changed, 46 insertions(+) > > > > diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml > > index 06c46b681c..d732ba443d 100644 > > --- a/.azure-pipelines.yml > > +++ b/.azure-pipelines.yml > > @@ -398,6 +398,17 @@ stages: > > wget -O - > > https://github.com/riscv-software-src/opensbi/releases/download/v1.2/opensbi-1.2-rv-bin.tar.xz > > | tar -C /tmp -xJ; > > export > > OPENSBI=/tmp/opensbi-1.2-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin; > > fi > > + mkdir -p /tmp/capsules/; > > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; > > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > > + if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == > > "sandbox_flattree" ]]; then > > + openssl req -x509 -sha256 -newkey rsa:2048 -subj > > /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out > > /tmp/capsules/SIGNER.crt -nodes -days 365; > > + openssl req -x509 -sha256 -newkey rsa:2048 -subj > > /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out > > /tmp/capsules/SIGNER2.crt -nodes -days 365; > > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt > > /tmp/capsules/SIGNER.esl; > > + fi > > + > > # the below corresponds to .gitlab-ci.yml "script" > > cd ${WORK_DIR} > > export UBOOT_TRAVIS_BUILD_DIR=/tmp/${TEST_PY_BD}; > > @@ -582,6 +593,19 @@ stages: > > cd ${WORK_DIR} > > # make environment variables available as tests are running > > inside a container > > export BUILDMAN="${BUILDMAN}" > > + if [[ "${BUILDMAN}" == "sandbox" ]] || [[ "${BUILDMAN}" == > > "sandbox x86" ]]; then > > + if [ ! -d "/tmp/capsules/" ]; then > > + mkdir -p /tmp/capsules/; > > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; > > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > > + > > + openssl req -x509 -sha256 -newkey rsa:2048 -subj > > /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER.key -out > > /tmp/capsules/SIGNER.crt -nodes -days 365; > > + openssl req -x509 -sha256 -newkey rsa:2048 -subj > > /CN=TEST_SIGNER/ -keyout /tmp/capsules/SIGNER2.key -out > > /tmp/capsules/SIGNER2.crt -nodes -days 365; > > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt > > /tmp/capsules/SIGNER.esl; > > + fi > > + fi > > git config --global --add safe.directory ${WORK_DIR} > > EOF > > cat << "EOF" >> build.sh > > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml > > index cfd58513c3..aec6ffaf1c 100644 > > --- a/.gitlab-ci.yml > > +++ b/.gitlab-ci.yml > > @@ -37,6 +37,17 @@ stages: > > export > > OPENSBI=/tmp/opensbi-1.2-rv-bin/share/opensbi/lp64/generic/firmware/fw_dynamic.bin; > > fi > > > > + - mkdir -p /tmp/capsules/; > > + - echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; > > + - echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > > + - echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > > + - echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > > + - if [[ "${TEST_PY_BD}" == "sandbox" ]] || [[ "${TEST_PY_BD}" == > > "sandbox_flattree" ]]; then > > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ > > -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days > > 365; > > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ > > -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes > > -days 365; > > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt > > /tmp/capsules/SIGNER.esl; > > + fi > > + > > after_script: > > - cp -v /tmp/${TEST_PY_BD}/*.{html,css} . > > - rm -rf /tmp/uboot-test-hooks /tmp/venv > > @@ -131,6 +142,17 @@ build all other platforms: > > stage: world build > > script: > > - ret=0; > > + if [ ! -d "/tmp/capsules/" ]; then > > + mkdir -p /tmp/capsules/; > > + echo -n "u-boot:Old" >/tmp/capsules/u-boot.bin.old; > > + echo -n "u-boot:New" >/tmp/capsules/u-boot.bin.new; > > + echo -n "u-boot-env:Old" >/tmp/capsules/u-boot.env.old; > > + echo -n "u-boot-env:New" >/tmp/capsules/u-boot.env.new; > > + > > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ > > -keyout /tmp/capsules/SIGNER.key -out /tmp/capsules/SIGNER.crt -nodes -days > > 365; > > + openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=TEST_SIGNER/ > > -keyout /tmp/capsules/SIGNER2.key -out /tmp/capsules/SIGNER2.crt -nodes > > -days 365; > > + cert-to-efi-sig-list /tmp/capsules/SIGNER.crt > > /tmp/capsules/SIGNER.esl; > > + fi > > git config --global --add safe.directory "${CI_PROJECT_DIR}"; > > ./tools/buildman/buildman -o /tmp -PEWM -x arm,powerpc || ret=$?; > > if [[ $ret -ne 0 ]]; then > > -- > > 2.34.1 > > > > Regards, > Simon
