On Fri, Mar 07, 2025 at 01:08:33AM +0100, Heinrich Schuchardt wrote: > Am 7. März 2025 00:17:11 MEZ schrieb Tom Rini <tr...@konsulko.com>: > >Now that we have no users of "virt-make-fs" nor users of "sudo" for > >creating disk images update the documentation. We remove packages that > >are no longer required (and related text) as well as be firm in our > >wording around not using "sudo". > > > >Signed-off-by: Tom Rini <tr...@konsulko.com> > >--- > >Cc: Heinrich Schuchardt <xypron.g...@gmx.de> > >--- > > doc/develop/py_testing.rst | 22 +++------------------- > > 1 file changed, 3 insertions(+), 19 deletions(-) > > > >diff --git a/doc/develop/py_testing.rst b/doc/develop/py_testing.rst > >index b50473039be4..ea1329c44b17 100644 > >--- a/doc/develop/py_testing.rst > >+++ b/doc/develop/py_testing.rst > >@@ -41,13 +41,11 @@ will be required. The following is an incomplete list: > > * dfu-util > > * dtc > > * openssl > >-* sudo OR guestmount > > * e2fsprogs > > * util-linux > > * coreutils > > * dosfstools > > * efitools > >-* guestfs-tools > > * mount > > * mtools > > * sbsigntool > >@@ -64,23 +62,9 @@ The test script supports either: > > physical board, attach to the board's console stream, and reset the board. > > Further details are described later. > > > >-The usage of command 'sudo' should be avoided in tests. To create disk > >images > >-use command virt-make-fs which is provided by package guestfs-tools. This > >-command creates a virtual machine with QEMU in which the disk image is > >-generated. > >- > >-Command virt-make-fs needs read access to the current kernel. On Ubuntu only > >-root has this privilege. You can add a script > >/etc/initramfs-tools/hooks/vmlinuz > >-with the following content to overcome the problem: > >- > >-.. code-block:: bash > >- > >- #!/bin/sh > >- echo "chmod a+r vmlinuz-*" > >- chmod a+r /boot/vmlinuz-* > >- > >-The script should be chmod 755. It will be invoked whenever the initial RAM > >file > >-system is updated. > >+The usage of the command 'sudo' is not allowed in tests. To create disk > >images > > Can we add the reasoning here: > > Using elevated priviledges can lead to security concerns. Furthermore not all > users may have administrator rights. Therefore the command 'sudo' must not be > used in tests. > > >+we have helper functions located in `test/py/tests/fs_helper.py` which is > >to be > > %s/is to be/shall be/ > > I would rather use 'shall' in accordance with RFC 2119 for clarity. > > >+used in any tests that require disk images. > > %s/require/require creating/ > > We have tests coming with prepared images (efi_selftest_disk_image.h). Other > tests might require a downloaded ISO (see the pmem patch series).
Good points all, thanks. -- Tom
signature.asc
Description: PGP signature
