| Message ID | 20250131152553.270393-4-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Security testing with MTDA | expand |
On 31.01.25 16:25, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > Lava generates an directory, in LAVA called overlay, which contains a directory > all scripts and tests of the test stage. The Device-under-test device-under-test > needs to be instrumented with with this overlay. LAVA provides the with too many "with" > possibility to download the overlay via http or NFS. We use curl > to download to the overlay from a http server. "download it"? > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > .gitlab-ci.yml | 2 ++ > kas/opt/security_test.yml | 16 ++++++++++++++++ > 2 files changed, 18 insertions(+) > create mode 100644 kas/opt/security_test.yml > > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml > index dd4baf4..d7055f2 100644 > --- a/.gitlab-ci.yml > +++ b/.gitlab-ci.yml > @@ -65,6 +65,7 @@ default: > - if [ "${release}" = "trixie" ]; then base_yaml="${base_yaml}:kas/opt/trixie.yml"; fi > - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-data.yml"; fi > - if [ "${watchdog}" = "disable" ]; then base_yaml="${base_yaml}:kas/opt/disable-watchdog.yml"; fi > + - if [ "${security_test}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/security_test.yml"; fi > - if [ "${swupdate_version}" = "2022.12" ]; then base_yaml="${base_yaml}:kas/opt/swupdate-2022.12.yaml"; fi > - echo "Building ${base_yaml}" > - kas build ${base_yaml} > @@ -251,6 +252,7 @@ build:x86-uefi-secure-boot: > use_rt: disable > targz: disable > watchdog: disable > + security_test: enable > > build:qemu-amd64-swupdate: > extends: > diff --git a/kas/opt/security_test.yml b/kas/opt/security_test.yml > new file mode 100644 > index 0000000..73d22eb > --- /dev/null > +++ b/kas/opt/security_test.yml > @@ -0,0 +1,16 @@ > +# > +# Copyright (c) Siemens AG, 2025 > +# > +# Authors: > +# Quirin Gylstorff <quirin.gylstorff@siemens.com> > +# > +# SPDX-License-Identifier: MIT > +# > + > +header: > + version: 14 > + > +local_conf_header: > + lava-testing-add-curl: | > + IMAGE_PREINSTALL += "curl" :append > + I just found this in doc/README.security-testing.md: "To run `cip-security-tests` the image should need additional package `sshpass` and rootfs size should need atleast 5GB, add the below configuration in kas/opt/security.yml file" Is that step no longer needed, or should the new security_test.yml actually include that as well, simplifying test setups? Jan
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dd4baf4..d7055f2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -65,6 +65,7 @@ default: - if [ "${release}" = "trixie" ]; then base_yaml="${base_yaml}:kas/opt/trixie.yml"; fi - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-data.yml"; fi - if [ "${watchdog}" = "disable" ]; then base_yaml="${base_yaml}:kas/opt/disable-watchdog.yml"; fi + - if [ "${security_test}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/security_test.yml"; fi - if [ "${swupdate_version}" = "2022.12" ]; then base_yaml="${base_yaml}:kas/opt/swupdate-2022.12.yaml"; fi - echo "Building ${base_yaml}" - kas build ${base_yaml} @@ -251,6 +252,7 @@ build:x86-uefi-secure-boot: use_rt: disable targz: disable watchdog: disable + security_test: enable build:qemu-amd64-swupdate: extends: diff --git a/kas/opt/security_test.yml b/kas/opt/security_test.yml new file mode 100644 index 0000000..73d22eb --- /dev/null +++ b/kas/opt/security_test.yml @@ -0,0 +1,16 @@ +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff <quirin.gylstorff@siemens.com> +# +# SPDX-License-Identifier: MIT +# + +header: + version: 14 + +local_conf_header: + lava-testing-add-curl: | + IMAGE_PREINSTALL += "curl" +