| Message ID | 20250204115722.48815-1-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [isar-cip-core,v4] kas/opt: add new option for security testing | expand |
On 04.02.25 12:56, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > Lava generates a directory, in LAVA called overlay, which contains > all scripts and tests of the test stage. The device-under-test > needs to be instrumented with this overlay. LAVA provides the > possibility to download the overlay via http or NFS. We use curl > to download the overlay from a http server onto the target. > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > Changes v4: > - fixed description This does not yet address my other comments at the end of v3. Jan > .gitlab-ci.yml | 2 ++ > kas/opt/security_test.yml | 16 ++++++++++++++++ > 2 files changed, 18 insertions(+) > create mode 100644 kas/opt/security_test.yml > > diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml > index dd4baf4..d7055f2 100644 > --- a/.gitlab-ci.yml > +++ b/.gitlab-ci.yml > @@ -65,6 +65,7 @@ default: > - if [ "${release}" = "trixie" ]; then base_yaml="${base_yaml}:kas/opt/trixie.yml"; fi > - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-data.yml"; fi > - if [ "${watchdog}" = "disable" ]; then base_yaml="${base_yaml}:kas/opt/disable-watchdog.yml"; fi > + - if [ "${security_test}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/security_test.yml"; fi > - if [ "${swupdate_version}" = "2022.12" ]; then base_yaml="${base_yaml}:kas/opt/swupdate-2022.12.yaml"; fi > - echo "Building ${base_yaml}" > - kas build ${base_yaml} > @@ -251,6 +252,7 @@ build:x86-uefi-secure-boot: > use_rt: disable > targz: disable > watchdog: disable > + security_test: enable > > build:qemu-amd64-swupdate: > extends: > diff --git a/kas/opt/security_test.yml b/kas/opt/security_test.yml > new file mode 100644 > index 0000000..73d22eb > --- /dev/null > +++ b/kas/opt/security_test.yml > @@ -0,0 +1,16 @@ > +# > +# Copyright (c) Siemens AG, 2025 > +# > +# Authors: > +# Quirin Gylstorff <quirin.gylstorff@siemens.com> > +# > +# SPDX-License-Identifier: MIT > +# > + > +header: > + version: 14 > + > +local_conf_header: > + lava-testing-add-curl: | > + IMAGE_PREINSTALL += "curl" > +
On 2/4/25 14:24, Jan Kiszka wrote: > On 04.02.25 12:56, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> Lava generates a directory, in LAVA called overlay, which contains >> all scripts and tests of the test stage. The device-under-test >> needs to be instrumented with this overlay. LAVA provides the >> possibility to download the overlay via http or NFS. We use curl >> to download the overlay from a http server onto the target. >> >> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> --- >> Changes v4: >> - fixed description > > This does not yet address my other comments at the end of v3. I cannot answer that part ;-p The automatic testing didn't require it as far as I know. So I would suspect that the README needs to be adapted. @Sai, @Dinesh - Does security testing still need sshpass and a rootfs size of at least 5G? Quirin > > Jan > >> .gitlab-ci.yml | 2 ++ >> kas/opt/security_test.yml | 16 ++++++++++++++++ >> 2 files changed, 18 insertions(+) >> create mode 100644 kas/opt/security_test.yml >> >> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml >> index dd4baf4..d7055f2 100644 >> --- a/.gitlab-ci.yml >> +++ b/.gitlab-ci.yml >> @@ -65,6 +65,7 @@ default: >> - if [ "${release}" = "trixie" ]; then base_yaml="${base_yaml}:kas/opt/trixie.yml"; fi >> - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-data.yml"; fi >> - if [ "${watchdog}" = "disable" ]; then base_yaml="${base_yaml}:kas/opt/disable-watchdog.yml"; fi >> + - if [ "${security_test}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/security_test.yml"; fi >> - if [ "${swupdate_version}" = "2022.12" ]; then base_yaml="${base_yaml}:kas/opt/swupdate-2022.12.yaml"; fi >> - echo "Building ${base_yaml}" >> - kas build ${base_yaml} >> @@ -251,6 +252,7 @@ build:x86-uefi-secure-boot: >> use_rt: disable >> targz: disable >> watchdog: disable >> + security_test: enable >> >> build:qemu-amd64-swupdate: >> extends: >> diff --git a/kas/opt/security_test.yml b/kas/opt/security_test.yml >> new file mode 100644 >> index 0000000..73d22eb >> --- /dev/null >> +++ b/kas/opt/security_test.yml >> @@ -0,0 +1,16 @@ >> +# >> +# Copyright (c) Siemens AG, 2025 >> +# >> +# Authors: >> +# Quirin Gylstorff <quirin.gylstorff@siemens.com> >> +# >> +# SPDX-License-Identifier: MIT >> +# >> + >> +header: >> + version: 14 >> + >> +local_conf_header: >> + lava-testing-add-curl: | >> + IMAGE_PREINSTALL += "curl" >> + >
Hi Quirine, We are preparing patch to update README. Regards, Dinesh Kumar -----Original Message----- From: Quirin Gylstorff <quirin.gylstorff@siemens.com> Sent: 05 February 2025 13:29 To: Jan Kiszka <jan.kiszka@siemens.com>; ashrith sai(TSIP) <Sai.Sathujoda@toshiba-tsip.com>; cip-dev@lists.cip-project.org; dinesh kumar(TSIP TMIEC ODG Porting) <dinesh.kumar@toshiba-tsip.com> Subject: Re: [cip-dev][isar-cip-core][PATCH v4] kas/opt: add new option for security testing On 2/4/25 14:24, Jan Kiszka wrote: > On 04.02.25 12:56, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> Lava generates a directory, in LAVA called overlay, which contains >> all scripts and tests of the test stage. The device-under-test needs >> to be instrumented with this overlay. LAVA provides the possibility >> to download the overlay via http or NFS. We use curl to download the >> overlay from a http server onto the target. >> >> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> --- >> Changes v4: >> - fixed description > > This does not yet address my other comments at the end of v3. I cannot answer that part ;-p The automatic testing didn't require it as far as I know. So I would suspect that the README needs to be adapted. @Sai, @Dinesh - Does security testing still need sshpass and a rootfs size of at least 5G? Quirin > > Jan > >> .gitlab-ci.yml | 2 ++ >> kas/opt/security_test.yml | 16 ++++++++++++++++ >> 2 files changed, 18 insertions(+) >> create mode 100644 kas/opt/security_test.yml >> >> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dd4baf4..d7055f2 >> 100644 >> --- a/.gitlab-ci.yml >> +++ b/.gitlab-ci.yml >> @@ -65,6 +65,7 @@ default: >> - if [ "${release}" = "trixie" ]; then base_yaml="${base_yaml}:kas/opt/trixie.yml"; fi >> - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-data.yml"; fi >> - if [ "${watchdog}" = "disable" ]; then >> base_yaml="${base_yaml}:kas/opt/disable-watchdog.yml"; fi >> + - if [ "${security_test}" = "enable" ]; then >> + base_yaml="${base_yaml}:kas/opt/security_test.yml"; fi >> - if [ "${swupdate_version}" = "2022.12" ]; then base_yaml="${base_yaml}:kas/opt/swupdate-2022.12.yaml"; fi >> - echo "Building ${base_yaml}" >> - kas build ${base_yaml} >> @@ -251,6 +252,7 @@ build:x86-uefi-secure-boot: >> use_rt: disable >> targz: disable >> watchdog: disable >> + security_test: enable >> >> build:qemu-amd64-swupdate: >> extends: >> diff --git a/kas/opt/security_test.yml b/kas/opt/security_test.yml >> new file mode 100644 index 0000000..73d22eb >> --- /dev/null >> +++ b/kas/opt/security_test.yml >> @@ -0,0 +1,16 @@ >> +# >> +# Copyright (c) Siemens AG, 2025 >> +# >> +# Authors: >> +# Quirin Gylstorff <quirin.gylstorff@siemens.com> # # >> +SPDX-License-Identifier: MIT # >> + >> +header: >> + version: 14 >> + >> +local_conf_header: >> + lava-testing-add-curl: | >> + IMAGE_PREINSTALL += "curl" >> + >
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dd4baf4..d7055f2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -65,6 +65,7 @@ default: - if [ "${release}" = "trixie" ]; then base_yaml="${base_yaml}:kas/opt/trixie.yml"; fi - if [ "${encrypt}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/encrypt-data.yml"; fi - if [ "${watchdog}" = "disable" ]; then base_yaml="${base_yaml}:kas/opt/disable-watchdog.yml"; fi + - if [ "${security_test}" = "enable" ]; then base_yaml="${base_yaml}:kas/opt/security_test.yml"; fi - if [ "${swupdate_version}" = "2022.12" ]; then base_yaml="${base_yaml}:kas/opt/swupdate-2022.12.yaml"; fi - echo "Building ${base_yaml}" - kas build ${base_yaml} @@ -251,6 +252,7 @@ build:x86-uefi-secure-boot: use_rt: disable targz: disable watchdog: disable + security_test: enable build:qemu-amd64-swupdate: extends: diff --git a/kas/opt/security_test.yml b/kas/opt/security_test.yml new file mode 100644 index 0000000..73d22eb --- /dev/null +++ b/kas/opt/security_test.yml @@ -0,0 +1,16 @@ +# +# Copyright (c) Siemens AG, 2025 +# +# Authors: +# Quirin Gylstorff <quirin.gylstorff@siemens.com> +# +# SPDX-License-Identifier: MIT +# + +header: + version: 14 + +local_conf_header: + lava-testing-add-curl: | + IMAGE_PREINSTALL += "curl" +