@@ -101,6 +101,9 @@ jobs:
image: ${{ matrix.container }}
env: ${{ matrix.env }}
+ environment:
+ name: test
+
steps:
- name: Show OS
run: cat /etc/os-release
@@ -125,6 +128,19 @@ jobs:
fi
fi
+ - name: Download UML kernel and signing key
+ run: |
+ asset_name_suffix=${{ matrix.container }}
+ asset_name_suffix="$(echo $asset_name_suffix | sed 's/[:\/]/./')"
+ if [ -n "$ARCH" ]; then
+ asset_name_suffix="$asset_name_suffix.$ARCH"
+ fi
+ curl -L ${{ secrets.LINUX_URL }}/${GITHUB_REF##*/}-test/linux-$asset_name_suffix -s -f --output linux || echo
+ curl -L ${{ secrets.LINUX_URL }}/${GITHUB_REF##*/}-test/signing_key.pem-$asset_name_suffix -s -f --output signing_key.pem || echo
+ if [ -f linux ]; then
+ chmod +x linux
+ fi
+
- name: Compiler version
run: $CC --version
@@ -87,11 +87,23 @@ before_install:
sudo curl -L https://github.com/opencontainers/runc/releases/download/v1.0.0-rc93/runc.amd64 -o /usr/bin/runc
sudo chmod +x /usr/bin/runc
fi
+ - asset_name_suffix=$DISTRO
+ - asset_name_suffix="$(echo $asset_name_suffix | sed 's/[:\/]/./')"
+ - >
+ if [ -n "$ARCH" ]; then
+ asset_name_suffix="$asset_name_suffix.$ARCH"
+ fi
- $CONTAINER info
- DIR="/usr/src/ima-evm-utils"
- printf "FROM $DISTRO\nRUN mkdir -p $DIR\nWORKDIR $DIR\nCOPY . $DIR\n" > Dockerfile
- cat Dockerfile
+ - curl -L $LINUX_URL/$TRAVIS_BRANCH-test/linux-$asset_name_suffix -s -f --output linux || echo
+ - curl -L $LINUX_URL/$TRAVIS_BRANCH-test/signing_key.pem-$asset_name_suffix -s -f --output signing_key.pem || echo
+ - >
+ if [ -f "linux" ]; then
+ chmod +x linux
+ fi
- $CONTAINER build $CONTAINER_ARGS -t ima-evm-utils .
script:
@@ -42,7 +42,8 @@ apk add \
sudo \
wget \
which \
- xxd
+ xxd \
+ curl
if [ ! "$TSS" ]; then
apk add git
@@ -21,4 +21,5 @@ apt-get install -y \
wget \
xsltproc \
xxd \
+ curl \
&& control openssl-gost enabled
@@ -49,6 +49,8 @@ $apt \
sudo \
wget \
xsltproc \
+ curl \
+ ca-certificates
$apt xxd || $apt vim-common
$apt libengine-gost-openssl1.1$ARCH || true
@@ -38,7 +38,8 @@ yum -y install \
sudo \
vim-common \
wget \
- which
+ which \
+ curl
yum -y install docbook5-style-xsl || true
yum -y install swtpm || true
@@ -40,7 +40,8 @@ zypper --non-interactive install --force-resolution --no-recommends \
vim \
wget \
which \
- xsltproc
+ xsltproc \
+ curl
if [ -f /usr/lib/ibmtss/tpm_server -a ! -e /usr/local/bin/tpm_server ]; then
ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin
Testing kernel functionality is more difficult than testing user space software, as it requires support from the testing platform to create a more specific environment (e.g. a virtual machine). User space software instead could be simply run in a container. Fortunately, a kernel architecture named UML (User Mode Linux) allows the kernel to be executed as a user space process, which would be suitable also for testing platforms such as Github Actions and Travis. This patch simply downloads (errors are ignored) the UML kernel binary and its signing key as artifacts from a URL in the format: $LINUX_URL/<ima-evm-utils branch>-test/<asset> The LINUX_URL environment variable must be set in the configuration of the testing platform (for Github Actions, the variable must be created in an environment named 'test'). LINUX_URL could be for example: https://github.com/robertosassu/linux/releases/download/ If Github Releases is used, a workflow should build the kernel, tagged as '<ima-evm-utils>-test', and publish the artifacts. The UML kernel binary should be named 'linux-<container name>[.<arch>]' and the signing key 'signing_key.pem-<container name>', where the '.<arch>' suffix appears only if the current arch is not x86_64 and separator characters in the container name are replaced with '.'. Finally, the patch also adds curl and ca-certificates as software dependencies when necesssary. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- .github/workflows/ci.yml | 16 ++++++++++++++++ .travis.yml | 12 ++++++++++++ ci/alpine.sh | 3 ++- ci/alt.sh | 1 + ci/debian.sh | 2 ++ ci/fedora.sh | 3 ++- ci/tumbleweed.sh | 3 ++- 7 files changed, 37 insertions(+), 3 deletions(-)