From 8fc69ef56f65a922dad35da493a5744bd8c0efe4 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 05:07:33 +0200 Subject: [PATCH 01/70] Added draft of a recursive scandir generator --- debirf/scripts/create_plugin.py | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index 83b6ed0b..d9ffb436 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -1,6 +1,6 @@ #!/usr/bin/python3 -# Copyright (C) 2018, 2021 Gunter Miegel coinboot.io +# Copyright (C) 2018, 2021-2022 Gunter Miegel coinboot.io # # This file is part of Coinboot. # @@ -28,7 +28,7 @@ """ -import os +from os import scandir import tarfile import re from subprocess import call @@ -55,19 +55,19 @@ "/var/log", ".*__pycache__.*", ".wget-hsts", - ".*\.cache", + r".*\.cache", ) - -def find(path_to_walk): - """Return results similar to the Unix find command run without options - i.e. traverse a directory tree and return all the file paths +def find(path_to_scan): + """Returns generator object with results similar to a Unix find command run without options + traversing recursive a directory tree and returning all file paths """ - return [ - os.path.join(path, file) - for (path, dirs, files) in os.walk(path_to_walk) - for file in files - ] + for entry in scandir(path_to_scan): + if entry.is_dir(follow_symlinks=False): + yield entry.path + yield from find(entry.path) + else: + yield entry.path def main(arguments): @@ -90,7 +90,7 @@ def main(arguments): files_for_plugin_archive = [] - for path in find(PLUGIN_DIR): + for path in list(find(PLUGIN_DIR)): cleaned_path = re.sub(PLUGIN_DIR, "", path) # FIXME: Switch to re.match() against path without PLUGIN_DIR prefix if any(re.findall(pattern, cleaned_path) for pattern in EXCLUDE): @@ -101,7 +101,6 @@ def main(arguments): files_for_plugin_archive.append(FINAL_DPKG_STATUS) - archive_name = arguments[""] + ".tar.gz" tar = tarfile.open(archive_name, "w:gz") @@ -121,7 +120,6 @@ def main(arguments): print("Created Coinboot Plugin:", archive_name) - if __name__ == "__main__": arguments = docopt(__doc__, version="Create Coinboot Plugins v0.1") main(arguments) From 2f2401cb9a294966b9f17520516f9aa445b3d917 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 05:13:03 +0200 Subject: [PATCH 02/70] Corrected import --- debirf/scripts/create_plugin.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index d9ffb436..b996fee2 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -29,6 +29,7 @@ """ from os import scandir +import os import tarfile import re from subprocess import call @@ -58,6 +59,7 @@ r".*\.cache", ) + def find(path_to_scan): """Returns generator object with results similar to a Unix find command run without options traversing recursive a directory tree and returning all file paths From 5591fc450f6cfd7ade310fc951067f54ac1d7104 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 05:26:33 +0200 Subject: [PATCH 03/70] Moved creation of tar archive to separate function --- debirf/scripts/create_plugin.py | 34 +++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index b996fee2..a09941d1 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -72,6 +72,24 @@ def find(path_to_scan): yield entry.path +def create_tar_archive(files_for_plugin_archive): + """Create tar archive form a list of file""" + tar = tarfile.open(archive_name, "w:gz") + for path in files_for_plugin_archive: + # If a file was deleted which was in the lower directory + # a whiteout file is created in the upper directory. + # So we don't can look at the upper director to track the + # deletion of such files. Else we look if the file is there + # at the merged directory with 'os.path.exists()'. + if os.path.exists(path): + # We have to specfiy explictly the file name in + # the archive to get an absolute path wit a leading '/' + tar.add(path, arcname=path) + else: + print("Whiteout file from lower dir:", path) + tar.close() + + def main(arguments): # print(arguments) if arguments["start"]: @@ -103,22 +121,10 @@ def main(arguments): files_for_plugin_archive.append(FINAL_DPKG_STATUS) + create_tar_archive(files_for_plugin_archive) + archive_name = arguments[""] + ".tar.gz" - tar = tarfile.open(archive_name, "w:gz") - for path in files_for_plugin_archive: - # If a file was deleted which was in the lower directory - # a whiteout file is created in the upper directory. - # So we don't can look at the upper director to track the - # deletion of such files. Else we look if the file is there - # at the merged directory with 'os.path.exists()'. - if os.path.exists(path): - # We have to specfiy explictly the file name in - # the archive to get an absolute path wit a leading '/' - tar.add(path, arcname=path) - else: - print("Whiteout file from lower dir:", path) - tar.close() print("Created Coinboot Plugin:", archive_name) From 11a6411e43f34890a43bc918ba88c4228572e5a1 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 14:39:51 +0200 Subject: [PATCH 04/70] Added archive_name to create_tar_archive function --- debirf/scripts/create_plugin.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index a09941d1..b4592b00 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -72,7 +72,7 @@ def find(path_to_scan): yield entry.path -def create_tar_archive(files_for_plugin_archive): +def create_tar_archive(archive_name, files_for_plugin_archive): """Create tar archive form a list of file""" tar = tarfile.open(archive_name, "w:gz") for path in files_for_plugin_archive: @@ -121,10 +121,10 @@ def main(arguments): files_for_plugin_archive.append(FINAL_DPKG_STATUS) - create_tar_archive(files_for_plugin_archive) - archive_name = arguments[""] + ".tar.gz" + create_tar_archive(archive_name, files_for_plugin_archive) + print("Created Coinboot Plugin:", archive_name) From 19819095ffcde453e9a7b78eb754dfacff29ffee Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 14:40:18 +0200 Subject: [PATCH 05/70] Updated package name of r8168 driver package --- debirf/profiles/coinboot/modules/a2_r8168-network-driver | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debirf/profiles/coinboot/modules/a2_r8168-network-driver b/debirf/profiles/coinboot/modules/a2_r8168-network-driver index 11892943..80d46e8d 100755 --- a/debirf/profiles/coinboot/modules/a2_r8168-network-driver +++ b/debirf/profiles/coinboot/modules/a2_r8168-network-driver @@ -30,7 +30,7 @@ KERNEL_RELEASE=$DEBIRF_KERNEL R8168_PACKAGE=r8168-dkms -R8168_PACKAGE_VERSION=8.049.02-1_all +R8168_PACKAGE_VERSION=8.049.02-1ubuntu1_all R8168_PACKAGE_DEB="$R8168_PACKAGE"_"$R8168_PACKAGE_VERSION".deb PACKAGES="linux-base linux-headers-$DEBIRF_KERNEL libelf-dev wget dkms linux-modules-5.11.0-46-generic" From 40281038993769faa9db791dac388ef70b9ddf14 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 14:54:09 +0200 Subject: [PATCH 06/70] Added remove of duplicates from list of files --- debirf/scripts/create_plugin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index b4592b00..8000017b 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -109,8 +109,8 @@ def main(arguments): ) files_for_plugin_archive = [] - - for path in list(find(PLUGIN_DIR)): + # Use set to remove duplicates from list + for path in set(list(find(PLUGIN_DIR))): cleaned_path = re.sub(PLUGIN_DIR, "", path) # FIXME: Switch to re.match() against path without PLUGIN_DIR prefix if any(re.findall(pattern, cleaned_path) for pattern in EXCLUDE): From 2d133663ba31ceb7906732333e97813bd6d6c1f7 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 18:17:44 +0200 Subject: [PATCH 07/70] Disabled recursively adding directorries --- debirf/scripts/create_plugin.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index 8000017b..b03a2ddb 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -73,25 +73,26 @@ def find(path_to_scan): def create_tar_archive(archive_name, files_for_plugin_archive): - """Create tar archive form a list of file""" + """Create tar archive form a list of files""" tar = tarfile.open(archive_name, "w:gz") for path in files_for_plugin_archive: # If a file was deleted which was in the lower directory # a whiteout file is created in the upper directory. # So we don't can look at the upper director to track the - # deletion of such files. Else we look if the file is there - # at the merged directory with 'os.path.exists()'. + # deletion of such files. + # Else we look if the file is present at the merged directory + # with 'os.path.exists()'. if os.path.exists(path): # We have to specfiy explictly the file name in # the archive to get an absolute path wit a leading '/' - tar.add(path, arcname=path) + # Attention: directories are added recursively be default + tar.add(path, recursive=False, arcname=path) else: print("Whiteout file from lower dir:", path) tar.close() def main(arguments): - # print(arguments) if arguments["start"]: call(["cp", "-v", DPKG_STATUS, INITIAL_DPKG_STATUS]) elif arguments["finish"]: @@ -109,8 +110,7 @@ def main(arguments): ) files_for_plugin_archive = [] - # Use set to remove duplicates from list - for path in set(list(find(PLUGIN_DIR))): + for path in list(find(PLUGIN_DIR)): cleaned_path = re.sub(PLUGIN_DIR, "", path) # FIXME: Switch to re.match() against path without PLUGIN_DIR prefix if any(re.findall(pattern, cleaned_path) for pattern in EXCLUDE): From 171d325650a95681744a5bfe4f0075c808e706ba Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 18:27:12 +0200 Subject: [PATCH 08/70] Added sorted output excluded and included files --- debirf/scripts/create_plugin.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index b03a2ddb..e3890707 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -110,20 +110,33 @@ def main(arguments): ) files_for_plugin_archive = [] + excluded = [] + included = [] + for path in list(find(PLUGIN_DIR)): cleaned_path = re.sub(PLUGIN_DIR, "", path) # FIXME: Switch to re.match() against path without PLUGIN_DIR prefix if any(re.findall(pattern, cleaned_path) for pattern in EXCLUDE): - print("Excluded:", cleaned_path) + # print("Excluded:", cleaned_path) + excluded.append(cleaned_path) else: - print("Included:", cleaned_path) files_for_plugin_archive.append(cleaned_path) + included.append(cleaned_path) + + for entry in excluded: + print("Excluded:", entry) + print("------------------------------------") + for entry in included: + print("Included:", entry) + print("------------------------------------") files_for_plugin_archive.append(FINAL_DPKG_STATUS) archive_name = arguments[""] + ".tar.gz" create_tar_archive(archive_name, files_for_plugin_archive) + + print("------------------------------------") print("Created Coinboot Plugin:", archive_name) From d5a35d97b4ff902cf2354955a57d66f0f0322611 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 18:30:37 +0200 Subject: [PATCH 09/70] Added option keeping metadata of existing dirs --- debirf/debirf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debirf/debirf b/debirf/debirf index 09cb7d72..727cfad9 100755 --- a/debirf/debirf +++ b/debirf/debirf @@ -380,7 +380,7 @@ else # FIXME: Move this stuff to Python. curl -s http://$HTTP_SERVER/plugins/ | grep -v -Fe '[' -e ']' | cut -f 4 -d'"' | while read plugin; do echo "Downloading and extracting plugin: $plugin" - wget http://$HTTP_SERVER/plugins/$plugin -O - | tar -Pxzvf - + wget http://$HTTP_SERVER/plugins/$plugin -O - | tar -Pxzvf --no-overwrite-dir - /usr/local/bin/dpkg_status.py --new /tmp/dpkg_status --old /var/lib/dpkg/status --union > /tmp/status_$plugin mv -v /tmp/status_$plugin /var/lib/dpkg/status echo '----------------------------' From df2917ecefea28f8d44c7c15ea01aa1dcb7e9080 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 19:00:03 +0200 Subject: [PATCH 10/70] Added reworkerd job from 48_amdgpu_21.50_plugin --- .github/workflows/build_and_run.yaml | 44 ++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 080ead60..517ce627 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -18,6 +18,7 @@ jobs: SUITE: ${{ matrix.suite }} run: ./debirf/build_and_run_images # if: github.ref == 'refs/heads//aster' + - name: Upload build artifacts uses: actions/upload-artifact@v2 with: @@ -34,8 +35,10 @@ jobs: uses: actions/download-artifact@v2 with: path: debirf/build + - name: Setup Golang for github-release uses: actions/setup-go@v1 + - name: Create pre-release env: GITHUB_USER: "frzb" @@ -43,9 +46,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GOPATH: "/home/runner/go" run: | - go get github.com/aktau/github-release + go get github.com/github-release/github-release export PATH=$PATH:"${GOPATH}"/bin - export PRE_RELEASE_TAG=pre-release-"${GITHUB_RUN_ID}" + export PRE_RELEASE_TAG=pre-release-"${GITHUB_RUN_ID}"-"${GITHUB_RUN_ATTEMPT}" ls -la "${GOPATH}"/bin env github-release --version @@ -55,10 +58,10 @@ jobs: git tag $PRE_RELEASE_TAG git remote rm origin git remote add origin https://"${{ secrets.GITHUB_TOKEN}}"@github.com/"${GITHUB_USER}"/"${GITHUB_REPO}".git - git push --quiet --set-upstream origin $PRE_RELEASE_TAG - github-release -v release --pre-release --tag $PRE_RELEASE_TAG --name $PRE_RELEASE_TAG - set -x - echo $0 + git push --set-upstream origin $PRE_RELEASE_TAG + github-release release --pre-release --tag $PRE_RELEASE_TAG --name $PRE_RELEASE_TAG + # Use GNU parallel to add some delay for waiting that the release is created + parallel --verbose --retries 20 --delay 5 ::: "github-release info --tag $PRE_RELEASE_TAG" find ./debirf/build/artifact -name coinboot-* -type f -execdir sh -c "readlink -f {} && basename {}" \; | xargs -n 2 sh -c 'github-release -v upload --tag $PRE_RELEASE_TAG -n $2 -f $1 -l $2' sh verify_and_release: @@ -73,21 +76,25 @@ jobs: shell: bash # run: https://raw.githubusercontent.com/frzb/coinboot/"${GITHUB_REF##*/}"/setup_coinboot_requirements | bash run: ./setup_coinboot_requirements + - name: Run Coinboot server and boot workers env: KERNEL: "5.11.0-46-generic" SUITE: "focal" shell: bash run: | - export PRE_RELEASE_TAG=pre-release-"${GITHUB_RUN__ID}" + export PRE_RELEASE_TAG=pre-release-"${GITHUB_RUN_ID}"-"${GITHUB_RUN_ATTEMPT}" export RELEASE=$PRE_RELEASE_TAG ./server/run_coinboot + - name: Download build artifact uses: actions/download-artifact@v2 with: path: debirf/build - - name: Create release from pre-release on main - if: github.ref == 'refs/heads/main' + + - name: Create release on main or develop + # Release on develop keeps the type pre-release + if: github.ref == ( 'refs/heads/main' || 'refs/heads/develop' ) env: GITHUB_USER: "frzb" GITHUB_REPO: "coinboot" @@ -96,8 +103,12 @@ jobs: run: | go get github.com/aktau/github-release export PATH=$PATH:"${GOPATH}"/bin - export PRE_RELEASE_TAG=pre-release-"${GITHUB_RUN_ID}" - export RELEASE_TAG=$(date +%Y%m%d) + export PRE_RELEASE_TAG=pre-release-"${GITHUB_RUN_ID}"-"${GITHUB_RUN_ATTEMPT}" + if [ "${GITHUB_REF##*/}" = "main" ]; then + export RELEASE_TAG=$(date +%y.%m.%d) + else + export RELEASE_TAG=$(date +%y.%m.%d)-dev + fi # actions/checkout@v2 with depth 0 is not pulling tags. # To avoid a full pull we just pull the tags. git pull --tags origin @@ -109,8 +120,15 @@ jobs: git remote add origin https://"${GITHUB_TOKEN}"@github.com/"${GITHUB_USER}"/"${GITHUB_REPO}".git git push --quiet --set-upstream origin $RELEASE_TAG git push origin :refs/tags/"${PRE_RELEASE_TAG}" - github-release -v release --tag $RELEASE_TAG --name $RELEASE_TAG + if [ "${GITHUB_REF##*/}" = "main" ]; then + github-release -v release --tag $RELEASE_TAG --name $RELEASE_TAG + else + github-release -v release --pre-release --tag $RELEASE_TAG --name $RELEASE_TAG + fi + # Use GNU parallel to add some delay for waiting that the release is created + parallel --verbose --retries 20 --delay 5 ::: "github-release info --tag $PRE_RELEASE_TAG" find ./debirf/build/artifact -name coinboot-* -type f -execdir sh -c "readlink -f {} && basename {}" \; | xargs -n 2 sh -c 'github-release -v upload --tag $RELEASE_TAG -n $2 -f $1 -l $2' sh + - name: Remove pre-release if not on main or failing # Only remove pre-release on main, else make a release. if: github.ref != 'refs/heads/main' || ${{ failure() }} @@ -122,7 +140,7 @@ jobs: run: | go get github.com/aktau/github-release export PATH=$PATH:"${GOPATH}"/bin - export PRE_RELEASE_TAG=pre-release-"${GITHUB_RUN_ID}" + export PRE_RELEASE_TAG=pre-release-"${GITHUB_RUN_ID}"-"${GITHUB_RUN_ATTEMPT}" github-release -v delete -t $PRE_RELEASE_TAG git config --global user.email "build@coinboot.io" git config --global user.name "Github Actions" From 3c8196ee56ce6142baac897c610917219d6bd4e5 Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 1 Apr 2022 06:45:09 +0200 Subject: [PATCH 11/70] Corrected syntax for calling tar --- debirf/debirf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debirf/debirf b/debirf/debirf index 727cfad9..272c60a4 100755 --- a/debirf/debirf +++ b/debirf/debirf @@ -380,7 +380,7 @@ else # FIXME: Move this stuff to Python. curl -s http://$HTTP_SERVER/plugins/ | grep -v -Fe '[' -e ']' | cut -f 4 -d'"' | while read plugin; do echo "Downloading and extracting plugin: $plugin" - wget http://$HTTP_SERVER/plugins/$plugin -O - | tar -Pxzvf --no-overwrite-dir - + wget http://$HTTP_SERVER/plugins/$plugin -O - | tar ---no-overwrite -dirPxzvf - /usr/local/bin/dpkg_status.py --new /tmp/dpkg_status --old /var/lib/dpkg/status --union > /tmp/status_$plugin mv -v /tmp/status_$plugin /var/lib/dpkg/status echo '----------------------------' From 2eefdaa882852f51e92d3032e22b9acecb19b0a2 Mon Sep 17 00:00:00 2001 From: gm Date: Sat, 2 Apr 2022 20:58:04 +0200 Subject: [PATCH 12/70] Fixed screwed up tar syntax --- debirf/debirf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debirf/debirf b/debirf/debirf index 272c60a4..a3c43c8d 100755 --- a/debirf/debirf +++ b/debirf/debirf @@ -380,7 +380,7 @@ else # FIXME: Move this stuff to Python. curl -s http://$HTTP_SERVER/plugins/ | grep -v -Fe '[' -e ']' | cut -f 4 -d'"' | while read plugin; do echo "Downloading and extracting plugin: $plugin" - wget http://$HTTP_SERVER/plugins/$plugin -O - | tar ---no-overwrite -dirPxzvf - + wget http://$HTTP_SERVER/plugins/$plugin -O - | tar --no-overwrite-dir -Pxzvf - /usr/local/bin/dpkg_status.py --new /tmp/dpkg_status --old /var/lib/dpkg/status --union > /tmp/status_$plugin mv -v /tmp/status_$plugin /var/lib/dpkg/status echo '----------------------------' From 962bb9c6a5ba48529c7f20b2f22293c2f9d27f0d Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 05:07:33 +0200 Subject: [PATCH 13/70] Added draft of a recursive scandir generator --- debirf/scripts/create_plugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index e3890707..d6c69391 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -135,7 +135,7 @@ def main(arguments): archive_name = arguments[""] + ".tar.gz" create_tar_archive(archive_name, files_for_plugin_archive) - + print("------------------------------------") print("Created Coinboot Plugin:", archive_name) From ff5894be637b6bc64d7690b1b7a64d4b06c02c72 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 31 Mar 2022 18:27:12 +0200 Subject: [PATCH 14/70] Added sorted output excluded and included files --- debirf/scripts/create_plugin.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debirf/scripts/create_plugin.py b/debirf/scripts/create_plugin.py index d6c69391..b295822e 100755 --- a/debirf/scripts/create_plugin.py +++ b/debirf/scripts/create_plugin.py @@ -135,6 +135,8 @@ def main(arguments): archive_name = arguments[""] + ".tar.gz" create_tar_archive(archive_name, files_for_plugin_archive) + + print("------------------------------------") print("------------------------------------") From c53c44df9a73fc7317c6f4b65141844709641ed8 Mon Sep 17 00:00:00 2001 From: gm Date: Sat, 2 Apr 2022 22:33:38 +0200 Subject: [PATCH 15/70] Corrected syntax for calling tar --- server/run_coinboot | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 4e30e1f5..612e0685 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -128,6 +128,32 @@ build_docker_image() { docker build -t coinboot/coinboot:latest ./docker/ } +create_test_plugin() { + pushd . + + cd ../plugins/ + + src/test-plugin.yaml <<-'EOF' + --- + plugin: Test plugin + archive_name: coinboot-test-plugin + version: v0.0.1 + description: Test plugin for verification + maintainer: Gunter Miegel + source: https://github.com/frzb/coinboot + run: | + sudo mkdir /home/ubuntu/test_dir + echo 'This is a test' | sudo tee -a /home/ubuntu/test_dir/file1 + sudo chown -R ubuntu:ubuntu /home/ubuntu/test_dir + EOF + + ./coinbootmaker -p test-plugin.yaml + + cp -v build/coinboot_test-plugin* enable/ + + popd + } + up_docker_compose() { docker-compose up -d sleep 30 @@ -201,7 +227,7 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl"; do + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && ls -la /home/ubuntu/*"; do echo 'Waiting for SSH login to succeed...' sleep 10 done @@ -271,6 +297,8 @@ export $(grep -v '^#' ./conf/environment/* | xargs) # running dnsmasq 2.80 which is lacking "dhcp-ignore-clid", this feature was introduced with 2.81 # check_dnsmasq_config +create_test_plugin + build_docker_image up_docker_compose From 701aeb665ca04160cf23a49326413948fb9f86d8 Mon Sep 17 00:00:00 2001 From: gm Date: Sat, 2 Apr 2022 22:39:22 +0200 Subject: [PATCH 16/70] Added test-plugin --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 612e0685..e46db219 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -136,7 +136,7 @@ create_test_plugin() { src/test-plugin.yaml <<-'EOF' --- plugin: Test plugin - archive_name: coinboot-test-plugin + archive_name: test-plugin version: v0.0.1 description: Test plugin for verification maintainer: Gunter Miegel From 20f6a38eb1e1c08d252e5b1d3f1ec4d85b51fde7 Mon Sep 17 00:00:00 2001 From: gm Date: Sat, 2 Apr 2022 23:00:14 +0200 Subject: [PATCH 17/70] Added closing bracket to function --- server/run_coinboot | 1 + 1 file changed, 1 insertion(+) diff --git a/server/run_coinboot b/server/run_coinboot index e46db219..6fbcb994 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -146,6 +146,7 @@ create_test_plugin() { echo 'This is a test' | sudo tee -a /home/ubuntu/test_dir/file1 sudo chown -R ubuntu:ubuntu /home/ubuntu/test_dir EOF +} ./coinbootmaker -p test-plugin.yaml From 49bbbb87aa6858f4eb54e8977c91a6440cda3b26 Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 03:06:33 +0200 Subject: [PATCH 18/70] Corrected indentation --- server/run_coinboot | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/server/run_coinboot b/server/run_coinboot index 6fbcb994..e759330a 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -133,20 +133,19 @@ create_test_plugin() { cd ../plugins/ - src/test-plugin.yaml <<-'EOF' - --- - plugin: Test plugin - archive_name: test-plugin - version: v0.0.1 - description: Test plugin for verification - maintainer: Gunter Miegel - source: https://github.com/frzb/coinboot - run: | - sudo mkdir /home/ubuntu/test_dir - echo 'This is a test' | sudo tee -a /home/ubuntu/test_dir/file1 - sudo chown -R ubuntu:ubuntu /home/ubuntu/test_dir - EOF -} + src/test-plugin.yaml < +source: https://github.com/frzb/coinboot +run: | + sudo mkdir /home/ubuntu/test_dir + echo 'This is a test' | sudo tee -a /home/ubuntu/test_dir/file1 + sudo chown -R ubuntu:ubuntu /home/ubuntu/test_dir +EOF ./coinbootmaker -p test-plugin.yaml From 3326c3236104d4f2f03ba54a6b711a250713f3a7 Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 03:34:57 +0200 Subject: [PATCH 19/70] Fixed wrong HEREDOC call --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index e759330a..82aede13 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -133,7 +133,7 @@ create_test_plugin() { cd ../plugins/ - src/test-plugin.yaml < src/test-plugin.yaml --- plugin: Test plugin archive_name: test-plugin From 57ac7ab32c60f3b134d57d880b5c86caa6d90282 Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 04:14:55 +0200 Subject: [PATCH 20/70] Excluded tags of prereleases and for sure get last --- coinbootmaker/coinbootmaker | 2 +- server/docker/coinboot-download-helper | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index 29e57fca..38c27d54 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -73,7 +73,7 @@ RELEASE=latest if [ $RELEASE = latest ]; then RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") sleep 5 - while ! TAG=$(echo $RESPONSE | jq -r '.[0].name'); do + while ! TAG=$(echo $RESPONSE | jq -r '[ .[].name | select(test("^pre.*") | not) ] | sort | last'); do echo "Calling the Github API has failed, repeat ..." RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") sleep 5 diff --git a/server/docker/coinboot-download-helper b/server/docker/coinboot-download-helper index 695f848e..ee30e256 100755 --- a/server/docker/coinboot-download-helper +++ b/server/docker/coinboot-download-helper @@ -33,7 +33,7 @@ GITHUB_REPO=frzb/coinboot if [ $RELEASE = latest ]; then RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") sleep 5 - while ! TAG=$(echo $RESPONSE | jq -r '.[0].name'); do + while ! TAG=$(echo $RESPONSE | jq -r '[ .[].name | select(test("^pre.*") | not) ] | sort | last'); do echo "Calling the Github API has failed, repeat ..." RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") sleep 5 From 5ca9013dc7bb4f7dfd92270851fb404cb36c0f15 Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 04:29:26 +0200 Subject: [PATCH 21/70] Added debugging for extraction of initramfs --- coinbootmaker/coinbootmaker | 1 + 1 file changed, 1 insertion(+) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index 38c27d54..ae5f0b66 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -136,6 +136,7 @@ cd $LOWER/rootfs # We have to use 'sudo' for 'cpio' else the ownership of the files in the # archive is messed up. # We just extract the nested initramfs archive +file $CACHE_DIR/$INITRAMFS zcat $CACHE_DIR/$INITRAMFS | sudo cpio -idvm "rootfs.cgz" zcat rootfs.cgz | sudo cpio -idm From 20ac482cb106ca8ff22ae7e19a0efffbb346f1dc Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 05:03:12 +0200 Subject: [PATCH 22/70] Enabled bash debugging output for coinbootmaker --- coinbootmaker/coinbootmaker | 1 + 1 file changed, 1 insertion(+) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index ae5f0b66..3d9fcce9 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -1,5 +1,6 @@ #!/bin/bash set -Eeo pipefail +set -x # Copyright (C) 2018 - 2021 Gunter Miegel coinboot.io # From f235612fef1f369faa436952592de2be7f6184eb Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 05:31:22 +0200 Subject: [PATCH 23/70] Changed from zcat to zstdcat --- coinbootmaker/coinbootmaker | 5 +++-- server/run_coinboot | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index 3d9fcce9..cc9ebfaa 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -138,8 +138,9 @@ cd $LOWER/rootfs # archive is messed up. # We just extract the nested initramfs archive file $CACHE_DIR/$INITRAMFS -zcat $CACHE_DIR/$INITRAMFS | sudo cpio -idvm "rootfs.cgz" -zcat rootfs.cgz | sudo cpio -idm +zstdcat $CACHstDIR/$INITRAMFS | sudo cpio -idvm "rootfs.czst" +ls -la +zstdcat rootfs.czst | sudo cpio -idm # The nested initramfs archive can be removed now sudo rm -v rootfs.cgz diff --git a/server/run_coinboot b/server/run_coinboot index 82aede13..a20c9fd8 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -241,7 +241,7 @@ verify_and_shutdown_over_ssh() { sudo apt-get update -sudo apt-get install --yes --no-install-recommends bridge-utils dnsmasq jq sshpass libvirt-daemon-system: virtinst qemu-system-x86 ipxe-qemu ovmf +sudo apt-get install --yes --no-install-recommends bridge-utils dnsmasq jq sshpass libvirt-daemon-system: virtinst qemu-system-x86 ipxe-qemu ovmf zstd # Enable the execution of virsh without root access # mostly used for local debugging and just for Vagrant. From b348cc313acbdf243d374c9d8006118dfa420a58 Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 14:14:39 +0200 Subject: [PATCH 24/70] Fixed cache path --- coinbootmaker/coinbootmaker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index cc9ebfaa..e30b5596 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -138,7 +138,7 @@ cd $LOWER/rootfs # archive is messed up. # We just extract the nested initramfs archive file $CACHE_DIR/$INITRAMFS -zstdcat $CACHstDIR/$INITRAMFS | sudo cpio -idvm "rootfs.czst" +zstdcat $CACHE_DIR/$INITRAMFS | sudo cpio -idvm "rootfs.czst" ls -la zstdcat rootfs.czst | sudo cpio -idm From dee1ef6c5f29f02571260597caedacba9a0fa76a Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 14:36:56 +0200 Subject: [PATCH 25/70] Changed removed rootfs file suffix --- coinbootmaker/coinbootmaker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index e30b5596..8a04d8a8 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -143,7 +143,7 @@ ls -la zstdcat rootfs.czst | sudo cpio -idm # The nested initramfs archive can be removed now -sudo rm -v rootfs.cgz +sudo rm -v rootfs.czst # Adapt nameserver settings. # resolv.conf is a symling to the systemd stub resolver which we have to delete beforehand. From 210ccc72ae4cce2c4a218d6a96026b5a2034d83f Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 15:45:33 +0200 Subject: [PATCH 26/70] Added debugging copying of plugin --- server/run_coinboot | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index a20c9fd8..1df5edbb 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -149,7 +149,10 @@ EOF ./coinbootmaker -p test-plugin.yaml - cp -v build/coinboot_test-plugin* enable/ + pwd + ls -la + + cp -v build/coinboot_test-plugin* ./enable/ popd } From b8426e94cc52b4ed31b1c10114c13594a4883ea1 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 7 Feb 2022 11:21:40 +0100 Subject: [PATCH 27/70] Add .keep files to keep empty directories in VCS --- plugins/available/.keep | 0 plugins/enable/.keep | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 plugins/available/.keep create mode 100644 plugins/enable/.keep diff --git a/plugins/available/.keep b/plugins/available/.keep new file mode 100644 index 00000000..e69de29b diff --git a/plugins/enable/.keep b/plugins/enable/.keep new file mode 100644 index 00000000..e69de29b From 71360823e609b826d252d138a69e4a6497b1f6c6 Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 28 Jan 2022 22:11:43 +0100 Subject: [PATCH 28/70] Introduce directory for enabled plugins --- README.md | 2 +- plugins/{enable => enabled}/.keep | 0 server/docker-compose.yml | 2 +- server/run_coinboot | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename plugins/{enable => enabled}/.keep (100%) diff --git a/README.md b/README.md index 5994b4a5..707b6e3e 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ The RootFS (`*initramfs*`) and Kernel (`*vmlinuz*`) you want to use are to be pl #### Plugins -Coinboot plugins should be placed into the directory `./server/plugins` +Coinboot plugins should be placed into the directory `./plugins/enabled` You can create your own plugins (see below) or pick some at: [./plugins](./plugins) diff --git a/plugins/enable/.keep b/plugins/enabled/.keep similarity index 100% rename from plugins/enable/.keep rename to plugins/enabled/.keep diff --git a/server/docker-compose.yml b/server/docker-compose.yml index 3eda67f8..0a86c2a3 100644 --- a/server/docker-compose.yml +++ b/server/docker-compose.yml @@ -20,7 +20,7 @@ services: - ./conf/dnsmasq:/etc/dnsmasq.d - ./conf/environment/:/srv/environment - ./boot:/var/lib/tftpboot - - ./plugins:/srv/plugins + - ./plugins/enabled:/srv/plugins cap_add: - NET_ADMIN - NET_BROADCAST diff --git a/server/run_coinboot b/server/run_coinboot index 1df5edbb..80297013 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -152,7 +152,7 @@ EOF pwd ls -la - cp -v build/coinboot_test-plugin* ./enable/ + cp -v build/coinboot_test-plugin* enabled/ popd } From 5de8fba60f695863f7e5e30d34516887cd747907 Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 17:20:35 +0200 Subject: [PATCH 29/70] Removed non-used environment variables --- server/run_coinboot | 2 -- 1 file changed, 2 deletions(-) diff --git a/server/run_coinboot b/server/run_coinboot index 80297013..7a96b08b 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -18,8 +18,6 @@ set -e -o pipefail # You should have received a copy of the GNU General Public License # along with this program. If not, see . -export RELEASE=$RELEASE_TAG -export VERSION='0.98 Beta' MACHINE_IP='192.168.1.10' COINBOOT_SERVER_IP=192.168.1.2/24 MACHINE_MAC_ADDRESS_BIOS='52:54:04:b9:ab:45' From 27f5a0b34aa99c7cd59ffd7f24cd32e597acdbbc Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 18:22:54 +0200 Subject: [PATCH 30/70] Set fallback to "latest" for RELEASE --- coinbootmaker/coinbootmaker | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index 8a04d8a8..73ff58c0 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -64,12 +64,9 @@ WGET='wget --retry-connrefused --waitretry=5 --read-timeout=20 --timeout=15 -t 0 CURL='curl --max-time 5 --retry-max-time 20 --retry 999' CACHE_DIR=$(readlink -f ./cache) GITHUB_REPO=frzb/coinboot -RELEASE=latest ## initramfs and kernel vmlinuz ## -# RELEASE is set via an environment variable under ./conf/environment # If the value is 'latest' we determine the latest release, else we use the set value. - - +RELEASE="${RELEASE:-latest}" if [ $RELEASE = latest ]; then RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") From eb55f83edb9b543b0959b98d70b91a772c7ccad7 Mon Sep 17 00:00:00 2001 From: gm Date: Sun, 3 Apr 2022 22:22:16 +0200 Subject: [PATCH 31/70] Added debugging for environment of coinbootmaker --- coinbootmaker/coinbootmaker | 1 + server/run_coinboot | 1 + 2 files changed, 2 insertions(+) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index 73ff58c0..627dfb7c 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -59,6 +59,7 @@ done shift $((OPTIND -1)) +env WGET='wget --retry-connrefused --waitretry=5 --read-timeout=20 --timeout=15 -t 0' CURL='curl --max-time 5 --retry-max-time 20 --retry 999' diff --git a/server/run_coinboot b/server/run_coinboot index 7a96b08b..25621981 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -127,6 +127,7 @@ build_docker_image() { } create_test_plugin() { + export $RELEASE pushd . cd ../plugins/ From 7f0690249b952ca51aefeedb07f0ea6b41a1201c Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 10:03:03 +0200 Subject: [PATCH 32/70] Disabled loading the default environment file --- .env | 1 - server/run_coinboot | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) delete mode 120000 .env diff --git a/.env b/.env deleted file mode 120000 index 11d3337e..00000000 --- a/.env +++ /dev/null @@ -1 +0,0 @@ -conf/environment/default.env \ No newline at end of file diff --git a/server/run_coinboot b/server/run_coinboot index 25621981..462a4cc9 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -127,7 +127,7 @@ build_docker_image() { } create_test_plugin() { - export $RELEASE + echo 'RELEASE is set to :' $RELEASE pushd . cd ../plugins/ @@ -293,7 +293,7 @@ fi # We also need to load the environment before calling docker-compose: # https://github.com/docker/compose/issues/3435 -export $(grep -v '^#' ./conf/environment/* | xargs) +#export $(grep -v '^#' ./conf/environment/* | xargs) # Config syntax check fails because the build environment on Ubuntu focal is # running dnsmasq 2.80 which is lacking "dhcp-ignore-clid", this feature was introduced with 2.81 From b2619d1a140447de8c4211debfcf247483fa4e9c Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 10:41:54 +0200 Subject: [PATCH 33/70] Added handling of manual set RELEASE/TAG --- coinbootmaker/coinbootmaker | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index 627dfb7c..a6633884 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -59,7 +59,7 @@ done shift $((OPTIND -1)) -env +env WGET='wget --retry-connrefused --waitretry=5 --read-timeout=20 --timeout=15 -t 0' CURL='curl --max-time 5 --retry-max-time 20 --retry 999' @@ -77,7 +77,10 @@ if [ $RELEASE = latest ]; then RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") sleep 5 done - echo "Using latest coinboot-debirf release: $TAG" + echo "Coinbootmaker is using the latest (default) Coinboot release: $TAG" +else + TAG=$RELEASE + echo "Coinbootmaker is using Coinboot release: $TAG" fi DOWNLOAD_URL=https://github.com/${GITHUB_REPO}/releases/download/${TAG} From 65ad679907604181e579b1c51f3eedf0a2a1721c Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 11:16:48 +0200 Subject: [PATCH 34/70] Corrected wording of nvram --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 462a4cc9..b62c8df7 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -183,7 +183,7 @@ wait_for_server_to_be_ready() { } cleanup_virsh_domains() { - # Domains with UEFI need to be deleted with the additional parameter --vram + # Domains with UEFI need to be deleted with the additional parameter --nvram for DOMAIN in $(sudo virsh list --all --name); do if [[ $DOMAIN == *"uefi"* ]]; then sudo virsh undefine --nvram $DOMAIN From 3b710ce2730137d778fba95dd969700723ee4395 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 12:29:01 +0200 Subject: [PATCH 35/70] Added reworked version of Coinbootmaker --- coinbootmaker/coinbootmaker | 91 ++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 41 deletions(-) diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index a6633884..5ca0740d 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -1,8 +1,7 @@ #!/bin/bash set -Eeo pipefail -set -x -# Copyright (C) 2018 - 2021 Gunter Miegel coinboot.io +# Copyright (C) 2018 - 2022 Gunter Miegel coinboot.io # # This file is part of Coinboot. # This software may be modified and distributed under the terms @@ -17,22 +16,27 @@ display_help() { echo echo 'Packaged Coinboot pluings are written to the ./builds directory' echo - echo 'Usage: coinbootmaker [-i] [-h] [-l] [-p ]' + echo 'Usage: coinbootmaker [-i] [-h] [-l] [-p ]' echo - echo '-i Interactive mode - opens a shell in the build environment' - echo '-p Plugin to build' - echo '-l List plugins available to build' - echo '-h Display this help' + echo '-i Interactive mode - opens a shell in the build environment' + echo '-p Plugin to build' + echo '-l List plugins available to build' + echo '-h Display this help' echo } list_plugins() { + echo + echo 'Available plugin build scripts' + echo pushd . > /dev/null cd src + find . -type f ! -wholename '*\/upstream*' -name "*.yaml" -printf '%P\n' + popd > /dev/null echo - find * -type f -print + echo 'Usage: ./coinbootmaker -p ' echo - popd > /dev/null + } while getopts "ip:lh" opt; do @@ -59,34 +63,30 @@ done shift $((OPTIND -1)) -env - WGET='wget --retry-connrefused --waitretry=5 --read-timeout=20 --timeout=15 -t 0' CURL='curl --max-time 5 --retry-max-time 20 --retry 999' CACHE_DIR=$(readlink -f ./cache) GITHUB_REPO=frzb/coinboot +RELEASE=latest ## initramfs and kernel vmlinuz ## +# RELEASE is set via an environment variable under ./conf/environment # If the value is 'latest' we determine the latest release, else we use the set value. -RELEASE="${RELEASE:-latest}" if [ $RELEASE = latest ]; then RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") sleep 5 - while ! TAG=$(echo $RESPONSE | jq -r '[ .[].name | select(test("^pre.*") | not) ] | sort | last'); do + while ! TAG=$(echo $RESPONSE | jq -r '[ .[].name | select(test("^pre.*") | not) ] | sort | last' ); do echo "Calling the Github API has failed, repeat ..." RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") sleep 5 done - echo "Coinbootmaker is using the latest (default) Coinboot release: $TAG" -else - TAG=$RELEASE - echo "Coinbootmaker is using Coinboot release: $TAG" + echo "Using latest Coinboot rootfs: $TAG" fi DOWNLOAD_URL=https://github.com/${GITHUB_REPO}/releases/download/${TAG} if [ -z $KERNEL ]; then - KERNEL=5.4.0-58-generic + KERNEL=5.11.0-46-generic fi INITRAMFS=coinboot-initramfs-$KERNEL @@ -95,33 +95,44 @@ $WGET $DOWNLOAD_URL/$INITRAMFS -P $CACHE_DIR fi BASEDIR=$PWD -#INITRAMFS=$(readlink -f $1) LOWER=/tmp/$(basename $INITRAMFS)_extracted_by_coinbootmaker/lower UPPER=/tmp/$(basename $INITRAMFS)_extracted_by_coinbootmaker/upper WORKING_DIRECTORY=/tmp/$(basename $INITRAMFS)_extracted_by_coinbootmaker/working_dir MERGED=/tmp/$(basename $INITRAMFS)_extracted_by_coinbootmaker/merged -while sudo runc list | grep coinbootmaker | grep running; do +# Initial Cleanup + +while sudo runc list | grep coinbootmaker | grep -q running; do echo 'Waiting for Coinbootmaker container to be stopped ...' sudo runc kill coinbootmaker KILL sleep 1 done -while sudo runc list | grep coinbootmaker | grep stopped; do +while sudo runc list | grep coinbootmaker | grep -q stopped; do echo 'Waiting for Coinbootmaker container to be cleaned up ...' sudo runc delete coinbootmaker sleep 1 done - sudo runc delete coinbootmaker || true - sudo ip link delete cbm-host || true - sudo ip netns delete coinbootmaker || true - if mountpoint $MERGED; then - sudo umount $MERGED - fi - sudo rm -rf $UPPER $LOWER $WORKING_DIRECTORY $MERGED +while sudo ip link | grep -q cbm-host; do + echo 'Waiting for Coinbootmaker network interface to be cleaned up ...' + sudo ip link delete cbm-host sleep 1 +done +while sudo ip netns | grep -q coinbootmaker; do + echo 'Waiting for Coinbootmaker network namespace to be cleaned up ...' + sudo ip netns delete coinbootmaker + sleep 1 +done + +if mountpoint -q $MERGED; then + sudo umount $MERGED +fi + +sudo rm -rf $UPPER $LOWER $WORKING_DIRECTORY $MERGED + +# End of initial Cleanup sudo mkdir -p $UPPER $LOWER $WORKING_DIRECTORY $MERGED # We create our own TMPFS. @@ -138,22 +149,20 @@ cd $LOWER/rootfs # We have to use 'sudo' for 'cpio' else the ownership of the files in the # archive is messed up. # We just extract the nested initramfs archive -file $CACHE_DIR/$INITRAMFS -zstdcat $CACHE_DIR/$INITRAMFS | sudo cpio -idvm "rootfs.czst" -ls -la -zstdcat rootfs.czst | sudo cpio -idm +zstd -d $CACHE_DIR/$INITRAMFS -c | sudo cpio -idm --quiet "rootfs.czst" +zstd -d rootfs.czst -c | sudo cpio -idm --quiet # The nested initramfs archive can be removed now -sudo rm -v rootfs.czst +sudo rm rootfs.czst # Adapt nameserver settings. # resolv.conf is a symling to the systemd stub resolver which we have to delete beforehand. sudo rm etc/resolv.conf -sudo tee etc/resolv.conf << EOF +sudo tee etc/resolv.conf << EOF 1> /dev/null nameserver 1.1.1.1 EOF -sudo tee etc/hosts << EOF +sudo tee etc/hosts << EOF 1> /dev/null 127.0.1.1 coinbootmaker EOF @@ -166,7 +175,7 @@ cd $LOWER # So we omit the jq limbo and the dependency to jq. # We use the same set of capabilities as Docker by default does. #https://github.com/moby/moby/blob/master/oci/defaults.go#L14-L30 -sudo tee ./config.json << EOF +sudo tee ./config.json << EOF 1> /dev/null { "ociVersion": "1.0.0", "process": { @@ -443,7 +452,7 @@ sudo runc run -d coinbootmaker # This commands can only be executed if the container is already running. # So let's wait until it is ready. -while ! sudo runc list | grep coinbootmaker; do +while ! sudo runc list | grep -q coinbootmaker; do echo 'Waiting for Coinbootmaker container...' sleep 1 done @@ -468,7 +477,7 @@ fi # Cleanup sudo runc kill coinbootmaker KILL -while ! sudo runc list | grep coinbootmaker | grep stopped; do +while ! sudo runc list | grep coinbootmaker | grep -q stopped; do echo 'Waiting for Coinbootmaker container to be stopped ...' sleep 1 done @@ -478,7 +487,7 @@ sudo runc delete coinbootmaker sudo ip link delete cbm-host sudo ip netns delete coinbootmaker -echo "Cleaning up directories" +echo "Cleaning up temporary working directories ..." cd $BASEDIR -sudo umount -v $MERGED -sudo rm -rf $UPPER $LOWER $WORKING_DIRECTORY $MERGED +sudo umount --quiet $MERGED +sudo rm -rf $BASEDIR/plugin $UPPER $LOWER $WORKING_DIRECTORY $MERGED From 99b01328e5ad1ba93f993c15f2d7802d53e2a004 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 12:31:32 +0200 Subject: [PATCH 36/70] Added debugging of /init2 stage --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index b62c8df7..063a2bb4 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -229,7 +229,7 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && ls -la /home/ubuntu/*"; do + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && ls -la /home/ubuntu/*"; do echo 'Waiting for SSH login to succeed...' sleep 10 done From 3b4337319f849503c63e79a8d2bb7ca86d1a2f86 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 13:07:02 +0200 Subject: [PATCH 37/70] Added debugging of provided plugins --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 063a2bb4..03ad212a 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -229,7 +229,7 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && ls -la /home/ubuntu/*"; do + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && curl http://192.168.1.1/plugins/ && ls -la /home/ubuntu/*"; do echo 'Waiting for SSH login to succeed...' sleep 10 done From 18a876bca5ab4992e6a5fd49015cb365259278ae Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 13:21:02 +0200 Subject: [PATCH 38/70] Used proper IP of server --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 03ad212a..d7e73e8c 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -229,7 +229,7 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && curl http://192.168.1.1/plugins/ && ls -la /home/ubuntu/*"; do + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && curl http://192.168.1.2/plugins/ && ls -la /home/ubuntu/*"; do echo 'Waiting for SSH login to succeed...' sleep 10 done From 4fbaddad4a3323ce33b944f491ebb63452b8d1cd Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 14:02:14 +0200 Subject: [PATCH 39/70] Put curl ouput to stdout for debugging --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index d7e73e8c..073c2879 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -229,7 +229,7 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && curl http://192.168.1.2/plugins/ && ls -la /home/ubuntu/*"; do + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && curl http://192.168.1.2/plugins/ --stderr - && ls -la /home/ubuntu/*"; do echo 'Waiting for SSH login to succeed...' sleep 10 done From ec81d924782116b53823367238747d74361a3545 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 14:34:12 +0200 Subject: [PATCH 40/70] Write output of curl to file for plugin debugging --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 073c2879..8cfabeca 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -229,7 +229,7 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && curl http://192.168.1.2/plugins/ --stderr - && ls -la /home/ubuntu/*"; do + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && curl http://192.168.1.2/plugins/ -o /tmp/foo && cat /tmp/foo && ls -la /home/ubuntu/*"; do echo 'Waiting for SSH login to succeed...' sleep 10 done From 64c6ed93c987c2c9d459ad56d585ca30d728eac8 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 18:40:02 +0200 Subject: [PATCH 41/70] Add interactive debugging access --- .github/workflows/build_and_run.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 024e8600..af085295 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -77,6 +77,11 @@ jobs: # run: https://raw.githubusercontent.com/frzb/coinboot/"${GITHUB_REF##*/}"/setup_coinboot_requirements | bash run: ./setup_coinboot_requirements + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + - name: Run Coinboot server and boot workers env: KERNEL: "5.11.0-46-generic" From 4f87a9e185b1cde0ef356a22535f46283e5c0a76 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 19:05:22 +0200 Subject: [PATCH 42/70] Change execution order for interactive debugging --- .github/workflows/build_and_run.yaml | 9 +++++---- server/run_coinboot | 8 ++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index af085295..750644b4 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -77,10 +77,6 @@ jobs: # run: https://raw.githubusercontent.com/frzb/coinboot/"${GITHUB_REF##*/}"/setup_coinboot_requirements | bash run: ./setup_coinboot_requirements - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - with: - limit-access-to-actor: true - name: Run Coinboot server and boot workers env: @@ -92,6 +88,11 @@ jobs: export RELEASE=$PRE_RELEASE_TAG ./server/run_coinboot + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + - name: Download build artifact uses: actions/download-artifact@v2 with: diff --git a/server/run_coinboot b/server/run_coinboot index 8cfabeca..83b88e82 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -311,11 +311,11 @@ cleanup_virsh_domains run_with_libvirt_bios -verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_BIOS +#verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_BIOS -run_with_libvirt_uefi +#run_with_libvirt_uefi -verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_UEFI +#verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_UEFI -cleanup_virsh_domains +#cleanup_virsh_domains From 0ef7686f687bc5b1b192f0882093848a8849f394 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 21:09:17 +0200 Subject: [PATCH 43/70] Added corrected path for enabled plugins directory --- .github/workflows/build_and_run.yaml | 8 ++++---- server/docker-compose.yml | 2 +- server/plugins | 1 + server/plugins/.keep | 0 4 files changed, 6 insertions(+), 5 deletions(-) create mode 120000 server/plugins delete mode 100644 server/plugins/.keep diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 750644b4..2b386c40 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -88,10 +88,10 @@ jobs: export RELEASE=$PRE_RELEASE_TAG ./server/run_coinboot - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - with: - limit-access-to-actor: true + #- name: Setup tmate session + # uses: mxschmitt/action-tmate@v3 + # with: + # limit-access-to-actor: true - name: Download build artifact uses: actions/download-artifact@v2 diff --git a/server/docker-compose.yml b/server/docker-compose.yml index 0a86c2a3..3eda67f8 100644 --- a/server/docker-compose.yml +++ b/server/docker-compose.yml @@ -20,7 +20,7 @@ services: - ./conf/dnsmasq:/etc/dnsmasq.d - ./conf/environment/:/srv/environment - ./boot:/var/lib/tftpboot - - ./plugins/enabled:/srv/plugins + - ./plugins:/srv/plugins cap_add: - NET_ADMIN - NET_BROADCAST diff --git a/server/plugins b/server/plugins new file mode 120000 index 00000000..97a06e50 --- /dev/null +++ b/server/plugins @@ -0,0 +1 @@ +../plugins/enabled \ No newline at end of file diff --git a/server/plugins/.keep b/server/plugins/.keep deleted file mode 100644 index e69de29b..00000000 From d36de06e213ad4b343faaa627948a8f82abbec7c Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 21:36:30 +0200 Subject: [PATCH 44/70] Re-enable steps skipped for debugging --- server/run_coinboot | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/server/run_coinboot b/server/run_coinboot index 83b88e82..396e2c70 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -311,11 +311,10 @@ cleanup_virsh_domains run_with_libvirt_bios -#verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_BIOS +verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_BIOS -#run_with_libvirt_uefi +run_with_libvirt_uefi -#verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_UEFI - -#cleanup_virsh_domains +verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_UEFI +cleanup_virsh_domains From 426c1d26b5ff583f1bfcfc0eec9e0d5baf94bd01 Mon Sep 17 00:00:00 2001 From: gm Date: Mon, 4 Apr 2022 22:42:24 +0200 Subject: [PATCH 45/70] Added ownership tests for test plugin --- debirf/build_and_run_images | 1 - server/run_coinboot | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debirf/build_and_run_images b/debirf/build_and_run_images index 62defa7a..f5203655 100755 --- a/debirf/build_and_run_images +++ b/debirf/build_and_run_images @@ -1,6 +1,5 @@ #!/bin/bash set -e -o pipefail -set -x # Copyright (C) 2019 Gunter Miegel coinboot.io # diff --git a/server/run_coinboot b/server/run_coinboot index 396e2c70..3884c558 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -1,5 +1,6 @@ #!/bin/bash set -e -o pipefail +set -x # Copyright (C) 2019-2020 Gunter Miegel coinboot.io # @@ -229,7 +230,7 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && cat /init2 && curl http://192.168.1.2/plugins/ -o /tmp/foo && cat /tmp/foo && ls -la /home/ubuntu/*"; do + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && [[ $(stat --format '%U':'%G' /home/ubuntu/test_dir/file1) = 'ubuntu:ubuntu' ]] && [[ $(stat --format '%U':'%G' /home/ubuntu/test_dir/file1) = 'ubuntu:ubuntu' ]] echo 'Waiting for SSH login to succeed...' sleep 10 done From 40d50b51c54fa66052e22707855b93185f8b622d Mon Sep 17 00:00:00 2001 From: gm Date: Tue, 5 Apr 2022 03:30:04 +0200 Subject: [PATCH 46/70] Reorder steps --- .github/workflows/build_and_run.yaml | 13 +++++-------- server/run_coinboot | 2 +- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 2b386c40..087ba320 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -70,14 +70,15 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v2 - - name: Download build artifacts + + - name: Download build artifact uses: actions/download-artifact@v2 + with: + path: debirf/build + - name: Set up Coinboot requirements - shell: bash - # run: https://raw.githubusercontent.com/frzb/coinboot/"${GITHUB_REF##*/}"/setup_coinboot_requirements | bash run: ./setup_coinboot_requirements - - name: Run Coinboot server and boot workers env: KERNEL: "5.11.0-46-generic" @@ -93,10 +94,6 @@ jobs: # with: # limit-access-to-actor: true - - name: Download build artifact - uses: actions/download-artifact@v2 - with: - path: debirf/build - name: Create release on main or develop # Release on develop keeps the type pre-release diff --git a/server/run_coinboot b/server/run_coinboot index 3884c558..873a25ab 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -155,7 +155,7 @@ EOF cp -v build/coinboot_test-plugin* enabled/ popd - } +} up_docker_compose() { docker-compose up -d From 0ea3864f2cf0a4b73e8fa307ed033c0ede3df618 Mon Sep 17 00:00:00 2001 From: gm Date: Tue, 5 Apr 2022 03:53:41 +0200 Subject: [PATCH 47/70] Fixed while syntax of test command line --- server/run_coinboot | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/run_coinboot b/server/run_coinboot index 873a25ab..18e14352 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -230,9 +230,9 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && [[ $(stat --format '%U':'%G' /home/ubuntu/test_dir/file1) = 'ubuntu:ubuntu' ]] && [[ $(stat --format '%U':'%G' /home/ubuntu/test_dir/file1) = 'ubuntu:ubuntu' ]] + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && [[ $(stat --format '%U':'%G' /home/ubuntu/test_dir/file1) = 'ubuntu:ubuntu' ]] && [[ $(stat --format '%U':'%G' /home/ubuntu/test_dir/file1) = 'ubuntu:ubuntu' ]]"; do echo 'Waiting for SSH login to succeed...' - sleep 10 + sleep 10 done DOMAIN=$(sudo virsh list --name) From 5e0e7f8e0994ccc4fd614aed4390459d130fdfff Mon Sep 17 00:00:00 2001 From: gm Date: Tue, 5 Apr 2022 04:29:12 +0200 Subject: [PATCH 48/70] Corrected quoting --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 18e14352..6a5237e8 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -230,7 +230,7 @@ verify_and_shutdown_over_ssh() { done # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP "cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && [[ $(stat --format '%U':'%G' /home/ubuntu/test_dir/file1) = 'ubuntu:ubuntu' ]] && [[ $(stat --format '%U':'%G' /home/ubuntu/test_dir/file1) = 'ubuntu:ubuntu' ]]"; do + while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP 'cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && [[ \$(stat --format "%U":"%G" /home/ubuntu/test_dir/file1) = "ubuntu:ubuntu" ]] && [[ \$(stat --format "%U":"%G" /home/ubuntu/test_dir/file1) = "ubuntu:ubuntu" ]]'; do echo 'Waiting for SSH login to succeed...' sleep 10 done From 67eb8a1f0fef79a90e6e41ae1d19264216f140b3 Mon Sep 17 00:00:00 2001 From: gm Date: Tue, 5 Apr 2022 23:15:46 +0200 Subject: [PATCH 49/70] Set up Ruby via GitHub Actions --- .github/workflows/build_and_run.yaml | 7 +++++++ server/test/Gemfile | 4 ++++ 2 files changed, 11 insertions(+) create mode 100644 server/test/Gemfile diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 087ba320..794fe876 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -76,6 +76,13 @@ jobs: with: path: debirf/build + - name: Setup Ruby and InSpec/Cinc-Auditor + - uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.1 + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + working-dir server + - name: Set up Coinboot requirements run: ./setup_coinboot_requirements diff --git a/server/test/Gemfile b/server/test/Gemfile new file mode 100644 index 00000000..fdf4bd66 --- /dev/null +++ b/server/test/Gemfile @@ -0,0 +1,4 @@ +source "https://rubygems.org" +source "https://packagecloud.io/cinc-project/stable" do + gem "cinc-auditor-bin" , '~> 5.10' +end From 1979a7330aaa85c8c8deb5e8091042cd0cc832ee Mon Sep 17 00:00:00 2001 From: gm Date: Tue, 5 Apr 2022 23:57:55 +0200 Subject: [PATCH 50/70] Corrected indentation and syntax --- .github/workflows/build_and_run.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 794fe876..710458e4 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -76,12 +76,12 @@ jobs: with: path: debirf/build - - name: Setup Ruby and InSpec/Cinc-Auditor - - uses: ruby/setup-ruby@v1 - with: - ruby-version: 3.1 - bundler-cache: true # runs 'bundle install' and caches installed gems automatically - working-dir server + - name: Setup Ruby and InSpec/Cinc-Auditor + uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.1 + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + working-dir: server - name: Set up Coinboot requirements run: ./setup_coinboot_requirements From 62ef989355a71587968933813fd8aa9fda763ccf Mon Sep 17 00:00:00 2001 From: gm Date: Wed, 6 Apr 2022 00:23:39 +0200 Subject: [PATCH 51/70] Corrected wording --- .github/workflows/build_and_run.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 710458e4..722b7cb5 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -81,7 +81,7 @@ jobs: with: ruby-version: 3.1 bundler-cache: true # runs 'bundle install' and caches installed gems automatically - working-dir: server + working-directory: server - name: Set up Coinboot requirements run: ./setup_coinboot_requirements From d96debdfc1caa1e0bd37f6478d32d45f0d2d925a Mon Sep 17 00:00:00 2001 From: gm Date: Wed, 6 Apr 2022 00:50:01 +0200 Subject: [PATCH 52/70] Switched working-directory to server/test --- .github/workflows/build_and_run.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 722b7cb5..39a11aad 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -81,7 +81,7 @@ jobs: with: ruby-version: 3.1 bundler-cache: true # runs 'bundle install' and caches installed gems automatically - working-directory: server + working-directory: server/test - name: Set up Coinboot requirements run: ./setup_coinboot_requirements From d46102287279c522c0ca96a6ef44975c0c3f50ce Mon Sep 17 00:00:00 2001 From: gm Date: Wed, 6 Apr 2022 21:22:50 +0200 Subject: [PATCH 53/70] Switch over to InSpec tests --- server/run_coinboot | 13 ++++++----- server/test/coinboot_node_spec.rb | 37 +++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 5 deletions(-) create mode 100644 server/test/coinboot_node_spec.rb diff --git a/server/run_coinboot b/server/run_coinboot index 6a5237e8..59a5053b 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -229,11 +229,14 @@ verify_and_shutdown_over_ssh() { echo "Waiting $COUNTER second(s) for Coinboot machine to listen on port 22/SSH ..." done - # FIXME: RELEASE does not expanse to date string when 'latest' is specified - while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP 'cat /etc/motd && lsb_release -a && uname -a && df -m && free -m && zramctl && [[ \$(stat --format "%U":"%G" /home/ubuntu/test_dir/file1) = "ubuntu:ubuntu" ]] && [[ \$(stat --format "%U":"%G" /home/ubuntu/test_dir/file1) = "ubuntu:ubuntu" ]]'; do - echo 'Waiting for SSH login to succeed...' - sleep 10 - done + #while ! sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP; do + # echo 'Waiting for SSH login to succeed...' + # sleep 10 + #done + + # FIXME: RELEASE does not expanse to date string when 'latest' is specified + #sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP + cinc-auditor exec test/coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" DOMAIN=$(sudo virsh list --name) sudo virsh destroy $DOMAIN diff --git a/server/test/coinboot_node_spec.rb b/server/test/coinboot_node_spec.rb new file mode 100644 index 00000000..2a812a44 --- /dev/null +++ b/server/test/coinboot_node_spec.rb @@ -0,0 +1,37 @@ +control "coinboot-node-1" do + impact 1.0 + title "Coinboot node tests" + desc "Baseline testing for Coinbot node functionality" + + describe directory('/home/ubuntu/test_dir') do + its('property') { should cmp 'value' } + its('owner') { should eq 'ubuntu' } + its('group') { should eq 'ubuntu' } + end + + describe file('/home/ubuntu/test_dir/file') do + its('property') { should cmp 'value' } + its('owner') { should eq 'ubuntu' } + its('group') { should eq 'ubuntu' } + its('content') { should match 'This is a test' } + end + + describe command('lsb_release -d') do + it { should exist } + its('exit_status') { should eq 0 } + its('stdout') { should include 'Description: Ubuntu 20.04.4 LTS' } + end + + describe command('uname -r') do + it { should exist } + its('exit_status') { should eq 0 } + its('stdout') { should include '5.11.0-46-generic' } + end + + describe command('zramctl') do + it { should exist } + its('exit_status') { should eq 0 } + its('stdout') { should include '/dev/zram0' } + end + +end From 5145bca5f5a7424d9a3a569d6c5ddd01ff3fa27f Mon Sep 17 00:00:00 2001 From: gm Date: Wed, 6 Apr 2022 22:03:03 +0200 Subject: [PATCH 54/70] Debug cinc-auditor install --- .github/workflows/build_and_run.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 39a11aad..5ac4e8d4 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -86,6 +86,11 @@ jobs: - name: Set up Coinboot requirements run: ./setup_coinboot_requirements + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + - name: Run Coinboot server and boot workers env: KERNEL: "5.11.0-46-generic" @@ -96,12 +101,6 @@ jobs: export RELEASE=$PRE_RELEASE_TAG ./server/run_coinboot - #- name: Setup tmate session - # uses: mxschmitt/action-tmate@v3 - # with: - # limit-access-to-actor: true - - - name: Create release on main or develop # Release on develop keeps the type pre-release if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' From 6440f51f2e83a76ff84de0924a0603304b6026ad Mon Sep 17 00:00:00 2001 From: gm Date: Wed, 6 Apr 2022 22:30:39 +0200 Subject: [PATCH 55/70] Rn cinc-auditor with bundler --- .github/workflows/build_and_run.yaml | 9 ++++----- server/run_coinboot | 3 ++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 5ac4e8d4..12d5c085 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -86,11 +86,10 @@ jobs: - name: Set up Coinboot requirements run: ./setup_coinboot_requirements - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - with: - limit-access-to-actor: true - + #- name: Setup tmate session + # uses: mxschmitt/action-tmate@v3 + # with: + # limit-access-to-actor: true - name: Run Coinboot server and boot workers env: KERNEL: "5.11.0-46-generic" diff --git a/server/run_coinboot b/server/run_coinboot index 59a5053b..51a2d534 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -236,7 +236,8 @@ verify_and_shutdown_over_ssh() { # FIXME: RELEASE does not expanse to date string when 'latest' is specified #sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP - cinc-auditor exec test/coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" + cd test + bundle exec cinc-auditor exec coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" DOMAIN=$(sudo virsh list --name) sudo virsh destroy $DOMAIN From 426ab5a1289ff5ce342709c24517b1074c5c5902 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 7 Apr 2022 05:26:35 +0200 Subject: [PATCH 56/70] Refined tests --- server/test/coinboot_node_spec.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/server/test/coinboot_node_spec.rb b/server/test/coinboot_node_spec.rb index 2a812a44..c28a2eb6 100644 --- a/server/test/coinboot_node_spec.rb +++ b/server/test/coinboot_node_spec.rb @@ -4,32 +4,27 @@ desc "Baseline testing for Coinbot node functionality" describe directory('/home/ubuntu/test_dir') do - its('property') { should cmp 'value' } its('owner') { should eq 'ubuntu' } its('group') { should eq 'ubuntu' } end describe file('/home/ubuntu/test_dir/file') do - its('property') { should cmp 'value' } its('owner') { should eq 'ubuntu' } its('group') { should eq 'ubuntu' } its('content') { should match 'This is a test' } end describe command('lsb_release -d') do - it { should exist } its('exit_status') { should eq 0 } its('stdout') { should include 'Description: Ubuntu 20.04.4 LTS' } end describe command('uname -r') do - it { should exist } its('exit_status') { should eq 0 } its('stdout') { should include '5.11.0-46-generic' } end describe command('zramctl') do - it { should exist } its('exit_status') { should eq 0 } its('stdout') { should include '/dev/zram0' } end From d9a7aed31caaa01ef2a3310b310f3babf0b6dd37 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 7 Apr 2022 09:27:21 +0200 Subject: [PATCH 57/70] Restructure tests, cookstlye linter suggestions --- server/test/coinboot_node_spec.rb | 34 +++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/server/test/coinboot_node_spec.rb b/server/test/coinboot_node_spec.rb index c28a2eb6..961d0795 100644 --- a/server/test/coinboot_node_spec.rb +++ b/server/test/coinboot_node_spec.rb @@ -1,7 +1,8 @@ -control "coinboot-node-1" do +# Please always use the cookstyle linter +control 'coinboot-plugin' do impact 1.0 - title "Coinboot node tests" - desc "Baseline testing for Coinbot node functionality" + title 'Coinboot node tests' + desc 'Baseline testing for Coinbot node functionality' describe directory('/home/ubuntu/test_dir') do its('owner') { should eq 'ubuntu' } @@ -13,20 +14,37 @@ its('group') { should eq 'ubuntu' } its('content') { should match 'This is a test' } end +end - describe command('lsb_release -d') do - its('exit_status') { should eq 0 } - its('stdout') { should include 'Description: Ubuntu 20.04.4 LTS' } - end +control 'coinboot-kernel' do + impact 1.0 + title 'Coinboot node Kernel version' + desc 'Verify the Kernel version running on the Coinboot worker node' describe command('uname -r') do its('exit_status') { should eq 0 } its('stdout') { should include '5.11.0-46-generic' } end +end + +control 'coinboot-distribution' do + impact 1.0 + title 'Coinboot node Distribution release' + desc 'Verify the distribution release running on the Coinboot worker node' + + describe command('lsb_release -d') do + its('exit_status') { should eq 0 } + its('stdout') { should include 'Description: Ubuntu 20.04.4 LTS' } + end +end + +control 'coinboot-zram' do + impact 1.0 + title 'Coinboot node ZRAM RAM Compresssion' + desc 'Verify the ZSTD compressed ramdrive used for the RootFS' describe command('zramctl') do its('exit_status') { should eq 0 } its('stdout') { should include '/dev/zram0' } end - end From c7474f5b2bf0aa5e5647b26990394eea46b3bb13 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 7 Apr 2022 11:18:48 +0200 Subject: [PATCH 58/70] Added test for Coinboot server plugin endpoint --- server/test/coinboot_node_spec.rb | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/server/test/coinboot_node_spec.rb b/server/test/coinboot_node_spec.rb index 961d0795..b6296719 100644 --- a/server/test/coinboot_node_spec.rb +++ b/server/test/coinboot_node_spec.rb @@ -1,8 +1,19 @@ # Please always use the cookstyle linter +control 'coinboot-plugin-endpoint' do + impact 1.0 + title 'Coinboot server plugin HTTP endpoint' + desc 'Verify the Coinboot server plugin HTTP endpoint is available' + + describe http('http://192.168.1.2/plugins') do + its('status') { should cmp 200 } + its('body') { should cmp 'test-plugin' } + end +end + control 'coinboot-plugin' do impact 1.0 - title 'Coinboot node tests' - desc 'Baseline testing for Coinbot node functionality' + title 'Coinboot node plugin file structure' + desc 'Verify plugin file structure on the Coinboot worker node' describe directory('/home/ubuntu/test_dir') do its('owner') { should eq 'ubuntu' } From 33d51673f245ecfa2df077ca4a024f616e3c9ed0 Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 7 Apr 2022 12:27:23 +0200 Subject: [PATCH 59/70] Add missing trailing / on plugins URL --- server/test/coinboot_node_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/test/coinboot_node_spec.rb b/server/test/coinboot_node_spec.rb index b6296719..288c3f4b 100644 --- a/server/test/coinboot_node_spec.rb +++ b/server/test/coinboot_node_spec.rb @@ -4,7 +4,7 @@ title 'Coinboot server plugin HTTP endpoint' desc 'Verify the Coinboot server plugin HTTP endpoint is available' - describe http('http://192.168.1.2/plugins') do + describe http('http://192.168.1.2/plugins/') do its('status') { should cmp 200 } its('body') { should cmp 'test-plugin' } end From aa0b906068c47410ce0918ce9e4b5a80a37ef7ac Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 7 Apr 2022 13:00:50 +0200 Subject: [PATCH 60/70] Replace matcher and value for plugin body check --- server/test/coinboot_node_spec.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/server/test/coinboot_node_spec.rb b/server/test/coinboot_node_spec.rb index 288c3f4b..92565e71 100644 --- a/server/test/coinboot_node_spec.rb +++ b/server/test/coinboot_node_spec.rb @@ -6,10 +6,9 @@ describe http('http://192.168.1.2/plugins/') do its('status') { should cmp 200 } - its('body') { should cmp 'test-plugin' } + its('body') { should include 'coinboot_test-plugin_v0.0.1' } end end - control 'coinboot-plugin' do impact 1.0 title 'Coinboot node plugin file structure' From cb2fa3f9eb4ce4f4abae39913451c63309ff8cae Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 7 Apr 2022 18:51:33 +0200 Subject: [PATCH 61/70] Debug plugin deployment --- .github/workflows/build_and_run.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 12d5c085..5ac4e8d4 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -86,10 +86,11 @@ jobs: - name: Set up Coinboot requirements run: ./setup_coinboot_requirements - #- name: Setup tmate session - # uses: mxschmitt/action-tmate@v3 - # with: - # limit-access-to-actor: true + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + - name: Run Coinboot server and boot workers env: KERNEL: "5.11.0-46-generic" From f07df13f8a1ded742801951760abcd388ee2d96e Mon Sep 17 00:00:00 2001 From: gm Date: Thu, 7 Apr 2022 19:26:18 +0200 Subject: [PATCH 62/70] Keep node running for debugging --- .github/workflows/build_and_run.yaml | 10 +++++----- server/run_coinboot | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 5ac4e8d4..45cacee2 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -86,11 +86,6 @@ jobs: - name: Set up Coinboot requirements run: ./setup_coinboot_requirements - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - with: - limit-access-to-actor: true - - name: Run Coinboot server and boot workers env: KERNEL: "5.11.0-46-generic" @@ -101,6 +96,11 @@ jobs: export RELEASE=$PRE_RELEASE_TAG ./server/run_coinboot + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + with: + limit-access-to-actor: true + - name: Create release on main or develop # Release on develop keeps the type pre-release if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' diff --git a/server/run_coinboot b/server/run_coinboot index 51a2d534..fd21535d 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -316,10 +316,10 @@ cleanup_virsh_domains run_with_libvirt_bios -verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_BIOS +#verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_BIOS -run_with_libvirt_uefi +#run_with_libvirt_uefi -verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_UEFI +#verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_UEFI -cleanup_virsh_domains +#cleanup_virsh_domains From 8c4c8bdd5deb71abf45def89683add6c25af6130 Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 8 Apr 2022 08:23:48 +0200 Subject: [PATCH 63/70] Improved RELEASE variable handling for Coinbootmaker --- .github/workflows/build_and_run.yaml | 8 ++++---- coinbootmaker/coinbootmaker | 13 ++++++++----- server/run_coinboot | 8 ++++---- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build_and_run.yaml b/.github/workflows/build_and_run.yaml index 45cacee2..ff5c53b9 100644 --- a/.github/workflows/build_and_run.yaml +++ b/.github/workflows/build_and_run.yaml @@ -96,10 +96,10 @@ jobs: export RELEASE=$PRE_RELEASE_TAG ./server/run_coinboot - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - with: - limit-access-to-actor: true + #- name: Setup tmate session + # uses: mxschmitt/action-tmate@v3 + # with: + # limit-access-to-actor: true - name: Create release on main or develop # Release on develop keeps the type pre-release diff --git a/coinbootmaker/coinbootmaker b/coinbootmaker/coinbootmaker index 5ca0740d..120d5029 100755 --- a/coinbootmaker/coinbootmaker +++ b/coinbootmaker/coinbootmaker @@ -67,7 +67,7 @@ WGET='wget --retry-connrefused --waitretry=5 --read-timeout=20 --timeout=15 -t 0 CURL='curl --max-time 5 --retry-max-time 20 --retry 999' CACHE_DIR=$(readlink -f ./cache) GITHUB_REPO=frzb/coinboot -RELEASE=latest +RELEASE=${RELEASE:-latest} ## initramfs and kernel vmlinuz ## # RELEASE is set via an environment variable under ./conf/environment # If the value is 'latest' we determine the latest release, else we use the set value. @@ -75,12 +75,15 @@ RELEASE=latest if [ $RELEASE = latest ]; then RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") sleep 5 - while ! TAG=$(echo $RESPONSE | jq -r '[ .[].name | select(test("^pre.*") | not) ] | sort | last' ); do + while ! TAG=$(echo $RESPONSE | jq -r '[ .[].name | select(test("^pre.*") | not) ] | sort | last'); do echo "Calling the Github API has failed, repeat ..." RESPONSE=$($CURL --silent "https://api.github.com/repos/${GITHUB_REPO}/tags") - sleep 5 - done - echo "Using latest Coinboot rootfs: $TAG" + sleep 5 + done + echo "Coinbootmaker is using the latest (default) Coinboot release: $TAG" +else + TAG=$RELEASE + echo "Coinbootmaker is using Coinboot release: $TAG" fi DOWNLOAD_URL=https://github.com/${GITHUB_REPO}/releases/download/${TAG} diff --git a/server/run_coinboot b/server/run_coinboot index fd21535d..51a2d534 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -316,10 +316,10 @@ cleanup_virsh_domains run_with_libvirt_bios -#verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_BIOS +verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_BIOS -#run_with_libvirt_uefi +run_with_libvirt_uefi -#verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_UEFI +verify_and_shutdown_over_ssh $MACHINE_MAC_ADDRESS_UEFI -#cleanup_virsh_domains +cleanup_virsh_domains From 0e85a2b6cbd8babfbd7ef56a8c48b1efeb397c46 Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 8 Apr 2022 09:14:03 +0200 Subject: [PATCH 64/70] Corrected file name in test --- server/test/coinboot_node_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/test/coinboot_node_spec.rb b/server/test/coinboot_node_spec.rb index 92565e71..e843653d 100644 --- a/server/test/coinboot_node_spec.rb +++ b/server/test/coinboot_node_spec.rb @@ -19,7 +19,7 @@ its('group') { should eq 'ubuntu' } end - describe file('/home/ubuntu/test_dir/file') do + describe file('/home/ubuntu/test_dir/file1') do its('owner') { should eq 'ubuntu' } its('group') { should eq 'ubuntu' } its('content') { should match 'This is a test' } From e4486b08e375a09f0fc5c015aec8c59b38658d23 Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 8 Apr 2022 20:50:44 +0200 Subject: [PATCH 65/70] Debug pwd before entering test directory --- server/run_coinboot | 1 + 1 file changed, 1 insertion(+) diff --git a/server/run_coinboot b/server/run_coinboot index 51a2d534..ebf16914 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -236,6 +236,7 @@ verify_and_shutdown_over_ssh() { # FIXME: RELEASE does not expanse to date string when 'latest' is specified #sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP + pwd cd test bundle exec cinc-auditor exec coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" From b6aee4ed3b0359f748195226cbaa9e670c50f601 Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 8 Apr 2022 21:28:06 +0200 Subject: [PATCH 66/70] Remove cd into test directory --- server/run_coinboot | 1 - 1 file changed, 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index ebf16914..e8ae953e 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -237,7 +237,6 @@ verify_and_shutdown_over_ssh() { # FIXME: RELEASE does not expanse to date string when 'latest' is specified #sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP pwd - cd test bundle exec cinc-auditor exec coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" DOMAIN=$(sudo virsh list --name) From 7d4c338ddd53c87e1dff18673972ba057d67f912 Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 8 Apr 2022 21:56:25 +0200 Subject: [PATCH 67/70] Further debugging of entering the bundle context --- server/run_coinboot | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/run_coinboot b/server/run_coinboot index e8ae953e..2f4bbc77 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -237,6 +237,8 @@ verify_and_shutdown_over_ssh() { # FIXME: RELEASE does not expanse to date string when 'latest' is specified #sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP pwd + cd test + pwd bundle exec cinc-auditor exec coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" DOMAIN=$(sudo virsh list --name) From 03974c957fb24d0eba10cd16ac6008dd26840004 Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 8 Apr 2022 22:28:30 +0200 Subject: [PATCH 68/70] Use ./test to not trigger the command test --- server/run_coinboot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 2f4bbc77..228989f7 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -237,7 +237,7 @@ verify_and_shutdown_over_ssh() { # FIXME: RELEASE does not expanse to date string when 'latest' is specified #sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP pwd - cd test + cd ./test pwd bundle exec cinc-auditor exec coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" From 883910d6f2c8d0739f423b9e95f8c2b29d29e61a Mon Sep 17 00:00:00 2001 From: gm Date: Fri, 8 Apr 2022 23:14:32 +0200 Subject: [PATCH 69/70] Slow down for debugging --- server/run_coinboot | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/run_coinboot b/server/run_coinboot index 228989f7..a3b9d9e3 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -236,9 +236,12 @@ verify_and_shutdown_over_ssh() { # FIXME: RELEASE does not expanse to date string when 'latest' is specified #sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP - pwd + pwd + sleep 10 cd ./test + sleep 10 pwd + sleep 10 bundle exec cinc-auditor exec coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" DOMAIN=$(sudo virsh list --name) From 97c848e538f816001afb907d3bda58fccfb8cb6a Mon Sep 17 00:00:00 2001 From: gm Date: Sat, 9 Apr 2022 02:29:06 +0200 Subject: [PATCH 70/70] Enter and leave test directory after inspec run --- server/run_coinboot | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/server/run_coinboot b/server/run_coinboot index a3b9d9e3..ed4aeecb 100755 --- a/server/run_coinboot +++ b/server/run_coinboot @@ -1,6 +1,5 @@ #!/bin/bash set -e -o pipefail -set -x # Copyright (C) 2019-2020 Gunter Miegel coinboot.io # @@ -236,13 +235,10 @@ verify_and_shutdown_over_ssh() { # FIXME: RELEASE does not expanse to date string when 'latest' is specified #sshpass -p ubuntu ssh -o StrictHostKeyChecking=no -l ubuntu -p 22 $MACHINE_IP - pwd - sleep 10 + pushd . cd ./test - sleep 10 - pwd - sleep 10 bundle exec cinc-auditor exec coinboot_node_spec.rb --user ubuntu --password ubuntu -t ssh://"${MACHINE_IP}" + popd DOMAIN=$(sudo virsh list --name) sudo virsh destroy $DOMAIN