* package_manager: support for signed DEB package feeds
@ 2022-04-03 19:50 Ferry Toth
2022-04-03 19:50 ` [PATCH v2 0/3] *** SUBJECT HERE *** Ferry Toth
` (3 more replies)
0 siblings, 4 replies; 23+ messages in thread
From: Ferry Toth @ 2022-04-03 19:50 UTC (permalink / raw)
To: openembedded-core; +Cc: Richard Purdie, Xavier Berger, Alexander Kanavin
[PATCH v2 0/3] package_manager: support for signed DEB package feeds
[PATCH v2 1/3] gpg-sign: Add parameters to gpg signature function
[PATCH v2 2/3] package_manager: sign DEB package feeds
[PATCH v2 3/3] apt: add apt selftest to test signed package feeds
Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
Currently when building images this requirement is worked around by using [allow-insecure=yes] and
equivalently when performing selftest.
Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign deb package feeds"
enable signed deb package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
management. To be able to install the key the gnupg package is added to the testimage.
These patches makes deb a first class citizen as ipk and rpm.
Patches have been in use in meta-intel-edison since Gatesgarth,
see https://edison-fw.github.io/meta-intel-edison/5.0-Creating-a-deb-repository.html
Changes in V2:
- Added runtime test for signed deb package feeds (Richard Purdie)
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH v2 0/3] *** SUBJECT HERE ***
2022-04-03 19:50 package_manager: support for signed DEB package feeds Ferry Toth
@ 2022-04-03 19:50 ` Ferry Toth
2022-04-03 19:50 ` [PATCH v2 1/3] gpg-sign: Add parameters to gpg signature function Ferry Toth
` (2 subsequent siblings)
3 siblings, 0 replies; 23+ messages in thread
From: Ferry Toth @ 2022-04-03 19:50 UTC (permalink / raw)
To: openembedded-core
Cc: Richard Purdie, Xavier Berger, Alexander Kanavin, Ferry Toth
From: Ferry Toth <ftoth@exalondelft.nl>
*** BLURB HERE ***
Ferry Toth (2):
package_manager: sign DEB package feeds
apt: add apt selftest to test signed package feeds
Xavier Berger (1):
gpg-sign: Add parameters to gpg signature function
meta/lib/oe/gpg_sign.py | 6 +++-
meta/lib/oe/package_manager/deb/__init__.py | 19 ++++++++--
meta/lib/oeqa/runtime/cases/apt.py | 16 ++++++---
meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++++++++++++++++++++
4 files changed, 70 insertions(+), 9 deletions(-)
--
2.32.0
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH v2 1/3] gpg-sign: Add parameters to gpg signature function
2022-04-03 19:50 package_manager: support for signed DEB package feeds Ferry Toth
2022-04-03 19:50 ` [PATCH v2 0/3] *** SUBJECT HERE *** Ferry Toth
@ 2022-04-03 19:50 ` Ferry Toth
2022-04-03 19:50 ` [PATCH v2 2/3] package_manager: sign DEB package feeds Ferry Toth
2022-04-03 19:50 ` [PATCH v2 3/3] apt: add apt selftest to test signed " Ferry Toth
3 siblings, 0 replies; 23+ messages in thread
From: Ferry Toth @ 2022-04-03 19:50 UTC (permalink / raw)
To: openembedded-core
Cc: Richard Purdie, Xavier Berger, Alexander Kanavin, Ferry Toth
From: Xavier Berger <xavier.berger@bio-logic.net>
output_suffix: If defined, add output_suffix as file name extension.
use_sha256: If True, use sha256 for gpg as digest algorithm
Signed-off-by: Xavier Berger <xavier.berger@bio-logic.net>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
---
meta/lib/oe/gpg_sign.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/meta/lib/oe/gpg_sign.py b/meta/lib/oe/gpg_sign.py
index 1bce6cb792..aa9bb49f2c 100644
--- a/meta/lib/oe/gpg_sign.py
+++ b/meta/lib/oe/gpg_sign.py
@@ -58,7 +58,7 @@ class LocalSigner(object):
for i in range(0, len(files), sign_chunk):
subprocess.check_output(shlex.split(cmd + ' '.join(files[i:i+sign_chunk])), stderr=subprocess.STDOUT)
- def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True):
+ def detach_sign(self, input_file, keyid, passphrase_file, passphrase=None, armor=True, output_suffix=None, use_sha256=False):
"""Create a detached signature of a file"""
if passphrase_file and passphrase:
@@ -71,6 +71,10 @@ class LocalSigner(object):
cmd += ['--homedir', self.gpg_path]
if armor:
cmd += ['--armor']
+ if output_suffix:
+ cmd += ['-o', input_file + "." + output_suffix]
+ if use_sha256:
+ cmd += ['--digest-algo', "SHA256"]
#gpg > 2.1 supports password pipes only through the loopback interface
#gpg < 2.1 errors out if given unknown parameters
--
2.32.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v2 2/3] package_manager: sign DEB package feeds
2022-04-03 19:50 package_manager: support for signed DEB package feeds Ferry Toth
2022-04-03 19:50 ` [PATCH v2 0/3] *** SUBJECT HERE *** Ferry Toth
2022-04-03 19:50 ` [PATCH v2 1/3] gpg-sign: Add parameters to gpg signature function Ferry Toth
@ 2022-04-03 19:50 ` Ferry Toth
2022-04-03 19:50 ` [PATCH v2 3/3] apt: add apt selftest to test signed " Ferry Toth
3 siblings, 0 replies; 23+ messages in thread
From: Ferry Toth @ 2022-04-03 19:50 UTC (permalink / raw)
To: openembedded-core
Cc: Richard Purdie, Xavier Berger, Alexander Kanavin, Ferry Toth
From: Ferry Toth <ftoth@exalondelft.nl>
Implement debian package repository signature.
For each Release file created in repository subdirectory, a signature
Release.gpg is created.
Signature is performed using gpg backend when the following variables
are set in local.conf:
PACKAGE_CLASSES += "sign_package_feed"
PACKAGE_FEED_GPG_NAME = "<Id of GPG key>"
PACKAGE_FEED_GPG_PASSPHRASE_FILE="<path to password file>"
Signed-off-by: Xavier Berger <xavier.berger@bio-logic.net>
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
---
meta/lib/oe/package_manager/deb/__init__.py | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/meta/lib/oe/package_manager/deb/__init__.py b/meta/lib/oe/package_manager/deb/__init__.py
index 9f112ae25b..86ddb130ad 100644
--- a/meta/lib/oe/package_manager/deb/__init__.py
+++ b/meta/lib/oe/package_manager/deb/__init__.py
@@ -53,6 +53,7 @@ class DpkgIndexer(Indexer):
index_cmds = []
deb_dirs_found = False
+ index_sign_files = set()
for arch in arch_list:
arch_dir = os.path.join(self.deploy_dir, arch)
if not os.path.isdir(arch_dir):
@@ -62,7 +63,10 @@ class DpkgIndexer(Indexer):
cmd += "%s -fcn Packages > Packages.gz;" % gzip
- with open(os.path.join(arch_dir, "Release"), "w+") as release:
+ release_file = os.path.join(arch_dir, "Release")
+ index_sign_files.add(release_file)
+
+ with open(release_file, "w+") as release:
release.write("Label: %s\n" % arch)
cmd += "PSEUDO_UNLOAD=1 %s release . >> Release" % apt_ftparchive
@@ -76,8 +80,17 @@ class DpkgIndexer(Indexer):
return
oe.utils.multiprocess_launch(create_index, index_cmds, self.d)
- if self.d.getVar('PACKAGE_FEED_SIGN') == '1':
- raise NotImplementedError('Package feed signing not implementd for dpkg')
+ if self.d.getVar('PACKAGE_FEED_SIGN', True) == '1':
+ signer = get_signer(self.d, self.d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
+ else:
+ signer = None
+ if signer:
+ for f in index_sign_files:
+ signer.detach_sign(f,
+ self.d.getVar('PACKAGE_FEED_GPG_NAME', True),
+ self.d.getVar('PACKAGE_FEED_GPG_PASSPHRASE_FILE', True),
+ output_suffix="gpg",
+ use_sha256=True)
class PMPkgsList(PkgsList):
--
2.32.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-03 19:50 package_manager: support for signed DEB package feeds Ferry Toth
` (2 preceding siblings ...)
2022-04-03 19:50 ` [PATCH v2 2/3] package_manager: sign DEB package feeds Ferry Toth
@ 2022-04-03 19:50 ` Ferry Toth
2022-04-04 13:58 ` Richard Purdie
3 siblings, 1 reply; 23+ messages in thread
From: Ferry Toth @ 2022-04-03 19:50 UTC (permalink / raw)
To: openembedded-core
Cc: Richard Purdie, Xavier Berger, Alexander Kanavin, Ferry Toth
From: Ferry Toth <ftoth@exalondelft.nl>
Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
Currently when building images this requirement is worked around by using [allow-insecure=yes] and
equivalently when performing selftest.
Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign DEB package feeds"
enable signed DEB package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
management. To be able to install the key the gnupg package is added to the testimage.
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
---
meta/lib/oeqa/runtime/cases/apt.py | 16 ++++++---
meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++++++++++++++++++++
2 files changed, 49 insertions(+), 5 deletions(-)
diff --git a/meta/lib/oeqa/runtime/cases/apt.py b/meta/lib/oeqa/runtime/cases/apt.py
index 53745df93f..49f8714730 100644
--- a/meta/lib/oeqa/runtime/cases/apt.py
+++ b/meta/lib/oeqa/runtime/cases/apt.py
@@ -21,7 +21,7 @@ class AptRepoTest(AptTest):
@classmethod
def setUpClass(cls):
- service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all')
+ service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], '')
cls.repo_server = HTTPService(service_repo,
'0.0.0.0', port=cls.tc.target.server_port,
logger=cls.tc.logger)
@@ -32,13 +32,18 @@ class AptRepoTest(AptTest):
cls.repo_server.stop()
def setup_source_config_for_package_install(self):
- apt_get_source_server = 'http://%s:%s/' % (self.tc.target.server_ip, self.repo_server.port)
+ apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
apt_get_sourceslist_dir = '/etc/apt/'
- self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
+ self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
def cleanup_source_config_for_package_install(self):
apt_get_sourceslist_dir = '/etc/apt/'
- self.target.run('cd %s; rm sources.list' % (apt_get_sourceslist_dir))
+ self.target.run('cd %s; mv sources.list.bak sources.list' % (apt_get_sourceslist_dir))
+
+ def setup_key(self):
+ # the key is found on the target /etc/pki/packagefeed-gpg/
+ # named PACKAGEFEED-GPG-KEY-poky-branch
+ self.target.run('cd %s; apt-key add P*' % ('/etc/pki/packagefeed-gpg'))
@skipIfNotFeature('package-management',
'Test requires package-management to be in IMAGE_FEATURES')
@@ -47,7 +52,8 @@ class AptRepoTest(AptTest):
@OEHasPackage(['apt'])
def test_apt_install_from_repo(self):
self.setup_source_config_for_package_install()
+ self.setup_key()
self.pkg('update')
self.pkg('remove --yes run-postinsts-dev')
- self.pkg('install --yes --allow-unauthenticated run-postinsts-dev')
+ self.pkg('install --yes run-postinsts-dev')
self.cleanup_source_config_for_package_install()
diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
index 642f0eb637..7a75b95a99 100644
--- a/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -162,6 +162,44 @@ class TestImage(OESelftestTestCase):
bitbake('core-image-full-cmdline socat')
bitbake('-c testimage core-image-full-cmdline')
+ def test_testimage_apt(self):
+ """
+ Summary: Check package feeds functionality for apt
+ Expected: 1. Check that remote package feeds can be accessed
+ Product: oe-core
+ Author: Ferry Toth <fntoth@gmail.com>
+ """
+ if get_bb_var('DISTRO') == 'poky-tiny':
+ self.skipTest('core-image-full-cmdline not buildable for poky-tiny')
+
+ features = 'INHERIT += "testimage"\n'
+ features += 'TEST_SUITES = "ping ssh apt.AptRepoTest.test_apt_install_from_repo"\n'
+ # We don't yet know what the server ip and port will be - they will be patched
+ # in at the start of the on-image test
+ features += 'PACKAGE_FEED_URIS = "http://bogus_ip:bogus_port"\n'
+ features += 'EXTRA_IMAGE_FEATURES += "package-management"\n'
+ features += 'PACKAGE_CLASSES = "package_deb"\n'
+ # We need gnupg on the target to install keys
+ features += 'IMAGE_INSTALL:append:pn-core-image-full-cmdline = " gnupg"\n'
+
+ bitbake('gnupg-native -c addto_recipe_sysroot')
+
+ # Enable package feed signing
+ self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
+ self.track_for_cleanup(self.gpg_home)
+ signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
+ runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
+ features += 'INHERIT += "sign_package_feed"\n'
+ features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
+ features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
+ features += 'GPG_PATH = "%s"\n' % self.gpg_home
+ features += 'PSEUDO_IGNORE_PATHS .= ",%s"\n' % self.gpg_home
+ self.write_config(features)
+
+ # Build core-image-sato and testimage
+ bitbake('core-image-full-cmdline socat')
+ bitbake('-c testimage core-image-full-cmdline')
+
def test_testimage_virgl_gtk_sdl(self):
"""
Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk and SDL frontends
--
2.32.0
^ permalink raw reply related [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-03 19:50 ` [PATCH v2 3/3] apt: add apt selftest to test signed " Ferry Toth
@ 2022-04-04 13:58 ` Richard Purdie
2022-04-04 17:35 ` Ferry Toth
2022-04-06 10:10 ` [OE-core] " Alexandre Belloni
0 siblings, 2 replies; 23+ messages in thread
From: Richard Purdie @ 2022-04-04 13:58 UTC (permalink / raw)
To: Ferry Toth, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Ferry Toth
On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
> From: Ferry Toth <ftoth@exalondelft.nl>
>
> Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
> Currently when building images this requirement is worked around by using [allow-insecure=yes] and
> equivalently when performing selftest.
>
> Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign DEB package feeds"
> enable signed DEB package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
> test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
> management. To be able to install the key the gnupg package is added to the testimage.
>
> Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
> ---
> meta/lib/oeqa/runtime/cases/apt.py | 16 ++++++---
> meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++++++++++++++++++++
> 2 files changed, 49 insertions(+), 5 deletions(-)
>
> diff --git a/meta/lib/oeqa/runtime/cases/apt.py b/meta/lib/oeqa/runtime/cases/apt.py
> index 53745df93f..49f8714730 100644
> --- a/meta/lib/oeqa/runtime/cases/apt.py
> +++ b/meta/lib/oeqa/runtime/cases/apt.py
> @@ -21,7 +21,7 @@ class AptRepoTest(AptTest):
>
> @classmethod
> def setUpClass(cls):
> - service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all')
> + service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], '')
> cls.repo_server = HTTPService(service_repo,
> '0.0.0.0', port=cls.tc.target.server_port,
> logger=cls.tc.logger)
> @@ -32,13 +32,18 @@ class AptRepoTest(AptTest):
> cls.repo_server.stop()
>
> def setup_source_config_for_package_install(self):
> - apt_get_source_server = 'http://%s:%s/' % (self.tc.target.server_ip, self.repo_server.port)
> + apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
> apt_get_sourceslist_dir = '/etc/apt/'
> - self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
> + self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
>
> def cleanup_source_config_for_package_install(self):
> apt_get_sourceslist_dir = '/etc/apt/'
> - self.target.run('cd %s; rm sources.list' % (apt_get_sourceslist_dir))
> + self.target.run('cd %s; mv sources.list.bak sources.list' % (apt_get_sourceslist_dir))
> +
> + def setup_key(self):
> + # the key is found on the target /etc/pki/packagefeed-gpg/
> + # named PACKAGEFEED-GPG-KEY-poky-branch
> + self.target.run('cd %s; apt-key add P*' % ('/etc/pki/packagefeed-gpg'))
>
> @skipIfNotFeature('package-management',
> 'Test requires package-management to be in IMAGE_FEATURES')
> @@ -47,7 +52,8 @@ class AptRepoTest(AptTest):
> @OEHasPackage(['apt'])
> def test_apt_install_from_repo(self):
> self.setup_source_config_for_package_install()
> + self.setup_key()
> self.pkg('update')
> self.pkg('remove --yes run-postinsts-dev')
> - self.pkg('install --yes --allow-unauthenticated run-postinsts-dev')
> + self.pkg('install --yes run-postinsts-dev')
> self.cleanup_source_config_for_package_install()
> diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
> index 642f0eb637..7a75b95a99 100644
> --- a/meta/lib/oeqa/selftest/cases/runtime_test.py
> +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
> @@ -162,6 +162,44 @@ class TestImage(OESelftestTestCase):
> bitbake('core-image-full-cmdline socat')
> bitbake('-c testimage core-image-full-cmdline')
>
> + def test_testimage_apt(self):
> + """
> + Summary: Check package feeds functionality for apt
> + Expected: 1. Check that remote package feeds can be accessed
> + Product: oe-core
> + Author: Ferry Toth <fntoth@gmail.com>
> + """
> + if get_bb_var('DISTRO') == 'poky-tiny':
> + self.skipTest('core-image-full-cmdline not buildable for poky-tiny')
> +
> + features = 'INHERIT += "testimage"\n'
> + features += 'TEST_SUITES = "ping ssh apt.AptRepoTest.test_apt_install_from_repo"\n'
> + # We don't yet know what the server ip and port will be - they will be patched
> + # in at the start of the on-image test
> + features += 'PACKAGE_FEED_URIS = "http://bogus_ip:bogus_port"\n'
> + features += 'EXTRA_IMAGE_FEATURES += "package-management"\n'
> + features += 'PACKAGE_CLASSES = "package_deb"\n'
> + # We need gnupg on the target to install keys
> + features += 'IMAGE_INSTALL:append:pn-core-image-full-cmdline = " gnupg"\n'
> +
> + bitbake('gnupg-native -c addto_recipe_sysroot')
> +
> + # Enable package feed signing
> + self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
> + self.track_for_cleanup(self.gpg_home)
> + signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
> + runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
> + features += 'INHERIT += "sign_package_feed"\n'
> + features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
> + features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
> + features += 'GPG_PATH = "%s"\n' % self.gpg_home
> + features += 'PSEUDO_IGNORE_PATHS .= ",%s"\n' % self.gpg_home
> + self.write_config(features)
> +
> + # Build core-image-sato and testimage
> + bitbake('core-image-full-cmdline socat')
> + bitbake('-c testimage core-image-full-cmdline')
> +
> def test_testimage_virgl_gtk_sdl(self):
> """
> Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk and SDL frontends
Thanks for working on this!
Looking at the patches I wondered if this would break testimage and
unfortunately it does:
https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/5013/steps/12/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4975
however hopefully these shouldn't be too hard to fix?
The rest of the build is still running.
Cheers,
Richard
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-04 13:58 ` Richard Purdie
@ 2022-04-04 17:35 ` Ferry Toth
2022-04-04 20:39 ` Richard Purdie
2022-04-06 10:10 ` [OE-core] " Alexandre Belloni
1 sibling, 1 reply; 23+ messages in thread
From: Ferry Toth @ 2022-04-04 17:35 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Ferry Toth
Hi,
Op 04-04-2022 om 15:58 schreef Richard Purdie:
> On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
>> From: Ferry Toth <ftoth@exalondelft.nl>
>>
>> Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
>> Currently when building images this requirement is worked around by using [allow-insecure=yes] and
>> equivalently when performing selftest.
>>
>> Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign DEB package feeds"
>> enable signed DEB package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
>> test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
>> management. To be able to install the key the gnupg package is added to the testimage.
>>
>> Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
>> ---
>> meta/lib/oeqa/runtime/cases/apt.py | 16 ++++++---
>> meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++++++++++++++++++++
>> 2 files changed, 49 insertions(+), 5 deletions(-)
>>
>> diff --git a/meta/lib/oeqa/runtime/cases/apt.py b/meta/lib/oeqa/runtime/cases/apt.py
>> index 53745df93f..49f8714730 100644
>> --- a/meta/lib/oeqa/runtime/cases/apt.py
>> +++ b/meta/lib/oeqa/runtime/cases/apt.py
>> @@ -21,7 +21,7 @@ class AptRepoTest(AptTest):
>>
>> @classmethod
>> def setUpClass(cls):
>> - service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all')
>> + service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], '')
>> cls.repo_server = HTTPService(service_repo,
>> '0.0.0.0', port=cls.tc.target.server_port,
>> logger=cls.tc.logger)
>> @@ -32,13 +32,18 @@ class AptRepoTest(AptTest):
>> cls.repo_server.stop()
>>
>> def setup_source_config_for_package_install(self):
>> - apt_get_source_server = 'http://%s:%s/' % (self.tc.target.server_ip, self.repo_server.port)
>> + apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
>> apt_get_sourceslist_dir = '/etc/apt/'
>> - self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
>> + self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
>>
>> def cleanup_source_config_for_package_install(self):
>> apt_get_sourceslist_dir = '/etc/apt/'
>> - self.target.run('cd %s; rm sources.list' % (apt_get_sourceslist_dir))
>> + self.target.run('cd %s; mv sources.list.bak sources.list' % (apt_get_sourceslist_dir))
>> +
>> + def setup_key(self):
>> + # the key is found on the target /etc/pki/packagefeed-gpg/
>> + # named PACKAGEFEED-GPG-KEY-poky-branch
>> + self.target.run('cd %s; apt-key add P*' % ('/etc/pki/packagefeed-gpg'))
>>
>> @skipIfNotFeature('package-management',
>> 'Test requires package-management to be in IMAGE_FEATURES')
>> @@ -47,7 +52,8 @@ class AptRepoTest(AptTest):
>> @OEHasPackage(['apt'])
>> def test_apt_install_from_repo(self):
>> self.setup_source_config_for_package_install()
>> + self.setup_key()
>> self.pkg('update')
>> self.pkg('remove --yes run-postinsts-dev')
>> - self.pkg('install --yes --allow-unauthenticated run-postinsts-dev')
>> + self.pkg('install --yes run-postinsts-dev')
>> self.cleanup_source_config_for_package_install()
>> diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
>> index 642f0eb637..7a75b95a99 100644
>> --- a/meta/lib/oeqa/selftest/cases/runtime_test.py
>> +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
>> @@ -162,6 +162,44 @@ class TestImage(OESelftestTestCase):
>> bitbake('core-image-full-cmdline socat')
>> bitbake('-c testimage core-image-full-cmdline')
>>
>> + def test_testimage_apt(self):
>> + """
>> + Summary: Check package feeds functionality for apt
>> + Expected: 1. Check that remote package feeds can be accessed
>> + Product: oe-core
>> + Author: Ferry Toth <fntoth@gmail.com>
>> + """
>> + if get_bb_var('DISTRO') == 'poky-tiny':
>> + self.skipTest('core-image-full-cmdline not buildable for poky-tiny')
>> +
>> + features = 'INHERIT += "testimage"\n'
>> + features += 'TEST_SUITES = "ping ssh apt.AptRepoTest.test_apt_install_from_repo"\n'
>> + # We don't yet know what the server ip and port will be - they will be patched
>> + # in at the start of the on-image test
>> + features += 'PACKAGE_FEED_URIS = "http://bogus_ip:bogus_port"\n'
>> + features += 'EXTRA_IMAGE_FEATURES += "package-management"\n'
>> + features += 'PACKAGE_CLASSES = "package_deb"\n'
>> + # We need gnupg on the target to install keys
>> + features += 'IMAGE_INSTALL:append:pn-core-image-full-cmdline = " gnupg"\n'
>> +
>> + bitbake('gnupg-native -c addto_recipe_sysroot')
>> +
>> + # Enable package feed signing
>> + self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
>> + self.track_for_cleanup(self.gpg_home)
>> + signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
>> + runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
>> + features += 'INHERIT += "sign_package_feed"\n'
>> + features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
>> + features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
>> + features += 'GPG_PATH = "%s"\n' % self.gpg_home
>> + features += 'PSEUDO_IGNORE_PATHS .= ",%s"\n' % self.gpg_home
>> + self.write_config(features)
>> +
>> + # Build core-image-sato and testimage
>> + bitbake('core-image-full-cmdline socat')
>> + bitbake('-c testimage core-image-full-cmdline')
>> +
>> def test_testimage_virgl_gtk_sdl(self):
>> """
>> Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk and SDL frontends
>
> Thanks for working on this!
>
> Looking at the patches I wondered if this would break testimage and
> unfortunately it does:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/5013/steps/12/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4975
That is weird, do I understand correctly that it fails on:
apt-get remove --yes run-postinsts-dev
Reading package lists...
Building dependency tree...
E: Unable to locate package run-postinsts-dev
That is actually *) one line I didn't touch. I did note while testing
that I saw this exact message, however that was not counted as a fail.
What could cause this? Because the complaint is it can't remove the
package because it was not installed.
It would be trivial to remove the line
*) self.pkg('remove --yes run-postinsts-dev')
but how could it have passed the test before?
> however hopefully these shouldn't be too hard to fix?
>
> The rest of the build is still running.
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-04 17:35 ` Ferry Toth
@ 2022-04-04 20:39 ` Richard Purdie
2022-04-05 15:23 ` Ferry Toth
0 siblings, 1 reply; 23+ messages in thread
From: Richard Purdie @ 2022-04-04 20:39 UTC (permalink / raw)
To: Ferry Toth, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Ferry Toth
On Mon, 2022-04-04 at 19:35 +0200, Ferry Toth wrote:
> Hi,
>
> Op 04-04-2022 om 15:58 schreef Richard Purdie:
> > On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
> > > From: Ferry Toth <ftoth@exalondelft.nl>
> > >
> > > Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
> > > Currently when building images this requirement is worked around by using [allow-insecure=yes] and
> > > equivalently when performing selftest.
> > >
> > > Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign DEB package feeds"
> > > enable signed DEB package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
> > > test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
> > > management. To be able to install the key the gnupg package is added to the testimage.
> > >
> > > Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
> > > ---
> > > meta/lib/oeqa/runtime/cases/apt.py | 16 ++++++---
> > > meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++++++++++++++++++++
> > > 2 files changed, 49 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/meta/lib/oeqa/runtime/cases/apt.py b/meta/lib/oeqa/runtime/cases/apt.py
> > > index 53745df93f..49f8714730 100644
> > > --- a/meta/lib/oeqa/runtime/cases/apt.py
> > > +++ b/meta/lib/oeqa/runtime/cases/apt.py
> > > @@ -21,7 +21,7 @@ class AptRepoTest(AptTest):
> > >
> > > @classmethod
> > > def setUpClass(cls):
> > > - service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all')
> > > + service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], '')
> > > cls.repo_server = HTTPService(service_repo,
> > > '0.0.0.0', port=cls.tc.target.server_port,
> > > logger=cls.tc.logger)
> > > @@ -32,13 +32,18 @@ class AptRepoTest(AptTest):
> > > cls.repo_server.stop()
> > >
> > > def setup_source_config_for_package_install(self):
> > > - apt_get_source_server = 'http://%s:%s/' % (self.tc.target.server_ip, self.repo_server.port)
> > > + apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
> > > apt_get_sourceslist_dir = '/etc/apt/'
> > > - self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
> > > + self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
> > >
> > > def cleanup_source_config_for_package_install(self):
> > > apt_get_sourceslist_dir = '/etc/apt/'
> > > - self.target.run('cd %s; rm sources.list' % (apt_get_sourceslist_dir))
> > > + self.target.run('cd %s; mv sources.list.bak sources.list' % (apt_get_sourceslist_dir))
> > > +
> > > + def setup_key(self):
> > > + # the key is found on the target /etc/pki/packagefeed-gpg/
> > > + # named PACKAGEFEED-GPG-KEY-poky-branch
> > > + self.target.run('cd %s; apt-key add P*' % ('/etc/pki/packagefeed-gpg'))
> > >
> > > @skipIfNotFeature('package-management',
> > > 'Test requires package-management to be in IMAGE_FEATURES')
> > > @@ -47,7 +52,8 @@ class AptRepoTest(AptTest):
> > > @OEHasPackage(['apt'])
> > > def test_apt_install_from_repo(self):
> > > self.setup_source_config_for_package_install()
> > > + self.setup_key()
> > > self.pkg('update')
> > > self.pkg('remove --yes run-postinsts-dev')
> > > - self.pkg('install --yes --allow-unauthenticated run-postinsts-dev')
> > > + self.pkg('install --yes run-postinsts-dev')
> > > self.cleanup_source_config_for_package_install()
> > > diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
> > > index 642f0eb637..7a75b95a99 100644
> > > --- a/meta/lib/oeqa/selftest/cases/runtime_test.py
> > > +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
> > > @@ -162,6 +162,44 @@ class TestImage(OESelftestTestCase):
> > > bitbake('core-image-full-cmdline socat')
> > > bitbake('-c testimage core-image-full-cmdline')
> > >
> > > + def test_testimage_apt(self):
> > > + """
> > > + Summary: Check package feeds functionality for apt
> > > + Expected: 1. Check that remote package feeds can be accessed
> > > + Product: oe-core
> > > + Author: Ferry Toth <fntoth@gmail.com>
> > > + """
> > > + if get_bb_var('DISTRO') == 'poky-tiny':
> > > + self.skipTest('core-image-full-cmdline not buildable for poky-tiny')
> > > +
> > > + features = 'INHERIT += "testimage"\n'
> > > + features += 'TEST_SUITES = "ping ssh apt.AptRepoTest.test_apt_install_from_repo"\n'
> > > + # We don't yet know what the server ip and port will be - they will be patched
> > > + # in at the start of the on-image test
> > > + features += 'PACKAGE_FEED_URIS = "http://bogus_ip:bogus_port"\n'
> > > + features += 'EXTRA_IMAGE_FEATURES += "package-management"\n'
> > > + features += 'PACKAGE_CLASSES = "package_deb"\n'
> > > + # We need gnupg on the target to install keys
> > > + features += 'IMAGE_INSTALL:append:pn-core-image-full-cmdline = " gnupg"\n'
> > > +
> > > + bitbake('gnupg-native -c addto_recipe_sysroot')
> > > +
> > > + # Enable package feed signing
> > > + self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
> > > + self.track_for_cleanup(self.gpg_home)
> > > + signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
> > > + runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
> > > + features += 'INHERIT += "sign_package_feed"\n'
> > > + features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
> > > + features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
> > > + features += 'GPG_PATH = "%s"\n' % self.gpg_home
> > > + features += 'PSEUDO_IGNORE_PATHS .= ",%s"\n' % self.gpg_home
> > > + self.write_config(features)
> > > +
> > > + # Build core-image-sato and testimage
> > > + bitbake('core-image-full-cmdline socat')
> > > + bitbake('-c testimage core-image-full-cmdline')
> > > +
> > > def test_testimage_virgl_gtk_sdl(self):
> > > """
> > > Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk and SDL frontends
> >
> > Thanks for working on this!
> >
> > Looking at the patches I wondered if this would break testimage and
> > unfortunately it does:
> >
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/5013/steps/12/logs/stdio
> > https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4975
>
> That is weird, do I understand correctly that it fails on:
> apt-get remove --yes run-postinsts-dev
> Reading package lists...
> Building dependency tree...
> E: Unable to locate package run-postinsts-dev
>
> That is actually *) one line I didn't touch. I did note while testing
> that I saw this exact message, however that was not counted as a fail.
>
> What could cause this? Because the complaint is it can't remove the
> package because it was not installed.
>
> It would be trivial to remove the line
>
> *) self.pkg('remove --yes run-postinsts-dev')
>
> but how could it have passed the test before?
I think the issue is you edited testimage which is a different set of tests
which aren't just called by oe-selftest but by things like
"bitbake core-image-sato -c testimage"
as well. I'd suggest making the changes in testimage conditional on signing
being configured.
Cheers,
Richard
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-04 20:39 ` Richard Purdie
@ 2022-04-05 15:23 ` Ferry Toth
2022-04-06 11:40 ` Richard Purdie
0 siblings, 1 reply; 23+ messages in thread
From: Ferry Toth @ 2022-04-05 15:23 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Ferry Toth
[-- Attachment #1: Type: text/plain, Size: 9640 bytes --]
Hi,
Op 04-04-2022 om 22:39 schreef Richard Purdie:
> On Mon, 2022-04-04 at 19:35 +0200, Ferry Toth wrote:
>> Hi,
>>
>> Op 04-04-2022 om 15:58 schreef Richard Purdie:
>>> On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
>>>> From: Ferry Toth<ftoth@exalondelft.nl>
>>>>
>>>> Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
>>>> Currently when building images this requirement is worked around by using [allow-insecure=yes] and
>>>> equivalently when performing selftest.
>>>>
>>>> Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign DEB package feeds"
>>>> enable signed DEB package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
>>>> test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
>>>> management. To be able to install the key the gnupg package is added to the testimage.
>>>>
>>>> Signed-off-by: Ferry Toth<ftoth@exalondelft.nl>
>>>> ---
>>>> meta/lib/oeqa/runtime/cases/apt.py | 16 ++++++---
>>>> meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++++++++++++++++++++
>>>> 2 files changed, 49 insertions(+), 5 deletions(-)
>>>>
>>>> diff --git a/meta/lib/oeqa/runtime/cases/apt.py b/meta/lib/oeqa/runtime/cases/apt.py
>>>> index 53745df93f..49f8714730 100644
>>>> --- a/meta/lib/oeqa/runtime/cases/apt.py
>>>> +++ b/meta/lib/oeqa/runtime/cases/apt.py
>>>> @@ -21,7 +21,7 @@ class AptRepoTest(AptTest):
>>>>
>>>> @classmethod
>>>> def setUpClass(cls):
>>>> - service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all')
>>>> + service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], '')
>>>> cls.repo_server = HTTPService(service_repo,
>>>> '0.0.0.0', port=cls.tc.target.server_port,
>>>> logger=cls.tc.logger)
>>>> @@ -32,13 +32,18 @@ class AptRepoTest(AptTest):
>>>> cls.repo_server.stop()
>>>>
>>>> def setup_source_config_for_package_install(self):
>>>> - apt_get_source_server = 'http://%s:%s/' % (self.tc.target.server_ip, self.repo_server.port)
>>>> + apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
>>>> apt_get_sourceslist_dir = '/etc/apt/'
>>>> - self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
>>>> + self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
>>>>
>>>> def cleanup_source_config_for_package_install(self):
>>>> apt_get_sourceslist_dir = '/etc/apt/'
>>>> - self.target.run('cd %s; rm sources.list' % (apt_get_sourceslist_dir))
>>>> + self.target.run('cd %s; mv sources.list.bak sources.list' % (apt_get_sourceslist_dir))
>>>> +
>>>> + def setup_key(self):
>>>> + # the key is found on the target /etc/pki/packagefeed-gpg/
>>>> + # named PACKAGEFEED-GPG-KEY-poky-branch
>>>> + self.target.run('cd %s; apt-key add P*' % ('/etc/pki/packagefeed-gpg'))
>>>>
>>>> @skipIfNotFeature('package-management',
>>>> 'Test requires package-management to be in IMAGE_FEATURES')
>>>> @@ -47,7 +52,8 @@ class AptRepoTest(AptTest):
>>>> @OEHasPackage(['apt'])
>>>> def test_apt_install_from_repo(self):
>>>> self.setup_source_config_for_package_install()
>>>> + self.setup_key()
>>>> self.pkg('update')
>>>> self.pkg('remove --yes run-postinsts-dev')
>>>> - self.pkg('install --yes --allow-unauthenticated run-postinsts-dev')
>>>> + self.pkg('install --yes run-postinsts-dev')
>>>> self.cleanup_source_config_for_package_install()
>>>> diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
>>>> index 642f0eb637..7a75b95a99 100644
>>>> --- a/meta/lib/oeqa/selftest/cases/runtime_test.py
>>>> +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
>>>> @@ -162,6 +162,44 @@ class TestImage(OESelftestTestCase):
>>>> bitbake('core-image-full-cmdline socat')
>>>> bitbake('-c testimage core-image-full-cmdline')
>>>>
>>>> + def test_testimage_apt(self):
>>>> + """
>>>> + Summary: Check package feeds functionality for apt
>>>> + Expected: 1. Check that remote package feeds can be accessed
>>>> + Product: oe-core
>>>> + Author: Ferry Toth<fntoth@gmail.com>
>>>> + """
>>>> + if get_bb_var('DISTRO') == 'poky-tiny':
>>>> + self.skipTest('core-image-full-cmdline not buildable for poky-tiny')
>>>> +
>>>> + features = 'INHERIT += "testimage"\n'
>>>> + features += 'TEST_SUITES = "ping ssh apt.AptRepoTest.test_apt_install_from_repo"\n'
>>>> + # We don't yet know what the server ip and port will be - they will be patched
>>>> + # in at the start of the on-image test
>>>> + features += 'PACKAGE_FEED_URIS = "http://bogus_ip:bogus_port"\n'
>>>> + features += 'EXTRA_IMAGE_FEATURES += "package-management"\n'
>>>> + features += 'PACKAGE_CLASSES = "package_deb"\n'
>>>> + # We need gnupg on the target to install keys
>>>> + features += 'IMAGE_INSTALL:append:pn-core-image-full-cmdline = " gnupg"\n'
>>>> +
>>>> + bitbake('gnupg-native -c addto_recipe_sysroot')
>>>> +
>>>> + # Enable package feed signing
>>>> + self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
>>>> + self.track_for_cleanup(self.gpg_home)
>>>> + signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
>>>> + runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
>>>> + features += 'INHERIT += "sign_package_feed"\n'
>>>> + features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
>>>> + features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
>>>> + features += 'GPG_PATH = "%s"\n' % self.gpg_home
>>>> + features += 'PSEUDO_IGNORE_PATHS .= ",%s"\n' % self.gpg_home
>>>> + self.write_config(features)
>>>> +
>>>> + # Build core-image-sato and testimage
>>>> + bitbake('core-image-full-cmdline socat')
>>>> + bitbake('-c testimage core-image-full-cmdline')
>>>> +
>>>> def test_testimage_virgl_gtk_sdl(self):
>>>> """
>>>> Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk and SDL frontends
>>> Thanks for working on this!
>>>
>>> Looking at the patches I wondered if this would break testimage and
>>> unfortunately it does:
>>>
>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/5013/steps/12/logs/stdio
>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4975
>> That is weird, do I understand correctly that it fails on:
>> apt-get remove --yes run-postinsts-dev
>> Reading package lists...
>> Building dependency tree...
>> E: Unable to locate package run-postinsts-dev
>>
>> That is actually *) one line I didn't touch. I did note while testing
>> that I saw this exact message, however that was not counted as a fail.
>>
>> What could cause this? Because the complaint is it can't remove the
>> package because it was not installed.
>>
>> It would be trivial to remove the line
>>
>> *) self.pkg('remove --yes run-postinsts-dev')
>>
>> but how could it have passed the test before?
>
> I think the issue is you edited testimage which is a different set of tests
> which aren't just called by oe-selftest but by things like
That would be my first thought too, but...
because the failure seems to be on the line self.pkg('remove --yes
run-postinsts-dev'), that would mean the line self.pkg('update') passed.
And that should only pass if it finds a signed repository and has the
key installed (and believe me, I saw a log of that in the last week).
So, there may be a second thing wrong?
Do you know where I can find the log files referred to:
<..>tmp/work/qemux86-poky-linux/core-image-sato/1.0-r0/temp/log.do_testimage.35553
<..>tmp/work/qemux86-poky-linux/core-image-sato-sdk/1.0-r0/temp/log.do_testimage.35362
or could we do a 'quick' check by changing
self.pkg('update')
self.pkg('remove --yes run-postinsts-dev')
self.pkg('install --yes run-postinsts-dev')
to
self.pkg('update')
self.pkg('install --yes run-postinsts-dev')
self.pkg('remove --yes run-postinsts-dev')
?
>
> "bitbake core-image-sato -c testimage"
>
> as well. I'd suggest making the changes in testimage conditional on signing
> being configured.
Yes, regardless the above, we need to either make signing always enabled
in all test cases or detect whether signing is used.
Do you have a hint if there is a variable to test in class AptRepoTest
if PACKAGE_FEED_GPG_NAME has been set?
Otherwise I could just duplicate code and create
apt.AptRepoTest.test_apt_install_from_repo_signed.
What would you prefer?
> Cheers,
>
> Richard
>
>
[-- Attachment #2: Type: text/html, Size: 10907 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-05 15:23 ` Ferry Toth
@ 2022-04-06 11:40 ` Richard Purdie
2022-04-06 14:43 ` Ferry Toth
0 siblings, 1 reply; 23+ messages in thread
From: Richard Purdie @ 2022-04-06 11:40 UTC (permalink / raw)
To: Ferry Toth, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Ferry Toth
On Tue, 2022-04-05 at 17:23 +0200, Ferry Toth wrote:
> Op 04-04-2022 om 22:39 schreef Richard Purdie:
> On Mon, 2022-04-04 at 19:35 +0200, Ferry Toth wrote:
> > Op 04-04-2022 om 15:58 schreef Richard Purdie:
> > >
> > > > On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
> > > > Looking at the patches I wondered if this would break testimage and
> > > > unfortunately it does:
> > > >
> > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/5013/s
> > > > teps/12/logs/stdio
> > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4975
> > > That is weird, do I understand correctly that it fails on:
> > > apt-get remove --yes run-postinsts-dev
> > > Reading package lists...
> > > Building dependency tree...
> > > E: Unable to locate package run-postinsts-dev
> > >
> > > That is actually *) one line I didn't touch. I did note while testing
> > > that I saw this exact message, however that was not counted as a fail.
> > >
> > > What could cause this? Because the complaint is it can't remove the
> > > package because it was not installed.
> > >
> > > It would be trivial to remove the line
> > >
> > > *) self.pkg('remove --yes run-postinsts-dev')
> > >
> > > but how could it have passed the test before?
> >
> > I think the issue is you edited testimage which is a different set of tests
> > which aren't just called by oe-selftest but by things like
> That would be my first thought too, but...
> because the failure seems to be on the line self.pkg('remove --yes run-
> postinsts-dev'), that would mean the line self.pkg('update') passed.
> And that should only pass if it finds a signed repository and has the key
> installed (and believe me, I saw a log of that in the last week).
> So, there may be a second thing wrong?
I was easily able to reproduce this locally and it shows the
setup_source_config_for_package_install() step fails and hence the sources
aren't setup correctly, hence the update probably works.
> Do you know where I can find the log files referred to:
> <..>tmp/work/qemux86-poky-linux/core-image-sato/1.0-
> r0/temp/log.do_testimage.35553
> <..>tmp/work/qemux86-poky-linux/core-image-sato-sdk/1.0-
> r0/temp/log.do_testimage.35362
We can get them off the autobuilder if needed but someone would have to manually
go in and find/share them. The issue does locally reproduce for me with a
"bitbake core-image-sato -c testimage" with package_deb set as the backend.
> or could we do a 'quick' check by changing
> self.pkg('update')
> self.pkg('remove --yes run-postinsts-dev')
> self.pkg('install --yes run-postinsts-dev')
> to
> self.pkg('update')
> self.pkg('install --yes run-postinsts-dev')
> self.pkg('remove --yes run-postinsts-dev')
> ?
I'm not convinced that would help us...
>
> >
> > "bitbake core-image-sato -c testimage"
> >
> > as well. I'd suggest making the changes in testimage conditional on signing
> > being configured.
> Yes, regardless the above, we need to either make signing always enabled in
> all test cases or detect whether signing is used.
> Do you have a hint if there is a variable to test in class AptRepoTest if
> PACKAGE_FEED_GPG_NAME has been set?
> Otherwise I could just duplicate code and create
> apt.AptRepoTest.test_apt_install_from_repo_signed.
> What would you prefer?
>
We should be able to test self.tc.td.get('PACKAGE_FEED_GPG_NAME') in the test
and handle accordingly?
I did merge the base changes into the release since I thought it was fair to get
the fixes in before it was built. We just need to get the test sorted now, I
think it is close.
Cheers,
Richard
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-06 11:40 ` Richard Purdie
@ 2022-04-06 14:43 ` Ferry Toth
2022-04-06 15:23 ` Richard Purdie
0 siblings, 1 reply; 23+ messages in thread
From: Ferry Toth @ 2022-04-06 14:43 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Ferry Toth
[-- Attachment #1: Type: text/plain, Size: 4362 bytes --]
Hi,
Op 06-04-2022 om 13:40 schreef Richard Purdie:
> On Tue, 2022-04-05 at 17:23 +0200, Ferry Toth wrote:
>> Op 04-04-2022 om 22:39 schreef Richard Purdie:
>> On Mon, 2022-04-04 at 19:35 +0200, Ferry Toth wrote:
>>> Op 04-04-2022 om 15:58 schreef Richard Purdie:
>>>>> On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
>>>>> Looking at the patches I wondered if this would break testimage and
>>>>> unfortunately it does:
>>>>>
>>>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/5013/s
>>>>> teps/12/logs/stdio
>>>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4975
>>>> That is weird, do I understand correctly that it fails on:
>>>> apt-get remove --yes run-postinsts-dev
>>>> Reading package lists...
>>>> Building dependency tree...
>>>> E: Unable to locate package run-postinsts-dev
>>>>
>>>> That is actually *) one line I didn't touch. I did note while testing
>>>> that I saw this exact message, however that was not counted as a fail.
>>>>
>>>> What could cause this? Because the complaint is it can't remove the
>>>> package because it was not installed.
>>>>
>>>> It would be trivial to remove the line
>>>>
>>>> *) self.pkg('remove --yes run-postinsts-dev')
>>>>
>>>> but how could it have passed the test before?
>>> I think the issue is you edited testimage which is a different set of tests
>>> which aren't just called by oe-selftest but by things like
>> That would be my first thought too, but...
>> because the failure seems to be on the line self.pkg('remove --yes run-
>> postinsts-dev'), that would mean the line self.pkg('update') passed.
>> And that should only pass if it finds a signed repository and has the key
>> installed (and believe me, I saw a log of that in the last week).
>> So, there may be a second thing wrong?
> I was easily able to reproduce this locally and it shows the
> setup_source_config_for_package_install() step fails and hence the sources
> aren't setup correctly, hence the update probably works.
not correct, hence works. You lost me here, but I'll try to reproduce.
>> Do you know where I can find the log files referred to:
>> <..>tmp/work/qemux86-poky-linux/core-image-sato/1.0-
>> r0/temp/log.do_testimage.35553
>> <..>tmp/work/qemux86-poky-linux/core-image-sato-sdk/1.0-
>> r0/temp/log.do_testimage.35362
> We can get them off the autobuilder if needed but someone would have to manually
No, that would be too much work. I'll try to reproduce myself.
> go in and find/share them. The issue does locally reproduce for me with a
> "bitbake core-image-sato -c testimage" with package_deb set as the backend.
..in conf. But without PACKAGE_CLASSES, PACKAGE_FEED_GPG_NAME,
PACKAGE_FEED_GPG_PASSPHRASE_FILE?
>> or could we do a 'quick' check by changing
>> self.pkg('update')
>> self.pkg('remove --yes run-postinsts-dev')
>> self.pkg('install --yes run-postinsts-dev')
>> to
>> self.pkg('update')
>> self.pkg('install --yes run-postinsts-dev')
>> self.pkg('remove --yes run-postinsts-dev')
>> ?
> I'm not convinced that would help us...
I'll try locally.
>>
>>> "bitbake core-image-sato -c testimage"
>>>
>>> as well. I'd suggest making the changes in testimage conditional on signing
>>> being configured.
>> Yes, regardless the above, we need to either make signing always enabled in
>> all test cases or detect whether signing is used.
>> Do you have a hint if there is a variable to test in class AptRepoTest if
>> PACKAGE_FEED_GPG_NAME has been set?
>> Otherwise I could just duplicate code and create
>> apt.AptRepoTest.test_apt_install_from_repo_signed.
>> What would you prefer?
>>
> We should be able to test self.tc.td.get('PACKAGE_FEED_GPG_NAME') in the test
> and handle accordingly?
>
> I did merge the base changes into the release since I thought it was fair to get
> the fixes in before it was built. We just need to get the test sorted now, I
> think it is close.
Thanks for merging.
I'll fix the test, that's only fair.
One thing, the test "test_testimage_apt" is new. It needs to be
scheduled somewhere (where "test_testimage_dnf" is called i guess), I
didn't add that. Is that correct?
>
> Cheers,
>
> Richard
>
>
>
[-- Attachment #2: Type: text/html, Size: 7024 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-06 14:43 ` Ferry Toth
@ 2022-04-06 15:23 ` Richard Purdie
2022-04-06 19:44 ` Ferry Toth
0 siblings, 1 reply; 23+ messages in thread
From: Richard Purdie @ 2022-04-06 15:23 UTC (permalink / raw)
To: Ferry Toth, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Ferry Toth
On Wed, 2022-04-06 at 16:43 +0200, Ferry Toth wrote:
> Op 06-04-2022 om 13:40 schreef Richard Purdie:
> > On Tue, 2022-04-05 at 17:23 +0200, Ferry Toth wrote:
> > > Op 04-04-2022 om 22:39 schreef Richard Purdie:
> > > On Mon, 2022-04-04 at 19:35 +0200, Ferry Toth wrote:
> > > > Op 04-04-2022 om 15:58 schreef Richard Purdie:
> > > > > > On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
> > > > > > Looking at the patches I wondered if this would break testimage and
> > > > > > unfortunately it does:
> > > > > >
> > > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/50
> > > > > > 13/s
> > > > > > teps/12/logs/stdio
> > > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/49
> > > > > > 75
> > > > > That is weird, do I understand correctly that it fails on:
> > > > > apt-get remove --yes run-postinsts-dev
> > > > > Reading package lists...
> > > > > Building dependency tree...
> > > > > E: Unable to locate package run-postinsts-dev
> > > > >
> > > > > That is actually *) one line I didn't touch. I did note while testing
> > > > > that I saw this exact message, however that was not counted as a fail.
> > > > >
> > > > > What could cause this? Because the complaint is it can't remove the
> > > > > package because it was not installed.
> > > > >
> > > > > It would be trivial to remove the line
> > > > >
> > > > > *) self.pkg('remove --yes run-postinsts-dev')
> > > > >
> > > > > but how could it have passed the test before?
> > > > I think the issue is you edited testimage which is a different set of
> > > > tests
> > > > which aren't just called by oe-selftest but by things like
> > > That would be my first thought too, but...
> > > because the failure seems to be on the line self.pkg('remove --yes run-
> > > postinsts-dev'), that would mean the line self.pkg('update') passed.
> > > And that should only pass if it finds a signed repository and has the key
> > > installed (and believe me, I saw a log of that in the last week).
> > > So, there may be a second thing wrong?
> > I was easily able to reproduce this locally and it shows the
> > setup_source_config_for_package_install() step fails and hence the sources
> > aren't setup correctly, hence the update probably works.
> not correct, hence works. You lost me here, but I'll try to reproduce.
I mean the command doesn't work correctly. In my local logs I see:
DEBUG: Command: cd /etc/apt/; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/http:\/\/192.168.7.1:46599/g' sources.list
Status: 1 Output: cp: can't stat 'sources.list': No such file or directory
sed: sources.list: No such file or directory
>
>
> > go in and find/share them. The issue does locally reproduce for me with a
> > "bitbake core-image-sato -c testimage" with package_deb set as the backend.
> ..in conf. But without PACKAGE_CLASSES, PACKAGE_FEED_GPG_NAME,
> PACKAGE_FEED_GPG_PASSPHRASE_FILE?
Yes.
> >
> > > Yes, regardless the above, we need to either make signing always enabled
> > > in
> > > all test cases or detect whether signing is used.
> > > Do you have a hint if there is a variable to test in class AptRepoTest if
> > > PACKAGE_FEED_GPG_NAME has been set?
> > > Otherwise I could just duplicate code and create
> > > apt.AptRepoTest.test_apt_install_from_repo_signed.
> > > What would you prefer?
> > >
> > We should be able to test self.tc.td.get('PACKAGE_FEED_GPG_NAME') in the
> > test
> > and handle accordingly?
> >
> > I did merge the base changes into the release since I thought it was fair to
> > get
> > the fixes in before it was built. We just need to get the test sorted now, I
> > think it is close.
> Thanks for merging.
> I'll fix the test, that's only fair.
> One thing, the test "test_testimage_apt" is new. It needs to be scheduled
> somewhere (where "test_testimage_dnf" is called i guess), I didn't add that.
> Is that correct?
>
No, the autobuilder runs all the tests in oe-selftest so it should be covered
(and is why we saw the failures on the autobuilder).
Cheers,
Richard
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-06 15:23 ` Richard Purdie
@ 2022-04-06 19:44 ` Ferry Toth
2022-04-06 21:05 ` Richard Purdie
0 siblings, 1 reply; 23+ messages in thread
From: Ferry Toth @ 2022-04-06 19:44 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Alexandre Belloni
Hi
Op 06-04-2022 om 17:23 schreef Richard Purdie:
> On Wed, 2022-04-06 at 16:43 +0200, Ferry Toth wrote:
>> Op 06-04-2022 om 13:40 schreef Richard Purdie:
>>> On Tue, 2022-04-05 at 17:23 +0200, Ferry Toth wrote:
>>>> Op 04-04-2022 om 22:39 schreef Richard Purdie:
>>>> On Mon, 2022-04-04 at 19:35 +0200, Ferry Toth wrote:
>>>>> Op 04-04-2022 om 15:58 schreef Richard Purdie:
>>>>>>> On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
>>>>>>> Looking at the patches I wondered if this would break testimage and
>>>>>>> unfortunately it does:
>>>>>>>
>>>>>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/50
>>>>>>> 13/s
>>>>>>> teps/12/logs/stdio
>>>>>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/49
>>>>>>> 75
>>>>>> That is weird, do I understand correctly that it fails on:
>>>>>> apt-get remove --yes run-postinsts-dev
>>>>>> Reading package lists...
>>>>>> Building dependency tree...
>>>>>> E: Unable to locate package run-postinsts-dev
>>>>>>
>>>>>> That is actually *) one line I didn't touch. I did note while testing
>>>>>> that I saw this exact message, however that was not counted as a fail.
>>>>>>
>>>>>> What could cause this? Because the complaint is it can't remove the
>>>>>> package because it was not installed.
>>>>>>
>>>>>> It would be trivial to remove the line
>>>>>>
>>>>>> *) self.pkg('remove --yes run-postinsts-dev')
>>>>>>
>>>>>> but how could it have passed the test before?
>>>>> I think the issue is you edited testimage which is a different set of
>>>>> tests
>>>>> which aren't just called by oe-selftest but by things like
>>>> That would be my first thought too, but...
>>>> because the failure seems to be on the line self.pkg('remove --yes run-
>>>> postinsts-dev'), that would mean the line self.pkg('update') passed.
>>>> And that should only pass if it finds a signed repository and has the key
>>>> installed (and believe me, I saw a log of that in the last week).
>>>> So, there may be a second thing wrong?
>>> I was easily able to reproduce this locally and it shows the
>>> setup_source_config_for_package_install() step fails and hence the sources
>>> aren't setup correctly, hence the update probably works.
>> not correct, hence works. You lost me here, but I'll try to reproduce.
> I mean the command doesn't work correctly. In my local logs I see:
>
> DEBUG: Command: cd /etc/apt/; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/http:\/\/192.168.7.1:46599/g' sources.list
> Status: 1 Output: cp: can't stat 'sources.list': No such file or directory
> sed: sources.list: No such file or directory
>
>>
>>> go in and find/share them. The issue does locally reproduce for me with a
>>> "bitbake core-image-sato -c testimage" with package_deb set as the backend.
>> ..in conf. But without PACKAGE_CLASSES, PACKAGE_FEED_GPG_NAME,
>> PACKAGE_FEED_GPG_PASSPHRASE_FILE?
> Yes.
>
>>>> Yes, regardless the above, we need to either make signing always enabled
>>>> in
>>>> all test cases or detect whether signing is used.
>>>> Do you have a hint if there is a variable to test in class AptRepoTest if
>>>> PACKAGE_FEED_GPG_NAME has been set?
>>>> Otherwise I could just duplicate code and create
>>>> apt.AptRepoTest.test_apt_install_from_repo_signed.
>>>> What would you prefer?
>>>>
>>> We should be able to test self.tc.td.get('PACKAGE_FEED_GPG_NAME') in the
>>> test
>>> and handle accordingly?
>>>
>>> I did merge the base changes into the release since I thought it was fair to
>>> get
>>> the fixes in before it was built. We just need to get the test sorted now, I
>>> think it is close.
>> Thanks for merging.
>> I'll fix the test, that's only fair.
>> One thing, the test "test_testimage_apt" is new. It needs to be scheduled
>> somewhere (where "test_testimage_dnf" is called i guess), I didn't add that.
>> Is that correct?
>>
> No, the autobuilder runs all the tests in oe-selftest so it should be covered
> (and is why we saw the failures on the autobuilder).
I was running 'oe-selftest -K -r
runtime_test.TestImage.test_testimage_apt' whereas buildbot seems to be
running 'apt.AptRepoTest.test_apt_install_from_repo' directly.
However, test_testimage_apt is where keys are setup (keys found in
meta-selftest). So, where/when is test_testimage_apt called (or
test_testimage_dnf for that matter)?
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-06 19:44 ` Ferry Toth
@ 2022-04-06 21:05 ` Richard Purdie
2022-04-07 9:59 ` Ferry Toth
0 siblings, 1 reply; 23+ messages in thread
From: Richard Purdie @ 2022-04-06 21:05 UTC (permalink / raw)
To: Ferry Toth, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Alexandre Belloni
On Wed, 2022-04-06 at 21:44 +0200, Ferry Toth wrote:
> Hi
>
> Op 06-04-2022 om 17:23 schreef Richard Purdie:
> > On Wed, 2022-04-06 at 16:43 +0200, Ferry Toth wrote:
> > > Op 06-04-2022 om 13:40 schreef Richard Purdie:
> > > > On Tue, 2022-04-05 at 17:23 +0200, Ferry Toth wrote:
> > > > > Op 04-04-2022 om 22:39 schreef Richard Purdie:
> > > > > On Mon, 2022-04-04 at 19:35 +0200, Ferry Toth wrote:
> > > > > > Op 04-04-2022 om 15:58 schreef Richard Purdie:
> > > > > > > > On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
> > > > > > > > Looking at the patches I wondered if this would break testimage and
> > > > > > > > unfortunately it does:
> > > > > > > >
> > > > > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/50
> > > > > > > > 13/s
> > > > > > > > teps/12/logs/stdio
> > > > > > > > https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/49
> > > > > > > > 75
> > > > > > > That is weird, do I understand correctly that it fails on:
> > > > > > > apt-get remove --yes run-postinsts-dev
> > > > > > > Reading package lists...
> > > > > > > Building dependency tree...
> > > > > > > E: Unable to locate package run-postinsts-dev
> > > > > > >
> > > > > > > That is actually *) one line I didn't touch. I did note while testing
> > > > > > > that I saw this exact message, however that was not counted as a fail.
> > > > > > >
> > > > > > > What could cause this? Because the complaint is it can't remove the
> > > > > > > package because it was not installed.
> > > > > > >
> > > > > > > It would be trivial to remove the line
> > > > > > >
> > > > > > > *) self.pkg('remove --yes run-postinsts-dev')
> > > > > > >
> > > > > > > but how could it have passed the test before?
> > > > > > I think the issue is you edited testimage which is a different set of
> > > > > > tests
> > > > > > which aren't just called by oe-selftest but by things like
> > > > > That would be my first thought too, but...
> > > > > because the failure seems to be on the line self.pkg('remove --yes run-
> > > > > postinsts-dev'), that would mean the line self.pkg('update') passed.
> > > > > And that should only pass if it finds a signed repository and has the key
> > > > > installed (and believe me, I saw a log of that in the last week).
> > > > > So, there may be a second thing wrong?
> > > > I was easily able to reproduce this locally and it shows the
> > > > setup_source_config_for_package_install() step fails and hence the sources
> > > > aren't setup correctly, hence the update probably works.
> > > not correct, hence works. You lost me here, but I'll try to reproduce.
> > I mean the command doesn't work correctly. In my local logs I see:
> >
> > DEBUG: Command: cd /etc/apt/; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/http:\/\/192.168.7.1:46599/g' sources.list
> > Status: 1 Output: cp: can't stat 'sources.list': No such file or directory
> > sed: sources.list: No such file or directory
> >
> > >
> > > > go in and find/share them. The issue does locally reproduce for me with a
> > > > "bitbake core-image-sato -c testimage" with package_deb set as the backend.
> > > ..in conf. But without PACKAGE_CLASSES, PACKAGE_FEED_GPG_NAME,
> > > PACKAGE_FEED_GPG_PASSPHRASE_FILE?
> > Yes.
> >
> > > > > Yes, regardless the above, we need to either make signing always enabled
> > > > > in
> > > > > all test cases or detect whether signing is used.
> > > > > Do you have a hint if there is a variable to test in class AptRepoTest if
> > > > > PACKAGE_FEED_GPG_NAME has been set?
> > > > > Otherwise I could just duplicate code and create
> > > > > apt.AptRepoTest.test_apt_install_from_repo_signed.
> > > > > What would you prefer?
> > > > >
> > > > We should be able to test self.tc.td.get('PACKAGE_FEED_GPG_NAME') in the
> > > > test
> > > > and handle accordingly?
> > > >
> > > > I did merge the base changes into the release since I thought it was fair to
> > > > get
> > > > the fixes in before it was built. We just need to get the test sorted now, I
> > > > think it is close.
> > > Thanks for merging.
> > > I'll fix the test, that's only fair.
> > > One thing, the test "test_testimage_apt" is new. It needs to be scheduled
> > > somewhere (where "test_testimage_dnf" is called i guess), I didn't add that.
> > > Is that correct?
> > >
> > No, the autobuilder runs all the tests in oe-selftest so it should be covered
> > (and is why we saw the failures on the autobuilder).
>
> I was running 'oe-selftest -K -r
> runtime_test.TestImage.test_testimage_apt' whereas buildbot seems to be
> running 'apt.AptRepoTest.test_apt_install_from_repo' directly.
We have several types of test. There are two types in play here,
"oe-selftest -K -r runtime_test.TestImage.test_testimage_apt"
and
"bitbake core-image-sato -c testimage"
The latter testimage tests are often run every time we create images and running
testimage will trigger 'apt.AptRepoTest.test_apt_install_from_repo' if the image
has apt present and is built using debian package management.
We also run oe-selftest which triggers a testimage of it's own for a specfic
test case.
So we'd expect the normal testimage calls to not have the package signing
enabled and then we'd have the oe-selftest which specifically tests signing.
> However, test_testimage_apt is where keys are setup (keys found in
> meta-selftest). So, where/when is test_testimage_apt called (or
> test_testimage_dnf for that matter)?
Those are called by the oe-selftest call on the autobuilder. We run the oe-
selftest with a mask on the autobuilder so pretty much all of them run.
Cheers,
Richard
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-06 21:05 ` Richard Purdie
@ 2022-04-07 9:59 ` Ferry Toth
0 siblings, 0 replies; 23+ messages in thread
From: Ferry Toth @ 2022-04-07 9:59 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
Cc: Xavier Berger, Alexander Kanavin, Alexandre Belloni
Op 06-04-2022 om 23:05 schreef Richard Purdie:
> On Wed, 2022-04-06 at 21:44 +0200, Ferry Toth wrote:
>> Hi
>>
>> Op 06-04-2022 om 17:23 schreef Richard Purdie:
>>> On Wed, 2022-04-06 at 16:43 +0200, Ferry Toth wrote:
>>>> Op 06-04-2022 om 13:40 schreef Richard Purdie:
>>>>> On Tue, 2022-04-05 at 17:23 +0200, Ferry Toth wrote:
>>>>>> Op 04-04-2022 om 22:39 schreef Richard Purdie:
>>>>>> On Mon, 2022-04-04 at 19:35 +0200, Ferry Toth wrote:
>>>>>>> Op 04-04-2022 om 15:58 schreef Richard Purdie:
>>>>>>>>> On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
>>>>>>>>> Looking at the patches I wondered if this would break testimage and
>>>>>>>>> unfortunately it does:
>>>>>>>>>
>>>>>>>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/50
>>>>>>>>> 13/s
>>>>>>>>> teps/12/logs/stdio
>>>>>>>>> https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/49
>>>>>>>>> 75
>>>>>>>> That is weird, do I understand correctly that it fails on:
>>>>>>>> apt-get remove --yes run-postinsts-dev
>>>>>>>> Reading package lists...
>>>>>>>> Building dependency tree...
>>>>>>>> E: Unable to locate package run-postinsts-dev
>>>>>>>>
>>>>>>>> That is actually *) one line I didn't touch. I did note while testing
>>>>>>>> that I saw this exact message, however that was not counted as a fail.
>>>>>>>>
>>>>>>>> What could cause this? Because the complaint is it can't remove the
>>>>>>>> package because it was not installed.
>>>>>>>>
>>>>>>>> It would be trivial to remove the line
>>>>>>>>
>>>>>>>> *) self.pkg('remove --yes run-postinsts-dev')
>>>>>>>>
>>>>>>>> but how could it have passed the test before?
>>>>>>> I think the issue is you edited testimage which is a different set of
>>>>>>> tests
>>>>>>> which aren't just called by oe-selftest but by things like
>>>>>> That would be my first thought too, but...
>>>>>> because the failure seems to be on the line self.pkg('remove --yes run-
>>>>>> postinsts-dev'), that would mean the line self.pkg('update') passed.
>>>>>> And that should only pass if it finds a signed repository and has the key
>>>>>> installed (and believe me, I saw a log of that in the last week).
>>>>>> So, there may be a second thing wrong?
>>>>> I was easily able to reproduce this locally and it shows the
>>>>> setup_source_config_for_package_install() step fails and hence the sources
>>>>> aren't setup correctly, hence the update probably works.
>>>> not correct, hence works. You lost me here, but I'll try to reproduce.
>>> I mean the command doesn't work correctly. In my local logs I see:
>>>
>>> DEBUG: Command: cd /etc/apt/; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/http:\/\/192.168.7.1:46599/g' sources.list
>>> Status: 1 Output: cp: can't stat 'sources.list': No such file or directory
>>> sed: sources.list: No such file or directory
>>>
>>>>
>>>>> go in and find/share them. The issue does locally reproduce for me with a
>>>>> "bitbake core-image-sato -c testimage" with package_deb set as the backend.
>>>> ..in conf. But without PACKAGE_CLASSES, PACKAGE_FEED_GPG_NAME,
>>>> PACKAGE_FEED_GPG_PASSPHRASE_FILE?
>>> Yes.
>>>
>>>>>> Yes, regardless the above, we need to either make signing always enabled
>>>>>> in
>>>>>> all test cases or detect whether signing is used.
>>>>>> Do you have a hint if there is a variable to test in class AptRepoTest if
>>>>>> PACKAGE_FEED_GPG_NAME has been set?
>>>>>> Otherwise I could just duplicate code and create
>>>>>> apt.AptRepoTest.test_apt_install_from_repo_signed.
>>>>>> What would you prefer?
>>>>>>
>>>>> We should be able to test self.tc.td.get('PACKAGE_FEED_GPG_NAME') in the
>>>>> test
>>>>> and handle accordingly?
I'll try this for autodetecting the test case.
>>>>>
>>>>> I did merge the base changes into the release since I thought it was fair to
>>>>> get
>>>>> the fixes in before it was built. We just need to get the test sorted now, I
>>>>> think it is close.
>>>> Thanks for merging.
>>>> I'll fix the test, that's only fair.
>>>> One thing, the test "test_testimage_apt" is new. It needs to be scheduled
>>>> somewhere (where "test_testimage_dnf" is called i guess), I didn't add that.
>>>> Is that correct?
>>>>
>>> No, the autobuilder runs all the tests in oe-selftest so it should be covered
>>> (and is why we saw the failures on the autobuilder).
>> I was running 'oe-selftest -K -r
>> runtime_test.TestImage.test_testimage_apt' whereas buildbot seems to be
>> running 'apt.AptRepoTest.test_apt_install_from_repo' directly.
> We have several types of test. There are two types in play here,
>
> "oe-selftest -K -r runtime_test.TestImage.test_testimage_apt"
>
> and
>
> "bitbake core-image-sato -c testimage"
Thanks for the explanation. Yesterday evening I built Sato and was able
to reproduce the issue.
(that was a big build with half of build time spent on building Rust).
core-image-sato does not have a /etc/apt/sources.list, the selftest public key is not on the image and gpg is not installed. This explains the errors in the log.
> The latter testimage tests are often run every time we create images and running
> testimage will trigger 'apt.AptRepoTest.test_apt_install_from_repo' if the image
> has apt present and is built using debian package management.
>
> We also run oe-selftest which triggers a testimage of it's own for a specfic
> test case.
Got it.
> So we'd expect the normal testimage calls to not have the package signing
> enabled and then we'd have the oe-selftest which specifically tests signing.
>
>> However, test_testimage_apt is where keys are setup (keys found in
>> meta-selftest). So, where/when is test_testimage_apt called (or
>> test_testimage_dnf for that matter)?
> Those are called by the oe-selftest call on the autobuilder. We run the oe-
> selftest with a mask on the autobuilder so pretty much all of them run.
After looking at more detail at autobuilder schedules I get it.
> Cheers,
>
> Richard
>
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [OE-core] [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-04 13:58 ` Richard Purdie
2022-04-04 17:35 ` Ferry Toth
@ 2022-04-06 10:10 ` Alexandre Belloni
2022-04-06 15:16 ` Ferry Toth
1 sibling, 1 reply; 23+ messages in thread
From: Alexandre Belloni @ 2022-04-06 10:10 UTC (permalink / raw)
To: Richard Purdie
Cc: Ferry Toth, openembedded-core, Xavier Berger, Alexander Kanavin,
Ferry Toth
Hello,
On 04/04/2022 14:58:07+0100, Richard Purdie wrote:
> On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
> > From: Ferry Toth <ftoth@exalondelft.nl>
> >
> > Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
> > Currently when building images this requirement is worked around by using [allow-insecure=yes] and
> > equivalently when performing selftest.
> >
> > Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign DEB package feeds"
> > enable signed DEB package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
> > test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
> > management. To be able to install the key the gnupg package is added to the testimage.
> >
> > Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
> > ---
> > meta/lib/oeqa/runtime/cases/apt.py | 16 ++++++---
> > meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++++++++++++++++++++
> > 2 files changed, 49 insertions(+), 5 deletions(-)
> >
> > diff --git a/meta/lib/oeqa/runtime/cases/apt.py b/meta/lib/oeqa/runtime/cases/apt.py
> > index 53745df93f..49f8714730 100644
> > --- a/meta/lib/oeqa/runtime/cases/apt.py
> > +++ b/meta/lib/oeqa/runtime/cases/apt.py
> > @@ -21,7 +21,7 @@ class AptRepoTest(AptTest):
> >
> > @classmethod
> > def setUpClass(cls):
> > - service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all')
> > + service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], '')
> > cls.repo_server = HTTPService(service_repo,
> > '0.0.0.0', port=cls.tc.target.server_port,
> > logger=cls.tc.logger)
> > @@ -32,13 +32,18 @@ class AptRepoTest(AptTest):
> > cls.repo_server.stop()
> >
> > def setup_source_config_for_package_install(self):
> > - apt_get_source_server = 'http://%s:%s/' % (self.tc.target.server_ip, self.repo_server.port)
> > + apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
> > apt_get_sourceslist_dir = '/etc/apt/'
> > - self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
> > + self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
> >
> > def cleanup_source_config_for_package_install(self):
> > apt_get_sourceslist_dir = '/etc/apt/'
> > - self.target.run('cd %s; rm sources.list' % (apt_get_sourceslist_dir))
> > + self.target.run('cd %s; mv sources.list.bak sources.list' % (apt_get_sourceslist_dir))
> > +
> > + def setup_key(self):
> > + # the key is found on the target /etc/pki/packagefeed-gpg/
> > + # named PACKAGEFEED-GPG-KEY-poky-branch
> > + self.target.run('cd %s; apt-key add P*' % ('/etc/pki/packagefeed-gpg'))
> >
> > @skipIfNotFeature('package-management',
> > 'Test requires package-management to be in IMAGE_FEATURES')
> > @@ -47,7 +52,8 @@ class AptRepoTest(AptTest):
> > @OEHasPackage(['apt'])
> > def test_apt_install_from_repo(self):
> > self.setup_source_config_for_package_install()
> > + self.setup_key()
> > self.pkg('update')
> > self.pkg('remove --yes run-postinsts-dev')
> > - self.pkg('install --yes --allow-unauthenticated run-postinsts-dev')
> > + self.pkg('install --yes run-postinsts-dev')
> > self.cleanup_source_config_for_package_install()
> > diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
> > index 642f0eb637..7a75b95a99 100644
> > --- a/meta/lib/oeqa/selftest/cases/runtime_test.py
> > +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
> > @@ -162,6 +162,44 @@ class TestImage(OESelftestTestCase):
> > bitbake('core-image-full-cmdline socat')
> > bitbake('-c testimage core-image-full-cmdline')
> >
> > + def test_testimage_apt(self):
> > + """
> > + Summary: Check package feeds functionality for apt
> > + Expected: 1. Check that remote package feeds can be accessed
> > + Product: oe-core
> > + Author: Ferry Toth <fntoth@gmail.com>
> > + """
> > + if get_bb_var('DISTRO') == 'poky-tiny':
> > + self.skipTest('core-image-full-cmdline not buildable for poky-tiny')
> > +
> > + features = 'INHERIT += "testimage"\n'
> > + features += 'TEST_SUITES = "ping ssh apt.AptRepoTest.test_apt_install_from_repo"\n'
> > + # We don't yet know what the server ip and port will be - they will be patched
> > + # in at the start of the on-image test
> > + features += 'PACKAGE_FEED_URIS = "http://bogus_ip:bogus_port"\n'
> > + features += 'EXTRA_IMAGE_FEATURES += "package-management"\n'
> > + features += 'PACKAGE_CLASSES = "package_deb"\n'
> > + # We need gnupg on the target to install keys
> > + features += 'IMAGE_INSTALL:append:pn-core-image-full-cmdline = " gnupg"\n'
> > +
> > + bitbake('gnupg-native -c addto_recipe_sysroot')
> > +
> > + # Enable package feed signing
> > + self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
> > + self.track_for_cleanup(self.gpg_home)
> > + signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
> > + runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
> > + features += 'INHERIT += "sign_package_feed"\n'
> > + features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
> > + features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
> > + features += 'GPG_PATH = "%s"\n' % self.gpg_home
> > + features += 'PSEUDO_IGNORE_PATHS .= ",%s"\n' % self.gpg_home
> > + self.write_config(features)
> > +
> > + # Build core-image-sato and testimage
> > + bitbake('core-image-full-cmdline socat')
> > + bitbake('-c testimage core-image-full-cmdline')
> > +
> > def test_testimage_virgl_gtk_sdl(self):
> > """
> > Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk and SDL frontends
>
> Thanks for working on this!
>
> Looking at the patches I wondered if this would break testimage and
> unfortunately it does:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/5013/steps/12/logs/stdio
> https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4975
>
> however hopefully these shouldn't be too hard to fix?
>
> The rest of the build is still running.
I missed it at the time but I believe this is also the cause of:
https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/3352/steps/15/logs/stdio
ERROR: package-index-1.0-r0 do_package_index: GPG exited with code 2: gpg: can't connect to the agent: IPC connect call failed
gpg: skipped "testuser": No secret key
gpg: signing failed: No secret key
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [OE-core] [PATCH v2 3/3] apt: add apt selftest to test signed package feeds
2022-04-06 10:10 ` [OE-core] " Alexandre Belloni
@ 2022-04-06 15:16 ` Ferry Toth
0 siblings, 0 replies; 23+ messages in thread
From: Ferry Toth @ 2022-04-06 15:16 UTC (permalink / raw)
To: Alexandre Belloni, Richard Purdie
Cc: openembedded-core, Xavier Berger, Alexander Kanavin
[-- Attachment #1: Type: text/plain, Size: 7885 bytes --]
Hi
Op 06-04-2022 om 12:10 schreef Alexandre Belloni:
> Hello,
>
> On 04/04/2022 14:58:07+0100, Richard Purdie wrote:
>> On Sun, 2022-04-03 at 21:50 +0200, Ferry Toth wrote:
>>> From: Ferry Toth<ftoth@exalondelft.nl>
>>>
>>> Since Gatesgarth apt (1.8.2) has become more strict and doesn’t allow unsigned repositories by default.
>>> Currently when building images this requirement is worked around by using [allow-insecure=yes] and
>>> equivalently when performing selftest.
>>>
>>> Patches "gpg-sign: Add parameters to gpg signature function" and "package_manager: sign DEB package feeds"
>>> enable signed DEB package feeds. This patch adds a runtime test for apt derived from the test_testimage_dnf
>>> test. It creates a signed deb package feed, runs a qemu image to install the key and performs some package
>>> management. To be able to install the key the gnupg package is added to the testimage.
>>>
>>> Signed-off-by: Ferry Toth<ftoth@exalondelft.nl>
>>> ---
>>> meta/lib/oeqa/runtime/cases/apt.py | 16 ++++++---
>>> meta/lib/oeqa/selftest/cases/runtime_test.py | 38 ++++++++++++++++++++
>>> 2 files changed, 49 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/meta/lib/oeqa/runtime/cases/apt.py b/meta/lib/oeqa/runtime/cases/apt.py
>>> index 53745df93f..49f8714730 100644
>>> --- a/meta/lib/oeqa/runtime/cases/apt.py
>>> +++ b/meta/lib/oeqa/runtime/cases/apt.py
>>> @@ -21,7 +21,7 @@ class AptRepoTest(AptTest):
>>>
>>> @classmethod
>>> def setUpClass(cls):
>>> - service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], 'all')
>>> + service_repo = os.path.join(cls.tc.td['DEPLOY_DIR_DEB'], '')
>>> cls.repo_server = HTTPService(service_repo,
>>> '0.0.0.0', port=cls.tc.target.server_port,
>>> logger=cls.tc.logger)
>>> @@ -32,13 +32,18 @@ class AptRepoTest(AptTest):
>>> cls.repo_server.stop()
>>>
>>> def setup_source_config_for_package_install(self):
>>> - apt_get_source_server = 'http://%s:%s/' % (self.tc.target.server_ip, self.repo_server.port)
>>> + apt_get_source_server = 'http:\/\/%s:%s' % (self.tc.target.server_ip, self.repo_server.port)
>>> apt_get_sourceslist_dir = '/etc/apt/'
>>> - self.target.run('cd %s; echo deb [ allow-insecure=yes ] %s ./ > sources.list' % (apt_get_sourceslist_dir, apt_get_source_server))
>>> + self.target.run("cd %s; cp sources.list sources.list.bak; sed -i 's/\[trusted=yes\] http:\/\/bogus_ip:bogus_port/%s/g' sources.list" % (apt_get_sourceslist_dir, apt_get_source_server))
>>>
>>> def cleanup_source_config_for_package_install(self):
>>> apt_get_sourceslist_dir = '/etc/apt/'
>>> - self.target.run('cd %s; rm sources.list' % (apt_get_sourceslist_dir))
>>> + self.target.run('cd %s; mv sources.list.bak sources.list' % (apt_get_sourceslist_dir))
>>> +
>>> + def setup_key(self):
>>> + # the key is found on the target /etc/pki/packagefeed-gpg/
>>> + # named PACKAGEFEED-GPG-KEY-poky-branch
>>> + self.target.run('cd %s; apt-key add P*' % ('/etc/pki/packagefeed-gpg'))
>>>
>>> @skipIfNotFeature('package-management',
>>> 'Test requires package-management to be in IMAGE_FEATURES')
>>> @@ -47,7 +52,8 @@ class AptRepoTest(AptTest):
>>> @OEHasPackage(['apt'])
>>> def test_apt_install_from_repo(self):
>>> self.setup_source_config_for_package_install()
>>> + self.setup_key()
>>> self.pkg('update')
>>> self.pkg('remove --yes run-postinsts-dev')
>>> - self.pkg('install --yes --allow-unauthenticated run-postinsts-dev')
>>> + self.pkg('install --yes run-postinsts-dev')
>>> self.cleanup_source_config_for_package_install()
>>> diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
>>> index 642f0eb637..7a75b95a99 100644
>>> --- a/meta/lib/oeqa/selftest/cases/runtime_test.py
>>> +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
>>> @@ -162,6 +162,44 @@ class TestImage(OESelftestTestCase):
>>> bitbake('core-image-full-cmdline socat')
>>> bitbake('-c testimage core-image-full-cmdline')
>>>
>>> + def test_testimage_apt(self):
>>> + """
>>> + Summary: Check package feeds functionality for apt
>>> + Expected: 1. Check that remote package feeds can be accessed
>>> + Product: oe-core
>>> + Author: Ferry Toth<fntoth@gmail.com>
>>> + """
>>> + if get_bb_var('DISTRO') == 'poky-tiny':
>>> + self.skipTest('core-image-full-cmdline not buildable for poky-tiny')
>>> +
>>> + features = 'INHERIT += "testimage"\n'
>>> + features += 'TEST_SUITES = "ping ssh apt.AptRepoTest.test_apt_install_from_repo"\n'
>>> + # We don't yet know what the server ip and port will be - they will be patched
>>> + # in at the start of the on-image test
>>> + features += 'PACKAGE_FEED_URIS = "http://bogus_ip:bogus_port"\n'
>>> + features += 'EXTRA_IMAGE_FEATURES += "package-management"\n'
>>> + features += 'PACKAGE_CLASSES = "package_deb"\n'
>>> + # We need gnupg on the target to install keys
>>> + features += 'IMAGE_INSTALL:append:pn-core-image-full-cmdline = " gnupg"\n'
>>> +
>>> + bitbake('gnupg-native -c addto_recipe_sysroot')
>>> +
>>> + # Enable package feed signing
>>> + self.gpg_home = tempfile.mkdtemp(prefix="oeqa-feed-sign-")
>>> + self.track_for_cleanup(self.gpg_home)
>>> + signing_key_dir = os.path.join(self.testlayer_path, 'files', 'signing')
>>> + runCmd('gpgconf --list-dirs --homedir %s; gpg -v --batch --homedir %s --import %s' % (self.gpg_home, self.gpg_home, os.path.join(signing_key_dir, 'key.secret')), native_sysroot=get_bb_var("RECIPE_SYSROOT_NATIVE", "gnupg-native"), shell=True)
>>> + features += 'INHERIT += "sign_package_feed"\n'
>>> + features += 'PACKAGE_FEED_GPG_NAME = "testuser"\n'
>>> + features += 'PACKAGE_FEED_GPG_PASSPHRASE_FILE = "%s"\n' % os.path.join(signing_key_dir, 'key.passphrase')
>>> + features += 'GPG_PATH = "%s"\n' % self.gpg_home
>>> + features += 'PSEUDO_IGNORE_PATHS .= ",%s"\n' % self.gpg_home
>>> + self.write_config(features)
>>> +
>>> + # Build core-image-sato and testimage
>>> + bitbake('core-image-full-cmdline socat')
>>> + bitbake('-c testimage core-image-full-cmdline')
>>> +
>>> def test_testimage_virgl_gtk_sdl(self):
>>> """
>>> Summary: Check host-assisted accelerate OpenGL functionality in qemu with gtk and SDL frontends
>> Thanks for working on this!
>>
>> Looking at the patches I wondered if this would break testimage and
>> unfortunately it does:
>>
>> https://autobuilder.yoctoproject.org/typhoon/#/builders/50/builds/5013/steps/12/logs/stdio
>> https://autobuilder.yoctoproject.org/typhoon/#/builders/76/builds/4975
>>
>> however hopefully these shouldn't be too hard to fix?
>>
>> The rest of the build is still running.
> I missed it at the time but I believe this is also the cause of:
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/3352/steps/15/logs/stdio
>
> ERROR: package-index-1.0-r0 do_package_index: GPG exited with code 2: gpg: can't connect to the agent: IPC connect call failed
> gpg: skipped "testuser": No secret key
> gpg: signing failed: No secret key
This seems related but not exact the same.
It seems do_package_index wants to generate a signed deb repo but no key
is provided. But IIUC you have PACKAGE_CLASSES = "package_rpm", so why
is runtime_test.TestImage.test_testimage_apt run?
[-- Attachment #2: Type: text/html, Size: 8783 bytes --]
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH 1/3] ethdev: support metadata as flow rule criteria
@ 2018-09-16 13:33 Dekel Peled
2018-09-16 14:37 ` [PATCH v2 0/3] *** SUBJECT HERE *** Dekel Peled
0 siblings, 1 reply; 23+ messages in thread
From: Dekel Peled @ 2018-09-16 13:33 UTC (permalink / raw)
To: wenzhuo.lu, jingjing.wu, bernard.iremonger, dev, olivier.matz,
adrien.mazarguil, thomas, ferruh.yigit, arybchenko
Cc: shahafs, orika
As described in [1], a new rte_flow item is added to support metadata
to use as flow rule match pattern.
The metadata is an opaque item, fully controlled by the application.
The use of metadata is relevant for egress rules only.
It can be set in the flow rule using the RTE_FLOW_ITEM_META.
In order to avoid change in mbuf API, exisitng field buf.hash.fdir.hi
is used to carry the metadata item. This field is used only in
ingress packets, so using it for egress metadata will not cause
conflicts.
Application should set the packet metadata in the mbuf dedicated field,
and set the PKT_TX_METADATA flag in the mbuf->ol_flags.
The NIC will use the packet metadata as match criteria for relevant
flow rules.
This patch introduces metadata item type for rte_flow RTE_FLOW_ITEM_META,
along with corresponding struct rte_flow_item_meta and ol_flag
PKT_TX_METADATA.
[1] "[RFC,v2] ethdev: support metadata as flow rule criteria"
Signeoff-by: Dekel Peled <dekelp@mellanox.com>
---
doc/guides/prog_guide/rte_flow.rst | 21 +++++++++++++++++++++
lib/librte_ethdev/rte_ethdev.c | 1 +
lib/librte_ethdev/rte_ethdev.h | 5 +++++
lib/librte_ethdev/rte_flow.c | 1 +
lib/librte_ethdev/rte_flow.h | 25 +++++++++++++++++++++++++
lib/librte_mbuf/rte_mbuf.c | 2 ++
lib/librte_mbuf/rte_mbuf.h | 16 ++++++++++++++--
7 files changed, 69 insertions(+), 2 deletions(-)
diff --git a/doc/guides/prog_guide/rte_flow.rst b/doc/guides/prog_guide/rte_flow.rst
index b305a72..560e45a 100644
--- a/doc/guides/prog_guide/rte_flow.rst
+++ b/doc/guides/prog_guide/rte_flow.rst
@@ -1191,6 +1191,27 @@ Normally preceded by any of:
- `Item: ICMP6_ND_NS`_
- `Item: ICMP6_ND_OPT`_
+Item: ``META``
+^^^^^^^^^^^^^^
+
+Matches an application specific 32 bit metadata item.
+
+- Default ``mask`` matches any 32 bit value.
+
+.. _table_rte_flow_item_meta:
+
+.. table:: META
+
+ +----------+----------+---------------------------+
+ | Field | Subfield | Value |
+ +==========+==========+===========================+
+ | ``spec`` | ``data`` | 32 bit metadata value |
+ +----------+--------------------------------------+
+ | ``last`` | ``data`` | upper range value |
+ +----------+----------+---------------------------+
+ | ``mask`` | ``data`` | zeroed to match any value |
+ +----------+----------+---------------------------+
+
Actions
~~~~~~~
diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
index f790d42..1ae7694 100644
--- a/lib/librte_ethdev/rte_ethdev.c
+++ b/lib/librte_ethdev/rte_ethdev.c
@@ -158,6 +158,7 @@ struct rte_eth_xstats_name_off {
RTE_TX_OFFLOAD_BIT2STR(SECURITY),
RTE_TX_OFFLOAD_BIT2STR(UDP_TNL_TSO),
RTE_TX_OFFLOAD_BIT2STR(IP_TNL_TSO),
+ RTE_TX_OFFLOAD_BIT2STR(MATCH_METADATA),
};
#undef RTE_TX_OFFLOAD_BIT2STR
diff --git a/lib/librte_ethdev/rte_ethdev.h b/lib/librte_ethdev/rte_ethdev.h
index 7070e9a..a0da16c 100644
--- a/lib/librte_ethdev/rte_ethdev.h
+++ b/lib/librte_ethdev/rte_ethdev.h
@@ -953,6 +953,11 @@ struct rte_eth_conf {
* for tunnel TSO.
*/
#define DEV_TX_OFFLOAD_IP_TNL_TSO 0x00080000
+/**
+ * Device supports match on metadata Tx offload..
+ * Application must set PKT_TX_METADATA and mbuf metadata field.
+ */
+#define DEV_TX_OFFLOAD_MATCH_METADATA 0x00100000
#define RTE_ETH_DEV_CAPA_RUNTIME_RX_QUEUE_SETUP 0x00000001
/**< Device supports Rx queue setup after device started*/
diff --git a/lib/librte_ethdev/rte_flow.c b/lib/librte_ethdev/rte_flow.c
index cff4b52..54e5ef8 100644
--- a/lib/librte_ethdev/rte_flow.c
+++ b/lib/librte_ethdev/rte_flow.c
@@ -66,6 +66,7 @@ struct rte_flow_desc_data {
sizeof(struct rte_flow_item_icmp6_nd_opt_sla_eth)),
MK_FLOW_ITEM(ICMP6_ND_OPT_TLA_ETH,
sizeof(struct rte_flow_item_icmp6_nd_opt_tla_eth)),
+ MK_FLOW_ITEM(META, sizeof(struct rte_flow_item_meta)),
};
/** Generate flow_action[] entry. */
diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h
index f8ba71c..d3264be 100644
--- a/lib/librte_ethdev/rte_flow.h
+++ b/lib/librte_ethdev/rte_flow.h
@@ -413,6 +413,15 @@ enum rte_flow_item_type {
* See struct rte_flow_item_mark.
*/
RTE_FLOW_ITEM_TYPE_MARK,
+
+ /**
+ * [META]
+ *
+ * Matches a metadata value specified in mbuf metadata field.
+ *
+ * See struct rte_flow_item_meta.
+ */
+ RTE_FLOW_ITEM_TYPE_META,
};
/**
@@ -1156,6 +1165,22 @@ struct rte_flow_item_icmp6_nd_opt_tla_eth {
#endif
/**
+ * RTE_FLOW_ITEM_TYPE_META.
+ *
+ * Matches a specified metadata value.
+ */
+struct rte_flow_item_meta {
+ uint32_t data;
+};
+
+/** Default mask for RTE_FLOW_ITEM_TYPE_META. */
+#ifndef __cplusplus
+static const struct rte_flow_item_meta rte_flow_item_meta_mask = {
+ .data = RTE_BE32(UINT32_MAX),
+};
+#endif
+
+/**
* @warning
* @b EXPERIMENTAL: this structure may change without prior notice
*
diff --git a/lib/librte_mbuf/rte_mbuf.c b/lib/librte_mbuf/rte_mbuf.c
index e714c5a..4b25ae8 100644
--- a/lib/librte_mbuf/rte_mbuf.c
+++ b/lib/librte_mbuf/rte_mbuf.c
@@ -395,6 +395,7 @@ const char *rte_get_tx_ol_flag_name(uint64_t mask)
case PKT_TX_TUNNEL_UDP: return "PKT_TX_TUNNEL_UDP";
case PKT_TX_MACSEC: return "PKT_TX_MACSEC";
case PKT_TX_SEC_OFFLOAD: return "PKT_TX_SEC_OFFLOAD";
+ case PKT_TX_METADATA: return "PKT_TX_METADATA";
default: return NULL;
}
}
@@ -435,6 +436,7 @@ const char *rte_get_tx_ol_flag_name(uint64_t mask)
"PKT_TX_TUNNEL_NONE" },
{ PKT_TX_MACSEC, PKT_TX_MACSEC, NULL },
{ PKT_TX_SEC_OFFLOAD, PKT_TX_SEC_OFFLOAD, NULL },
+ { PKT_TX_METADATA, PKT_TX_METADATA, NULL },
};
const char *name;
unsigned int i;
diff --git a/lib/librte_mbuf/rte_mbuf.h b/lib/librte_mbuf/rte_mbuf.h
index 9ce5d76..ea75ad0 100644
--- a/lib/librte_mbuf/rte_mbuf.h
+++ b/lib/librte_mbuf/rte_mbuf.h
@@ -182,6 +182,11 @@
/* add new TX flags here */
/**
+ * Indicate that the metadata field in the mbuf is in use.
+ */
+#define PKT_TX_METADATA (1ULL << 41)
+
+/**
* UDP Fragmentation Offload flag. This flag is used for enabling UDP
* fragmentation in SW or in HW. When use UFO, mbuf->tso_segsz is used
* to store the MSS of UDP fragments.
@@ -342,8 +347,9 @@
PKT_TX_QINQ_PKT | \
PKT_TX_VLAN_PKT | \
PKT_TX_TUNNEL_MASK | \
- PKT_TX_MACSEC | \
- PKT_TX_SEC_OFFLOAD)
+ PKT_TX_MACSEC | \
+ PKT_TX_SEC_OFFLOAD | \
+ PKT_TX_METADATA)
/**
* Mbuf having an external buffer attached. shinfo in mbuf must be filled.
@@ -526,6 +532,12 @@ struct rte_mbuf {
uint32_t hi;
/**< First 4 flexible bytes or FD ID, dependent on
PKT_RX_FDIR_* flag in ol_flags. */
+ /**
+ * Above member has optional use on egress:
+ * Application specific metadata value
+ * for flow rule match.
+ * Valid if PKT_TX_METADATA is set.
+ */
} fdir; /**< Filter identifier if FDIR enabled */
struct {
uint32_t lo;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 23+ messages in thread
* [PATCH v2 0/3] *** SUBJECT HERE ***
2018-09-16 13:33 [PATCH 1/3] ethdev: support metadata as flow rule criteria Dekel Peled
@ 2018-09-16 14:37 ` Dekel Peled
0 siblings, 0 replies; 23+ messages in thread
From: Dekel Peled @ 2018-09-16 14:37 UTC (permalink / raw)
To: wenzhuo.lu, jingjing.wu, bernard.iremonger, dev, olivier.matz,
adrien.mazarguil, thomas, ferruh.yigit, arybchenko
Cc: shahafs, orika
This series implements the match-metadata feature described in [1].
[1] "[RFC,v2] ethdev: support metadata as flow rule criteria"
V2:
* Fix some checkpatch coding style issues (wrongly sent).
Dekel Peled (3):
ethdev: support metadata as flow rule criteria
app/testpmd: support metadata as flow rule criteria
app/testpmd: add debug command Tx metadata set
app/test-pmd/cmdline.c | 60 ++++++++++++++++++++++++++---
app/test-pmd/cmdline_flow.c | 25 ++++++++++++
app/test-pmd/config.c | 7 ++++
app/test-pmd/testpmd.c | 5 +++
app/test-pmd/testpmd.h | 4 ++
app/test-pmd/txonly.c | 9 +++++
doc/guides/prog_guide/rte_flow.rst | 21 ++++++++++
doc/guides/testpmd_app_ug/testpmd_funcs.rst | 12 ++++--
lib/librte_ethdev/rte_ethdev.c | 1 +
lib/librte_ethdev/rte_ethdev.h | 5 +++
lib/librte_ethdev/rte_flow.c | 1 +
lib/librte_ethdev/rte_flow.h | 24 ++++++++++++
lib/librte_mbuf/rte_mbuf.c | 2 +
lib/librte_mbuf/rte_mbuf.h | 16 +++++++-
14 files changed, 181 insertions(+), 11 deletions(-)
--
1.8.3.1
^ permalink raw reply [flat|nested] 23+ messages in thread
[parent not found: <1299614690-15100-1-git-send-email-dacohen@gmail.com>]
* Re: [PATCH v2 0/3] *** SUBJECT HERE ***
[not found] <1299614690-15100-1-git-send-email-dacohen@gmail.com>
@ 2011-03-08 20:09 ` David Cohen
0 siblings, 0 replies; 23+ messages in thread
From: David Cohen @ 2011-03-08 20:09 UTC (permalink / raw)
To: Hiroshi.DOYU
Cc: linux-omap, fernando.lugo, linux-media, laurent.pinchart,
sakari.ailus, David Cohen
On Tue, Mar 8, 2011 at 10:04 PM, David Cohen <dacohen@gmail.com> wrote:
> *** BLURB HERE ***
Sorry for this garbage :/
Br,
David
>
> David Cohen (2):
> omap3: change ISP's IOMMU da_start address
> omap: iovmm: don't check 'da' to set IOVMF_DA_FIXED flag
>
> Michael Jones (1):
> omap: iovmm: disallow mapping NULL address
>
> arch/arm/mach-omap2/omap-iommu.c | 2 +-
> arch/arm/plat-omap/include/plat/iovmm.h | 2 --
> arch/arm/plat-omap/iovmm.c | 30 +++++++++++++++---------------
> 3 files changed, 16 insertions(+), 18 deletions(-)
>
>
^ permalink raw reply [flat|nested] 23+ messages in thread
* Re: [PATCH v2 0/3] *** SUBJECT HERE ***
@ 2011-03-08 20:09 ` David Cohen
0 siblings, 0 replies; 23+ messages in thread
From: David Cohen @ 2011-03-08 20:09 UTC (permalink / raw)
To: Hiroshi.DOYU
Cc: linux-omap, fernando.lugo, linux-media, laurent.pinchart,
sakari.ailus, David Cohen
On Tue, Mar 8, 2011 at 10:04 PM, David Cohen <dacohen@gmail.com> wrote:
> *** BLURB HERE ***
Sorry for this garbage :/
Br,
David
>
> David Cohen (2):
> omap3: change ISP's IOMMU da_start address
> omap: iovmm: don't check 'da' to set IOVMF_DA_FIXED flag
>
> Michael Jones (1):
> omap: iovmm: disallow mapping NULL address
>
> arch/arm/mach-omap2/omap-iommu.c | 2 +-
> arch/arm/plat-omap/include/plat/iovmm.h | 2 --
> arch/arm/plat-omap/iovmm.c | 30 +++++++++++++++---------------
> 3 files changed, 16 insertions(+), 18 deletions(-)
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-omap" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH v2 0/3] *** SUBJECT HERE ***
@ 2010-09-21 12:17 Mike Rapoport
0 siblings, 0 replies; 23+ messages in thread
From: Mike Rapoport @ 2010-09-21 12:17 UTC (permalink / raw)
To: linux-arm-kernel
These patches enable PCI Express support on Tegra2.
The implementation is based on original NVidia code from (1), but it
is heavily reworked to avoid custom PCI enumeration and make the code
more Linux friendly.
This implementation assumes that the PCIe subsystem is fully powered
and ungated by the bootloader.
[1] git://nv-tegra.nvidia.com/linux-2.6.git
v2 changes:
* Update PCIe clocks implementation as per Colin and Gary suggestions
* Update I/O space access as suggested by Arnd and Russell.
* Remove debug leftovers and unify error reporting
The following changes since commit b30a3f6257ed2105259b404d419b4964e363928c:
Linus Torvalds (1):
Linux 2.6.36-rc5
Mike Rapoport (3):
[ARM] tegra: add PCI Express clocks
[ARM] tegra: add PCI Express support
[ARM] tegra: harmony: enable PCI Express
arch/arm/mach-tegra/Kconfig | 4 +
arch/arm/mach-tegra/Makefile | 2 +
arch/arm/mach-tegra/board-harmony-pcie.c | 52 ++
arch/arm/mach-tegra/board.h | 1 +
arch/arm/mach-tegra/include/mach/hardware.h | 4 +
arch/arm/mach-tegra/include/mach/io.h | 12 +-
arch/arm/mach-tegra/pcie.c | 915 +++++++++++++++++++++++++++
arch/arm/mach-tegra/tegra2_clocks.c | 46 ++
8 files changed, 1035 insertions(+), 1 deletions(-)
create mode 100644 arch/arm/mach-tegra/board-harmony-pcie.c
create mode 100644 arch/arm/mach-tegra/pcie.c
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH v2 0/3] *** SUBJECT HERE ***
@ 2010-08-03 10:36 Jon Seymour
0 siblings, 0 replies; 23+ messages in thread
From: Jon Seymour @ 2010-08-03 10:36 UTC (permalink / raw)
To: git; +Cc: gitster, ams, jon.seymour
This series fixes git stash branch so that it is more tolerant of
stash-like commits created with git stash create.
It particular, it doesn't require there to be a stash stack if a
stash-like argument is specified and it doesn't attempt to drop
non-stash references after applying the stash.
This series replaces my previous patch that just included a test
that demonstrated the existance of the issue.
stash: It looks like a stash, but doesn't quack like a stash...
stash: Allow git stash branch to process commits that look like
stashes but are not stash references.
stash: modify tests to reflect stash branch fixes.
git-stash.sh | 10 ++++++++--
t/t3903-stash.sh | 28 ++++++++++++++++++++++++++++
2 files changed, 36 insertions(+), 2 deletions(-)
--
1.7.2.1.111.g8fc90
^ permalink raw reply [flat|nested] 23+ messages in thread
* [PATCH v2 0/3] *** SUBJECT HERE ***
@ 2010-04-09 15:34 Brian Gernhardt
0 siblings, 0 replies; 23+ messages in thread
From: Brian Gernhardt @ 2010-04-09 15:34 UTC (permalink / raw)
To: Git List; +Cc: Jakub Narebski
Changes from v1:
- Moves valid FQDN conditions from line-ending conditions to a new
function
- Adds sendemail.smtpdomain to the list in config.txt
Patch 2/3 is unchanged.
Brian Gernhardt (3):
send-email: Don't use FQDNs without a '.'
Document send-email --smtp-domain
send-email: Add sendemail.smtpdomain
Documentation/config.txt | 1 +
Documentation/git-send-email.txt | 7 +++++++
git-send-email.perl | 32 ++++++++++++++++++--------------
3 files changed, 26 insertions(+), 14 deletions(-)
^ permalink raw reply [flat|nested] 23+ messages in thread
end of thread, other threads:[~2022-04-07 15:41 UTC | newest]
Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-03 19:50 package_manager: support for signed DEB package feeds Ferry Toth
2022-04-03 19:50 ` [PATCH v2 0/3] *** SUBJECT HERE *** Ferry Toth
2022-04-03 19:50 ` [PATCH v2 1/3] gpg-sign: Add parameters to gpg signature function Ferry Toth
2022-04-03 19:50 ` [PATCH v2 2/3] package_manager: sign DEB package feeds Ferry Toth
2022-04-03 19:50 ` [PATCH v2 3/3] apt: add apt selftest to test signed " Ferry Toth
2022-04-04 13:58 ` Richard Purdie
2022-04-04 17:35 ` Ferry Toth
2022-04-04 20:39 ` Richard Purdie
2022-04-05 15:23 ` Ferry Toth
2022-04-06 11:40 ` Richard Purdie
2022-04-06 14:43 ` Ferry Toth
2022-04-06 15:23 ` Richard Purdie
2022-04-06 19:44 ` Ferry Toth
2022-04-06 21:05 ` Richard Purdie
2022-04-07 9:59 ` Ferry Toth
2022-04-06 10:10 ` [OE-core] " Alexandre Belloni
2022-04-06 15:16 ` Ferry Toth
-- strict thread matches above, loose matches on Subject: below --
2018-09-16 13:33 [PATCH 1/3] ethdev: support metadata as flow rule criteria Dekel Peled
2018-09-16 14:37 ` [PATCH v2 0/3] *** SUBJECT HERE *** Dekel Peled
[not found] <1299614690-15100-1-git-send-email-dacohen@gmail.com>
2011-03-08 20:09 ` David Cohen
2011-03-08 20:09 ` David Cohen
2010-09-21 12:17 Mike Rapoport
2010-08-03 10:36 Jon Seymour
2010-04-09 15:34 Brian Gernhardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.