Testing kernel functionality is more difficult than testing user space software, as it requires support from the testing platform to create a more specific environment (e.g. a virtual machine). User space software instead could be simply run in a container. Fortunately, a kernel architecture named UML (User Mode Linux) allows the kernel to be executed as a user space process, which would be suitable also for testing platforms such as Github Actions and Travis. This patch simply downloads (errors are ignored) the UML kernel binary and its signing key as artifacts from a URL in the format: $LINUX_URL/<ima-evm-utils branch>-test/<asset> The LINUX_URL environment variable must be set in the configuration of the testing platform (for Github Actions, the variable must be created in an environment named 'test'). LINUX_URL could be for example: https://github.com/robertosassu/linux/releases/download/ If Github Releases is used, a workflow should build the kernel, tagged as '<ima-evm-utils>-test', and publish the artifacts. The UML kernel binary should be named 'linux-<container name>[.<arch>]' and the signing key 'signing_key.pem-<container name>', where the '.<arch>' suffix appears only if the current arch is not x86_64 and separator characters in the container name are replaced with '.'. Finally, the patch also adds curl and ca-certificates as software dependencies when necesssary. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> --- .github/workflows/ci.yml | 16 ++++++++++++++++ .travis.yml | 12 ++++++++++++ ci/alpine.sh | 3 ++- ci/alt.sh | 1 + ci/debian.sh | 2 ++ ci/fedora.sh | 3 ++- ci/tumbleweed.sh | 3 ++- 7 files changed, 37 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 088c04188682..51f7dbe0aaa6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -101,6 +101,9 @@ jobs: image: ${{ matrix.container }} env: ${{ matrix.env }} + environment: + name: test + steps: - name: Show OS run: cat /etc/os-release @@ -125,6 +128,19 @@ jobs: fi fi + - name: Download UML kernel and signing key + run: | + asset_name_suffix=${{ matrix.container }} + asset_name_suffix="$(echo $asset_name_suffix | sed 's/[:\/]/./')" + if [ -n "$ARCH" ]; then + asset_name_suffix="$asset_name_suffix.$ARCH" + fi + curl -L ${{ secrets.LINUX_URL }}/${GITHUB_REF##*/}-test/linux-$asset_name_suffix -s -f --output linux || echo + curl -L ${{ secrets.LINUX_URL }}/${GITHUB_REF##*/}-test/signing_key.pem-$asset_name_suffix -s -f --output signing_key.pem || echo + if [ -f linux ]; then + chmod +x linux + fi + - name: Compiler version run: $CC --version diff --git a/.travis.yml b/.travis.yml index 7a7627323724..23c220e857b6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -87,11 +87,23 @@ before_install: sudo curl -L https://github.com/opencontainers/runc/releases/download/v1.0.0-rc93/runc.amd64 -o /usr/bin/runc sudo chmod +x /usr/bin/runc fi + - asset_name_suffix=$DISTRO + - asset_name_suffix="$(echo $asset_name_suffix | sed 's/[:\/]/./')" + - > + if [ -n "$ARCH" ]; then + asset_name_suffix="$asset_name_suffix.$ARCH" + fi - $CONTAINER info - DIR="/usr/src/ima-evm-utils" - printf "FROM $DISTRO\nRUN mkdir -p $DIR\nWORKDIR $DIR\nCOPY . $DIR\n" > Dockerfile - cat Dockerfile + - curl -L $LINUX_URL/$TRAVIS_BRANCH-test/linux-$asset_name_suffix -s -f --output linux || echo + - curl -L $LINUX_URL/$TRAVIS_BRANCH-test/signing_key.pem-$asset_name_suffix -s -f --output signing_key.pem || echo + - > + if [ -f "linux" ]; then + chmod +x linux + fi - $CONTAINER build $CONTAINER_ARGS -t ima-evm-utils . script: diff --git a/ci/alpine.sh b/ci/alpine.sh index 63d79546c0dd..588f450bdb5f 100755 --- a/ci/alpine.sh +++ b/ci/alpine.sh @@ -42,7 +42,8 @@ apk add \ sudo \ wget \ which \ - xxd + xxd \ + curl if [ ! "$TSS" ]; then apk add git diff --git a/ci/alt.sh b/ci/alt.sh index 884c9951ca98..6b2aa08bd228 100755 --- a/ci/alt.sh +++ b/ci/alt.sh @@ -21,4 +21,5 @@ apt-get install -y \ wget \ xsltproc \ xxd \ + curl \ && control openssl-gost enabled diff --git a/ci/debian.sh b/ci/debian.sh index ad7d2c026735..07ef28c3a2f0 100755 --- a/ci/debian.sh +++ b/ci/debian.sh @@ -49,6 +49,8 @@ $apt \ sudo \ wget \ xsltproc \ + curl \ + ca-certificates $apt xxd || $apt vim-common $apt libengine-gost-openssl1.1$ARCH || true diff --git a/ci/fedora.sh b/ci/fedora.sh index 2d80915ecd77..f07c678130ae 100755 --- a/ci/fedora.sh +++ b/ci/fedora.sh @@ -38,7 +38,8 @@ yum -y install \ sudo \ vim-common \ wget \ - which + which \ + curl yum -y install docbook5-style-xsl || true yum -y install swtpm || true diff --git a/ci/tumbleweed.sh b/ci/tumbleweed.sh index dfc478bed5dd..b6a42df7bfca 100755 --- a/ci/tumbleweed.sh +++ b/ci/tumbleweed.sh @@ -40,7 +40,8 @@ zypper --non-interactive install --force-resolution --no-recommends \ vim \ wget \ which \ - xsltproc + xsltproc \ + curl if [ -f /usr/lib/ibmtss/tpm_server -a ! -e /usr/local/bin/tpm_server ]; then ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin -- 2.25.1
