On Thu, 2023-02-16 at 10:29 -0500, Mimi Zohar wrote: > On Thu, 2023-02-16 at 09:16 +0100, Roberto Sassu wrote: > > On Wed, 2023-02-15 at 18:19 -0500, Mimi Zohar wrote: > > > Hi Petr, > > > > > > On Wed, 2023-02-15 at 23:44 +0100, Petr Vorel wrote: > > > > Hi Mimi, > > > > > > > > > Tested: > > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 > > > > > > > > Thanks for merging this. > > > > > > I actually pushed out the patches to "next-testing" to make sure it > > > works. In doing so, I dropped a couple of Roberto's patches, which > > > aren't quite ready and one of mine as well. In general, I'm not sure > > > pushing patches out to "next-integrity" should be considered "merging" > > > quite yet. In this case, your patches are fine. (Perhaps there needs > > > to be a better work flow.) > > > > > > > My test was working: > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359 > > > > > > Yes, I saw. > > > > > > > But the same code now fails for Fedora. > > > > I wonder what exactly is wrong now: > > > > https://github.com/mimizohar/ima-evm-utils/actions/runs/4188686859/jobs/7260231106 > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4188761663/jobs/7260289846 > > > > > > The UML kernel built properly, but for some reason the fsverity and > > > portable_signature tests aren't finding it. > > > > It could be this (in the logs): > > > > There exist one or more cache(s) with similar key but they have > > different version or scope. > > > > I would try: > > > > enableCrossOsArchive: true > > > > after: > > > > uses: actions/cache@v3 > > with: > > path: > > key: > > > > for every step using the cache. > > > > Cache version is a hash generated for a combination of compression tool > > used (Gzip, Zstd, etc. based on the runner OS) and the path of > > directories being cached. > > > > Maybe there was some change from the time the kernel and signing key > > were cached. > > Adding "enableCrossOsArchive: true" didn't help, nor did clearing the > cache. FYI, with a clean cache, but without any changes, this seems to be working now. > > > > > > > > FAIL: fsverity > > > > ============== > > > > > > > > which: no fsverity in (../src:../fsverity-utils:/github/home/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin) > > > > dd is /usr/bin/dd > > > > mkfs is /usr/sbin/mkfs > > > > blkid is /usr/sbin/blkid > > > > e2fsck is /usr/sbin/e2fsck > > > > tune2fs is /usr/sbin/tune2fs > > > > evmctl is ../src/evmctl > > > > setfattr is /usr/bin/setfattr > > > > ./functions.sh: line 90: ../linux: No such file or directory > > > > ================================= > > > > Run with FAILEARLY=1 ./fsverity.test _cleanup_env cleanup > > > > To stop after first failure > > > > ================================= > > > > PASS: 0 SKIP: 0 FAIL: 1 > > > > > > > > FAIL fsverity.test (exit status: 1) > > > > > > > > FAIL: portable_signatures > > > > ========================= > > > > > > > > evmctl is /__w/ima-evm-utils/ima-evm-utils/tests/../src/evmctl > > > > ./functions.sh: line 90: ../linux: No such file or directory > > > > ./functions.sh: line 90: ../linux: No such file or directory > > > >
