From babc77ff1c2a96ebf062c3d145aae079b62f3377 Mon Sep 17 00:00:00 2001 From: Lluis Campos Date: Wed, 21 Oct 2020 14:13:55 +0200 Subject: [PATCH] MEN-2208: Run test_update tests for meta-mender QEMU image This commit adds all necessary bits to be able to execute runtime tests for mender-convert'ed QEMU x86_64 image. Namely: * Install SSH key as an authorized one on the device using an overlay, and pass the private one to be use by the test framework. * Create a QEMU launcher wrapper, similar to the one in meta-mender, for the test framework to use in order to start/stop the virtual device. * Exclude the test_update tests for all configurations but Ubuntu QEMU one using a pytest filter 'not test_upate'. * Copy from meta-mender the keys required for test_signed_updates. * Install mender-artifact in CI to be used in tests. Changelog: None Signed-off-by: Lluis Campos --- .gitlab-ci.yml | 6 ++- scripts/test/mender-convert-qemu | 35 +++++++++++++ scripts/test/run-tests.sh | 30 ++++++++--- scripts/test/test-utils.sh | 24 +++++++++ tests/ssh-priv-key/key | 51 +++++++++++++++++++ .../root/.ssh/authorized_keys | 1 + 6 files changed, 140 insertions(+), 7 deletions(-) create mode 100755 scripts/test/mender-convert-qemu create mode 100644 tests/ssh-priv-key/key create mode 100644 tests/ssh-public-key-overlay/root/.ssh/authorized_keys diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5239995..f5bd5f1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -102,7 +102,7 @@ convert_raspbian_raspberrypi4: - apt update - apt install -qyy bash wget git util-linux mtools python3 python3-pip gcc python3-dev libffi-dev liblzo2-dev libc-dev libssl-dev make sudo - awscli unzip + awscli unzip qemu-system-x86 ovmf # Python3 dependencies - pip3 install -r https://raw.githubusercontent.com/mendersoftware/meta-mender/master/tests/acceptance/requirements_py3.txt # Load image under test @@ -110,6 +110,10 @@ convert_raspbian_raspberrypi4: - docker load -i image.tar # Set mender-image-tests submodule to correct version - git submodule update --init --recursive + # Get mender-artifact for the tests + - curl -f -O https://mender.s3.amazonaws.com/mender-artifact/$MENDER_ARTIFACT_VERSION/linux/mender-artifact + - chmod ugo+x mender-artifact + - mv mender-artifact /usr/bin/ artifacts: expire_in: 2w when: always diff --git a/scripts/test/mender-convert-qemu b/scripts/test/mender-convert-qemu new file mode 100755 index 0000000..80a9b08 --- /dev/null +++ b/scripts/test/mender-convert-qemu @@ -0,0 +1,35 @@ +#!/bin/sh + +set -e + +if [ -z "$DISK_IMG" ]; then + echo "ERROR: DISK_IMG is not set" + exit 1 +fi + +# Look for OVMF_CODE.fd in /usr/share +ovmf_file=$(find /usr/share -type f -and -name OVMF_CODE.fd 2>/dev/null | head -1) +if [ -z "${ovmf_file}" ]; then + echo "ERROR: could not find OVMF file" + exit 1 +fi + +qemu-system-x86_64 \ + -enable-kvm \ + -nographic \ + -m 256 \ + -net user,hostfwd=tcp::8822-:22 \ + -net nic,macaddr=52:54:00$(od -txC -An -N3 /dev/urandom|tr \ :) \ + -bios ${ovmf_file} \ + -drive format=raw,file=${DISK_IMG} & + +qemu_pid=$! + +trap qemu_cleanup HUP KILL TERM + +qemu_cleanup() { + kill -s TERM $qemu_pid +} + +echo "QEMU started with PID $qemu_pid" +wait $qemu_pid diff --git a/scripts/test/run-tests.sh b/scripts/test/run-tests.sh index 166b1b1..f5575d6 100755 --- a/scripts/test/run-tests.sh +++ b/scripts/test/run-tests.sh @@ -38,6 +38,8 @@ mkdir -p ${WORKSPACE} get_pytest_files +prepare_ssh_keys + if ! [ "$1" == "--all" -o "$1" == "--only" -a -n "$2" -o "$1" == "--prebuilt-image" -a -n "$3" ]; then usage fi @@ -45,7 +47,9 @@ fi test_result=0 if [ "$1" == "--prebuilt-image" ]; then - run_tests "$2" "$3" || test_result=$? + run_tests "$2" "$3" \ + "-k" "'not test_update'" \ + || test_result=$? exit $test_result else @@ -54,7 +58,9 @@ else convert_and_test "qemux86_64" \ "release-1" \ "input/Ubuntu-Bionic-x86-64.img.gz" \ - "--config configs/qemux86-64_config" || test_result=$? + "--overlay tests/ssh-public-key-overlay" \ + "--config configs/qemux86-64_config" \ + || test_result=$? echo >&2 "----------------------------------------" echo >&2 "Running the uncompressed test" @@ -74,7 +80,10 @@ else convert_and_test "raspberrypi3" \ "release-1" \ "input/2019-09-26-raspbian-buster-lite.zip" \ - "--config configs/raspberrypi3_config" || test_result=$? + "--config configs/raspberrypi3_config" \ + -- \ + "-k" "'not test_update'" \ + || test_result=$? fi if [ "$1" == "--all" -o "$1" == "--only" -a "$2" == "linaro-alip" ]; then @@ -83,7 +92,10 @@ else # "release-1" \ # "${TINKER_IMAGE_URL}" \ # "${TINKER_IMAGE}.img" \ - # "${TINKER_IMAGE}.zip" || test_result=$? + # "${TINKER_IMAGE}.zip" \ + # -- \ + # "-k" "'not test_update'" \ + # || test_result=$? true fi @@ -92,7 +104,10 @@ else convert_and_test "beaglebone-sdcard" \ "release-1" \ "input/bone-debian-10.3-iot-armhf-2020-04-06-4gb.img.xz" \ - "--config configs/beaglebone_black_debian_sdcard_config" || test_result=$? + "--config configs/beaglebone_black_debian_sdcard_config" \ + -- \ + "-k" "'not test_update'" \ + || test_result=$? fi if [ "$1" == "--all" -o "$1" == "--only" -a "$2" == "ubuntu" ]; then @@ -100,7 +115,10 @@ else convert_and_test "raspberrypi3" \ "release-1" \ "input/ubuntu-18.04.5-preinstalled-server-armhf+raspi3.img.xz" \ - "--config configs/raspberrypi3_config" || test_result=$? + "--config configs/raspberrypi3_config" \ + -- \ + "-k" "'not test_update'" \ + || test_result=$? fi exit $test_result diff --git a/scripts/test/test-utils.sh b/scripts/test/test-utils.sh index 8ca478a..3383fae 100644 --- a/scripts/test/test-utils.sh +++ b/scripts/test/test-utils.sh @@ -138,6 +138,8 @@ run_tests() { --board-type="${device_type}" \ --mender-image="${converted_image_name}.sdimg" \ --sdimg-location="${MENDER_CONVERT_DIR}/deploy" \ + --ssh-priv-key="../ssh-priv-key/key" \ + --qemu-wrapper="../../scripts/test/mender-convert-qemu" \ tests \ ${pytest_extra_args} @@ -154,5 +156,27 @@ get_pytest_files() { wget -N ${MENDER_ACCEPTANCE_URL}/helpers.py -P $WORKSPACE/mender-image-tests wget -N ${MENDER_ACCEPTANCE_URL}/conftest.py -P $WORKSPACE/mender-image-tests wget -N ${MENDER_ACCEPTANCE_URL}/fixtures.py -P $WORKSPACE/mender-image-tests + mkdir -p $WORKSPACE/mender-image-tests/files + wget -N ${MENDER_ACCEPTANCE_URL}/files/test-private-EC.pem -P $WORKSPACE/mender-image-tests/files + wget -N ${MENDER_ACCEPTANCE_URL}/files/test-private-RSA.pem -P $WORKSPACE/mender-image-tests/files + wget -N ${MENDER_ACCEPTANCE_URL}/files/test-public-EC.pem -P $WORKSPACE/mender-image-tests/files + wget -N ${MENDER_ACCEPTANCE_URL}/files/test-public-RSA.pem -P $WORKSPACE/mender-image-tests/files } +prepare_ssh_keys() { + if [ "$(stat -c %U tests/ssh-public-key-overlay/root)" != "root" ]; then + sudo chown -R root:root tests/ssh-public-key-overlay/root + fi + if [ "$(stat -c %a tests/ssh-public-key-overlay/root)" != "755" ]; then + chmod 755 tests/ssh-public-key-overlay/root + fi + if [ "$(stat -c %a tests/ssh-public-key-overlay/root/.ssh)" != "755" ]; then + chmod 700 tests/ssh-public-key-overlay/root/.ssh + fi + if [ "$(stat -c %a tests/ssh-public-key-overlay/root/.ssh/authorized_keys)" != "755" ]; then + chmod 600 tests/ssh-public-key-overlay/root/.ssh/authorized_keys + fi + if [ "$(stat -c %a tests/ssh-priv-key/key)" != "600" ]; then + chmod 600 tests/ssh-priv-key/key + fi +} diff --git a/tests/ssh-priv-key/key b/tests/ssh-priv-key/key new file mode 100644 index 0000000..9f9dbb9 --- /dev/null +++ b/tests/ssh-priv-key/key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAybC1sV0O9Hp7kXcZvcGUhcQz/Mqgir7JT6K6w1k6WG1ov1y1 +lMGQY8WVVaXss6UDCpsrwq4JVQFnGdhc1IZy1w0IfVvf6OYYx5sHqQ4z2fQUJeqx +VBRRJyRhRMGu8FoG50dSGfilYObQi638DGVbainfXkZ40YCi66mt5LdFSbUpgYRM +MEbouuE/7b671ZoWEPcANm6TPOaruFopd1BXdwNXgTMdNJVPYRl7WQqDtJSIhzyl +KUq5pEI+B7w2Z8aIgDU82mADnDqzFTbb7v5tiM9yXFwL6VYXkXBqwL9lqUCNFUdg +VAUGBQ4lAReYqhSepAIKR4YmRDREr1tz9CbDfSVENMxaHN0y1cUu8Yi42+AwCaZp +2K21G/SALmdnepzuKl49H1aNV7mO2PX9A9Tdrbi7zbuuHv85W/eBBTKKfD8x1+Re +dzbnE6rXMpJrz+CxOGeKBjeERZn4kH3+FX2+l9xcG5ppSv2mlhz5Nfu9rgLY856o +hRpWeYcdiyl2Npbl2YqIdciA9hf++cxABXadgWawmWA9rBAN/rGreRXUPkruNIDE +K2OQUWZI+9GTVGnJWr1RF+c1mpoWYkI04FvceB33U1b9Txx3VMUFLWSKutjLym3t +o0DQGA65wTUL6ezxiRCRTDsSEztYAZttvqUNvg7oCEl81yvGHqrMmnu8x9cCAwEA +AQKCAgAOdtnQ6neUGOSbvgrejO912GhSDMYOrTgKugTi1ZdVmCMW9jMfg/Iy9YyM +I+YhzAe3zwEIaSrKKduXAulFZI7/1TNyqhAYx8enKPsXqKkXTGXVgktNWFepkvZW +0/0Tx6EPHRJKQoa5uFPkcInO6cXwiyg1vqAThkIo3HZYHLyfWJqtayt7mto97MGE +71TRMMe8V7pwLOXqTDCse+rVX7GmG1s/LMc/aiXTNNyfuh1P6gcQi8zcdTtzCD0i +mODd+GL5rte6YYBgx+Tn9JM5RI3ebeIptYA1L7No/sLpJ9DGnpZ/nCrQW7veyPDm +bybHq8rkwDC0iG5eHdF/MfPS4qTKSDYoifVA9D0ifxWG2gjVnRka9Ec3uPqPajUZ +RSr/68ri92XUwmd0xxT1yTKesvMkGI6pVHGJLigI4Agx/vpwKGj6gzM3kysWwBVb +r0n4SRINEhGdvERFhTnhLJ3u907VoVcZuFBiU560fueEk9tlVjcRwaUmVIyZ3IVv +d927HJsr13zhmcWBZeNXCR3B1wudpPrpZM8RhoMJoLNHjYw/luTTTThRG9bqvJK3 +h+3O6j5YNLLi66PvSefiezdg9P7rpqKZl+8eGxbVm68/4SNt2c8RWaaHVqKubJEH +BQXd084Yrk1ZXXikLib8GVgeMIIli33YdurSHgU4pakfLFnj4QKCAQEA5Naw8QRH +cX4ckir+RmZ8U+3W4nIbbSstWLf2E2A39KIqYuRz1ge9MRjgor+sIbQNTjSo4Iwq +y0ytU7cMIdbflxsW8HjOeTzeWTCHbTteUa+Cm+E9pGzfBHqPiK4L0v4R1XiG9ISF +/Np4IuYnOjJJD8CxOxI4lEPnIJPZ47nkGuqP8ttUXfcG4+JaP5VlMBHFBP17TSN+ +uYs6sRXewtIcSRPDNK3CcP1misqe4Q62BLg4fi0SNKlwVGn9NNkqm9br+tjqrSok +LR5slvViHJ/sbFR3uEBWov/Jor2VgvnklkFM0WHLyKNSzuq1QcGe1NjoHlKW6drk +US9wjJjnkysadQKCAQEA4aEcJKkewy1GliVlqntaNrRcTcM7Y7Wz9YR9fPlB2glm +Ch5FhmSIF/Gsmx2J8V+2AH3j+pFqhjbPwLUqIawIkO65UUUnaaORTmCGubAj1Jk7 +kAiocd2RNJJaXihoX7S1E+vpNuHLGnM4CKvQeoUC0bz47VeNkzP+L6wd63ienMGG +4z0VuXUQWmrKAn4E441w9yE7SOQ8SPjYR1fuYL6/k16STWphv87o7KBYcB5IHVF9 +llbOp+8jMzMEzTPUcx6RSAjTt/Kl6aGjabZFtDzICbhLexNtc6eBqaw77KE5wTtt +5makPgiyi6DPtZpIvTuyHpaI3LrylxWN7wuQn05XmwKCAQEAr7DVMHXklBIKxX4U +suBEW/uim0CYJfycWB0E5GNfEobenAZhmNVgP62l6c3Wzhl6jayIa72xrVw1Rqym +t+RMzaqSthVKEHLXEwrbLtYB2B0z3ZHUzcR4hOvD/2AA3AEMmCRtGJYWeMcSrVie +jWPGDD4Y1A1tOwfXD3/0LY6uvquP0RjrcSkTNSq3t1Fv2rQJ24bxf4vc438tlIAC +AvlllgWCPZOaUT172NsvmAK/ZGg7l0PrUls0TtsA9+4zdGpRysl3g3NzSuCs5kmH +BgsSbSl8sQ1UdtiDalq7y08oXOPNooO+/U/HZ+1zNAT/eNL/gyhNjUXtPRd7Bbbv +NGJHcQKCAQEA2H/ERnU0/GkkUww9WnGUZet4qnFMOmfu7wYbd2ChTHs6OzlC0ysB +35/ZVNnqM/73387sg9Em2vQbMzli3P57Fb7LeW0W3WnDEubSP7kBGI2UNqfoIaJO +I5jPN4wkYrk+C4iRtkTAo3eta7yZhga9Zs2iOfOJ+JaqL8pCx2BtKdMVAFTr1JG8 +iFXx0qRjQonEvI1Zmp7OLeMBfKumI5TEtL7JOZl7hBYhMHTHh4W3AtLf4/MVxtRS +/VzWHaS/FVteYjV+GgKuKtkbuWLZzZGJDLKXUtiYbKJta4bF1U/64CyLTspsjM3B +rPM4e3Q4mcN/LZSabNrBzjEziQ2azxHYQwKCAQEA1qXH/Zgx+Ep4zprVfVRuNXmL +Qhow/uxkZOQC2tyl49LVZ2+VoO62KN37ohhLNyVax56ALn62TabzNwPU1RC1MxfM +IxzfWfPfqFQ9FdjqSfVPAsBaTizOxLIjHHXiIRRNbWoUG+MByH8uE6IsXSYoWDTb +g0szhDtll6Xaqiqy8CKAOejTDEwSoOsx9hn+9DvX4W9AjmbfMQW3cdTVPo9GcKpm +F/ELQ7stCcH6UZtBlYpWzTDNu6BBuds3ZvwbAhbPsbO5A4rGX8UOeg5z+PWu2wYA +PWy0vuqrO0FmYAJNnsCcsMiMS4QPomwsaqSzLuonX5pT9MepJ5Rug4CgHfXd0A== +-----END RSA PRIVATE KEY----- diff --git a/tests/ssh-public-key-overlay/root/.ssh/authorized_keys b/tests/ssh-public-key-overlay/root/.ssh/authorized_keys new file mode 100644 index 0000000..c42a1d5 --- /dev/null +++ b/tests/ssh-public-key-overlay/root/.ssh/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJsLWxXQ70enuRdxm9wZSFxDP8yqCKvslPorrDWTpYbWi/XLWUwZBjxZVVpeyzpQMKmyvCrglVAWcZ2FzUhnLXDQh9W9/o5hjHmwepDjPZ9BQl6rFUFFEnJGFEwa7wWgbnR1IZ+KVg5tCLrfwMZVtqKd9eRnjRgKLrqa3kt0VJtSmBhEwwRui64T/tvrvVmhYQ9wA2bpM85qu4Wil3UFd3A1eBMx00lU9hGXtZCoO0lIiHPKUpSrmkQj4HvDZnxoiANTzaYAOcOrMVNtvu/m2Iz3JcXAvpVheRcGrAv2WpQI0VR2BUBQYFDiUBF5iqFJ6kAgpHhiZENESvW3P0JsN9JUQ0zFoc3TLVxS7xiLjb4DAJpmnYrbUb9IAuZ2d6nO4qXj0fVo1XuY7Y9f0D1N2tuLvNu64e/zlb94EFMop8PzHX5F53NucTqtcykmvP4LE4Z4oGN4RFmfiQff4Vfb6X3FwbmmlK/aaWHPk1+72uAtjznqiFGlZ5hx2LKXY2luXZioh1yID2F/75zEAFdp2BZrCZYD2sEA3+sat5FdQ+Su40gMQrY5BRZkj70ZNUaclavVEX5zWamhZiQjTgW9x4HfdTVv1PHHdUxQUtZIq62MvKbe2jQNAYDrnBNQvp7PGJEJFMOxITO1gBm22+pQ2+DugISXzXK8Yeqsyae7zH1w== test@debian-dist-packages