Add fedora-40 job,rawhide is broken

jumpstarter-dev · Jun 11, 2024 · 42778ee · 42778ee
1 parent 13644d5
commit 42778ee
Show file tree

Hide file tree

Showing 8 changed files with 217 additions and 2 deletions.
diff --git a/.github/workflows/jumpstarter-pr-push-and-scheduled.yaml b/.github/workflows/jumpstarter-pr-push-and-scheduled.yaml
@@ -43,7 +43,7 @@ jobs:
     runs-on: [self-hosted, linux, jumpstarter-rpi4]
     defaults:
       run:
-        working-directory: ./fedora-rawhide
+        working-directory: ./fedora-40
     steps:
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/fedora-40/Makefile b/fedora-40/Makefile
@@ -0,0 +1,78 @@
+DEVICE=rpi4-00
+
+###############################################################################
+# Targets that interact with the DUT via Jumpstarter
+###############################################################################
+
+test-in-hardware: umount images/latest.raw images/.prepared
+	sudo -E jumpstarter run-script test-tpm-on-latest-raw.yaml
+
+write-image: umount images/latest.raw images/.prepared
+	sudo -E jumpstarter run-script setup-latest-raw.yaml
+
+power-on:
+	jumpstarter power on -a $(DEVICE)
+
+console:
+	jumpstarter console $(DEVICE)
+
+power-off:
+	jumpstarter detach-storage $(DEVICE)
+	jumpstarter power off $(DEVICE)
+
+###############################################################################
+# Image preparation targets
+###############################################################################
+
+download-image:
+	scripts/download-latest-fedora
+
+prepare-image: images/latest.raw mount
+	scripts/prepare-latest-raw
+	touch images/.prepared
+	umount mnt
+
+images/.prepared:
+	make prepare-image
+
+images/latest.raw.xz:
+	make download-image
+
+images/latest.raw: images/latest.raw.xz
+	xz -d -v -T0 -k $^
+	touch images/latest.raw
+	rm -f images/.prepared
+
+clean-image:
+	rm -f images/.prepared
+	rm -f images/latest.raw
+
+clean-images: clean-image
+	rm -rf images/dl.fedoraproject.org
+	rm -rf images/latest.raw.xz
+
+###############################################################################
+# Image manipulation targets
+###############################################################################
+
+mnt:
+	mkdir -p $@
+
+umount:
+	umount mnt || true
+
+mount: umount images/latest.raw mnt
+	guestmount -a images/latest.raw -m /dev/fedora/root -m /dev/sda2:/boot -m /dev/sda1:/boot/efi -o allow_other --rw mnt  
+
+
+###############################################################################
+# phony targets are targets which don't produce files, just for utility
+###############################################################################
+
+
+.PHONY: download-image prepare-image
+.PHONY: test-in-hardware
+.PHONY: write-image
+.PHONY: power-on power-off
+.PHONY: console
+.PHONY: mount umount
diff --git a/fedora-40/images/.gitkeep b/fedora-40/images/.gitkeep
diff --git a/fedora-40/scripts/download-latest-fedora b/fedora-40/scripts/download-latest-fedora
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+IMG_PATH=dl.fedoraproject.org/pub/fedora/linux/releases/40/Server/aarch64/images/
+CACHE="./images"
+wget "https://${IMG_PATH}" -np -m -A '*raw.xz' -c -P "${CACHE}"
+# use the latest compose image
+LATEST_IMG=$(ls -Art "${CACHE}/${IMG_PATH}"/*.raw.xz | tail -n 1)
+
+echo "Latest image: ${LATEST_IMG}"
+
+# calculate full path to LATEST_IMG
+LATEST_IMG_FULLPATH=$(readlink -f ${LATEST_IMG})
+EXISTING_LINK=$(readlink "${CACHE}/latest.raw.xz" || true )
+# if the link has changed, update the link
+if [[ "${LATEST_IMG_FULLPATH}" != "${EXISTING_LINK}" ]]; then
+    echo "Updating link from latest.raw.xz -> ${LATEST_IMG}"
+    ln -fs "${LATEST_IMG_FULLPATH}" "${CACHE}/latest.raw.xz"
+else
+    echo "We are up-to-date."
+fi
diff --git a/fedora-40/scripts/prepare-latest-raw b/fedora-40/scripts/prepare-latest-raw
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -x
+
+sudo sed -i 's/rhgb quiet/rhgb console=ttyS0,115200/g' mnt/boot/loader/entries/* mnt/etc/default/grub mnt/etc/kernel/cmdline
+# assign changeme password to root
+sudo sed -i 's%root:!locked::0:99999:7:::%root:$y$j9T$Sw1lg2a7i/0vWoufwxYsSzAk$RrdQ6C4bUsOE3uy0mErsbOA7LOF4x2R8zP5XW6jpA1/::0:99999:7:::%g' mnt/etc/shadow
+#sudo rm -f mnt/etc/systemd/system/*/initial-setup.service
+#sudo rm -f mnt/etc/systemd/system/*/smartd.service
+# enable SPI and the TPM we use in the dtbs
+cat << EOF | sudo tee -a mnt/boot/efi/config.txt
+dtparam=spi=on
+dtoverlay=tpm-slb9670
+EOF
+sudo rm -f mnt/etc/.pwd.lock
+
diff --git a/fedora-40/setup-latest-raw.yaml b/fedora-40/setup-latest-raw.yaml
@@ -0,0 +1,9 @@
+name: "Setup latest.raw in DUT disk"
+selector:
+  - rpi4
+
+steps:
+  - power: "off"
+  - set-disk-image:
+      image: "images/latest.raw"
+  - storage: "attach"
diff --git a/fedora-40/test-tpm-on-latest-raw.yaml b/fedora-40/test-tpm-on-latest-raw.yaml
@@ -0,0 +1,93 @@
+name: "Setup latest.raw in DUT disk"
+selector:
+  - rpi4
+
+expect-timeout: 100
+
+steps:
+  - power: "off"
+  - set-disk-image:
+      image: "images/latest.raw"
+  - storage: "attach"
+  - power: "on"
+  - expect:
+      this: "Booting"
+
+  - expect:
+      this: "Please make a selection from the above"
+
+  - send:
+      this:
+        - "4\n"
+  - expect:
+      this: "Password:"
+
+  - send:
+      this:
+        - "changeme\n"
+        - "changeme\n"
+        - "yes\n"
+      echo: false
+
+  - expect:
+      this: "Please make a selection from the above"
+
+  - send:
+      this:
+        - "c\n"
+
+  - expect:
+      this: "login: "
+
+  - send:
+      this:
+        - "root\n"
+      echo: false
+
+  - expect:
+      this: "Password:"
+
+  - send:
+      this:
+        - "changeme\n"
+
+  - expect:
+      this: "#"
+
+  - send:
+      this:
+        - "dnf install -y tpm2-tools tpm2-pkcs11 tpm2-tss tpm2-tss-devel tpm2-tss-engine tpm2-tss-engine-utilities\n"
+
+  - expect:
+      this: "Complete!"
+      timeout: 500
+
+  - comment: "Verifying TPM interactions via tpm2 tools"
+  - send:
+      this:
+        - "tpm2_createprimary -C e -c primary.ctx\n"
+        - "tpm2_create -G rsa -u key.pub -r key.priv -C primary.ctx\n"
+        - "tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx\n"
+        - "echo my message > message.dat\n"
+        - "tpm2_sign -c key.ctx -g sha256 -o sig.rssa message.dat\n"
+        - "tpm2_verifysignature -c key.ctx -g sha256 -s sig.rssa -m message.dat\n"
+        - "echo result: $?\n"
+
+  - expect:
+      this: "value: fixedtpm|fixedparent|sensitivedataorigin|userwithauth|restricted|decrypt"
+  - expect:
+      this: "fixedtpm|fixedparent|sensitivedataorigin|userwithauth|decrypt|sign"
+  - expect:
+      this: "name: "
+  - expect:
+      this: "result: 0"
+  - expect:
+      this: "# "
+
+cleanup:
+  - send:
+      this:
+        - "poweroff\n"
+  - pause: 20
+  - power: "off"
+
diff --git a/fedora-rawhide/scripts/prepare-latest-raw b/fedora-rawhide/scripts/prepare-latest-raw
@@ -5,7 +5,7 @@ sudo sed -i 's/rhgb quiet/rhgb console=ttyS0,115200/g' mnt/boot/loader/entries/*
 # assign changeme password to root
 sudo sed -i 's%root:!locked::0:99999:7:::%root:$y$j9T$Sw1lg2a7i/0vWoufwxYsSzAk$RrdQ6C4bUsOE3uy0mErsbOA7LOF4x2R8zP5XW6jpA1/::0:99999:7:::%g' mnt/etc/shadow
 #sudo rm -f mnt/etc/systemd/system/*/initial-setup.service
-sudo rm -f mnt/etc/systemd/system/*/smartd.service
+#sudo rm -f mnt/etc/systemd/system/*/smartd.service
 # enable SPI and the TPM we use in the dtbs
 cat << EOF | sudo tee -a mnt/boot/efi/config.txt
 dtparam=spi=on