Skip to content

Commit

Permalink
[PATCH] tests: Adjust path for swtpm state to use path under /var/tmp/
Browse files Browse the repository at this point in the history 
https://lore.kernel.org/qemu-devel/20241106180751.6859-1-stefanb@linux.vnet.ibm.com

---

From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: peter.maydell@linaro.org, qemu-devel@nongnu.org
Cc: marcandre.lureau@gmail.com, clg@redhat.com, lena.voytek@canonical.com,
 Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH] tests: Adjust path for swtpm state to use path under /var/tmp/
Date: Wed,  6 Nov 2024 13:07:51 -0500
Message-ID: <20241106180751.6859-1-stefanb@linux.vnet.ibm.com>
X-Mailer: git-send-email 2.47.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: jQY8kr9-L3a--Ft4HpIau6cZby3TRSjl
X-Proofpoint-ORIG-GUID: mijDPM4hfiXsLZy04kVjHHhv1za7mCLJ
Content-Transfer-Encoding: 8bit
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30
 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxscore=0 clxscore=1011
 adultscore=0 lowpriorityscore=0 impostorscore=0 malwarescore=0
 mlxlogscore=839 spamscore=0 bulkscore=0 priorityscore=1501 phishscore=0
 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.19.0-2409260000 definitions=main-2411060141
Received-SPF: none client-ip=148.163.156.1;
 envelope-from=stefanb@linux.vnet.ibm.com; helo=mx0a-001b2d01.pphosted.com
X-Spam_score_int: -26
X-Spam_score: -2.7
X-Spam_bar: --
X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
 RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

From: Stefan Berger <stefanb@linux.ibm.com>

To avoid AppArmor-related test failures when functional test are run from
somewhere under /mnt, adjust the path to swtpm's state to use an AppArmor-
supported path, such as /var/tmp, which is provided by the python function
tempfile.TemporaryDirectory().

An update to swtpm's AppArmor profile is also being done to support /var/tmp.

Link: https://lore.kernel.org/qemu-devel/CAFEAcA8A=kWLtTZ+nua-MpzqkaEjW5srOYZruZnE2tB6vmoMig@mail.gmail.com/
Link: stefanberger/swtpm#944
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 tests/functional/test_arm_aspeed.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/functional/test_arm_aspeed.py b/tests/functional/test_arm_aspeed.py
index 9761fc06a4..a574b1e521 100644
--- a/tests/functional/test_arm_aspeed.py
+++ b/tests/functional/test_arm_aspeed.py
@@ -227,11 +227,11 @@ def test_arm_ast2600_evb_buildroot_tpm(self):

         image_path = self.ASSET_BR2_202302_AST2600_TPM_FLASH.fetch()

-        socket_dir = tempfile.TemporaryDirectory(prefix="qemu_")
-        socket = os.path.join(socket_dir.name, 'swtpm-socket')
+        tpmstate_dir = tempfile.TemporaryDirectory(prefix="qemu_")
+        socket = os.path.join(tpmstate_dir.name, 'swtpm-socket')

         subprocess.run(['swtpm', 'socket', '-d', '--tpm2',
-                        '--tpmstate', f'dir={self.vm.temp_dir}',
+                        '--tpmstate', f'dir={tpmstate_dir.name}',
                         '--ctrl', f'type=unixio,path={socket}'])

         self.vm.add_args('-chardev', f'socket,id=chrtpm,path={socket}')
--
2.34.1

Signed-off-by: GitHub Actions Bot <bot@github.com>
  • Loading branch information
GitHub Actions Bot committed Nov 6, 2024
1 parent 7e867b1 commit 39c605a
Show file tree
Hide file tree
Showing 22 changed files with 891 additions and 93 deletions.
341 changes: 341 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,341 @@
on: push

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
checkapply:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
# to debug container live from GitHub
# - uses: mxschmitt/action-tmate@v3
- run: bash -c '[ ! -f shazam.log ] || { cat shazam.log; exit 1; }'

checkpatch-ignore-signoff:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: git fetch -a origin --unshallow || true
- run: git remote add upstream -f https://gitlab.com/qemu-project/qemu
- run: ./scripts/checkpatch.pl --no-signoff $(git merge-base upstream/master HEAD)..HEAD

checkpatch-with-signoff:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: git fetch -a origin --unshallow || true
- run: git remote add upstream -f https://gitlab.com/qemu-project/qemu
- run: ./scripts/checkpatch.pl $(git merge-base upstream/master HEAD)..HEAD

# use docker-run to not rebuild images
# images are built daily and pushed on pbolinaro/qemu-ci:*

build-cross:
needs: checkapply
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
container: [alpine,centos9,debian,debian-all-test-cross,debian-amd64-cross,debian-arm64-cross,debian-armhf-cross,debian-hexagon-cross,debian-i686-cross,debian-legacy-test-cross,debian-loongarch-cross,debian-mips64el-cross,debian-mipsel-cross,debian-ppc64el-cross,debian-riscv64-cross,debian-s390x-cross,debian-tricore-cross,fedora,fedora-rust-nightly,opensuse-leap,ubuntu2204]
steps:
- uses: actions/checkout@v4
- run: pip install meson
- run: make docker-run J=$(nproc) RUNC=podman TEST=test-build IMAGE=docker.io/pbolinaro/qemu-ci:${{matrix.container}}

build:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS && ninja -C build install'
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
./build/qemu-system-x86_64 -nographic -plugin ./build/contrib/plugins/libstoptrigger,icount=1000000 -plugin ./build/tests/tcg/plugins/libinsn -d plugin
build-cross-mingw64:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:fedora-win64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS && ninja -C build install'
build-windows:
needs: checkapply
runs-on: windows-2022
strategy:
fail-fast: false
matrix:
sys: [UCRT64, CLANG64, MINGW64]
defaults:
run:
shell: msys2 {0}
steps:
- uses: msys2/setup-msys2@v2
with:
update: true
msystem: ${{matrix.sys}}
- run: pacman -S --noconfirm curl git
- uses: actions/checkout@v4
- run: >
pacman -S --noconfirm
base-devel binutils bison diffutils flex git grep make sed
${MINGW_PACKAGE_PREFIX}-toolchain
${MINGW_PACKAGE_PREFIX}-glib2
${MINGW_PACKAGE_PREFIX}-gtk3
${MINGW_PACKAGE_PREFIX}-libnfs
${MINGW_PACKAGE_PREFIX}-libssh
${MINGW_PACKAGE_PREFIX}-ninja
${MINGW_PACKAGE_PREFIX}-pixman
${MINGW_PACKAGE_PREFIX}-pkgconf
${MINGW_PACKAGE_PREFIX}-python
${MINGW_PACKAGE_PREFIX}-SDL2
${MINGW_PACKAGE_PREFIX}-zstd
- run: ./configure && ninja -C build
- run: ./build/qemu-system-x86_64 -nographic -plugin ./build/contrib/plugins/libstoptrigger,icount=1000000 -plugin ./build/tests/tcg/plugins/libinsn -d plugin

build-macos-x86_64:
needs: checkapply
runs-on: macos-13
steps:
- uses: actions/checkout@v4
- run: brew install --quiet $(brew deps --include-build qemu)
# on macos, werror is not on by default
- run: ./configure --enable-werror && ninja -C build
- run: ./build/qemu-system-x86_64 -nographic -plugin ./build/contrib/plugins/libstoptrigger,icount=1000000 -plugin ./build/tests/tcg/plugins/libinsn -d plugin

build-macos-aarch64:
needs: checkapply
runs-on: macos-14
steps:
- uses: actions/checkout@v4
- run: brew install --quiet $(brew deps --include-build qemu)
# on macos, werror is not on by default
- run: ./configure --enable-werror && ninja -C build
- run: ./build/qemu-system-x86_64 -nographic -plugin ./build/contrib/plugins/libstoptrigger,icount=1000000 -plugin ./build/tests/tcg/plugins/libinsn -d plugin

build-misc:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS --disable-user --disable-system --enable-docs --enable-tools && ninja -C build install'
build-32bits:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-i686-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS && ninja -C build install'
build-big-endian:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-s390x-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS && ninja -C build install'
build-debug:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS --enable-debug --enable-asan --enable-ubsan && ninja -C build install'
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
./build/qemu-system-x86_64 -nographic -plugin ./build/contrib/plugins/libstoptrigger,icount=1000000 -plugin ./build/tests/tcg/plugins/libinsn -d plugin
build-static:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS --disable-system --disable-tools --disable-guest-agent --disable-docs --static && ninja -C build install'
build-cfi:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx 'apt update && apt install -y clang && ./configure $QEMU_CONFIGURE_OPTS --cc=clang --cxx=clang++ --enable-cfi --enable-cfi-debug && ninja -C build install'
build-tsan:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS --enable-tsan && ninja -C build install'
build-clang:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx 'apt update && apt install -y clang && ./configure $QEMU_CONFIGURE_OPTS --cxx=clang++ --cc=clang --host-cc=clang && ninja -C build install'
build-clang-latest:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx 'LLVM_VERSION=19 && apt update && apt install -y lsb-release wget software-properties-common gnupg && wget https://apt.llvm.org/llvm.sh && bash llvm.sh ${LLVM_VERSION} && ./configure $QEMU_CONFIGURE_OPTS --cxx=clang++-${LLVM_VERSION} --cc=clang-${LLVM_VERSION} --host-cc=clang-${LLVM_VERSION} && ninja -C build install'
build-rust:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:fedora-rust-nightly
bash -cx './configure $QEMU_CONFIGURE_OPTS --enable-rust && ninja -C build install'
build-disable-tcg:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS --disable-tcg && ninja -C build install'
build-disable-kvm:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS --disable-kvm && ninja -C build install'
build-disable-tcg-kvm-for-xen:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS --disable-tcg --disable-kvm && ninja -C build install'
check:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS && ninja -C build'
- run: sudo chown $USER:$USER /dev/kvm
- run: >
podman run --privileged --rm -it -v /dev/kvm:/dev/kvm -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross
bash -cx "make check -k -j1 SPEED=slow"
check-tcg:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
# flaky test: signals on some architecture - skip
- run: rm ./tests/tcg/multiarch/signals.c
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-all-test-cross
bash -cx './configure $QEMU_CONFIGURE_OPTS --enable-debug-tcg && ninja -C build'
- run: >
podman run --privileged --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-all-test-cross
bash -cx "make check-tcg -k -j1 SPEED=slow"
check-functional:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
# deactivate one test that needs sound card
# GitHub runners don't have sound support, and it's not possible to load a
# snd-dummy module to add it.
- run: sed -i -e '/m68k_q800/d' tests/functional/meson.build
# flaky tests
- run: sed -i -e '/m68k_q800/d' tests/functional/meson.build
- run: sed -i -e '/loongarch64_virt/d' tests/functional/meson.build
- run: sed -i -e '/arm_tuxrun/d' tests/functional/meson.build
# add more time for tests
- run: sed -i -e 's/timeout = .*/timeout = 3600/' $(find tests/functional/ -type f)
- run: sed -i -e 's/\s\+[0-9]\+/ 3600/' tests/functional/meson.build
# we use image with download cache filled. Solves servers flakiness.
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross-precache-tests
bash -cx './configure $QEMU_CONFIGURE_OPTS && ninja -C build'
- run: sudo chown $USER:$USER /dev/kvm
- run: >
podman run --privileged --rm -it -v /dev/kvm:/dev/kvm -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross-precache-tests
bash -cx "make check-functional -k -j1 SPEED=slow"
check-avocado:
needs: checkapply
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
# deactivate one test that needs sound card
# GitHub runners don't have sound support, and it's not possible to load a
# snd-dummy module to add it.
- run: sed -i -e '/test_m68k_q800/,+17d' tests/avocado/replay_kernel.py
# flaky tests
- run: sed -i -e '/test_arm64be/,+14d' tests/avocado/tuxrun_baselines.py
# add more time for all tests
- run: sed -i -e 's/timeout = .*/timeout = 3600/' $(find tests/avocado/ -type f)
# we use image with download cache filled. Solves servers flakiness.
- run: >
podman run --rm -it -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross-precache-tests
bash -cx './configure $QEMU_CONFIGURE_OPTS && ninja -C build'
- run: sudo chown $USER:$USER /dev/kvm
- run: >
podman run --privileged --rm -it -v /dev/kvm:/dev/kvm -v $(pwd):$(pwd) -w $(pwd)
docker.io/pbolinaro/qemu-ci:debian-amd64-cross-precache-tests
bash -cx "make check-avocado -k -j1 SPEED=slow"
54 changes: 54 additions & 0 deletions .github/workflows/containers.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
on:
schedule:
- cron: '0 6 * * *'
workflow_dispatch:

permissions: write-all

jobs:
build_container:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# cd tests/docker/dockerfiles/
# ls *docker | sed -e 's/.docker//' | tr '\n' ','
# remove: debian-bootstrap,debian-toolchain
container: [alpine,centos9,debian-all-test-cross,debian-amd64-cross,debian-arm64-cross,debian-armhf-cross,debian,debian-hexagon-cross,debian-i686-cross,debian-legacy-test-cross,debian-loongarch-cross,debian-mips64el-cross,debian-mipsel-cross,debian-ppc64el-cross,debian-riscv64-cross,debian-s390x-cross,debian-tricore-cross,debian-xtensa-cross,fedora,fedora-rust-nightly,fedora-win64-cross,opensuse-leap,python,ubuntu2204]
steps:
- uses: actions/checkout@v4
- run: make docker-image-${{matrix.container}} RUNC=podman V=1
- run: podman tag qemu/${{matrix.container}} docker.io/pbolinaro/qemu-ci:${{matrix.container}}
- run: podman login -u pbolinaro -p ${{secrets.DOCKERHUB_PASSWORD}}
- run: podman push docker.io/pbolinaro/qemu-ci:${{matrix.container}}

build_container_debian-amd64-cross-precache-tests:
runs-on: ubuntu-latest
steps:
# we clean up runner first, to get more disk space
- run: docker system prune -af && sudo rm -rf /opt/*
- uses: actions/checkout@v4
- run: make docker-image-debian-amd64-cross RUNC=podman V=1
# fill download cache for functional and check-avocado
# running check-avocado without any qemu binary will only download data
# in /root/avocado
- run: >
podman run -it -v $(pwd):$(pwd) -w $(pwd) qemu/debian-amd64-cross
./precache_tests.sh
# commit result as a new image. Cache will be in /root/.cache and /root/avocado
- run: podman commit "$(podman ps -aq)" docker.io/pbolinaro/qemu-ci:debian-amd64-cross-precache-tests
- run: podman login -u pbolinaro -p ${{secrets.DOCKERHUB_PASSWORD}}
- run: podman push docker.io/pbolinaro/qemu-ci:debian-amd64-cross-precache-tests

keepalive-job:
name: Keepalive Workflow
if: ${{ always() }}
needs: build_container
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: gautamkrishnar/keepalive-workflow@v2
with:
use_api: false
Loading

0 comments on commit 39c605a

Please sign in to comment.