snappy-hwe-snaps

Merge ~ssweeny/snappy-hwe-snaps/+git/tpm2:aliases into ~snappy-hwe-team/snappy-hwe-snaps/+git/tpm2:master

  1. Git
  2. lp:~ssweeny/snappy-hwe-snaps/+git/tpm2
  3. aliases
  4. Merge into master
Proposed by Scott Sweeny
Status: Merged
Approved by: Tony Espy
Approved revision: 593064ecf212a1a441c3e70d2001e260262ede41
Merged at revision: 076274ee827a0c09baf03e0c81ad6ad47ade8e9f
Proposed branch: ~ssweeny/snappy-hwe-snaps/+git/tpm2:aliases
Merge into: ~snappy-hwe-team/snappy-hwe-snaps/+git/tpm2:master
Diff against target: 751 lines (+173/-110)
8 files modified
dev/null (+0/-25)
run-tests.sh (+55/-60)
snapcraft.yaml (+35/-3)
spread.yaml (+4/-1)
tests/lib/prepare-all.sh (+3/-3)
tests/lib/prepare.sh (+4/-18)
tests/lib/utilities.sh (+39/-0)
tests/main/installation/task.yaml (+33/-0)
Reviewer Review Type Date Requested Status
System Enablement Bot continuous-integration Approve
Tony Espy Approve
Jim Hodapp (community) Approve
Simon Fels Needs Fixing
Review via email: mp+316649@code.launchpad.net

Commit message

Enable aliases for all tools

Description of the change

Enable aliases for all tools

To post a comment you must log in.
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

FAILED: Continuous integration, rev:be6844ffc26db60cc653f31bcc3ae15c5697b37a
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/870/
Executed test runs:
    FAILURE: https://jenkins.canonical.com/system-enablement/job/generic-run-snap-spread-tests/581/console
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/778/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/870/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Simon Fels (morphis) wrote :

Needs spread tests.

review: Needs Fixing
Revision history for this message
Jim Hodapp (jhodapp) wrote :

Scott, feel free to push back against this if you feel it's too much scope-creep, but could you add a basic index.md file located at docs/index.md to this MR just explaining the very basics of what tpm is, what tpm2 gives you specifically, and a very basic how to use the snap? We need to start adding the basic doc structure to all of our snaps that are missing them today.

review: Needs Information
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:956c3eb22ab78a22c6e3d8525772ff8494411b6d
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/876/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-run-snap-spread-tests/587
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/784/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/876/rebuild

review: Approve (continuous-integration)
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:40ccf539a512afd2215540d76bd4bbd30922357a
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/877/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-run-snap-spread-tests/588
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/785/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/877/rebuild

review: Approve (continuous-integration)
Revision history for this message
Scott Sweeny (ssweeny) wrote :

> Scott, feel free to push back against this if you feel it's too much scope-
> creep, but could you add a basic index.md file located at docs/index.md to
> this MR just explaining the very basics of what tpm is, what tpm2 gives you
> specifically, and a very basic how to use the snap? We need to start adding
> the basic doc structure to all of our snaps that are missing them today.

Jim,

I think adding those docs are a great idea... for a card in the backlog :)

Revision history for this message
Jim Hodapp (jhodapp) wrote :

Fair enough. :) Would you mind adding one to the backlog?

Revision history for this message
Jim Hodapp (jhodapp) wrote :

Looks good overall, a few comments inline below.

review: Needs Fixing
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:6e30d2903e905c9021975397a20bfce3cdb3dfaf
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/899/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-run-snap-spread-tests/601
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/808/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/899/rebuild

review: Approve (continuous-integration)
Revision history for this message
Jim Hodapp (jhodapp) wrote :

LGTM

review: Approve
Revision history for this message
Tony Espy (awe) wrote :

Two minor fixes needed...

review: Needs Fixing
Revision history for this message
Tony Espy (awe) wrote :

LGTM

review: Approve
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:593064ecf212a1a441c3e70d2001e260262ede41
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/903/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/generic-run-snap-spread-tests/604
    None: https://jenkins.canonical.com/system-enablement/job/generic-update-snap-mp/812/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/generic-build-snap/903/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/run-tests.sh b/run-tests.sh
index 1d58d86..bc4b987 100755
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -1,6 +1,6 @@
1#!/bin/bash1#!/bin/sh
2#2#
3# Copyright (C) 2016 Canonical Ltd3# Copyright (C) 2017 Canonical Ltd
4#4#
5# This program is free software: you can redistribute it and/or modify5# This program is free software: you can redistribute it and/or modify
6# it under the terms of the GNU General Public License version 3 as6# it under the terms of the GNU General Public License version 3 as
@@ -16,69 +16,64 @@
1616
17set -e17set -e
1818
19image_name=ubuntu-core-16.img19TESTS_EXTRAS_URL="https://git.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/tests-extras"
20channel=candidate20TESTS_EXTRAS_PATH=".tests-extras"
21spread_opts=
22force_new_image=0
23test_from_channel=0
2421
22# Display help.
23# This has to be in sync with the tests-extras/test-runner.sh script
24# functionalities as the parameters to this one are passed directly there
25# this function will quit the script because of the 'exec' keyword
25show_help() {26show_help() {
26 echo "Usage: run-tests.sh [OPTIONS]"27 exec cat <<'EOF'
27 echo28Usage: run-tests.sh [OPTIONS]
28 echo "optional arguments:"29
29 echo " --help Show this help message and exit"30This is fetch & forget script and what it does is to fetch the
30 echo " --channel Select another channel to build the base image from (default: $channel)"31tests-extras repository and execute the run-tests.sh script from
31 echo " --debug Enable verbose debugging output"32there passing arguments as-is.
32 echo " --test-from-channel Pull tpm2 snap from the specified channel instead of building it from source"33
33 echo " --force-new-image Force generating a new image used for testing"34optional arguments:
35 --help Show this help message and exit
36 --channel Select another channel to build the base image from (default: stable)
37 --snap Extra snap to install
38 --debug Enable verbose debugging output
39 --test-from-channel Pull tpm2 snap from the specified channel instead of building it from source
40 --force-new-image Force generating a new image used for testing
41EOF
34}42}
3543
36while [ -n "$1" ]; do44# Clone the tests-extras repository
37 case "$1" in45clone_tests_extras() {
38 --help)46 echo "INFO: Fetching tests-extras scripts into $TESTS_EXTRAS_PATH ..."
39 show_help47 git clone -b master $TESTS_EXTRAS_URL $TESTS_EXTRAS_PATH >/dev/null 2>&1
40 exit48 if [ $? -ne 0 ]; then
41 ;;49 echo "ERROR: Failed to fetch the $TESTS_EXTRAS_URL repo, exiting.."
42 --channel=*)50 exit 1
43 channel=${1#*=}51 fi
44 shift52}
45 ;;
46 --test-from-channel)
47 test_from_channel=1
48 shift
49 ;;
50 --debug)
51 spread_opts="$spread_opts -vv -debug"
52 shift
53 ;;
54 --force-new-image)
55 force_new_image=1
56 shift
57 ;;
58 *)
59 echo "Unknown command: $1"
60 exit 1
61 ;;
62 esac
63done
6453
65SPREAD_QEMU_PATH="$HOME/.spread/qemu"54# Make sure the already cloned tests-extras repository is in a known and updated
66if [ `which spread` = /snap/bin/spread ] ; then55# state before it is going to be used.
67 current_version=`readlink /snap/spread/current`56restore_and_update_tests_extras() {
68 SPREAD_QEMU_PATH="$HOME/snap/spread/$current_version/.spread/qemu/"57 echo "INFO: Restoring and updating $TESTS_EXTRAS_PATH"
69fi58 cd $TESTS_EXTRAS_PATH && git reset --hard && git clean -dfx && git pull
59 cd -
60}
7061
71# Make sure we have a base image we use for testing62# ==============================================================================
72if [ ! -e $SPREAD_QEMU_PATH/$image_name ] || [ $force_new_image -eq 1 ] ; then63# This is fetch & forget script and what it does is to fetch the tests-extras
73 echo "INFO: Creating new qemu test image ..."64# repo and execute the run-tests.sh script from there passing arguments as-is.
74 (cd tests/image ; sudo ./create-image.sh $channel)65#
75 mkdir -p $SPREAD_QEMU_PATH66# The tests-extras repository ends up checked out in the snap tree but as a
76 mv tests/image/ubuntu-core-16.img $SPREAD_QEMU_PATH/$image_name67# hidden directory which is re-used since then.
77fi
7868
79# We currently only run spread tests but we could do other things69# Display help w/o fetching anything and exit
80# here as well like running our snap-lintian tool etc.70[ "$1" = "--help" ] && show_help
81if [ $test_from_channel -eq 1 ] ; then71
82 export SNAP_CHANNEL=$channel72if [ -d "$TESTS_EXTRAS_PATH" ]; then
73 restore_and_update_tests_extras
74else
75 clone_tests_extras
83fi76fi
84spread $spread_opts77
78echo "INFO: Executing tests runner"
79cd $TESTS_EXTRAS_PATH && ./tests-runner.sh "$@"
diff --git a/snapcraft.yaml b/snapcraft.yaml
index 6c30e14..a7c3720 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -6,6 +6,7 @@ description: |
6 into a wide range of todays devices. Please find the source6 into a wide range of todays devices. Please find the source
7 code at: https://code.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/tpm27 code at: https://code.launchpad.net/~snappy-hwe-team/snappy-hwe-snaps/+git/tpm2
8confinement: strict8confinement: strict
9grade: stable
910
10apps:11apps:
11 resourcemgr:12 resourcemgr:
@@ -15,100 +16,131 @@ apps:
15 activatecredential:16 activatecredential:
16 command: sbin/tpm2_activatecredential17 command: sbin/tpm2_activatecredential
17 plugs: [network]18 plugs: [network]
19 aliases: [tpm2_activatecredential]
18 akparse:20 akparse:
19 command: sbin/tpm2_akparse21 command: sbin/tpm2_akparse
22 aliases: [tpm2_akparse]
20 certify:23 certify:
21 command: sbin/tpm2_certify24 command: sbin/tpm2_certify
22 plugs: [network]25 plugs: [network]
26 aliases: [tpm2_certify]
23 create:27 create:
24 command: sbin/tpm2_create28 command: sbin/tpm2_create
25 plugs: [network]29 plugs: [network]
30 aliases: [tpm2_create]
26 createprimary:31 createprimary:
27 command: sbin/tpm2_createprimary32 command: sbin/tpm2_createprimary
28 plugs: [network]33 plugs: [network]
34 aliases: [tpm2_createprimary]
29 encryptdecrypt:35 encryptdecrypt:
30 command: sbin/tpm2_encryptdecrypt36 command: sbin/tpm2_encryptdecrypt
31 plugs: [network]37 plugs: [network]
38 aliases: [tpm2_encryptdecrypt]
32 evictcontrol:39 evictcontrol:
33 command: sbin/tpm2_evictcontrol40 command: sbin/tpm2_evictcontrol
34 plugs: [network]41 plugs: [network]
42 aliases: [tpm2_evictcontrol]
35 getmanufec:43 getmanufec:
36 command: sbin/tpm2_getmanufec44 command: sbin/tpm2_getmanufec
37 plugs: [network]45 plugs: [network]
46 aliases: [tpm2_getmanufec]
38 getpubak:47 getpubak:
39 command: sbin/tpm2_getpubak48 command: sbin/tpm2_getpubak
40 plugs: [network]49 plugs: [network]
50 aliases: [tpm2_getpubak]
41 getpubek:51 getpubek:
42 command: sbin/tpm2_getpubek52 command: sbin/tpm2_getpubek
43 plugs: [network]53 plugs: [network]
54 aliases: [tpm2_getpubek]
44 getrandom:55 getrandom:
45 command: sbin/tpm2_getrandom56 command: sbin/tpm2_getrandom
46 plugs: [network]57 plugs: [network]
58 aliases: [tpm2_getrandom]
47 hash:59 hash:
48 command: sbin/tpm2_hash60 command: sbin/tpm2_hash
49 plugs: [network]61 plugs: [network]
62 aliases: [tpm2_hash]
50 hmac:63 hmac:
51 command: sbin/tpm2_hmac64 command: sbin/tpm2_hmac
52 plugs: [network]65 plugs: [network]
66 aliases: [tpm2_hmac]
53 listpcrs:67 listpcrs:
54 command: sbin/tpm2_listpcrs68 command: sbin/tpm2_listpcrs
55 plugs: [network]69 plugs: [network]
70 aliases: [tpm2_listpcrs]
56 load:71 load:
57 command: sbin/tpm2_load72 command: sbin/tpm2_load
58 plugs: [network]73 plugs: [network]
74 aliases: [tpm2_load]
59 loadexternal:75 loadexternal:
60 command: sbin/tpm2_loadexternal76 command: sbin/tpm2_loadexternal
61 plugs: [network]77 plugs: [network]
78 aliases: [tpm2_loadexternal]
62 makecredential:79 makecredential:
63 command: sbin/tpm2_makecredential80 command: sbin/tpm2_makecredential
64 plugs: [network]81 plugs: [network]
82 aliases: [tpm2_makecredential]
65 nvdefine:83 nvdefine:
66 command: sbin/tpm2_nvdefine84 command: sbin/tpm2_nvdefine
67 plugs: [network]85 plugs: [network]
86 aliases: [tpm2_nvdefine]
68 nvlist:87 nvlist:
69 command: sbin/tpm2_nvlist88 command: sbin/tpm2_nvlist
70 plugs: [network]89 plugs: [network]
90 aliases: [tpm2_nvlist]
71 nvread:91 nvread:
72 command: sbin/tpm2_nvread92 command: sbin/tpm2_nvread
73 plugs: [network]93 plugs: [network]
94 aliases: [tpm2_nvread]
74 nvrelease:95 nvrelease:
75 command: sbin/tpm2_nvrelease96 command: sbin/tpm2_nvrelease
76 plugs: [network]97 plugs: [network]
98 aliases: [tpm2_nvrelease]
77 nvwrite:99 nvwrite:
78 command: sbin/tpm2_nvwrite100 command: sbin/tpm2_nvwrite
79 plugs: [network]101 plugs: [network]
102 aliases: [tpm2_nvwrite]
80 quote:103 quote:
81 command: sbin/tpm2_quote104 command: sbin/tpm2_quote
82 plugs: [network]105 plugs: [network]
106 aliases: [tpm2_quote]
83 rc-decode:107 rc-decode:
84 command: sbin/tpm2_rc_decode108 command: sbin/tpm2_rc_decode
109 aliases: [tpm2_rc_decode]
85 readpublic:110 readpublic:
86 command: sbin/tpm2_readpublic111 command: sbin/tpm2_readpublic
87 plugs: [network]112 plugs: [network]
113 aliases: [tpm2_readpublic]
88 rsadecrypt:114 rsadecrypt:
89 command: sbin/tpm2_rsadecrypt115 command: sbin/tpm2_rsadecrypt
90 plugs: [network]116 plugs: [network]
117 aliases: [tpm2_rsadecrypt]
91 rsaencrypt:118 rsaencrypt:
92 command: sbin/tpm2_rsaencrypt119 command: sbin/tpm2_rsaencrypt
93 plugs: [network]120 plugs: [network]
121 aliases: [tpm2_rsaencrypt]
94 sign:122 sign:
95 command: sbin/tpm2_sign123 command: sbin/tpm2_sign
96 plugs: [network]124 plugs: [network]
125 aliases: [tpm2_sign]
97 takeownership:126 takeownership:
98 command: sbin/tpm2_takeownership127 command: sbin/tpm2_takeownership
99 plugs: [network]128 plugs: [network]
129 aliases: [tpm2_takeownership]
100 unseal:130 unseal:
101 command: sbin/tpm2_unseal131 command: sbin/tpm2_unseal
102 plugs: [network]132 plugs: [network]
133 aliases: [tpm2_unseal]
103 verifysignature:134 verifysignature:
104 command: sbin/tpm2_verifysignature135 command: sbin/tpm2_verifysignature
105 plugs: [network]136 plugs: [network]
137 aliases: [tpm2_verifysignature]
106138
107parts:139parts:
108 common:140 common:
109 plugin: dump141 plugin: dump
110 source: .142 source: .
111 snap:143 prime:
112 - copyright.tpm2-tss144 - copyright.tpm2-tss
113 - copyright.tpm2-tools145 - copyright.tpm2-tools
114 tpm2-tss:146 tpm2-tss:
@@ -123,7 +155,7 @@ parts:
123 - gcc155 - gcc
124 - g++156 - g++
125 - libc6-dev157 - libc6-dev
126 snap:158 prime:
127 - -include159 - -include
128 tpm2-tools:160 tpm2-tools:
129 plugin: autotools161 plugin: autotools
@@ -144,7 +176,7 @@ parts:
144 - libcurl4-openssl-dev176 - libcurl4-openssl-dev
145 - libssl-dev177 - libssl-dev
146 - libtool178 - libtool
147 snap:179 prime:
148 - -include180 - -include
149 after:181 after:
150 - tpm2-tss182 - tpm2-tss
diff --git a/spread.yaml b/spread.yaml
index 77659ce..0b5f803 100644
--- a/spread.yaml
+++ b/spread.yaml
@@ -1,5 +1,5 @@
1#1#
2# Copyright (C) 2016 Canonical Ltd2# Copyright (C) 2017 Canonical Ltd
3#3#
4# This program is free software: you can redistribute it and/or modify4# This program is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License version 3 as5# it under the terms of the GNU General Public License version 3 as
@@ -20,8 +20,11 @@ environment:
20 PROJECT_PATH: /home/tpm220 PROJECT_PATH: /home/tpm2
21 TESTSLIB: $PROJECT_PATH/tests/lib21 TESTSLIB: $PROJECT_PATH/tests/lib
22 SNAP_NAME: tpm222 SNAP_NAME: tpm2
23 SNAP_ARCH: amd64
23 # Allow the host to pass the channel to use for the test run24 # Allow the host to pass the channel to use for the test run
24 SNAP_CHANNEL: $(HOST:echo $SNAP_CHANNEL)25 SNAP_CHANNEL: $(HOST:echo $SNAP_CHANNEL)
26 SNAP_AUTOCONNECT_CORE_PLUGS: network network-bind tpm
27 SNAP_AUTO_ALIASES: tpm2_activatecredential tpm2_akparse tpm2_certify tpm2_create tpm2_createprimary tpm2_encryptdecrypt tpm2_evictcontrol tpm2_getmanufec tpm2_getpubak tpm2_getpubek tpm2_getrandom tpm2_hash tpm2_hmac tpm2_listpcrs tpm2_load tpm2_loadexternal tpm2_makecredential tpm2_nvdefine tpm2_nvlist tpm2_nvread tpm2_nvrelease tpm2_nvwrite tpm2_quote tpm2_rc_decode tpm2_readpublic tpm2_rsadecrypt tpm2_rsaencrypt tpm2_sign tpm2_takeownership tpm2_unseal tpm2_verifysignature
2528
26backends:29backends:
27 qemu:30 qemu:
diff --git a/tests/image/.create-image.sh.swp b/tests/image/.create-image.sh.swp
28deleted file mode 10064431deleted file mode 100644
index e94bc8c..0000000
29Binary files a/tests/image/.create-image.sh.swp and /dev/null differ32Binary files a/tests/image/.create-image.sh.swp and /dev/null differ
diff --git a/tests/image/README.md b/tests/image/README.md
30deleted file mode 10064433deleted file mode 100644
index b75b66e..0000000
--- a/tests/image/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
1# Generate user password
2
3You can generate the password for the system user assertion via
4
5```
6 $ python3 -c 'import crypt; print(crypt.crypt("test", crypt.mksalt(crypt.METHOD_SHA512)))'
7```
diff --git a/tests/image/create-image.sh b/tests/image/create-image.sh
8deleted file mode 1007550deleted file mode 100755
index 0875b55..0000000
--- a/tests/image/create-image.sh
+++ /dev/null
@@ -1,156 +0,0 @@
1#!/bin/bash
2#
3# Copyright (C) 2016 Canonical Ltd
4#
5# This program is free software: you can redistribute it and/or modify
6# it under the terms of the GNU General Public License version 3 as
7# published by the Free Software Foundation.
8#
9# This program is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with this program. If not, see <http://www.gnu.org/licenses/>.
16
17set -e
18
19if [ $(id -u) -ne 0 ] ; then
20 echo "ERROR: needs to be executed as root"
21 exit 1
22fi
23
24channel=candidate
25if [ ! -z "$1" ] ; then
26 channel=$1
27fi
28
29snap=
30if [ ! -z "$2" ] ; then
31 snap=$2
32fi
33
34model=pc
35arch=amd64
36image_name=ubuntu-core-16.img
37ubuntu_image_extra_args=
38
39if [ ! -z "$snap" ] ; then
40 ubuntu_image_extra_args="--extra-snaps $snap"
41fi
42
43ubuntu-image \
44 --channel $channel \
45 -o $image_name \
46 $ubuntu_image_extra_args \
47 $model.model
48
49kpartx -a $image_name
50sleep 0.5
51
52loop_path=`findfs LABEL=writable`
53tmp_mount=`mktemp -d`
54
55mount $loop_path $tmp_mount
56
57# Migrate all systemd units from core snap into the writable area. This
58# would be normally done on firstboot by the initramfs but we can't rely
59# on that because we are adding another file in there and that will
60# prevent the initramfs from transitioning any files.
61core_snap=$(find $tmp_mount/system-data/var/lib/snapd/snaps -name "core_*.snap")
62tmp_core=`mktemp -d`
63mount $core_snap $tmp_core
64mkdir -p $tmp_mount/system-data/etc/systemd
65cp -rav $tmp_core/etc/systemd/* \
66 $tmp_mount/system-data/etc/systemd/
67umount $tmp_core
68rm -rf $tmp_core
69
70# system-user assertion which gives us our test:test user we use to
71# log into the system
72mkdir -p $tmp_mount/system-data/var/lib/snapd/seed/assertions
73cp test-user.assertion $tmp_mount/system-data/var/lib/snapd/seed/assertions
74
75# Disable console-conf for the first boot
76mkdir -p $tmp_mount/system-data/var/lib/console-conf/
77touch $tmp_mount/system-data/var/lib/console-conf/complete
78
79# Create systemd service which is running on firstboot and sets up
80# various things for us.
81mkdir -p $tmp_mount/system-data/etc/systemd/system
82cat << 'EOF' > $tmp_mount/system-data/etc/systemd/system/devmode-firstboot.service
83[Unit]
84Description=Run devmode firstboot setup
85After=snapd.service snapd.socket
86
87[Service]
88Type=oneshot
89ExecStart=/writable/system-data/var/lib/devmode-firstboot/run.sh
90RemainAfterExit=yes
91TimeoutSec=3min
92EOF
93
94mkdir -p $tmp_mount/system-data/etc/systemd/system/multi-user.target.wants
95ln -sf /etc/systemd/system/devmode-firstboot.service \
96 $tmp_mount/system-data/etc/systemd/system/multi-user.target.wants/devmode-firstboot.service
97
98mkdir $tmp_mount/system-data/var/lib/devmode-firstboot
99cat << EOF > $tmp_mount/system-data/var/lib/devmode-firstboot/00-snapd-config.yaml
100network:
101 version: 2
102 ethernets:
103 eth0:
104 dhcp4: true
105EOF
106
107cat << 'EOF' > $tmp_mount/system-data/var/lib/devmode-firstboot/run.sh
108#!/bin/bash
109
110set -e
111
112# Don't start again if we're already done
113if [ -e /writable/system-data/var/lib/devmode-firstboot/complete ] ; then
114 exit 0
115fi
116
117echo "Start devmode-firstboot $(date -Iseconds --utc)"
118
119if [ "$(snap managed)" = "true" ]; then
120 echo "System already managed, exiting"
121 exit 0
122fi
123
124# no changes at all
125while ! snap changes ; do
126 echo "No changes yet, waiting"
127 sleep 1
128done
129
130while snap changes | grep -qE '(Do|Doing) .*Initialize system state' ; do
131 echo "Initialize system state is in progress, waiting"
132 sleep 1
133done
134
135if [ -n "$(snap known system-user)" ]; then
136 echo "Trying to create known user"
137 snap create-user --known --sudoer
138fi
139
140cp /writable/system-data/var/lib/devmode-firstboot/00-snapd-config.yaml /writable/system-data/etc/netplan
141
142# Enable console-conf again
143rm /writable/system-data/var/lib/console-conf/complete
144
145# Mark us done
146touch /writable/system-data/var/lib/devmode-firstboot/complete
147
148# Reboot the system as its now prepared for the user
149reboot
150EOF
151
152chmod +x $tmp_mount/system-data/var/lib/devmode-firstboot/run.sh
153
154umount $tmp_mount
155kpartx -d $image_name
156rm -rf $tmp_mount
diff --git a/tests/image/pc-model.json b/tests/image/pc-model.json
157deleted file mode 1006440deleted file mode 100644
index 2eb1411..0000000
--- a/tests/image/pc-model.json
+++ /dev/null
@@ -1,11 +0,0 @@
1{
2 "type": "model",
3 "authority-id": "4BKZlf4WMNBKgQfij0rftmp5BzDdVhlf",
4 "brand-id": "4BKZlf4WMNBKgQfij0rftmp5BzDdVhlf",
5 "series": "16",
6 "model": "pc",
7 "architecture": "amd64",
8 "gadget": "pc",
9 "kernel": "pc-kernel",
10 "timestamp": "2016-09-09T08:27:36+00:00"
11}
diff --git a/tests/image/pc.model b/tests/image/pc.model
12deleted file mode 1006440deleted file mode 100644
index 345b7e4..0000000
--- a/tests/image/pc.model
+++ /dev/null
@@ -1,21 +0,0 @@
1type: model
2authority-id: 4BKZlf4WMNBKgQfij0rftmp5BzDdVhlf
3series: 16
4brand-id: 4BKZlf4WMNBKgQfij0rftmp5BzDdVhlf
5model: pc
6architecture: amd64
7gadget: pc
8kernel: pc-kernel
9timestamp: 2016-09-09T08:27:36+00:00
10sign-key-sha3-384: a4qX7md6GQGNcZc_cmWPBStTq4RNCnGTzF-4usF5wFylQ-xZQej-SD6prx8Yl89O
11
12AcLBXAQAAQoABgUCWBBNTwAKCRAVoE002xqmOPH/EACWLf1UeZgICjNbzLI5bO/84LExS8iUjarG
13S7DRn8Ln5zu44pxz7UXJNjULgnU8yuKVPVWg0ij7DRvaj8tGxOMMAls1fjSRtEYR8oJFsI3jXDGw
14cLjvJG/crUxV8DgdZFlF02Kb5VtmNDXs1OE3zpPeniG19JYHaf2hDz4SRmWZe4c2MFrAt2UwI/VC
15o/209Fl3qA8p8x5EYOBycgHooHm3924NTF9mXbKSfLRgGS7YzmN4FXFyiGOTY6CRsp37XnkxGcA1
16+lyZz1X97qT/fOGVUFqHDqUZmuCs5sC3+DNonytTgKt5+7S+V+Ai45HEayD5f4gS9uscnTMTwEEJ
17VgSZRU0My+iJwFlXHaGWQe9eC37YCZ3ahBxc2SpkFffXjYhEMtTtr1vDIYCAhbc2k8aa3hPE2GUg
183pv8zs1AuZzSVX+Rp4ysMBqU23UUVP6Bmvr7ZD3E8aEUxE6O/BEA10Km5oZPqpmBfcEVO8a0yZjn
19YQxn4XzY1Nwq1d0sJIV7FEDsq9dXH9QCa4qsCH3KG3jHv32GapvLf8mpr6HSH+JmPM5kNeVugLVy
20/RUAFNu+Y4hqhpRNC8fc+UDkVBXsLDqHb5gfXnhbFIH8LvpVFR20SSkg9/Km5xC+7wcey0h8SD6/
21Eh70OPLxDkzitEn/1L/0V987dlJnhS4WpqrYfbHYwQ==
diff --git a/tests/image/test-user-assertion.json b/tests/image/test-user-assertion.json
22deleted file mode 1006440deleted file mode 100644
index 81f6beb..0000000
--- a/tests/image/test-user-assertion.json
+++ /dev/null
@@ -1,13 +0,0 @@
1{
2 "type": "system-user",
3 "authority-id": "4BKZlf4WMNBKgQfij0rftmp5BzDdVhlf",
4 "brand-id": "4BKZlf4WMNBKgQfij0rftmp5BzDdVhlf",
5 "series": ["16"],
6 "models": ["pc"],
7 "name": "Default Test User",
8 "username": "test",
9 "email": "test@localhost",
10 "password": "$6$OCvKy4w/Ppxp7IvC$WPzWiIW.4y18h9htjbOuxLZ.sjQ5M2hoSiEu3FpMU0PMdHQuQdBOqvk8p6DMdS/R/nU/rXidClD23CbSkSgp30",
11 "since": "2016-10-24T07:12:10+00:00",
12 "until": "2017-10-24T07:12:10+00:00"
13}
diff --git a/tests/image/test-user.assertion b/tests/image/test-user.assertion
14deleted file mode 1006440deleted file mode 100644
index 7ebb667..0000000
--- a/tests/image/test-user.assertion
+++ /dev/null
@@ -1,25 +0,0 @@
1type: system-user
2authority-id: 4BKZlf4WMNBKgQfij0rftmp5BzDdVhlf
3brand-id: 4BKZlf4WMNBKgQfij0rftmp5BzDdVhlf
4email: test@localhost
5models:
6 - pc
7name: Default Test User
8password: $6$OCvKy4w/Ppxp7IvC$WPzWiIW.4y18h9htjbOuxLZ.sjQ5M2hoSiEu3FpMU0PMdHQuQdBOqvk8p6DMdS/R/nU/rXidClD23CbSkSgp30
9series:
10 - 16
11since: 2016-10-24T07:12:10+00:00
12until: 2017-10-24T07:12:10+00:00
13username: test
14sign-key-sha3-384: a4qX7md6GQGNcZc_cmWPBStTq4RNCnGTzF-4usF5wFylQ-xZQej-SD6prx8Yl89O
15
16AcLBXAQAAQoABgUCWBBOJAAKCRAVoE002xqmOKaRD/0cEKWb2nbwhk+BTgOrYZHrwzjbIWTZznDh
17xCD6JWF/yr9br1vEmRz2zCNPPWZgFH9HaJ+mT/lktWIs7VVMIdwMDWYOR8P9rdWM/Jx6iyB3z0OI
18YO31zaU4XLyolv/YSj/nFXMMD+jIeE4l8j4AtCSJwd7ZS9Jz8F/RfrD8EpG0JU1F55lq8MC0mjZ4
19ul5ws8k9UiP8nA5IAG30NvvReiUGYqtdkO43eQmy88WABL95MbFsbfEk4/VduG0Gt3y/T8vDDcF6
20NJEm8L+O9IXnPBAje0Ve0NX3YtOE3CDTkYRKR7xFFJq2cJVCSvf9CsorREg4KyfagIdMKDSa5Tiq
21FzoAJTfI0ltq5cAnLImtxFKulJ+AnGUNMLrKFr1H0FGtqTZBfs/PcIxy0qY0YDXSF4/9F2PUBdQS
22tSmN6pT9t1FCGy2Rf5n3QV4e0R2JzS6Kx+vdbPMYqhssQosLU5GwlWj8UbevtphAGf8u8nLBDYWs
23MNIPi0IrPmzIewZBD05A6a8T+oHZ9dIg5SAnJ4gmz0sCzNDKarvYqLpcU1rZzu78/UypbHXDvBAt
24gnxYpD6WHR2aHSeyx3WvOp130jFco2/55M0RTEm50isO1uv2DqTn9ULkBdCrG/zOqEmZgY18ds3P
25yTaAbaIAqUe7scpAHY0a31tfnXq8cRyEX03e9g2Mrg==
diff --git a/tests/lib/prepare-all.sh b/tests/lib/prepare-all.sh
index 80be76f..cdb1b80 100644
--- a/tests/lib/prepare-all.sh
+++ b/tests/lib/prepare-all.sh
@@ -6,14 +6,14 @@ if [ -n "$SNAP_CHANNEL" ] ; then
6 exit 06 exit 0
7fi7fi
88
9# Setup classic snap and build the tpm2 snap in there9# Set up classic snap and build the tpm2 snap in there
10snap install --devmode --beta classic10snap install --devmode --beta classic
11cat <<-EOF > /home/test/build-snap.sh11cat <<-EOF > /home/test/build-snap.sh
12#!/bin/sh12#!/bin/sh
13set -ex13set -ex
14apt update14apt update
15apt install -y --force-yes snapcraft15apt install -y --force-yes snapcraft
16cd /home/tpm216cd ${PROJECT_PATH}
17snapcraft clean17snapcraft clean
18snapcraft18snapcraft
19EOF19EOF
@@ -22,4 +22,4 @@ sudo classic /home/test/build-snap.sh
22snap remove classic22snap remove classic
2323
24# Make sure we have a snap build24# Make sure we have a snap build
25test -e /home/tpm2/tpm2_*_amd64.snap25test -e ${PROJECT_PATH}/${SNAP_NAME}_*_${SNAP_ARCH}.snap
diff --git a/tests/lib/prepare.sh b/tests/lib/prepare.sh
index 2fd3d79..e14a9b2 100644
--- a/tests/lib/prepare.sh
+++ b/tests/lib/prepare.sh
@@ -1,5 +1,7 @@
1#!/bin/bash1#!/bin/bash
22
3. $TESTSLIB/utilities.sh
4
3echo "Wait for firstboot change to be ready"5echo "Wait for firstboot change to be ready"
4while ! snap changes | grep -q "Done"; do6while ! snap changes | grep -q "Done"; do
5 snap changes || true7 snap changes || true
@@ -21,28 +23,12 @@ done
21echo "Kernel has a store revision"23echo "Kernel has a store revision"
22snap list | grep ^${kernel_name} | grep -E " [0-9]+\s+canonical"24snap list | grep ^${kernel_name} | grep -E " [0-9]+\s+canonical"
2325
24# If we don't install tpm2 here we get a system26install_snap_under_test
25# without any network connectivity after reboot.
26if [ -n "$SNAP_CHANNEL" ] ; then
27 # Don't reinstall if we have it installed already
28 if ! snap list | grep tpm2 ; then
29 snap install --$SNAP_CHANNEL tpm2
30 fi
31else
32 # Install prebuilt tpm2 snap
33 snap install --dangerous /home/tpm2/tpm2_*_amd64.snap
34 # As we have a snap which we build locally its unasserted and therefor
35 # we don't have any snap-declarations in place and need to manually
36 # connect all plugs.
37 snap connect tpm2:tpm core:tpm
38 snap connect tpm2:network core:network
39 snap connect tpm2:network-bind core:network-bind
40fi
4127
42# Snapshot of the current snapd state for a later restore28# Snapshot of the current snapd state for a later restore
43if [ ! -f $SPREAD_PATH/snapd-state.tar.gz ] ; then29if [ ! -f $SPREAD_PATH/snapd-state.tar.gz ] ; then
44 systemctl stop snapd.service snapd.socket30 systemctl stop snapd.service snapd.socket
45 tar czf $SPREAD_PATH/snapd-state.tar.gz /var/lib/snapd /etc/netplan31 tar czf $SPREAD_PATH/snapd-state.tar.gz /var/lib/snapd
46 systemctl start snapd.socket32 systemctl start snapd.socket
47fi33fi
4834
diff --git a/tests/lib/utilities.sh b/tests/lib/utilities.sh
49new file mode 10064435new file mode 100644
index 0000000..03e29dc
--- /dev/null
+++ b/tests/lib/utilities.sh
@@ -0,0 +1,39 @@
1#!/bin/sh
2
3wait_for_systemd_service() {
4 while ! systemctl status $1 ; do
5 sleep 1
6 done
7 sleep 1
8}
9
10wait_for_systemd_service_exit() {
11 while systemctl status $1 ; do
12 sleep 1
13 done
14 sleep 1
15}
16
17install_snap_under_test() {
18 # If we don't install the snap here we get a system
19 # without any network connectivity after reboot.
20 if [ -n "$SNAP_CHANNEL" ] ; then
21 # Don't reinstall if we have it installed already
22 if ! snap list | grep $SNAP_NAME ; then
23 snap install --$SNAP_CHANNEL $SNAP_NAME
24 fi
25 else
26 # Install prebuilt snap
27 snap install --dangerous ${PROJECT_PATH}/${SNAP_NAME}_*_${SNAP_ARCH}.snap
28 # As we have a snap which we build locally it's unasserted and therefore
29 # we don't have any snap-declarations in place and need to manually
30 # connect all plugs.
31 for plug in $SNAP_AUTOCONNECT_CORE_PLUGS ; do
32 snap connect ${SNAP_NAME}:${plug} core
33 done
34 # Setup all necessary aliases
35 for alias in $SNAP_AUTO_ALIASES ; do
36 snap alias $SNAP_NAME $alias
37 done
38 fi
39}
diff --git a/tests/main/installation/task.yaml b/tests/main/installation/task.yaml
index aaddf25..f47e701 100644
--- a/tests/main/installation/task.yaml
+++ b/tests/main/installation/task.yaml
@@ -5,3 +5,36 @@ execute: |
5 snap interfaces | grep -Pzq ":tpm +tpm2"5 snap interfaces | grep -Pzq ":tpm +tpm2"
6 snap interfaces | grep -Pzq ":network +tpm2"6 snap interfaces | grep -Pzq ":network +tpm2"
7 snap interfaces | grep -Pzq ":network-bind +tpm2"7 snap interfaces | grep -Pzq ":network-bind +tpm2"
8
9 # Verify aliases are set up
10 test -x /snap/bin/tpm2_activatecredential
11 test -x /snap/bin/tpm2_akparse
12 test -x /snap/bin/tpm2_certify
13 test -x /snap/bin/tpm2_create
14 test -x /snap/bin/tpm2_createprimary
15 test -x /snap/bin/tpm2_encryptdecrypt
16 test -x /snap/bin/tpm2_evictcontrol
17 test -x /snap/bin/tpm2_getmanufec
18 test -x /snap/bin/tpm2_getpubak
19 test -x /snap/bin/tpm2_getpubek
20 test -x /snap/bin/tpm2_getrandom
21 test -x /snap/bin/tpm2_hash
22 test -x /snap/bin/tpm2_hmac
23 test -x /snap/bin/tpm2_listpcrs
24 test -x /snap/bin/tpm2_load
25 test -x /snap/bin/tpm2_loadexternal
26 test -x /snap/bin/tpm2_makecredential
27 test -x /snap/bin/tpm2_nvdefine
28 test -x /snap/bin/tpm2_nvlist
29 test -x /snap/bin/tpm2_nvread
30 test -x /snap/bin/tpm2_nvrelease
31 test -x /snap/bin/tpm2_nvwrite
32 test -x /snap/bin/tpm2_quote
33 test -x /snap/bin/tpm2_rc_decode
34 test -x /snap/bin/tpm2_readpublic
35 test -x /snap/bin/tpm2_rsadecrypt
36 test -x /snap/bin/tpm2_rsaencrypt
37 test -x /snap/bin/tpm2_sign
38 test -x /snap/bin/tpm2_takeownership
39 test -x /snap/bin/tpm2_unseal
40 test -x /snap/bin/tpm2_verifysignature

Subscribers

People subscribed via source and target branches

to all changes: