| Message ID | 20220603115618.985568-1-Quirin.Gylstorff@siemens.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Adapt isar-cip-core to ISAR IMAGE_CMD_* | expand |
On 03.06.22 13:56, Quirin Gylstorff wrote: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > This series adapt isar-cip-core to the IMAGE_CMD_* introduced in > ISAR commit [1]. See also ISAR API changelog[2]. > > This new feature remove the *.img from all wic images. > > Also as new naming convention image recipes no longer end with `-img`. > > The image types wic-swu-img and secure-wic-swu-img were removed. > Rename `squashfs-img` to squashfs according new naming scheme. > > To use squashfs include: > > IMAGE_CLASSES += "squashfs" > IMAGE_TYPEDEP_wic += "squashfs" > > > To create a verity based image to following line need to be added > to the local.conf or similar configuration: > > IMAGE_CLASSES += "verity" > > The modifications for a read-only root file system are now part > of a bbclass which can be include directly into the image > recipe. > > The modifications to generate a SWUpdate update package are > also no longer part of the image build process and in a seperate > bbclass. This class needs to be included in the image recipe. > > Please check/test the interface changes for swupdate and read-only root > file system. > > I tested qemu-amd64/qemu-arm64 with swupdate and secure boot. > > Quirin > > [1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14 > [2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types > > Quirin Gylstorff (4): > ISAR update > start-qemu.sh: adapt to new image names > Adapt swupdate and verity to use new IMAGE_CMD_* > scripts/deploy-cip-core: Adapt to new image names Thanks for this update. I'll have a look and also try to apply it to meta-iot2050 as test case. One question: Is the series bisection-safe, or are the patches 3 and 4 needed to build again. Patch 2 is likely needed to run the result again after patch 1, right? Jan
On 03.06.22 17:27, Jan Kiszka wrote: > On 03.06.22 13:56, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in >> ISAR commit [1]. See also ISAR API changelog[2]. >> >> This new feature remove the *.img from all wic images. >> >> Also as new naming convention image recipes no longer end with `-img`. >> >> The image types wic-swu-img and secure-wic-swu-img were removed. >> Rename `squashfs-img` to squashfs according new naming scheme. >> >> To use squashfs include: >> >> IMAGE_CLASSES += "squashfs" >> IMAGE_TYPEDEP_wic += "squashfs" >> >> >> To create a verity based image to following line need to be added >> to the local.conf or similar configuration: >> >> IMAGE_CLASSES += "verity" >> >> The modifications for a read-only root file system are now part >> of a bbclass which can be include directly into the image >> recipe. >> >> The modifications to generate a SWUpdate update package are >> also no longer part of the image build process and in a seperate >> bbclass. This class needs to be included in the image recipe. >> >> Please check/test the interface changes for swupdate and read-only root >> file system. >> >> I tested qemu-amd64/qemu-arm64 with swupdate and secure boot. >> >> Quirin >> >> [1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14 >> [2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types >> >> Quirin Gylstorff (4): >> ISAR update >> start-qemu.sh: adapt to new image names >> Adapt swupdate and verity to use new IMAGE_CMD_* >> scripts/deploy-cip-core: Adapt to new image names > > Thanks for this update. I'll have a look and also try to apply it to > meta-iot2050 as test case. > > One question: Is the series bisection-safe, or are the patches 3 and 4 > needed to build again. Patch 2 is likely needed to run the result again > after patch 1, right? > Hmm, patch 4 is likely needed to ensure that CI is still passing with its deployment jobs. Jan
On 6/3/22 17:27, Jan Kiszka wrote: > On 03.06.22 13:56, Quirin Gylstorff wrote: >> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >> >> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in >> ISAR commit [1]. See also ISAR API changelog[2]. >> >> This new feature remove the *.img from all wic images. >> >> Also as new naming convention image recipes no longer end with `-img`. >> >> The image types wic-swu-img and secure-wic-swu-img were removed. >> Rename `squashfs-img` to squashfs according new naming scheme. >> >> To use squashfs include: >> >> IMAGE_CLASSES += "squashfs" >> IMAGE_TYPEDEP_wic += "squashfs" >> >> >> To create a verity based image to following line need to be added >> to the local.conf or similar configuration: >> >> IMAGE_CLASSES += "verity" >> >> The modifications for a read-only root file system are now part >> of a bbclass which can be include directly into the image >> recipe. >> >> The modifications to generate a SWUpdate update package are >> also no longer part of the image build process and in a seperate >> bbclass. This class needs to be included in the image recipe. >> >> Please check/test the interface changes for swupdate and read-only root >> file system. >> >> I tested qemu-amd64/qemu-arm64 with swupdate and secure boot. >> >> Quirin >> >> [1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14 >> [2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types >> >> Quirin Gylstorff (4): >> ISAR update >> start-qemu.sh: adapt to new image names >> Adapt swupdate and verity to use new IMAGE_CMD_* >> scripts/deploy-cip-core: Adapt to new image names > > Thanks for this update. I'll have a look and also try to apply it to > meta-iot2050 as test case. > > One question: Is the series bisection-safe, or are the patches 3 and 4 > needed to build again. Patch 2 is likely needed to run the result again > after patch 1, right? > I tried to make the patches bisection-safe. The build should work but the verity and swupdate functionality is not available after patch 1. patch 1 and 3 are the main changes. I will re-oder the patches. patches 2 and 4 are adaptation of scripts (qemu and ci chain). I found some errors in the CI build and will send an update. The errors are in kas/opt/wic-targz-img.yml and kas/opt/targz-img.yml. Quirin
On 03.06.22 17:33, Gylstorff Quirin wrote: > > > On 6/3/22 17:27, Jan Kiszka wrote: >> On 03.06.22 13:56, Quirin Gylstorff wrote: >>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com> >>> >>> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in >>> ISAR commit [1]. See also ISAR API changelog[2]. >>> >>> This new feature remove the *.img from all wic images. >>> >>> Also as new naming convention image recipes no longer end with `-img`. >>> >>> The image types wic-swu-img and secure-wic-swu-img were removed. >>> Rename `squashfs-img` to squashfs according new naming scheme. >>> >>> To use squashfs include: >>> >>> IMAGE_CLASSES += "squashfs" >>> IMAGE_TYPEDEP_wic += "squashfs" >>> >>> >>> To create a verity based image to following line need to be added >>> to the local.conf or similar configuration: >>> >>> IMAGE_CLASSES += "verity" >>> >>> The modifications for a read-only root file system are now part >>> of a bbclass which can be include directly into the image >>> recipe. >>> >>> The modifications to generate a SWUpdate update package are >>> also no longer part of the image build process and in a seperate >>> bbclass. This class needs to be included in the image recipe. >>> >>> Please check/test the interface changes for swupdate and read-only root >>> file system. >>> >>> I tested qemu-amd64/qemu-arm64 with swupdate and secure boot. >>> >>> Quirin >>> >>> [1]: >>> https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14 >>> >>> [2]: >>> https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types >>> >>> >>> Quirin Gylstorff (4): >>> ISAR update >>> start-qemu.sh: adapt to new image names >>> Adapt swupdate and verity to use new IMAGE_CMD_* >>> scripts/deploy-cip-core: Adapt to new image names >> >> Thanks for this update. I'll have a look and also try to apply it to >> meta-iot2050 as test case. >> >> One question: Is the series bisection-safe, or are the patches 3 and 4 >> needed to build again. Patch 2 is likely needed to run the result again >> after patch 1, right? >> > I tried to make the patches bisection-safe. The build should work but > the verity and swupdate functionality is not available after patch 1. > patch 1 and 3 are the main changes. > > I will re-oder the patches. > > patches 2 and 4 are adaptation of scripts (qemu and ci chain). > Will, CI should fail without patch 4, e.g. Probably, it's an all-or-nothing series from that perspective, and it only makes sense to break it up for readability reasons. > I found some errors in the CI build and will send an update. The errors > are in kas/opt/wic-targz-img.yml and kas/opt/targz-img.yml. > OK. Looking at more details now, some further remarks will follow. Jan
From: Quirin Gylstorff <quirin.gylstorff@siemens.com> This series adapt isar-cip-core to the IMAGE_CMD_* introduced in ISAR commit [1]. See also ISAR API changelog[2]. This new feature remove the *.img from all wic images. Also as new naming convention image recipes no longer end with `-img`. The image types wic-swu-img and secure-wic-swu-img were removed. Rename `squashfs-img` to squashfs according new naming scheme. To use squashfs include: IMAGE_CLASSES += "squashfs" IMAGE_TYPEDEP_wic += "squashfs" To create a verity based image to following line need to be added to the local.conf or similar configuration: IMAGE_CLASSES += "verity" The modifications for a read-only root file system are now part of a bbclass which can be include directly into the image recipe. The modifications to generate a SWUpdate update package are also no longer part of the image build process and in a seperate bbclass. This class needs to be included in the image recipe. Please check/test the interface changes for swupdate and read-only root file system. I tested qemu-amd64/qemu-arm64 with swupdate and secure boot. Quirin [1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14 [2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types Quirin Gylstorff (4): ISAR update start-qemu.sh: adapt to new image names Adapt swupdate and verity to use new IMAGE_CMD_* scripts/deploy-cip-core: Adapt to new image names ...u-img.bbclass => read-only-rootfs.bbclass} | 11 +--- classes/secure-wic-swu-img.bbclass | 15 ------ ...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++---- ...{swupdate-img.bbclass => swupdate.bbclass} | 8 +-- .../{verity-img.bbclass => verity.bbclass} | 51 +++++++++---------- classes/wic-targz-img.bbclass | 15 ------ conf/machine/bbb.conf | 2 +- conf/machine/hihope-rzg2m.conf | 2 +- conf/machine/iwg20m.conf | 2 +- conf/machine/qemu-amd64.conf | 2 +- conf/machine/qemu-arm.conf | 2 +- conf/machine/qemu-arm64.conf | 2 +- conf/machine/simatic-ipc227e.conf | 2 +- kas-cip.yml | 2 +- kas/opt/ebg-secure-boot-snakeoil.yml | 3 +- kas/opt/efibootguard.yml | 2 +- kas/opt/swupdate.yml | 4 +- kas/opt/targz-img.yml | 2 +- recipes-core/images/files/sw-description.tmpl | 1 - recipes-core/images/swupdate.inc | 6 ++- .../initramfs-verity-hook_0.1.bb | 2 +- scripts/deploy-cip-core.sh | 8 +-- start-qemu.sh | 8 +-- wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +- wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +- wic/x86-efibootguard.wks.in | 4 +- 26 files changed, 69 insertions(+), 110 deletions(-) rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%) delete mode 100644 classes/secure-wic-swu-img.bbclass rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%) rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%) rename classes/{verity-img.bbclass => verity.bbclass} (78%) delete mode 100644 classes/wic-targz-img.bbclass