- Bump to noble-20251013
- Include tools for sage lab, build TF-A for platforms there.
- Switch to distro provided trace-cmd, add libengine-pkcs11-openssl
- Use mirrors for GNU projects
- Switch to QEMU 10.1.x
Signed-off-by: Tom Rini <trini@konsulko.com>
Quentin Schulz <foss+uboot@0leil.net> says:
I have to add one (1) package to the Dockerfile as a new dependency and
wanted to build the image to verify it works. I wasn't able to because
GNU servers are just not reliable at all.
The git server URL we're using doesn't seem to be a mirrored one, and
switching to mirror URLs seem to make fetching possible again.
Unfortunately, we don't have the option to do that for coreboot's
dependencies, though we can ask coreboot to download the dependencies
through its own mirror, which we do in this series.
Link: https://lore.kernel.org/r/20251127-gnu-mirror-v2-0-c86fa2e8d464@cherry.de
In the future, we'll need proper pkcs11 support so that we can validate
mkimage/binman works well with pkcs11 OpenSSL engine/provider via
softhsm2-util (already installed).
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
Now that we have moved to Ubuntu 24.04 the distribution provided
trace-cmd is new enough for our needs. Switch to installing that and
stop building it from source.
Signed-off-by: Tom Rini <trini@konsulko.com>
The current release of QEMU is 10.1.2 and we should be tracking at least
that new currently, to help find and fix emulation problems. This will
make it smaller of a change when we move to 10.1.3 which will re-enable
sifive_unleashed_sdcard testing again.
Signed-off-by: Tom Rini <trini@konsulko.com>
This series adds support for Gitlab pipelines to run our pytest suite on
a limited number of hardware platforms. While better documentation and
some further enhancements will be coming soon, this can be triggered by
passing '-o ci.variable="SAGE_LAB=1"' to git push, or adding
'pushOption = ci.variable="SAGE_LAB=1"' to the .git/config file for the
project. It can also be invoked manually from the pipeline webpage on a
an existing pipeline.
Link: https://lore.kernel.org/r/20251118210015.624758-1-trini@konsulko.com
Add snmp and rsync to the normal docker image. While these tools are
only required for the lab on sage, I think it's a small enough addition
to be worth always including at this point. A higher level TODO I think
may be to see if we can / should split the resulting container up, or
if there's host tooling we can remove at a later step, after building
all the software we require.
Signed-off-by: Tom Rini <trini@konsulko.com>
In order to add pine64_plus to the sage lab we will need to have a build
of TF-A available for it as bl31.bin. Add this to the existing build
loop of TF-A targets.
Signed-off-by: Tom Rini <trini@konsulko.com>
coreboot buildgcc script downloads GNU dependencies from GNU FTP server.
For some reason, this is also as unreliable as their git main server.
There's no option to use a GNU mirror (and I'm not even sure if there's
one for FTP), so we simply pass --mirror to the buildgcc script via the
BUILDGCC_OPTIONS variable so that it makes use of coreboot's mirror.
Hopefully, this proves more reliable than GNU original FTP server.
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
grub bootstrap script downloads gnulib from a non-mirror URL and thus is
unreliable.
One can specify the URL to fetch from with GNULIB_URL environment
variable, so let's make this variable point at a mirror URL.
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
GNU announced they activated mirrors for git servers[1] in May this
year.
The main git server keeps being very unreliable and switching to those
mirrors seems to improve reliability (albeit somewhat slow).
Yes, the URL in this patch has nothing in common with the URL in the
linked mail, it was extracted from the Clone section in the mirrored
cgit page[2].
While at it, switch to the HTTPS clone which is "more secure" than git
protocol.
[1] https://lists.gnu.org/archive/html/savannah-users/2025-05/msg00002.html
[2] https://cgit.git.savannah.gnu.org/cgit/grub.git/
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
- Move to jammy-20251013 tag
- Bring in tkinter so that FATtools should run and more tests should be
run.
- Update to QEMU 10.0.6
- Pick tags for (most of) trace-cmd
Signed-off-by: Tom Rini <trini@konsulko.com>
We have not been picking a tag for the trace-cmd build process.
Currently the tip of libtraceevent fails to build. Address both problems
here by picking recent stable tags for libtraceevent and libtracefs
(trace-cmd has no recent tags). Further, as it is often reported that
this fails to build due to a race, stop using "make -j$(nproc)" as this
is also small enough of a set of builds to not be an issue.
Signed-off-by: Tom Rini <trini@konsulko.com>
In some cases our tests for exFAT don't run because we fail to be able
to create the underlying image. This is in turn because while creation
of the image succeeds, it seems that some way of how we invoke FATtools
wants to import tkinter, that fails and so the test stops there. Having
tkinter available (and then presumably a fallback to non-GUI because
it's not available) leads to the tests running as expected.
Reviewed-by: Marek Vasut <marek.vasut@mailbox.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
The QEMU project has the 10.0.x series as an LTS release. While we are
not doing an LTS ourselves, we can be confident in the changes between
10.0.2 and 10.0.6, so update ourselves.
Signed-off-by: Tom Rini <trini@konsulko.com>
The Dockerfile is using linux/arm64 without the /v8 suffix.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The changes here are that we need to ensure python setuptools are
in our build virtual environments as they will no longer come in via
python even in a virtual environment. As part of this ensure setuptools
is in our cache and also include pytest-azurepipelines as we should have
been doing. Next, we move away from using apt-key directly and move that
stanza towards the rest of the apt work. This also lets us drop
directly installing gnupg2. These steps are not strictly required for
24.04 but will be for later releases and are valid now. Finally, we drop
the unused PTYHONPATH ENV line.
In order to use these containers however, we need to stop running the
event_dump test as the 'addr2line' tool provided by binutils no longer
is able to decode those specific events in most cases. As this is a
problem with binutils and present for some time now, disabling the test
until someone has time to work with upstream this seems reasonable.
Signed-off-by: Tom Rini <trini@konsulko.com>
This also incorporates the following commits to the Dockerfile:
da7942de29f7 Dockerfile: remove Python 2.7
183299d9a400 docker: add OP-TEE and TF-A build for testing Firmware Handoff
Signed-off-by: Tom Rini <trini@konsulko.com>
We don't use Python 2 anywhere. Remove the package from our Docker image.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Fetch OP-TEE (4.7.0), TF-A (v2.13.0), MbedTLS (v3.6) and build
bl1 and fip with both Firmware Handoff and Measured Boot enabled.
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
- Update to Ubuntu "Jammy" 20250714 tag
- Update to current Dockerfile which brings us QEMU 10.0.2 and newer
coreboot and pulls in lz4 via the non-legacy package name.
Signed-off-by: Tom Rini <trini@konsulko.com>
At this point there's problems rebuilding coreboot-24.08 without manual
intervention. Let us upgrade to a newer version.
Signed-off-by: Tom Rini <trini@konsulko.com>
Since Ubuntu Jammy lz4-tools is only a virtual package which pulls in
lz4 as dependency.
Update documentation too.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This adds the vexpress_fvp and vexpress_fvp_bloblist platforms to the
list of platforms we test via emulator in CI. In order to do this we
need to first have our container runtime have TF-A builds for the
vexpress_fvp platform, both with and without transfer list support as
well as installing "telnet" so that we can access console. In the CI
files we check for the existence of /opt/tf-a/${TEST_PY_BD} and if
found, copy bl1.bin and fip.bin to /tmp and set the variables so that we
can later run FVP to run.
Note that we currently disable the hostfs (semihosting) tests as they
trigger a bug in FVP. This has been reported upstream, and can be
enabled when fixed.
Reviewed-by: Harrison Mutai <harrison.mutai@arm.com>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Using some form of sandbox with Python modules is a long standing best
practice with the language. There are a number of ways to have a Python
sandbox be created. At this point in time, it seems the Python community
is moving towards using the "venv" module provided with Python rather
than a separate tool. To match that we make the following changes:
- Refer to a "Python sandbox" rather than virtualenv in comments, etc.
- Install the python3-venv module in our container and not virtualenv.
- In our CI files, invoke "python -m venv" rather than "virtualenv".
- In documentation, tell users to install python3-venv and not
virtualenv.
Signed-off-by: Tom Rini <trini@konsulko.com>
We had previously gotten this package through a chain of dependencies
with guestfs-tools. Now that we no longer install that package, install
fdisk (for sfdisk) directly.
Fixes: eb1b90ec57a4 ("Dockerfile: Update to drop virt-make-fs packages")
Signed-off-by: Tom Rini <trini@konsulko.com>
There are some reference platforms from Arm which are not found in QEMU
but instead in the FVP tool. As we can make use of this in CI later on,
download and extract it in our Dockerfile today.
Signed-off-by: Tom Rini <trini@konsulko.com>
Outside of changing versions here the other visible change is that we
tell grub that riscv64 does not have "large model" support. Without this
change the resulting mkimage is non-functional. This is known upstream
already.
Link: https://savannah.gnu.org/bugs/?65909
Signed-off-by: Tom Rini <trini@konsulko.com>
Now that we do not need nor want people to use virt-make-fs for
filesystem tests, remove the related packages from the installation
list.
Signed-off-by: Tom Rini <trini@konsulko.com>
Add tests for the exfat filesystem. These tests are largely an
extension of the FS_GENERIC tests with the following notable
exceptions.
The filesystem image for exfat tests is generated using combination
of exfatprogs mkfs.exfat and python fattools. The fattols are capable
of generating exfat filesystem images too, but this is not used, the
fattools are only used as a replacement for dosfstools 'mcopy' and
'mdir', which are used to insert files and directories into existing
fatfs images and list existing fatfs images respectively, without the
need for superuser access to mount such images.
The exfat filesystem has no filesystem specific command, there is only
the generic filesystem command interface, therefore check_ubconfig()
has to special case exfat and skip check for CONFIG_CMD_EXFAT and
instead check for CONFIG_FS_EXFAT.
Signed-off-by: Marek Vasut <marex@denx.de>
Now that we have more requirements.txt files we need to grab all of them
for creating our cache. Also, we do longer should install
python3-pyelftools on the host as it's not used.
Signed-off-by: Tom Rini <trini@konsulko.com>
We should always look in our downloaded toolchains first and then for
host-provided toolchains.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We do not want to use the host toolchain for building our platforms in
CI (it is both too old, and would be inconsistent with our CI
practices). To do this we need to set the toolchain-prefix so that we
don't end up guessing "/opt/.../aarch64-linux-aarch64-linux-" as the
prefix.
Link: https://source.denx.de/u-boot/custodians/u-boot-dm/-/issues/32
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Remove the rest of the places where we hard-code the version of the
toolchain we're using.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
The xtensa architecture is interesting in that the platforms we support
are only valid on the binary-only toolchains as the DC233C instruction
set requires those toolchains (and not the FSF instruction set). Only
install the binary toolchain on amd64 hosts and only run the tests on
them as well.
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Refactor the code to support downloading toolchains for arm64 as well as
x86_64
There doesn't seem to be an xtensa toolchain for arm64 at the same
location, so download that only on x86
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Fix a warning due to the syntax used for PYTHONPATH:
LegacyKeyValueFormat: "ENV key=value" should be used instead of
legacy "ENV key value" format (line 304)
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Tom Rini <trini@konsulko.com>
We no longer need to install libc6-i386 so we can drop that. Switch to
installing linux-image-generic as that will be available on all hosts,
to provide the /boot/vmlinu* file that's requires for various tools.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Add instructions on how to build the file for multiple architectures.
Add a message indicating what is happening.
Update the documentation as well.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
Instead of deleting /var/lib/apt/lists after each relevant RUN line, use
a cache mount as is the current best practices.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
