Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Assume MOK is already enrolled, add tests #19

Draft
wants to merge 69 commits into
base: main
Choose a base branch
from
Draft

WIP: Assume MOK is already enrolled, add tests #19

Show file tree
Hide file tree
Changes from 68 commits
Commits
Show all changes
69 commits
Select commit Hold shift + click to select a range
77b5e1b
Add new "uki" role that doesn't enroll MOKs.
Sep 3, 2024
d6b98ff
Add libvirt-python and libxml as project requirements.
Sep 13, 2024
727a926
Add requirements file
Sep 13, 2024
08a9d74
Fix splitext call to extract index
Sep 13, 2024
04ffbad
Improve tests to the point that our machine starts.
Sep 16, 2024
14374dd
Remove VM template, will use virt-install instead.
Sep 18, 2024
de4a158
Configure a virtual machine for integration testing.
Sep 30, 2024
3265cff
Work so far on the test vm.
Nov 13, 2024
0991cfd
Configure the test VM to run in user mode.
Dec 3, 2024
cb0c9bd
Remove customization from test_image variable.
Dec 3, 2024
334c3a2
Remove unused config.yml in integration test dir.
Dec 3, 2024
92749b7
Remove workflows.
Dec 3, 2024
7a8f91b
Update scripts and tasks to work with ansible-test.
Dec 17, 2024
70f61c3
Updated Makefile to run the test machine setup.
Dec 23, 2024
6e9ec3d
Fixed detection of VM dependency state.
Dec 23, 2024
679e091
Fix quoting, remove unnecessary dependencies
Dec 24, 2024
e6ef983
Fix mok der file extension, use become
Dec 24, 2024
a1efa3f
Use generate fw image file, don't template it
Dec 24, 2024
9413236
Reduce delay to 25 sec, copy MOK files before test.
Dec 24, 2024
c22b22f
Fixed cert enrollment detection, pip install
Dec 24, 2024
7790116
Don't re-create vm, use ssh-keygen for host keys
Dec 24, 2024
d01d89d
Change sshd wait options, install packages
Dec 24, 2024
9b8ede9
Install python3-libdnf5 on first boot
Dec 24, 2024
c44b833
Wait for cloud-init to install libdnf5 bindings.
Dec 24, 2024
0259728
Clean known_hosts, rebuild machine on xml change
Dec 24, 2024
56cb01f
Write console to file, extract and trust host keys
Dec 24, 2024
3b57223
Remove unused task files and playbooks
Dec 24, 2024
bc318c7
Move test setup to a playbook, use platforms file
Dec 24, 2024
f7505b3
Removed unused test script
Dec 24, 2024
fd08389
Moved more makefile tasks to playbooks
Dec 24, 2024
44630fa
Fail the playbook post rescue, don't always reboot
Jan 9, 2025
f864724
Verify rebooted on UKI, install pip with package
Jan 9, 2025
ca24487
Add cryptography as a dependency
Jan 14, 2025
faac976
Teardown removes .build, clean to removes .cache
Jan 14, 2025
1efe138
Use pesign, cache platform images.
Jan 14, 2025
2c77e8c
Check whether a file exists before backup
Jan 14, 2025
50216ae
Remove unnecessary package install check
Jan 14, 2025
e081c72
Change "build" to "all", move clean to playbook
Jan 14, 2025
3b97a7a
Only pre-install libdnf5 on Fedora 41
Jan 14, 2025
605b723
Fix Debian platforms, detect mok change.
Jan 18, 2025
9f8e560
Remove unused handlers file.
Jan 18, 2025
adb57a6
Remove unused packages variables file.
Jan 18, 2025
b44291e
Add support for testing on macos aarch64
Jan 22, 2025
f9cb2a5
Fixed testing regression on linux
Jan 22, 2025
20a7cd5
Add idempotency run, use dnf for kernel reinstall
Jan 22, 2025
63aa35e
Remove dep on arp tables, get ips from console
Jan 22, 2025
2167bd6
Add more failure mode and idempotency tests
Jan 25, 2025
e12d476
Fix task ordering
Jan 25, 2025
fdb659d
Add a test to ensure UKIs are removed on Debian
Jan 25, 2025
55195f0
Refactoring and cleanup
Jan 25, 2025
668fc0c
Fix host key removal to match new host detection
Jan 28, 2025
3290494
Remove unnecessary block from host key add
Jan 28, 2025
d4e9318
Cleanup, fix kernel reinstall, check efi fw
Jan 28, 2025
e8210c4
Linting pass
Jan 28, 2025
1d2a857
Remove old uki_config role
Jan 31, 2025
fe20e3d
Add key usage attributes to generated mok
Feb 3, 2025
5aa825b
Remove osslsigncode dependency
Feb 3, 2025
3328006
Use pesigcheck, not osslsigncode, fix nextboot re
Feb 3, 2025
0d4372e
Remove short_mac, start randomizing addresses
Feb 3, 2025
9ec5f5d
Don't track workspace directories
Feb 3, 2025
b398ff6
Remove pip dependency
Feb 4, 2025
b6511e6
Get uki-direct from dnf on RedHat
Feb 4, 2025
35d70b4
Update README.md
Feb 4, 2025
d8b034e
Formatting fixes
Feb 4, 2025
ef7b615
Add recovery instructions, more references.
Feb 4, 2025
e59036a
Fix callout syntax
Feb 4, 2025
367634e
Fix incorrect platforms.yml file example
Feb 4, 2025
84ee4ae
Only run kernel-install when layout is uki
Feb 8, 2025
58c5f70
Move from playbooks to task files
Feb 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 0 additions & 35 deletions .github/workflows/lint-docs.yaml
View file
Open in desktop

This file was deleted.

25 changes: 0 additions & 25 deletions .github/workflows/lint.yaml
View file
Open in desktop

This file was deleted.

35 changes: 0 additions & 35 deletions .github/workflows/publish-docs.yaml
View file
Open in desktop

This file was deleted.

26 changes: 0 additions & 26 deletions .github/workflows/publish.yaml
View file
Open in desktop

This file was deleted.

31 changes: 0 additions & 31 deletions .github/workflows/release.yaml
View file
Open in desktop

This file was deleted.

3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
.vscode
changelogs/.plugin-cache.yaml
.DS_Store
.build
.cache
33 changes: 33 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#

.SUFFIXES:
.SUFFIXES: .yml .yaml .tar.gz .xml .xml.j2 yml.j2 yaml.j2 .j2 .sh

# Version detection (used to build tarballs)
version_regex = 's/^version:\s((:?[0-9]*\.?){3})$$/\1/p'
version := $(shell sed -nE $(version_regex) galaxy.yml)
tarball := crichez-secureboot-$(version).tar.gz

# Directories used for testing
srcdir = .
real_srcdir = $(abspath $(srcdir))

test:
ansible-playbook tests/integration/targets/role_uki/setup.yml \
-e srcdir=$(real_srcdir) \
-c local
ansible-playbook $(srcdir)/.build/test.yml \
-i .build/inventory.yml \
--key-file .build/id_ed25519 \
-e srcdir=$(real_srcdir)

all:
tar -c -f crichez-secureboot-$(version).tar.gz ./* --exclude ./.*

teardown:
ansible-playbook tests/integration/targets/role_uki/teardown.yml \
-e srcdir=$(real_srcdir) \
-c local

clean: teardown
rm -rf .cache
Loading