[isar-cip-core][RFC 0/4] Adapt isar-cip-core to ISAR IMAGE_CMD_*


Quirin Gylstorff
 

From: Quirin Gylstorff <quirin.gylstorff@...>

This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
ISAR commit [1]. See also ISAR API changelog[2].

This new feature remove the *.img from all wic images.

Also as new naming convention image recipes no longer end with `-img`.

The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.

To use squashfs include:

IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"


To create a verity based image to following line need to be added
to the local.conf or similar configuration:

IMAGE_CLASSES += "verity"

The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.

The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.

Please check/test the interface changes for swupdate and read-only root
file system.

I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.

Quirin

[1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
[2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types

Quirin Gylstorff (4):
ISAR update
start-qemu.sh: adapt to new image names
Adapt swupdate and verity to use new IMAGE_CMD_*
scripts/deploy-cip-core: Adapt to new image names

...u-img.bbclass => read-only-rootfs.bbclass} | 11 +---
classes/secure-wic-swu-img.bbclass | 15 ------
...{squashfs-img.bbclass => squashfs.bbclass} | 15 ++----
...{swupdate-img.bbclass => swupdate.bbclass} | 8 +--
.../{verity-img.bbclass => verity.bbclass} | 51 +++++++++----------
classes/wic-targz-img.bbclass | 15 ------
conf/machine/bbb.conf | 2 +-
conf/machine/hihope-rzg2m.conf | 2 +-
conf/machine/iwg20m.conf | 2 +-
conf/machine/qemu-amd64.conf | 2 +-
conf/machine/qemu-arm.conf | 2 +-
conf/machine/qemu-arm64.conf | 2 +-
conf/machine/simatic-ipc227e.conf | 2 +-
kas-cip.yml | 2 +-
kas/opt/ebg-secure-boot-snakeoil.yml | 3 +-
kas/opt/efibootguard.yml | 2 +-
kas/opt/swupdate.yml | 4 +-
kas/opt/targz-img.yml | 2 +-
recipes-core/images/files/sw-description.tmpl | 1 -
recipes-core/images/swupdate.inc | 6 ++-
.../initramfs-verity-hook_0.1.bb | 2 +-
scripts/deploy-cip-core.sh | 8 +--
start-qemu.sh | 8 +--
wic/qemu-amd64-efibootguard-secureboot.wks.in | 4 +-
wic/qemu-arm64-efibootguard-secureboot.wks.in | 4 +-
wic/x86-efibootguard.wks.in | 4 +-
26 files changed, 69 insertions(+), 110 deletions(-)
rename classes/{wic-swu-img.bbclass => read-only-rootfs.bbclass} (75%)
delete mode 100644 classes/secure-wic-swu-img.bbclass
rename classes/{squashfs-img.bbclass => squashfs.bbclass} (66%)
rename classes/{swupdate-img.bbclass => swupdate.bbclass} (92%)
rename classes/{verity-img.bbclass => verity.bbclass} (78%)
delete mode 100644 classes/wic-targz-img.bbclass

--
2.35.1


Jan Kiszka
 

On 03.06.22 13:56, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
ISAR commit [1]. See also ISAR API changelog[2].

This new feature remove the *.img from all wic images.

Also as new naming convention image recipes no longer end with `-img`.

The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.

To use squashfs include:

IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"


To create a verity based image to following line need to be added
to the local.conf or similar configuration:

IMAGE_CLASSES += "verity"

The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.

The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.

Please check/test the interface changes for swupdate and read-only root
file system.

I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.

Quirin

[1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
[2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types

Quirin Gylstorff (4):
ISAR update
start-qemu.sh: adapt to new image names
Adapt swupdate and verity to use new IMAGE_CMD_*
scripts/deploy-cip-core: Adapt to new image names
Thanks for this update. I'll have a look and also try to apply it to
meta-iot2050 as test case.

One question: Is the series bisection-safe, or are the patches 3 and 4
needed to build again. Patch 2 is likely needed to run the result again
after patch 1, right?

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Jan Kiszka
 

On 03.06.22 17:27, Jan Kiszka wrote:
On 03.06.22 13:56, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
ISAR commit [1]. See also ISAR API changelog[2].

This new feature remove the *.img from all wic images.

Also as new naming convention image recipes no longer end with `-img`.

The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.

To use squashfs include:

IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"


To create a verity based image to following line need to be added
to the local.conf or similar configuration:

IMAGE_CLASSES += "verity"

The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.

The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.

Please check/test the interface changes for swupdate and read-only root
file system.

I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.

Quirin

[1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
[2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types

Quirin Gylstorff (4):
ISAR update
start-qemu.sh: adapt to new image names
Adapt swupdate and verity to use new IMAGE_CMD_*
scripts/deploy-cip-core: Adapt to new image names
Thanks for this update. I'll have a look and also try to apply it to
meta-iot2050 as test case.

One question: Is the series bisection-safe, or are the patches 3 and 4
needed to build again. Patch 2 is likely needed to run the result again
after patch 1, right?
Hmm, patch 4 is likely needed to ensure that CI is still passing with
its deployment jobs.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux


Quirin Gylstorff
 

On 6/3/22 17:27, Jan Kiszka wrote:
On 03.06.22 13:56, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
ISAR commit [1]. See also ISAR API changelog[2].

This new feature remove the *.img from all wic images.

Also as new naming convention image recipes no longer end with `-img`.

The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.

To use squashfs include:

IMAGE_CLASSES += "squashfs"
IMAGE_TYPEDEP_wic += "squashfs"


To create a verity based image to following line need to be added
to the local.conf or similar configuration:

IMAGE_CLASSES += "verity"

The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.

The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.

Please check/test the interface changes for swupdate and read-only root
file system.

I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.

Quirin

[1]: https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14
[2]: https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types

Quirin Gylstorff (4):
ISAR update
start-qemu.sh: adapt to new image names
Adapt swupdate and verity to use new IMAGE_CMD_*
scripts/deploy-cip-core: Adapt to new image names
Thanks for this update. I'll have a look and also try to apply it to
meta-iot2050 as test case.
One question: Is the series bisection-safe, or are the patches 3 and 4
needed to build again. Patch 2 is likely needed to run the result again
after patch 1, right?
I tried to make the patches bisection-safe. The build should work but the verity and swupdate functionality is not available after patch 1.
patch 1 and 3 are the main changes.

I will re-oder the patches.

patches 2 and 4 are adaptation of scripts (qemu and ci chain).

I found some errors in the CI build and will send an update. The errors
are in kas/opt/wic-targz-img.yml and kas/opt/targz-img.yml.

Quirin


Jan Kiszka
 

On 03.06.22 17:33, Gylstorff Quirin wrote:


On 6/3/22 17:27, Jan Kiszka wrote:
On 03.06.22 13:56, Quirin Gylstorff wrote:
From: Quirin Gylstorff <quirin.gylstorff@...>

This series adapt isar-cip-core to the IMAGE_CMD_* introduced in
ISAR commit [1]. See also ISAR API changelog[2].

This new feature remove the *.img from all wic images.

Also as new naming convention image recipes no longer end with `-img`.

The image types wic-swu-img and secure-wic-swu-img were removed.
Rename `squashfs-img` to squashfs according new naming scheme.

To use squashfs include:

     IMAGE_CLASSES += "squashfs"
     IMAGE_TYPEDEP_wic += "squashfs"


To create a verity based image to following line need to be added
to the local.conf or similar configuration:

     IMAGE_CLASSES += "verity"

The modifications for a read-only root file system are now part
of a bbclass which can be include directly into the image
recipe.

The modifications to generate a SWUpdate update package are
also no longer part of the image build process and in a seperate
bbclass. This class needs to be included in the image recipe.

Please check/test the interface changes for swupdate and read-only root
file system.

I tested qemu-amd64/qemu-arm64 with swupdate and secure boot.

Quirin

[1]:
https://github.com/ilbers/isar/commit/f792fd0deed1ae1d9deb3ee28b1a1add96ecdf14

[2]:
https://github.com/ilbers/isar/blob/next/RECIPE-API-CHANGELOG.md#changes-to-image-types


Quirin Gylstorff (4):
   ISAR update
   start-qemu.sh: adapt to new image names
   Adapt swupdate and verity to use new IMAGE_CMD_*
   scripts/deploy-cip-core: Adapt to new image names
Thanks for this update. I'll have a look and also try to apply it to
meta-iot2050 as test case.

One question: Is the series bisection-safe, or are the patches 3 and 4
needed to build again. Patch 2 is likely needed to run the result again
after patch 1, right?
I tried to make the patches bisection-safe. The build should work but
the verity and swupdate functionality is not available after patch 1.
patch 1 and 3 are the main changes.

I will re-oder the patches.

patches 2 and 4 are adaptation of scripts (qemu and ci chain).
Will, CI should fail without patch 4, e.g. Probably, it's an
all-or-nothing series from that perspective, and it only makes sense to
break it up for readability reasons.

I found some errors in the CI build and will send an update. The errors
are in kas/opt/wic-targz-img.yml and kas/opt/targz-img.yml.
OK. Looking at more details now, some further remarks will follow.

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux