[yocto] [yocto-autobuilder][PATCHv2 4/5] autobuilder/buildsteps: Add DAFTFlash buildstep

Gonzalez Plascencia, Jair De Jesus jair.de.jesus.gonzalez.plascencia at intel.com
Mon Jul 3 12:14:55 PDT 2017 

It seems to be a configuration issue. Currently, I’m working on the test harness we’ll use to expand our DAFT setup, and as part of it, I’ve updated the BeagleBone filesystem. Once it is deployed, the AB should be able to call DAFT without using the root user.

Regards,
Jair

From: Ylinen, Mikko [mailto:mikko.ylinen at intel.com]
Sent: Monday, July 3, 2017 1:23 PM
To: Aníbal Limón <anibal.limon at linux.intel.com>
Cc: Joshua Lock <joshua.g.lock at linux.intel.com>; yocto at yoctoproject.org; Sedeno Bustos, MonserratX <monserratx.sedeno.bustos at intel.com>; juan.m.cruz.alcaraz at linux.intel.com; jose.perez.carranza at linux.intel.com; Gonzalez Plascencia, Jair De Jesus <jair.de.jesus.gonzalez.plascencia at intel.com>
Subject: Re: [yocto-autobuilder][PATCHv2 4/5] autobuilder/buildsteps: Add DAFTFlash buildstep



On Mon, Jul 3, 2017 at 7:37 PM, Aníbal Limón <anibal.limon at linux.intel.com<mailto:anibal.limon at linux.intel.com>> wrote:


On 07/03/2017 09:03 AM, Joshua Lock wrote:
> On Tue, 2017-06-06 at 10:46 -0500, Aníbal Limón wrote:
>> This will execute daft flash cycle without reboot and prepare the dut
>> for sanity tests.
>>
>> [YOCTO #10604]
>>
>> Signed-off-by: Aníbal Limón <anibal.limon at linux.intel.com<mailto:anibal.limon at linux.intel.com>>
>> Signed-off-by: Monserrat Sedeno <monserratx.sedeno.bustos.intel.com<http://monserratx.sedeno.bustos.intel.com>>
>
> Typo in the email address here.
>
>> Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho at linux.intel.com<mailto:edwin.plauchu.camacho at linux.intel.com>>
>> ---
>>  config/autobuilder.conf.example                    |  1 +
>>  .../autobuilder/buildsteps/DaftFlash.py            | 42
>> ++++++++++++++++++++++
>>  lib/python2.7/site-packages/autobuilder/config.py  |  1 +
>>  3 files changed, 44 insertions(+)
>>  create mode 100644 lib/python2.7/site-
>> packages/autobuilder/buildsteps/DaftFlash.py
>>
>> diff --git a/config/autobuilder.conf.example
>> b/config/autobuilder.conf.example
>> index e5ec16b..2e992cf 100644
>> --- a/config/autobuilder.conf.example
>> +++ b/config/autobuilder.conf.example
>> @@ -98,3 +98,4 @@ PERFORMANCE_MAIL_SIG = "Multiline\nSig\nLine"
>>
>>  [Daft]
>>  DAFT_WORKER_DEVICES_CFG = "/etc/daft/devices.cfg"
>> +DAFT_WORKER_WORKSPACE = "/home/ab/workspace"
>> diff --git a/lib/python2.7/site-
>> packages/autobuilder/buildsteps/DaftFlash.py b/lib/python2.7/site-
>> packages/autobuilder/buildsteps/DaftFlash.py
>> new file mode 100644
>> index 0000000..d5f6de8
>> --- /dev/null
>> +++ b/lib/python2.7/site-packages/autobuilder/buildsteps/DaftFlash.py
>> @@ -0,0 +1,42 @@
>> +import os
>> +
>> +from autobuilder.config import DAFT_WORKER_WORKSPACE
>> +from buildbot.steps.shell import ShellCommand
>> +
>> +class DaftFlash(ShellCommand):
>> +    haltOnFailure = True
>> +
>> +    name = "DaftFlash"
>> +
>> +    def __init__(self, factory, argdict=None, **kwargs):
>> +        self.tests = None
>> +        self.factory = factory
>> +        for k, v in argdict.iteritems():
>> +            setattr(self, k, v)
>> +        self.description = "DUT Flashing"
>> +        self.timeout = 100000
>> +        kwargs['timeout']=self.timeout
>> +        ShellCommand.__init__(self, **kwargs)
>> +
>> +    def start(self):
>> +        workspace_dir = DAFT_WORKER_WORKSPACE
>> +
>> +        dut_name = self.getProperty('dut_name')
>> +        workdir = self.getProperty('workdir')
>> +        image = self.getProperty('BUILDIMAGES')
>
> Remember to fix this when you rename the property.
>
>> +        machine = self.getProperty('MACHINE')
>> +
>> +        image_path = os.path.join(workdir, 'build', 'build', 'tmp',
>> 'deploy',
>> +                'images', machine, '%s-%s.hddimg' % (image,
>> machine))
>> +        image_name = os.path.basename(image_path)
>> +
>> +        # XXX: DAFT needs to have the image in a shared workspace
>> +        self.command = "cp %s %s; " % (image_path, workspace_dir)
>> +
>> +        self.command += "cd %s; " % (workspace_dir)
>> +
>> +        # XXX: DAFT needs to be executed by root user
>
> Why's that? Is that an intrinsic requirement of DAFT or is it because
> DAFT wants to use certain devices that are typically owned by root? Can
> we instead make the requirement that the user running daft has
> permissions and groups correctly configured to access these devices?

I don't have too much insight about this security issue, i think there
is because the deployment resources files are on /root directory, so i
agree that this needs to be changed but i don't know how much effort
will require.

DAFT is not run as root (by Refkit CI at least).

-- Mikko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20170703/17688834/attachment.html>

More information about the yocto mailing list