diff options
author | Patrick Vacek <patrickvacek@gmail.com> | 2018-02-13 18:08:39 +0100 |
---|---|---|
committer | Patrick Vacek <patrickvacek@gmail.com> | 2018-02-20 11:01:34 +0100 |
commit | 586394dc9f7b5e97c827ea982dd69692f3ca0c97 (patch) | |
tree | fb473aff2d9d8b05af1d878f0f03765c26b5f43f | |
parent | 9e4918cff53c6154b5bcee2e28deca08280aff75 (diff) | |
download | meta-updater-586394dc9f7b5e97c827ea982dd69692f3ca0c97.tar.gz |
Test provisioning with HSM.
-rw-r--r-- | lib/oeqa/selftest/updater.py | 95 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr_git.bb | 2 |
2 files changed, 89 insertions, 8 deletions
diff --git a/lib/oeqa/selftest/updater.py b/lib/oeqa/selftest/updater.py index 83febb1..8ee8378 100644 --- a/lib/oeqa/selftest/updater.py +++ b/lib/oeqa/selftest/updater.py | |||
@@ -42,12 +42,6 @@ class SotaToolsTests(oeSelfTest): | |||
42 | result = runCmd('LD_LIBRARY_PATH=%s %s --help' % (l, p), ignore_status=True) | 42 | result = runCmd('LD_LIBRARY_PATH=%s %s --help' % (l, p), ignore_status=True) |
43 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) | 43 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) |
44 | 44 | ||
45 | class HsmTests(oeSelfTest): | ||
46 | |||
47 | def test_hsm(self): | ||
48 | self.write_config('SOTA_CLIENT_FEATURES="hsm"') | ||
49 | bitbake('core-image-minimal') | ||
50 | |||
51 | 45 | ||
52 | class GeneralTests(oeSelfTest): | 46 | class GeneralTests(oeSelfTest): |
53 | 47 | ||
@@ -210,7 +204,7 @@ class QemuTests(oeSelfTest): | |||
210 | break | 204 | break |
211 | except IOError as e: | 205 | except IOError as e: |
212 | print(e) | 206 | print(e) |
213 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stdout.decode() + stderr.decode()) | 207 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) |
214 | 208 | ||
215 | 209 | ||
216 | class GrubTests(oeSelfTest): | 210 | class GrubTests(oeSelfTest): |
@@ -247,6 +241,93 @@ class GrubTests(oeSelfTest): | |||
247 | print(value_str) | 241 | print(value_str) |
248 | 242 | ||
249 | 243 | ||
244 | class HsmTests(oeSelfTest): | ||
245 | |||
246 | def setUpLocal(self): | ||
247 | self.write_config('SOTA_CLIENT_PROV = " aktualizr-hsm-prov "') | ||
248 | self.write_config('SOTA_CLIENT_FEATURES="hsm"') | ||
249 | self.qemu, self.s = qemu_launch(machine='qemux86-64') | ||
250 | |||
251 | def tearDownLocal(self): | ||
252 | qemu_terminate(self.s) | ||
253 | |||
254 | def run_command(self, command): | ||
255 | return qemu_send_command(self.qemu.ssh_port, command) | ||
256 | |||
257 | def test_provisioning(self): | ||
258 | print('') | ||
259 | ran_ok = False | ||
260 | for delay in [0, 1, 2, 5, 10, 15]: | ||
261 | stdout, stderr, retcode = self.run_command('aktualizr-info') | ||
262 | if retcode == 0 and stderr == b'': | ||
263 | ran_ok = True | ||
264 | break | ||
265 | self.assertTrue(ran_ok, 'aktualizr-info failed: ' + stderr.decode() + stdout.decode()) | ||
266 | # Verify that device has NOT yet provisioned. | ||
267 | self.assertIn(b'Couldn\'t load device ID', stdout, | ||
268 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | ||
269 | self.assertIn(b'Couldn\'t load ECU serials', stdout, | ||
270 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | ||
271 | self.assertIn(b'Provisioned on server: no', stdout, | ||
272 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | ||
273 | self.assertIn(b'Fetched metadata: no', stdout, | ||
274 | 'Device already provisioned!? ' + stderr.decode() + stdout.decode()) | ||
275 | |||
276 | pkcs11_command = 'pkcs11-tool --module=/usr/lib/softhsm/libsofthsm2.so -O' | ||
277 | stdout, stderr, retcode = self.run_command(pkcs11_command) | ||
278 | self.assertNotEqual(retcode, 0, 'pkcs11-tool succeeded before initialization: ' + | ||
279 | stdout.decode() + stderr.decode()) | ||
280 | softhsm2_command = 'softhsm2-util --show-slots' | ||
281 | stdout, stderr, retcode = self.run_command(softhsm2_command) | ||
282 | self.assertNotEqual(retcode, 0, 'softhsm2-tool succeeded before initialization: ' + | ||
283 | stdout.decode() + stderr.decode()) | ||
284 | |||
285 | bb_vars = get_bb_vars(['SYSROOT_DESTDIR', 'bindir', 'libdir', | ||
286 | 'SOTA_PACKED_CREDENTIALS'], 'aktualizr-native') | ||
287 | l = bb_vars['libdir'] | ||
288 | p = bb_vars['SYSROOT_DESTDIR'] + bb_vars['bindir'] + "/aktualizr_cert_provider" | ||
289 | creds = bb_vars['SOTA_PACKED_CREDENTIALS'] | ||
290 | bb_vars_prov = get_bb_vars(['STAGING_DIR_NATIVE', 'libdir'], 'aktualizr-hsm-prov') | ||
291 | config = bb_vars_prov['STAGING_DIR_NATIVE'] + bb_vars_prov['libdir'] + '/sota/sota_implicit_prov.toml' | ||
292 | self.assertTrue(os.path.isfile(p), msg = "No aktualizr_cert_provider found (%s)" % p) | ||
293 | command = ('LD_LIBRARY_PATH=' + l + ' ' + p + ' -c ' + creds + ' -t root@localhost -p ' + | ||
294 | str(self.qemu.ssh_port) + ' -r -s -g ' + config) | ||
295 | logger = logging.getLogger("selftest") | ||
296 | # logger.info('Checking output of: ' + command) | ||
297 | result = runCmd(command, ignore_status=True) | ||
298 | self.assertEqual(result.status, 0, "Status not equal to 0. output: %s" % result.output) | ||
299 | |||
300 | ran_ok = False | ||
301 | for delay in [5, 5, 5, 5, 10]: | ||
302 | sleep(delay) | ||
303 | p11_out, p11_err, p11_ret = self.run_command(pkcs11_command) | ||
304 | hsm_out, hsm_err, hsm_ret = self.run_command(softhsm2_command) | ||
305 | if p11_ret == 0 and hsm_ret == 0 and hsm_err == b'': | ||
306 | ran_ok = True | ||
307 | break | ||
308 | self.assertTrue(ran_ok, 'pkcs11-tool or softhsm2-tool failed: ' + p11_err.decode() + | ||
309 | p11_out.decode() + hsm_err.decode() + hsm_out.decode()) | ||
310 | self.assertIn(b'present token', p11_err, 'pkcs11-tool failed: ' + p11_err.decode() + p11_out.decode()) | ||
311 | self.assertIn(b'X.509 cert', p11_out, 'pkcs11-tool failed: ' + p11_err.decode() + p11_out.decode()) | ||
312 | self.assertIn(b'Initialized: yes', hsm_out, 'softhsm2-tool failed: ' + | ||
313 | hsm_err.decode() + hsm_out.decode()) | ||
314 | self.assertIn(b'User PIN init.: yes', hsm_out, 'softhsm2-tool failed: ' + | ||
315 | hsm_err.decode() + hsm_out.decode()) | ||
316 | |||
317 | # Verify that device HAS provisioned. | ||
318 | ran_ok = False | ||
319 | for delay in [5, 5, 5, 5, 10]: | ||
320 | sleep(delay) | ||
321 | stdout, stderr, retcode = self.run_command('aktualizr-info') | ||
322 | if retcode == 0 and stderr == b'' and stdout.decode().find('Provisioned on server: yes') >= 0: | ||
323 | ran_ok = True | ||
324 | break | ||
325 | self.assertIn(b'Device ID: ', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
326 | self.assertIn(b'Primary ecu hardware ID: qemux86-64', stdout, | ||
327 | 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
328 | self.assertIn(b'Fetched metadata: yes', stdout, 'Provisioning failed: ' + stderr.decode() + stdout.decode()) | ||
329 | |||
330 | |||
250 | def qemu_launch(efi=False, machine=None): | 331 | def qemu_launch(efi=False, machine=None): |
251 | logger = logging.getLogger("selftest") | 332 | logger = logging.getLogger("selftest") |
252 | logger.info('Running bitbake to build core-image-minimal') | 333 | logger.info('Running bitbake to build core-image-minimal') |
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index bcc1438..ab9a8dc 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
@@ -20,7 +20,7 @@ SRC_URI = " \ | |||
20 | file://aktualizr.service \ | 20 | file://aktualizr.service \ |
21 | file://aktualizr-serialcan.service \ | 21 | file://aktualizr-serialcan.service \ |
22 | " | 22 | " |
23 | SRCREV = "715dfc3410d46670174ee2f55613e8d953fbb1ae" | 23 | SRCREV = "abd0db4e503cbe647fbe3a6e70d28456c2ad7ea4" |
24 | BRANCH ?= "master" | 24 | BRANCH ?= "master" |
25 | 25 | ||
26 | S = "${WORKDIR}/git" | 26 | S = "${WORKDIR}/git" |