* boot: added function to set EFI variables
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: renamed trustedShimFallbackBinary to seedShimPath
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: refactored setting EFI boot variables at install
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: adjusted variable names and fixed variable initialization
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: improve setting Boot#### EFI variable
Notably, splits off the process of reading a Boot#### variable and
extracting its DevicePath into its own function `readBootVariable` which
can be mocked and otherwise simplifies the `setBootNumberVariable`
function.
Also, fixes behavior around the final BootFFFF variable. Previously, it
was not possible to select the BootFFFF variable if it was unused, due
to overflow concerns on uint16. Now, the behavior around BootFFFF is
identical to that of any other boot variable, by using an int internally
instead of uint16, which also allows a more robust check for whether
there were no matching variables.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: added unit tests for setting EFI Boot#### variable
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: refactored setting EFI boot variables
Rewrote EFI boot variable functions to more closely match the behavior
of shim fallback: https://github.com/rhboot/shim/blob/main/fallback.c
In particular, the following have changed:
1. Existing Boot#### variables must fully match the new load option to
be considered a match. In particular, the load option attributes,
label, and device path must all be byte-for-byte identical.
Previously, only the device paths were compared.
2. Matching Boot#### variables are no longer overwritten. Since the
variable data must now byte-for-byte match the new load option, there
is no need to overwrite the existing variable.
3. Since existing Boot#### variables are no longer overwritten, the
variable attributes are no longer checked for those variables.
Instead, it is assumed that the Boot#### variable attributes are
viable for it to be used as a boot option. This matches the behavior
of `rhboot/shim/fallback.c`, for better or for worse.
4. When modifying the BootOrder variable, boot option numbers are no
longer pruned if there is no matching Boot#### variable.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot,bootloader: introduce UefiBootloader to build EFI load options
Previously, the path of the shim binary relative to the EFI partition
was passed into `SetEfiBootVariables`. However, different bootloaders
may wish to set up `OptionalData` in the load option.
Additionally, not all `TrustedAssetBootloaders` will attempt to set
EFI boot variables, and not all bootloaders which should set EFI boot
variables necessarily support secure boot. Thus, these should be
decoupled.
This commit adds a new `UefiBootloader` interface with the
`ConstructShimEfiLoadOption` method, which builds an EFI load option
from the shim path for the given bootloader.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot,bootloader: fixed linting errors and improved EFI boot variable test clarity
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
bootloader: improved unit test for grub EFI load option creation
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: set EFI boot variables in `MakeRunnableSystem`
Previously, attempted to set boot variables in
`MakeRecoverySystemBootable`, which is called by `MakeBootableImage`,
which is called when building the image file, rather than during install
mode.
`MakeRunnableSystem` is called on first boot during install mode, and
thus should be responsible for setting EFI boot variables.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: use seed bootloader when setting EFI variables
In install mode, the bootloader located in ubuntu-seed should be used
when setting the EFI boot variables. Previously, the bootloader in
ubuntu-boot was accidentally re-used.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: added simple test to execute setefibootvar.go code
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: fixed standalone set EFI vars code test to work with different layouts
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: moved simple setefibootvar.go check to nested test
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: added check for idempotence when setting EFI boot variables
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
bootloader: adjust comments, organization, and add TODO
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot,bootloader: fix setting EFI boot variables
Make function to search for EFI asset device path and construct load
option common so each UefiBootloader does not have to re-implement it.
Instead, the bootloader returns the description, asset file path, and
optional data, which can then be used to create the EFI load option.
Also, in `makeRunnableSystem`, the bootloader in ubuntu-seed must have
`NoSlashBoot` in order to correctly find the grub.cfg file and thus the
grub bootloader. This commit fixes this bug, and refactors a bit to
account for the changes in responsibilities between the bootloader and
the setefibootvars.go code.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
bootloader: fixed grub EFI load option test with tmp rootdir
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
go.mod: move golang.org/x/text import next to other golang.org/x/ imports
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: adjust opts to look for recovery bootloader when setting EFI variables
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: do not overwrite BootOrder if unchanged, and unexport EFI variable helper functions
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: unexport `setEfiBootOrderVariable`
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: move code to detect bootloader and set EFI variables accordingly into dedicated function
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: unexport `setUbuntuSeedEfiBootVariables` and accompanying error
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot,bootloader: ensure nil optionalData for EFI variable is equivalent to 0-length slice
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: handle empty boot order and other boot var improvements
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
boot: make setefibootvars functions linux-only
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* tests: add nested spread test for setting EFI vars
The test checks that EFI boot variables exist for the following:
1. A Boot#### variable pointing to the shim file path.
2. A BootOrder variable with the #### from the above Boot#### as first.
Since the layout of EFI assets is dependent on the gadget snap, the test
downloads and unpacks the gadget, then modifies the contents so that one
variant has the shim and grub binaries in `EFI/boot/` and another
variant has the shim and grub binaries in `EFI/ubuntu/` and the fallback
binary in `EFI/boot/`.
After building a core image around that modified gadget, the VM is
booted and the test checks that the EFI variables are set correctly.
Then, the test modifies the gadget to match the other variant's initial
layout, and then installs the newly modified gadget. This should trigger
re-setting EFI boot variables as well.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: fix problems in spread test for setting EFI boot variables
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: disabled TPM on EFI boot vars test and separated gadget script
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: fixed EFI vars test to use correct toolbox and include all EFI assets
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: modify-gadget.sh re-use existing gadget so edition is incremented
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: fix mangled EFI var search string and other improvements
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
tests: polish tests for setting EFI boot variables
Notably, allow tests/nested/core/core20-set-efi-boot-variables to run on
arm64 as well as amd64, simplify setefivars.go to search for multiple
assets on multiple architectures, and allow
tests/nested/manual/core20-set-efi-boot-vars to run on any ubuntu-2*.
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
* bootloader/grub.go: only consider new shim asset in boot entry for now
* tests/nested/core/core20-set-efi-boot-variables: fix details
* boot: update uefi variables on gadget update
* tests/nested/manual/core20-set-efi-boot-vars: work-around file not deleted
* tests/nested/manual/core20-set-efi-boot-vars: use fb.efi like other tests
* tests/nested/manual/core20-set-efi-boot-vars: drop use of toolbox snap
* tests/nested/manual/core20-set-efi-boot-vars: drop work-around for not deleted files
* tests/nested/manual/core20-set-efi-boot-vars: verify install does add a boot entry
* tests/nested/manual/core20-set-efi-boot-vars: run only on version that have UC
* tests/nested/manual/core20-set-efi-boot-vars: obey GADGET_CHANNEL
* tests/nested/manual/core20-set-efi-boot-vars: move get_boot_entry.py to libs
* tests/nested/manual/core20-set-efi-boot-vars: factorize copy of variables
... so we can reuse the script in other tests
* tests/nested/core/core20-set-efi-boot-variables: stop using toolbox snap
* tests/nested/core/core20-set-efi-boot-variables: only run on versions with UC available
* overlord/devicestate: test using EfiLoadOptionParameters
* boot: test that variables are set
* boot: test observers' UpdateBootEntry
* tests/nested/manual/core20-set-efi-boot-vars: also test without secure boot
* many: use trusted install observer when UEFI variables are supported
* boot/makebootable.go: rename sealer to observer
* boot/grub.go: fix function name in doc
* cmd/snap-bootstrap: verify that ObserveExistingTrustedRecoveryAssets is called
* boot: add tests for SetEfiBootVariables
* many: comment on calls to ObserveExistingTrustedRecoveryAssets
---------
Signed-off-by: Oliver Calder <oliver.calder@canonical.com>
Co-authored-by: Oliver Calder <oliver.calder@canonical.com>
* enable nested tests for uc24
* fix issue related to cloud init
* some test fixes
* Add missing details for tests
* Adding missing details for nested tests
* addin support for ubuntu-24.04 in upload-snapd-to-gce
* updated the password for external users in spread.yaml
Modify installed kernel instead of downloading it, this will speed up
the tests. Also, we cannot use pc-kernel from the edge channel anymore
as it is not signed now with Canonical keys.
Modify installed kernel instead of downloading it, this will speed up
the tests. Also, we cannot use pc-kernel from the edge channel anymore
as it is not signed now with Canonical keys.
Here are the expected reboot causes:
* Make current revision for snap "core" unavailable
* Make snap "core" (unset) available to the system
* Make current revision for snap "pc-kernel" unavailable
* Make snap "pc-kernel" (unset) available to the system
* Tests support for ubuntu core 22 in arm architecture
This change includes the bits needed to run ubuntu-core in arm devices
and also the nested tests.
A new backend is added google-nested-arm.
Changes in tests to support the new system are also included.
* skip removing test-snapd-arm-tools
this is not needed anymore as focal is not being supported
* Use host machine for arch
* tests fixes
* skip nested arm xecution in github workflow
This is the first part of the improvements done for nested tests.
It includes:
. new remote.wait-for tool
. several improvements to muinstaller tests
. new secboot-remove-signature command
. other small changes
Some tests are failing because there are some directories which contain
snaps before the execution.
This is mostly for the first test executed, which contained many snaps
and directories created while the test suite is prepared.
The change cleans correctly the suite preaparation and moved the extra
tests directory to /tmp for the same raeson.
In case a bad try kernel was in the disk (i.e. by just a simple
dangling symlink try-kernel.efi), we entered a boot loop. Avoid that.
* tests: add test that checks that there is no boot loop
when we have a dangling try-kernel.efi symlink.
* boot: return status when asking for kernel revisions
Return status when asking for kernel revisions even if there is no try
kernel. It will still be useful. Also, add some clarifying comments to
genericInitramfsSelectSnap.
* boot: clarify comments and traces
* boot: add test for bad try status with no try kernel
* cmd/snap-bootstrap: adapt error string in tests
Due to changes in bootstate.
* Start using remote tools in nested tests
This change introduces the new tools for remote commands from the
snapd-testing-tools project
This change starts using the remote.exec which replaces the tests.nested
exec and the remote.push by the tests.nested copy
The new remote commands have the same implementation then the
tests.nested but those include tests and are being used in other
projects successfully.
* fix inclusive wording
* adding missing placeholder file
* add binaries for remote tools
* Fix how remote tools are linked
* replace nested_exec by remote.exec
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 3b56339b88..fea2bac306
fea2bac306 fix shellcheck
0b5d8cfe51 fix wrong spelling
05fd783a65 Allow to use a custom config file for the remote configuration
b438b3ef03 Skip remote tests on kinetic because no sshpass
f323ee2c9c Add support for ubuntu 22.10 and remove 21.10
6fe0fa0e74 Fix shellcheck in tests.pkgs
a1f7a72ce1 Add disable refresh
507f8bd7c7 improve refresh and wait-for for remote tools
5e7e210e52 Fix refresh_core_base function
e798cb8cca Disable refreshes to make the full refresh
e5a20b9945 initial wait for ssh before checking refreshes
a20c608202 Adding more logs for refresh status and fix error waiting for ssh
f57cd75f09 New default values for wait-for
efdc966b7d More logs in remote refresh
83703b516d Both refreshes unified and more details in logs
32df7bfcc3 Reboot detection for refreshes
cf7fea5f57 Improving remote.wait-for and remote.refresh tools
35b2afcd19 adding more logging for refresh and wait-for remote tools
20547c2347 New remote and systemd tools with tests (#30)
b8eb20d069 Merge pull request #31 from snapcore/run-without-spread
5b8f214d03 Fix spelling
4fe5d64a5c Include a comment in the setup.sh script
03feb2ce2b fix bash error
84e70d2ac5 Make tools work when are not in the spread env
54909c304d Merge pull request #29 from snapcore/udpate-os-query-new-systems
cc1729c2f4 preserve size for amazon-linux
bb3d8db60e preserve size for centos
d1089d5ce3 Fixing the tests
47793a6465 Fix auto-merge problem
f50be4ac5e Merge branch 'main' into udpate-os-query-new-systems
1a40a224c9 os.query tool cli simplified
9b7b4e9bf1 Merge pull request #28 from snapcore/add-centos-9-support
7fe2087423 Add support for centos-9
64a830b933 Merge pull request #27 from snapcore/improve-log-analyzer
7fe27d4aea Improve log analyzer utility
207536268e Merge pull request #19 from snapcore/new-spread-manager
2f2ff2e282 Update spread manager to support csv
33a44ca3be Merge branch 'main' into new-spread-manager
b4654950d4 Merge pull request #26 from snapcore/support-csv-for-expressions
3250bbd885 Support expressions with comma separation
2540135b90 Merge pull request #25 from snapcore/add-indent-to-log-parser
2536b0f070 Minor improvements in log-parser and log-analyzer based con review comments
84dc8092b1 Merge pull request #24 from snapcore/improve-log-parser
515770b3bf Add support for fedora-35
875c29b5ce Updated results with latest log-parser changes
d27f2bcdb7 Fix log-parser
b2cce1fcce fix wording
14d15e4fe4 Fixes for log-parser and changes for log analyzer
438d92d241 Log analyzer updated to support reexecute in all the scenarios
1c9dff58ff Merge pull request #23 from snapcore/improve-log-parser
cc7ee488d1 Fix shellcheck
324b99e719 revert change in log-analyzer test
f746f40ebe Fix shellcheck
2d7dbbe1bd Fix spelling
728dd64c2c Last set of changes for log analizer tools
bf389dcd01 New fixes for log parses
6b2b56afc3 Fix another shellcheck
56163e170b Fix shellcheck
d96ab8094f Merge branch 'main' into new-spread-manager
60fb99f02f new dir task5
259a7e188c Fix spread test
e674234454 New spread-manager tool
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: fea2bac306a463f4c97f79a6e934e85ec00e804c
* Using a custom remote configuration file
This is to avoid issues when the helpers try to use the remote tools
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from fea2bac306..4a994e96b3
4a994e96b3 Fix new config path in tests
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 4a994e96b33d5966053645ec87563d0ea8fd019b
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 4a994e96b3..53e6c8f315
53e6c8f315 Use the new ubuntu kinetic image
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 53e6c8f315fbdd379b59d6458eb869e68f34c9b3
* fix tests with wrong use of the new tools
* Update test with remote.push command
This test seems to be updated during last merge.
* Update sprad.yaml which fails on debug
* Update the number of workers for nested tests on uc20 and uc22
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 53e6c8f315..4d6088ec8c
4d6088ec8c Fix shellcheck in spread-manager util
edb4f3f51b fix shell check errors in remote tools
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: 4d6088ec8c5d43e7b4d45faf904978175c418120
* Squashed 'tests/lib/external/snapd-testing-tools/' changes from 4d6088ec8c..f46dccb464
f46dccb464 Fix sshpass command in remote.exec
git-subtree-dir: tests/lib/external/snapd-testing-tools
git-subtree-split: f46dccb464f3a82932c0a89ecabffb6ef84ec6df
The idea of this change is to standarize the debug section of the tests
and also to make them more robust.
Debug is shown when the test has failed, so the preconditions for this
step are undefined, this is why we need to suppose it can fail at any
step.
In case the debug section fails for a test, then the generic debug is
not displayed and no usefull debug information is shown to understand
the problem.
* overlord: track security profiles for non-active snaps
use this new tracking information in snapsWithSecurityProfiles
the main reason to do this is to avoid code using the result of
snapsWithSecurityProfiles to end up considering snaps being refreshed,
in particular when the refresh is being undone, to be gone and remove
connections to them
the tracking code tries to be simple and is based on the relatively
recent SnapLinkParticipant mechanism:
* we track also in situations where the snap will go away soon
* in undo situations we track the revision that ultimately we undo to
even if on disk there are still the new profiles, this is correct
anyway as the snap is inactive and that's the final state either way
the tracking is irrelevant and cleared when the snap becomes active again
to cover the new logic I had to increase the realism of some tests in
ifacestate
* tests/nested: add test that checks connections after a revert
Add test that checks that after a revert of a boot snap connections
are restored.
* o/ifacestate: fix typos
thanks @MiguelPires
* tests: disable for now on UC16, as that uses core
* tests: fix shellcheck SC1004 in connected-after-reboot-revert
Co-authored-by: Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com>
Co-authored-by: Michael Vogt <mvo@ubuntu.com>
The output of `lsblk` apparently changed between 20.04 and 22.04.
But fortuantely because we are only interested in the LABEL in
this test the way it's run can be simplified a bit.
