From acbf11eec8ebe30f50e458fd2c94288ec4fbeaf0 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Mon, 3 May 2021 13:38:46 -0700 Subject: build cleanup: add iam to base depend Drop *.ima.yml Try next Signed-off-by: Armin Kuster --- .gitlab-ci.yml | 168 ++++++++++++++++++++++++++++++++-------------- kas/kas-security-base.yml | 2 +- kas/qemuarm64-ima.yml | 10 --- kas/qemux86-64-ima.yml | 10 --- kas/qemux86-ima.yml | 10 --- 5 files changed, 120 insertions(+), 80 deletions(-) delete mode 100644 kas/qemuarm64-ima.yml delete mode 100644 kas/qemux86-64-ima.yml delete mode 100644 kas/qemux86-ima.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3211025..d08fcf2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,21 +12,20 @@ - for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ | grep error_report_`; do - send-error-report -y tmp/log/error-report/$x - done - - rm -fr $CI_PROJECT_DIR/build - stages: - - build + - base - parsec - multi - alt - musl - test + - cleanup -.build: +.base: before_script: - *before-my-script - stage: build + stage: base after_script: - *after-my-script @@ -66,100 +65,171 @@ stages: after_script: - *after-my-script +.cleanup: + stage: cleanup qemux86: - extends: .build + extends: .base script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image integrity-image-minimal" - kas build --target security-build-image kas/$CI_JOB_NAME-comp.yml - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml - - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml + +qemux86-musl: + extends: .musl + needs: ['qemux86-parsec'] + script: + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + +qemux86-parsec: + extends: .parsec + needs: ['qemux86'] + script: + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + +qemux86-test: + extends: .test + needs: ['qemux86'] + allow_failure: true + script: + - kas build --target security-test-image kas/$CI_JOB_NAME.yml + - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml + +qemux86-rm: + extends: .cleanup + needs: ['qemux86'] + script: + - rm -fr $CI_PROJECT_DIR/build qemux86-64: - extends: .build + extends: .base script: - - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm-image security-tpm2-image" + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm-image security-tpm2-image integrity-image-minimal" - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml - - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml -qemuarm: - extends: .build +qemux86-64-parsec: + extends: .parsec + needs: ['qemux86-64'] script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemuarm64: - extends: .build +qemux86-64-multi: + extends: .multi + needs: ['qemux86-64'] script: - - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image" - - kas build --target integrity-image-minimal kas/$CI_JOB_NAME-ima.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemuppc: - extends: .build +qemux86-64-alt: + extends: .alt + needs: ['qemux86-64-multi'] script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemumips64: - extends: .build +qemux86-64-rm: + extends: .cleanup + needs: ['qemux86-64'] script: - - kas build --target security-build-image kas/$CI_JOB_NAME.yml + - rm -fr $CI_PROJECT_DIR/build -qemuriscv64: - extends: .build +qemuarm: + extends: .base script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemuarm64-alt: - extends: .alt +qemuarm-parsec: + extends: .parsec + needs: ['qemuarm'] script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml +qemuarm-rm: + extends: .cleanup + needs: ['qemuarm'] + script: + - rm -fr $CI_PROJECT_DIR/build + +qemuarm64: + extends: .base + script: + - kas shell kas/$CI_JOB_NAME.yml -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal" + qemuarm64-multi: extends: .multi + needs: ['qemuarm64'] script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemumips64-alt: +qemuarm64-alt: extends: .alt + needs: ['qemuarm64-multi'] script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemumips64-multi: - extends: .multi +qemuarm64-musl: + extends: .musl + needs: ['qemuarm64-alt'] script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemux86-64-alt: - extends: .alt +qemuarm64-parsec: + extends: .parsec + needs: ['qemuarm64'] script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemux86-64-multi: - extends: .multi +qemuarm64-rm: + extends: .cleanup + needs: ['qemuarm64'] + script: + - rm -fr $CI_PROJECT_DIR/build + +qemuppc: + extends: .base script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemux86-musl: - extends: .musl +qemuppc-parsec: + extends: .parsec + needs: ['qemuppc'] script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemuarm64-musl: - extends: .musl +qemuppc-rm: + extends: .cleanup + needs: ['qemuppc'] + script: + - rm -fr $CI_PROJECT_DIR/build + +qemumips64: + extends: .base script: - kas build --target security-build-image kas/$CI_JOB_NAME.yml -qemux86-test: - extends: .test - allow_failure: true +qemumips64-multi: + extends: .multi + needs: ['qemumips64'] script: - - kas build --target security-test-image kas/$CI_JOB_NAME.yml - - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml -parsec: - extends: .parsec +qemumips64-alt: + extends: .alt + needs: ['qemumips64-multi'] script: - - kas build --target security-build-image kas/qemuarm-$CI_JOB_NAME.yml - - kas build --target security-build-image kas/qemuarm64-$CI_JOB_NAME.yml - - kas build --target security-build-image kas/qemux86-$CI_JOB_NAME.yml - - kas build --target security-build-image kas/qemux86-64-$CI_JOB_NAME.yml - - kas build --target security-build-image kas/qemuppc-$CI_JOB_NAME.yml + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + +qemumips64-rm: + extends: .cleanup + needs: ['qemumips64'] + script: + - rm -fr $CI_PROJECT_DIR/build + +qemuriscv64: + extends: .base + script: + - kas build --target security-build-image kas/$CI_JOB_NAME.yml + +qemuriscv64-rm: + extends: .cleanup + needs: ['qemuriscv64'] + script: + - rm -fr $CI_PROJECT_DIR/build diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml index 487befe..c6cc4fc 100644 --- a/kas/kas-security-base.yml +++ b/kas/kas-security-base.yml @@ -51,7 +51,7 @@ local_conf_header: EXTRA_IMAGE_FEATURES ?= "debug-tweaks" PACKAGE_CLASSES = "package_ipk" - DISTRO_FEATURES_append = " pam apparmor smack" + DISTRO_FEATURES_append = " pam apparmor smack ima" MACHINE_FEATURES_append = " tpm tpm2" diskmon: | diff --git a/kas/qemuarm64-ima.yml b/kas/qemuarm64-ima.yml deleted file mode 100644 index b478472..0000000 --- a/kas/qemuarm64-ima.yml +++ /dev/null @@ -1,10 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - meta-security: | - DISTRO_FEATURES_append = " ima" - -machine: qemuarm64 diff --git a/kas/qemux86-64-ima.yml b/kas/qemux86-64-ima.yml deleted file mode 100644 index e64931c..0000000 --- a/kas/qemux86-64-ima.yml +++ /dev/null @@ -1,10 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - meta-security: | - DISTRO_FEATURES_append = " ima" - -machine: qemux86-64 diff --git a/kas/qemux86-ima.yml b/kas/qemux86-ima.yml deleted file mode 100644 index 6528ba6..0000000 --- a/kas/qemux86-ima.yml +++ /dev/null @@ -1,10 +0,0 @@ -header: - version: 8 - includes: - - kas-security-base.yml - -local_conf_header: - meta-security: | - DISTRO_FEATURES_append = " ima" - -machine: qemux86 -- cgit v1.2.3-54-g00ecf