Walter Lozano authored 1 month ago and Dylan Aïssi committed 1 month ago

Since flathub does not support armhf anymore, avoid using it to make our
pipelines green. A proper solution will be to build and publish our own
version of rhythmbox3.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

UEFI systems install kernel in the system partition instead of in a different
one, consuming extra space. To allow newer kernels to be installed increase
the size of this partition for HMI image which is very tight.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Andrej Shadura authored 1 year ago and Dylan Aïssi committed 5 months ago

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

The boot partition is used to stored the Linux kernel, and should be
enough to store at least two versions of it to allow upgrades.

By default Apertis images allocate 256 MB for this partition, but this
is getting increasingly tight once filesystem overhead is taken into
account, with arm64 kernels requiring in the region of 115MB to install
in the boot partition.  In some cases, due to other items being stored
in the boot partition, it is over 50% utilised with a single kernel
installed.

As we expect the stock kernel sizes to continue to grow, especially the
arm64 ones in no small part due to a growing number of device trees
being built, increase the size of the boot partition to 512MB.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Martyn Welch authored 7 months ago and Dylan Aïssi committed 6 months ago

When upstreaming the u-boot packaging for the am62-sk, the packaging
name was changed from `u-boot-sitara` to `u-boot-sitara-binaries`.

Update the installer for the am62-sk to match.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Fix the link to the repositories as it was supported by some redirections
that were disabled.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

The ls1028a SoC has an embedded switch, which is connected to end1 and
end8. Connman is seeing these links as UP and attempting to configure
them, which results in an overall network configuration that doesn't
work. For now, disable connection to these devices so that we have
working networking on the other exposed 1G port.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

During the last branching the suite variable was not updated to the default
release. This is not strictly necessary, but will make developers life
easier.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

Add a step to extract u-boot for RPi4.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Firmware extraction aims to extract firmware binaries, such as u-boot and
arm-trusted-firmware. Since the logic is similar across different boards
generalize the pipeline to reuse it.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

To avoid confusions and being more consistent, use spaces instead of tabs.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

After enabling additional checks for pkg/linux there are more bridge
pipelines, causing the script not being able to find the correct
pipeline to retrieve OBS builds.

To fix the issue handle multiple bridge pipelines by finding the one
named 'obs'.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Martyn Welch authored 10 months ago and Martyn Welch committed 9 months ago

Add image-layerscape.yaml to enable images to be built for boards based
on the NXP QorIQ Layerscape family of SoCs, such as the ls1028ardb
development board.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Having the release displayed in RPi Imager helps to identify
which release we are flashing on the board.

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

Otherwise pipelines triggered on other branches will overwrite
apertis-oslist-daily.json leading to list images for old
apertis releases instead of the current dev release.

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

When running test on MR it can happen that some packages are held back and
cannot be easily upgraded with apt-get update. To overcome this situation,
force the upgrade using apt-get full-upgrade.

A common example of this situation is testing the linux kernel which can
produce warnings like:

Install packages | The following packages have been kept back:
Install packages |   linux-headers-amd64

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Martyn Welch authored 10 months ago and Walter Lozano committed 10 months ago

In 62a8cd04 we increased the size of the
boot partition on the RPi4 to ensure that there is enough space to store
at least two versions of the kernel. However this was only done for
standard apt images as ostree images use ostree-image-rpi64.yaml rather
than image-rpi64.yaml.

Repeat this partition size change for the OSTree images as well as we
are still seeing failing upgrade tests with the following error message:

May 19 02:13:03 apertis apertis-update-[1029]: Ostree upgrade failed: Installing kernel: regfile copy: No space left on device

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

It can happen that packages don't ship a copyright report, in which
case they need to be skipped and flagged later. In this commit,
those packages are skipped, and they are flagged as part of the later
check against dpkg status file

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

In commit 5b93ed8c docs have been deleted to follow the dpkg exclusions
configured after bootstrap. However, for fixed function images there are
additional dpkg exclusions which need to be addressed.

To fix the issue delete the remaining files to match dpkg exclusions for
fixed function images.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Current filename of *.changelogs.tar.gz files generated for image files
causes issues during the change history generator execution. The changelog
file cannot be loaded by the change history generator. A warning like
"WARNING: no changelog found at B/20240408.0015/arm64/fixedfunction/apertis_v2025dev2-fixedfunction-arm64-rpi64_20240408.0015.img.changelogs.tar.gz"
is printed.

Signed-off-by: Tino Lippold <tino.lippold@de.bosch.com>

While computing the source package version a custom distro suffix is searched
in order to trim the build suffix. Since the distro suffix is different in
downstreams it does not work properly.

To fix that, use a more generic regex, which should match the one in debhelper.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Some packages can ship big metadata files, which are automatically
compressed by debhelper, but this is not handled by our scripts
throwing

  File "/home/user/scripts/generate_security_bom.py", line 149, in parse_metadata
    metadata = json.load(fm)
               ^^^^^^^^^^^^^
  File "/usr/lib/python3.11/json/__init__.py", line 293, in load
    return loads(fp.read(),
                 ^^^^^^^^^
  File "<frozen codecs>", line 322, in decode
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x8b in position 1: invalid start byte

Fix this error by supporting compressed metadata.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

To align with what is done in ospack-hmi move the step to overlays before
the step to add new repos.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

The image recipes include dpkg-excludes to avoid installing documentation
for target image. However, this only is applied after the bootstrap process
causing some documents to remain in the rootfs.

A partial clean up is done on the last steps of the image generation, erasing
/usr/share/doc/*, but there are other places for documents.

Clean up all the folders that are mentioned in dpkg exclusions after the
bootstrap to save space and to ensure that SBOM which does not support
autogenerated files, like man pages, is accurate.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

These just point to other package directories, meaning that we end up
scanning the package at the symlink target *twice*. os.listdir gets
swapped out for os.scandir since the latter can check for non-symlink
directories with a single operation.

Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>

In addition to finding the licensing information for each package's
binaries, this will now also process the newly added copied_sources
metadata to find the copyright of files directly copied from the
package sources. For consistency purposes, both of these are saved to
the same place within each package object, and all the keys within have
been renamed to remove the association specifically with binaries.

https://phabricator.apertis.org/T7616



Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>

The job latest-images-index do not requires any artifacts, however,
by default all the artifacts from previous stages are downloaded.

In order to save resources avoid the download by specifying a restricted
dependency list.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

For package-centric testing of ostree images, we need to be able to
install packages in bin_pkg_list into the images, as we won’t be able
to install them at the time of the test.

For this purpose, add an extra argument, extra_packages to allow
installing extra packages during
ostree-commit or image build stage.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Pablo Vigo Mas authored 1 year ago and Ritesh Raj Sarraf committed 1 year ago

The SSH server on the Aurora system, operating on port 22, is consistently under probing attempts by attackers. Enhancing security on the server can be achieved by transitioning to port 7711.
Pipeline is now configured to use the new SSH port of the Aurora server.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

We have created an installer to enable U-Boot to be installed in the
hardware boot partition of the eMMC. This enables the am62x,
specifically the SK-AM62 development board used during development, to
boot the standard U-Boot image. With this in place, this mechanism is
the preferred way of booting Apertis on the SK-AM62 and this recipe is
redundant.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

In order to simplify the process of installing U-Boot on the AM62-SK
eMMC hardware boot partition, create an image that can be run from the
SDCard to automate the process.

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

The boot partition is used to stored the Linux kernel, and should be enough
to store at least two versions of it, for instance, to allow OSTree upgrades.

By default Apertis images uses 256 MB for this partition, but in RPi4 this
pattern was not followed due to the presence of the firmware partition. Under
this sceario OSTree tests might fail with the error:

Feb 22 05:19:24 apertis apertis-update-[1058]: Ostree upgrade failed: Installing kernel: regfile copy: No space left on device

In order to keep the same pattern as in other images extend this size moving
all the other partitions.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Signed-off-by: Apertis CI <devel@lists.apertis.org>

This will collect all the changelogs available from installed packages
and place them inside <basename>.changelogs.tar.gz, so that tooling can
find the package changelogs associated with an image / ospack / commit.

https://phabricator.apertis.org/T10148



Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>