| # Copyright 2022 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("//build/components/fuchsia_test_component.gni") |
| import("//build/components/fuchsia_test_package.gni") |
| import("//build/rust/rustc_test.gni") |
| import( |
| "//src/security/pkg_test/assemblies/assemble_security_pkg_test_system.gni") |
| |
| template("access_ota_blob_as_executable") { |
| assert(defined(invoker.base_packages), |
| "base_packages must be defined for $target_name") |
| assert(defined(invoker.test_config), |
| "test_config must be defined for $target_name") |
| assert(defined(invoker.root_ssl_cert), |
| "root_ssl_cert must be defined for $target_name") |
| assert(defined(invoker.pkg_server_certchain), |
| "pkg_server_certchain must be defined for $target_name") |
| assert(defined(invoker.pkg_server_key), |
| "pkg_server_key must be defined for $target_name") |
| |
| assembly_base_packages = invoker.base_packages |
| root_ssl_cert = invoker.root_ssl_cert |
| pkg_server_certchain = invoker.pkg_server_certchain |
| pkg_server_key = invoker.pkg_server_key |
| |
| test_name = target_name |
| |
| # System assembly for base system version at start of test. |
| assemble_security_pkg_test_system("${test_name}_v0") { |
| test_config = invoker.test_config |
| board_name = board_name |
| root_ssl_cert = root_ssl_cert |
| base_packages = [ "//src/security/pkg_test/assemblies/hello_world_v0:hello_world-package" ] + assembly_base_packages |
| packaged_assembly_directory = "hello_world_v0" |
| system_version_file = "//src/security/pkg_test/assemblies/v0_version.txt" |
| |
| # Calculated on local build from 2022-02-08: |
| # |
| # v0 blobs: |
| # $ wc --bytes $(fx get-build-dir)/obj/src/security/pkg_test/tests/core_access_ota_blob_as_executable_v0/blob.blk |
| # 3063808 [build-dir]/obj/src/security/pkg_test/tests/core_access_ota_blob_as_executable_v0/blob.blk |
| # |
| # v1 TUF repo assets: |
| # $ wc --bytes $(find $(fx get-build-dir)/gen/src/security/pkg_test/tests/core_access_ota_blob_as_executable_v1_tuf_repo_resources.unzipped -type f | grep '/\(targets\|blobs\)/') |
| # [...] |
| # 46365598 total |
| # |
| # Total: 3063808 + 46365598 = 49429406 |
| fvm_truncate_to_length = 49429406 |
| } |
| |
| # System assembly for system version to OTA from package server. |
| assemble_security_pkg_test_system("${test_name}_v1") { |
| test_config = invoker.test_config |
| board_name = board_name |
| root_ssl_cert = root_ssl_cert |
| base_packages = [ "//src/security/pkg_test/assemblies/hello_world_v1:hello_world-package" ] + assembly_base_packages |
| packaged_assembly_directory = "hello_world_v1" |
| system_version_file = "//src/security/pkg_test/assemblies/v1_version.txt" |
| |
| # Note: v1 never instantiated as base system from FVM, hence no need to |
| # specify `fvm_truncate_to_length`. |
| } |
| |
| # Resources and component for package server configured to serve "v1" OTA. |
| resource_group("${test_name}_v1-pkg_server-tls_resources") { |
| testonly = true |
| files = [ |
| { |
| source = pkg_server_certchain |
| dest = "data/pkg_server/tls/pkg_server.certchain" |
| }, |
| { |
| source = pkg_server_key |
| dest = "data/pkg_server/tls/pkg_server.rsa" |
| }, |
| ] |
| } |
| |
| # Resources that constitute inputs to the test component. |
| resource_group("${test_name}_test-resources") { |
| testonly = true |
| files = [ |
| { |
| source = invoker.test_config |
| dest = "data/test_config.json5" |
| }, |
| ] |
| } |
| |
| # Note: Despite being independent of template parameters, this target must |
| # be templated because `fuchsia_test_package` requires that all |
| # `test_components` be defined in the same build directory due to its use of |
| # `get_target_outputs()`. See |
| # https://gn.googlesource.com/gn/+/main/docs/reference.md#func_get_target_outputs |
| # for details. |
| fuchsia_test_component("${test_name}-component") { |
| # Note: Test package must include all files designated by cmdline args in |
| # component manifest. See cml and source for details. These files are not |
| # included as explicit deps here because they vary across different |
| # packagings/configurations of the test. |
| component_name = "access_ota_blob_as_executable" |
| manifest = "//src/security/pkg_test/tests/access_ota_blob_as_executable/meta/access_ota_blob_as_executable.cml" |
| deps = [ "//src/security/pkg_test/tests/access_ota_blob_as_executable:access_ota_blob_as_executable-test" ] |
| } |
| |
| fuchsia_test_package("${test_name}-package") { |
| package_name = test_name |
| test_components = [ ":${test_name}-component" ] |
| deps = [ |
| # Package server configured to serve "v1" OTA update. |
| "//src/security/pkg_test/tests:pkg_server-v1-component", |
| |
| # Filesystem host for test system. |
| "//src/security/pkg_test/tests:fshost_v0-component", |
| |
| # Fake services for update flow. |
| "//src/security/pkg_test/dns_resolver:security_pkg_dns_resolver-component", |
| "//src/security/pkg_test/paver:security_pkg_paver-component", |
| "//src/security/pkg_test/reboot:security_pkg_reboot-component", |
| |
| # Production SWD components. |
| "//src/sys/pkg/bin/pkg-cache:component", |
| "//src/sys/pkg/bin/pkg-resolver:component", |
| "//src/sys/pkg/bin/system-update-committer:component", |
| "//src/sys/pkg/bin/system-updater:component", |
| |
| # Production network components for OTA update. |
| "//src/connectivity/network/netstack:component", |
| |
| # Mock SWD component dependencies. |
| "//src/cobalt/bin/testing/mock_cobalt:component_v2", |
| "//src/security/pkg_test/tests:fake_boot_arguments_v0-component", |
| |
| # |
| # Test resources that depend on template parameters: |
| # |
| |
| # General shared test resources. |
| ":${test_name}_test-resources", |
| |
| # System resources for bringing up v0 system. |
| ":${test_name}_v0_system_resources", |
| |
| # Package server/update resources for delivering v1 OTA update. |
| ":${test_name}_v1-pkg_server-tls_resources", |
| ":${test_name}_v1_tuf_repo_resources", |
| ":${test_name}_v1_update_package_resource", |
| ] |
| |
| # TODO(fxbug.dev/88453): Complete test dependency composition to eliminate |
| # error logs: |
| # - system-updater: "Failed to read vbmeta hash: while opening the file: |
| # open failed with status: NOT_FOUND: NOT_FOUND". |
| test_specs = { |
| log_settings = { |
| max_severity = "FATAL" |
| } |
| } |
| } |
| } |