* [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options
@ 2023-10-11 9:22 Adam Duskett
2023-10-11 9:22 ` [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test Adam Duskett
2023-11-04 14:23 ` [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Thomas Petazzoni via buildroot
0 siblings, 2 replies; 4+ messages in thread
From: Adam Duskett @ 2023-10-11 9:22 UTC (permalink / raw)
To: buildroot; +Cc: Adam Duskett
Firewalld requires IPV6 to function. We also should enable the
other dependencies such as networking support to ensure all other
options in the giant list of kernel config options are selected
properly.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
---
package/firewalld/firewalld.mk | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/package/firewalld/firewalld.mk b/package/firewalld/firewalld.mk
index 188550d449..23ba1e6c2a 100644
--- a/package/firewalld/firewalld.mk
+++ b/package/firewalld/firewalld.mk
@@ -72,9 +72,16 @@ define FIREWALLD_INSTALL_INIT_SYSV
$(TARGET_DIR)/etc/init.d/S46firewalld
endef
+# Firewalld needs ipv6
# Firewalld requires almost every single nftable option selected.
define FIREWALLD_LINUX_CONFIG_FIXUPS
$(call KCONFIG_ENABLE_OPT,CONFIG_BRIDGE)
+ $(call KCONFIG_ENABLE_OPT,CONFIG_INET)
+ $(call KCONFIG_ENABLE_OPT,CONFIG_INET_DIAG)
+ $(call KCONFIG_ENABLE_OPT,CONFIG_NET)
+ $(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER)
+ $(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_ADVANCED)
+ $(call KCONFIG_ENABLE_OPT,CONFIG_IPV6)
$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_FILTER)
$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_IPTABLES)
$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MANGLE)
--
2.41.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test
2023-10-11 9:22 [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Adam Duskett
@ 2023-10-11 9:22 ` Adam Duskett
2023-11-04 14:28 ` Thomas Petazzoni via buildroot
2023-11-04 14:23 ` [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Thomas Petazzoni via buildroot
1 sibling, 1 reply; 4+ messages in thread
From: Adam Duskett @ 2023-10-11 9:22 UTC (permalink / raw)
To: buildroot; +Cc: Adam Duskett
This test case runs firewalld using both system and sysvinit.
run `firewalld-cmd --state` and ensure the output is "running" with a return
code of 0.
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
---
DEVELOPERS | 1 +
.../testing/tests/package/test_firewalld.py | 94 +++++++++++++++++++
2 files changed, 95 insertions(+)
create mode 100644 support/testing/tests/package/test_firewalld.py
diff --git a/DEVELOPERS b/DEVELOPERS
index 3fffc4346c..349f609e64 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -37,6 +37,7 @@ F: package/flutter-engine/
F: package/flutter-gallery/
F: package/flutter-pi/
F: package/flutter-sdk-bin/
+F: support/testing/tests/package/test_firewalld.py
F: support/testing/tests/package/test_flutter.py
N: Adam Heinrich <adam@adamh.cz>
diff --git a/support/testing/tests/package/test_firewalld.py b/support/testing/tests/package/test_firewalld.py
new file mode 100644
index 0000000000..4b0282d3e4
--- /dev/null
+++ b/support/testing/tests/package/test_firewalld.py
@@ -0,0 +1,94 @@
+"""Test firewalld for both systemd and sysvinit."""
+import os
+import infra.basetest
+
+
+class TestFirewalldSystemd(infra.basetest.BRTest):
+ """Build the kernel as firewalld requires several the nftable options."""
+
+ __test__ = True
+ config: str = """
+ BR2_arm=y
+ BR2_cortex_a9=y
+ BR2_ARM_ENABLE_VFP=y
+ BR2_TOOLCHAIN_EXTERNAL=y
+ BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
+ BR2_PER_PACKAGE_DIRECTORIES=y
+ BR2_INIT_SYSTEMD=y
+ BR2_LINUX_KERNEL=y
+ BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+ BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1.57"
+ BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
+ BR2_LINUX_KERNEL_DTS_SUPPORT=y
+ BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9"
+ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
+ BR2_PACKAGE_PYTHON3=y
+ BR2_PACKAGE_FIREWALLD=y
+ BR2_TARGET_ROOTFS_CPIO=y
+ # BR2_TARGET_ROOTFS_TAR is not set
+ """
+
+ def test_run(self):
+ cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+ kernel_file = os.path.join(self.builddir, "images", "zImage")
+ dtb_file = os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb")
+ self.emulator.boot(arch="armv7",
+ kernel=kernel_file,
+ kernel_cmdline=["console=ttyAMA0,115200"],
+ options=[
+ "-initrd", cpio_file,
+ "-dtb", dtb_file,
+ "-M", "vexpress-a9"
+ ])
+ # It takes quite some time for the system to boot with firewalld,
+ self.emulator.timeout_multiplier *= 10
+ self.emulator.login()
+ cmd = "firewall-cmd --state"
+ output, exit_code = self.emulator.run(cmd, timeout=10)
+ self.assertIn("running", output[0])
+ self.assertEqual(exit_code, 0)
+
+
+class TestFirewalldSysVInit(infra.basetest.BRTest):
+ """Build the kernel as firewalld requires several nftable options."""
+
+ __test__ = True
+ config: str = """
+ BR2_arm=y
+ BR2_cortex_a9=y
+ BR2_ARM_ENABLE_VFP=y
+ BR2_TOOLCHAIN_EXTERNAL=y
+ BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
+ BR2_PER_PACKAGE_DIRECTORIES=y
+ BR2_LINUX_KERNEL=y
+ BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+ BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1.57"
+ BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
+ BR2_LINUX_KERNEL_DTS_SUPPORT=y
+ BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9"
+ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
+ BR2_PACKAGE_PYTHON3=y
+ BR2_PACKAGE_FIREWALLD=y
+ BR2_TARGET_ROOTFS_CPIO=y
+ # BR2_TARGET_ROOTFS_TAR is not set
+ """
+
+ def test_run(self):
+ cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+ kernel_file = os.path.join(self.builddir, "images", "zImage")
+ dtb_file = os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb")
+ self.emulator.boot(arch="armv7",
+ kernel=kernel_file,
+ kernel_cmdline=["console=ttyAMA0,115200"],
+ options=[
+ "-initrd", cpio_file,
+ "-dtb", dtb_file,
+ "-M", "vexpress-a9"
+ ])
+ # It takes quite some time for the system to boot with firewalld.
+ self.emulator.timeout_multiplier *= 10
+ self.emulator.login()
+ cmd = "firewall-cmd --state"
+ output, exit_code = self.emulator.run(cmd, timeout=10)
+ self.assertIn("running", output[0])
+ self.assertEqual(exit_code, 0)
--
2.41.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options
2023-10-11 9:22 [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Adam Duskett
2023-10-11 9:22 ` [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test Adam Duskett
@ 2023-11-04 14:23 ` Thomas Petazzoni via buildroot
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-11-04 14:23 UTC (permalink / raw)
To: Adam Duskett; +Cc: buildroot
On Wed, 11 Oct 2023 11:22:49 +0200
Adam Duskett <adam.duskett@amarulasolutions.com> wrote:
> Firewalld requires IPV6 to function. We also should enable the
> other dependencies such as networking support to ensure all other
> options in the giant list of kernel config options are selected
> properly.
>
> Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
> ---
> package/firewalld/firewalld.mk | 7 +++++++
> 1 file changed, 7 insertions(+)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test
2023-10-11 9:22 ` [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test Adam Duskett
@ 2023-11-04 14:28 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-11-04 14:28 UTC (permalink / raw)
To: Adam Duskett; +Cc: buildroot
Hello Adam,
On Wed, 11 Oct 2023 11:22:50 +0200
Adam Duskett <adam.duskett@amarulasolutions.com> wrote:
> diff --git a/support/testing/tests/package/test_firewalld.py b/support/testing/tests/package/test_firewalld.py
> new file mode 100644
> index 0000000000..4b0282d3e4
> --- /dev/null
> +++ b/support/testing/tests/package/test_firewalld.py
> @@ -0,0 +1,94 @@
> +"""Test firewalld for both systemd and sysvinit."""
> +import os
> +import infra.basetest
> +
> +
> +class TestFirewalldSystemd(infra.basetest.BRTest):
> + """Build the kernel as firewalld requires several the nftable options."""
> +
> + __test__ = True
Are you sure this is needed?
> + config: str = """
Please use:
config = """
> + BR2_arm=y
> + BR2_cortex_a9=y
> + BR2_ARM_ENABLE_VFP=y
> + BR2_TOOLCHAIN_EXTERNAL=y
> + BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
> + BR2_PER_PACKAGE_DIRECTORIES=y
We typically don't user per-package directories for runtime tests. I
don't want to see a random set of runtime tests use PPD, and another
random set not use PPD.
> + def test_run(self):
> + cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
> + kernel_file = os.path.join(self.builddir, "images", "zImage")
> + dtb_file = os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb")
> + self.emulator.boot(arch="armv7",
> + kernel=kernel_file,
> + kernel_cmdline=["console=ttyAMA0,115200"],
> + options=[
> + "-initrd", cpio_file,
> + "-dtb", dtb_file,
> + "-M", "vexpress-a9"
> + ])
> + # It takes quite some time for the system to boot with firewalld,
> + self.emulator.timeout_multiplier *= 10
I don't think we should modify the timeout_multiplier. The
timeout_multiplier is meant to be provided on the command line, to
adjust for the slowness of the local machine.
Instead I would prefer that self.emulator.login() gets a timeout
argument to override the current value of 60 seconds.
support/testing/tests/init/test_systemd_selinux.py and
support/testing/tests/package/test_lxc.py should be fixed as well, as
they weak the timeout_multiplier.
Also support/testing/tests/package/test_python_django.py is wrong,
because it does:
timeout = 35 * self.emulator.timeout_multiplier
[...]
self.assertRunOk(cmd, timeout=timeout)
This gets re-multiplied by self.emulator.timeout_multiplier in
self.emulator.run().
Could you rework this?
Thanks a lot!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-11-04 14:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-11 9:22 [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Adam Duskett
2023-10-11 9:22 ` [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test Adam Duskett
2023-11-04 14:28 ` Thomas Petazzoni via buildroot
2023-11-04 14:23 ` [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox