* [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options @ 2023-10-11 9:22 Adam Duskett 2023-10-11 9:22 ` [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test Adam Duskett 2023-11-04 14:23 ` [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Thomas Petazzoni via buildroot 0 siblings, 2 replies; 4+ messages in thread From: Adam Duskett @ 2023-10-11 9:22 UTC (permalink / raw) To: buildroot; +Cc: Adam Duskett Firewalld requires IPV6 to function. We also should enable the other dependencies such as networking support to ensure all other options in the giant list of kernel config options are selected properly. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- package/firewalld/firewalld.mk | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/package/firewalld/firewalld.mk b/package/firewalld/firewalld.mk index 188550d449..23ba1e6c2a 100644 --- a/package/firewalld/firewalld.mk +++ b/package/firewalld/firewalld.mk @@ -72,9 +72,16 @@ define FIREWALLD_INSTALL_INIT_SYSV $(TARGET_DIR)/etc/init.d/S46firewalld endef +# Firewalld needs ipv6 # Firewalld requires almost every single nftable option selected. define FIREWALLD_LINUX_CONFIG_FIXUPS $(call KCONFIG_ENABLE_OPT,CONFIG_BRIDGE) + $(call KCONFIG_ENABLE_OPT,CONFIG_INET) + $(call KCONFIG_ENABLE_OPT,CONFIG_INET_DIAG) + $(call KCONFIG_ENABLE_OPT,CONFIG_NET) + $(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER) + $(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_ADVANCED) + $(call KCONFIG_ENABLE_OPT,CONFIG_IPV6) $(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_FILTER) $(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_IPTABLES) $(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MANGLE) -- 2.41.0 _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test 2023-10-11 9:22 [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Adam Duskett @ 2023-10-11 9:22 ` Adam Duskett 2023-11-04 14:28 ` Thomas Petazzoni via buildroot 2023-11-04 14:23 ` [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Thomas Petazzoni via buildroot 1 sibling, 1 reply; 4+ messages in thread From: Adam Duskett @ 2023-10-11 9:22 UTC (permalink / raw) To: buildroot; +Cc: Adam Duskett This test case runs firewalld using both system and sysvinit. run `firewalld-cmd --state` and ensure the output is "running" with a return code of 0. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- DEVELOPERS | 1 + .../testing/tests/package/test_firewalld.py | 94 +++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 support/testing/tests/package/test_firewalld.py diff --git a/DEVELOPERS b/DEVELOPERS index 3fffc4346c..349f609e64 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -37,6 +37,7 @@ F: package/flutter-engine/ F: package/flutter-gallery/ F: package/flutter-pi/ F: package/flutter-sdk-bin/ +F: support/testing/tests/package/test_firewalld.py F: support/testing/tests/package/test_flutter.py N: Adam Heinrich <adam@adamh.cz> diff --git a/support/testing/tests/package/test_firewalld.py b/support/testing/tests/package/test_firewalld.py new file mode 100644 index 0000000000..4b0282d3e4 --- /dev/null +++ b/support/testing/tests/package/test_firewalld.py @@ -0,0 +1,94 @@ +"""Test firewalld for both systemd and sysvinit.""" +import os +import infra.basetest + + +class TestFirewalldSystemd(infra.basetest.BRTest): + """Build the kernel as firewalld requires several the nftable options.""" + + __test__ = True + config: str = """ + BR2_arm=y + BR2_cortex_a9=y + BR2_ARM_ENABLE_VFP=y + BR2_TOOLCHAIN_EXTERNAL=y + BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y + BR2_PER_PACKAGE_DIRECTORIES=y + BR2_INIT_SYSTEMD=y + BR2_LINUX_KERNEL=y + BR2_LINUX_KERNEL_CUSTOM_VERSION=y + BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1.57" + BR2_LINUX_KERNEL_DEFCONFIG="vexpress" + BR2_LINUX_KERNEL_DTS_SUPPORT=y + BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9" + BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" + BR2_PACKAGE_PYTHON3=y + BR2_PACKAGE_FIREWALLD=y + BR2_TARGET_ROOTFS_CPIO=y + # BR2_TARGET_ROOTFS_TAR is not set + """ + + def test_run(self): + cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio") + kernel_file = os.path.join(self.builddir, "images", "zImage") + dtb_file = os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb") + self.emulator.boot(arch="armv7", + kernel=kernel_file, + kernel_cmdline=["console=ttyAMA0,115200"], + options=[ + "-initrd", cpio_file, + "-dtb", dtb_file, + "-M", "vexpress-a9" + ]) + # It takes quite some time for the system to boot with firewalld, + self.emulator.timeout_multiplier *= 10 + self.emulator.login() + cmd = "firewall-cmd --state" + output, exit_code = self.emulator.run(cmd, timeout=10) + self.assertIn("running", output[0]) + self.assertEqual(exit_code, 0) + + +class TestFirewalldSysVInit(infra.basetest.BRTest): + """Build the kernel as firewalld requires several nftable options.""" + + __test__ = True + config: str = """ + BR2_arm=y + BR2_cortex_a9=y + BR2_ARM_ENABLE_VFP=y + BR2_TOOLCHAIN_EXTERNAL=y + BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y + BR2_PER_PACKAGE_DIRECTORIES=y + BR2_LINUX_KERNEL=y + BR2_LINUX_KERNEL_CUSTOM_VERSION=y + BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1.57" + BR2_LINUX_KERNEL_DEFCONFIG="vexpress" + BR2_LINUX_KERNEL_DTS_SUPPORT=y + BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9" + BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" + BR2_PACKAGE_PYTHON3=y + BR2_PACKAGE_FIREWALLD=y + BR2_TARGET_ROOTFS_CPIO=y + # BR2_TARGET_ROOTFS_TAR is not set + """ + + def test_run(self): + cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio") + kernel_file = os.path.join(self.builddir, "images", "zImage") + dtb_file = os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb") + self.emulator.boot(arch="armv7", + kernel=kernel_file, + kernel_cmdline=["console=ttyAMA0,115200"], + options=[ + "-initrd", cpio_file, + "-dtb", dtb_file, + "-M", "vexpress-a9" + ]) + # It takes quite some time for the system to boot with firewalld. + self.emulator.timeout_multiplier *= 10 + self.emulator.login() + cmd = "firewall-cmd --state" + output, exit_code = self.emulator.run(cmd, timeout=10) + self.assertIn("running", output[0]) + self.assertEqual(exit_code, 0) -- 2.41.0 _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test 2023-10-11 9:22 ` [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test Adam Duskett @ 2023-11-04 14:28 ` Thomas Petazzoni via buildroot 0 siblings, 0 replies; 4+ messages in thread From: Thomas Petazzoni via buildroot @ 2023-11-04 14:28 UTC (permalink / raw) To: Adam Duskett; +Cc: buildroot Hello Adam, On Wed, 11 Oct 2023 11:22:50 +0200 Adam Duskett <adam.duskett@amarulasolutions.com> wrote: > diff --git a/support/testing/tests/package/test_firewalld.py b/support/testing/tests/package/test_firewalld.py > new file mode 100644 > index 0000000000..4b0282d3e4 > --- /dev/null > +++ b/support/testing/tests/package/test_firewalld.py > @@ -0,0 +1,94 @@ > +"""Test firewalld for both systemd and sysvinit.""" > +import os > +import infra.basetest > + > + > +class TestFirewalldSystemd(infra.basetest.BRTest): > + """Build the kernel as firewalld requires several the nftable options.""" > + > + __test__ = True Are you sure this is needed? > + config: str = """ Please use: config = """ > + BR2_arm=y > + BR2_cortex_a9=y > + BR2_ARM_ENABLE_VFP=y > + BR2_TOOLCHAIN_EXTERNAL=y > + BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y > + BR2_PER_PACKAGE_DIRECTORIES=y We typically don't user per-package directories for runtime tests. I don't want to see a random set of runtime tests use PPD, and another random set not use PPD. > + def test_run(self): > + cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio") > + kernel_file = os.path.join(self.builddir, "images", "zImage") > + dtb_file = os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb") > + self.emulator.boot(arch="armv7", > + kernel=kernel_file, > + kernel_cmdline=["console=ttyAMA0,115200"], > + options=[ > + "-initrd", cpio_file, > + "-dtb", dtb_file, > + "-M", "vexpress-a9" > + ]) > + # It takes quite some time for the system to boot with firewalld, > + self.emulator.timeout_multiplier *= 10 I don't think we should modify the timeout_multiplier. The timeout_multiplier is meant to be provided on the command line, to adjust for the slowness of the local machine. Instead I would prefer that self.emulator.login() gets a timeout argument to override the current value of 60 seconds. support/testing/tests/init/test_systemd_selinux.py and support/testing/tests/package/test_lxc.py should be fixed as well, as they weak the timeout_multiplier. Also support/testing/tests/package/test_python_django.py is wrong, because it does: timeout = 35 * self.emulator.timeout_multiplier [...] self.assertRunOk(cmd, timeout=timeout) This gets re-multiplied by self.emulator.timeout_multiplier in self.emulator.run(). Could you rework this? Thanks a lot! Thomas -- Thomas Petazzoni, co-owner and CEO, Bootlin Embedded Linux and Kernel engineering and training https://bootlin.com _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options 2023-10-11 9:22 [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Adam Duskett 2023-10-11 9:22 ` [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test Adam Duskett @ 2023-11-04 14:23 ` Thomas Petazzoni via buildroot 1 sibling, 0 replies; 4+ messages in thread From: Thomas Petazzoni via buildroot @ 2023-11-04 14:23 UTC (permalink / raw) To: Adam Duskett; +Cc: buildroot On Wed, 11 Oct 2023 11:22:49 +0200 Adam Duskett <adam.duskett@amarulasolutions.com> wrote: > Firewalld requires IPV6 to function. We also should enable the > other dependencies such as networking support to ensure all other > options in the giant list of kernel config options are selected > properly. > > Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> > --- > package/firewalld/firewalld.mk | 7 +++++++ > 1 file changed, 7 insertions(+) Applied to master, thanks. Thomas -- Thomas Petazzoni, CTO, Bootlin Embedded Linux and Kernel engineering https://bootlin.com _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-11-04 14:28 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-10-11 9:22 [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Adam Duskett 2023-10-11 9:22 ` [Buildroot] [PATCH 2/2] support/testing/tests/package/test_firewalld.py: new test Adam Duskett 2023-11-04 14:28 ` Thomas Petazzoni via buildroot 2023-11-04 14:23 ` [Buildroot] [PATCH 1/2] package/firewalld: enable missing kernel config options Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox