gitlab-ci: add support for dunfell

Signed-off-by: Armin Kuster <akuster808@gmail.com>

.gitlab-ci.yml

@@ -0,0 +1,144 @@
+stages:
+  - build
+
+.build:
+  stage: build
+  image: crops/poky
+  before_script:
+    - echo "$ERR_REPORT_USERNAME" > ~/.oe-send-error
+    - echo "$ERR_REPORT_EMAIL" >> ~/.oe-send-error
+    - export PATH=~/.local/bin:$PATH
+    - wget https://bootstrap.pypa.io/get-pip.py
+    - python3 get-pip.py
+    - python3 -m pip install kas
+  after_script:
+    - cd $CI_PROJECT_DIR/poky
+    - . ./oe-init-build-env $CI_PROJECT_DIR/build
+    - for x in `ls $CI_PROJECT_DIR/build/tmp/log/error-report/ | grep error_report_`; do
+    - send-error-report -y tmp/log/error-report/$x
+    - done
+    - cd $CI_PROJECT_DIR
+    - rm -rf build
+    - $CI_PROJECT_DIR/scripts/ci-cleanup.sh
+  cache:
+    paths:
+      - layers
+
+qemux86:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemux86-64:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemuarm:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemuarm64:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemuppc:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemumips64:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemuriscv64:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemux86-64-tpm:
+  extends: .build
+  script:
+  - kas build --target security-tpm-image kas/$CI_JOB_NAME.yml 
+
+qemux86-64-tpm2:
+  extends: .build
+  script:
+  - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml 
+
+qemuarm64-tpm2:
+  extends: .build
+  script:
+  - kas build --target security-tpm2-image kas/$CI_JOB_NAME.yml 
+
+qemux86-ima:
+  extends: .build
+  script:
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
+
+qemux86-64-ima:
+  extends: .build
+  script:
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
+
+qemuarm64-ima:
+  extends: .build
+  script:
+  - kas build --target integrity-image-minimal kas/$CI_JOB_NAME.yml 
+
+qemux86-64-dm-verify:
+  extends: .build
+  script:
+  - kas build --target core-image-minimal kas/qemux86-64.yml 
+  - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME.yml 
+
+
+qemuarm64-alt:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemuarm64-multi:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemumips64-alt:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemumips64-multi:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemux86-64-alt:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemux86-64-multi:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemux86-musl:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemuarm64-musl:
+  extends: .build
+  script:
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 
+
+qemux86-test:
+  extends: .build
+  allow_failure: true
+  script:
+  - kas build --target security-test-image kas/$CI_JOB_NAME.yml 
+  - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml 

kas/kas-security-alt.yml

@@ -0,0 +1,8 @@
+header:
+    version: 9
+    includes: 
+        - kas-security-base.yml
+
+local_conf_header:
+  alt: |
+      DISTRO_FEATURES_append = " apparmor pam smack systemd"

kas/kas-security-base.yml

@@ -0,0 +1,64 @@
+header:
+  version: 8
+
+distro: poky
+
+repos:
+  meta-security:
+    layers:
+      ../meta-security:
+      meta-tpm:
+      meta-integrity:
+      meta-security-compliance:
+
+  poky:
+    url: https://git.yoctoproject.org/git/poky
+    refspec: dunfell 
+    layers:
+      meta:
+      meta-poky:
+      meta-yocto-bsp:
+
+  meta-openembedded:
+    url: http://git.openembedded.org/meta-openembedded
+    refspec: dunfell
+    layers:
+      meta-oe:
+      meta-perl:
+      meta-python:
+      meta-networking:
+
+local_conf_header:
+  base: |
+    CONF_VERSION = "1"
+    SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/"
+    SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n"
+    SSTATE_DIR = "/home/srv/sstate/dunfell"
+    DL_DIR = "/home/srv/downloads/dunfell"
+    BB_HASHSERVE = "auto"
+    BB_SIGNATURE_HANDLER = "OEEquivHash"
+    INHERIT += "buildstats buildstats-summary buildhistory"
+    INHERIT += "report-error"
+    INHERIT += "testimage"
+    TEST_QEMUBOOT_TIMEOUT = "1500"
+    EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
+    PACKAGE_CLASSES = "package_ipk"
+
+
+  diskmon: |
+    BB_DISKMON_DIRS = "\
+    STOPTASKS,${TMPDIR},1G,100K \
+    STOPTASKS,${DL_DIR},1G,100K \
+    STOPTASKS,${SSTATE_DIR},1G,100K \
+    STOPTASKS,/tmp,100M,100K \
+    ABORT,${TMPDIR},100M,1K \
+    ABORT,${DL_DIR},100M,1K \
+    ABORT,${SSTATE_DIR},100M,1K \
+    ABORT,/tmp,10M,1K"
+
+bblayers_conf_header:
+  base: |
+    POKY_BBLAYERS_CONF_VERSION = "2"
+    BBPATH = "${TOPDIR}"
+    BBFILES ?= ""
+

kas/kas-security-dm.yml

@@ -0,0 +1,13 @@
+header:
+    version: 9
+    includes: 
+        - kas-security-base.yml
+
+local_conf_header:
+    dm-verify: |
+        DM_VERITY_IMAGE = "core-image-minimal"
+        DM_VERITY_IMAGE_TYPE = "ext4"
+        IMAGE_CLASSES += "dm-verity-img"
+        INITRAMFS_IMAGE_BUNDLE = "1"
+        INITRAMFS_IMAGE = "dm-verity-image-initramfs"
+

kas/qemuarm.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+machine: qemuarm

kas/qemuarm64-alt.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-alt.yml
+
+machine: qemuarm64

kas/qemuarm64-ima.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " ima"
+
+machine: qemuarm64

kas/qemuarm64-multi.yml

@@ -0,0 +1,12 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  multi: |
+    require conf/multilib.conf
+    MULTILIBS = "multilib:lib32"
+    DEFAULTTUNE_virtclass-multilib-lib32 = "armv7athf-neon"
+
+machine: qemuarm64

kas/qemuarm64-musl.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+    musl: |
+        TCLIBC = "musl"
+
+machine: qemuarm64

kas/qemuarm64-tpm2.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " tpm2"
+
+machine: qemuarm64 

kas/qemuarm64.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+machine: qemuarm64

kas/qemumips64-alt.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  alt: |
+     DISTRO_FEATURES_append = " pam systmed"
+
+machine: qemumips64

kas/qemumips64-multi.yml

@@ -0,0 +1,14 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  multi: |
+    require conf/multilib.conf
+    MULTILIBS = "multilib:lib64 multilib:lib32"
+    DEFAULTTUNE = "mips64-n32"
+    DEFAULTTUNE_virtclass-multilib-lib64 = "mips64"
+    DEFAULTTUNE_virtclass-multilib-lib32 = "mips32r2"
+
+machine: qemumips64

kas/qemumips64.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+machine: qemumips64

kas/qemuppc.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+machine: qemuppc

kas/qemuriscv64.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+machine: qemuriscv64

kas/qemux86-64-alt.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-alt.yml
+
+machine: qemux86-64

kas/qemux86-64-dm-verify.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-dm.yml
+
+machine: qemux86-64

kas/qemux86-64-ima.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " ima"
+
+machine: qemux86-64

kas/qemux86-64-multi.yml

@@ -0,0 +1,12 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  multi: |
+    require conf/multilib.conf
+    MULTILIBS = "multilib:lib32"
+    DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
+
+machine: qemux86-64

kas/qemux86-64-tpm.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " tpm"
+
+machine: qemux86-64

kas/qemux86-64-tpm2.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " tpm2"
+
+machine: qemux86-64

kas/qemux86-64.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+machine: qemux86-64

kas/qemux86-ima.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+  meta-security: |
+    DISTRO_FEATURES_append = " ima"
+
+machine: qemux86

kas/qemux86-musl.yml

@@ -0,0 +1,10 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+local_conf_header:
+    musl: |
+        TCLIBC = "musl"
+
+machine: qemux86

kas/qemux86-test.yml

@@ -0,0 +1,11 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+
+local_conf_header:
+  meta-security: |
+      DISTRO_FEATURES_append = " apparmor smack pam"
+
+machine: qemux86

kas/qemux86.yml

@@ -0,0 +1,6 @@
+header:
+  version: 8
+  includes:
+    - kas-security-base.yml
+
+machine: qemux86