eclair-tf-m: Image for TF-M ECLAIR analysis
A copy of eclair-linaro with base image adjusted.
eclair-tf-m: Copy ECLAIR binary from eclair-linaro job
Where it's being put by tuxput bucket already. Apparently, doesn't make
to duplicate it on the bucket level, better to make such a copy.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Change-Id: Ic38294a65229a5456fae5a3f3aea38de8e6edcd9
diff --git a/eclair-tf-m/Dockerfile b/eclair-tf-m/Dockerfile
new file mode 100644
index 0000000..dfdb599
--- /dev/null
+++ b/eclair-tf-m/Dockerfile
@@ -0,0 +1,87 @@
+#
+# Copyright (c) 2021-2022 BUGSENG srl. All rights reserved.
+# Copyright (c) 2022 Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+FROM trustedfirmware/ci-amd64-tf-m-ubuntu:bionic
+
+ARG EclairVersion=3.12.0
+ARG EclairVariant=MC23P1-l64P
+
+ENV ECLAIR_LICENSE_SERVER flexnet.trustedfirmware.org
+ENV ECLAIR_LICENSE_USER unguessable
+
+ARG SentinelVersion=8.23.1
+
+ARG SetupDir=/tmp/eclair-${EclairVersion}-${EclairVariant}
+ARG SetupFile=ECLAIR_${EclairVersion}-${EclairVariant}_Setup.run
+
+ENV ECLAIR_TOP_DIR /opt/bugseng/eclair-${EclairVersion}
+ENV DEBIAN_FRONTEND noninteractive
+ENV LANG C.UTF-8
+
+COPY ${SetupFile} /tmp
+
+RUN apt-get update
+
+RUN apt-get -y -q install xz-utils apt-utils socat
+
+RUN cd /tmp && \
+ chmod +x ${SetupFile} && \
+ ./${SetupFile} --keep --noexec
+
+RUN cd /tmp && \
+ tar xzf "${SetupDir}/reqs/Sentinel_LDK_RTE/aksusbd-${SentinelVersion}.tar.gz" && \
+ cd aksusbd-${SentinelVersion} && \
+ ./dinst && \
+ cd .. && \
+ rm -rf aksusbd-${SentinelVersion}
+
+RUN cd ${SetupDir} && \
+ mkdir -m 755 -p "${ECLAIR_TOP_DIR}" && \
+ mv * "${ECLAIR_TOP_DIR}" && \
+ cd "${ECLAIR_TOP_DIR}/.." && \
+ ln -sf "$(basename "${ECLAIR_TOP_DIR}")" eclair && \
+ "${ECLAIR_TOP_DIR}/bin/postinstall.sh"
+
+RUN rm -rf ${SetupDir} && \
+ rm -rf /tmp/${SetupFile}
+
+ENV PATH ${PATH}:${ECLAIR_TOP_DIR}/../bin:${ECLAIR_TOP_DIR}/bin
+
+RUN apt-get install -y -q sudo && \
+ useradd -m eclair -s /bin/bash && \
+ echo "eclair ALL=NOPASSWD: ALL" > /etc/sudoers.d/eclair
+
+
+# Can be overriden at build time
+ENV ECLAIR_LICENSE_SERVER flexnet.trustedfirmware.org
+ENV WORKSPACE "/home/buildslave/workspace/pfalcon-tf-a-eclair"
+
+RUN rm -rf /var/hasplm/storage
+
+RUN apt-get update && \
+ apt-get -y -q --no-install-recommends install \
+ device-tree-compiler \
+ git \
+ make \
+ nano \
+ openjdk-11-jre-headless \
+ openssh-server \
+ python3
+
+COPY tf-*.install /tmp/
+COPY setup-sshd /usr/sbin/setup-sshd
+COPY entrypoint.sh /usr/sbin/entrypoint.sh
+
+RUN bash -ex /tmp/tf-environment.install
+
+
+USER eclair
+
+COPY bin/ /opt/bugseng/bin
+
+EXPOSE 22
+
+ENTRYPOINT ["/usr/sbin/entrypoint.sh"]
diff --git a/eclair-tf-m/bin/detachLicense b/eclair-tf-m/bin/detachLicense
new file mode 100755
index 0000000..2220d5d
--- /dev/null
+++ b/eclair-tf-m/bin/detachLicense
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+usage() {
+ echo "Usage: $0 SECONDS" >&2
+ exit 2
+}
+
+[ $# -eq 1 ] || usage
+
+seconds=$1
+
+iter=0
+
+while [ $iter -lt 5 ]; do
+ if [ $iter -ne 0 ]; then
+ echo "detachLicense: retry #${iter}"
+ sleep 60
+ fi
+
+ sudo su "${ECLAIR_LICENSE_USER}" -c "\"${ECLAIR_TOP_DIR}/bin/eclair_licman\" -d 38199 -t \"${seconds}\" -s u" >/tmp/eclair_licman.out 2>&1
+ rc=$?
+ cat /tmp/eclair_licman.out
+ echo rc: $rc
+
+ if [ "$rc" -ne 0 ] && grep -q "too many users" /tmp/eclair_licman.out; then
+ # Will be retrying
+ :
+ else
+ break
+ fi
+
+ iter=$(( $iter + 1 ))
+done
+
+exit $rc
diff --git a/eclair-tf-m/bin/forwardPorts b/eclair-tf-m/bin/forwardPorts
new file mode 100755
index 0000000..7b0a6a7
--- /dev/null
+++ b/eclair-tf-m/bin/forwardPorts
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -ex
+
+host=$(uname -n)
+socat "tcp-listen:${HASPLM_PORT},bind=${host},reuseaddr,fork" tcp:127.0.0.1:1947 > /dev/null 2>&1 &
+socat "tcp-listen:${ECLAIR_PORT},bind=${host},reuseaddr,fork" tcp:127.0.0.1:3786 > /dev/null 2>&1 &
diff --git a/eclair-tf-m/bin/openACC b/eclair-tf-m/bin/openACC
new file mode 100755
index 0000000..bba0ba3
--- /dev/null
+++ b/eclair-tf-m/bin/openACC
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+xdg-open http://localhost:1947
diff --git a/eclair-tf-m/bin/postStart b/eclair-tf-m/bin/postStart
new file mode 100755
index 0000000..2a2daf6
--- /dev/null
+++ b/eclair-tf-m/bin/postStart
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -ex
+sudo useradd "${ECLAIR_LICENSE_USER}" -u 2000 || :
+sudo mkdir -p /var/hasplm/update
+sudo chown eclair -R /var/hasplm
+sudo mkdir -p /etc/hasplm
+sudo chown eclair /etc/hasplm
+echo "serveraddr = ${ECLAIR_LICENSE_SERVER}" > /etc/hasplm/hasplm.ini
+cp -f "${ECLAIR_TOP_DIR}"/reqs/Sentinel_LDK_RTE/haspvlib*_113938.* /var/hasplm/update
+/usr/sbin/hasplmd_x86_64 -s
diff --git a/eclair-tf-m/bin/returnLicense b/eclair-tf-m/bin/returnLicense
new file mode 100755
index 0000000..36a662c
--- /dev/null
+++ b/eclair-tf-m/bin/returnLicense
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+usage() {
+ echo "Usage: $0" >&2
+ exit 2
+}
+
+[ $# -eq 0 ] || usage
+
+"${ECLAIR_TOP_DIR}/bin/eclair_licman" -c 38199
diff --git a/eclair-tf-m/bin/xdg-open b/eclair-tf-m/bin/xdg-open
new file mode 100755
index 0000000..caa62e9
--- /dev/null
+++ b/eclair-tf-m/bin/xdg-open
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+url=$1
+
+case "${url}" in
+ http://*|https://*)
+ ;;
+ file:*)
+ ;;
+ *)
+ url=file:${url}
+ ;;
+esac
+
+case "${url}" in
+ http://*|https://*)
+ if [ -n "${BROWSER}" ]
+ then
+ echo "Opening ${url}"
+ "${BROWSER}" "${url}"
+ exit 0
+ fi
+ url=${url/:1947/:${HASPLM_PORT}}
+ url=${url/:3786/:${ECLAIR_PORT}}
+ ;;
+ file:*)
+ url=${url/file:${DOCK_DIR}/file:${HOST_DIR//\\//}}
+ ;;
+esac
+
+echo "Opening ${url}"
+echo "${url}" | socat stdin "tcp:host.docker.internal:${XDG_PORT}" ||
+ echo "WARNING: xdg-open-server is not running: ${url}"
diff --git a/eclair-tf-m/build.sh b/eclair-tf-m/build.sh
new file mode 100755
index 0000000..55e2726
--- /dev/null
+++ b/eclair-tf-m/build.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+export LANG=C
+
+tag=$(basename $PWD)
+
+[ -z $ECR ] && echo "Error: ECR environment variable not set" && exit 1
+
+cp ../eclair-linaro/ECLAIR_3.12.0-MC23P1-l64P_Setup.run .
+
+image=${ECR}/misra:$tag
+docker build --pull --tag=$image .
+echo $image > .docker-tag
diff --git a/eclair-tf-m/entrypoint.sh b/eclair-tf-m/entrypoint.sh
new file mode 100755
index 0000000..f34808b
--- /dev/null
+++ b/eclair-tf-m/entrypoint.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -ex
+
+echo $1
+
+forwardPorts && \
+postStart
+
+sudo /usr/sbin/setup-sshd $1
+bash
diff --git a/eclair-tf-m/setup-sshd b/eclair-tf-m/setup-sshd
new file mode 100755
index 0000000..1589b1f
--- /dev/null
+++ b/eclair-tf-m/setup-sshd
@@ -0,0 +1,19 @@
+#!/bin/sh
+set -ex
+
+export HOME=/home/buildslave
+
+[ -z "${JENKINS_SLAVE_SSH_PUBKEY}" ] || {
+ mkdir ${HOME}/.ssh
+ echo "${JENKINS_SLAVE_SSH_PUBKEY}" > ${HOME}/.ssh/authorized_keys
+ chown -R buildslave:buildslave ${HOME}/.ssh
+ chmod 0700 -R ${HOME}/.ssh
+}
+
+ssh-keygen -A
+
+if [ "$1" = "interactive" ]; then
+ /usr/sbin/sshd
+else
+ /usr/sbin/sshd -D
+fi
diff --git a/eclair-tf-m/tf-environment.install b/eclair-tf-m/tf-environment.install
new file mode 100755
index 0000000..2483db9
--- /dev/null
+++ b/eclair-tf-m/tf-environment.install
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+env | grep ECLAIR_TOP_DIR >> /etc/environment
+env | grep ECLAIR_LICENSE_USER >> /etc/environment
+env | grep PATH >> /etc/environment