chore: add extensions validator

Add validation for extensions rootfs and names. Fixes: #379 Signed-off-by: Noel Georgi <[email protected]>
siderolabs · May 23, 2024 · d07caf7 · d07caf7
1 parent d1a0ce8
commit d07caf7
Show file tree

Hide file tree

Showing 48 changed files with 347 additions and 34 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-05-09T13:22:16Z by kres 1e986af.
+# Generated on 2024-05-23T15:58:32Z by kres 2688b70.
 
 name: default
 concurrency:
@@ -41,6 +41,31 @@ jobs:
           - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
           - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
     steps:
+      - name: gather-system-info
+        id: system-info
+        uses: kenchan0130/[email protected]
+        continue-on-error: true
+      - name: print-system-info
+        run: |
+          MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
+
+          OUTPUTS=(
+            "CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
+            "CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
+            "Hostname: ${{ steps.system-info.outputs.hostname }}"
+            "NodeName: ${NODE_NAME}"
+            "Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
+            "Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
+            "Name: ${{ steps.system-info.outputs.name }}"
+            "Platform: ${{ steps.system-info.outputs.platform }}"
+            "Release: ${{ steps.system-info.outputs.release }}"
+            "Total memory: ${MEMORY_GB} GB"
+          )
+
+          for OUTPUT in "${OUTPUTS[@]}";do
+            echo "${OUTPUT}"
+          done
+        continue-on-error: true
       - name: checkout
         uses: actions/checkout@v4
       - name: Unshallow
@@ -124,6 +149,31 @@ jobs:
           - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
           - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
     steps:
+      - name: gather-system-info
+        id: system-info
+        uses: kenchan0130/[email protected]
+        continue-on-error: true
+      - name: print-system-info
+        run: |
+          MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
+
+          OUTPUTS=(
+            "CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
+            "CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
+            "Hostname: ${{ steps.system-info.outputs.hostname }}"
+            "NodeName: ${NODE_NAME}"
+            "Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
+            "Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
+            "Name: ${{ steps.system-info.outputs.name }}"
+            "Platform: ${{ steps.system-info.outputs.platform }}"
+            "Release: ${{ steps.system-info.outputs.release }}"
+            "Total memory: ${MEMORY_GB} GB"
+          )
+
+          for OUTPUT in "${OUTPUTS[@]}";do
+            echo "${OUTPUT}"
+          done
+        continue-on-error: true
       - name: checkout
         uses: actions/checkout@v4
       - name: Unshallow

diff --git a/.github/workflows/weekly.yaml b/.github/workflows/weekly.yaml
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-05-09T13:22:16Z by kres 1e986af.
+# Generated on 2024-05-23T15:58:32Z by kres 2688b70.
 
 name: weekly
 concurrency:
@@ -24,6 +24,31 @@ jobs:
           - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
           - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
     steps:
+      - name: gather-system-info
+        id: system-info
+        uses: kenchan0130/[email protected]
+        continue-on-error: true
+      - name: print-system-info
+        run: |
+          MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
+
+          OUTPUTS=(
+            "CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
+            "CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
+            "Hostname: ${{ steps.system-info.outputs.hostname }}"
+            "NodeName: ${NODE_NAME}"
+            "Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
+            "Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
+            "Name: ${{ steps.system-info.outputs.name }}"
+            "Platform: ${{ steps.system-info.outputs.platform }}"
+            "Release: ${{ steps.system-info.outputs.release }}"
+            "Total memory: ${MEMORY_GB} GB"
+          )
+
+          for OUTPUT in "${OUTPUTS[@]}";do
+            echo "${OUTPUT}"
+          done
+        continue-on-error: true
       - name: checkout
         uses: actions/checkout@v4
       - name: Unshallow

diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-05-22T11:43:14Z by kres 04ecdaf.
+# Generated on 2024-05-23T15:58:32Z by kres 2688b70.
 
 # common variables
 

diff --git a/Pkgfile b/Pkgfile
@@ -1,4 +1,4 @@
-# syntax = ghcr.io/siderolabs/bldr:v0.3.0
+# syntax = ghcr.io/siderolabs/bldr:v0.3.1
 
 format: v1alpha2
 

diff --git a/container-runtime/ecr-credential-provider/pkg.yaml b/container-runtime/ecr-credential-provider/pkg.yaml
@@ -33,6 +33,12 @@ steps:
       - install -D -m 0755
         ${GOPATH}/src/k8s.io/cloud-provider-aws/dist/ecr-credential-provider
         /rootfs/usr/local/lib/kubelet/credentialproviders/ecr-credential-provider
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/container-runtime/gvisor-debug/pkg.yaml b/container-runtime/gvisor-debug/pkg.yaml
@@ -7,10 +7,17 @@ steps:
   - prepare:
       - |
         sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+    install:
+      - |
+        mkdir -p /rootfs/etc/cri/conf.d
+        cp /pkg/gvisor-debug.part /rootfs/etc/cri/conf.d/gvisor-debug.part
+        cp /pkg/runsc.toml /rootfs/etc/cri/conf.d/runsc.toml
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/gvisor-debug.part
-    to: /rootfs/etc/cri/conf.d/gvisor-debug.part
-  - from: /pkg/runsc.toml
-    to: /rootfs/etc/cri/conf.d/runsc.toml
diff --git a/container-runtime/gvisor/pkg.yaml b/container-runtime/gvisor/pkg.yaml
@@ -41,6 +41,12 @@ steps:
 
         cp ./bin/containerd-shim-runsc-v1 /rootfs/usr/local/bin/containerd-shim-runsc-v1
         chmod +x /rootfs/usr/local/bin/containerd-shim-runsc-v1
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/container-runtime/kata-containers/pkg.yaml b/container-runtime/kata-containers/pkg.yaml
@@ -56,6 +56,12 @@ steps:
       - |
         cd ${GOPATH}/src/github.com/kata-containers/src/runtime
         cp containerd-shim-kata-v2 /rootfs/usr/local/bin/containerd-shim-kata-v2
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/container-runtime/spin/pkg.yaml b/container-runtime/spin/pkg.yaml
@@ -24,6 +24,12 @@ steps:
         mkdir -p /rootfs/usr/local/bin
 
         tar xf containerd-shim-spin.tar.gz -C /rootfs/usr/local/bin
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/container-runtime/stargz-snapshotter/pkg.yaml b/container-runtime/stargz-snapshotter/pkg.yaml
@@ -38,6 +38,12 @@ steps:
 
         cp ./out/ctr-remote /rootfs/usr/local/lib/containers/stargz-snapshotter/ctr-remote
         chmod +x /rootfs/usr/local/lib/containers/stargz-snapshotter/ctr-remote
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/container-runtime/wasmedge/pkg.yaml b/container-runtime/wasmedge/pkg.yaml
@@ -22,12 +22,19 @@ steps:
     install:
       - |
         mkdir -p /rootfs/usr/local/bin
+        mkdir -p /rootfs/etc/cri/conf.d
+
+        cp /pkg/wasm.part /rootfs/etc/cri/conf.d/wasm.part
 
         tar xf containerd-shim-wasmedge.tar.gz -C /rootfs/usr/local/bin
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/wasm.part
-    to: /rootfs/etc/cri/conf.d/wasm.part
diff --git a/drivers/chelsio/pkg.yaml b/drivers/chelsio/pkg.yaml
@@ -22,6 +22,11 @@ steps:
       - |
         # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
         find /rootfs/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/drivers/gasket/pkg.yaml b/drivers/gasket/pkg.yaml
@@ -15,6 +15,12 @@ steps:
         mkdir -p /rootfs/lib/modules
 
         cp -R /lib/modules/* /rootfs/lib/modules
+  - test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/drivers/mellanox-ofed/pkg.yaml b/drivers/mellanox-ofed/pkg.yaml
@@ -15,6 +15,12 @@ steps:
         mkdir -p /rootfs/lib/modules
 
         cp -R /lib/modules/* /rootfs/lib/modules
+  - test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/drivers/thunderbolt/pkg.yaml b/drivers/thunderbolt/pkg.yaml
@@ -22,6 +22,11 @@ steps:
       - |
         # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
         find /rootfs/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/drivers/usb-modem/pkg.yaml b/drivers/usb-modem/pkg.yaml
@@ -22,6 +22,11 @@ steps:
       - |
         # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
         find /rootfs/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/drivers/v4l-uvc/pkg.yaml b/drivers/v4l-uvc/pkg.yaml
@@ -22,6 +22,11 @@ steps:
       - |
         # https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html#signed-modules-and-stripping
         find /rootfs/lib/modules -name '*.ko' -exec grep -FL '~Module signature appended~' {} \+
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/examples/hello-world-service/pkg.yaml b/examples/hello-world-service/pkg.yaml
@@ -21,6 +21,12 @@ steps:
         mkdir -p /rootfs/usr/local/lib/containers/hello-world
 
         cp -p /pkg/src/hello-world /rootfs/usr/local/lib/containers/hello-world/
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/firmware/amd-ucode/pkg.yaml b/firmware/amd-ucode/pkg.yaml
@@ -12,6 +12,12 @@ steps:
       - |
         mkdir -p /rootfs/lib/firmware
         cp -R -p /lib/firmware/amd-ucode /rootfs/lib/firmware
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/firmware/amdgpu-firmware/pkg.yaml b/firmware/amdgpu-firmware/pkg.yaml
@@ -12,6 +12,12 @@ steps:
       - |
         mkdir -p /rootfs/lib/firmware
         cp -R -p /lib/firmware/amdgpu /rootfs/lib/firmware
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/firmware/bnx2-bnx2x/pkg.yaml b/firmware/bnx2-bnx2x/pkg.yaml
@@ -13,6 +13,12 @@ steps:
         mkdir -p /rootfs/lib/firmware
         cp -R -p /lib/firmware/bnx2 /rootfs/lib/firmware
         cp -R -p /lib/firmware/bnx2x /rootfs/lib/firmware
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/firmware/chelsio/pkg.yaml b/firmware/chelsio/pkg.yaml
@@ -13,6 +13,12 @@ steps:
         mkdir -p /rootfs/lib/firmware
         cp -R -p /lib/firmware/cxgb3 /rootfs/lib/firmware
         cp -R -p /lib/firmware/cxgb4 /rootfs/lib/firmware
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/firmware/i915-ucode/pkg.yaml b/firmware/i915-ucode/pkg.yaml
@@ -12,6 +12,12 @@ steps:
       - |
         mkdir -p /rootfs/lib/firmware
         cp -R -p /lib/firmware/i915 /rootfs/lib/firmware
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs

diff --git a/firmware/intel-ice-firmware/pkg.yaml b/firmware/intel-ice-firmware/pkg.yaml
@@ -12,6 +12,12 @@ steps:
       - |
         mkdir -p /rootfs/lib/firmware/intel/ice/ddp
         cp /lib/firmware/intel/ice/ddp/ice-*.pkg /rootfs/lib/firmware/intel/ice/ddp/ice.pkg
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
 finalize:
   - from: /rootfs
     to: /rootfs