Skip to content

Latest commit

 

History

History
499 lines (451 loc) · 30.3 KB

actions.md

File metadata and controls

499 lines (451 loc) · 30.3 KB
Raw

libaktualizr

External actions

These are the primary actions that a user of libaktualizr can perform through the API.

  • Initialization
    • Set boot count to 0 to indicate successful boot
    • Detect a system reboot on the primary, if expected (bootloader_test.cc)
    • Initialize secondaries
      • Discover secondaries over TCP-IP (ipsecondary_discovery_test.cc)
      • Add secondaries from configuration (uptane_test.cc)
        • Parse secondary config files in JSON format (config_test.cc)
        • Create secondary object
          • Create a virtual secondary for testing (uptane_secondary_test.cc)
      • Add secondaries via API
      • Adding multiple secondaries with the same serial throws an error
    • Initialize device ID
      • Use a provided device ID (OTA-985, uptane_init_test.cc)
      • Generate a random device ID (OTA-986, utils_test.cc, uptane_init_test.cc)
    • Provision with the server
      • Automatically provision (OTA-983, uptane_init_test.cc, uptane_ci_test.cc, auto_prov_test.py)
        • Extract credentials from a provided archive (config_test.cc, utils_test.cc)
        • Parse a p12 file containing TLS credentials (crypto_test.cc)
        • aktualizr possesses all necessary credentials after provisioning (OTA-987, uptane_key_test.cc)
      • Implicitly provision (OTA-996, OTA-1210, config_test.cc, uptane_implicit_test.cc, uptane_test.cc, implicit_prov_test.py)
        • Fail if TLS credentials are unavailable (OTA-1209, uptane_implicit_test.cc)
      • Implicitly provision with keys accessed via PKCS#11 (hsm_prov_test.py)
        • Generate RSA keypairs via PKCS#11 (crypto_test.cc, keymanager_test.cc)
        • Read a TLS certificate via PKCS#11 (crypto_test.cc)
        • Sign and verify a file with RSA via PKCS#11 (crypto_test.cc, keymanager_test.cc)
    • Initialize primary ECU keys
      • Generate primary ECU keys (OTA-989, uptane_serial_test.cc)
        • Generate RSA 2048 key pairs (crypto_test.cc)
        • Generate RSA 4096 key pairs (crypto_test.cc)
        • Generate ED25519 key pairs (crypto_test.cc)
    • Initialize primary ECU serial
      • Use a provided primary serial (OTA-988, config_test.cc)
      • Generate primary serial (OTA-989, uptane_serial_test.cc)
      • Use a provided hardware ID
      • Use the system hostname as hardware ID if one is not provided
        • Read the hostname from the system (utils_test.cc)
    • Register ECUs with director
      • Register primary ECU with director (uptane_test.cc)
      • Register secondary ECUs with director (uptane_test.cc)
    • Abort if initialization fails
      • Recover from partial provisioning and network loss (OTA-991, uptane_network_test.cc, uptane_key_test.cc)
      • Detect and recover from failed provisioning (uptane_init_test.cc)
    • Verify secondaries against storage
      • Identify previously unknown secondaries
      • Identify currently unavailable secondaries
  • Send system/network info to server
    • Read hardware info from the system (utils_test.cc)
    • Send hardware info to the server (OTA-984, uptane_test.cc)
    • Import a list of installed packages into the storage (uptane_test.cc)
      • Store a list of installed package versions (uptane_test.cc)
    • Send a list of installed packages to the server (OTA-984, uptane_test.cc)
    • Read networking info from the system (utils_test.cc)
    • Send networking info to the server (OTA-984, uptane_test.cc)
    • Generate and send manifest (see below)
    • Send SendDeviceDataComplete event
  • Check for campaigns
    • Check for campaigns with manual control (aktualizr_test.cc)
    • Fetch campaigns from the server (aktualizr_test.cc)
    • Parse campaigns from JSON (campaign_test.cc)
    • Send CampaignCheckComplete event with campaign data
  • Accept a campaign
    • Send campaign acceptance report
      • Send an event report (see below)
    • Send CampaignAcceptComplete event
  • Fetch metadata from server
    • Generate and send manifest (see below)
    • Fetch metadata from the director (uptane_test.cc, uptane_vector_tests.cc)
    • Check metadata from the director (uptane_test.cc, uptane_vector_tests.cc)
      • Validate Uptane metadata (see below)
    • Identify targets for known ECUs (uptane_test.cc, uptane_vector_tests.cc)
    • Ignore updates for unrecognized ECUs
    • Fetch metadata from the images repo (uptane_test.cc, uptane_vector_tests.cc)
    • Check metadata from the images repo (uptane_test.cc, uptane_vector_tests.cc)
      • Validate Uptane metadata (see below)
  • Check for updates
    • Check metadata from the director (uptane_test.cc, uptane_vector_tests.cc)
      • Validate Uptane metadata (see below)
    • Identify updates for known ECUs (uptane_test.cc, uptane_vector_tests.cc)
    • Ignore updates for unrecognized ECUs
    • Check metadata from the images repo (uptane_test.cc, uptane_vector_tests.cc)
      • Validate Uptane metadata (see below)
    • Send UpdateCheckComplete event with available updates (aktualizr_test.cc)
    • Send UpdateCheckComplete event after successful check with no available updates (aktualizr_test.cc)
    • Send UpdateCheckComplete event after failure
  • Download updates
    • Download an update
      • Download an OSTree package (fetcher_test.cc)
      • Download a binary package (uptane_vector_tests.cc, aktualizr_test.cc)
      • Send EcuDownloadStartedReport to server (aktualizr_test.cc)
        • Send an event report (see below)
    • Report download progress
    • Pause downloading (fetcher_test.cc)
      • Pausing while paused is ignored (fetcher_test.cc)
      • Pausing while not downloading is ignored (fetcher_test.cc)
    • Resume downloading (fetcher_test.cc)
      • Resuming while not paused is ignored (fetcher_test.cc)
      • Resuming while not downloading is ignored
      • Resume download interrupted by restart (fetcher_test.cc)
    • Verify a downloaded update
      • Verify an OSTree package (fetcher_test.cc)
      • Verify a binary package (uptane_vector_tests.cc, aktualizr_test.cc)
      • Send EcuDownloadCompletedReport to server (aktualizr_test.cc)
        • Send an event report (see below)
    • Send DownloadTargetComplete event if download is successful (aktualizr_test.cc)
    • Send DownloadTargetComplete event if download is partially successful
    • Send DownloadTargetComplete event if there is nothing to download
    • Send DownloadTargetComplete event if download is unsuccessful
    • Send AllDownloadsComplete after all downloads are finished (aktualizr_test.cc)
  • Access downloaded binaries via API (aktualizr_test.cc)
  • Install updates
    • Send metadata to secondary ECUs
    • Identify ECU for each target (uptane_test.cc, aktualizr_test.cc)
      • Reject targets which do not match a known ECU
    • Install updates on primary
      • Check if there are updates to install for the primary (uptane_test.cc, aktualizr_test.cc)
      • Check if an update is already installed
      • Set boot count to 0 and rollback flag to 0 to indicate system update
      • Send InstallStarted event for primary (aktualizr_test.cc)
      • Send EcuInstallationStartedReport to server for primary (uptane_test.cc, aktualizr_test.cc)
        • Send an event report (see below)
      • Install an update on the primary
        • Install an OSTree update on the primary
        • Notify "reboot needed" after an OSTree update
        • Install a binary update on the primary (uptane_test.cc, aktualizr_test.cc)
      • Store installation result for primary (uptane_test.cc)
      • Send InstallTargetComplete event for primary (aktualizr_test.cc)
      • Send EcuInstallationCompletedReport to server for primary (uptane_test.cc, aktualizr_test.cc)
        • Send an event report (see below)
    • Install updates on secondaries
      • Send InstallStarted event for secondaries (aktualizr_test.cc)
      • Send EcuInstallationStartedReport to server for secondaries
        • Send an event report (see below)
      • Send images to secondary ECUs (aktualizr_test.cc)
      • Send InstallTargetComplete event for secondaries (aktualizr_test.cc)
      • Send EcuInstallationCompletedReport to server for secondaries (aktualizr_test.cc)
        • Send an event report (see below)
    • Send AllInstallsComplete event after all installations are finished (aktualizr_test.cc)
  • Send installation report
    • Generate and send manifest (see below)
    • Send PutManifestComplete event if send is successful (aktualizr_test.cc)
    • Send PutManifestComplete event if send is unsuccessful

Internal and common actions

These are internal requirements that are relatively opaque to the user and/or common to multiple external actions.

  • Validate Uptane metadata
    • Validate hashes
      • Validate SHA256 hashes (crypto_test.cc)
      • Validate SHA512 hashes (crypto_test.cc)
    • Sign and verify signatures
      • Sign and verify a file with RSA key stored in a file (crypto_test.cc)
      • Verify an ED25519 signature (crypto_test.cc)
      • Refuse to sign with an invalid key (crypto_test.cc)
      • Reject a signature if the key is invalid (crypto_test.cc)
      • Reject bad signatures (crypto_test.cc)
    • Sign TUF metadata
      • Sign TUF metadata with RSA2048 (keymanager_test.cc)
      • Sign TUF metadata with ED25519 (keymanager_test.cc)
    • Validate a TUF root (tuf_test.cc, uptane_test.cc)
      • Throw an exception if a TUF root is invalid
        • Throw an exception if a TUF root is unsigned (tuf_test.cc, uptane_test.cc)
        • Throw an exception if a TUF root has no roles (tuf_test.cc)
        • Throw an exception if a TUF root has unknown signature types (uptane_test.cc)
        • Throw an exception if a TUF root has invalid key IDs (uptane_test.cc)
        • Throw an exception if a TUF root signature threshold is invalid (uptane_test.cc)
    • Parse Uptane timestamps (types_test.cc)
      • Throw an exception if an Uptane timestamp is invalid (types_test.cc)
      • Get current time (types_test.cc)
    • Reject http GET responses that exceed size limit (httpclient_test.cc)
    • Reject http GET responses that do not meet speed limit (httpclient_test.cc)
    • Abort update if any signature threshold is <= 0 (REQ-153, uptane_vector_tests.cc)
    • Abort update if any metadata has expired (REQ-150, uptane_vector_tests.cc)
    • Abort update if a target hash is invalid (uptane_vector_tests.cc)
    • Abort update if any signature threshold is unmet (uptane_vector_tests.cc)
    • Abort update if any signatures are not unique (uptane_vector_tests.cc)
    • Abort update if any metadata is unsigned (uptane_vector_tests.cc)
    • Abort update if any metadata has an invalid key ID (uptane_vector_tests.cc)
    • Abort update if a target is smaller than stated in the metadata (uptane_vector_tests.cc)
    • Accept update with rotated Uptane roots (uptane_vector_tests.cc)
    • Abort update with incorrectly rotated Uptane roots (uptane_vector_tests.cc)
    • Abort update if any metadata has an invalid hardware ID (uptane_vector_tests.cc)
    • Abort update if the director targets metadata has an invalid ECU ID (uptane_vector_tests.cc)
    • Recover from an interrupted Uptane iteration (uptane_test.cc)
  • Generate and send manifest
    • Get manifest from primary (uptane_test.cc)
      • Get primary installation result (uptane_test.cc)
    • Get manifest from secondaries (uptane_test.cc)
      • Ignore secondaries with bad signatures (uptane_test.cc)
    • Send manifest to the server (uptane_test.cc)
  • Send an event report
    • Generate a random UUID (utils_test.cc)
    • Include correlation ID from targets metadata (aktualizr_test.cc)
      • Correlation ID is empty if none was provided in targets metadata (aktualizr_test.cc)
    • Report an event to the server (reportqueue_test.cc)
      • Report a series of events to the server (reportqueue_test.cc)
      • Recover from errors while sending event reports (reportqueue_test.cc)
  • Support OSTree as a package manager (packagemanagerfactory_test.cc)
    • Reject bad OSTree server URIs (ostreemanager_test.cc)
    • Abort if the OSTree sysroot is invalid (ostreemanager_test.cc)
    • Parse a provided list of installed packages (ostreemanager_test.cc)
    • Communicate with a remote OSTree server
      • Communicate with a remote OSTree server without credentials (ostreemanager_test.cc)
      • Communicate with a remote OSTree server with credentials (ostreemanager_test.cc)
  • Store state in an SQL database
    • Migrate forward through SQL schemas (sqlstorage_test.cc)
      • Automatically use latest SQL schema version when initializing database (sqlstorage_test.cc)
    • Reject invalid SQL databases (sqlstorage_test.cc)
    • Migrate from the legacy filesystem storage (sqlstorage_test.cc, uptane_test.cc)
    • Load and store primary keys in an SQL database (storage_common_test.cc)
    • Load and store TLS credentials in an SQL database (storage_common_test.cc)
    • Load and store Uptane metadata in an SQL database (storage_common_test.cc)
    • Load and store Uptane roots in an SQL database (storage_common_test.cc)
    • Load and store the device ID in an SQL database (storage_common_test.cc)
    • Load and store ECU serials in an SQL database (storage_common_test.cc)
    • Load and store a list of misconfigured ECUs in an SQL database (storage_common_test.cc)
    • Load and store a flag indicating successful registration in an SQL database (storage_common_test.cc)
    • Load and store an installation result in an SQL database (storage_common_test.cc)
    • Load and store targets in an SQL database (storage_common_test.cc)
    • Import keys and credentials from file into an SQL database (storage_common_test.cc)
  • Configuration
    • Parse config files in TOML format (config_test.cc)
    • Write config to file or to the log (config_test.cc)
    • Parse multiple config files in a directory (config_test.cc)
    • Parse multiple config files in multiple directories (config_test.cc)
  • Miscellaneous
    • Create a temporary file (utils_test.cc)
      • Write to a temporary file (utils_test.cc)
    • Create a temporary directory (utils_test.cc)
    • Serialize and deserialize asn1 (asn1_test.cc)
    • Support a fake package manager for testing (packagemanagerfactory_test.cc)
    • Support a Debian package manager (packagemanagerfactory_test.cc, debianmanager_test.cc)
    • Support virtual partial verification secondaries for testing
      • Partial verification secondaries generate and store public keys (uptane_secondary_test.cc)
      • Partial verification secondaries can verify Uptane metadata (uptane_secondary_test.cc)
    • Support OPC-UA secondaries (opcuabridge_messaging_test.cc, opcuabridge_secondary_update_test.cc, run_opcuabridge_ostree_repo_sync_test.sh)

Expected action sequences

This is just the list of sequences currently covered. It is likely that there are more worth testing, but these tests are expensive.

  • Automatic control. Initialize -> CheckUpdates -> no updates -> no further action or events (aktualizr_test.cc)
  • Automatic control. Initialize -> UptaneCycle -> updates downloaded and installed for primary and secondary (aktualizr_test.cc)
  • Automatic control. Initialize -> UptaneCycle -> updates downloaded and installed for secondaries without changing the primary (aktualizr_test.cc)
  • kCheck running mode. Initialize -> UptaneCycle -> updates found but not downloaded (aktualizr_test.cc)
  • kDownload running mode. Initialize -> UptaneCycle -> updates downloaded but not downloaded (aktualizr_test.cc)
  • kDownload running mode. Initialize -> Download -> nothing to download (aktualizr_test.cc)
  • kInstall running mode. Updates downloaded -> UptaneCycle -> updates installed (aktualizr_test.cc)
  • kInstall running mode. Initialize -> Install -> nothing to install (aktualizr_test.cc)
  • kInstall running mode. Initialize -> Install -> nothing to install (aktualizr_test.cc)
  • Automatic control, autoprovision with real server. Initialize -> CheckUpdates -> verify state with aktualizr-info (auto_prov_test.py)
  • Automatic control, implicitly provision with real server. Initialize -> verify not provisioned with aktualizr-info -> run aktualizr-cert-provider -> Initialize -> CheckUpdates -> verify state with aktualizr-info (implicit_prov_test.py)
  • Automatic control, implicitly provision with HSM with real server. Initialize -> verify not provisioned with aktualizr-info -> run aktualizr-cert-provider -> Initialize -> CheckUpdates -> verify state with aktualizr-info (hsm_prov_test.py)

aktualizr tools

These tools all link with libaktualizr, although they do not necessary use the API.

aktualizr-primary

aktualizr-primary is the reference user of the libaktualizr API. Note that for historical reasons, it is usually simply known as aktualizr. It is a thin layer around libaktualizr. This is just the list of things currently tested that relate specifically to it.

  • Abort when given bogus command line options (tests/CMakeLists.txt)
  • Abort when given a nonexistant config file (tests/CMakeLists.txt)
  • Support debug logging (tests/CMakeLists.txt)
  • Default to informational logging (tests/CMakeLists.txt)

aktualizr-secondary

aktualizr-secondary was designed to demonstrate an Uptane-compliant secondary but is currently not part of the core product. It also uses libaktualizr, but less extensively than aktualizr-primary. This is just the list of things currently tested that relate specifically to it.

  • Parse config files in TOML format (aktualizr_secondary_config_test.cc)

  • Write its config to file or to the log (aktualizr_secondary_config_test.cc)

  • Announce itself to aktualizr primary (aktualizr_secondary_discovery_test.cc)

  • Generate a serial (aktualizr_secondary/uptane_test.cc)

  • Generate a hardware ID (aktualizr_secondary/uptane_test.cc)

  • Generate keys (aktualizr_secondary/uptane_test.cc)

  • Extract credentials from a provided archive (aktualizr_secondary/uptane_test.cc)

  • Abort when given bogus command line options (aktualizr_secondary/CMakeLists.txt)

  • Abort when given a nonexistant config file (aktualizr_secondary/CMakeLists.txt)

  • Support debug logging (aktualizr_secondary/CMakeLists.txt)

  • Default to informational logging (aktualizr_secondary/CMakeLists.txt)

aktualizr-info

aktualizr-info provides information about libaktualizr's state to a developer with access to a device.

  • Parse libaktualizr configuration files (see Configuration section above)
    • Parse config files in TOML format (aktualizr_info_config_test.cc)
    • Write its config to file or to the log (aktualizr_info_config_test.cc)
  • Print information from libaktualizr storage (run_aktualizr_info_tests.sh)
    • Print device ID
    • Print primary ECU serial
    • Print primary ECU hardware ID
    • Print secondary ECU serials
    • Print secondary ECU hardware IDs
    • Print secondary ECUs no longer accessible
    • Print secondary ECUs registered after provisioning
    • Print provisioning status
    • Print whether metadata has been fetched from the server
    • Print root metadata from images repository
    • Print targets metadata from images repository
    • Print root metadata from director repository
    • Print targets metadata from director repository
    • Print TLS credentials
    • Print primary ECU keys

aktualizr-repo

aktualizr-repo is used in testing to simulate the generation of Uptane repositories.

  • Generate images and director repos (repo_test.cc)
  • Add an image to the images repo (repo_test.cc)
  • Copy an image to the director repo (repo_test.cc)
  • Sign director repo targets (repo_test.cc)

aktualizr-cert-provider

aktualizr-cert-provider assists with generating credentials and uploading them to a device for implicit provisioning.

  • Use file paths from config if provided
  • Use autoprovisioning credentials if fleet CA and private key are not provided
    • Generate a random device ID (OTA-986, utils_test.cc, uptane_init_test.cc)
    • Automatically provision (see above)
  • Use fleet credentials if provided (run_certprovider_test.sh)
    • Abort if fleet CA is provided without fleet private key
    • Abort if fleet private key is provided without fleet CA
    • Specify RSA bit length
    • Specify device certificate expiration date
    • Specify device certificate country code
    • Specify device certificate state abbreviation
    • Specify device certificate organization name
    • Specify device certificate common name
      • Generate a random device ID if not specified
    • Read fleet CA certificate
    • Read fleet private key
    • Create device certificate (run_certprovider_test.sh)
    • Create device keys
    • Set public key for the device certificate
    • Sign device certificate with fleet private key (run_certprovider_test.sh)
    • Serialize device private key to a string
    • Serialize device certificate to a string
  • Read server root CA from credentials archive
    • Read server root CA from server_ca.pem if present (to support community edition use case)
    • Read server root CA from p12 (default case)
  • Write credentials to a local directory if requested
    • Provide device private key
    • Provide device certificate (run_certprovider_test.sh)
    • Provide root CA if requested
    • Provide server URL if requested
  • Copy credentials to a device with ssh
    • Create parent directories
    • Provide device private key
    • Provide device certificate
    • Provide root CA if requested
    • Provide server URL if requested

Garage (sota) tools

These tools also use libaktualizr, but only for common utility functions. They are focused specifically on dealing with OSTree objects. They originally lived in a separate repo, which is where the "sota_tools" name came from. The garage nomenclature refers to the historical name of our reference SaaS server, ATS Garage, before it was renamed HERE OTA Connect.

garage-push

garage-push pushes OSTree objects to a remote Treehub server.

  • Verify a local OSTree repository (ostree_dir_repo_test.cc)
    • Reject invalid path (ostree_dir_repo_test.cc)
    • Reject invalid repo configuration (ostree_dir_repo_test.cc)
    • Reject bare mode repo (ostree_dir_repo_test.cc)
  • Parse credentials (see below)
  • Find OSTree commit object in local repository (see below)
  • Generate an OSTree hash from a commit ref (see below)
  • Authenticate with treehub server (see below)
  • Fetch OSTree objects from source repository and push to destination repository (see below)
  • Check if credentials support offline signing (authenticate_test.cc)
  • Upload root ref to images repository if credentials do not support offline signing
  • Abort when given bogus command line options (sota_tools/CMakeLists.txt, test-bad-option)
  • Support debug logging (sota_tools/CMakeLists.txt, test-verbose-logging)

garage-deploy

garage-deploy moves OSTree objects from one remote Treehub server to another.

  • Parse credentials for destination server (see below)
  • Parse credentials for source server (see below)
  • Authenticate with source server (see below)
  • Generate an OSTree hash from a commit ref (see below)
  • Fetch OSTree objects from source repository and push to destination repository (see below)
    • Abort if commit is not present in source server (sota_tools/CMakeLists.txt, test-missing-commit)
  • Check if credentials support offline signing (authenticate_test.cc)
    • Abort if credentials do not support offline signing (sota_tools/CMakeLists.txt, test-garage-deploy-online-signing)
  • Use garage-sign to offline sign targets for destination repository (sota_tools/CMakeLists.txt, test-garage-deploy-offline-signing)
    • Do not reuse lingering credentials from previous runs of garage-sign
    • Remove local tuf repo generated by garage-sign after use (sota_tools/CMakeLists.txt, test-garage-deploy-offline-signing)
  • Abort when given bogus command line options (sota_tools/CMakeLists.txt, test-bad-option)
  • Support debug logging (sota_tools/CMakeLists.txt)
  • Support trace logging (sota_tools/CMakeLists.txt)

garage-check

garage-check simply verifies that a given OSTree commit exists on a remote Treehub server and is present in the targets.json from the images repository.

  • Parse credentials (see below)
  • Authenticate with treehub server (see below)
  • Verify that a commit exists in a remote repo (sota_tools/CMakeLists.txt, run_expired_test.sh)
  • Get targets.json from images repository (sota_tools/CMakeLists.txt, run_expired_test.sh)
    • Abort if targets.json has expired (sota_tools/CMakeLists.txt, run_expired_test.sh)
  • Find specified OSTree ref in targets.json (sota_tools/CMakeLists.txt, run_expired_test.sh)

Internal and common actions

  • Parse credentials
    • Reject a bogus provided file (authenticate_test.cc)
      • Abort when given nonexistent credentials (sota_tools/CMakeLists.txt, test-missing-credentials)
      • Abort when given bogus credentials (sota_tools/CMakeLists.txt, test-invalid-credentials, test-garage-deploy-missing-fetch-credentials, test-garage-deploy-missing-push-credentials)
    • Extract credentials from a provided archive (authenticate_test.cc)
      • Reject a provided archive file without a treehub.json (authenticate_test.cc)
      • Reject a provided archive file with bogus credentials (authenticate_test.cc)
    • Extract credentials from a provided JSON file (authenticate_test.cc)
      • Reject a bogus provided JSON file (authenticate_test.cc)
    • Parse authentication information from treehub.json (authenticate_test.cc)
    • Parse images repository URL from a provided archive (authenticate_test.cc)
    • Parse treehub URL from a provided archive
  • Authenticate with treehub server
    • Authenticate with username and password (basic auth) (treehub_server_test.cc)
    • Authenticate with OAuth2 (treehub_server_test.cc, authenticate_test.cc)
    • Authenticate with TLS credentials (authenticate_test.cc [BROKEN])
    • Authenticate with nothing (no auth) (authenticate_test.cc)
    • Use a provided CA certificate (sota_tools/CMakeLists.txt, test-cacert-used)
      • Abort when given a bogus CA certificate (sota_tools/CMakeLists.txt, test-cacert-not-found)
    • Abort if authorization fails (sota_tools/CMakeLists.txt, test-auth-plus-failure)
    • Abort if destination server is unavailable (sota_tools/CMakeLists.txt, test-garage-deploy-upload-failed)
  • Generate an OSTree hash from a ref string
    • Generate an OSTree hash from a ref string (ostree_hash_test.cc)
    • Ignore case of OSTree ref strings (ostree_hash_test.cc)
    • Reject empty OSTree ref strings (ostree_hash_test.cc)
    • Reject bogus OSTree ref strings (ostree_hash_test.cc)
  • Fetch OSTree objects from source repository and push to destination repository (deploy_test.cc)
    • Get OSTree commit object in source repository (see below)
    • Query destination repository for OSTree commit object (see below)
    • Parse OSTree object to identify child objects (deploy_test.cc)
    • Query destination repository for child objects recursively (see below)
    • Get child objects from source repository recursively (see below)
    • Upload missing OSTree objects to destination repository (ostree_object_test.cc)
      • Detect curl misconfiguration (ostree_object_test.cc)
      • Skip upload if dry run was specified (ostree_object_test.cc)
        • Support dry run with local repos (sota_tools/CMakeLists.txt, test-garage-deploy-dry-run)
        • Support dry run with auth plus using a real server (sota_tools/CMakeLists.txt, test-dry-run)
      • Upload objects concurrently (rate_controller_test.cc)
        • Initial rate controller status is good (rate_controller_test.cc)
        • Rate controller aborts if it detects server or network failure (rate_controller_test.cc)
        • Rate controller continues through intermittent errors (rate_controller_test.cc)
        • Rate controller improves concurrency when network conditions are good (rate_controller_test.cc)
      • Recover from the server hanging on to connections (sota_tools/CMakeLists.txt, test-server-500)
      • Recover from intermittent errors (sota_tools/CMakeLists.txt, test-server-error_every_10)
      • Abort when server becomes unresponsive (sota_tools/CMakeLists.txt, test-server-500_after_20)
  • Get OSTree object from a repository
    • Find OSTree object in local repository (ostree_dir_repo_test.cc)
      • Check all valid OSTree object extensions (ostree_dir_repo_test.cc)
      • Abort if OSTree object is not found (ostree_dir_repo_test.cc)
        • Abort when given a bogus OSTree ref (sota_tools/CMakeLists.txt, test-missing-ref)
    • Fetch OSTree object from remote repository (ostree_http_repo.cc)
      • Check all valid OSTree object extensions (ostree_http_repo.cc)
      • Retry fetch if not found after first try (ostree_http_repo.cc)
      • Abort if OSTree object is not found after retry (ostree_http_repo.cc)
  • Query destination repository for OSTree object (ostree_object_test.cc)
    • Expect HTTP 200 for a hash that we expect the server to know about (ostree_object_test.cc)
    • Expect HTTP 404 for a hash that we expect the server not to know about (ostree_object_test.cc)

meta-updater

meta-updater is a Yocto layer used to build aktualizr, garage-push, OSTree, and other related tools.

  • Run garage-push
  • Run garage-deploy
  • Run garage-sign
  • Build credentials into an image
  • Run aktualizr-cert-provider
  • Build an image with automatic provisioning that provisions successfully
  • Build an image with implicit provisioning that provisions successfully
  • Build an image with implicit provisioning using an HSM that provisions successfully
  • Build an image with manual control that provisions successfully
  • Build an image for Raspberry Pi
  • Build an image using grub as a bootloader that provisions successfully
  • Build an image for a secondary
  • Build an image that listens for discovery
  • Build an image for a primary intended to connect to a secondary