Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix sonic-installer install for Arista secureboot #1366

Merged
merged 1 commit into from
Feb 6, 2021
Merged

Fix sonic-installer install for Arista secureboot #1366

merged 1 commit into from
Feb 6, 2021

Conversation

Staphylo
Copy link
Contributor

- What I did

Abstracted away the access to the path of the rootfs via a contextmanager.
In Arista secureboot, the rootfs is never extracted on the flash. Instead it's mounted directly from within the signed SWI.
The update_sonic_environment function however always assume that the rootfs to be at the same place.

- How I did it

To alleviate this restriction, a new context manager to obtain the rootfs is introduced.
The choice of a context manager rather than a function is entirely based on error management and cleanup.
Mounting a squashfs from a swi file requires the use of losetup which makes the rootfs available under /dev/loopX
Once done or on error, we need to free this resource which becomes free when using a contextmanager.

- How to verify it

Use sonic-installer install on any switch that is an Arista switch with secureboot enabled.
For backward compatibility, test the same command on any other switch.

- Previous command output (if the output of a command-line utility has changed)

- New command output (if the output of a command-line utility has changed)

@Staphylo
Copy link
Contributor Author

@jleveque @qiluo-msft

@qiluo-msft
Copy link
Contributor

qiluo-msft commented Jan 22, 2021
edited
Loading 

       m  = re.search(r"secure_boot_enable=[y1]", f.read())

remove extra blank char #Closed

Refers to: sonic_installer/bootloader/aboot.py:40 in 4903140. [](commit_id = 4903140ab34ed4c510a39ddb2f13538f7122574a, deletion_comment = False)

jleveque
jleveque suggested changes Jan 22, 2021
View reviewed changes
sonic_installer/bootloader/aboot.py Outdated Show resolved Hide resolved
@Staphylo Staphylo force-pushed the master-secureboot-rootmount branch 2 times, most recently from 413642a to 4903140 Compare January 22, 2021 02:16
jleveque
jleveque previously approved these changes Jan 25, 2021
View reviewed changes
qiluo-msft
qiluo-msft previously approved these changes Jan 25, 2021
View reviewed changes
@Staphylo
Fix unsupported fs.squashfs extraction in sonic-installer
ea6f493 
Secureboot on Arista mounts the fs.squashfs directly from the signed SWI file.
It is therefore not available at the usual location.
@Staphylo Staphylo dismissed stale reviews from qiluo-msft and jleveque via ea6f493 January 29, 2021 22:11
@Staphylo
Copy link
Contributor Author

Just rebased to resolve conflict with echo_and_log refactor.

@jleveque
Copy link
Contributor

jleveque commented Feb 5, 2021

Retest this please

@lguohan lguohan merged commit 2ad1168 into sonic-net:master Feb 6, 2021
anand-kumar-subramanian pushed a commit to anand-kumar-subramanian/sonic-utilities that referenced this pull request Mar 2, 2021
@Staphylo @anand-kumar-subramanian
Fix unsupported fs.squashfs extraction in sonic-installer (sonic-net#…
adcdd2d 
…1366)

Abstracted away the access to the path of the rootfs via a contextmanager.
In Arista secureboot, the rootfs is never extracted on the flash. Instead it's mounted directly from within the signed SWI.
The update_sonic_environment function however always assume that the rootfs to be at the same place.

- How I did it

To alleviate this restriction, a new context manager to obtain the rootfs is introduced.
The choice of a context manager rather than a function is entirely based on error management and cleanup.
Mounting a squashfs from a swi file requires the use of losetup which makes the rootfs available under /dev/loopX
Once done or on error, we need to free this resource which becomes free when using a contextmanager.
@daall daall mentioned this pull request Apr 13, 2021
Merged
daall pushed a commit that referenced this pull request Apr 21, 2021
@Staphylo @daall
Fix unsupported fs.squashfs extraction in sonic-installer (#1366)
807bdb8 
Abstracted away the access to the path of the rootfs via a contextmanager.
In Arista secureboot, the rootfs is never extracted on the flash. Instead it's mounted directly from within the signed SWI.
The update_sonic_environment function however always assume that the rootfs to be at the same place.

- How I did it

To alleviate this restriction, a new context manager to obtain the rootfs is introduced.
The choice of a context manager rather than a function is entirely based on error management and cleanup.
Mounting a squashfs from a swi file requires the use of losetup which makes the rootfs available under /dev/loopX
Once done or on error, we need to free this resource which becomes free when using a contextmanager.
@Staphylo Staphylo mentioned this pull request Sep 2, 2021
Merged
stepanblyschak pushed a commit to stepanblyschak/sonic-utilities that referenced this pull request Apr 28, 2022
@abdosi
[submodule update] sonic-swss
ae65de6 
 Remove 00-copp.config.json from swss debian package. (sonic-net#1366)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qiluo-msft qiluo-msft qiluo-msft approved these changes

@jleveque jleveque jleveque left review comments

@tahmed-dev tahmed-dev Awaiting requested review from tahmed-dev

@xumia xumia Awaiting requested review from xumia

Assignees
No one assigned
Labels
Bug Included in 202012 Branch Request for 202012 Branch sonic-installer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Staphylo @qiluo-msft @jleveque @lguohan @daall