Hi folks,
The 2023.05 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Relicense LAVA to GPLv2 or later
Before this patch, LAVA code was licensed under GPLv2 (or later) or AGPLv3,
depending on the python module. This release relicense all the code to
GPLv2 or later.
Approval from the relevant contributors has been requested and granted
before hand.
# Migration to gitlab.com
Most of the LAVA projects has been migrated to [gitlab.com](
https://gitlab.com/lava) in the `lava` namespace. The remaining projects
(including LAVA) should be migrated before the end of July.
# Deploy to UUU
Connect device before flashing images. The DUT serial output is now
included in job logs. This is useful to retrieve error message from boot
image raised during flash steps
# lava-docker-worker
Don't use cache when building the dispatcher docker image
This is to make sure the latest dependencies defined in Dockerfile are
built into the custom image, typically when the depends are pull from git
repo or downloaded from internet.
Also add `--use-cache` to allow to override the default behavior.
# LAVAFed rework
The lavafed project has been reworked bringing a better test overage on
real devices. The project is mostly using staging.validation.linaro.org
instance for running on physical devices. If you are willing to
participate, please provide access to you staging instances.
# LAVA server performances
The performances of the LAVA server service has been improved by reworking
the SQL queries when enforcing the authorization model. This should improve
the performances on most pages.
# XML-RPC API
Add support to delete device and worker:
```
scheduler.devices.delete
scheduler.workers.delete
```
Rgds
--
Rémi Duraffort
Principal Tech Lead
Automation Software Team
Linaro
Hi folks,
The 2023.03 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
## New device-types
New supported devices:
* hp-14b-na0052xx-zork
* imx8mm-innocomm-wb15-evk
* rk3588-rock-5b
## Deploy
### Apply overlay
Fix applying overlay to a custom directory.
The test directory, which defaults to `/lava-%s` (where `%s` gets replaced
by the `job ID`), can be overridden like this:
```yaml
context:
lava_test_results_dir: /var/lib/lava-%s
```
### nbd
Handle `nbd-server` running as non-root.
On Debian, nbd-server is running as nbd by default, thus preventing the
image owned by root to be mounted as rw. So LAVA should detect the
nbd-server user and chown image to it.
## Boot
### Fastboot
LAVA is now raising `InfrastructureError` on `fastboot-boot-commands`
timeout.
Timeouts caused by the DUT not entering fastboot mode or by faults in the
connection to the DUT while running pre-boot fastboot commands should be
treated as infrastructure errors.
### Nodebooter
Add support for nodebooter service for booting grub based devices. In order
to enable the support, add to the device-type template:
```yaml
{% set has_nodebooter = True %}
```
Nodebooter action will start the nodebooter container, configure it, add
the DUT via API to nodebooter and reset the device to be netbooted by
nodebooter.
### uuu
Serial availability is now skipped when the first command is `bcu: reset
usb` or when uuu block contain only bcu protocol.
## Healthz
Add a new endpoint at `/v1/healthz/`. This endpoint checks that the
connection to the database is working properly and returns either 200 or
500. This can be used by reverse proxy to check the status of the gunicorn
process.
## lava-docker-worker
Fix `lava-docker-worker` systemd service dependencies. The service should
depend on both `containerd` and `docker`.
Prior to this version, system reboot would take a lot of time waiting
lava-docker-worker to stop.
## XMLRPC
### encoding
Fix the encoding of the response from the server. This will fix encoding
issues with some specific characters.
### Device(-type)s permissions
A new set of api endpoints has been added to manage devices and
device-types permissions:
* `scheduler.devices.perms(add|delete|list)`
* `scheduler.device_typess.perms(add|delete|list)`
### Users and groups
A new set of api endpoints has been added to mange users and groups:
* `auth.groups`: (add|delete|list|show) groups
* `auth.groups.perms` (add|delete|list) permissions of a specific group
* `auth.users` (add|delete|list|show|update) users
* `auth.users.groups` (add|delete|list) groups of a specific user
* `auth.users.perms` (add|delete|list) permissions of a specific user
Rgds
--
Rémi Duraffort
Principal Tech Lead
Automation Software Team
Linaro
Hi folks,
The 2023.02 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
## New device-types
New supported devices:
* acer-cbv514-1h-34uz-brya
* acer-chromebox-cxi4-puff
* acer-cp514-3wh-r0qs-guybrush
* b-u585i-iot02a
* stm32mp15x-eval
## Deploy and boot methods
### FVP
Under some rare circumstances some FVP model can enter an infinite loop of
printing again and again the same lines. This was preventing LAVA to cleanup
correctly and was leaking a running model inside it's docker container.
Starting from this release, LAVA will cleanup the container correctly.
### uuu
Distinguish between normal timeout and abnormal exit when running serial
download check.
## lava-dispatcher-host package
Add support to install and use `lava-dispatcher-host` on Ubuntu 20.10 and
22.04. Also fix device sharing on Debian Bookworm.
## lava-publisher
lava-publisher is now listening on /ws/v1/healthz endpoint and returns a 200
status code. This can be used to check lava-publisher health.
## LAVA events
websocket events are not authenticated. When connecting to the websocket
stream, you will only receive events for devices that you can access. Use
the
latest lavacli release to send authenticated websocket requests.
## Performances
The performance of the server part has been improved on multiple pages.
Loading
the corresponding pages should be way quicker now.
## PostgreSQL
Starting from 2023.02, LAVA will set a default value of 600 to
`CONN_MAX_AGE`,
enabling persistent database connection. This is recommended by Django and
should improve the performances.
Rgds
--
Rémi Duraffort
Principal Tech Lead
Automation Software Team
Linaro
Hi folks,
The 2023.01 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
## New device-types
New supported devices:
* hp-x360-14a-cb0001xx-zork
* imx6ulz-lite-evk
* imx93-9x9-qsb
* jh7100-starfive-visionfive-v1
* mt8195-cherry-tomato-r2
## Security issues
Multiple security issues has been found and fixed in this release. The
details will be shared in some weeks in order to give time for admins to
upgrade.
## Debian support
The support for Debian Buster has been dropped as Debian Buster does not
provide support for the latest pyyaml versions.
This release also add support for Debian Bookworm.
## Action timeouts
Allow defining a timeout for an individual action in the block section.
This allows to override all the actions in a block at once, while still
being
able to control single action timeouts within the same block.
```yaml
actions:
- deploy:
timeout:
minutes: 5
timeouts:
http-download:
minutes: 1
```
## Interactive test action
In interactive test action, you can now user the server IP and Job ID in
test
commands. The variables are `SERVER_IP` and `JOB_ID`.
This can be used with:
```yaml
- test:
interactive:
- name: network
prompts: ["=> ", "/ # "]
script:
- command: ping {SERVER_IP}
```
## Settings
A new set of environment variable is taken into account when loading
settings.
Every variables prefixed by `LAVA_YAML_SETTINGS_` will be yaml loaded and
added
to the django settings.
For instance to define `Debug` to `True`:
```shell
LAVA_YAML_SETTINGS_DEBUG=true
```
This will be useful when deploying using docker-compose or k8s.
## Test definitions
This release drop the TarRepoAction test definition action.
This feature was never used in LAVAv2 and has been replaced by the
UrlRepoAction since 2022.09.
Instead of providing the tar as base64 encoded in the job definition (that
can
be huged), the user can provide a url to the tar that will be downloaded,
decompressed (if needed) and extracted.
## XMLRPC API
Lava uses XMLRPC for its system management endpoints, which is secured via
HTTP
basic authentication. This adds `system.set_user_groups` taking a string
email
address for the user, and an array of string group names which will be the
exact set of groups of which the user is a member.
This endpoint requires a token from a user with staff permissions in order
to
access it.
Rgds
--
Rémi Duraffort
Principal Tech Lead
Automation Software Team
Linaro
We have recently fixed some serious security issues on LAVA server.
CVE-2022-44641: Recursive XML entity expansion
Users with valid accounts can submit a specially crafted XML document via the
XMLRPC that causes a recursive XML entity expansion, consuming large amounts
of resources and eventually cause a Denial of Service on the LAVA server.
This problem was found, and the fix provided, by Igor Ponomarev from
Collabora. The fix has been released in 2022.11, with the following patch:
https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974…
CVE-2022-45132: Code execution in jinja templates
A specially crafted jinja2 template can be submitted to a publicly accessible
REST API endpoint without any authentication and cause a remote command
execution as the same user that is running the LAVA server web application.
This problem was found, and the fix provided, by Igor Ponomarev from
Collabora. The fix has been released in 2022.11.1, with the following patch:
https://git.lavasoftware.org/lava/lava/-/commit/ab17e8304f10c7c0fe912067f2e…
We strongly recommend that administrators upgrade to the 2022.11.1
release immediately, or failing that, at least apply the patches linked
above locally to their lava server.
Hi folks,
The 2022.11 tag has been pushed to master on git.lavasoftware.org
<http://git.lavasoftware.org/>.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Device-types
## New device-types
New supported devices:
* kv260
* sm8350-hdk
* asus-CM1400CXA-dalboz
## imx8
* separate common configure of 8u series to imx8u-common and add new device
type imx8ulp-9x9-evk
# LAVA dispatcher
* Modifying sparse rootfs is now fully supported.
* Add ava and base-edk2 device types
* schema.deploy.fvp: add the optional uniquify param
# Bug fixes
* Fix filenames when overlaying tar files
* Add missing OIDC setting keys to common settings
* share/requires.py: fix building for debian -backports and -security suites
* reprepro-release: don't trigger on debian/* tags
* Fix a huge performance issue when parsing kernel boot log
* schema: allow to use auto_login in depthcharge boot action
* kernel messages: fix match for login prompts
* device-type: add bcu_board_name for some missed imx boards
* fvp: raise a JobError when escaping is required
Thanks,
--
Stevan Radaković | Senior Engineer
Linaro.org <www.linaro.org> │ Open source software for ARM SoCs
Hi folks,
The 2022.10 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
## New device-types
New supported devices:
* acer-R721T-grunt
* k3-am625-sk
* r8a77950-ulcb
* sc7180-trogdor-kingoftown
## Security issue
A security issue as been discovered in LAVA. We advice LAVA admins to
upgrade their instances.
## Django authentication
Fix two authorization issues for device (type) visibility
First one is on worker detail page while looking at transitions, a
non-authorized user can see device transitions for devices he's not
supposed to.
Second one is the device type health history; users are able to view the
whole page they're not supposed to. Also on the same page, transitions are
shown to non-authorized users.
## Use monotonic times
`time.time()` is affected by system time changes like daylight savings,
leap seconds and clock drift.
Monotonic time will always move forward. lava-dispatcher is now using it to
compute duration and timeouts.
Thanks
--
Rémi Duraffort
LAVA and Tux Architect
Linaro
Hi folks,
The 2022.08 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
## New device-types
New supported devices:
* aaeon-UPN-EHLX4RE-A10-0864
* imx8ulp-evk
* imx93-11x11-evk
* mt8192-asurada-spherion-r0
* synquacer-uboot
## Grub based device-types
Allow device-type to easily disable interrupting boot. This is not required
if grub is build to always drop to a shell.
In the device-type template or device dictionary, add:
```jinja
{% set grub_needs_interrupt = false %}
```
## UUU and BCU
Add support for [BCU](https://github.com/NXPmicro/bcu#readme) to the UUU
based device-types. This utility allows changing the board's boot
configuration (mainly SD card, eMMC or USB Serial Download Protocol)
through a serial interface.
In the device dictionary, add:
```jinja
{% set bcu_board_id = '2-1.3' %}
```
Then in the job definition, you can use bcu directly:
```yaml
- boot:
method: uuu
commands:
- bcu: reset usb
- uuu: -b emmc {boot}
- bcu: set_boot_mode emmc
timeout:
minutes: 20
```
The support has been enabled for imx8dxl-evk imx8ulp-evk imx8mp-evk and
imx93-11x11-evk device-types.
## OpenID connect
LAVA server can now support OpenID connect (for instance Azure ID or
Keycloack) to authenticate users.
In roder to use this feature, you should install `mozilla-django-oidc` and
add to the settings:
```yaml
AUTH_OIDC:
OIDC_RP_CLIENT_ID: "1"
OIDC_RP_CLIENT_SECRET: "bd01adf93cfb"
OIDC_OP_AUTHORIZATION_ENDPOINT: "http://testprovider:8080/openid/authorize
"
OIDC_OP_TOKEN_ENDPOINT: "http://testprovider:8080/openid/token"
OIDC_OP_USER_ENDPOINT: "http://testprovider:8080/openid/userinfo"
```
See [mozilla-django-oidc](
https://mozilla-django-oidc.readthedocs.io/en/stable/settings.html) for the
full list of options.
## Transfer Overlay
For device-type where the base OS does not provide tools to download over
http (like wget or curl), the transfer overlay action can now use NFS.
In order to use this, the job definition would look like:
```yaml
- boot:
[...]
transfer_overlay:
transfer_method: nfs
download_command: mount -t nfs -o nolock
unpack_command: cp -rf
```
Rgds
--
Rémi Duraffort
Tux and LAVA Architect
Linaro
Hi folks,
The 2022.06 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Device-types
## New device-types
New supported devices:
* bcm2835-rpi-b-rev2
* jh7100-visionfive
* kontron-bl-imx8mm
* rk3399-roc-pc
# Docker test shell
Starting from this release, when using the docker test shell, the current
device connection will be recorded in the logs as a feedback connection.
This allows to print the DUT logs while running a docker test shell.
# Callbacks
It is now possible to receive a callback notification for both `running`
and `finished` job. You have to set `criteria: all` in the job definition.
# Private instance
It is now possible to require all users to login before accessing any page
outside of the home page, documentation pages and the login page itself by
setting the `REQUIRE_LOGIN` variable in any YAML configuration file under
`/etc/lava-server/settings.d/*.yaml`.
Rgds
--
Rémi Duraffort
TuxArchitect
Linaro
