ctest: deprecate payload signing
Currently, ctest.py allows generating and testing signed payloads, but
that options has been disabled for long time and not being used. In
addition we are in the work of deprecating payload generation/signing
from devservers and this makes things much easier. Besides image signing
logic should not be here and I don't think it is necessary to test
signed payloads in VM as we can eaisly test them on real images. In
addition ctest is going to be deprecated sometimes soon and this helps
with that one too.
BUG=chromium:872441
TEST=betty-chrome-pfq-tryjob
Change-Id: Id5f92a49d82ac014f06098e38133dd8391046430
Reviewed-on: https://chromium-review.googlesource.com/1659436
Tested-by: Amin Hassani <ahassani@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/ctest/ctest.py b/ctest/ctest.py
index c308462..ded2b0a 100755
--- a/ctest/ctest.py
+++ b/ctest/ctest.py
@@ -37,10 +37,7 @@
crosutils_root: Location of crosutils.
jobs: Numbers of threads to run in parallel.
no_graphics: boolean: If True, disable graphics during vm test.
- payload_signing_key: Signs payloads with this key.
- public_key: Loads key to verify signed payloads.
remote: ip address for real test harness run.
- sign_payloads: Build some payloads with signed keys.
target: Target image to test.
test_results_root: Root directory to store au_test_harness results.
type: which test harness to run. Possible values: real, vm, gce.
@@ -59,38 +56,16 @@
self.crosutils_root = os.path.join(constants.SOURCE_ROOT, 'src', 'scripts')
self.no_graphics = opts.no_graphics
self.remote = opts.remote
- # TODO(sosa): Remove once signed payload bug is resolved.
- #self.sign_payloads = not opts.cache
- self.sign_payloads = False
self.target = opts.target_image
self.test_results_root = opts.test_results_root
self.type = opts.type
self.whitelist_chrome_crashes = opts.whitelist_chrome_crashes
-
- self.public_key = None
- if self.sign_payloads:
- self.payload_signing_key = os.path.realpath(
- os.path.join(self.crosutils_root, '..', 'platform', 'update_engine',
- 'unittest_key.pem'))
- else:
- self.payload_signing_key = None
-
self.jobs = opts.jobs
# An optional ssh private key used for testing.
self.ssh_private_key = opts.ssh_private_key
self.ssh_port = opts.ssh_port
- def GeneratePublicKey(self):
- """Returns the path to a generated public key from the UE private key."""
- # Just output to local directory.
- public_key_path = 'public_key.pem'
- logging.info('Generating public key from private key.')
- cros_build_lib.RunCommand(
- ['openssl', 'rsa', '-in', self.payload_signing_key, '-pubout',
- '-out', public_key_path], print_cmd=False)
- self.public_key = public_key_path
-
def FindTargetAndBaseImages(self):
"""Initializes the target and base images for CTest."""
if not self.target:
@@ -134,10 +109,6 @@
if full:
cmd.append('--full_suite')
- # This only is compatible with payload signing.
- if self.sign_payloads:
- cmd.append('--public_key=%s' % self.public_key)
- cmd.append('--private_key=%s' % self.payload_signing_key)
else:
cmd.append('--basic_suite')
@@ -199,10 +170,6 @@
if self.whitelist_chrome_crashes:
cmd.append('--whitelist_chrome_crashes')
- # We did not generate signed payloads if this is a |quick_update| test.
- if not quick_update and self.sign_payloads:
- cmd.append('--payload_signing_key=%s' % self.payload_signing_key)
-
# Give tests 10 minutes to clean up before shut down.
res = cros_build_lib.RunCommand(cmd, cwd=self.crosutils_root,
error_code_ok=True, kill_timeout=10 * 60)
@@ -277,8 +244,6 @@
setattr(opts, x, os.path.abspath(val))
ctest = CTest(opts)
- if ctest.sign_payloads:
- ctest.GeneratePublicKey()
ctest.FindTargetAndBaseImages()
if not opts.only_verify:
ctest.GenerateUpdatePayloads(not opts.quick_update)
diff --git a/generate_test_payloads/cros_generate_test_payloads.py b/generate_test_payloads/cros_generate_test_payloads.py
index 95eb929..f4b723b 100755
--- a/generate_test_payloads/cros_generate_test_payloads.py
+++ b/generate_test_payloads/cros_generate_test_payloads.py
@@ -23,7 +23,6 @@
import optparse
import os
import pickle
-import shutil
import sys
import constants
@@ -40,7 +39,6 @@
from crostestutils.au_test_harness import cros_au_test_harness
-from crostestutils.lib import public_key_manager
from crostestutils.lib import test_helper
@@ -63,15 +61,13 @@
Variables:
target: Create payload for this image.
base: If not None, a delta payload with this image as the source.
- key: If set, signed payload using this private key.
for_vm: Whether we want the payload for a VM image.
"""
NAME_SPLITTER = '_'
- def __init__(self, target, base, key=None, for_vm=False):
+ def __init__(self, target, base, for_vm=False):
self.base = base
self.target = target
- self.key = key
self.for_vm = for_vm
self.payload_dir = None
@@ -80,8 +76,8 @@
def UpdateId(self):
"""Generates a unique update id the test harness can understand."""
- return dev_server_wrapper.GenerateUpdateId(self.target, self.base,
- self.key, self.for_vm)
+ return dev_server_wrapper.GenerateUpdateId(self.target, self.base, None,
+ self.for_vm)
def _CalculateUpdateCacheLabel(self):
"""Calculates the label associated with this payload.
@@ -92,17 +88,12 @@
if self.base:
self.label += _GetFileMd5(self.base) + '_'
self.label += _GetFileMd5(self.target)
- if self.key:
- self.label += '+' + _GetFileMd5(self.key)
def __str__(self):
my_repr = self.target
if self.base:
my_repr = self.base + '->' + my_repr
- if self.key:
- my_repr = my_repr + '+' + self.key
-
if self.for_vm:
my_repr = my_repr + '+' + 'for_vm'
@@ -129,17 +120,12 @@
"""
self.target = options.target
self.base = options.base
- self.target_signed = None # Set later when creating the image.
# For vm tests we use the _qemu name for the images. Regardless of vm or
# non vm, these no_vm names are guaranteed to be non-qemu base/target names.
self.base_no_vm = self.base
self.target_no_vm = self.target
- # Keys.
- self.public_key = options.public_key
- self.private_key = options.private_key
-
# Affect what payloads we create.
self.board = options.board
self.basic_suite = options.basic_suite
@@ -151,9 +137,9 @@
self.vm = _ShouldGenerateVM(options)
- def _AddUpdatePayload(self, target, base, key=None, for_vm=False):
+ def _AddUpdatePayload(self, target, base, for_vm=False):
"""Adds a new required update payload. If base is None, a full payload."""
- payload = UpdatePayload(target, base, key, for_vm)
+ payload = UpdatePayload(target, base, for_vm)
payload.payload_dir = os.path.join(self.PATH_TO_CACHE_DIR, payload.label)
@@ -165,15 +151,6 @@
self.target = test_helper.CreateVMImage(self.target, self.board)
if self.full_suite:
- if self.public_key:
- self.target_signed = self.target + '.signed'
- if not os.path.exists(self.target_signed):
- logging.info('Creating a signed image for signed payload test.')
- shutil.copy(self.target, self.target_signed)
-
- public_key_manager.PublicKeyManager(self.target_signed,
- self.public_key).AddKeyToImage()
-
# The full suite may not have a VM image produced for the test image yet.
# Ensure this is created.
self.base = test_helper.CreateVMImage(self.base, self.board)
@@ -188,11 +165,6 @@
# N->N after N-1->N.
self._AddUpdatePayload(self.target, self.target, for_vm=self.vm)
- # Need a signed payload for the signed payload test.
- if self.target_signed:
- self._AddUpdatePayload(self.target_signed, self.target_signed,
- self.private_key, for_vm=self.vm)
-
if self.basic_suite:
# Update image to itself from VM base.
self._AddUpdatePayload(self.target, self.target, for_vm=self.vm)
@@ -217,16 +189,14 @@
"""
payload_file = os.path.join(payload.payload_dir, 'update.gz')
- logging.info('Generating a%s %s payload %s to %s %s',
- ' signed' if payload.key else 'n unsigned',
+ logging.info('Generating a %s payload %s to %s %s',
'delta' if payload.base else 'full',
('from %s' % payload.base) if payload.base else '',
payload.target,
'and not patching the kernel.' if payload.for_vm else '')
paygen_payload_lib.GenerateUpdatePayload(payload.target, payload_file,
- src_image=payload.base,
- private_key=payload.key)
+ src_image=payload.base)
# Generating the stateful update as devserver would've done.
paygen_stateful_payload_lib.GenerateStatefulPayload(payload.target,
@@ -277,13 +247,6 @@
if not os.path.isfile(options.base):
parser.error('Base image must exist.')
- if options.private_key:
- if not os.path.isfile(options.private_key):
- parser.error('Private key must exist.')
-
- if not os.path.isfile(options.public_key):
- parser.error('Public key must exist.')
-
if _ShouldGenerateVM(options):
if not options.board:
parser.error('Board must be set to generate update '
@@ -303,10 +266,6 @@
# Options related to how to generate test payloads for the test harness.
parser.add_option('--novm', default=True, action='store_false', dest='vm',
help='Test Harness payloads will not be tested in a VM.')
- parser.add_option('--private_key',
- help='Private key to sign payloads for test harness.')
- parser.add_option('--public_key',
- help='Public key to verify payloads for test harness.')
# Options related to the images to test.
parser.add_option('--board', help='Board used for the images.')