Hi folks,
The 2023.01 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
## New device-types
New supported devices:
* hp-x360-14a-cb0001xx-zork
* imx6ulz-lite-evk
* imx93-9x9-qsb
* jh7100-starfive-visionfive-v1
* mt8195-cherry-tomato-r2
## Security issues
Multiple security issues has been found and fixed in this release. The
details will be shared in some weeks in order to give time for admins to
upgrade.
## Debian support
The support for Debian Buster has been dropped as Debian Buster does not
provide support for the latest pyyaml versions.
This release also add support for Debian Bookworm.
## Action timeouts
Allow defining a timeout for an individual action in the block section.
This allows to override all the actions in a block at once, while still
being
able to control single action timeouts within the same block.
```yaml
actions:
- deploy:
timeout:
minutes: 5
timeouts:
http-download:
minutes: 1
```
## Interactive test action
In interactive test action, you can now user the server IP and Job ID in
test
commands. The variables are `SERVER_IP` and `JOB_ID`.
This can be used with:
```yaml
- test:
interactive:
- name: network
prompts: ["=> ", "/ # "]
script:
- command: ping {SERVER_IP}
```
## Settings
A new set of environment variable is taken into account when loading
settings.
Every variables prefixed by `LAVA_YAML_SETTINGS_` will be yaml loaded and
added
to the django settings.
For instance to define `Debug` to `True`:
```shell
LAVA_YAML_SETTINGS_DEBUG=true
```
This will be useful when deploying using docker-compose or k8s.
## Test definitions
This release drop the TarRepoAction test definition action.
This feature was never used in LAVAv2 and has been replaced by the
UrlRepoAction since 2022.09.
Instead of providing the tar as base64 encoded in the job definition (that
can
be huged), the user can provide a url to the tar that will be downloaded,
decompressed (if needed) and extracted.
## XMLRPC API
Lava uses XMLRPC for its system management endpoints, which is secured via
HTTP
basic authentication. This adds `system.set_user_groups` taking a string
email
address for the user, and an array of string group names which will be the
exact set of groups of which the user is a member.
This endpoint requires a token from a user with staff permissions in order
to
access it.
Rgds
--
Rémi Duraffort
Principal Tech Lead
Automation Software Team
Linaro
We have recently fixed some serious security issues on LAVA server.
CVE-2022-44641: Recursive XML entity expansion
Users with valid accounts can submit a specially crafted XML document via the
XMLRPC that causes a recursive XML entity expansion, consuming large amounts
of resources and eventually cause a Denial of Service on the LAVA server.
This problem was found, and the fix provided, by Igor Ponomarev from
Collabora. The fix has been released in 2022.11, with the following patch:
https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974…
CVE-2022-45132: Code execution in jinja templates
A specially crafted jinja2 template can be submitted to a publicly accessible
REST API endpoint without any authentication and cause a remote command
execution as the same user that is running the LAVA server web application.
This problem was found, and the fix provided, by Igor Ponomarev from
Collabora. The fix has been released in 2022.11.1, with the following patch:
https://git.lavasoftware.org/lava/lava/-/commit/ab17e8304f10c7c0fe912067f2e…
We strongly recommend that administrators upgrade to the 2022.11.1
release immediately, or failing that, at least apply the patches linked
above locally to their lava server.
Hi folks,
The 2022.11 tag has been pushed to master on git.lavasoftware.org
<http://git.lavasoftware.org/>.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Device-types
## New device-types
New supported devices:
* kv260
* sm8350-hdk
* asus-CM1400CXA-dalboz
## imx8
* separate common configure of 8u series to imx8u-common and add new device
type imx8ulp-9x9-evk
# LAVA dispatcher
* Modifying sparse rootfs is now fully supported.
* Add ava and base-edk2 device types
* schema.deploy.fvp: add the optional uniquify param
# Bug fixes
* Fix filenames when overlaying tar files
* Add missing OIDC setting keys to common settings
* share/requires.py: fix building for debian -backports and -security suites
* reprepro-release: don't trigger on debian/* tags
* Fix a huge performance issue when parsing kernel boot log
* schema: allow to use auto_login in depthcharge boot action
* kernel messages: fix match for login prompts
* device-type: add bcu_board_name for some missed imx boards
* fvp: raise a JobError when escaping is required
Thanks,
--
Stevan Radaković | Senior Engineer
Linaro.org <www.linaro.org> │ Open source software for ARM SoCs
Hi folks,
The 2022.10 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
## New device-types
New supported devices:
* acer-R721T-grunt
* k3-am625-sk
* r8a77950-ulcb
* sc7180-trogdor-kingoftown
## Security issue
A security issue as been discovered in LAVA. We advice LAVA admins to
upgrade their instances.
## Django authentication
Fix two authorization issues for device (type) visibility
First one is on worker detail page while looking at transitions, a
non-authorized user can see device transitions for devices he's not
supposed to.
Second one is the device type health history; users are able to view the
whole page they're not supposed to. Also on the same page, transitions are
shown to non-authorized users.
## Use monotonic times
`time.time()` is affected by system time changes like daylight savings,
leap seconds and clock drift.
Monotonic time will always move forward. lava-dispatcher is now using it to
compute duration and timeouts.
Thanks
--
Rémi Duraffort
LAVA and Tux Architect
Linaro
Hi folks,
The 2022.08 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
## New device-types
New supported devices:
* aaeon-UPN-EHLX4RE-A10-0864
* imx8ulp-evk
* imx93-11x11-evk
* mt8192-asurada-spherion-r0
* synquacer-uboot
## Grub based device-types
Allow device-type to easily disable interrupting boot. This is not required
if grub is build to always drop to a shell.
In the device-type template or device dictionary, add:
```jinja
{% set grub_needs_interrupt = false %}
```
## UUU and BCU
Add support for [BCU](https://github.com/NXPmicro/bcu#readme) to the UUU
based device-types. This utility allows changing the board's boot
configuration (mainly SD card, eMMC or USB Serial Download Protocol)
through a serial interface.
In the device dictionary, add:
```jinja
{% set bcu_board_id = '2-1.3' %}
```
Then in the job definition, you can use bcu directly:
```yaml
- boot:
method: uuu
commands:
- bcu: reset usb
- uuu: -b emmc {boot}
- bcu: set_boot_mode emmc
timeout:
minutes: 20
```
The support has been enabled for imx8dxl-evk imx8ulp-evk imx8mp-evk and
imx93-11x11-evk device-types.
## OpenID connect
LAVA server can now support OpenID connect (for instance Azure ID or
Keycloack) to authenticate users.
In roder to use this feature, you should install `mozilla-django-oidc` and
add to the settings:
```yaml
AUTH_OIDC:
OIDC_RP_CLIENT_ID: "1"
OIDC_RP_CLIENT_SECRET: "bd01adf93cfb"
OIDC_OP_AUTHORIZATION_ENDPOINT: "http://testprovider:8080/openid/authorize
"
OIDC_OP_TOKEN_ENDPOINT: "http://testprovider:8080/openid/token"
OIDC_OP_USER_ENDPOINT: "http://testprovider:8080/openid/userinfo"
```
See [mozilla-django-oidc](
https://mozilla-django-oidc.readthedocs.io/en/stable/settings.html) for the
full list of options.
## Transfer Overlay
For device-type where the base OS does not provide tools to download over
http (like wget or curl), the transfer overlay action can now use NFS.
In order to use this, the job definition would look like:
```yaml
- boot:
[...]
transfer_overlay:
transfer_method: nfs
download_command: mount -t nfs -o nolock
unpack_command: cp -rf
```
Rgds
--
Rémi Duraffort
Tux and LAVA Architect
Linaro
Hi folks,
The 2022.06 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Device-types
## New device-types
New supported devices:
* bcm2835-rpi-b-rev2
* jh7100-visionfive
* kontron-bl-imx8mm
* rk3399-roc-pc
# Docker test shell
Starting from this release, when using the docker test shell, the current
device connection will be recorded in the logs as a feedback connection.
This allows to print the DUT logs while running a docker test shell.
# Callbacks
It is now possible to receive a callback notification for both `running`
and `finished` job. You have to set `criteria: all` in the job definition.
# Private instance
It is now possible to require all users to login before accessing any page
outside of the home page, documentation pages and the login page itself by
setting the `REQUIRE_LOGIN` variable in any YAML configuration file under
`/etc/lava-server/settings.d/*.yaml`.
Rgds
--
Rémi Duraffort
TuxArchitect
Linaro
Hi folks,
The 2022.05 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Device-types
## New device-types
New supported devices:
* am437x-idk-evm
* am57xx-beagle-x15
* armada-388-clearfog-pro
* hp-14-db0003na-grunt
* imx6dl-udoo
* kontron-kswitch-d10-mmt-6g-2gs
* kontron-kswitch-d10-mmt-8g
* rk3399-khadas-edge-v
* sun9i-a80-cubieboard4
## depthcharge
Add extra_kernel_args parameter to the Depthcharge boot method, to allow
specifying additional kernel arguments specific for each boot action in
multi-stage jobs.
# Debian package
## lava-dispatcher-host
Allow to install the package on Ubuntu focal. This allows to run a lava
worker on Ubuntu focal thanks to `lava-docker-worker`.
# Social accounts
Add a page allowing users to manage the social account connection.
# Performances
## Scheduler
Improve scheduler performance by caching the device-type templates. The
previous caching mechanism was in fact broken.
## Web interface
Improve server performances when browsing the LAVA web interface as
anonymous user.
Rgds
--
Rémi Duraffort
LAVA and TuxArchitect
Linaro
Hi folks,
The 2022.04 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Device-types
## New device-types
New supported devices:
* morello
# Authentications
Allow to enable login with multiple social accounts at once. The login page
will display the available options with logos.
# Environment
The dispatcher IP is now available in the test shell actions as
`LAVA_DISPATCHER_IP`.
# Git authentication
LAVA can now clone from authenticated git repositories. The credentials
should be present in the local environment variable, for example via the
`secrets` dictionary. LAVA dispatcher now expands environment variables in
git urls:
```yaml
actions:
- test:
definitions:
- repository: https://${USER}:${TOKEN}@example.com/definitions.git
from: git
[...]
secrets:
USER: MY_USER
TOKEN: MY_TOKEN
```
# lava-docker-worker
The LAVA team advice to replace `lava-worker` by `lava-docker-worker` as
this daemon will automatically upgrade and downgrade the local lava-woker
container to match the remote server version.
For this release, the `lava-docker-worker` daemon stability as been improve
a lot in this release. This is now used in production at Linaro.
# Overlays
The lava dispatcher is now able to run `img2simg` after applying the
overlays. Users should add `spare: true`:
```yaml
rootfs:
url: "http://example.com/rootfs.ext4.xz"
format: ext4
sparse: true
overlays:
modules:
url: "http://example.com/modules.tar.xz"
[...]
```
# Server performances
## logging interval
Starting from this release, the default logging interval is set to 5s.
lava-run will now send the job logs every 5s, instead of every seconds.
This should decrease the load on the LAVA server.
## Scheduler lock
Prior to this release, the lava-scheduler process was locking the worker
table during the scheduling. On large instances, this would prevent the
workers to update their status.
Starting from this release, lava-scheduler is not locking the worker table
anymore.
# XML-RPC API
## Device-types
The XML-RPC API is now returning the `health_denominator` and
`health_frequency` when calling `scheduler.device_types.show`. This
function will also return a boolean (`default_template`) indicating if this
device-type is using a custom templare or the default one.
## Devices
The XML-RPC API allows to change the device-type of a specific device when
calling `scheduler.devices.update`.
## workers
The XML-RPC API call `scheduler.workers.show` is now returning booleans
(`default_config`, `default_env` and `default_env_dut`) to indicate if the
worker is using a custom config (env or env-dut) file.
Rgds
--
Rémi Duraffort
LAVA and Tux Architect
Linaro
Hi folks,
The 2022.03 tag has been pushed to master on git.lavasoftware.org.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://hub.lavasoftware.org/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Device-types
## New device-types
New supported devices:
* at91sam9g20ek
# Server performances
Improve server performances by dropping COUNT queries that where used for
pagination. Also cache permissions to avoid recalculation in the same page.
# lava-(docker)-worker
Allow to set `--job-log-interval` for both `lava-docker-worker` and
`lava-worker`. On large instances, admins can increase the value to lower
server load.
# lava-dispatcher-host
Fix a file descriptor leak. Without this patch, after some jobs, the
process will run out of file descriptors.
# lava-run
Add job definition secrets to the environment when starting `lava-run`.
This allows to download from private git repositories by providing
authentication in the job definition secrets.
Rgds
--
Rémi Duraffort
TuxArchitect
Linaro
