Skip to content

Commit 64e6152

Browse files
authored
Updated unit test cases to work with --bind command line parameter (#119)
* Updated unit test cases to work with --bind command line parameter * Trying to fix the build, updated Dockerfile * Reverted to old Dockerfile and moved the new to Dockerfile.sbom * Trying to fix misspell from not throwing errors on dependencies * Fixed spelling errors * Fixing misspell
1 parent 3b992d6 commit 64e6152

File tree

10 files changed

+235
-205
lines changed

10 files changed

+235
-205
lines changed

.github/workflows/misspell.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
name: misspell
22
on:
33
push:
4+
paths-ignore:
5+
- 'lib/**'
46
workflow_dispatch:
57

68
# This allows a subsequently queued workflow run to interrupt previous runs
@@ -14,6 +16,8 @@ jobs:
1416
steps:
1517
- name: Check out code
1618
uses: actions/checkout@v4
19+
- name: Remove lib directory
20+
run: rm -rf lib/
1721
- name: Misspell
1822
uses: PelionIoT/actions/.github/actions/misspell@main
1923
with:

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
### New Features
66

77
* Register a default component COMP_1 when FOTA is enabled using flags `-DFOTA_ENABLE=ON -DFIRMWARE_UPDATE=ON -DFOTA_COMBINED_IMAGE_SUPPORT=ON`.
8-
* Added default firmware install `fota_update_activate.sh` and verify `fota_update_verify.sh` scripts to demonstarted edge-core FOTA feature.
8+
* Added default firmware install `fota_update_activate.sh` and verify `fota_update_verify.sh` scripts to demonstrated edge-core FOTA feature.
99
* Added documentation `./docs/create_manifest_v3.md` and `./docs/prepare_fota_component_update.md`.
1010
* Updated `Dockerfile.debian.byoc` to enabled FOTA feature.
1111
* Docker Support: Added new Dockerfiles to build a lightweight, Debian-based `edge-core` Docker image for different modes:

Dockerfile

Lines changed: 2 additions & 190 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
1-
# Stage 1: Build the edge-core binary
2-
FROM ubuntu:22.04 AS builder
1+
FROM ubuntu:22.04
32

43
ARG developer_certificate=./config/mbed_cloud_dev_credentials.c
54
ARG update_certificate=./config/update_default_resources.c
@@ -16,198 +15,11 @@ COPY . .
1615
RUN pip3 install --upgrade pip
1716
RUN pip3 install manifest-tool
1817

19-
# Copy test certificate files to required locations
20-
RUN echo "Setting up test certificates..." && \
21-
mkdir -p config && \
22-
cp edge-tool/test_data/update_default_resources.c lib/mbed-cloud-client/source/update_default_resources.c && \
23-
cp edge-tool/test_data/mbed_cloud_dev_credentials.c config/mbed_cloud_dev_credentials.c && \
24-
echo "Test certificates configured"
25-
2618
RUN mkdir -p build && \
2719
cd build && \
2820
cmake -DDEVELOPER_MODE=ON -DFIRMWARE_UPDATE=ON .. && \
2921
make
3022

31-
# Stage 2: SBOM Generation
32-
FROM ubuntu:22.04 AS sbom-generator
33-
34-
# Install tools needed for binary analysis and SBOM generation
35-
RUN apt-get update && \
36-
DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata && \
37-
apt-get install -y curl wget file binutils dpkg-dev && \
38-
apt-get clean && rm -rf /var/lib/apt/lists/*
39-
40-
# Install Syft for SBOM generation
41-
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
42-
43-
WORKDIR /sbom-workspace
44-
45-
# Copy the built binary and its runtime environment
46-
COPY --from=builder /usr/src/app/mbed-edge/build/bin/edge-core ./edge-core
47-
COPY --from=builder /usr/src/app/mbed-edge/build ./build
48-
49-
# Copy system libraries that might be needed for analysis
50-
COPY --from=builder /lib /lib
51-
COPY --from=builder /usr/lib /usr/lib
52-
53-
# Create comprehensive binary analysis script
54-
RUN cat > analyze_binary.sh << 'EOF'
55-
#!/bin/bash
56-
set -e
57-
58-
echo "=== EDGE-CORE BINARY ANALYSIS ==="
59-
echo "Binary: $(file ./edge-core)"
60-
echo "Size: $(stat -c%s ./edge-core) bytes"
61-
echo ""
62-
63-
echo "=== DYNAMIC DEPENDENCIES (ldd) ==="
64-
ldd ./edge-core > edge-core-dynamic-deps.txt
65-
cat edge-core-dynamic-deps.txt
66-
echo ""
67-
68-
echo "=== STATIC ANALYSIS (readelf) ==="
69-
echo "Checking for statically linked libraries..."
70-
readelf -d ./edge-core > edge-core-readelf.txt 2>/dev/null || echo "No dynamic section found"
71-
if [ -s edge-core-readelf.txt ]; then
72-
echo "Dynamic section found - binary uses dynamic linking"
73-
grep "NEEDED" edge-core-readelf.txt > edge-core-needed-libs.txt || echo "No NEEDED entries"
74-
else
75-
echo "No dynamic section - binary may be statically linked"
76-
fi
77-
echo ""
78-
79-
echo "=== SYMBOLS ANALYSIS ==="
80-
echo "Checking for embedded library symbols..."
81-
objdump -t ./edge-core 2>/dev/null | grep -E "(mbedtls|jansson|libevent|websocket)" > edge-core-embedded-symbols.txt || echo "No obvious embedded library symbols found"
82-
echo ""
83-
84-
echo "=== PACKAGE MAPPING ==="
85-
echo "Mapping dynamic libraries to system packages..."
86-
> edge-core-package-mapping.txt
87-
if [ -s edge-core-dynamic-deps.txt ]; then
88-
while IFS= read -r line; do
89-
if [[ $line =~ .*=>.*\(.*\) ]]; then
90-
lib_path=$(echo "$line" | awk '{print $3}')
91-
if [ "$lib_path" != "(0x" ] && [ -f "$lib_path" ]; then
92-
package=$(dpkg -S "$lib_path" 2>/dev/null | cut -d: -f1 || echo "unknown")
93-
echo "$lib_path -> $package" >> edge-core-package-mapping.txt
94-
fi
95-
fi
96-
done < edge-core-dynamic-deps.txt
97-
fi
98-
echo ""
99-
100-
echo "=== LICENSE ANALYSIS ==="
101-
echo "Analyzing licenses of dependencies..."
102-
> edge-core-license-analysis.txt
103-
if [ -s edge-core-package-mapping.txt ]; then
104-
while IFS= read -r line; do
105-
package=$(echo "$line" | cut -d' ' -f3)
106-
if [ "$package" != "unknown" ] && [ "$package" != "" ]; then
107-
license=$(dpkg-query -W -f='${Package}: ${License}\n' "$package" 2>/dev/null || echo "$package: License info not available")
108-
echo "$license" >> edge-core-license-analysis.txt
109-
fi
110-
done < edge-core-package-mapping.txt
111-
fi
112-
113-
echo "Analysis complete. Files generated:"
114-
ls -la edge-core-*.txt
115-
EOF
116-
117-
chmod +x analyze_binary.sh
118-
./analyze_binary.sh
119-
120-
# Generate SBOM files with enhanced metadata
121-
echo "=== GENERATING SBOM FILES ==="
122-
echo "Generating comprehensive SBOM with all dependencies..."
123-
syft ./edge-core -o spdx-json=sbom-full.spdx.json
124-
syft ./edge-core -o spdx-tag=sbom-full.spdx.txt
125-
syft ./edge-core -o cyclonedx-json=sbom-full.cyclonedx.json
126-
127-
echo "Generating SBOM excluding system libraries..."
128-
syft ./edge-core --exclude-binary-overlap-by-ownership -o spdx-json=sbom-app-only.spdx.json
129-
syft ./edge-core --exclude-binary-overlap-by-ownership -o spdx-tag=sbom-app-only.spdx.txt
130-
syft ./edge-core --exclude-binary-overlap-by-ownership -o cyclonedx-json=sbom-app-only.cyclonedx.json
131-
132-
# Create a summary report
133-
cat > sbom-analysis-report.md << 'EOF'
134-
# Edge-Core SBOM Analysis Report
135-
136-
## Binary Analysis Summary
137-
138-
This report provides analysis of the edge-core binary and its dependencies for license compliance and SBOM generation.
139-
140-
### Linking Analysis
141-
- **Dynamic Dependencies**: See `edge-core-dynamic-deps.txt`
142-
- **Static Analysis**: See `edge-core-readelf.txt`
143-
- **Package Mapping**: See `edge-core-package-mapping.txt`
144-
- **License Analysis**: See `edge-core-license-analysis.txt`
145-
146-
### SBOM Files Generated
147-
148-
#### Full SBOM (includes all dependencies)
149-
- `sbom-full.spdx.json` - Complete SPDX JSON format
150-
- `sbom-full.spdx.txt` - Complete SPDX tag-value format
151-
- `sbom-full.cyclonedx.json` - Complete CycloneDX JSON format
152-
153-
#### Application-Only SBOM (excludes system libraries)
154-
- `sbom-app-only.spdx.json` - Application SPDX JSON format
155-
- `sbom-app-only.spdx.txt` - Application SPDX tag-value format
156-
- `sbom-app-only.cyclonedx.json` - Application CycloneDX JSON format
157-
158-
### License Compliance Notes
159-
160-
**Apache 2.0 Project Boundaries:**
161-
- The edge-core application itself remains under Apache 2.0 license
162-
- System libraries are runtime dependencies, not distributed components
163-
- Dynamic linking to GPL libraries does not affect Apache 2.0 licensing of the application
164-
- Static linking would require careful license compatibility review
165-
166-
### Recommendations
167-
168-
1. Use `sbom-app-only.*` files for distribution SBOM
169-
2. Use `sbom-full.*` files for complete dependency tracking
170-
3. Review `edge-core-license-analysis.txt` for any GPL dependencies
171-
4. Verify static vs dynamic linking status in analysis files
172-
173-
EOF
174-
175-
echo "SBOM generation complete with analysis"
176-
177-
# Stage 3: Runtime image
178-
FROM ubuntu:22.04 AS runtime
179-
180-
ARG developer_certificate=./config/mbed_cloud_dev_credentials.c
181-
ARG update_certificate=./config/update_default_resources.c
182-
183-
WORKDIR /usr/src/app/mbed-edge
184-
185-
# Install only runtime dependencies
186-
RUN apt-get update && \
187-
DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata && \
188-
apt-get install -y python3 python3-pip && \
189-
apt-get clean && rm -rf /var/lib/apt/lists/*
190-
191-
RUN pip3 install --upgrade pip
192-
RUN pip3 install manifest-tool
193-
194-
# Copy the built binary and necessary files
195-
COPY --from=builder /usr/src/app/mbed-edge/build ./build
196-
COPY --from=builder /usr/src/app/mbed-edge/config ./config
197-
198-
# Copy SBOM files and analysis to the runtime image
199-
COPY --from=sbom-generator /sbom-workspace/sbom-full.spdx.json ./sbom-full.spdx.json
200-
COPY --from=sbom-generator /sbom-workspace/sbom-full.spdx.txt ./sbom-full.spdx.txt
201-
COPY --from=sbom-generator /sbom-workspace/sbom-full.cyclonedx.json ./sbom-full.cyclonedx.json
202-
COPY --from=sbom-generator /sbom-workspace/sbom-app-only.spdx.json ./sbom-app-only.spdx.json
203-
COPY --from=sbom-generator /sbom-workspace/sbom-app-only.spdx.txt ./sbom-app-only.spdx.txt
204-
COPY --from=sbom-generator /sbom-workspace/sbom-app-only.cyclonedx.json ./sbom-app-only.cyclonedx.json
205-
COPY --from=sbom-generator /sbom-workspace/edge-core-dynamic-deps.txt ./edge-core-dynamic-deps.txt
206-
COPY --from=sbom-generator /sbom-workspace/edge-core-readelf.txt ./edge-core-readelf.txt
207-
COPY --from=sbom-generator /sbom-workspace/edge-core-package-mapping.txt ./edge-core-package-mapping.txt
208-
COPY --from=sbom-generator /sbom-workspace/edge-core-license-analysis.txt ./edge-core-license-analysis.txt
209-
COPY --from=sbom-generator /sbom-workspace/sbom-analysis-report.md ./sbom-analysis-report.md
210-
21123
CMD [ "./build/bin/edge-core", "--http-port", "8080", "--edge-pt-domain-socket", "/tmp/edge.sock" ]
21224

213-
EXPOSE 8080
25+
EXPOSE 8080

0 commit comments

Comments
 (0)