@@ -139,3 +139,195 @@ jobs:
139139 bootupctl backend generate-update-metadata -vvv
140140 cat ${updates}/EFI.json | jq
141141 '
142+
143+ name : Test install after extend-payload
144+ run : |
145+ set -xeuo pipefail
146+ sudo truncate -s 5G myimage-extend.raw
147+ sudo podman run --rm --privileged -v .:/target --pid=host --security-opt label=disable \
148+ -v /var/lib/containers:/var/lib/containers \
149+ -v /dev:/dev \
150+ localhost/bootupd:latest bash -c '
151+ # Create test firmware directory and files
152+ mkdir -p /usr/share/uboot/rpi/overlays
153+ echo "test uboot binary content" > /usr/share/uboot/rpi/u-boot.bin
154+ echo "i2c device tree overlay" > /usr/share/uboot/rpi/overlays/i2c.dtb
155+
156+ # Create a fake RPM database for testing
157+ mkdir -p /usr/lib/sysimage/rpm
158+ echo "fake rpm database" > /usr/lib/sysimage/rpm/Packages
159+
160+ # Create mock rpm script using a here-document for clarity
161+ cat << '"'EOT'"' > /usr/local/bin/rpm
162+ #!/bin/bash
163+ if [[ "$*" == *"-q"* ]] && [[ "$*" == *"-f"* ]]; then
164+ echo "uboot-images-2023.04-2.fc42.noarch,1681234567"
165+ exit 0
166+ fi
167+ exec /usr/bin/rpm.orig "$@"
168+ EOT
169+
170+ # Backup original rpm and make our mock executable
171+ cp /usr/bin/rpm /usr/bin/rpm.orig
172+ chmod +x /usr/local/bin/rpm
173+ export PATH="/usr/local/bin:$PATH"
174+
175+ # Run extend-payload-to-esp first
176+ bootupctl backend extend-payload-to-esp /usr/share/uboot/rpi
177+
178+ # Verify firmware was extended correctly
179+ test -d /usr/lib/efi/firmware || { echo "firmware directory not created"; exit 1; }
180+ firmware_ver_dir=$(find /usr/lib/efi/firmware -name "*2023.04*" -type d | head -1)
181+ test -n "${firmware_ver_dir}" || { echo "firmware version directory not found"; exit 1; }
182+ test -f "${firmware_ver_dir}/EFI/u-boot.bin" || { echo "u-boot.bin not copied"; exit 1; }
183+ echo "✓ extend-payload completed successfully"
184+ # Now test install to disk with extended firmware
185+ bootc install to-disk --skip-fetch-check \
186+ --disable-selinux --generic-image --via-loopback /target/myimage-extend.raw
187+ '
188+
189+ # Verify firmware files were installed to ESP
190+ sudo losetup -P -f myimage-extend.raw
191+ device=$(losetup -a myimage-extend.raw --output NAME -n)
192+ esp_part=$(sudo sfdisk -l -J "${device}" | jq -r '.partitiontable.partitions[] | select(.type == "C12A7328-F81F-11D2-BA4B-00A0C93EC93B").node')
193+ sudo mount "${esp_part}" /mnt/
194+
195+ # Check that firmware files were copied to ESP during install
196+ if sudo test -f /mnt/u-boot.bin; then
197+ sudo grep -q "test uboot binary content" /mnt/u-boot.bin || { echo "u-boot.bin content incorrect on ESP"; exit 1; }
198+ echo "✓ Firmware files correctly installed to ESP"
199+ else
200+ echo "Note: u-boot.bin not found on ESP (firmware install integration may need work)"
201+ fi
202+
203+ sudo umount /mnt
204+ sudo losetup -D "${device}"
205+ sudo rm -f myimage-extend.raw
206+
207+ name : Test update after extend-payload
208+ run : |
209+ set -xeuo pipefail
210+ sudo truncate -s 5G myimage-update.raw
211+ sudo podman run --rm --privileged -v .:/target --pid=host --security-opt label=disable \
212+ -v /var/lib/containers:/var/lib/containers \
213+ -v /dev:/dev \
214+ localhost/bootupd:latest bash -c '
215+ # Create initial test firmware directory and files
216+ mkdir -p /usr/share/uboot/rpi/overlays
217+ echo "initial uboot binary content v1.0" > /usr/share/uboot/rpi/u-boot.bin
218+ echo "initial i2c device tree overlay" > /usr/share/uboot/rpi/overlays/i2c.dtb
219+
220+ # Create a fake RPM database for testing
221+ mkdir -p /usr/lib/sysimage/rpm
222+ echo "fake rpm database" > /usr/lib/sysimage/rpm/Packages
223+
224+ # Create mock rpm script that returns initial package data
225+ cat << '"'EOT'"' > /usr/local/bin/rpm
226+ #!/bin/bash
227+ if [[ "$*" == *"-q"* ]] && [[ "$*" == *"-f"* ]]; then
228+ echo "uboot-images-2023.04-1.fc42.noarch,1681234567"
229+ exit 0
230+ fi
231+ exec /usr/bin/rpm.orig "$@"
232+ EOT
233+
234+ # Backup original rpm and make our mock executable
235+ cp /usr/bin/rpm /usr/bin/rpm.orig
236+ chmod +x /usr/local/bin/rpm
237+ export PATH="/usr/local/bin:$PATH"
238+
239+ # Run initial extend-payload-to-esp
240+ bootupctl backend extend-payload-to-esp /usr/share/uboot/rpi
241+
242+ # Verify initial firmware was extended correctly
243+ test -d /usr/lib/efi/firmware || { echo "firmware directory not created"; exit 1; }
244+ firmware_ver_dir=$(find /usr/lib/efi/firmware -name "*2023.04-1*" -type d | head -1)
245+ test -n "${firmware_ver_dir}" || { echo "initial firmware version directory not found"; exit 1; }
246+ test -f "${firmware_ver_dir}/EFI/u-boot.bin" || { echo "initial u-boot.bin not copied"; exit 1; }
247+ grep -q "initial uboot binary content v1.0" "${firmware_ver_dir}/EFI/u-boot.bin"
248+ echo "✓ initial extend-payload completed successfully"
249+
250+ # Install to disk with initial firmware
251+ bootc install to-disk --skip-fetch-check \
252+ --disable-selinux --generic-image --via-loopback /target/myimage-update.raw
253+
254+ # Now simulate a firmware update by creating new firmware files
255+ echo "updated uboot binary content v2.0" > /usr/share/uboot/rpi/u-boot.bin
256+ echo "updated i2c device tree overlay" > /usr/share/uboot/rpi/overlays/i2c.dtb
257+ echo "new overlay for v2" > /usr/share/uboot/rpi/overlays/spi.dtb
258+
259+ # Update mock rpm to return new version
260+ cat << '"'EOT'"' > /usr/local/bin/rpm
261+ #!/bin/bash
262+ if [[ "$*" == *"-q"* ]] && [[ "$*" == *"-f"* ]]; then
263+ echo "uboot-images-2023.04-2.fc42.noarch,1681234999"
264+ exit 0
265+ fi
266+ exec /usr/bin/rpm.orig "$@"
267+ EOT
268+
269+ # Run updated extend-payload-to-esp
270+ bootupctl backend extend-payload-to-esp /usr/share/uboot/rpi
271+
272+ # Verify updated firmware was extended correctly (only v2.0 should exist now)
273+ updated_firmware_ver_dir=$(find /usr/lib/efi/firmware -name "*2023.04-2*" -type d | head -1)
274+ test -n "${updated_firmware_ver_dir}" || { echo "updated firmware version directory not found"; exit 1; }
275+ test -f "${updated_firmware_ver_dir}/EFI/u-boot.bin" || { echo "updated u-boot.bin not copied"; exit 1; }
276+ grep -q "updated uboot binary content v2.0" "${updated_firmware_ver_dir}/EFI/u-boot.bin"
277+ test -f "${updated_firmware_ver_dir}/EFI/overlays/spi.dtb" || { echo "new spi.dtb not copied"; exit 1; }
278+
279+ # Verify old version (2023.04-1) was removed
280+ old_firmware_ver_dir=$(find /usr/lib/efi/firmware -name "*2023.04-1*" -type d | head -1)
281+ test -z "${old_firmware_ver_dir}" || { echo "old firmware version should have been removed but still exists: ${old_firmware_ver_dir}"; exit 1; }
282+
283+ echo "✓ updated extend-payload completed successfully (old version cleaned up)"
284+
285+ # Run bootupctl update to apply the updated firmware to ESP
286+ bootupctl update
287+ echo "✓ bootupctl update completed successfully"
288+ '
289+
290+ # Verify updated firmware files were applied to ESP
291+ sudo losetup -P -f myimage-update.raw
292+ device=$(losetup -a myimage-update.raw --output NAME -n)
293+ esp_part=$(sudo sfdisk -l -J "${device}" | jq -r '.partitiontable.partitions[] | select(.type == "C12A7328-F81F-11D2-BA4B-00A0C93EC93B").node')
294+ sudo mount "${esp_part}" /mnt/
295+
296+ # Check that updated firmware files were applied to ESP during update
297+ if sudo test -f /mnt/u-boot.bin; then
298+ sudo grep -q "updated uboot binary content v2.0" /mnt/u-boot.bin || { echo "u-boot.bin was not updated on ESP"; exit 1; }
299+ echo "✓ Updated firmware files correctly applied to ESP"
300+ else
301+ echo "Warning: u-boot.bin not found on ESP after update"
302+ exit 1
303+ fi
304+
305+ # Check that new overlay file was also copied
306+ if sudo test -f /mnt/overlays/spi.dtb; then
307+ sudo grep -q "new overlay for v2" /mnt/overlays/spi.dtb || { echo "spi.dtb content incorrect on ESP"; exit 1; }
308+ echo "✓ New overlay files correctly applied to ESP"
309+ else
310+ echo "Warning: new spi.dtb not found on ESP after update"
311+ fi
312+
313+ # Verify checksums and state integrity
314+ echo "🔍 Validating firmware checksums and state integrity..."
315+ sudo podman run --rm --privileged -v .:/target --pid=host --security-opt label=disable \
316+ -v /var/lib/containers:/var/lib/containers \
317+ -v /dev:/dev \
318+ localhost/bootupd:latest bash -c '
319+ # Run bootupctl validate to check all checksums
320+ bootupctl validate || { echo "bootupctl validate failed - checksum mismatch detected"; exit 1; }
321+ echo "✓ All file checksums validated successfully"
322+
323+ # Check that bootupd-state.json reflects the updated firmware
324+ if test -f /boot/bootupd-state.json; then
325+ # Verify firmware is tracked in state
326+ jq -e ".installed.EFI.firmware.uboot" /boot/bootupd-state.json >/dev/null || { echo "Updated firmware not found in bootupd-state.json"; exit 1; }
327+ echo "✓ Updated firmware properly tracked in bootupd-state.json"
328+ fi
329+ '
330+
331+ sudo umount /mnt
332+ sudo losetup -D "${device}"
333+ sudo rm -f myimage-update.raw
0 commit comments