From b2d5c0ddf64e6cc2cb30ffedc6191f70fe57ed27 Mon Sep 17 00:00:00 2001 From: David Vincze Date: Tue, 21 Oct 2025 14:08:02 +0000 Subject: [PATCH] ci: Update FIH docker to Ubuntu Plucky (25.04) This distribution includes a newer version (14.2) of the GNU Arm toolchain. Use Python virtual environment for package installation since system-wide installation is now disallowed by default settings. Bump the Docker image version to 0.0.4 to start using the updated image. Update FIH tests to reference and work with a recent Trusted Firmware-M (TF-M) version. Change-Id: Iea583fca586b54a2c984c04164289603313c81d7 Signed-off-by: David Vincze --- ci/fih-tests_config.sh | 4 +++- ci/fih-tests_run.sh | 2 +- ci/fih_test_docker/docker-build/Dockerfile | 24 ++++++++++++++-------- ci/fih_test_docker/execute_test.sh | 9 +++++++- 4 files changed, 27 insertions(+), 12 deletions(-) diff --git a/ci/fih-tests_config.sh b/ci/fih-tests_config.sh index d3482785a8..6c7c18b9ed 100644 --- a/ci/fih-tests_config.sh +++ b/ci/fih-tests_config.sh @@ -6,10 +6,12 @@ # Copyright (c) 2025 Arm Limited # -FIH_IMAGE_VERSION=0.0.3 +FIH_IMAGE_VERSION=0.0.4 FIH_IMAGE_NAME=mcuboot-fih-test FIH_IMAGE=$FIH_IMAGE_NAME:$FIH_IMAGE_VERSION CONTAINER_REGISTRY=ghcr.io/mcu-tools + +TFM_TAG=ef7e8f34b48100c9ab0d169980e84d37d6b3c8b9 diff --git a/ci/fih-tests_run.sh b/ci/fih-tests_run.sh index 64d9b6ccb8..8138ce462b 100755 --- a/ci/fih-tests_run.sh +++ b/ci/fih-tests_run.sh @@ -23,7 +23,7 @@ source $(dirname "$0")/fih-tests_config.sh pushd .. git clone https://github.com/mcu-tools/trusted-firmware-m pushd trusted-firmware-m -git checkout eb8ff0db7d657b77abcd0262d5bf7f38eb1e1cdc +git checkout $TFM_TAG source lib/ext/tf-m-tests/version.txt popd git clone https://github.com/mcu-tools/tf-m-tests.git diff --git a/ci/fih_test_docker/docker-build/Dockerfile b/ci/fih_test_docker/docker-build/Dockerfile index e8f917445d..7760bef653 100644 --- a/ci/fih_test_docker/docker-build/Dockerfile +++ b/ci/fih_test_docker/docker-build/Dockerfile @@ -1,4 +1,4 @@ -# Copyright (c) 2020 Arm Limited +# Copyright (c) 2020-2025 Arm Limited # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM ubuntu:jammy +FROM ubuntu:plucky # Get dependencies for retrieving and building TF-M with MCUBoot, and QEMU. RUN apt-get update && \ @@ -23,23 +23,29 @@ RUN apt-get update && \ gcc-arm-none-eabi \ gdb-multiarch \ git \ - libncurses5 \ + libncurses6 \ python3 \ python3-pip \ + python3-venv \ qemu-system-arm \ file &&\ apt-get clean all -# Installing python packages -RUN python3 -m pip install \ +# Add tfm work directory +WORKDIR /root/work + +# Get rid of spurious git ownership errors +RUN git config --global --add safe.directory '*' + +# Create Python virtual environment since PEP 668 protection is present +RUN python3 -m venv .venv + +# Activate Python environment and install Python packages +RUN . .venv/bin/activate && python3 -m pip install \ imgtool>=1.9.0 \ Jinja2>=2.10.3 \ PyYAML \ pyasn1 -# Add tfm work directory && get rid of spurious git ownership errors -RUN mkdir -p /root/work/tfm &&\ - git config --global --add safe.directory '*' - # run the command CMD ["bash"] diff --git a/ci/fih_test_docker/execute_test.sh b/ci/fih_test_docker/execute_test.sh index cc67d846ad..18c101a236 100755 --- a/ci/fih_test_docker/execute_test.sh +++ b/ci/fih_test_docker/execute_test.sh @@ -1,6 +1,6 @@ #!/bin/bash -x -# Copyright (c) 2020-2023 Arm Limited +# Copyright (c) 2020-2025 Arm Limited # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,13 @@ set -e source $(dirname "$0")/paths.sh +# Activate Python virtual environment +source $WORK_PATH/../.venv/bin/activate + +# Required for git am to apply patches under TF-M +git config --global user.email "docker@fih-test.com" +git config --global user.name "docker fih-test" + SKIP_SIZE=$1 BUILD_TYPE=$2 DAMAGE_TYPE=$3