Xen project Mailing List

Re: [PATCH 1/5] CI: Adjust test needs[] to ensure binaries/ is non-root

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: "Orzel, Michal" <michal.orzel@xxxxxxx>

Date: Mon, 11 May 2026 08:16:54 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=citrix.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xB6YnHqIy3x5v/O1+TImmWizAfouAcAAeyLqOsoTeRM=; b=C19g/grNSg3q9r49IQyDpTKOYQdKIsQU8NXmz/LIPPAhgcsyrFSWEzGbbOKU5lWKNc0buSr5BaoizrRaU0hx1Wib6pjPdqgfDc6NtjqFgacrRjqHMAV5VYpHAkT43n27DKoryO0rE/EgHB+TQnD+FhsJt6lew3yZKWDEu1waseX0PuNcvvYTEvGMYmMQAfxs8aiAzuQaS4bfVo6NpsSAgt+k+WzL13TQ0OD4aKHfZK1NY9J2HMUdxjg9iFayEZWhThSeK0fYbx7YHl3HGkID+F+wKTMjvt08ZqoNn9c4i4AheOKGneaI1JpIbejgrK0wcqlUnMu/j/eQdbWmBvFTzA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TGPB9o+nUFjsuTGvX5kL9wnB7bVn4FyEncTmTmQ5LqTQw1dSjX88Jm4SVI4v9eRR9dYgDJ9J185I0wDvQ2RGlZWEjH0tV+WyJAghVuXLIkzw7JKd81hSe57bNv57TVF7HgEavZic1eDybJPC0PS8aJgNrJl5S8v5yHTHM5HtKqwkmsNcXAvoXoUssQqnmwokxngKJl2MhpRRG+ApJagCZmgFTvEeGy8ASofzl3r+ptjGFmAcuFUCRlb6V8jtxgxSnRW48/ntiOI4BjnHPC4MQMhR094WcFTS9uojFSUgAzih7egAdUmOmQ4X/+Q2t1s9zcyKP11qqrqFugHOWovuLw==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"

Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>

Delivery-date: Mon, 11 May 2026 06:17:28 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 08-May-26 23:29, Andrew Cooper wrote: > The binaries/ directory is a composition from the artefacts, and also used as > a working directory for most of the tests. If the very first artefact is from > a root container, then the test must also be a root container to use it as a > working directory. > > For arm64, the existing linux-arm64 artefact suffices. For arm32, pull in the > microcode-x86 artefact as it's the smallest available. This bodge can be > removed when all build containers have become non-root. > > For the qemu-xtf-dom0less-arm64-*-xen-version jobs, use *arm64-test-needs > ahead of alpine-3.18-gcc-* (as it's a root container), and to deduplicate > the *-export dependency. > > This will allow us to change containers to being non-root one at a time, > rather than all in one go. > > No functional change. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > --- > CC: Anthony PERARD <anthony.perard@xxxxxxxxxx> > CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > CC: Michal Orzel <michal.orzel@xxxxxxx> > CC: Doug Goldstein <cardoe@xxxxxxxxxx> > > We should also stop using binaries/ as a working directory for the tests, but > that gets very complicated very quickly and I don't have time to do it at this > juncture. > --- > automation/gitlab-ci/test.yaml | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/automation/gitlab-ci/test.yaml b/automation/gitlab-ci/test.yaml > index 8770c523e228..517af1732437 100644 > --- a/automation/gitlab-ci/test.yaml > +++ b/automation/gitlab-ci/test.yaml > @@ -15,6 +15,12 @@ > - qemu-system-aarch64-6.0.0-arm64-export > > .arm32-test-needs: &arm32-test-needs > + # Bodge to ensure binaries/ is non-root. Can be any artefact which comes > + # from a non-root container, and microcode-x86 is the smallest. Remove > when > + # all build containers have become non-root. > + - project: $ARTIFACTS_REPO > + job: microcode-x86 > + ref: $ARTIFACTS_BRANCH I don't see it being removed in this series even though the containers are non-root. > - qemu-system-aarch64-6.0.0-arm32-export > > .x86-64-test-needs: &x86-64-test-needs > @@ -569,16 +575,16 @@ qemu-xtf-dom0less-arm64-gcc-hyp-xen-version: > script: > - ./automation/scripts/qemu-xtf.sh arm64 mmu64le hyp-xen-version 2>&1 | > tee ${LOGFILE} > needs: > + - *arm64-test-needs This also pulls in Linux image and rootfs which XTF tests don't need. I think it's much better for a test to list the actual list of its dependencies. Otherwise you are asking user/developer to dig into the yaml. ~Michal > - alpine-3.18-gcc-arm64 > - - qemu-system-aarch64-6.0.0-arm64-export > > qemu-xtf-dom0less-arm64-gcc-debug-hyp-xen-version: > extends: .qemu-arm64 > script: > - ./automation/scripts/qemu-xtf.sh arm64 mmu64le hyp-xen-version 2>&1 | > tee ${LOGFILE} > needs: > + - *arm64-test-needs > - alpine-3.18-gcc-debug-arm64 > - - qemu-system-aarch64-6.0.0-arm64-export > > qemu-smoke-dom0-arm32-gcc: > extends: .qemu-arm32

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.