From nobody Mon Feb 17 14:47:27 2025 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxQVl4dXSz5nkMJ for ; Mon, 17 Feb 2025 14:47:43 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YxQVk5wLzz47Zc for ; Mon, 17 Feb 2025 14:47:42 +0000 (UTC) (envelope-from tomek@cedro.info) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=MxcRLTOL; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::112b) smtp.mailfrom=tomek@cedro.info Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-6f768e9be1aso44055797b3.0 for ; Mon, 17 Feb 2025 06:47:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; t=1739803661; x=1740408461; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=iZ7dcdr5KRC512qdkHSCv2eNyo/UHohZd8Rkjojl61Y=; b=MxcRLTOL8wzhZi5kRSPogAYO+1dHF7XoyB7xXIQuPCVQA/gyx3tNxlaDlXG+yhId6J awQ2B0IuUTP6ezns9oG+lmFujRohmfd4qlxD8Pjk820jJACyP3QWk4hTdp9CI4h2Tpuh ggSVnB6n1hTmr9WlABffVIxnS+CfiDqmZegZKu6pFMKbXTDXifVEFkVV868OTJjr6Go7 FewtvEv1B17Zu/don4QPcKRvCx8mE2IznXuzgqZU3/hNZBq0BBLiF0FIMn360yz1dFMt ymTRQRk8imzWRHj7XJhXZJDep89Slx02V6DDKodf7HLAkVhZCdWX5IBIqb5z+4JCaVXm r/PA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739803661; x=1740408461; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=iZ7dcdr5KRC512qdkHSCv2eNyo/UHohZd8Rkjojl61Y=; b=mc2/oPZDAnCnn0TybmaTr1Aqs8ImfUtEN0VKTneUptglZSrR0ESFkPg8yxGvbRpNE5 +c2xlNQfDQvXJRgoBLzL8x5FTZqf7bds59KrJpKyZo+LBWe1AK8suYowYp2slc81IRaA F/lpK6Muev/psUPjLTsL/vAsKsQ/KnKCZxQZjSZEHlCrtxb9u+WlDhVX48mh23wyNmKh x9JbjY7SSQDANMqdBXNXGxDcteQs243mLWKbxPPKQ7iFstc1brv8SnriDApiLy1nUotY 7yhEwvWmIjH1DbpB7zPygzRJtt+OrqzFk+Lo+ULAAFNjMxuIMVkAvcsyI71HCiDKlykk DH4g== X-Forwarded-Encrypted: i=1; AJvYcCXVNf1dbGBBEMaKACDXwCY/ammCBqXr+YVBJe867iqYEhNDJMMgFeTTTurN+Da2UOBcpzVCTcBs+BRb0K8ax6ew@freebsd.org X-Gm-Message-State: AOJu0YxAITDWmPu0kXXKbgVZqGkOjm1p2+rDxyQ8GIrLjXSSRvwE5yG2 e92BVQuuhNmYnQbTEXmlG9IlsKeR1Y8akDO7q8/0BXCP7BQjk2XtX7TtffEXHWTVQ9iQeU8h3qs = X-Gm-Gg: ASbGncvcNEjpw1IA1FFQ8wQg7ZCsIdPR+LtkHDomB/UbHPOzgtbHRWJyv+3YTdog4tr 86WX0fWl60MB6lFHoZdLGuuzWSM059rmrauZ9aXHgAsR1JTu43hKXw1f/exEJ18LK6jmVJTvAiO nDkRnjBF52qv9ntf+a+kmHI/iIEs/kuhC2OpOpF3QwKOD4uHtsWLPPUs6tULreeOERo3d7dwtzT ci0C50HGVU4tqasLVB6UEVVkIGELrQxYcQtN/7FElAbqWHNtHd9l/oNJ7ZbT3x2/2B3i9yQnj4S s9AoyTCDdlPoom9UPRKD6JVE2EcN4Sx2YBAoayQFNHcfcfp86PVO X-Google-Smtp-Source: AGHT+IG0bKr1hAZwx7qba3VMBPIp7bdR/MSoolCfEH842CveLjyZEgNaEKJzt/+wnHRwsvNO3sIrWg== X-Received: by 2002:a05:690c:6f03:b0:6fb:5d74:959d with SMTP id 00721157ae682-6fb5d74a0f8mr63017137b3.1.1739803660863; Mon, 17 Feb 2025 06:47:40 -0800 (PST) Received: from mail-yw1-f177.google.com (mail-yw1-f177.google.com. [209.85.128.177]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6fb3609fa86sm21100407b3.60.2025.02.17.06.47.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 17 Feb 2025 06:47:40 -0800 (PST) Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-6f768e9be1aso44055647b3.0; Mon, 17 Feb 2025 06:47:40 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCVjbNG6x//uJx4vK3LD6AhWALJM65Gzj3qMoDF/rLDdpJx/WQEF8PKy6M06YkLjmvcYvsvTXC5nuA==@freebsd.org, AJvYcCXydCveY6/iMnaq9HlMe9ifE87yeTo1jfoKUrePdI0HnToiSYwbONBSIlENwEUI2L+Yvc07GIdbAbvYdeVG4xE3Ug==@freebsd.org, AJvYcCXzVvUGYkMe6lxE/jGGuLWB0GzLYlKup7gBxlSUKbq7n2fehONNDKHeCJPFpxDhJ9PTe30fnSD3EGbJseQixuc=@freebsd.org X-Received: by 2002:a05:6902:10cb:b0:e5b:33c2:5a03 with SMTP id 3f1490d57ef6-e5daa4a56fdmr14360004276.9.1739803659634; Mon, 17 Feb 2025 06:47:39 -0800 (PST) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 From: Tomek CEDRO Date: Mon, 17 Feb 2025 15:47:27 +0100 X-Gmail-Original-Message-ID: X-Gm-Features: AWEUYZltebXDvb3Uq9_xZ6i-18SgCcA8enslud0fLRfNZ9Hc1EZjwzr9wIAD1wQ Message-ID: Subject: real world hardware testing ci To: freebsd-questions , freebsd-hackers , FreeBSD Current , freebsd-security Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_SPF_NA(0.00)[no SPF record]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MIME_TRACE(0.00)[0:+]; MISSING_XM_UA(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::112b:from,209.85.128.177:received]; DMARC_NA(0.00)[cedro.info]; TO_DN_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[cedro.info:+] X-Rspamd-Queue-Id: 4YxQVk5wLzz47Zc X-Spamd-Bar: --- Hello world :-) Sorry for cross posting but I just need short quick info :-) I am writing a paper and designing distributed real world hardware build and runtime verification for NuttX RTOS, kinda in-house what you have CI automation to complement build only CI. There are over 15 different supported architectures on 340 different boards and around 1500 different existing configurations at this point so changing one thing may impact others. Recently it turned out not only changing one place impacts others in build but also runtime validation needs better tools as qemu did not reveal real world hardware problems (i.e. registers alignment). I am using FreeBSD as the build host. Did setup laptop and rpi-0-2W as the test node workers for the prototype. For the paper I am searching for references and current state of the art in similar solutions. I know FreeBSD is CI tested on VM/QEmu. But question is do we have this kind of real world hardware testing in place? :-) Also hints / references on how to setup one-time-use Jails per build and runtime process that would execute untrusted code and scripts are welcome. I know Ports prohibits connectivity after fetch phase.. unfortunately in NuttX some components are fetched during build right now and we are searching for some solutions :-P Any hints appreciated :-) Tomek -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info