--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@883b9a5c

CI: new machine seco-mx6-fsl, map platform tests to devices

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@151f1cd6

Refactoring: remove redundant if

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/remove-redundant-if/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@872ec6d9

Refactoring: swap if and else branches

Move the main part of the action to the if branch.

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/swap-if-else-branches/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@c058236c

Sourcery: skip a certain suggestion for better readability

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@b9196ae5

Fix typo in comment

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@eba0649d

gitignore: add .vscode and convert line-endings to LF

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@876da56d

Refactoring: merge dictionary assignments

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/merge-dict-assign/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@e8e3ff37

Refactoring: use single assignment for "if, else"

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/assign-if-exp/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@14eaf45a

Refactoring: inline immediately returned variables

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/inline-immediately-returned-variable/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@f9096a52

Refactoring: use "{}" for creating an empty dictionary

This is the most concise and Pythonic way to create a dictionary.

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/dict-literal/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@a3baa39e

Refactoring: use list comprehensions

A list comprehension can create the list on one line, cutting out the
clutter of declaring an empty list and then appending values.

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/list-comprehension/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@52de8d7c

Refactoring: use dictionary comprehensions

A dictionary comprehension can create the dictionary on one line,
cutting out the clutter of declaring an empty dict and then adding
items.

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/dict-comprehension/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@5d09b9de

Refactoring: simplify length comparisons

Something we often do is check whether a list or sequence has elements
before we try and do something with it.

A Pythonic way of doing this is just to use the fact that Python lists
and sequences evaluate to True if they have elements, and False
otherwise.

Doing it this way is a convention, set out in Python's PEP8 style guide.

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/simplify-len-comparison/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@d69521c9

Refactoring: simplify conditional logic

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/de-morgan/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@5c23592f

Refactoring: merge nested if conditions

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/merge-nested-ifs/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@608b8347

Refactoring: remove dictionary keys

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/remove-dict-keys/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@5975bd1f

Sourcery: keep remove-zero-from-range check disabled

IMO explicit declaration of lower and upper limits makes code easier to
read than using an implicit default value.

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/remove-zero-from-range/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@3715f022

Refactoring: use sum() instead of for loop

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/sum-comprehension/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@e355932f

Refactoring: use join() instead of for loop

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/use-join/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@e57fa48a

Refactoring: merge comparisons

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@9406ad75

Yocto build: separate images in multiple pipelines

Instead of building the Yocto image, the Yocto SDK and the FNGSystem
image in one single pipeline, separate them into three independent
pipelines that are triggered in parallel.

This makes the concept more modular: we have a single general pipeline
now which is configurable from outside via variables. Hence we can have
a custom number of pipelines along with custom build targets in each
project without having to make code changes in the gitlab-ci project.

The default Yocto manifest pipeline configures three build pipelines:

- yocto-build-jobs
- sdk-build-jobs
- fngsystem-build-jobs

In a project including the Yocto manifest pipeline, we can disable
certain build pipelines using job rules, e.g. disabling the SDK build:

sdk-build-jobs:
  rules:
    - when: never

Furthermore we can add more pipelines by simply adding jobs extending
the '.build-jobs' class in the project's .gitlab-ci.yml:

yocto-custom-build-jobs:
  extends:
    - .build-jobs
  variables:
    BITBAKE_TASK: build
    CI_PARAM_IMAGE: custom-image
    CI_PARAM_DISTRO: custom-distro
    PACKAGE_TYPE: image

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@447804d2

.gitlab-ci: increase analyze timeout

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@5762a54c

Yocto build: unify image and SDK package jobs

Image and SDK package jobs call the same package script just with
different arguments. Instead of having two job classes `package_release`
and `package_sdk` for these two tasks, merge them into the base class
`package` and make the differences configurable via a variable
`PACKAGE_TYPE`.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@8e72eac2

Yocto build: add variable for manual builds

Instead of hard-coding the rules for manual builds in each actual job,
conditionally add this to the `buildbase` class and add a variable
`MANUAL_BUILD` to the according jobs.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@e6d71996

Yocto build: unify image and SDK build jobs

Image and SDK builds share a lot of similar code. Instead of having two
job classes `build_yocto_image` and `build_yocto_sdk` for these two
tasks, merge them into the base class `build_yocto` and make the
differences configurable via a variable.

The `dump_install_command` part of the script, which was not executed
for SDK builds, is always present now, but it's only executed if the
`INSTALLSCRIPT` variable is set, which is not the case for SDK builds.

The `collect_srcrevs` part of the script is executed in all cases. It
was not part of the SDK build before, but it's not less relevant there.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@f892500f

Yocto build: make main artifacts path configurable

Instead of specifying all possible artifacts paths and abusing the fact
that GitLab ignores non-existing paths during artifact upload, implement
a cleaner solution with a configurable path.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@c227e053

Yocto build: use common artifact pathspec for image and SDK builds

This is the first step on the way to a common pipeline for all build
configurations.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@fa2766e6

README: review documentation for adding new project

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@c027f42b

README: use consistent heading style

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@f8bf107b

Sourcery: keep min-max-identity check disabled

IMO code is easier to read without the proposed change:
https://docs.sourcery.ai/Reference/Python/Default-Rules/min-max-identity/

Move the disabled check to the top of the list and add a comment that
all the checks below need to be verified.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@01484573

Refactoring: replace if-expression with or

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/or-if-exp-identity/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@ccdac3d5

Sourcery: enable more passing checks

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@d5908ee5

Refactoring: remove needless str() from print()

See for reference:
https://docs.sourcery.ai/Reference/Python/Default-Rules/remove-str-from-print/

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@479861fb

Sourcery: enable passing checks

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@7c87d4d1

Sourcery: skip use-assigned-variable

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@26591c0b

Refactoring: use datetime.now() instead of datetime.today()

now() is officially preferred over today() according to the docs.
See for reference:

https://docs.sourcery.ai/Reference/Python/Default-Rules/use-datetime-now-not-today/
https://docs.python.org/3/library/datetime.html#datetime.datetime.now

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@414ebe6d

Add python code analysis via sourcery

Disable all checks which do not pass currently. These should be enabled
in the future along with a code refactoring to make them pass.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@df817ecf

README: Add howto to create a new project.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@31e5a427

CI: package: Increase timeout to 90

We had timeouts during the upload of the artifacts
so I increase it to 90 minutes.

If set to 1, all objects, which are handled by Secure chip except for
predefined ones, are deleted when a client application starts.
This breaks the logic of existing example, and functions "getbinkey",
"erasekey", and "decryptaes" start to fail because a requested key is
already removed when ex_sss_entry() is called.

--

Commit: seco-ne/yocto/infrastructure/gitlab-ci@23680f48

Fix check for branch protection state

Since the changes of 939ade2b9f98b3e1569332270a7ab16ce7d70b4a we observe
that pipelines are executed on non-protected branches, which is not what
we want.

GitLab's documentation was a bit unclear on the according CI variables
CI_COMMIT_REF_PROTECTED and CI_MERGE_REQUEST_TARGET_BRANCH_PROTECTED, as
stated in this stack overflow answer:
https://stackoverflow.com/a/59023344/3018229

We need to explicitly check for the variable values to be "true" instead
of just checking whether they are set.

New functions:
* setaeskey: Read text file and inject key with aes policies
* decryptaes: Use a aes key stored in the SE to decrypt a given input file

Limitations:
* The decryption can only handle input files smaller or equal 512 bytes
* The decryptaes function can not handle salted input files
* The address issue is still present (see previous commit)

The example is only intended to show the se05x API usage and has multiple
security issues. Therefore, do not use this example in productive cases.

The app provides the functions to:
1. setkey: Read text file and inject a key at a specified address
2. getkey: Read out key from a specified address and write it to a file
3. erasekey: Erase a key at a specific address

At the moment, it is not possible to use all adresses of the SE. This is
due to failing get_handle requests on some adresses. It looks like
this is a problem of the build configuration, as the get_handle requests
work when using the yocto default configuration of the full package.