From a45586cf13a888e34d5b2d993c0896af9ef2b28e Mon Sep 17 00:00:00 2001
From: puzzlewolf <mail@nora.pink>
Date: Fri, 17 Dec 2021 16:21:21 +0100
Subject: [PATCH] Use ykneo/smartpgp builddeps images for virtual Java Card
 tests. Remove unnecessary dockerfiles and run.sh. Make hardware-builddeps
 image to run hardware card tests on. Add license header and cleanup.

---
 .gitlab-ci.yml                                | 173 +++++++-----------
 .../docker/Dockerfile.cardtest.smartpgp       |  27 ---
 .../docker/Dockerfile.cardtest.ykneo          |  27 ---
 .../docker/Dockerfile.hardware-builddeps      |   9 +
 card-functionality/docker/run.sh              |  13 --
 5 files changed, 72 insertions(+), 177 deletions(-)
 delete mode 100644 card-functionality/docker/Dockerfile.cardtest.smartpgp
 delete mode 100644 card-functionality/docker/Dockerfile.cardtest.ykneo
 create mode 100644 card-functionality/docker/Dockerfile.hardware-builddeps
 delete mode 100644 card-functionality/docker/run.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4d2090b..91a8b19 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,13 +1,14 @@
 # SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-FileCopyrightText: 2021 Nora Widdecke <mail@nora.pink>
 # SPDX-License-Identifier: CC0-1.0
 
 stages:
-  - lint
-  - test
-  - virtual-build
-  - virtual-test
+  - hw-builddeps
   - hw-import
   - hw-keygen
+  - lint
+  - test
+  - virtual-test
 
 reuse:
   stage: lint
@@ -46,126 +47,78 @@ cargo-test-debian-stable:
   script:
     - cargo test
 
-build_cardtest_smartpgp:
-  stage: virtual-build
-  image: docker:stable
-
+run_cardtest_smartpgp:
+  stage: virtual-test
+  image: registry.gitlab.com/hkos/openpgp-card-images/smartpgp-builddeps
+  script:
+    - /etc/init.d/pcscd start
+    - su - -c "sh /home/jcardsim/run-card.sh" jcardsim
+    - cd card-functionality
+    - cargo run --bin import -- $CONFIG
+    - cargo run --bin keygen -- $CONFIG
   variables:
-    IMAGE_LATEST: $CI_REGISTRY_IMAGE/cardtest-smartpgp:latest
-    IMAGE_SHA: $CI_REGISTRY_IMAGE/cardtest-smartpgp:$CI_COMMIT_SHA
+    CONFIG: "docker/test-smartpgp.toml"
+
+run_cardtest_ykneo:
+  stage: virtual-test
+  image: registry.gitlab.com/hkos/openpgp-card-images/ykneo-builddeps
+  script:
+    - /etc/init.d/pcscd start
+    - su - -c "sh /home/jcardsim/run-card.sh" jcardsim
+    - cd card-functionality
+    - cargo run --bin import -- $CONFIG
+    - cargo run --bin keygen -- $CONFIG
+  variables:
+    CONFIG: "docker/test-ykneo.toml"
+
+hardware-builddeps:
+  stage: hw-builddeps
+  needs: []
+  image: docker:stable
   services:
-    - docker:stable-dind
+    - docker:dind
   before_script:
     - docker info
     - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
   script:
     - docker pull $IMAGE_LATEST || true
-    - docker build -f card-functionality/docker/Dockerfile.cardtest.smartpgp -t $IMAGE_SHA -t $IMAGE_LATEST .
+    - docker build --cache-from $IMAGE_LATEST --file=$DOCKERFILE -t $IMAGE_LATEST -t $IMAGE_SHA .
     - docker push $IMAGE_SHA
     - docker push $IMAGE_LATEST
-  needs: []
-
-build_cardtest_ykneo:
-  stage: virtual-build
-  image: docker:stable
-
+  only:
+    changes:
+      - card-functionality/docker/Dockerfile.hardware-builddeps
+      - .gitlab-ci.yml
   variables:
-    IMAGE_LATEST: $CI_REGISTRY_IMAGE/cardtest-ykneo:latest
-    IMAGE_SHA: $CI_REGISTRY_IMAGE/cardtest-ykneo:$CI_COMMIT_SHA
-  services:
-    - docker:stable-dind
-  before_script:
-    - docker info
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    IMAGE_LATEST: $CI_REGISTRY_IMAGE/hardware-builddeps:latest
+    IMAGE_SHA: $CI_REGISTRY_IMAGE/hardware-builddeps:$CI_COMMIT_SHA
+    DOCKERFILE: card-functionality/docker/Dockerfile.hardware-builddeps
+
+.hw-test-template:
+  image: registry.gitlab.com/hkos/openpgp-card/hardware-builddeps
+  tags:
+    - card
+  parallel:
+    matrix:
+      - CONFIG:
+          - "ci/basic-2_1.toml"
+          - "ci/nitro-pro1.toml"
+          - "ci/nitro-pro2.toml"
+          - "ci/nitro-start.toml"
   script:
-    - docker pull $IMAGE_LATEST || true
-    - docker build -f card-functionality/docker/Dockerfile.cardtest.ykneo -t $IMAGE_SHA -t $IMAGE_LATEST .
-    - docker push $IMAGE_SHA
-    - docker push $IMAGE_LATEST
-  needs: []
-
-run_cardtest_smartpgp_import:
-  stage: virtual-test
-  image: registry.gitlab.com/hkos/openpgp-card/cardtest-smartpgp
-
-  script:
-    - cd /
-    - sh run.sh import
-  needs: ["build_cardtest_smartpgp"]
-
-run_cardtest_smartpgp_keygen:
-  stage: virtual-test
-  image: registry.gitlab.com/hkos/openpgp-card/cardtest-smartpgp
-
-  script:
-    - cd /
-    - sh run.sh keygen
-
-  # run after import test - running tests in parallel on the same card fails
-  needs: ["run_cardtest_smartpgp_import"]
-
-run_cardtest_ykneo_import:
-  stage: virtual-test
-  image: registry.gitlab.com/hkos/openpgp-card/cardtest-ykneo
-
-  script:
-    - cd /
-    - sh run.sh import
-  needs: ["build_cardtest_ykneo"]
-
-run_cardtest_ykneo_keygen:
-  stage: virtual-test
-  image: registry.gitlab.com/hkos/openpgp-card/cardtest-ykneo
-
-  script:
-    - cd /
-    - sh run.sh keygen
-
-  # run after import test - running tests in parallel on the same card fails
-  needs: ["run_cardtest_ykneo_import"]
+    - /etc/init.d/pcscd start
+    #- sleep 5
+    - cd card-functionality
+    - cargo run --bin $ARG -- $CONFIG
 
 import:
+  extends: .hw-test-template
   stage: hw-import
-  image: rust:1-slim-bullseye
-  tags:
-    - card
-  parallel:
-    matrix:
-      - ARG: [ import ]
-        CONFIG:
-          - "ci/basic-2_1.toml"
-          - "ci/nitro-pro1.toml"
-          - "ci/nitro-pro2.toml"
-          - "ci/nitro-start.toml"
-  before_script:
-    # install dependencies
-    - apt-get update
-    - apt-get -y install --no-install-recommends libpcsclite-dev pkg-config nettle-dev clang libclang-dev pcscd pcsc-tools usbutils strace
-  script:
-    - /etc/init.d/pcscd start
-    #- sleep 5
-    - cd card-functionality
-    - cargo run --bin $ARG -- $CONFIG
+  variables:
+    ARG: import
 
 keygen:
+  extends: .hw-test-template
   stage: hw-keygen
-  image: rust:1-slim-bullseye
-  tags:
-    - card
-  parallel:
-    matrix:
-      - ARG: [ keygen ]
-        CONFIG:
-          - "ci/basic-2_1.toml"
-          - "ci/nitro-pro1.toml"
-          - "ci/nitro-pro2.toml"
-          - "ci/nitro-start.toml"
-  before_script:
-    # install dependencies
-    - apt-get update
-    - apt-get -y install --no-install-recommends libpcsclite-dev pkg-config nettle-dev clang libclang-dev pcscd pcsc-tools usbutils strace
-  script:
-    - /etc/init.d/pcscd start
-    #- sleep 5
-    - cd card-functionality
-    - cargo run --bin $ARG -- $CONFIG
+  variables:
+    ARG: keygen
diff --git a/card-functionality/docker/Dockerfile.cardtest.smartpgp b/card-functionality/docker/Dockerfile.cardtest.smartpgp
deleted file mode 100644
index 29ff11f..0000000
--- a/card-functionality/docker/Dockerfile.cardtest.smartpgp
+++ /dev/null
@@ -1,27 +0,0 @@
-# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
-# SPDX-License-Identifier: CC0-1.0
-
-FROM registry.gitlab.com/hkos/openpgp-card-images/smartpgp
-
-USER root
-
-RUN useradd -ms /bin/bash ocard \
- && apt update -y -qq \
- && apt install -y -qq cargo rustc nettle-dev libclang-dev
-
-USER ocard
-WORKDIR /home/ocard
-
-RUN git clone https://gitlab.com/hkos/openpgp-card \
- && cd openpgp-card/card-functionality \
- && cargo build \
- && true
-
-COPY card-functionality/docker/test-smartpgp.toml openpgp-card/card-functionality/config/test-cards.toml
-
-USER root
-WORKDIR /
-COPY card-functionality/docker/run.sh .
-
-ENV bin import
-CMD /bin/sh /run.sh ${bin}
diff --git a/card-functionality/docker/Dockerfile.cardtest.ykneo b/card-functionality/docker/Dockerfile.cardtest.ykneo
deleted file mode 100644
index 67ba628..0000000
--- a/card-functionality/docker/Dockerfile.cardtest.ykneo
+++ /dev/null
@@ -1,27 +0,0 @@
-# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
-# SPDX-License-Identifier: CC0-1.0
-
-FROM registry.gitlab.com/hkos/openpgp-card-images/ykneo
-
-USER root
-
-RUN useradd -ms /bin/bash ocard \
- && apt update -y -qq \
- && apt install -y -qq cargo rustc nettle-dev libclang-dev
-
-USER ocard
-WORKDIR /home/ocard
-
-RUN git clone https://gitlab.com/hkos/openpgp-card \
- && cd openpgp-card/card-functionality \
- && cargo build \
- && true
-
-COPY card-functionality/docker/test-ykneo.toml openpgp-card/card-functionality/config/test-cards.toml
-
-USER root
-WORKDIR /
-COPY card-functionality/docker/run.sh .
-
-ENV bin import
-CMD /bin/sh /run.sh ${bin}
diff --git a/card-functionality/docker/Dockerfile.hardware-builddeps b/card-functionality/docker/Dockerfile.hardware-builddeps
new file mode 100644
index 0000000..dabaac3
--- /dev/null
+++ b/card-functionality/docker/Dockerfile.hardware-builddeps
@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-FileCopyrightText: 2021 Nora Widdecke <mail@nora.pink>
+# SPDX-License-Identifier: CC0-1.0
+
+FROM rust:1-slim-bullseye
+
+RUN apt update -y -qq \
+ && apt install -y -qq --no-install-recommends libpcsclite-dev pkg-config nettle-dev clang libclang-dev pcscd \
+ && apt clean
diff --git a/card-functionality/docker/run.sh b/card-functionality/docker/run.sh
deleted file mode 100644
index 97662c4..0000000
--- a/card-functionality/docker/run.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
-# SPDX-License-Identifier: CC0-1.0
-
-# Run pcscd (as root)
-/etc/init.d/pcscd start
-
-# Run the javacard applet (as jcardsim)
-su - -c "sh /home/jcardsim/run-card.sh" jcardsim
-
-# Run the openpgp-card test code (as ocard).
-# This uses $1 as the name of the binary to run.
-su - -c "cd openpgp-card/card-functionality/ && cargo run --bin $1" ocard
-