ci: compatibility and formatting fixes

.gitignore

@@ -5,3 +5,4 @@ go.work.sum
 go-fdo-server
 go-fdo-server-*.tar.gz
 rpmbuild
+test/workdir

cmd/owner.go

@@ -325,6 +325,9 @@ func ownerModules(modules []string) iter.Seq2[string, serviceinfo.OwnerModule] {
 				if !yield("fdo.upload", &fsim.UploadRequest{
 					Dir:  uploadDir,
 					Name: name,
+					CreateTemp: func() (*os.File, error) {
+						return os.CreateTemp(uploadDir, ".fdo-upload_*")
+					},
 				}) {
 					return
 				}
@@ -362,7 +365,7 @@ func ownerModules(modules []string) iter.Seq2[string, serviceinfo.OwnerModule] {
 func init() {
 	rootCmd.AddCommand(ownerCmd)
 
-	//serveCmd.Flags().StringVar(&externalAddress, "external-address", "", "External `addr`ess devices should connect to (default \"127.0.0.1:${LISTEN_PORT}\")")
+	// serveCmd.Flags().StringVar(&externalAddress, "external-address", "", "External `addr`ess devices should connect to (default \"127.0.0.1:${LISTEN_PORT}\")")
 	ownerCmd.Flags().BoolVar(&date, "command-date", false, "Use fdo.command FSIM to have device run \"date --utc\"")
 	ownerCmd.Flags().StringArrayVar(&wgets, "command-wget", nil, "Use fdo.wget FSIM for each `url` (flag may be used multiple times)")
 	ownerCmd.Flags().StringArrayVar(&uploads, "command-upload", nil, "Use fdo.upload FSIM for each `file` (flag may be used multiple times)")
@@ -372,5 +375,4 @@ func init() {
 	ownerCmd.Flags().StringVar(&ownerDeviceCACert, "device-ca-cert", "", "Device CA certificate path")
 	ownerCmd.Flags().StringVar(&ownerPrivateKey, "owner-key", "", "Owner private key path")
 	manufacturingCmd.Flags().StringVar(&externalAddress, "external-address", "", "External `addr`ess devices should connect to (default \"127.0.0.1:${LISTEN_PORT}\")")
-
 }

deployments/compose/client/fdo-client.yaml

@@ -4,12 +4,12 @@ services:
     hostname: go-fdo-client
     image: go-fdo-client
     build: https://github.com/fido-device-onboard/go-fdo-client.git#main
-    working_dir: /tmp/go-fdo/device-credentials
+    working_dir: ${container_working_dir:-/workdir}/device-credentials
     user: "${container_user}"
     networks:
       - fdo
     volumes:
-      - /tmp:/tmp:z
+      - ${base_dir:-./test/workdir}:${container_working_dir:-/workdir}
     restart: no
 networks:
   fdo:

deployments/compose/server/fdo-onboarding-servers.yaml

@@ -10,18 +10,18 @@ services:
       TZ: Europe/Madrid
     user: ${container_user}
     command:
-     - --db=/tmp/go-fdo/manufacturer.db
-     - --db-pass='2=,%95QF<uTLLHt'
-     - --debug
      - manufacturing
      - manufacturer:8038
-     - --manufacturing-key=/tmp/go-fdo/certs/manufacturer.key
-     - --owner-cert=/tmp/go-fdo/certs/owner.crt
-     - --device-ca-cert=/tmp/go-fdo/certs/device_ca.crt
-     - --device-ca-key=/tmp/go-fdo/certs/device_ca.key
-    working_dir: /tmp/go-fdo
+     - --db=${container_working_dir:-/workdir}/manufacturer.db
+     - --db-pass='2=,%95QF<uTLLHt'
+     - --debug
+     - --manufacturing-key=${container_working_dir:-/workdir}/certs/manufacturer.key
+     - --owner-cert=${container_working_dir:-/workdir}/certs/owner.crt
+     - --device-ca-cert=${container_working_dir:-/workdir}/certs/device_ca.crt
+     - --device-ca-key=${container_working_dir:-/workdir}/certs/device_ca.key
+    working_dir: ${container_working_dir:-/workdir}
     volumes:
-      - /tmp:/tmp:z
+      - ${base_dir:-./test/workdir}:${container_working_dir:-/workdir}
     networks:
       - fdo
     ports:
@@ -43,14 +43,14 @@ services:
       TZ: Europe/Madrid
     user: ${container_user}
     command:
-      - --db=/tmp/go-fdo/rendezvous.db
-      - --db-pass='2=,%95QF<uTLLHt'
-      - --debug
       - rendezvous
       - rendezvous:8041
-    working_dir: /tmp/go-fdo
+      - --db=${container_working_dir:-/workdir}/rendezvous.db
+      - --db-pass='2=,%95QF<uTLLHt'
+      - --debug
+    working_dir: ${container_working_dir:-/workdir}
     volumes:
-      - /tmp:/tmp:z
+      - ${base_dir:-./test/workdir}:${container_working_dir:-/workdir}
     networks:
       - fdo
     ports:
@@ -72,16 +72,16 @@ services:
       TZ: Europe/Madrid
     user: ${container_user}
     command:
-      - --db=/tmp/go-fdo/owner.db
-      - --db-pass='2=,%95QF<uTLLHt'
-      - --debug
       - owner
       - owner:8043
-      - --owner-key=/tmp/go-fdo/certs/owner.key
-      - --device-ca-cert=/tmp/go-fdo/certs/device_ca.crt
-    working_dir: /tmp/go-fdo
+      - --db=${container_working_dir:-/workdir}/owner.db
+      - --db-pass='2=,%95QF<uTLLHt'
+      - --debug
+      - --owner-key=${container_working_dir:-/workdir}/certs/owner.key
+      - --device-ca-cert=${container_working_dir:-/workdir}/certs/device_ca.crt
+    working_dir: ${container_working_dir:-/workdir}
     volumes:
-      - /tmp:/tmp:z
+      - ${base_dir:-./test/workdir}:${container_working_dir:-/workdir}
     networks:
       - fdo
     ports:

deployments/compose/server/fdo-resale-servers.yaml

@@ -10,20 +10,20 @@ services:
       TZ: Europe/Madrid
     user: ${container_user}
     command:
-      - --db=/tmp/go-fdo/new_owner.db
-      - --db-pass='2=,%95QF<uTLLHt'
-      - --debug
       - owner
       - new_owner:8045
-      - --owner-key=/tmp/go-fdo/certs/new_owner.key
-      - --device-ca-cert=/tmp/go-fdo/certs/device_ca.crt
-    working_dir: /tmp/go-fdo
+      - --db=${container_working_dir:-/workdir}/new_owner.db
+      - --db-pass='2=,%95QF<uTLLHt'
+      - --debug
+      - --owner-key=${container_working_dir:-/workdir}/certs/new_owner.key
+      - --device-ca-cert=${container_working_dir:-/workdir}/certs/device_ca.crt
+    working_dir: ${container_working_dir:-/workdir}
     networks:
       - fdo
     ports:
       - 8045:8045
     volumes:
-      - /tmp:/tmp:z
+      - ${base_dir:-./test/workdir}:${container_working_dir:-/workdir}
     restart: unless-stopped
     healthcheck:
       test: [ "CMD", "curl --silent --output /dev/null --fail http://new_owner:8045/health" ]

deployments/compose/server/fsim-fdo-download-override.yaml

@@ -1,14 +1,14 @@
 services:
   owner:
     command:
-      - --db=/tmp/go-fdo/owner.db
-      - --db-pass='2=,%95QF<uTLLHt'
-      - --debug
       - owner
       - owner:8043
-      - --owner-key=/tmp/go-fdo/certs/owner.key
-      - --device-ca-cert=/tmp/go-fdo/certs/device_ca.crt
+      - --db=${container_working_dir:-/workdir}/owner.db
+      - --db-pass='2=,%95QF<uTLLHt'
+      - --debug
+      - --owner-key=${container_working_dir:-/workdir}/certs/owner.key
+      - --device-ca-cert=${container_working_dir:-/workdir}/certs/device_ca.crt
       - --command-download=file1
-      - --command-download=/tmp/go-fdo/fsim/download/owner/file2
-      - --command-download=/tmp/go-fdo/fsim/download/owner/subdir1/file3
-    working_dir: /tmp/go-fdo/fsim/download/owner
+      - --command-download=${container_working_dir:-/workdir}/fsim/download/owner/file2
+      - --command-download=${container_working_dir:-/workdir}/fsim/download/owner/subdir1/file3
+    working_dir: ${container_working_dir:-/workdir}/fsim/download/owner

deployments/compose/server/fsim-fdo-upload-override.yaml

@@ -1,15 +1,15 @@
 services:
   owner:
     command:
-      - --db=/tmp/go-fdo/owner.db
-      - --db-pass='2=,%95QF<uTLLHt'
-      - --debug
       - owner
       - owner:8043
-      - --owner-key=/tmp/go-fdo/certs/owner.key
-      - --device-ca-cert=/tmp/go-fdo/certs/device_ca.crt
-      - --upload-directory=/tmp/go-fdo/fsim/upload/owner
+      - --db=${container_working_dir:-/workdir}/owner.db
+      - --db-pass='2=,%95QF<uTLLHt'
+      - --debug
+      - --owner-key=${container_working_dir:-/workdir}/certs/owner.key
+      - --device-ca-cert=${container_working_dir:-/workdir}/certs/device_ca.crt
+      - --upload-directory=${container_working_dir:-/workdir}/fsim/upload/owner
       - --command-upload=file1
       - --command-upload=subdir1/file2
       - --command-upload=subdir1/subdir2/file3
-    working_dir: /tmp/go/fdo/fsim/upload/owner
+    working_dir: ${container_working_dir:-/workdir}/fsim/upload/owner

deployments/compose/server/fsim-fdo-wget-override.yaml

@@ -1,13 +1,13 @@
 services:
   owner:
     command:
-      - --db=/tmp/go-fdo/owner.db
-      - --db-pass='2=,%95QF<uTLLHt'
-      - --debug
       - owner
       - owner:8043
-      - --owner-key=/tmp/go-fdo/certs/owner.key
-      - --device-ca-cert=/tmp/go-fdo/certs/device_ca.crt
+      - --db=${container_working_dir:-/workdir}/owner.db
+      - --db-pass='2=,%95QF<uTLLHt'
+      - --debug
+      - --owner-key=${container_working_dir:-/workdir}/certs/owner.key
+      - --device-ca-cert=${container_working_dir:-/workdir}/certs/device_ca.crt
       - --command-wget=http://wget_httpd:8888/file1
   wget_httpd:
     container_name: wget_httpd
@@ -21,13 +21,13 @@ services:
       - "-m"
       - "http.server"
       - "8888"
-    working_dir: /tmp/go-fdo/fsim/wget/httpd
+    working_dir: ${container_working_dir:-/workdir}/fsim/wget/httpd
     networks:
       - fdo
     ports:
       - 8888:8888
     volumes:
-      - /tmp:/tmp:z
+      - ${base_dir:-./test/workdir}:${container_working_dir:-/workdir}
     restart: unless-stopped
     healthcheck:
       test: [ "CMD", "curl --silent --output /dev/null --fail http://wget_httpd:8888" ]

test/ci/test-fsim-download.sh

@@ -1,8 +1,8 @@
-#! /bin/bash
+#! /usr/bin/env bash
 
 set -euo pipefail
 
-source "$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )/utils.sh"
+source "$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)/utils.sh"
 
 # FSIM fdo.download specific configuration
 fsim_download_dir="${base_dir}/fsim/download"
@@ -24,15 +24,15 @@ start_service_owner() {
     --owner-key="${owner_key}" \
     --device-ca-cert="${device_ca_crt}" \
     "${download_commands[@]}"
-  cd - > /dev/null
+  cd - >/dev/null
 }
 
 generate_download_files() {
   cd ${owner_download_dir}
   for owner_file in "${download_files[@]}"; do
     prepare_payload "${owner_file}"
   done
-  cd - > /dev/null
+  cd - >/dev/null
 }
 
 verify_downloads() {
@@ -41,11 +41,11 @@ verify_downloads() {
     device_file="${device_download_dir}/$(basename "${owner_file}")"
     verify_equal_files "${device_file}" "${owner_file}"
   done
-  cd - > /dev/null
+  cd - >/dev/null
 }
 
 # Public entrypoint used by CI
-run_test () {
+run_test() {
 
   echo "⭐ Creating directories"
   directories+=("$owner_download_dir" "$device_download_dir")
@@ -82,7 +82,7 @@ run_test () {
   set_or_update_owner_redirect_info "${owner_url}" "${owner_service_name}" "${owner_dns}" "${owner_port}"
 
   echo "⭐ Triggering TO0 on Owner server"
-  run_to0 ${owner_url} "${guid}" > /dev/null
+  run_to0 ${owner_url} "${guid}" >/dev/null
 
   echo "⭐ Generate the download payloads on owner side: ${download_files[*]}"
   generate_download_files

test/ci/test-fsim-upload.sh

@@ -1,8 +1,8 @@
-#! /bin/bash
+#! /usr/bin/env bash
 
 set -euo pipefail
 
-source "$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )/utils.sh"
+source "$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)/utils.sh"
 
 # FSIM fdo.upload specific configuration
 fsim_upload_dir=${base_dir}/fsim/upload
@@ -32,7 +32,7 @@ generate_upload_files() {
   for device_file in "${upload_files[@]}"; do
     prepare_payload "${device_file}"
   done
-  cd - > /dev/null
+  cd - >/dev/null
 }
 
 verify_uploads() {
@@ -41,11 +41,11 @@ verify_uploads() {
     owner_file="${owner_uploads_dir}/$(basename "${device_file}")"
     verify_equal_files "${owner_file}" "${device_file}"
   done
-  cd - > /dev/null
+  cd - >/dev/null
 }
 
 # Public entrypoint used by CI
-run_test () {
+run_test() {
 
   echo "⭐ Creating directories"
   # Add uploads directories to be created
@@ -83,7 +83,7 @@ run_test () {
   set_or_update_owner_redirect_info "${owner_url}" "${owner_service_name}" "${owner_dns}" "${owner_port}"
 
   echo "⭐ Triggering TO0 on Owner server"
-  run_to0 ${owner_url} "${guid}" > /dev/null
+  run_to0 ${owner_url} "${guid}" >/dev/null
 
   echo "⭐ Prepare the upload payloads on client side: ${upload_files[*]}"
   generate_upload_files

test/ci/test-fsim-wget.sh

@@ -1,8 +1,8 @@
-#!/bin/bash
+#! /usr/bin/env bash
 
 set -euo pipefail
 
-source "$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )/utils.sh"
+source "$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)/utils.sh"
 
 # FSIM fdo.wget specific configuration
 fsim_wget_dir="${base_dir}/fsim/wget"
@@ -32,13 +32,12 @@ wget_device1_download_file="${wget_device1_download_dir}/${wget_file_name}"
 wget_device2_download_file="${wget_device2_download_dir}/${wget_file_name}"
 declare -a wget_download_dirs=("${wget_device1_download_dir}" "${wget_device2_download_dir}")
 
-
 start_service_wget_httpd() {
   # Start Python HTTP server in background
   cd "${wget_httpd_dir}"
-  nohup python3 -m http.server ${wget_httpd_port} > "${wget_httpd_log_file}" 2>&1 &
-  echo -n $! > "${wget_httpd_pid_file}"
-  cd - > /dev/null
+  nohup python3 -m http.server ${wget_httpd_port} >"${wget_httpd_log_file}" 2>&1 &
+  echo -n $! >"${wget_httpd_pid_file}"
+  cd - >/dev/null
 }
 
 # Modified run_services function that adds wget support for owner service
@@ -49,7 +48,7 @@ start_service_owner() {
     --command-wget "${wget_source_url}"
 }
 
-run_test () {
+run_test() {
   # Add the wget_httpd service defined above
   services+=("${wget_httpd_service_name}")
 
@@ -91,7 +90,7 @@ run_test () {
   set_or_update_owner_redirect_info "${owner_url}" "${owner_service_name}" "${owner_dns}" "${owner_port}"
 
   echo "⭐ Triggering TO0 on Owner server for Device 1 ${guid}"
-  run_to0 ${owner_url} "${guid}" > /dev/null
+  run_to0 ${owner_url} "${guid}" >/dev/null
 
   echo "⭐ Running FIDO Device Onboard for Device 1 with FSIM fdo.wget"
   run_fido_device_onboard --debug --wget-dir "${wget_device1_download_dir}"
@@ -111,13 +110,16 @@ run_test () {
   send_manufacturer_ov_to_owner "${manufacturer_url}" "${guid}" "${owner_url}"
 
   echo "⭐ Triggering TO0 on Owner server for Device 2 ${guid}"
-  run_to0 ${owner_url} "${guid}" > /dev/null
+  run_to0 ${owner_url} "${guid}" >/dev/null
 
   echo "⭐ Stop HTTP Server to Simulate Loss of WGET Service"
   stop_service "${wget_httpd_service_name}"
 
   echo "⭐ Attempt WGET with missing HTTP server, verify FSIM error occurs"
-  ! run_fido_device_onboard --debug --wget-dir "${wget_device2_download_dir}" || { echo "❌ Expected Device 2 onboard to fail!"; return 1; }
+  ! run_fido_device_onboard --debug --wget-dir "${wget_device2_download_dir}" || {
+    echo "❌ Expected Device 2 onboard to fail!"
+    return 1
+  }
 
   # verify that the wget FSIM error is logged
   find_in_log_or_fail "$(get_device_onboard_log)" "error handling device service info .*fdo\.wget:error"