musca: Improve missing python dependencies error #14643
Conversation
ciarmcom
added
the
release-type: patch
|
@Patater, thank you for your changes. |
| message(FATAL_ERROR "Missing Python dependencies (python3, cbor, " | ||
| "click, intelhex) so the binary cannot be signed. Please install " | ||
| "requirements with:\n" | ||
| "\tpython3 -m pip install -r mbed-os/requirements.txt") |
There was a problem hiding this comment.
We initially wanted to separate the deps between the old tools and CMake.
This should point to https://github.com/ARMmbed/mbed-os/blob/master/tools/cmake/requirements.txt instead?
Not all this required packages are there listed?
There was a problem hiding this comment.
mbed-os/requirements.txt are needed, not just tools/cmake/requirements.txt, because of the signing tools dependencies. Maybe the right solution is to add the dependencies needed for the post build hooks to tools/cmake/requirements.txt and point there.
There was a problem hiding this comment.
How do we want to handle optional dependencies? Another requirements.txt? We have if statements in other cmake files to avoid printing the map file summary if intelhex is not installed, for example. However, intelhex is required for code signing on certain targets.
There was a problem hiding this comment.
Maybe the right solution is to add the dependencies needed for the post build hooks to tools/cmake/requirements.txt and point there.
+1, they are missing there once we ported post build hooks 😞 I can create an issue for this, we should fix it.
Previously, if intelhex, cbor, cryptography, or python3 weren't
I understand it now better the error we are fixing here, we really missed some of the deps!
How do we want to handle optional dependencies?
Previous mbed way it was just add to to requirements and have it installed. Shall we split requirements. We always discussed we have different needs:
requirements - to install all below (for CI, or users who want to just install everything )
requirements-basic - this would be basic requirements for targets without any post build hooks
requirements-testing - testing (build and run together in one) - including unittest/greentea tests etc?
requirements-<vendor> - I assume going down to Mbed OS target would be too many files so rather each vendor would maintain their own requirements and keep it up to date. But maybe this is not needed and just introduce requirements-optional to contain all these. We can always check with CMake if deps are installed and if not , just point to extra requirements (in this case we know a user did not install all requirements so they need to cherry-pick extra or testing explicitly)
There was a problem hiding this comment.
All the requirements files seems messy to me. It's more stuff for a user to have to read and learn about. I'll add the optional requirements to tools/cmake/requirements.txt for now, even if not all targets need them.
|
This pull request has automatically been marked as stale because it has had no recent activity. , please complete review of the changes to move the PR forward. Thank you for your contributions. |
|
@Patater could you please address the review comments |
|
This pull request has automatically been marked as stale because it has had no recent activity. @Patater, please carry out any necessary work to get the changes merged. Thank you for your contributions. |
Some targets have post-build scripts which have additional Python library requirements. List out the possibly required dependencies in tools/cmake/requirements.txt. When all tools/cmake/requirements.txt are installed, it should be less common to run into difficult to understand error messages.
Patater
force-pushed
the
improve-musca-python-dependencies-signing-error
branch
from
cbf9f98 to
5d95b22
Compare
Previously, if intelhex, cbor, cryptography, or python3 weren't
available, we'd see an error message like the following:
[2/2] Running utility command for mbed-post-build-bin-ARM_MUSCA_B1
FAILED: mbed-os/targets/TARGET_ARM_SSG/TARGET_MUSCA_B1/CMakeFiles/mbed-post-build-bin-ARM_MUSCA_B1.util
cd /Users/user/Code/mbed-os-example-blinky/cmake_build/ARM_MUSCA_B1/develop/GCC_ARM/mbed-os/targets/TARGET_ARM_SSG/TARGET_MUSCA_B1 && /usr/local/Frameworks/Python.framework/Versions/3.9/bin/python3.9 /Users/user/Code/mbed-os-example-blinky/mbed-os/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py --tfm-target musca_b1 --target-path /Users/user/Code/mbed-os-example-blinky/mbed-os/targets/TARGET_ARM_SSG/TARGET_MUSCA_B1 --secure-bin /Users/user/Code/mbed-os-example-blinky/mbed-os/targets/TARGET_ARM_SSG/TARGET_MUSCA_B1/tfm_s.bin --non-secure-bin /Users/user/Code/mbed-os-example-blinky/cmake_build/ARM_MUSCA_B1/develop/GCC_ARM/mbed-os-example-blinky.bin
Traceback (most recent call last):
File "/Users/user/Code/mbed-os-example-blinky/mbed-os/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 197, in <module>
sign_and_merge_tfm_bin(args.tfm_target, args.target_path, args.non_secure_bin, args.secure_bin)
File "/Users/user/Code/mbed-os-example-blinky/mbed-os/platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/scripts/generate_mbed_image.py", line 80, in sign_and_merge_tfm_bin
raise Exception("Unable to sign " + target_name +
Exception: Unable to sign musca_b1 secure binary, Error code: 1
ninja: build stopped: subcommand failed.
ERROR: CMake invocation failed!
More information may be available by using the command line option '-v'.
"Error code 1" is not very helpful. To provide a more helpful error
message, detect the dependencies and panic if the dependencies aren't
available when building for the target.
The new error message looks like so:
CMake Error at mbed-os/targets/TARGET_ARM_SSG/TARGET_MUSCA_B1/CMakeLists.txt:10 (message):
Missing Python dependencies (python3, cbor, click, intelhex) so the binary
cannot be signed. Please install requirements with:
python3 -m pip install -r mbed-os/tools/cmake/requirements.txt
This is better than before.
Patater
force-pushed
the
improve-musca-python-dependencies-signing-error
branch
from
5d95b22 to
ca0cac7
Compare
|
Added additional requirements to tools/cmake/requirements.txt and updated the error message to indicate which requirements.txt to use. |
|
CI started |
Jenkins CI Test : ❌ FAILEDBuild Number: 1 | 🔒 Jenkins CI Job | 🌐 Logs & ArtifactsCLICK for Detailed Summary
|
|
CMake failed to build due to missing deps. I'll talk to CI team to update. |
| @@ -2,3 +2,5 @@ prettytable==0.7.2 | |||
| future==0.16.0 | |||
| Jinja2>=2.10.1,<2.11 | |||
| intelhex>=2.3.0,<3.0.0 | |||
| cbor>=1.0.0 | |||
| Click>=7.0,<7.1 | |||
There was a problem hiding this comment.
shouldn't we add also cryptography>=2.5,<3 as it is required by tfm (it is in the old tools requirements
There was a problem hiding this comment.
@Patater Thanks for the change. While the suggestion to install python packages is a good addition, I think it's quite important to make sure generate_mbed_image.py dumps the output of the command it calls, rather than just saying "unable to sign". This script was written by ourselves - I copied it from tools/targets/ARM_MUSCA.py and adapted it for CMake. So we are free to edit/improve it.
The error is raised by:
where run_cmd() is:
We can do stdout, _ = popen_instance.communicate() and print stdout if the command failed. This should be enough to let the user know what the actual error is.
(The existing stderr=subprocess.STDOUT redirects stderr to the subprocess's stdout, but that doesn't seem to be shown to the user? I personally expect a generic python import error, if a module is missing, if this is the case?)
| @@ -2,3 +2,5 @@ prettytable==0.7.2 | |||
| future==0.16.0 | |||
| Jinja2>=2.10.1,<2.11 | |||
| intelhex>=2.3.0,<3.0.0 | |||
| cbor>=1.0.0 | |||
| Click>=7.0,<7.1 | |||
There was a problem hiding this comment.
It should be the same as in #14780: Click>=7.0,<8
|
I don't like that this duplicates the list of dependencies already in |
mergify
bot
removed
devices: arm
needs: work
release-type: patch
Summary of changes
Previously, if intelhex, cbor, cryptography, or python3 weren't
available, we'd see an error message like the following:
"Error code 1" is not very helpful. To provide a more helpful error
message, detect the dependencies and panic if the dependencies aren't
available when building for the target.
The new error message looks like so:
This is better than before.
Fixes #14781
Impact of changes
Migration actions required
Documentation
None
Pull request type
Test results
Reviewers