mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 13:21:05 +00:00
caf282f02b
2022-03-24 John M. Schanck <jschanck@mozilla.com> * lib/ckfw/builtins/certdata.txt: Bug 1754890 - Add two D-TRUST 2020 root certificates. r=KathleenWilson [f63fb86db692] [NSS_3_77_BETA1] * lib/ckfw/builtins/certdata.txt: Bug 1751298 - Add Telia Root CA v2 root certificate. r=KathleenWilson [1fcbbd7e4f5f] * lib/ckfw/builtins/certdata.txt: Bug 1751305 - Remove expired explicitly distrusted certificates from certdata.txt. r=KathleenWilson [b722e523d662] 2022-03-23 Dana Keeler <dkeeler@mozilla.com> * gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp, gtests/mozpkix_gtest/pkixder_pki_types_tests.cpp, gtests/mozpkix_gtest/pkixgtest.h, gtests/mozpkix_gtest/pkixnss_tests.cpp, lib/mozpkix/include/pkix/pkixder.h, lib/mozpkix/include/pkix/pkixnss.h, lib/mozpkix/include/pkix/pkixtypes.h, lib/mozpkix/lib/pkixc.cpp, lib/mozpkix/lib/pkixcheck.cpp, lib/mozpkix/lib/pkixder.cpp, lib/mozpkix/lib/pkixnss.cpp, lib/mozpkix/lib/pkixverify.cpp, lib/mozpkix/test-lib/pkixtestnss.cpp: Bug 1005084 - support specific RSA-PSS parameters in mozilla::pkix r=jschanck This patch adds support to mozilla::pkix for certificates signed with RSA-PSS using one of the following parameters permitted by the CA/Browser Forum Baseline Requirements 1.8.1: * SHA-256, MGF-1 with SHA-256, and a salt length of 32 bytes * SHA-384, MGF-1 with SHA-384, and a salt length of 48 bytes * SHA-512, MGF-1 with SHA-512, and a salt length of 64 bytes [853b64626b19] 2022-03-23 John M. Schanck <jschanck@mozilla.com> * lib/util/secasn1d.c: Bug 1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. r=rrelyea The `stateEnd->parent != state` check was added in Bug 95458 to avoid a crash in `sec_asn1d_free_child`. The diagnosis in Bug 95458 is incorrect---the crash was actually due to a `PORT_Assert(0)` that was meant to highlight a memory leak when `SEC_ASN1DecoderStart` was called with `their_pool==NULL`. The offending assertion was removed in Bug 95311, which makes the `stateEnd` check obsolete. In Bug 1753535 it was observed that the `stateEnd` check could read from a poisoned region of an arena when the decoder was used in a streaming mode. This read-after-poison could lead to an arena memory leak, although this is mitigated by the fact that the read-after-poison is on an error-handling path where the caller typically frees the entire arena. [800111fa3bf8] * lib/dev/dev.h, lib/dev/devslot.c, lib/dev/devt.h, lib/dev/devtoken.c, lib/pk11wrap/dev3hack.c: Bug 1756271 - Remove token member from NSSSlot struct. r=rrelyea [55052f78244c] * cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c, lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn, lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h, lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c, lib/freebl/secmpi.h: Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. r=mt [b83ad33acd67] 2022-03-22 John M. Schanck <jschanck@mozilla.com> * cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c, lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn, lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h, lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c, lib/freebl/secmpi.h: Backed out changeset 6c1092f5203f Caused Windows gyp build failures for cmd/mpitests [ffa1e4ce758a] 2022-03-22 Masatoshi Kimura <VYV03354@nifty.ne.jp> * gtests/pk11_gtest/pk11_module_unittest.cc, lib/pk11wrap/pk11load.c: Bug 1757279 - Support UTF-8 library path in the module spec string. r=nss-reviewers,jschanck [31bce2dae97b] * gtests/base_gtest/Makefile, gtests/base_gtest/base_gtest.gyp, gtests/base_gtest/manifest.mn, gtests/base_gtest/utf8_unittest.cc, gtests/manifest.mn, lib/base/utf8.c, nss.gyp, tests/gtests/gtests.sh: Bug 1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. r=nss-reviewers,jschanck [2f2c85648edb] 2022-03-22 John M. Schanck <jschanck@mozilla.com> * cmd/mpitests/mpi-test.c, lib/freebl/Makefile, lib/freebl/dh.c, lib/freebl/freebl_base.gypi, lib/freebl/manifest.mn, lib/freebl/mpi/mpprime.c, lib/freebl/mpi/mpprime.h, lib/freebl/pqg.c, lib/freebl/rsa.c, lib/freebl/secmpi.c, lib/freebl/secmpi.h: Bug 1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. r=mt [6c1092f5203f] 2022-03-22 Dennis Jackson <djackson@mozilla.com> * automation/taskcluster/docker-builds/Dockerfile, automation/taskcluster/graph/src/extend.js: Bug 1760827 - Add a CI Target for gcc-11. r=nss-reviewers,nkulatova [d4a3bb7731b0] * automation/taskcluster/graph/src/extend.js: Bug 1760828 - Change to makefiles for gcc-4.8. r=nss-reviewers,mt [191e838399a6] 2022-03-22 J08nY <johny@neuromancer.sk> * automation/taskcluster/graph/src/extend.js, gtests/google_test/VERSION, gtests/google_test/gtest/CMakeLists.txt, gtests/google_test/gtest/CONTRIBUTORS, gtests/google_test/gtest/README.md, gtests/google_test/gtest/cmake/gtest.pc.in, gtests/google_test/gtest/cmake/gtest_main.pc.in, gtests/google_test/gtest/cmake/internal_utils.cmake, gtests/google_test/gtest/docs/Pkgconfig.md, gtests/google_test/gtest/docs/README.md, gtests/google_test/gtest/docs/advanced.md, gtests/google_test/gtest/docs/faq.md, gtests/google_test/gtest/docs/primer.md, gtests/google_test/gtest/docs/pump_manual.md, gtests/google_test/gtest/docs/samples.md, gtests/google_test/gtest/include/gtest/gtest-death-test.h, gtests/google_test/gtest/include/gtest/gtest-matchers.h, gtests/google_test/gtest/include/gtest/gtest-message.h, gtests/google_test/gtest/include/gtest/gtest-param-test.h, gtests/google_test/gtest/include/gtest/gtest-printers.h, gtests/google_test/gtest/include/gtest/gtest-spi.h, gtests/google_test/gtest/include/gtest/gtest-test-part.h, gtests/google_test/gtest/include/gtest/gtest-typed-test.h, gtests/google_test/gtest/include/gtest/gtest.h, gtests/google_test/gtest/include/gtest/gtest_pred_impl.h, gtests/google_test/gtest/include/gtest/gtest_prod.h, gtests/google_test/gtest/include/gtest/internal/custom/gtest-port.h, gtests/google_test/gtest/include/gtest/internal/custom/gtest- printers.h, gtests/google_test/gtest/include/gtest/internal/custom/gtest.h, gtests/google_test/gtest/include/gtest/internal/gtest-death-test- internal.h, gtests/google_test/gtest/include/gtest/internal/gtest- filepath.h, gtests/google_test/gtest/include/gtest/internal/gtest- internal.h, gtests/google_test/gtest/include/gtest/internal/gtest- param-util.h, gtests/google_test/gtest/include/gtest/internal/gtest- port-arch.h, gtests/google_test/gtest/include/gtest/internal/gtest- port.h, gtests/google_test/gtest/include/gtest/internal/gtest- string.h, gtests/google_test/gtest/include/gtest/internal/gtest- type-util.h, gtests/google_test/gtest/include/gtest/internal/gtest- type-util.h.pump, gtests/google_test/gtest/samples/prime_tables.h, gtests/google_test/gtest/samples/sample1.cc, gtests/google_test/gtest/samples/sample1.h, gtests/google_test/gtest/samples/sample10_unittest.cc, gtests/google_test/gtest/samples/sample2.cc, gtests/google_test/gtest/samples/sample2.h, gtests/google_test/gtest/samples/sample2_unittest.cc, gtests/google_test/gtest/samples/sample3-inl.h, gtests/google_test/gtest/samples/sample3_unittest.cc, gtests/google_test/gtest/samples/sample4.h, gtests/google_test/gtest/samples/sample5_unittest.cc, gtests/google_test/gtest/samples/sample6_unittest.cc, gtests/google_test/gtest/samples/sample7_unittest.cc, gtests/google_test/gtest/samples/sample8_unittest.cc, gtests/google_test/gtest/samples/sample9_unittest.cc, gtests/google_test/gtest/scripts/README.md, gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py, gtests/google_test/gtest/scripts/pump.py, gtests/google_test/gtest/scripts/release_docs.py, gtests/google_test/gtest/scripts/run_with_path.py, gtests/google_test/gtest/scripts/upload.py, gtests/google_test/gtest/src/gtest-death-test.cc, gtests/google_test/gtest/src/gtest-filepath.cc, gtests/google_test/gtest/src/gtest-internal-inl.h, gtests/google_test/gtest/src/gtest-matchers.cc, gtests/google_test/gtest/src/gtest-port.cc, gtests/google_test/gtest/src/gtest-printers.cc, gtests/google_test/gtest/src/gtest-test-part.cc, gtests/google_test/gtest/src/gtest-typed-test.cc, gtests/google_test/gtest/src/gtest.cc, gtests/google_test/gtest/src/gtest_main.cc, gtests/google_test/gtest/test/BUILD.bazel, gtests/google_test/gtest/test/googletest-catch-exceptions-test_.cc, gtests/google_test/gtest/test/googletest-death-test-test.cc, gtests/google_test/gtest/test/googletest-death-test_ex_test.cc, gtests/google_test/gtest/test/googletest-env-var-test.py, gtests/google_test/gtest/test/googletest-env-var-test_.cc, gtests/google_test/gtest/test/googletest-failfast-unittest.py, gtests/google_test/gtest/test/googletest-failfast-unittest_.cc, gtests/google_test/gtest/test/googletest-filepath-test.cc, gtests/google_test/gtest/test/googletest-filter-unittest_.cc, gtests/google_test/gtest/test/googletest-global-environment- unittest.py, gtests/google_test/gtest/test/googletest-global- environment-unittest_.cc, gtests/google_test/gtest/test/googletest- json-output-unittest.py, gtests/google_test/gtest/test/googletest- list-tests-unittest_.cc, gtests/google_test/gtest/test/googletest- listener-test.cc, gtests/google_test/gtest/test/googletest-message- test.cc, gtests/google_test/gtest/test/googletest-options-test.cc, gtests/google_test/gtest/test/googletest-output-test-golden-lin.txt, gtests/google_test/gtest/test/googletest-output-test.py, gtests/google_test/gtest/test/googletest-output-test_.cc, gtests/google_test/gtest/test/googletest-param-test-invalid- name1-test_.cc, gtests/google_test/gtest/test/googletest-param-test- invalid-name2-test_.cc, gtests/google_test/gtest/test/googletest- param-test-test.cc, gtests/google_test/gtest/test/googletest-param- test-test.h, gtests/google_test/gtest/test/googletest-param- test2-test.cc, gtests/google_test/gtest/test/googletest-port- test.cc, gtests/google_test/gtest/test/googletest-printers-test.cc, gtests/google_test/gtest/test/googletest-setuptestsuite-test.py, gtests/google_test/gtest/test/googletest-setuptestsuite-test_.cc, gtests/google_test/gtest/test/googletest-shuffle-test_.cc, gtests/google_test/gtest/test/googletest-test-part-test.cc, gtests/google_test/gtest/test/googletest-test2_test.cc, gtests/google_test/gtest/test/googletest-throw-on-failure-test_.cc, gtests/google_test/gtest/test/gtest-typed-test2_test.cc, gtests/google_test/gtest/test/gtest-typed-test_test.cc, gtests/google_test/gtest/test/gtest-typed-test_test.h, gtests/google_test/gtest/test/gtest-unittest-api_test.cc, gtests/google_test/gtest/test/gtest_assert_by_exception_test.cc, gtests/google_test/gtest/test/gtest_environment_test.cc, gtests/google_test/gtest/test/gtest_help_test.py, gtests/google_test/gtest/test/gtest_list_output_unittest.py, gtests/google_test/gtest/test/gtest_list_output_unittest_.cc, gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc, gtests/google_test/gtest/test/gtest_premature_exit_test.cc, gtests/google_test/gtest/test/gtest_repeat_test.cc, gtests/google_test/gtest/test/gtest_skip_check_output_test.py, gtests/google_test/gtest/test/gtest_skip_test.cc, gtests/google_test/gtest/test/gtest_stress_test.cc, gtests/google_test/gtest/test/gtest_test_utils.py, gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc, gtests/google_test/gtest/test/gtest_unittest.cc, gtests/google_test/gtest/test/gtest_xml_outfiles_test.py, gtests/google_test/gtest/test/gtest_xml_output_unittest.py, gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc, gtests/google_test/gtest/test/gtest_xml_test_utils.py, gtests/google_test/gtest/test/production.h, gtests/google_test/update.sh, gtests/ssl_gtest/ssl_agent_unittest.cc: Bug 1741688 - Update googletest to 1.11.0 r=nss-reviewers,mt [88249e154a23] 2022-03-22 Dennis Jackson <djackson@mozilla.com> * gtests/ssl_gtest/tls_ech_unittest.cc, lib/ssl/ssl3con.c, lib/ssl/sslexp.h, lib/ssl/sslimpl.h, lib/ssl/sslsock.c, lib/ssl/tls13ech.c, lib/ssl/tls13ech.h: Bug 1759525 - Add SetTls13GreaseEchSize to experimental API. r=mt [c2f93669b92c] 2022-03-22 Leander Schwarz <lschwarz@mozilla.com> * gtests/ssl_gtest/ssl_version_unittest.cc, gtests/ssl_gtest/tls_filter.cc, gtests/ssl_gtest/tls_filter.h, lib/ssl/tls13con.c: Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts. r=djackson [7d931c59d09f] 2022-03-22 Dennis Jackson <djackson@mozilla.com> * lib/ssl/tls13ech.c: Bug 1755904 - Fix calculation of ECH HRR Transcript. r=mt [33c530e653b3] 2022-03-22 Zi Lin <lziest@chromium.org> * coreconf/Linux.mk: Bug 1758741 - Allow ld path to be set as environment variable. r=mt Submitted on behalf of Zi Lin, the author of the patch. [d9368381598f] 2022-03-22 Dennis Jackson <djackson@mozilla.com> * gtests/ssl_gtest/tls_connect.cc: Bug 1760653 - Ensure we don't read uninitialized memory in ssl gtests. r=mt,nss-reviewers [9a7b3c7f4e70] * cpputil/databuffer.h: Bug 1758478 - Fix DataBuffer Move Assignment. r=mt [f12fd43d69c7] 2022-03-18 Robert Relyea <rrelyea@redhat.com> * automation/abi-check/expected-report-libnss3.so.txt, automation/abi- check/expected-report-libssl3.so.txt, gtests/ssl_gtest/ssl_auth_unittest.cc, lib/certdb/cert.h, lib/certdb/certdb.c, lib/nss/nss.def, lib/pk11wrap/pk11obj.c, lib/pk11wrap/pk11pub.h, lib/ssl/authcert.c, lib/ssl/ssl.def, lib/ssl/ssl.h, lib/ssl/ssl3con.c, lib/ssl/sslimpl.h, lib/ssl/sslsock.c, lib/ssl/tls13con.c, lib/ssl/tls13subcerts.c, mach, tests/ssl/ssl.sh, tests/ssl/sslauth.txt: Bug 1552254 internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 We need to be able to select Client certificates based on the schemes sent to us from the server. Rather than changing the callback function, this patch adds those schemes to the ssl socket info as suggested by Dana. In addition, two helpful functions have been added to aid User applications in properly selecting the Certificate: PRBool SSL_CertIsUsable(PRFileDesc *fd, CERTCertificate *cert) - returns true if the given cert matches the schemes of the server, the schemes configured on the socket, capability of the token the private key resides on, and the current policy. For future SSL protocol, additional restrictions may be parsed. SSL_FilterCertListBySocket(PRFileDesc *fd, CERTCertList *certlist) - removes the certs from the cert list that doesn't pass the SSL_CertIsUsable() call. In addition the built in cert selection function (NSS_GetClientAuthData) uses the above functions to filter the list. In order to support the NSS_GetClientAuthData three new functions have been added: SECStatus CERT_FilterCertListByNickname(CERTCertList *certList, char *nickname, void *pwarg) -- removes the certs that don't match the 'nickname'. SECStatus CERT_FilterCertListByCertList(CERTCertlist *certList, const CERTCertlist *filterList ) -- removes all the certs on the first cert list that isn't on the second. PRBool CERT_IsInList(CERTCertificate *, const CERTCertList *certList) -- returns true if cert is on certList. In addition * PK11_FindObjectForCert() is exported so the token the cert lives on can be accessed. * the ssle ssl_PickClientSignatureScheme() function (along with several supporing functions) have been modified so it can be used by SSL_CertIsUsable() [be6a97823bfe] Differential Revision: https://phabricator.services.mozilla.com/D141995
306 lines
10 KiB
Python
Executable File
306 lines
10 KiB
Python
Executable File
#!/usr/bin/env python
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
##########################################################################
|
|
#
|
|
# This is a collection of helper tools to get stuff done in NSS.
|
|
#
|
|
|
|
import sys
|
|
import argparse
|
|
import fnmatch
|
|
import io
|
|
import subprocess
|
|
import os
|
|
import platform
|
|
import shutil
|
|
import tarfile
|
|
import tempfile
|
|
|
|
from hashlib import sha256
|
|
|
|
DEVNULL = open(os.devnull, 'wb')
|
|
cwd = os.path.dirname(os.path.abspath(__file__))
|
|
|
|
def run_tests(test, cycles="standard", env={}, silent=False):
|
|
domsuf = os.getenv('DOMSUF', "localdomain")
|
|
host = os.getenv('HOST', "localhost")
|
|
env = env.copy()
|
|
env.update({
|
|
"NSS_TESTS": test,
|
|
"NSS_CYCLES": cycles,
|
|
"DOMSUF": domsuf,
|
|
"HOST": host
|
|
})
|
|
os_env = os.environ
|
|
os_env.update(env)
|
|
command = cwd + "/tests/all.sh"
|
|
stdout = stderr = DEVNULL if silent else None
|
|
subprocess.check_call(command, env=os_env, stdout=stdout, stderr=stderr)
|
|
|
|
|
|
class cfAction(argparse.Action):
|
|
docker_command = None
|
|
restorecon = None
|
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
|
self.setDockerCommand(args)
|
|
|
|
if values:
|
|
files = [os.path.relpath(os.path.abspath(x), start=cwd) for x in values]
|
|
else:
|
|
files = self.modifiedFiles()
|
|
|
|
# First check if we can run docker.
|
|
try:
|
|
with open(os.devnull, "w") as f:
|
|
subprocess.check_call(
|
|
self.docker_command + ["images"], stdout=f)
|
|
except:
|
|
self.docker_command = None
|
|
|
|
if self.docker_command is None:
|
|
print("warning: running clang-format directly, which isn't guaranteed to be correct")
|
|
command = [cwd + "/automation/clang-format/run_clang_format.sh"] + files
|
|
repr(command)
|
|
subprocess.call(command)
|
|
return
|
|
|
|
files = [os.path.join('/home/worker/nss', x) for x in files]
|
|
docker_image = 'clang-format-service:latest'
|
|
cf_docker_folder = cwd + "/automation/clang-format"
|
|
|
|
# Build the image if necessary.
|
|
if self.filesChanged(cf_docker_folder):
|
|
self.buildImage(docker_image, cf_docker_folder)
|
|
|
|
# Check if we have the docker image.
|
|
try:
|
|
command = self.docker_command + [
|
|
"image", "inspect", "clang-format-service:latest"
|
|
]
|
|
with open(os.devnull, "w") as f:
|
|
subprocess.check_call(command, stdout=f)
|
|
except:
|
|
print("I have to build the docker image first.")
|
|
self.buildImage(docker_image, cf_docker_folder)
|
|
|
|
command = self.docker_command + [
|
|
'run', '-v', cwd + ':/home/worker/nss:Z', '--rm', '-ti', docker_image
|
|
]
|
|
# The clang format script returns 1 if something's to do. We don't
|
|
# care.
|
|
subprocess.call(command + files)
|
|
if self.restorecon is not None:
|
|
subprocess.call([self.restorecon, '-R', cwd])
|
|
|
|
def filesChanged(self, path):
|
|
hash = sha256()
|
|
for dirname, dirnames, files in os.walk(path):
|
|
for file in files:
|
|
with open(os.path.join(dirname, file), "rb") as f:
|
|
hash.update(f.read())
|
|
chk_file = cwd + "/.chk"
|
|
old_chk = ""
|
|
new_chk = hash.hexdigest()
|
|
if os.path.exists(chk_file):
|
|
with open(chk_file) as f:
|
|
old_chk = f.readline()
|
|
if old_chk != new_chk:
|
|
with open(chk_file, "w+") as f:
|
|
f.write(new_chk)
|
|
return True
|
|
return False
|
|
|
|
def buildImage(self, docker_image, cf_docker_folder):
|
|
command = self.docker_command + [
|
|
"build", "-t", docker_image, cf_docker_folder
|
|
]
|
|
subprocess.check_call(command)
|
|
return
|
|
|
|
def setDockerCommand(self, args):
|
|
from distutils.spawn import find_executable
|
|
if platform.system() == "Linux":
|
|
self.restorecon = find_executable("restorecon")
|
|
dcmd = find_executable("docker")
|
|
if dcmd is not None:
|
|
self.docker_command = [dcmd]
|
|
if not args.noroot:
|
|
self.docker_command = ["sudo"] + self.docker_command
|
|
else:
|
|
self.docker_command = None
|
|
|
|
def modifiedFiles(self):
|
|
files = []
|
|
if os.path.exists(os.path.join(cwd, '.hg')):
|
|
st = subprocess.Popen(['hg', 'status', '-m', '-a'],
|
|
cwd=cwd, stdout=subprocess.PIPE, universal_newlines=True)
|
|
for line in iter(st.stdout.readline, ''):
|
|
files += [line[2:].rstrip()]
|
|
elif os.path.exists(os.path.join(cwd, '.git')):
|
|
st = subprocess.Popen(['git', 'status', '--porcelain'],
|
|
cwd=cwd, stdout=subprocess.PIPE)
|
|
for line in iter(st.stdout.readline, ''):
|
|
if line[1] == 'M' or line[1] != 'D' and \
|
|
(line[0] == 'M' or line[0] == 'A' or
|
|
line[0] == 'C' or line[0] == 'U'):
|
|
files += [line[3:].rstrip()]
|
|
elif line[0] == 'R':
|
|
files += [line[line.index(' -> ', beg=4) + 4:]]
|
|
else:
|
|
print('Warning: neither mercurial nor git detected!')
|
|
|
|
def isFormatted(x):
|
|
return x[-2:] == '.c' or x[-3:] == '.cc' or x[-2:] == '.h'
|
|
return [x for x in files if isFormatted(x)]
|
|
|
|
|
|
class buildAction(argparse.Action):
|
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
|
subprocess.check_call([cwd + "/build.sh"] + values)
|
|
|
|
|
|
class testAction(argparse.Action):
|
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
|
run_tests(values)
|
|
|
|
|
|
class covAction(argparse.Action):
|
|
|
|
def runSslGtests(self, outdir):
|
|
env = {
|
|
"GTESTFILTER": "*", # Prevent parallel test runs.
|
|
"ASAN_OPTIONS": "coverage=1:coverage_dir=" + outdir,
|
|
"NSS_DEFAULT_DB_TYPE": "sql",
|
|
"NSS_DISABLE_UNLOAD": "1"
|
|
}
|
|
|
|
run_tests("ssl_gtests", env=env, silent=True)
|
|
|
|
def findSanCovFile(self, outdir):
|
|
for file in os.listdir(outdir):
|
|
if fnmatch.fnmatch(file, 'ssl_gtest.*.sancov'):
|
|
return os.path.join(outdir, file)
|
|
|
|
return None
|
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
|
outdir = args.outdir
|
|
print("Output directory: " + outdir)
|
|
|
|
print("\nBuild with coverage sanitizers...\n")
|
|
sancov_args = "edge,no-prune,trace-pc-guard,trace-cmp"
|
|
subprocess.check_call([
|
|
os.path.join(cwd, "build.sh"), "-c", "--clang", "--asan", "--enable-legacy-db",
|
|
"--sancov=" + sancov_args
|
|
])
|
|
|
|
print("\nRun ssl_gtests to get a coverage report...")
|
|
self.runSslGtests(outdir)
|
|
print("Done.")
|
|
|
|
sancov_file = self.findSanCovFile(outdir)
|
|
if not sancov_file:
|
|
print("Couldn't find .sancov file.")
|
|
sys.exit(1)
|
|
|
|
symcov_file = os.path.join(outdir, "ssl_gtest.symcov")
|
|
out = open(symcov_file, 'wb')
|
|
# Don't exit immediately on error
|
|
symbol_retcode = subprocess.call([
|
|
"sancov",
|
|
"-blacklist=" + os.path.join(cwd, ".sancov-blacklist"),
|
|
"-symbolize", sancov_file,
|
|
os.path.join(cwd, "../dist/Debug/bin/ssl_gtest")
|
|
], stdout=out)
|
|
out.close()
|
|
|
|
print("\nCopying ssl_gtests to artifacts...")
|
|
shutil.copyfile(os.path.join(cwd, "../dist/Debug/bin/ssl_gtest"),
|
|
os.path.join(outdir, "ssl_gtest"))
|
|
|
|
print("\nCoverage report: " + symcov_file)
|
|
if symbol_retcode > 0:
|
|
print("sancov failed to symbolize with return code {}".format(symbol_retcode))
|
|
sys.exit(symbol_retcode)
|
|
|
|
class commandsAction(argparse.Action):
|
|
commands = []
|
|
|
|
def __call__(self, parser, args, values, option_string=None):
|
|
for c in commandsAction.commands:
|
|
print(c)
|
|
|
|
def parse_arguments():
|
|
parser = argparse.ArgumentParser(
|
|
description='NSS helper script. ' +
|
|
'Make sure to separate sub-command arguments with --.')
|
|
subparsers = parser.add_subparsers()
|
|
|
|
parser_build = subparsers.add_parser(
|
|
'build', help='All arguments are passed to build.sh')
|
|
parser_build.add_argument(
|
|
'build_args', nargs='*', help="build arguments", action=buildAction)
|
|
|
|
parser_cf = subparsers.add_parser(
|
|
'clang-format',
|
|
help="""
|
|
Run clang-format.
|
|
|
|
By default this runs against any files that you have modified. If
|
|
there are no modified files, it checks everything.
|
|
""")
|
|
parser_cf.add_argument(
|
|
'--noroot',
|
|
help='On linux, suppress the use of \'sudo\' for running docker.',
|
|
action='store_true')
|
|
parser_cf.add_argument(
|
|
'<file/dir>',
|
|
nargs='*',
|
|
help="Specify files or directories to run clang-format on",
|
|
action=cfAction)
|
|
|
|
parser_test = subparsers.add_parser(
|
|
'tests', help='Run tests through tests/all.sh.')
|
|
tests = [
|
|
"cipher", "lowhash", "chains", "cert", "dbtests", "tools", "fips",
|
|
"sdr", "crmf", "smime", "ssl", "ocsp", "merge", "pkits", "ec",
|
|
"gtests", "ssl_gtests", "bogo", "interop", "policy"
|
|
]
|
|
parser_test.add_argument(
|
|
'test', choices=tests, help="Available tests", action=testAction)
|
|
|
|
parser_cov = subparsers.add_parser(
|
|
'coverage', help='Generate coverage report')
|
|
cov_modules = ["ssl_gtests"]
|
|
parser_cov.add_argument(
|
|
'--outdir', help='Output directory for coverage report data.',
|
|
default=tempfile.mkdtemp())
|
|
parser_cov.add_argument(
|
|
'module', choices=cov_modules, help="Available coverage modules",
|
|
action=covAction)
|
|
|
|
parser_commands = subparsers.add_parser(
|
|
'mach-completion',
|
|
help="list commands")
|
|
parser_commands.add_argument(
|
|
'mach-completion',
|
|
nargs='*',
|
|
action=commandsAction)
|
|
|
|
commandsAction.commands = [c for c in subparsers.choices]
|
|
return parser.parse_args()
|
|
|
|
|
|
def main():
|
|
parse_arguments()
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|