diff options
| author | Iaroslav Gridin <iaroslav.gridin@tuni.fi> | 2023-01-05 16:34:33 +0000 |
|---|---|---|
| committer | Iaroslav Gridin <iaroslav.gridin@tuni.fi> | 2023-01-05 16:34:33 +0000 |
| commit | d0576db1c914ce8498b9ed4f78e026119a5a405c (patch) | |
| tree | 2489724cb7abe465bdad94554e8f9a0009117f67 | |
| parent | e3fdc46e13cc48cb6e375ec746ac1fee1e5de5a3 (diff) | |
| download | nss-hg-d0576db1c914ce8498b9ed4f78e026119a5a405c.tar.gz | |
Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust r=nss-reviewers,bbeurdouche
Differential Revision: https://phabricator.services.mozilla.com/D164770
| -rw-r--r-- | automation/taskcluster/docker-acvp/Dockerfile | 49 | ||||
| -rwxr-xr-x | automation/taskcluster/docker-acvp/bin/checkout.sh | 25 | ||||
| -rwxr-xr-x | automation/taskcluster/docker-acvp/bin/run.sh | 26 | ||||
| -rw-r--r-- | automation/taskcluster/graph/src/extend.js | 18 |
4 files changed, 118 insertions, 0 deletions
diff --git a/automation/taskcluster/docker-acvp/Dockerfile b/automation/taskcluster/docker-acvp/Dockerfile new file mode 100644 index 000000000..78f0ce97a --- /dev/null +++ b/automation/taskcluster/docker-acvp/Dockerfile @@ -0,0 +1,49 @@ +# Minimal image with clang-format 3.9. +FROM rust:1.64 +LABEL maintainer="iaroslav.gridin@tuni.fi" + +# for new clang/llvm +RUN echo "deb http://ftp.debian.org/debian/ sid main" > /etc/apt/sources.list.d/sid.list \ + && apt-get update \ + && apt-get install -y --no-install-recommends \ + ca-certificates \ + locales \ + python-dev-is-python3 \ + mercurial \ + python3-pip \ + python-setuptools \ + build-essential \ + cargo \ + rustc \ + git \ + gyp \ + clang-15 \ + llvm-15 \ + ninja-build \ + binutils \ + && rm -rf /var/lib/apt/lists/* \ + && apt-get autoremove -y && apt-get clean -y + +ENV SHELL /bin/bash +ENV USER worker +ENV LOGNAME $USER +ENV HOME /home/$USER +ENV HOSTNAME taskcluster-worker +ENV LANG en_US.UTF-8 +ENV LC_ALL $LANG +ENV HOST localhost +ENV DOMSUF localdomain + +RUN locale-gen $LANG \ + && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales + +RUN useradd -d $HOME -s $SHELL -m $USER +WORKDIR $HOME + +ADD bin $HOME/bin +RUN chmod +x $HOME/bin/* + +USER $USER + +# Set a default command for debugging. +CMD ["/bin/bash", "--login"] diff --git a/automation/taskcluster/docker-acvp/bin/checkout.sh b/automation/taskcluster/docker-acvp/bin/checkout.sh new file mode 100755 index 000000000..2a7d32c46 --- /dev/null +++ b/automation/taskcluster/docker-acvp/bin/checkout.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +set -v -e -x + +if [ $(id -u) = 0 ]; then + # Drop privileges by re-running this script. + exec su worker $0 +fi + +# Default values for testing. +REVISION=${NSS_HEAD_REVISION:-default} +REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss} + +# Clone NSS. +hg clone -r $REVISION $REPOSITORY nss + +# Clone NSPR if needed. +hg clone -r default https://hg.mozilla.org/projects/nspr + +if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then + pushd nspr + cat ../nss/nspr.patch | patch -p1 + popd +fi + diff --git a/automation/taskcluster/docker-acvp/bin/run.sh b/automation/taskcluster/docker-acvp/bin/run.sh new file mode 100755 index 000000000..a5237850f --- /dev/null +++ b/automation/taskcluster/docker-acvp/bin/run.sh @@ -0,0 +1,26 @@ +#!/bin/bash -eu +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +################################################################################ +export NSS_PATH=$PWD NSS_SOURCES_PATH=$PWD/nss +export LD_LIBRARY_PATH=$PWD/dist/Debug/lib/ +export RUST_LOG=warn +export RUSTFLAGS="-C instrument-coverage" +cd nss +CC=clang-15 CXX=clang++-15 ./build.sh -g -v --sourcecov --static --disable-tests + +git clone --depth=1 https://gitlab.com/nisec/nss-project/acvp-rust.git +cd acvp-rust +cargo build +TESTRUN="cargo run --bin test -- --profdata-command llvm-profdata-15" +echo "AES-GCM:" +$TESTRUN acvp-rust/samples/aes-gcm.json symmetric nss +echo "ECDSA:" +$TESTRUN acvp-rust/samples/ecdsa.json ecdsa nss +echo "RSA:" +$TESTRUN acvp-rust/samples/rsa.json rsa nss +echo "SHA-256:" +$TESTRUN acvp-rust/samples/sha256.json sha nss diff --git a/automation/taskcluster/graph/src/extend.js b/automation/taskcluster/graph/src/extend.js index a2e41a61d..7ef79fb35 100644 --- a/automation/taskcluster/graph/src/extend.js +++ b/automation/taskcluster/graph/src/extend.js @@ -20,6 +20,12 @@ const LINUX_INTEROP_IMAGE = { path: "automation/taskcluster/docker-interop" }; +const ACVP_IMAGE = { + name: "acvp", + path: "automation/taskcluster/docker-acvp" +}; + + const CLANG_FORMAT_IMAGE = { name: "clang-format", path: "automation/taskcluster/docker-clang-format" @@ -1137,6 +1143,18 @@ async function scheduleTools() { })); queue.scheduleTask(merge(base, { + symbol: "acvp", + name: "acvp", + image: ACVP_IMAGE, + command: [ + "/bin/bash", + "-c", + "bin/checkout.sh && bin/run.sh" + ] + })); + + + queue.scheduleTask(merge(base, { symbol: "scan-build", name: "scan-build", image: FUZZ_IMAGE, |