summaryrefslogtreecommitdiff
path: root/automation/taskcluster
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1755267 - run linux tests on nss-t/t-linux-xlarge-gcp. ↵Julien Cristau2023-05-031-1/+5
| | | | | | | | | | | | | | | r=nss-reviewers,bbeurdouche NSS tasks using LSAN seem to run into frequent failures due to ptrace(2) failing with EACCES (Permission Denied), apparently coming from the apparmor profile for docker on the VM. Until now Linux tests tasks were using the nss-{1,3}/linux-gcp pools, which use the same base image as gecko builders. This switches them to a new pool using the same base image as used by gecko's test tasks, where ptrace appears to work reliably. Differential Revision: https://phabricator.services.mozilla.com/D177037
* Bug 1783647 - Integrate Vale Curve25519 r=nss-reviewers,bbeurdoucheNatalia Kulatova2023-04-171-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D153944
* Bug 1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 ↵Anna Weine2023-04-171-6/+18
| | | | | | r=nss-reviewers,jschanck Differential Revision: https://phabricator.services.mozilla.com/D158327
* Bug 1818766: Update ACVP dockerfile for compatibility with debian package ↵Iaroslav Gridin2023-04-041-0/+1
| | | | | | changes r=nkulatova Differential Revision: https://phabricator.services.mozilla.com/D170903
* Bug 1815796: Add a CI task for tracking ECCKiila code status, update ↵Iaroslav Gridin2023-04-046-1/+115
| | | | | | whitespace in ECCKiila files r=nss-reviewers,nkulatova Differential Revision: https://phabricator.services.mozilla.com/D169262
* Sigh, even when I explicitly push to nss-try, it's pushing to nss!Robert Relyea2023-02-271-2/+0
|
* Add liboqsRobert Relyea2023-02-271-0/+2
|
* Bug 1811337 - migrate Win 2012 tasks to Azure. r=bbeurdouchemcornmesser2023-02-171-2/+2
| | | | Differential Revision: https://phabricator.services.mozilla.com/D170225
* Bug 1815870 - use a different treeherder symbol for each docker image build ↵Julien Cristau2023-02-091-1/+1
| | | | | | task. r=nkulatova Differential Revision: https://phabricator.services.mozilla.com/D169317
* Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker ↵Julien Cristau2023-02-096-6/+6
| | | | | | | | | images r=nkulatova As of the images dated 20230126, our docker-in-docker-based image build process dies trying to retrieve the base images. Differential Revision: https://phabricator.services.mozilla.com/D169316
* Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust ↵Iaroslav Gridin2023-01-054-0/+118
| | | | | | r=nss-reviewers,bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D164770
* Bug 1749030 - Modification of supported compilers r=nss-reviewers,bbeurdoucheAnna Weine2022-12-082-37/+9
| | | | | | | Adding: clang-10. Removing: gcc-6, gcc-9, gcc-10. Differential Revision: https://phabricator.services.mozilla.com/D162545
* Bug 1803211: Disable libpkix for static builds r=bbeurdouche,nss-reviewersskhamis2022-12-021-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D163369
* Bug 1803190 conscious language removal in NSSRobert Relyea2022-11-301-4/+4
| | | | | | | Clean up problemantic terms are master, slave, whitelist, blacklist. These are usually easily changes to main/server, client, allowlist, and blocklist (or other similiar terms, which are often more descriptive anyway). Things related to the tls/ssl master key, which part of the tls spec and needs to first be handled by the tls ietf working group. Differential Revision: https://phabricator.services.mozilla.com/D163522
* Bug 1802331 - compress docker image artifact with zstd. ↵Julien Cristau2022-11-293-5/+8
| | | | | | | | | | | | | | | | | | | | | r=nss-reviewers,releng-reviewers,jlorenzo,bbeurdouche When we moved tasks to run on GCP from AWS in bug 1799315, we started using a newer version of docker-worker including the changes from bug 1637302; as a result, artifacts are compressed with gzip before upload to s3, and downloads now come with a "content-encoding: gzip" header and compressed content, regardless of the client's "accept-encoding". Unfortunately docker-worker doesn't handle that encoding and expects an artifact called image.tar to be uncompressed. To work around that issue, we now compress docker images in image_builder with zstd before upload. [Ideally we'd install the zstd package in the nssdev/image_builder docker image itself instead of doing it in every task, however I'm not sure who owns that or how it's built so this might be good enough for right now.] Differential Revision: https://phabricator.services.mozilla.com/D163306
* Bug 1799315 - Migrate nss from AWS to GCP r=ahal,nss-reviewers,bbeurdoucheMichelle Goossens2022-11-241-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D161376
* Bug 1800989 - Enable static builds in the CI r=bbeurdoucheskhamis2022-11-171-0/+6
| | | | Differential Revision: https://phabricator.services.mozilla.com/D162252
* Bug 1765759 - Removing SAW docker from the NSS build system. ↵Anna Weine2022-11-075-143/+0
| | | | | | r=nss-reviewers,jschanck Differential Revision: https://phabricator.services.mozilla.com/D160237
* Bug 1792821 - Updating the clang-format version to 10. r=jschanckAnna Weine2022-10-072-5/+5
| | | | Differential Revision: https://phabricator.services.mozilla.com/D158323
* Bug 1771100 - Update BoGo tests to recent BoringSSL version. r=djacksonLeander Schwarz2022-08-261-3/+4
| | | | | | | | | | It was required to update docker-interop image to ubuntu 20.04 since a newer Go release was required for the BoGo tests to run. See nss/gtests/nss_bogo_shim/config.json for a list of disabled BoGo test, including short descriptions/bug links. A -loose-local-errors falg was added to Bogo (runner.go) to allow usage of more tests by ignoring differences in local errors on the Go side of test connections, similar to the remote error 'suppression' used. The code is patched to the BoGo runner after cloning in nss/tests/bogo/bogo.sh and can be found in nss/gtests/nss_bogo_shim/nss_loose_local_errors.patch. Differential Revision: https://phabricator.services.mozilla.com/D147675
* Bug 1760827 - Add a CI Target for gcc-11. r=nss-reviewers,nkulatovaDennis Jackson2022-03-222-3/+14
| | | | | | Depends on D141764 Differential Revision: https://phabricator.services.mozilla.com/D141765
* Bug 1760828 - Change to makefiles for gcc-4.8. r=nss-reviewers,mtDennis Jackson2022-03-221-1/+1
| | | | | | Depends on D131425 Differential Revision: https://phabricator.services.mozilla.com/D141764
* Bug 1741688 - Update googletest to 1.11.0 r=nss-reviewers,mtJ08nY2022-03-221-1/+3
| | | | Differential Revision: https://phabricator.services.mozilla.com/D131425
* Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI. ↵Natalia Kulatova2022-01-192-5/+34
| | | | | | r=nss-reviewers,bbeurdouche Differential Revision: https://phabricator.services.mozilla.com/D135377
* Bug 1738600 - sunset Coverity from NSS. r=nss-reviewers,bbeurdoucheAndi-Bogdan Postelnicu2021-11-085-56/+2
| | | | Differential Revision: https://phabricator.services.mozilla.com/D129982
* Bug 1720226 integrity checks in key4.db not happening on private components ↵Robert Relyea2021-07-153-0/+3
| | | | | | | | | | | | | | | | | | with AES_CBC When we added support for AES, we also added support for integrity checks on the encrypted components. It turns out the code that verifies the integrity checks was broken in 2 ways: 1. it wasn't accurately operating when AES was being used (the if statement wasn't actually triggering for AES_CBC because we were looking for AES in the wrong field). 2. password update did not update the integrity checks in the correct location, meaning any database which AES encrypted keys, and which had their password updated will not be able to validate their keys. While we found this in a previous rebase, the patch had not been pushed upstream. The attached patch needs sqlite3 to run the tests. Differential Revision: https://phabricator.services.mozilla.com/D120011
* Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension. ↵Makoto Kato2021-06-251-0/+7
| | | | | | | | | | | | | | | | | | r=bbeurdouche Before applying (on Ryzen 9 3900X) ``` # mode in opreps cxreps context op time(sec) thrgput sha256_e 1Gb 208Mb 23M 0 0.000 10000.000 10.000 123Mb 301Kb ``` After applying ``` # mode in opreps cxreps context op time(sec) thrgput sha256_e 5Gb 797Mb 110M 0 0.000 10000.000 10.000 591Mb 769Kb ``` Differential Revision: https://phabricator.services.mozilla.com/D116962
* Bug 1696800 - HACL* update March 2021 - ↵Benjamin Beurdouche2021-03-081-1/+1
| | | | | | c95ab70fcb2bc21025d8845281bc4bc8987ca683 r=beurdouche Differential Revision: https://phabricator.services.mozilla.com/D107387
* Bug 1690421 - Install packaged libabigail in docker-builds image r=bbeurdoucheKevin Jacobs2021-02-031-10/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D103849
* Bug 1686557 - Support aarch64-make target in nss-try. r=bbeurdoucheNSS_3_61_BETA1Kevin Jacobs2021-01-131-2/+4
| | | | Differential Revision: https://phabricator.services.mozilla.com/D101648
* Bug 1631890 - Add support for Hybrid Public Key Encryption ↵Kevin Jacobs2020-10-122-2/+2
| | | | | | | | | | | | (draft-irtf-cfrg-hpke-05). r=mt This patch adds support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05). Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions. Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH. Differential Revision: https://phabricator.services.mozilla.com/D73947
* Bug 1657255 - Update CI for aarch64. r=kjacobsMakoto Kato2020-10-121-2/+16
| | | | | | | | | | | Actually, we have the implementation of ARM Crypto extension, so CI is always run with this extension. It means that we don't run CI without ARM Crypto extension. So I would like to add NoAES and NoSHA for aarch64 CI. Also, we still run NoSSE4_1 on aarch64 CI, so we shouldn't run this on aarch64 hardware. Differential Revision: https://phabricator.services.mozilla.com/D93062
* Bug 1637083 fix the lib dependencies for the split build r=jcj,rrelyeaJan-Marek Glogowski2020-05-141-1/+0
| | | | | | | | | | | | | | | | | This build can be tested by running NSS_BUILD_MODULAR=1 nss/automation/taskcluster/scripts/build.sh from a directory containing the nss and nspr repositories. To make this build's make conditionals easier to handle, it also merges the manifest.mn into the Makefile, because parts of the conditionals depends on $(OS_ARCH) setting. In the end, the goal is just to set the correct build $(DIRS). This also drops the freebl dependeny of ssl, which seems not to be needed, even if it's declared in /lib/ssl/ssl.gyp. Differential Revision: https://phabricator.services.mozilla.com/D75074
* Bug 1636206 - HACL* update after changes in libintvector.h r=kjacobsBenjamin Beurdouche2020-05-071-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D74268
* Bug 1636058 - HACL* update to fix a number of non Mozilla builds of NSS. ↵Benjamin Beurdouche2020-05-071-1/+1
| | | | | | r=kjacobs Differential Revision: https://phabricator.services.mozilla.com/D74211
* Bug 1626751 - Add apt-transport-https & apt-utils to fuzz32 docker image r=jcjKevin Jacobs2020-04-011-0/+2
| | | | | | We already install these packages on the image_builder image itself. It seems they're now required on the fuzz32 image as well. Differential Revision: https://phabricator.services.mozilla.com/D69274
* Bug 1612493 - Fix Firefox build for Windows 2012 x64. r=kjacobsBenjamin Beurdouche2020-03-091-1/+1
| | | | Differential Revision: https://phabricator.services.mozilla.com/D65945
* Bug 1612493 - Support for HACL* AVX2 code for Chacha20, Poly1305 and ↵Benjamin Beurdouche2020-02-281-1/+5
| | | | | | | | | | | | | | | | | Chacha20Poly1305. r=kjacobs *** Bug 1612493 - Import AVX2 code from HACL* *** Bug 1612493 - Add CPU detection for AVX2, BMI1, BMI2, FMA, MOVBE *** Bug 1612493 - New flag NSS_DISABLE_AVX2 for freebl/Makefile and freebl.gyp *** Bug 1612493 - Disable use of AVX2 on GCC 4.4 which doesn’t support -mavx2 *** Bug 1612493 - Disable tests when the platform doesn't have support for AVX2 Differential Revision: https://phabricator.services.mozilla.com/D64718
* Bug 1617533 - Update of HACL* after libintvector.h and coding style changes. ↵Benjamin Beurdouche2020-02-281-1/+1
| | | | | | | | | | | | | | | r=kjacobs *** Bug 1617533 - Clang format *** Bug 1617533 - Update HACL* commit for job in Taskcluster *** Bug 1617533 - Update HACL* Kremlin code Differential Revision: https://phabricator.services.mozilla.com/D63829
* Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobsFranziskus Kiefer2020-01-149-309/+40
| | | | | | | | | | This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs: * The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130. * The hacl task on CI requires Bug 1593647 to get fixed. Depends on D55413. Differential Revision: https://phabricator.services.mozilla.com/D55414
* Bug 1608895 - Install setuptools<45.0.0 until workers are upgraded to ↵Kevin Jacobs2020-01-131-1/+1
| | | | | | | | | | python3 r=jcj [[ https://setuptools.readthedocs.io/en/latest/history.html#v45-0-0 | Setuptools 45.0.0 ]] drops support for Python2, which our Windows workers are running. This patch installs the prior version during build, in order to unblock CI until the workers can be upgraded. Differential Revision: https://phabricator.services.mozilla.com/D59756
* Backed out changeset ac51d2490f9c (Bug 1574643) for crashes on early SSE4 CPUsJ.C. Jones2019-12-209-40/+309
|
* Bug 1574643 - NSS changes for haclv2 r=jcj,kjacobsFranziskus Kiefer2019-12-189-309/+40
| | | | | | | | | | This patch contains the changes in NSS, necessary to pick up HACL*v2 in D55413. It has a couple of TODOs: * The chacha20 saw verification fails for some reason; it's disabled pending Bug 1604130. * The hacl task on CI requires Bug 1593647 to get fixed. Depends on D55413. Differential Revision: https://phabricator.services.mozilla.com/D55414
* Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcjFranziskus Kiefer2019-12-043-14/+45
| | | | | | | | | Disale libnssdbm by default and add flag to enable it in builds. On CI a build and certs test with enabled legacy DB are added. Note that for some reason the coverage build fails. I have no idea why. I'm open for ideas. Differential Revision: https://phabricator.services.mozilla.com/D54673
* Bug 1594891 - Use tc-proxy for nss tooltool; r=dustin,jcjTom Prince2019-11-112-3/+5
| | | | Differential Revision: https://phabricator.services.mozilla.com/D52469
* Bug 1579836 - Execute NSPR tests as part of NSS continuous integration. r=jcjKai Engert2019-11-081-6/+3
|
* Bug 1594891 - Updates to run correctly on the new TC deployment r=jcjDustin J. Mitchell2019-11-087-795/+721
| | | | | | | | | * Update the Taskcluster client used in the decision task to one that understands Taskcluster rootUrls. * Update scripts that fetch content to use the TASKCLUSTER_ROOT_URL * the absence of this variale signals an "old" worker so we use an "old" URL Differential Revision: https://phabricator.services.mozilla.com/D52287
* Bug 1591275: Switch workers to use AWS Provder; r=kjacobsTom Prince2019-11-072-3/+3
| | | | Differential Revision: https://phabricator.services.mozilla.com/D51952
* Bug 1562671 - Limit Master Password KDF iterations for NSS continuous ↵Kai Engert2019-11-011-1/+2
| | | | integration tests. r=mt
* Bug 1399095 - Allow nss-try to be used to test NSPR changes. r=kjacobsKai Engert2019-09-1911-2/+68
|
View Lorry Controller Status