summaryrefslogtreecommitdiffstats
path: root/security/nss/automation/taskcluster/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/automation/taskcluster/scripts')
-rw-r--r--security/nss/automation/taskcluster/scripts/check_abi.sh172
-rw-r--r--security/nss/automation/taskcluster/scripts/run_saw.sh9
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/run_scan_build.sh2
3 files changed, 182 insertions, 1 deletions
diff --git a/security/nss/automation/taskcluster/scripts/check_abi.sh b/security/nss/automation/taskcluster/scripts/check_abi.sh
new file mode 100644
index 000000000..dbc1a476f
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/check_abi.sh
@@ -0,0 +1,172 @@
+#! /bin/bash
+
+set_env()
+{
+ cd /home/worker
+ HGDIR=/home/worker
+ OUTPUTDIR=$(pwd)$(echo "/output")
+ DATE=$(date "+TB [%Y-%m-%d %H:%M:%S]")
+
+ if [ ! -d "${OUTPUTDIR}" ]; then
+ echo "Creating output dir"
+ mkdir "${OUTPUTDIR}"
+ fi
+
+ if [ ! -d "nspr" ]; then
+ for i in 0 2 5; do
+ sleep $i
+ hg clone -r "default" "https://hg.mozilla.org/projects/nspr" "${HGDIR}/nspr" && break
+ rm -rf nspr
+ done
+ fi
+
+ cd nss
+ ./build.sh -v -c
+ cd ..
+}
+
+check_abi()
+{
+ set_env
+ set +e #reverses set -e from build.sh to allow possible hg clone failures
+ if [[ "$1" != --nobuild ]]; then # Start nobuild block
+
+ echo "######## NSS ABI CHECK ########"
+ echo "######## creating temporary HG clones ########"
+
+ rm -rf ${HGDIR}/baseline
+ mkdir ${HGDIR}/baseline
+ BASE_NSS=`cat ${HGDIR}/nss/automation/abi-check/previous-nss-release` #Reads the version number of the last release from the respective file
+ NSS_CLONE_RESULT=0
+ for i in 0 2 5; do
+ sleep $i
+ hg clone -u "${BASE_NSS}" "https://hg.mozilla.org/projects/nss" "${HGDIR}/baseline/nss"
+ if [ $? -eq 0 ]; then
+ NSS_CLONE_RESULT=0
+ break
+ fi
+ rm -rf "${HGDIR}/baseline/nss"
+ NSS_CLONE_RESULT=1
+ done
+ if [ ${NSS_CLONE_RESULT} -ne 0 ]; then
+ echo "invalid tag in automation/abi-check/previous-nss-release"
+ return 1
+ fi
+
+ BASE_NSPR=NSPR_$(head -1 ${HGDIR}/baseline/nss/automation/release/nspr-version.txt | cut -d . -f 1-2 | tr . _)_BRANCH
+ hg clone -u "${BASE_NSPR}" "https://hg.mozilla.org/projects/nspr" "${HGDIR}/baseline/nspr"
+ NSPR_CLONE_RESULT=$?
+
+ if [ ${NSPR_CLONE_RESULT} -ne 0 ]; then
+ rm -rf "${HGDIR}/baseline/nspr"
+ for i in 0 2 5; do
+ sleep $i
+ hg clone -u "default" "https://hg.mozilla.org/projects/nspr" "${HGDIR}/baseline/nspr" && break
+ rm -rf "${HGDIR}/baseline/nspr"
+ done
+ echo "Nonexisting tag ${BASE_NSPR} derived from ${BASE_NSS} automation/release/nspr-version.txt"
+ echo "Using default branch instead."
+ fi
+
+ echo "######## building baseline NSPR/NSS ########"
+ echo "${HGDIR}/baseline/nss/build.sh"
+ cd ${HGDIR}/baseline/nss
+ ./build.sh -v -c
+ cd ${HGDIR}
+ else # Else nobuild block
+ echo "######## using existing baseline NSPR/NSS build ########"
+ fi # End nobuild block
+
+ set +e #reverses set -e from build.sh to allow abidiff failures
+
+ echo "######## Starting abidiff procedure ########"
+ abi_diff
+}
+
+#Slightly modified from builbot-slave/build.sh
+abi_diff()
+{
+ ABI_PROBLEM_FOUND=0
+ ABI_REPORT=${OUTPUTDIR}/abi-diff.txt
+ rm -f ${ABI_REPORT}
+ PREVDIST=${HGDIR}/baseline/dist
+ NEWDIST=${HGDIR}/dist
+ ALL_SOs="libfreebl3.so libfreeblpriv3.so libnspr4.so libnss3.so libnssckbi.so libnssdbm3.so libnsssysinit.so libnssutil3.so libplc4.so libplds4.so libsmime3.so libsoftokn3.so libssl3.so"
+ for SO in ${ALL_SOs}; do
+ if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then
+ touch ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt
+ fi
+ abidiff --hd1 $PREVDIST/public/ --hd2 $NEWDIST/public \
+ $PREVDIST/*/lib/$SO $NEWDIST/*/lib/$SO \
+ > ${HGDIR}/nss/automation/abi-check/new-report-temp$SO.txt
+ RET=$?
+ cat ${HGDIR}/nss/automation/abi-check/new-report-temp$SO.txt \
+ | grep -v "^Functions changes summary:" \
+ | grep -v "^Variables changes summary:" \
+ > ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt
+ rm -f ${HGDIR}/nss/automation/abi-check/new-report-temp$SO.txt
+
+ ABIDIFF_ERROR=$((($RET & 0x01) != 0))
+ ABIDIFF_USAGE_ERROR=$((($RET & 0x02) != 0))
+ ABIDIFF_ABI_CHANGE=$((($RET & 0x04) != 0))
+ ABIDIFF_ABI_INCOMPATIBLE_CHANGE=$((($RET & 0x08) != 0))
+ ABIDIFF_UNKNOWN_BIT_SET=$((($RET & 0xf0) != 0))
+
+ # If abidiff reports an error, or a usage error, or if it sets a result
+ # bit value this script doesn't know yet about, we'll report failure.
+ # For ABI changes, we don't yet report an error. We'll compare the
+ # result report with our whitelist. This allows us to silence changes
+ # that we're already aware of and have been declared acceptable.
+
+ REPORT_RET_AS_FAILURE=0
+ if [ $ABIDIFF_ERROR -ne 0 ]; then
+ echo "abidiff reported ABIDIFF_ERROR."
+ REPORT_RET_AS_FAILURE=1
+ fi
+ if [ $ABIDIFF_USAGE_ERROR -ne 0 ]; then
+ echo "abidiff reported ABIDIFF_USAGE_ERROR."
+ REPORT_RET_AS_FAILURE=1
+ fi
+ if [ $ABIDIFF_UNKNOWN_BIT_SET -ne 0 ]; then
+ echo "abidiff reported ABIDIFF_UNKNOWN_BIT_SET."
+ REPORT_RET_AS_FAILURE=1
+ fi
+
+ if [ $ABIDIFF_ABI_CHANGE -ne 0 ]; then
+ echo "Ignoring abidiff result ABI_CHANGE, instead we'll check for non-whitelisted differences."
+ fi
+ if [ $ABIDIFF_ABI_INCOMPATIBLE_CHANGE -ne 0 ]; then
+ echo "Ignoring abidiff result ABIDIFF_ABI_INCOMPATIBLE_CHANGE, instead we'll check for non-whitelisted differences."
+ fi
+
+ if [ $REPORT_RET_AS_FAILURE -ne 0 ]; then
+ ABI_PROBLEM_FOUND=1
+ echo "abidiff {$PREVDIST , $NEWDIST} for $SO FAILED with result $RET, or failed writing to ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt"
+ fi
+ if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then
+ ABI_PROBLEM_FOUND=1
+ echo "FAILED to access report file: ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt"
+ fi
+
+ diff -wB -u ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt \
+ ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt >> ${ABI_REPORT}
+ if [ ! -f ${ABI_REPORT} ]; then
+ ABI_PROBLEM_FOUND=1
+ echo "FAILED to compare exepcted and new report: ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt"
+ fi
+ done
+
+ if [ -s ${ABI_REPORT} ]; then
+ echo "FAILED: there are new unexpected ABI changes"
+ cat ${ABI_REPORT}
+ return 1
+ elif [ $ABI_PROBLEM_FOUND -ne 0 ]; then
+ echo "FAILED: failure executing the ABI checks"
+ cat ${ABI_REPORT}
+ return 1
+ fi
+
+ return 0
+}
+
+check_abi $1
diff --git a/security/nss/automation/taskcluster/scripts/run_saw.sh b/security/nss/automation/taskcluster/scripts/run_saw.sh
new file mode 100644
index 000000000..0e9a8224a
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/run_saw.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+# Fetch artifact if needed.
+fetch_dist
+
+# Run SAW.
+saw "nss/automation/saw/$1.saw"
diff --git a/security/nss/automation/taskcluster/scripts/run_scan_build.sh b/security/nss/automation/taskcluster/scripts/run_scan_build.sh
index 4024c226e..014530b42 100755
--- a/security/nss/automation/taskcluster/scripts/run_scan_build.sh
+++ b/security/nss/automation/taskcluster/scripts/run_scan_build.sh
@@ -34,7 +34,7 @@ for i in "${!scan[@]}"; do
done
# run scan-build (only building affected directories)
-scan-build -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd ..
+scan-build-5.0 -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd ..
# print errors we found
set +v +x