summaryrefslogtreecommitdiffstats
path: root/security/nss/automation/taskcluster/graph/src
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
commitf017b749ea9f1586d2308504553d40bf4cc5439d (patch)
treec6033924a0de9be1ab140596e305898c651bf57e /security/nss/automation/taskcluster/graph/src
parent7c728b3c7680662fc4e92b5d03697b8339560b08 (diff)
downloadUXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.gz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.lz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.xz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.zip
Update NSS to 3.32.1-RTM
Diffstat (limited to 'security/nss/automation/taskcluster/graph/src')
-rw-r--r--security/nss/automation/taskcluster/graph/src/extend.js441
-rw-r--r--security/nss/automation/taskcluster/graph/src/queue.js22
-rw-r--r--security/nss/automation/taskcluster/graph/src/try_syntax.js40
3 files changed, 363 insertions, 140 deletions
diff --git a/security/nss/automation/taskcluster/graph/src/extend.js b/security/nss/automation/taskcluster/graph/src/extend.js
index a6a8fcbe2..d541a1a3b 100644
--- a/security/nss/automation/taskcluster/graph/src/extend.js
+++ b/security/nss/automation/taskcluster/graph/src/extend.js
@@ -5,7 +5,20 @@
import merge from "./merge";
import * as queue from "./queue";
-const LINUX_IMAGE = {name: "linux", path: "automation/taskcluster/docker"};
+const LINUX_IMAGE = {
+ name: "linux",
+ path: "automation/taskcluster/docker"
+};
+
+const LINUX_CLANG39_IMAGE = {
+ name: "linux-clang-3.9",
+ path: "automation/taskcluster/docker-clang-3.9"
+};
+
+const FUZZ_IMAGE = {
+ name: "fuzz",
+ path: "automation/taskcluster/docker-fuzz"
+};
const WINDOWS_CHECKOUT_CMD =
"bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " +
@@ -17,33 +30,45 @@ const WINDOWS_CHECKOUT_CMD =
queue.filter(task => {
if (task.group == "Builds") {
// Remove extra builds on {A,UB}San and ARM.
- if (task.collection == "asan" || task.collection == "arm-debug" ||
- task.collection == "gyp-asan") {
+ if (task.collection == "asan" || task.platform == "aarch64") {
return false;
}
- // Remove extra builds w/o libpkix for non-linux64-debug.
- if (task.symbol == "noLibpkix" &&
- (task.platform != "linux64" || task.collection != "debug")) {
+ // Make modular builds only on Linux make.
+ if (task.symbol == "modular" && task.collection != "make") {
return false;
}
}
- if (task.tests == "bogo") {
- // No BoGo tests on Windows.
- if (task.platform == "windows2012-64") {
+ if (task.tests == "bogo" || task.tests == "interop") {
+ // No windows
+ if (task.platform == "windows2012-64" ||
+ task.platform == "windows2012-32") {
return false;
}
- // No BoGo tests on ARM.
- if (task.collection == "arm-debug") {
+ // No ARM; TODO: enable
+ if (task.platform == "aarch64") {
return false;
}
}
- // GYP builds with -Ddisable_libpkix=1 by default.
- if ((task.collection == "gyp" || task.collection == "gyp-asan") &&
- task.tests == "chains") {
+ // Only old make builds have -Ddisable_libpkix=0 and can run chain tests.
+ if (task.tests == "chains" && task.collection != "make") {
+ return false;
+ }
+
+ if (task.group == "Test") {
+ // Don't run test builds on old make platforms
+ if (task.collection == "make") {
+ return false;
+ }
+ }
+
+ // Don't run additional hardware tests on ARM (we don't have anything there).
+ if (task.group == "Cipher" && task.platform == "aarch64" && task.env &&
+ (task.env.NSS_DISABLE_PCLMUL == "1" || task.env.NSS_DISABLE_HW_AES == "1"
+ || task.env.NSS_DISABLE_AVX == "1")) {
return false;
}
@@ -51,29 +76,18 @@ queue.filter(task => {
});
queue.map(task => {
- if (task.collection == "asan" || task.collection == "gyp-asan") {
+ if (task.collection == "asan") {
// CRMF and FIPS tests still leak, unfortunately.
if (task.tests == "crmf" || task.tests == "fips") {
task.env.ASAN_OPTIONS = "detect_leaks=0";
}
}
- if (task.collection == "arm-debug") {
- // These tests take quite some time on our poor ARM devices.
- if (task.tests == "chains" || (task.tests == "ssl" && task.cycle == "standard")) {
- task.maxRunTime = 14400;
- }
- }
-
// Windows is slow.
if (task.platform == "windows2012-64" && task.tests == "chains") {
task.maxRunTime = 7200;
}
- // Enable TLS 1.3 for every task.
- task.env = task.env || {};
- task.env.NSS_ENABLE_TLS_1_3 = "1";
-
return task;
});
@@ -81,58 +95,48 @@ queue.map(task => {
export default async function main() {
await scheduleLinux("Linux 32 (opt)", {
- env: {BUILD_OPT: "1"},
platform: "linux32",
image: LINUX_IMAGE
- });
+ }, "-m32 --opt");
await scheduleLinux("Linux 32 (debug)", {
platform: "linux32",
collection: "debug",
image: LINUX_IMAGE
- });
+ }, "-m32");
await scheduleLinux("Linux 64 (opt)", {
- env: {USE_64: "1", BUILD_OPT: "1"},
platform: "linux64",
image: LINUX_IMAGE
- });
+ }, "--opt");
await scheduleLinux("Linux 64 (debug)", {
- env: {USE_64: "1"},
platform: "linux64",
collection: "debug",
image: LINUX_IMAGE
});
- await scheduleLinux("Linux 64 (debug, gyp)", {
+ await scheduleLinux("Linux 64 (debug, make)", {
+ env: {USE_64: "1"},
+ platform: "linux64",
+ image: LINUX_IMAGE,
+ collection: "make",
command: [
- "/bin/bash",
- "-c",
- "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
],
- platform: "linux64",
- collection: "gyp",
- image: LINUX_IMAGE
});
- await scheduleLinux("Linux 64 (debug, gyp, asan, ubsan)", {
+ await scheduleLinux("Linux 32 (debug, make)", {
+ platform: "linux32",
+ image: LINUX_IMAGE,
+ collection: "make",
command: [
- "/bin/bash",
- "-c",
- "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh -g -v --ubsan --asan"
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
],
- env: {
- ASAN_OPTIONS: "detect_odr_violation=0", // bug 1316276
- UBSAN_OPTIONS: "print_stacktrace=1",
- NSS_DISABLE_ARENA_FREE_LIST: "1",
- NSS_DISABLE_UNLOAD: "1",
- CC: "clang",
- CCC: "clang++"
- },
- platform: "linux64",
- collection: "gyp-asan",
- image: LINUX_IMAGE
});
await scheduleLinux("Linux 64 (ASan, debug)", {
@@ -142,49 +146,87 @@ export default async function main() {
NSS_DISABLE_UNLOAD: "1",
CC: "clang",
CCC: "clang++",
- USE_UBSAN: "1",
- USE_ASAN: "1",
- USE_64: "1"
},
platform: "linux64",
collection: "asan",
- image: LINUX_IMAGE
- });
+ image: LINUX_IMAGE,
+ features: ["allowPtrace"],
+ }, "--ubsan --asan");
+
+ await scheduleWindows("Windows 2012 64 (debug, make)", {
+ platform: "windows2012-64",
+ collection: "make",
+ env: {USE_64: "1"}
+ }, "build.sh");
+
+ await scheduleWindows("Windows 2012 32 (debug, make)", {
+ platform: "windows2012-32",
+ collection: "make"
+ }, "build.sh");
await scheduleWindows("Windows 2012 64 (opt)", {
- env: {BUILD_OPT: "1"}
- });
+ platform: "windows2012-64",
+ }, "build_gyp.sh --opt");
await scheduleWindows("Windows 2012 64 (debug)", {
+ platform: "windows2012-64",
collection: "debug"
- });
+ }, "build_gyp.sh");
- await scheduleFuzzing();
+ await scheduleWindows("Windows 2012 32 (opt)", {
+ platform: "windows2012-32",
+ }, "build_gyp.sh --opt -m32");
- await scheduleTestBuilds();
+ await scheduleWindows("Windows 2012 32 (debug)", {
+ platform: "windows2012-32",
+ collection: "debug"
+ }, "build_gyp.sh -m32");
+
+ await scheduleFuzzing();
+ await scheduleFuzzing32();
await scheduleTools();
- await scheduleLinux("Linux 32 (ARM, debug)", {
- image: "franziskus/nss-arm-ci",
+ let aarch64_base = {
+ image: "franziskus/nss-aarch64-ci",
provisioner: "localprovisioner",
- collection: "arm-debug",
- workerType: "nss-rpi",
- platform: "linux32",
- maxRunTime: 7200,
- tier: 3
- });
+ workerType: "nss-aarch64",
+ platform: "aarch64",
+ maxRunTime: 7200
+ };
+
+ await scheduleLinux("Linux AArch64 (debug)",
+ merge({
+ command: [
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
+ ],
+ collection: "debug",
+ }, aarch64_base)
+ );
+
+ await scheduleLinux("Linux AArch64 (opt)",
+ merge({
+ command: [
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh --opt"
+ ],
+ collection: "opt",
+ }, aarch64_base)
+ );
}
/*****************************************************************************/
-async function scheduleLinux(name, base) {
+async function scheduleLinux(name, base, args = "") {
// Build base definition.
let build_base = merge({
command: [
"/bin/bash",
"-c",
- "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh " + args
],
artifacts: {
public: {
@@ -224,12 +266,12 @@ async function scheduleLinux(name, base) {
// Extra builds.
let extra_base = merge({group: "Builds"}, build_base);
queue.scheduleTask(merge(extra_base, {
- name: `${name} w/ clang-3.9`,
+ name: `${name} w/ clang-4.0`,
env: {
CC: "clang",
CCC: "clang++",
},
- symbol: "clang-3.9"
+ symbol: "clang-4.0"
}));
queue.scheduleTask(merge(extra_base, {
@@ -251,30 +293,54 @@ async function scheduleLinux(name, base) {
}));
queue.scheduleTask(merge(extra_base, {
- name: `${name} w/ NSS_DISABLE_LIBPKIX=1`,
- env: {NSS_DISABLE_LIBPKIX: "1"},
- symbol: "noLibpkix"
+ name: `${name} w/ modular builds`,
+ env: {NSS_BUILD_MODULAR: "1"},
+ command: [
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh",
+ ],
+ symbol: "modular"
}));
+ await scheduleTestBuilds(merge(base, {group: "Test"}), args);
+
return queue.submit();
}
/*****************************************************************************/
+function scheduleFuzzingRun(base, name, target, max_len, symbol = null, corpus = null) {
+ const MAX_FUZZ_TIME = 300;
+
+ queue.scheduleTask(merge(base, {
+ name,
+ command: [
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
+ `${target} nss/fuzz/corpus/${corpus || target} ` +
+ `-max_total_time=${MAX_FUZZ_TIME} ` +
+ `-max_len=${max_len}`
+ ],
+ symbol: symbol || name
+ }));
+}
+
async function scheduleFuzzing() {
let base = {
env: {
- // bug 1316276
- ASAN_OPTIONS: "allocator_may_return_null=1:detect_odr_violation=0",
+ ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1",
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
CC: "clang",
CCC: "clang++"
},
+ features: ["allowPtrace"],
platform: "linux64",
collection: "fuzz",
- image: LINUX_IMAGE
+ image: FUZZ_IMAGE
};
// Build base definition.
@@ -301,9 +367,22 @@ async function scheduleFuzzing() {
name: "Linux x64 (debug, fuzz)"
}));
+ // The task that builds NSPR+NSS (TLS fuzzing mode).
+ let task_build_tls = queue.scheduleTask(merge(build_base, {
+ name: "Linux x64 (debug, TLS fuzz)",
+ symbol: "B",
+ group: "TLS",
+ command: [
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && " +
+ "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls"
+ ],
+ }));
+
// Schedule tests.
queue.scheduleTask(merge(base, {
- parent: task_build,
+ parent: task_build_tls,
name: "Gtests",
command: [
"/bin/bash",
@@ -317,56 +396,155 @@ async function scheduleFuzzing() {
kind: "test"
}));
- queue.scheduleTask(merge(base, {
- parent: task_build,
- name: "Cert",
+ // Schedule fuzzing runs.
+ let run_base = merge(base, {parent: task_build, kind: "test"});
+ scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096);
+ scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000);
+
+ // Schedule MPI fuzzing runs.
+ let mpi_base = merge(run_base, {group: "MPI"});
+ let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr",
+ "sqrmod", "sub", "submod"];
+ for (let name of mpi_names) {
+ scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name);
+ }
+ scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod");
+
+ // Schedule TLS fuzzing runs (non-fuzzing mode).
+ let tls_base = merge(run_base, {group: "TLS"});
+ scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm",
+ "tls-client-no_fuzzer_mode");
+ scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", 20000, "server-nfm",
+ "tls-server-no_fuzzer_mode");
+ scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client", 20000,
+ "dtls-client-nfm", "dtls-client-no_fuzzer_mode");
+ scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server", 20000,
+ "dtls-server-nfm", "dtls-server-no_fuzzer_mode");
+
+ // Schedule TLS fuzzing runs (fuzzing mode).
+ let tls_fm_base = merge(tls_base, {parent: task_build_tls});
+ scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client");
+ scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", 20000, "server");
+ scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", 20000, "dtls-client");
+ scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", 20000, "dtls-server");
+
+ return queue.submit();
+}
+
+async function scheduleFuzzing32() {
+ let base = {
+ env: {
+ ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1",
+ UBSAN_OPTIONS: "print_stacktrace=1",
+ NSS_DISABLE_ARENA_FREE_LIST: "1",
+ NSS_DISABLE_UNLOAD: "1",
+ CC: "clang",
+ CCC: "clang++"
+ },
+ features: ["allowPtrace"],
+ platform: "linux32",
+ collection: "fuzz",
+ image: FUZZ_IMAGE
+ };
+
+ // Build base definition.
+ let build_base = merge({
command: [
"/bin/bash",
"-c",
- "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
- "cert nss/fuzz/corpus/cert -max_total_time=300"
+ "bin/checkout.sh && " +
+ "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz -m32"
],
- // Need a privileged docker container to remove this.
- env: {ASAN_OPTIONS: "detect_leaks=0"},
- symbol: "SCert",
- kind: "test"
+ artifacts: {
+ public: {
+ expires: 24 * 7,
+ type: "directory",
+ path: "/home/worker/artifacts"
+ }
+ },
+ kind: "build",
+ symbol: "B"
+ }, base);
+
+ // The task that builds NSPR+NSS.
+ let task_build = queue.scheduleTask(merge(build_base, {
+ name: "Linux 32 (debug, fuzz)"
}));
+ // The task that builds NSPR+NSS (TLS fuzzing mode).
+ let task_build_tls = queue.scheduleTask(merge(build_base, {
+ name: "Linux 32 (debug, TLS fuzz)",
+ symbol: "B",
+ group: "TLS",
+ command: [
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && " +
+ "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls -m32"
+ ],
+ }));
+
+ // Schedule tests.
queue.scheduleTask(merge(base, {
- parent: task_build,
- name: "SPKI",
+ parent: task_build_tls,
+ name: "Gtests",
command: [
"/bin/bash",
"-c",
- "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
- "spki nss/fuzz/corpus/spki -max_total_time=300"
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
],
- // Need a privileged docker container to remove this.
- env: {ASAN_OPTIONS: "detect_leaks=0"},
- symbol: "SPKI",
+ env: {GTESTFILTER: "*Fuzz*"},
+ tests: "ssl_gtests gtests",
+ cycle: "standard",
+ symbol: "Gtest",
kind: "test"
}));
+ // Schedule fuzzing runs.
+ let run_base = merge(base, {parent: task_build, kind: "test"});
+ scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096);
+ scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000);
+
+ // Schedule MPI fuzzing runs.
+ let mpi_base = merge(run_base, {group: "MPI"});
+ let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr",
+ "sqrmod", "sub", "submod"];
+ for (let name of mpi_names) {
+ scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name);
+ }
+ scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod");
+
+ // Schedule TLS fuzzing runs (non-fuzzing mode).
+ let tls_base = merge(run_base, {group: "TLS"});
+ scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm",
+ "tls-client-no_fuzzer_mode");
+ scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", 20000, "server-nfm",
+ "tls-server-no_fuzzer_mode");
+ scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client", 20000,
+ "dtls-client-nfm", "dtls-client-no_fuzzer_mode");
+ scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server", 20000,
+ "dtls-server-nfm", "dtls-server-no_fuzzer_mode");
+
+ // Schedule TLS fuzzing runs (fuzzing mode).
+ let tls_fm_base = merge(tls_base, {parent: task_build_tls});
+ scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client");
+ scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", 20000, "server");
+ scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", 20000, "dtls-client");
+ scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", 20000, "dtls-server");
+
return queue.submit();
}
/*****************************************************************************/
-async function scheduleTestBuilds() {
- let base = {
- platform: "linux64",
- collection: "gyp",
- group: "Test",
- image: LINUX_IMAGE
- };
-
+async function scheduleTestBuilds(base, args = "") {
// Build base definition.
let build = merge({
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
- "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --test"
+ "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --test --ct-verif " + args
],
artifacts: {
public: {
@@ -377,7 +555,7 @@ async function scheduleTestBuilds() {
},
kind: "build",
symbol: "B",
- name: "Linux 64 (debug, gyp, test)"
+ name: "Linux 64 (debug, test)"
}, base);
// The task that builds NSPR+NSS.
@@ -397,6 +575,19 @@ async function scheduleTestBuilds() {
symbol: "mpi",
kind: "test"
}));
+ queue.scheduleTask(merge(base, {
+ parent: task_build,
+ command: [
+ "/bin/bash",
+ "-c",
+ "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+ ],
+ name: "Gtests",
+ symbol: "Gtest",
+ tests: "gtests",
+ cycle: "standard",
+ kind: "test"
+ }));
return queue.submit();
}
@@ -404,10 +595,9 @@ async function scheduleTestBuilds() {
/*****************************************************************************/
-async function scheduleWindows(name, base) {
+async function scheduleWindows(name, base, build_script) {
base = merge(base, {
workerType: "nss-win2012r2",
- platform: "windows2012-64",
env: {
PATH: "c:\\mozilla-build\\python;c:\\mozilla-build\\msys\\local\\bin;" +
"c:\\mozilla-build\\7zip;c:\\mozilla-build\\info-zip;" +
@@ -417,7 +607,6 @@ async function scheduleWindows(name, base) {
"c:\\mozilla-build\\wget",
DOMSUF: "localdomain",
HOST: "localhost",
- USE_64: "1"
}
});
@@ -425,7 +614,7 @@ async function scheduleWindows(name, base) {
let build_base = merge(base, {
command: [
WINDOWS_CHECKOUT_CMD,
- "bash -c nss/automation/taskcluster/windows/build.sh"
+ `bash -c 'nss/automation/taskcluster/windows/${build_script}'`
],
artifacts: [{
expires: 24 * 7,
@@ -475,10 +664,25 @@ function scheduleTests(task_build, task_cert, test_base) {
name: "Bogo tests", symbol: "Bogo", tests: "bogo", cycle: "standard"
}));
queue.scheduleTask(merge(no_cert_base, {
+ name: "Interop tests", symbol: "Interop", tests: "interop", cycle: "standard"
+ }));
+ queue.scheduleTask(merge(no_cert_base, {
name: "Chains tests", symbol: "Chains", tests: "chains"
}));
queue.scheduleTask(merge(no_cert_base, {
- name: "Cipher tests", symbol: "Cipher", tests: "cipher"
+ name: "Cipher tests", symbol: "Default", tests: "cipher", group: "Cipher"
+ }));
+ queue.scheduleTask(merge(no_cert_base, {
+ name: "Cipher tests", symbol: "NoAESNI", tests: "cipher",
+ env: {NSS_DISABLE_HW_AES: "1"}, group: "Cipher"
+ }));
+ queue.scheduleTask(merge(no_cert_base, {
+ name: "Cipher tests", symbol: "NoPCLMUL", tests: "cipher",
+ env: {NSS_DISABLE_PCLMUL: "1"}, group: "Cipher"
+ }));
+ queue.scheduleTask(merge(no_cert_base, {
+ name: "Cipher tests", symbol: "NoAVX", tests: "cipher",
+ env: {NSS_DISABLE_AVX: "1"}, group: "Cipher"
}));
queue.scheduleTask(merge(no_cert_base, {
name: "EC tests", symbol: "EC", tests: "ec"
@@ -531,7 +735,6 @@ function scheduleTests(task_build, task_cert, test_base) {
async function scheduleTools() {
let base = {
- image: LINUX_IMAGE,
platform: "nss-tools",
kind: "test"
};
@@ -539,16 +742,18 @@ async function scheduleTools() {
queue.scheduleTask(merge(base, {
symbol: "clang-format-3.9",
name: "clang-format-3.9",
+ image: LINUX_CLANG39_IMAGE,
command: [
"/bin/bash",
"-c",
- "bin/checkout.sh && nss/automation/taskcluster/scripts/run_clang_format.sh"
+ "bin/checkout.sh && nss/automation/clang-format/run_clang_format.sh"
]
}));
queue.scheduleTask(merge(base, {
- symbol: "scan-build-3.9",
- name: "scan-build-3.9",
+ symbol: "scan-build-4.0",
+ name: "scan-build-4.0",
+ image: LINUX_IMAGE,
env: {
USE_64: "1",
CC: "clang",
diff --git a/security/nss/automation/taskcluster/graph/src/queue.js b/security/nss/automation/taskcluster/graph/src/queue.js
index 2a4a7b3fe..29b570729 100644
--- a/security/nss/automation/taskcluster/graph/src/queue.js
+++ b/security/nss/automation/taskcluster/graph/src/queue.js
@@ -25,10 +25,18 @@ function fromNow(hours) {
}
function parseRoutes(routes) {
- return [
+ let rv = [
`tc-treeherder.v2.${process.env.TC_PROJECT}.${process.env.NSS_HEAD_REVISION}.${process.env.NSS_PUSHLOG_ID}`,
...routes
];
+
+ // Notify about failures (except on try).
+ if (process.env.TC_PROJECT != "nss-try") {
+ rv.push(`notify.email.${process.env.TC_OWNER}.on-failed`,
+ `notify.email.${process.env.TC_OWNER}.on-exception`);
+ }
+
+ return rv;
}
function parseFeatures(list) {
@@ -80,6 +88,7 @@ function parseTreeherder(def) {
}
function convertTask(def) {
+ let scopes = [];
let dependencies = [];
let env = merge({
@@ -110,12 +119,16 @@ function convertTask(def) {
payload.image = def.image;
}
+ if (def.artifacts) {
+ payload.artifacts = parseArtifacts(def.artifacts);
+ }
+
if (def.features) {
payload.features = parseFeatures(def.features);
- }
- if (def.artifacts) {
- payload.artifacts = parseArtifacts(def.artifacts);
+ if (payload.features.allowPtrace) {
+ scopes.push("docker-worker:feature:allowPtrace");
+ }
}
return {
@@ -123,6 +136,7 @@ function convertTask(def) {
workerType: def.workerType || "hg-worker",
schedulerId: "task-graph-scheduler",
+ scopes,
created: fromNow(0),
deadline: fromNow(24),
diff --git a/security/nss/automation/taskcluster/graph/src/try_syntax.js b/security/nss/automation/taskcluster/graph/src/try_syntax.js
index 695c9e92f..7748e068a 100644
--- a/security/nss/automation/taskcluster/graph/src/try_syntax.js
+++ b/security/nss/automation/taskcluster/graph/src/try_syntax.js
@@ -22,8 +22,10 @@ function parseOptions(opts) {
}
// Parse platforms.
- let allPlatforms = ["linux", "linux64", "linux64-asan", "win64", "arm",
- "linux64-gyp", "linux64-gyp-asan", "linux64-fuzz"];
+ let allPlatforms = ["linux", "linux64", "linux64-asan",
+ "win", "win64", "win-make", "win64-make",
+ "linux64-make", "linux-make", "linux-fuzz",
+ "linux64-fuzz", "aarch64"];
let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
// If the given value is nonsense or "none" default to all platforms.
@@ -34,7 +36,7 @@ function parseOptions(opts) {
// Parse unit tests.
let aliases = {"gtests": "gtest"};
let allUnitTests = ["bogo", "crmf", "chains", "cipher", "db", "ec", "fips",
- "gtest", "lowhash", "merge", "sdr", "smime", "tools",
+ "gtest", "interop", "lowhash", "merge", "sdr", "smime", "tools",
"ssl", "mpi", "scert", "spki"];
let unittests = intersect(opts.unittests.split(/\s*,\s*/).map(t => {
return aliases[t] || t;
@@ -82,11 +84,13 @@ function filter(opts) {
// Filter unit tests.
if (task.tests) {
let found = opts.unittests.some(test => {
- // TODO: think of something more intelligent here.
- if (task.symbol.toLowerCase().startsWith("mpi") && test == "mpi") {
+ if (task.group && task.group.toLowerCase() == "ssl" && test == "ssl") {
return true;
}
- return (task.group || task.symbol).toLowerCase().startsWith(test);
+ if (task.group && task.group.toLowerCase() == "cipher" && test == "cipher") {
+ return true;
+ }
+ return task.symbol.toLowerCase().startsWith(test);
});
if (!found) {
@@ -105,12 +109,15 @@ function filter(opts) {
let found = opts.platforms.some(platform => {
let aliases = {
"linux": "linux32",
+ "linux-fuzz": "linux32",
"linux64-asan": "linux64",
"linux64-fuzz": "linux64",
- "linux64-gyp": "linux64",
- "linux64-gyp-asan": "linux64",
+ "linux64-make": "linux64",
+ "linux-make": "linux32",
+ "win64-make": "windows2012-64",
+ "win-make": "windows2012-32",
"win64": "windows2012-64",
- "arm": "linux32"
+ "win": "windows2012-32"
};
// Check the platform name.
@@ -119,13 +126,10 @@ function filter(opts) {
// Additional checks.
if (platform == "linux64-asan") {
keep &= coll("asan");
- } else if (platform == "arm") {
- keep &= coll("arm-opt") || coll("arm-debug");
- } else if (platform == "linux64-gyp") {
- keep &= coll("gyp");
- } else if (platform == "linux64-gyp-asan") {
- keep &= coll("gyp-asan");
- } else if (platform == "linux64-fuzz") {
+ } else if (platform == "linux64-make" || platform == "linux-make" ||
+ platform == "win64-make" || platform == "win-make") {
+ keep &= coll("make");
+ } else if (platform == "linux64-fuzz" || platform == "linux-fuzz") {
keep &= coll("fuzz");
} else {
keep &= coll("opt") || coll("debug");
@@ -139,8 +143,8 @@ function filter(opts) {
}
// Finally, filter by build type.
- let isDebug = coll("debug") || coll("asan") || coll("arm-debug") ||
- coll("gyp") || coll("fuzz");
+ let isDebug = coll("debug") || coll("asan") || coll("make") ||
+ coll("fuzz");
return (isDebug && opts.builds.includes("d")) ||
(!isDebug && opts.builds.includes("o"));
}