summaryrefslogtreecommitdiffstats
path: root/security/nss/automation/taskcluster/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/automation/taskcluster/scripts')
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/build.sh18
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/build_gyp.sh18
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/extend_task_graph.sh16
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/fuzz.sh20
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/gen_certs.sh26
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/run_clang_format.sh63
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/run_scan_build.sh56
-rwxr-xr-xsecurity/nss/automation/taskcluster/scripts/run_tests.sh17
-rw-r--r--security/nss/automation/taskcluster/scripts/tools.sh28
9 files changed, 262 insertions, 0 deletions
diff --git a/security/nss/automation/taskcluster/scripts/build.sh b/security/nss/automation/taskcluster/scripts/build.sh
new file mode 100755
index 000000000..69968b138
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/build.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+source $(dirname $0)/tools.sh
+
+if [[ $(id -u) -eq 0 ]]; then
+ # Drop privileges by re-running this script.
+ exec su worker $0
+fi
+
+# Clone NSPR if needed.
+hg_clone https://hg.mozilla.org/projects/nspr nspr default
+
+# Build.
+make -C nss nss_build_all
+
+# Package.
+mkdir artifacts
+tar cvfjh artifacts/dist.tar.bz2 dist
diff --git a/security/nss/automation/taskcluster/scripts/build_gyp.sh b/security/nss/automation/taskcluster/scripts/build_gyp.sh
new file mode 100755
index 000000000..590e634a3
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/build_gyp.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+source $(dirname $0)/tools.sh
+
+if [[ $(id -u) -eq 0 ]]; then
+ # Drop privileges by re-running this script.
+ exec su worker -c "$0 $*"
+fi
+
+# Clone NSPR if needed.
+hg_clone https://hg.mozilla.org/projects/nspr nspr default
+
+# Build.
+nss/build.sh ${*--g -v}
+
+# Package.
+mkdir artifacts
+tar cvfjh artifacts/dist.tar.bz2 dist
diff --git a/security/nss/automation/taskcluster/scripts/extend_task_graph.sh b/security/nss/automation/taskcluster/scripts/extend_task_graph.sh
new file mode 100755
index 000000000..5a3fb8d98
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/extend_task_graph.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+ # Drop privileges by re-running this script.
+ exec su worker $0
+fi
+
+mkdir -p /home/worker/artifacts
+
+# Install Node.JS dependencies.
+cd nss/automation/taskcluster/graph/ && npm install
+
+# Extend the task graph.
+node lib/index.js
diff --git a/security/nss/automation/taskcluster/scripts/fuzz.sh b/security/nss/automation/taskcluster/scripts/fuzz.sh
new file mode 100755
index 000000000..5f8dd7bff
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/fuzz.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+source $(dirname $0)/tools.sh
+
+if [ $(id -u) = 0 ]; then
+ # Drop privileges by re-running this script.
+ exec su worker -c "$0 $*"
+fi
+
+# Fetch artifact if needed.
+fetch_dist
+
+# Clone corpus.
+./nss/fuzz/clone_corpus.sh
+
+# Fetch objdir name.
+objdir=$(cat dist/latest)
+
+# Run nssfuzz.
+LD_LIBRARY_PATH=$LD_LIBRARY_PATH:dist/$objdir/lib dist/$objdir/bin/nssfuzz $*
diff --git a/security/nss/automation/taskcluster/scripts/gen_certs.sh b/security/nss/automation/taskcluster/scripts/gen_certs.sh
new file mode 100755
index 000000000..aee100147
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/gen_certs.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+source $(dirname $0)/tools.sh
+
+if [ $(id -u) = 0 ]; then
+ # Stupid Docker.
+ echo "127.0.0.1 localhost.localdomain" >> /etc/hosts
+
+ # Drop privileges by re-running this script.
+ exec su worker $0
+fi
+
+# Fetch artifact if needed.
+fetch_dist
+
+# Generate certificates.
+NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" $(dirname $0)/run_tests.sh
+
+# Reset test counter so that test runs pick up our certificates.
+echo 1 > tests_results/security/localhost
+
+# Package.
+mkdir artifacts
+tar cvfjh artifacts/dist.tar.bz2 dist tests_results
diff --git a/security/nss/automation/taskcluster/scripts/run_clang_format.sh b/security/nss/automation/taskcluster/scripts/run_clang_format.sh
new file mode 100755
index 000000000..c4b60290f
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/run_clang_format.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) -eq 0 ]; then
+ # Drop privileges by re-running this script.
+ exec su worker $0 "$@"
+fi
+
+# Apply clang-format on the provided folder and verify that this doesn't change any file.
+# If any file differs after formatting, the script eventually exits with 1.
+# Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
+
+# Includes a default set of directories.
+
+if [ $# -gt 0 ]; then
+ dirs=("$@")
+else
+ top=$(dirname $0)/../../..
+ dirs=( \
+ "$top/cmd" \
+ "$top/fuzz" \
+ "$top/lib/base" \
+ "$top/lib/certdb" \
+ "$top/lib/certhigh" \
+ "$top/lib/ckfw" \
+ "$top/lib/crmf" \
+ "$top/lib/cryptohi" \
+ "$top/lib/dbm" \
+ "$top/lib/dev" \
+ "$top/lib/freebl" \
+ "$top/lib/jar" \
+ "$top/lib/nss" \
+ "$top/lib/pk11wrap" \
+ "$top/lib/pkcs7" \
+ "$top/lib/pkcs12" \
+ "$top/lib/pki" \
+ "$top/lib/smime" \
+ "$top/lib/softoken" \
+ "$top/lib/ssl" \
+ "$top/lib/sysinit" \
+ "$top/lib/util" \
+ "$top/gtests/common" \
+ "$top/gtests/der_gtest" \
+ "$top/gtests/freebl_gtest" \
+ "$top/gtests/pk11_gtest" \
+ "$top/gtests/ssl_gtest" \
+ "$top/gtests/util_gtest" \
+ )
+fi
+
+for dir in "${dirs[@]}"; do
+ find "$dir" -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+
+done
+
+TMPFILE=$(mktemp /tmp/$(basename $0).XXXXXX)
+trap 'rm $TMPFILE' exit
+if (cd $(dirname $0); hg root >/dev/null 2>&1); then
+ hg diff --git "$top" | tee $TMPFILE
+else
+ git -C "$top" diff | tee $TMPFILE
+fi
+[[ ! -s $TMPFILE ]]
diff --git a/security/nss/automation/taskcluster/scripts/run_scan_build.sh b/security/nss/automation/taskcluster/scripts/run_scan_build.sh
new file mode 100755
index 000000000..99f80ab5f
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/run_scan_build.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+source $(dirname $0)/tools.sh
+
+if [ $(id -u) = 0 ]; then
+ # Drop privileges by re-running this script.
+ exec su worker $0 $@
+fi
+
+# Clone NSPR if needed.
+if [ ! -d "nspr" ]; then
+ hg_clone https://hg.mozilla.org/projects/nspr nspr default
+fi
+
+# Build.
+cd nss
+make nss_build_all
+
+# What we want to scan.
+# key: directory to scan
+# value: number of errors expected in that directory
+declare -A scan=( \
+ [lib/base]=0 \
+ [lib/certdb]=0 \
+ [lib/certhigh]=0 \
+ [lib/ckfw]=0 \
+ [lib/crmf]=0 \
+ [lib/cryptohi]=0 \
+ [lib/dev]=0 \
+ [lib/freebl]=0 \
+ [lib/nss]=0 \
+ [lib/ssl]=0 \
+ [lib/util]=0 \
+ )
+
+# remove .OBJ directories to force a rebuild of just the select few
+for i in "${!scan[@]}"; do
+ find "$i" -name "*.OBJ" -exec rm -rf {} \+
+done
+
+# run scan-build (only building affected directories)
+scan-build -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd ..
+
+# print errors we found
+set +v +x
+STATUS=0
+for i in "${!scan[@]}"; do
+ n=$(grep -Rn "$i" /home/worker/artifacts/*/report-*.html | wc -l)
+ if [ $n -ne ${scan[$i]} ]; then
+ STATUS=1
+ echo "$(date '+%T') WARNING - TEST-UNEXPECTED-FAIL: $i contains $n scan-build errors"
+ elif [ $n -ne 0 ]; then
+ echo "$(date '+%T') WARNING - TEST-EXPECTED-FAIL: $i contains $n scan-build errors"
+ fi
+done
+exit $STATUS
diff --git a/security/nss/automation/taskcluster/scripts/run_tests.sh b/security/nss/automation/taskcluster/scripts/run_tests.sh
new file mode 100755
index 000000000..4c87e7e32
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/run_tests.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+source $(dirname $0)/tools.sh
+
+if [ $(id -u) = 0 ]; then
+ # Stupid Docker.
+ echo "127.0.0.1 localhost.localdomain" >> /etc/hosts
+
+ # Drop privileges by re-running this script.
+ exec su worker $0
+fi
+
+# Fetch artifact if needed.
+fetch_dist
+
+# Run tests.
+cd nss/tests && ./all.sh
diff --git a/security/nss/automation/taskcluster/scripts/tools.sh b/security/nss/automation/taskcluster/scripts/tools.sh
new file mode 100644
index 000000000..dacfdeb28
--- /dev/null
+++ b/security/nss/automation/taskcluster/scripts/tools.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Usage: hg_clone repo dir [revision=@]
+hg_clone() {
+ repo=$1
+ dir=$2
+ rev=${3:-@}
+ for i in 0 2 5; do
+ sleep $i
+ hg clone -r "$rev" "$repo" "$dir" && return
+ rm -rf "$dir"
+ done
+ exit 1
+}
+
+fetch_dist() {
+ url=https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/dist.tar.bz2
+ if [ ! -d "dist" ]; then
+ for i in 0 2 5; do
+ sleep $i
+ curl --retry 3 -Lo dist.tar.bz2 $url && tar xvjf dist.tar.bz2 && return
+ rm -fr dist.tar.bz2 dist
+ done
+ exit 1
+ fi
+}