From 2561a50ea41b22f27156a6ee8880235ddcde0c85 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 13:42:26 +0200 Subject: [PATCH 1/8] Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts The clean rule was not using the correct names for the compiled executable files. --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 4d2edd456..b6e49bf8a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -105,7 +105,7 @@ $(BINARIES): %$(EXEXT): %.c $(DEP) clean: ifndef WINDOWS - rm -rf $(APPS) *.c *.datax TESTS + rm -rf $(BINARIES) *.c *.datax TESTS else del /Q /F *.c *.exe *.datax ifneq ($(wildcard TESTS/.*),) From 487cdf5516bc888741d4126b1dd968c9b01049f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 15:54:40 +0200 Subject: [PATCH 2/8] In keep-going mode, don't hard-fail on some auxiliary script Add record_status in front of the invocation of several scripts where it was missing. --- tests/scripts/all.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1faa5d561..d1d59e06a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -436,25 +436,25 @@ OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh msg "test: recursion.pl" # < 1s -tests/scripts/recursion.pl library/*.c +record_status tests/scripts/recursion.pl library/*.c msg "test: freshness of generated source files" # < 1s -tests/scripts/check-generated-files.sh +record_status tests/scripts/check-generated-files.sh msg "test: doxygen markup outside doxygen blocks" # < 1s -tests/scripts/check-doxy-blocks.pl +record_status tests/scripts/check-doxy-blocks.pl msg "test: check-files.py" # < 1s cleanup -tests/scripts/check-files.py +record_status tests/scripts/check-files.py msg "test/build: declared and exported names" # < 3s cleanup -tests/scripts/check-names.sh +record_status tests/scripts/check-names.sh msg "test: doxygen warnings" # ~ 3s cleanup -tests/scripts/doxygen.sh +record_status tests/scripts/doxygen.sh @@ -1071,10 +1071,10 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do done msg "Lint: Python scripts" -tests/scripts/check-python-files.sh +record_status tests/scripts/check-python-files.sh msg "uint test: generate_test_code.py" -./tests/scripts/test_generate_test_code.py +record_status ./tests/scripts/test_generate_test_code.py ################################################################ #### Termination From a9daa5c357b8156df234a3b52d86771956da584a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Sep 2018 17:49:57 +0200 Subject: [PATCH 3/8] Look for documentation only in specific directories Generate the documentation from include and doxygen/input only. Don't get snared by files containing Doxygen comments that lie in other directories such as tests, yotta, crypto/include, ... The only difference this makes in a fresh checkout is that the documentation no longer lists target_config.h. This file is from yotta, does not contain any Doxygen comment, and its inclusion in the rendered documentation was clearly an oversight. --- doxygen/mbedtls.doxyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 2a87ada6a..8df061e31 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -664,7 +664,7 @@ WARN_LOGFILE = # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = .. +INPUT = ../include input # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is @@ -696,7 +696,7 @@ RECURSIVE = YES # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = ../configs ../yotta/module +EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded From bd90a8c002d969f3ca9d13be645e18f88fe71bdc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 10:12:17 +0200 Subject: [PATCH 4/8] In keep-going mode, don't hard-fail on some tests Add if_build_succeeded in front of the invocation of some test runs where it was missing. --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d1d59e06a..af788cfa6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -531,10 +531,10 @@ msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s make test msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s -tests/ssl-opt.sh -f RSA +if_build_succeeded tests/ssl-opt.sh -f RSA msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min -tests/compat.sh -t RSA +if_build_succeeded tests/compat.sh -t RSA msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" cleanup From 5c39d7a97206b102791c80a7442a9b7aabcc3605 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 11:49:52 +0200 Subject: [PATCH 5/8] Remove redundant check in all.sh test -s can't fail if the subsequent grep succeeds. --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index af788cfa6..326cfc0ca 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1063,7 +1063,6 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do cleanup make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded [ -s test_zeroize.log ] if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log if_build_succeeded not grep -i "error" test_zeroize.log rm -f test_zeroize.log From 427df37f84594c069f809f0960f117b6e0737133 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 Sep 2018 11:50:24 +0200 Subject: [PATCH 6/8] Don't try to disable ASLR We don't need to disable ASLR, so don't try. If gdb tries but fails, the test runs normally, but all.sh then trips up because it sees `warning: Error disabling address space randomization: Operation not permitted` and interprets it as an error that indicates a test failure. --- tests/scripts/test_zeroize.gdb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 617ab5544..77c812a0b 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -41,6 +41,9 @@ # number does not need to be updated often. set confirm off +# We don't need to turn off ASLR, so don't try. +set disable-randomization off + file ./programs/test/zeroize break zeroize.c:100 From 95c5575e12508dfbf7554065850cef3c1f831d14 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 Sep 2018 11:48:10 +0200 Subject: [PATCH 7/8] check-files: exclude .git and third-party files Exclude ".git" directories anywhere. This avoids spurious errors in git checkouts that contain branch names that look like a file check-files.py would check. Fix #1713 Exclude "mbed-os" anywhere and "examples" from the root. Switch to the new mechanism to exclude "yotta/module". These are directories where we store third-party files that do not need to match our preferences. Exclude "cov-int" from the root. Fix #1691 --- tests/scripts/check-files.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index f560d0378..0fb2117a3 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -155,6 +155,12 @@ class IntegrityChecker(object): ".c", ".h", ".sh", ".pl", ".py", ".md", ".function", ".data", "Makefile", "CMakeLists.txt", "ChangeLog" ) + self.excluded_directories = ['.git', 'mbed-os'] + self.excluded_paths = list(map(os.path.normpath, [ + 'cov-int', + 'examples', + 'yotta/module' + ])) self.issues_to_check = [ PermissionIssueTracker(), EndOfFileNewlineIssueTracker(), @@ -179,12 +185,19 @@ class IntegrityChecker(object): console = logging.StreamHandler() self.logger.addHandler(console) + def prune_branch(self, root, d): + if d in self.excluded_directories: + return True + if os.path.normpath(os.path.join(root, d)) in self.excluded_paths: + return True + return False + def check_files(self): - for root, dirs, files in sorted(os.walk(".")): + for root, dirs, files in os.walk("."): + dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d)) for filename in sorted(files): filepath = os.path.join(root, filename) - if (os.path.join("yotta", "module") in filepath or - not filepath.endswith(self.files_to_check)): + if not filepath.endswith(self.files_to_check): continue for issue_to_check in self.issues_to_check: if issue_to_check.should_check_file(filepath): From 96f3b4ee42c77567fe1a865a4b5c80d57dc57177 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Oct 2018 14:10:21 +0200 Subject: [PATCH 8/8] Remove yotta support from check-files.py Complements "Remove Yotta support from the docs, tests and build scripts". --- tests/scripts/check-files.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 0fb2117a3..ed6787289 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -159,7 +159,6 @@ class IntegrityChecker(object): self.excluded_paths = list(map(os.path.normpath, [ 'cov-int', 'examples', - 'yotta/module' ])) self.issues_to_check = [ PermissionIssueTracker(),