Browse Source

Update NSS to 3.41

pull/1/head
wolfbeast 4 years ago committed by Roy Tam
parent
commit
5f0986e66f
  1. 157
      nsprpub/pr/tests/abstract.c
  2. 2
      old-configure.in
  3. 1
      security/nss/TAG-INFO
  4. 18
      security/nss/automation/abi-check/expected-report-libnss3.so.txt
  5. 18
      security/nss/automation/abi-check/expected-report-libnssutil3.so.txt
  6. 48
      security/nss/automation/abi-check/expected-report-libsmime3.so.txt
  7. 2
      security/nss/automation/abi-check/previous-nss-release
  8. 39
      security/nss/automation/clang-format/Dockerfile
  9. 44
      security/nss/automation/clang-format/setup.sh
  10. 2
      security/nss/automation/release/nspr-version.txt
  11. 1
      security/nss/automation/taskcluster/docker-aarch64/Dockerfile
  12. 1
      security/nss/automation/taskcluster/docker-arm/Dockerfile
  13. 75
      security/nss/automation/taskcluster/docker-builds/Dockerfile
  14. 0
      security/nss/automation/taskcluster/docker-builds/bin/checkout.sh
  15. 30
      security/nss/automation/taskcluster/docker-clang-3.9/Dockerfile
  16. 46
      security/nss/automation/taskcluster/docker-clang-3.9/setup.sh
  17. 38
      security/nss/automation/taskcluster/docker-clang-format/Dockerfile
  18. 20
      security/nss/automation/taskcluster/docker-clang-format/bin/checkout.sh
  19. 47
      security/nss/automation/taskcluster/docker-decision/Dockerfile
  20. 31
      security/nss/automation/taskcluster/docker-decision/setup.sh
  21. 70
      security/nss/automation/taskcluster/docker-fuzz/Dockerfile
  22. 58
      security/nss/automation/taskcluster/docker-fuzz/setup.sh
  23. 73
      security/nss/automation/taskcluster/docker-fuzz32/Dockerfile
  24. 20
      security/nss/automation/taskcluster/docker-fuzz32/bin/checkout.sh
  25. 47
      security/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile
  26. 30
      security/nss/automation/taskcluster/docker-gcc-4.4/setup.sh
  27. 56
      security/nss/automation/taskcluster/docker-interop/Dockerfile
  28. 20
      security/nss/automation/taskcluster/docker-interop/bin/checkout.sh
  29. 57
      security/nss/automation/taskcluster/docker/Dockerfile
  30. 74
      security/nss/automation/taskcluster/docker/setup.sh
  31. 176
      security/nss/automation/taskcluster/graph/src/extend.js
  32. 2
      security/nss/automation/taskcluster/graph/src/try_syntax.js
  33. 8
      security/nss/automation/taskcluster/scripts/build_image.sh
  34. 9
      security/nss/automation/taskcluster/scripts/tools.sh
  35. 8
      security/nss/automation/taskcluster/windows/build.sh
  36. 32
      security/nss/automation/taskcluster/windows/build_gyp.sh
  37. 48
      security/nss/automation/taskcluster/windows/setup.sh
  38. 10
      security/nss/automation/taskcluster/windows/setup32.sh
  39. 10
      security/nss/automation/taskcluster/windows/setup64.sh
  40. 102
      security/nss/build.sh
  41. 168
      security/nss/cmd/certutil/certutil.c
  42. 16
      security/nss/cmd/crlutil/crlutil.c
  43. 2
      security/nss/cmd/crmf-cgi/crmfcgi.c
  44. 2
      security/nss/cmd/crmftest/testcrmf.c
  45. 3
      security/nss/cmd/dbck/dbrecover.c
  46. 1034
      security/nss/cmd/fipstest/fipstest.c
  47. 84
      security/nss/cmd/fipstest/kas.sh
  48. 2
      security/nss/cmd/fipstest/runtest.sh
  49. 116
      security/nss/cmd/lib/secutil.c
  50. 6
      security/nss/cmd/lib/secutil.h
  51. 1
      security/nss/cmd/manifest.mn
  52. 1
      security/nss/cmd/modutil/error.h
  53. 28
      security/nss/cmd/modutil/modutil.c
  54. 1
      security/nss/cmd/modutil/modutil.h
  55. 49
      security/nss/cmd/modutil/pk11.c
  56. 47
      security/nss/cmd/nss-policy-check/Makefile
  57. 15
      security/nss/cmd/nss-policy-check/manifest.mn
  58. 206
      security/nss/cmd/nss-policy-check/nss-policy-check.c
  59. 24
      security/nss/cmd/nss-policy-check/nss-policy-check.gyp
  60. 5
      security/nss/cmd/ocspclnt/ocspclnt.c
  61. 1
      security/nss/cmd/p7verify/p7verify.c
  62. 8
      security/nss/cmd/rsaperf/rsaperf.c
  63. 51
      security/nss/cmd/selfserv/selfserv.c
  64. 1
      security/nss/cmd/smimetools/cmsutil.c
  65. 2
      security/nss/cmd/tests/nonspr10.c
  66. 2
      security/nss/cmd/tstclnt/Makefile
  67. 134
      security/nss/cmd/tstclnt/tstclnt.c
  68. 3
      security/nss/cmd/vfychain/vfychain.c
  69. 2
      security/nss/cmd/vfyserv/vfyserv.h
  70. 9
      security/nss/coreconf/config.gypi
  71. 4
      security/nss/coreconf/config.mk
  72. 1
      security/nss/coreconf/coreconf.dep
  73. 7
      security/nss/coreconf/fuzz.sh
  74. 106
      security/nss/coreconf/msvc.sh
  75. 3
      security/nss/coreconf/nspr.sh
  76. 2
      security/nss/cpputil/databuffer.h
  77. 2
      security/nss/cpputil/dummy_io.h
  78. 15
      security/nss/cpputil/nss_scoped_ptrs.h
  79. 35
      security/nss/cpputil/scoped_ptrs_ssl.h
  80. 11
      security/nss/cpputil/tls_parser.h
  81. 12
      security/nss/doc/certutil.xml
  82. 16
      security/nss/doc/html/certutil.html
  83. 4
      security/nss/doc/html/modutil.html
  84. 4
      security/nss/doc/html/pk12util.html
  85. 2
      security/nss/doc/modutil.xml
  86. 20
      security/nss/doc/nroff/certutil.1
  87. 8
      security/nss/doc/nroff/modutil.1
  88. 6
      security/nss/doc/nroff/pk12util.1
  89. 3
      security/nss/doc/pk12util.xml
  90. 135
      security/nss/exports.gyp
  91. 6
      security/nss/fuzz/config/git-copy.sh
  92. 2
      security/nss/fuzz/tls_server_certs.cc
  93. 2
      security/nss/gtests/certdb_gtest/alg1485_unittest.cc
  94. 2
      security/nss/gtests/cryptohi_gtest/cryptohi_unittest.cc
  95. 2
      security/nss/gtests/der_gtest/der_private_key_import_unittest.cc
  96. 2
      security/nss/gtests/der_gtest/p12_import_unittest.cc
  97. 2
      security/nss/gtests/freebl_gtest/ecl_unittest.cc
  98. 82
      security/nss/gtests/freebl_gtest/mpi_unittest.cc
  99. 48
      security/nss/gtests/freebl_gtest/rsa_unittest.cc
  100. 2
      security/nss/gtests/google_test/VERSION
  101. Some files were not shown because too many files have changed in this diff Show More

157
nsprpub/pr/tests/abstract.c

@ -0,0 +1,157 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <stdio.h>
#if defined(LINUX)
#include <string.h>
#include "nspr.h"
static const char abstractSocketName[] = "\0testsocket";
static void
ClientThread(void* aArg)
{
PRFileDesc* socket;
PRNetAddr addr;
PRUint8 buf[1024];
PRInt32 len;
PRInt32 total;
addr.local.family = PR_AF_LOCAL;
memcpy(addr.local.path, abstractSocketName, sizeof(abstractSocketName));
socket = PR_OpenTCPSocket(addr.raw.family);
if (!socket) {
fprintf(stderr, "PR_OpenTCPSokcet failed\n");
exit(1);
}
if (PR_Connect(socket, &addr, PR_INTERVAL_NO_TIMEOUT) == PR_FAILURE) {
fprintf(stderr, "PR_Connect failed\n");
exit(1);
}
total = 0;
while (total < sizeof(buf)) {
len = PR_Recv(socket, buf + total, sizeof(buf) - total, 0,
PR_INTERVAL_NO_TIMEOUT);
if (len < 1) {
fprintf(stderr, "PR_Recv failed\n");
exit(1);
}
total += len;
}
total = 0;
while (total < sizeof(buf)) {
len = PR_Send(socket, buf + total, sizeof(buf) - total, 0,
PR_INTERVAL_NO_TIMEOUT);
if (len < 1) {
fprintf(stderr, "PR_Send failed\n");
exit(1);
}
total += len;
}
if (PR_Close(socket) == PR_FAILURE) {
fprintf(stderr, "PR_Close failed\n");
exit(1);
}
}
int
main()
{
PRFileDesc* socket;
PRFileDesc* acceptSocket;
PRThread* thread;
PRNetAddr addr;
PRUint8 buf[1024];
PRInt32 len;
PRInt32 total;
addr.local.family = PR_AF_LOCAL;
memcpy(addr.local.path, abstractSocketName, sizeof(abstractSocketName));
socket = PR_OpenTCPSocket(addr.raw.family);
if (!socket) {
fprintf(stderr, "PR_OpenTCPSocket failed\n");
exit(1);
}
if (PR_Bind(socket, &addr) == PR_FAILURE) {
fprintf(stderr, "PR_Bind failed\n");
exit(1);
}
if (PR_Listen(socket, 5) == PR_FAILURE) {
fprintf(stderr, "PR_Listen failed\n");
exit(1);
}
thread = PR_CreateThread(PR_USER_THREAD, ClientThread, 0, PR_PRIORITY_NORMAL,
PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
if (!thread) {
fprintf(stderr, "PR_CreateThread failed");
exit(1);
}
acceptSocket = PR_Accept(socket, NULL, PR_INTERVAL_NO_TIMEOUT);
if (!acceptSocket) {
fprintf(stderr, "PR_Accept failed\n");
exit(1);
}
memset(buf, 'A', sizeof(buf));
total = 0;
while (total < sizeof(buf)) {
len = PR_Send(acceptSocket, buf + total, sizeof(buf) - total, 0,
PR_INTERVAL_NO_TIMEOUT);
if (len < 1) {
fprintf(stderr, "PR_Send failed\n");
exit(1);
}
total += len;
}
total = 0;
while (total < sizeof(buf)) {
len = PR_Recv(acceptSocket, buf + total, sizeof(buf) - total, 0,
PR_INTERVAL_NO_TIMEOUT);
if (len < 1) {
fprintf(stderr, "PR_Recv failed\n");
exit(1);
}
total += len;
}
if (PR_Close(acceptSocket) == PR_FAILURE) {
fprintf(stderr, "PR_Close failed\n");
exit(1);
}
if (PR_JoinThread(thread) == PR_FAILURE) {
fprintf(stderr, "PR_JoinThread failed\n");
exit(1);
}
if (PR_Close(socket) == PR_FAILURE) {
fprintf(stderr, "PR_Close failed\n");
exit(1);
}
printf("PASS\n");
return 0;
}
#else
int
main()
{
prinf("PASS\n");
return 0;
}
#endif

2
old-configure.in

@ -2049,7 +2049,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
_USE_SYSTEM_NSS=1 )
if test -n "$_USE_SYSTEM_NSS"; then
AM_PATH_NSS(3.38, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
AM_PATH_NSS(3.41, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
fi
if test -z "$MOZ_SYSTEM_NSS"; then

1
security/nss/TAG-INFO

@ -1 +0,0 @@
NSS_3_38_RTM

18
security/nss/automation/abi-check/expected-report-libnss3.so.txt

@ -0,0 +1,18 @@
1 function with some indirect sub-type change:
[C]'function SECStatus CERT_AddOCSPAcceptableResponses(CERTOCSPRequest*, SECOidTag, ...)' at ocsp.c:2203:1 has some indirect sub-type changes:
parameter 2 of type 'typedef SECOidTag' has sub-type changes:
underlying type 'enum __anonymous_enum__' at secoidt.h:34:1 changed:
type size hasn't changed
4 enumerator insertions:
'__anonymous_enum__::SEC_OID_X509_ANY_EXT_KEY_USAGE' value '357'
'__anonymous_enum__::SEC_OID_EXT_KEY_USAGE_IPSEC_IKE' value '358'
'__anonymous_enum__::SEC_OID_IPSEC_IKE_END' value '359'
'__anonymous_enum__::SEC_OID_IPSEC_IKE_INTERMEDIATE' value '360'
1 enumerator change:
'__anonymous_enum__::SEC_OID_TOTAL' from value '357' to '361' at secoidt.h:34:1

18
security/nss/automation/abi-check/expected-report-libnssutil3.so.txt

@ -1,4 +1,18 @@
1 Added function:
1 function with some indirect sub-type change:
[C]'function SECStatus NSS_GetAlgorithmPolicy(SECOidTag, PRUint32*)' at secoid.c:2217:1 has some indirect sub-type changes:
parameter 1 of type 'typedef SECOidTag' has sub-type changes:
underlying type 'enum __anonymous_enum__' at secoidt.h:34:1 changed:
type size hasn't changed
4 enumerator insertions:
'__anonymous_enum__::SEC_OID_X509_ANY_EXT_KEY_USAGE' value '357'
'__anonymous_enum__::SEC_OID_EXT_KEY_USAGE_IPSEC_IKE' value '358'
'__anonymous_enum__::SEC_OID_IPSEC_IKE_END' value '359'
'__anonymous_enum__::SEC_OID_IPSEC_IKE_INTERMEDIATE' value '360'
1 enumerator change:
'__anonymous_enum__::SEC_OID_TOTAL' from value '357' to '361' at secoidt.h:34:1
'function SECStatus SECITEM_MakeItem(PLArenaPool*, SECItem*, unsigned char*, unsigned int)' {SECITEM_MakeItem@@NSSUTIL_3.38}

48
security/nss/automation/abi-check/expected-report-libsmime3.so.txt

@ -0,0 +1,48 @@
1 function with some indirect sub-type change:
[C]'function PK11SymKey* NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo*)' at cmscinfo.c:363:1 has some indirect sub-type changes:
parameter 1 of type 'NSSCMSContentInfo*' has sub-type changes:
in pointed to type 'typedef NSSCMSContentInfo' at cmst.h:54:1:
underlying type 'struct NSSCMSContentInfoStr' at cmst.h:126:1 changed:
type size hasn't changed
1 data member changes (2 filtered):
type of 'NSSCMSContent NSSCMSContentInfoStr::content' changed:
underlying type 'union NSSCMSContentUnion' at cmst.h:113:1 changed:
type size hasn't changed
1 data member changes (3 filtered):
type of 'NSSCMSEncryptedData* NSSCMSContentUnion::encryptedData' changed:
in pointed to type 'typedef NSSCMSEncryptedData' at cmst.h:65:1:
underlying type 'struct NSSCMSEncryptedDataStr' at cmst.h:463:1 changed:
type size hasn't changed
1 data member changes (1 filtered):
type of 'NSSCMSAttribute** NSSCMSEncryptedDataStr::unprotectedAttr' changed:
in pointed to type 'NSSCMSAttribute*':
in pointed to type 'typedef NSSCMSAttribute' at cmst.h:69:1:
underlying type 'struct NSSCMSAttributeStr' at cmst.h:482:1 changed:
type size hasn't changed
1 data member change:
type of 'SECOidData* NSSCMSAttributeStr::typeTag' changed:
in pointed to type 'typedef SECOidData' at secoidt.h:16:1:
underlying type 'struct SECOidDataStr' at secoidt.h:513:1 changed:
type size hasn't changed
1 data member change:
type of 'SECOidTag SECOidDataStr::offset' changed:
underlying type 'enum __anonymous_enum__' at secoidt.h:34:1 changed:
type size hasn't changed
4 enumerator insertions:
'__anonymous_enum__::SEC_OID_X509_ANY_EXT_KEY_USAGE' value '357'
'__anonymous_enum__::SEC_OID_EXT_KEY_USAGE_IPSEC_IKE' value '358'
'__anonymous_enum__::SEC_OID_IPSEC_IKE_END' value '359'
'__anonymous_enum__::SEC_OID_IPSEC_IKE_INTERMEDIATE' value '360'
1 enumerator change:
'__anonymous_enum__::SEC_OID_TOTAL' from value '357' to '361' at secoidt.h:34:1

2
security/nss/automation/abi-check/previous-nss-release

@ -1 +1 @@
NSS_3_37_BRANCH
NSS_3_40_BRANCH

39
security/nss/automation/clang-format/Dockerfile

@ -1,26 +1,35 @@
FROM ubuntu:16.04
MAINTAINER Franziskus Kiefer <franziskuskiefer@gmail.com>
# Minimal image with clang-format 3.9.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
clang-format-3.9 \
locales \
mercurial \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
RUN update-alternatives --install /usr/bin/clang-format \
clang-format $(which clang-format-3.9) 10
# Change user.
USER worker
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
# Entrypoint.
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
USER $USER
# Entrypoint - which only works if /home/worker/nss is mounted.
ENTRYPOINT ["/home/worker/nss/automation/clang-format/run_clang_format.sh"]

44
security/nss/automation/clang-format/setup.sh

@ -1,44 +0,0 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Install packages.
apt_packages=()
apt_packages+=('ca-certificates')
apt_packages+=('curl')
apt_packages+=('xz-utils')
apt_packages+=('mercurial')
apt_packages+=('git')
apt_packages+=('locales')
apt-get install -y --no-install-recommends ${apt_packages[@]}
# Download clang.
curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -o clang.tar.xz
curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -o clang.tar.xz.sig
# Verify the signature.
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
gpg --verify clang.tar.xz.sig
# Install into /usr/local/.
tar xJvf *.tar.xz -C /usr/local --strip-components=1
# Cleanup.
function cleanup() {
rm -f clang.tar.xz clang.tar.xz.sig
}
trap cleanup ERR EXIT
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
# We're done. Remove this script.
rm $0

2
security/nss/automation/release/nspr-version.txt

@ -1,4 +1,4 @@
4.19
4.20
# The first line of this file must contain the human readable NSPR
# version number, which is the minimum required version of NSPR

1
security/nss/automation/taskcluster/docker-aarch64/Dockerfile

@ -20,7 +20,6 @@ ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost

1
security/nss/automation/taskcluster/docker-arm/Dockerfile

@ -17,7 +17,6 @@ ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost

75
security/nss/automation/taskcluster/docker-builds/Dockerfile

@ -0,0 +1,75 @@
# Dockerfile for building extra builds. This includes more tools than the
# default image, so it's a fair bit bigger. Only use this for builds where
# the smaller docker image is missing something. These builds will run on
# the leaner configuration.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN dpkg --add-architecture i386
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
clang-4.0 \
clang \
cmake \
curl \
g++-4.8-multilib \
g++-5-multilib \
g++-6-multilib \
g++-multilib \
git \
gyp \
libelf-dev \
libdw-dev \
libssl-dev \
libssl-dev:i386 \
libxml2-utils \
lib32z1-dev \
linux-libc-dev:i386 \
llvm-dev \
locales \
mercurial \
ninja-build \
pkg-config \
valgrind \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Latest version of abigail-tools
RUN apt-get update \
&& apt-get install -y --no-install-recommends automake libtool libxml2-dev \
&& git clone git://sourceware.org/git/libabigail.git /tmp/libabigail \
&& cd /tmp/libabigail \
&& autoreconf -fi \
&& ./configure --prefix=/usr --disable-static --disable-apidoc --disable-manual \
&& make && make install \
&& rm -rf /tmp/libabigail \
&& apt-get remove -y automake libtool libxml2-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
# Add build and test scripts.
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

0
security/nss/automation/taskcluster/docker-clang-3.9/bin/checkout.sh → security/nss/automation/taskcluster/docker-builds/bin/checkout.sh

30
security/nss/automation/taskcluster/docker-clang-3.9/Dockerfile

@ -1,30 +0,0 @@
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Change user.
USER worker
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost
ENV DOMSUF localdomain
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

46
security/nss/automation/taskcluster/docker-clang-3.9/setup.sh

@ -1,46 +0,0 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Need this to add keys for PPAs below.
apt-get install -y --no-install-recommends apt-utils
apt_packages=()
apt_packages+=('ca-certificates')
apt_packages+=('curl')
apt_packages+=('locales')
apt_packages+=('xz-utils')
# Latest Mercurial.
apt_packages+=('mercurial')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
# Install packages.
apt-get -y update
apt-get install -y --no-install-recommends ${apt_packages[@]}
# Download clang.
curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
# Verify the signature.
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
gpg --verify *.tar.xz.sig
# Install into /usr/local/.
tar xJvf *.tar.xz -C /usr/local --strip-components=1
# Cleanup.
rm *.tar.xz*
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0

38
security/nss/automation/taskcluster/docker-clang-format/Dockerfile

@ -0,0 +1,38 @@
# Minimal image with clang-format 3.9.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
clang-format-3.9 \
locales \
mercurial \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
RUN update-alternatives --install /usr/bin/clang-format \
clang-format $(which clang-format-3.9) 10
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

20
security/nss/automation/taskcluster/docker-clang-format/bin/checkout.sh

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
# Default values for testing.
REVISION=${NSS_HEAD_REVISION:-default}
REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
# Clone NSS.
for i in 0 2 5; do
sleep $i
hg clone -r $REVISION $REPOSITORY nss && exit 0
rm -rf nss
done
exit 1

47
security/nss/automation/taskcluster/docker-decision/Dockerfile

@ -1,30 +1,37 @@
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
# Minimal image for running the decision task.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
curl \
locales \
mercurial \
nodejs \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Change user.
USER worker
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
# Add build and test scripts.
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

31
security/nss/automation/taskcluster/docker-decision/setup.sh

@ -1,31 +0,0 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Need those to install newer packages below.
apt-get install -y --no-install-recommends apt-utils curl ca-certificates locales
# Latest Mercurial.
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
# Install packages.
apt-get -y update && apt-get install -y --no-install-recommends mercurial
# Latest Node.JS.
curl -sL https://deb.nodesource.com/setup_6.x | bash -
apt-get install -y --no-install-recommends nodejs
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0

70
security/nss/automation/taskcluster/docker-fuzz/Dockerfile

@ -1,33 +1,59 @@
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
# Dockerfile for running fuzzing tests.
#
# Note that when running this, you need to add `--cap-add SYS_PTRACE` to the
# docker invocation or ASAN won't work.
# On taskcluster use `features: ["allowPtrace"]`.
# See https://github.com/google/sanitizers/issues/764#issuecomment-276700920
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
RUN dpkg --add-architecture i386
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
clang \
clang-tools \
curl \
g++-multilib \
git \
gyp \
libssl-dev \
libssl-dev:i386 \
libxml2-utils \
lib32z1-dev \
linux-libc-dev:i386 \
llvm-dev \
locales \
mercurial \
ninja-build \
pkg-config \
valgrind \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Change user.
USER worker
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
# LLVM 4.0
ENV PATH "${PATH}:/home/worker/third_party/llvm-build/Release+Asserts/bin/"
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
# Add build and test scripts.
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
# Change user.
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

58
security/nss/automation/taskcluster/docker-fuzz/setup.sh

@ -1,58 +0,0 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Need this to add keys for PPAs below.
apt-get install -y --no-install-recommends apt-utils
apt_packages=()
apt_packages+=('build-essential')
apt_packages+=('ca-certificates')
apt_packages+=('curl')
apt_packages+=('git')
apt_packages+=('gyp')
apt_packages+=('libssl-dev')
apt_packages+=('libxml2-utils')
apt_packages+=('locales')
apt_packages+=('ninja-build')
apt_packages+=('pkg-config')
apt_packages+=('zlib1g-dev')
# 32-bit builds
apt_packages+=('gcc-multilib')
apt_packages+=('g++-multilib')
# Latest Mercurial.
apt_packages+=('mercurial')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
# Install packages.
apt-get -y update
apt-get install -y --no-install-recommends ${apt_packages[@]}
# 32-bit builds
dpkg --add-architecture i386
apt-get -y update
apt-get install -y --no-install-recommends libssl-dev:i386
# Install LLVM/clang-4.0.
mkdir clang-tmp
git clone -n --depth 1 https://chromium.googlesource.com/chromium/src/tools/clang clang-tmp/clang
git -C clang-tmp/clang checkout HEAD scripts/update.py
clang-tmp/clang/scripts/update.py
rm -fr clang-tmp
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0

73
security/nss/automation/taskcluster/docker-fuzz32/Dockerfile

@ -0,0 +1,73 @@
# Dockerfile for running fuzzing tests on linux32.
#
# This is a temporary workaround for bugs in clang that make it incompatible
# with Ubuntu 18.04 (see bug 1488148). This image can be removed once a new
# release of LLVM includes the necessary fixes.
FROM ubuntu:16.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN dpkg --add-architecture i386
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
curl \
g++-multilib \
git \
gyp \
libssl-dev \
libssl-dev:i386 \
libxml2-utils \
lib32z1-dev \
linux-libc-dev:i386 \
locales \
mercurial \
ninja-build \
pkg-config \
software-properties-common \
valgrind \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Install clang and tools from the LLVM PPA.
RUN curl -sf https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - \
&& apt-add-repository "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-6.0 main" \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
clang-6.0 \
clang-tools-6.0 \
llvm-6.0-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Alias all the clang commands.
RUN for i in $(dpkg -L clang-6.0 clang-tools-6.0 | grep '^/usr/bin/' | xargs -i basename {} -6.0); do \
update-alternatives --install "/usr/bin/$i" "$i" "/usr/bin/${i}-6.0" 10; \
done
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
# Add build and test scripts.
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
# Change user.
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

20
security/nss/automation/taskcluster/docker-fuzz32/bin/checkout.sh

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
# Default values for testing.
REVISION=${NSS_HEAD_REVISION:-default}
REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
# Clone NSS.
for i in 0 2 5; do
sleep $i
hg clone -r $REVISION $REPOSITORY nss && exit 0
rm -rf nss
done
exit 1

47
security/nss/automation/taskcluster/docker-gcc-4.4/Dockerfile

@ -1,30 +1,39 @@
FROM ubuntu:14.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
RUN dpkg --add-architecture i386
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
g++-4.4 \
gcc-4.4 \
locales \
make \
mercurial \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Change user.
USER worker
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
# Add build and test scripts.
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

30
security/nss/automation/taskcluster/docker-gcc-4.4/setup.sh

@ -1,30 +0,0 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
apt_packages=()
apt_packages+=('ca-certificates')
apt_packages+=('g++-4.4')
apt_packages+=('gcc-4.4')
apt_packages+=('locales')
apt_packages+=('make')
apt_packages+=('mercurial')
apt_packages+=('zlib1g-dev')
# Install packages.
apt-get -y update
apt-get install -y --no-install-recommends ${apt_packages[@]}
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0

56
security/nss/automation/taskcluster/docker-interop/Dockerfile

@ -0,0 +1,56 @@
# Dockerfile for running interop tests.
# This includes Rust, golang, and nodejs.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN dpkg --add-architecture i386
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
clang \
cmake \
curl \
g++-multilib \
git \
golang \
gyp \
libxml2-utils \
lib32z1-dev \
linux-libc-dev:i386 \
llvm-dev \
locales \
mercurial \
ninja-build \
npm \
pkg-config \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
# Add build and test scripts.
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
USER $USER
# Install Rust stable as $USER.
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

20
security/nss/automation/taskcluster/docker-interop/bin/checkout.sh

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
# Default values for testing.
REVISION=${NSS_HEAD_REVISION:-default}
REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
# Clone NSS.
for i in 0 2 5; do
sleep $i
hg clone -r $REVISION $REPOSITORY nss && exit 0
rm -rf nss
done
exit 1

57
security/nss/automation/taskcluster/docker/Dockerfile

@ -1,30 +1,49 @@
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
# Lean image for running the bulk of the NSS CI tests on taskcluster.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
RUN dpkg --add-architecture i386
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
clang \
curl \
g++-multilib \
git \
gyp \
libxml2-utils \
lib32z1-dev \
linux-libc-dev:i386 \
llvm-dev \
locales \
mercurial \
ninja-build \
pkg-config \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
# Rust + Go
ENV PATH "${PATH}:/home/worker/.cargo/bin/:/usr/lib/go-1.6/bin"
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
# Add build and test scripts.
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

74
security/nss/automation/taskcluster/docker/setup.sh

@ -1,74 +0,0 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Need this to add keys for PPAs below.
apt-get install -y --no-install-recommends apt-utils
apt_packages=()
apt_packages+=('build-essential')
apt_packages+=('ca-certificates')
apt_packages+=('clang-5.0')
apt_packages+=('curl')
apt_packages+=('npm')
apt_packages+=('git')
apt_packages+=('golang-1.6')
apt_packages+=('libxml2-utils')
apt_packages+=('locales')
apt_packages+=('ninja-build')
apt_packages+=('pkg-config')
apt_packages+=('zlib1g-dev')
# 32-bit builds
apt_packages+=('lib32z1-dev')
apt_packages+=('gcc-multilib')
apt_packages+=('g++-multilib')
# ct-verif and sanitizers
apt_packages+=('valgrind')
# Latest Mercurial.
apt_packages+=('mercurial')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
# gcc 4.8 and 6
apt_packages+=('g++-6')
apt_packages+=('g++-4.8')
apt_packages+=('g++-6-multilib')
apt_packages+=('g++-4.8-multilib')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 60C317803A41BA51845E371A1E9377A2BA9EF27F
echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu xenial main" > /etc/apt/sources.list.d/toolchain.list
# Install packages.
apt-get -y update
apt-get install -y --no-install-recommends ${apt_packages[@]}
# Latest version of abigail-tools
apt-get install -y libxml2-dev autoconf libelf-dev libdw-dev libtool
git clone git://sourceware.org/git/libabigail.git
cd ./libabigail
autoreconf -fi
./configure --prefix=/usr --disable-static --disable-apidoc --disable-manual
make
make install
cd ..
apt-get remove -y libxml2-dev autoconf libtool
rm -rf libabigail
# Install latest Rust (stable).
su worker -c "curl https://sh.rustup.rs -sSf | sh -s -- -y"
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0

176
security/nss/automation/taskcluster/graph/src/extend.js

@ -10,9 +10,19 @@ const LINUX_IMAGE = {
path: "automation/taskcluster/docker"
};
const LINUX_CLANG39_IMAGE = {
name: "linux-clang-3.9",
path: "automation/taskcluster/docker-clang-3.9"
const LINUX_BUILDS_IMAGE = {
name: "linux-builds",
path: "automation/taskcluster/docker-builds"
};
const LINUX_INTEROP_IMAGE = {
name: "linux-interop",
path: "automation/taskcluster/docker-interop"
};
const CLANG_FORMAT_IMAGE = {
name: "clang-format",
path: "automation/taskcluster/docker-clang-format"
};
const LINUX_GCC44_IMAGE = {
@ -25,6 +35,12 @@ const FUZZ_IMAGE = {
path: "automation/taskcluster/docker-fuzz"
};
// Bug 1488148 - temporary image for fuzzing 32-bit builds.
const FUZZ_IMAGE_32 = {
name: "fuzz32",
path: "automation/taskcluster/docker-fuzz32"
};
const HACL_GEN_IMAGE = {
name: "hacl",
path: "automation/taskcluster/docker-hacl"
@ -59,7 +75,7 @@ queue.filter(task => {
}
}
if (task.tests == "bogo" || task.tests == "interop") {
if (task.tests == "bogo" || task.tests == "interop" || task.tests == "tlsfuzzer") {
// No windows
if (task.platform == "windows2012-64" ||
task.platform == "windows2012-32") {
@ -89,7 +105,9 @@ queue.filter(task => {
if (task.group == "Test") {
// Don't run test builds on old make platforms, and not for fips gyp.
if (task.collection == "make" || task.collection == "fips") {
// Disable on aarch64, see bug 1488331.
if (task.collection == "make" || task.collection == "fips"
|| task.platform == "aarch64") {
return false;
}
}
@ -134,13 +152,13 @@ export default async function main() {
await scheduleLinux("Linux 32 (opt)", {
platform: "linux32",
image: LINUX_IMAGE
}, "-m32 --opt");
}, "-t ia32 --opt");
await scheduleLinux("Linux 32 (debug)", {
platform: "linux32",
collection: "debug",
image: LINUX_IMAGE
}, "-m32");
}, "-t ia32");
await scheduleLinux("Linux 64 (opt)", {
platform: "linux64",
@ -193,8 +211,8 @@ export default async function main() {
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
CC: "clang-5.0",
CCC: "clang++-5.0",
CC: "clang",
CCC: "clang++",
},
platform: "linux64",
collection: "asan",
@ -230,12 +248,12 @@ export default async function main() {
await scheduleWindows("Windows 2012 32 (opt)", {
platform: "windows2012-32",
}, "build_gyp.sh --opt -m32");
}, "build_gyp.sh --opt -t ia32");
await scheduleWindows("Windows 2012 32 (debug)", {
platform: "windows2012-32",
collection: "debug"
}, "build_gyp.sh -m32");
}, "build_gyp.sh -t ia32");
await scheduleFuzzing();
await scheduleFuzzing32();
@ -251,29 +269,29 @@ export default async function main() {
};
await scheduleLinux("Linux AArch64 (debug)",
merge({
merge(aarch64_base, {
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
],
collection: "debug",
}, aarch64_base)
})
);
await scheduleLinux("Linux AArch64 (opt)",
merge({
merge(aarch64_base, {
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh --opt"
],
collection: "opt",
}, aarch64_base)
})
);
await scheduleLinux("Linux AArch64 (debug, make)",
merge({
merge(aarch64_base, {
env: {USE_64: "1"},
command: [
"/bin/bash",
@ -281,7 +299,7 @@ export default async function main() {
"bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
],
collection: "make",
}, aarch64_base)
})
);
await scheduleMac("Mac (opt)", {collection: "opt"}, "--opt");
@ -303,7 +321,7 @@ async function scheduleMac(name, base, args = "") {
});
// Build base definition.
let build_base = merge({
let build_base = merge(mac_base, {
command: [
MAC_CHECKOUT_CMD,
["bash", "-c",
@ -320,7 +338,7 @@ async function scheduleMac(name, base, args = "") {
}],
kind: "build",
symbol: "B"
}, mac_base);
});
// The task that builds NSPR+NSS.
let task_build = queue.scheduleTask(merge(build_base, {name}));