all.sh (12425B)
1 #!/bin/bash 2 # 3 # This Source Code Form is subject to the terms of the Mozilla Public 4 # License, v. 2.0. If a copy of the MPL was not distributed with this 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7 ######################################################################## 8 # 9 # mozilla/security/nss/tests/all.sh 10 # 11 # Script to start selected available NSS QA suites on one machine 12 # this script is called or sourced by NSS QA which runs on all required 13 # platforms 14 # 15 # Needs to work on all Unix and Windows platforms 16 # 17 # Currently available NSS QA suites: 18 # ---------------------------------- 19 # cipher.sh - tests NSS ciphers 20 # libpkix.sh - tests PKIX functionality 21 # cert.sh - exercises certutil and creates certs necessary for 22 # all other tests 23 # dbtests.sh - tests related to certificate databases 24 # tools.sh - tests the majority of the NSS tools 25 # fips.sh - tests basic functionallity of NSS in FIPS-compliant 26 # - mode 27 # sdr.sh - tests NSS SDR 28 # crmf.sh - CRMF/CMMF testing 29 # smime.sh - S/MIME testing 30 # ssl.sh - tests SSL V2 SSL V3 and TLS 31 # ocsp.sh - OCSP testing 32 # merge.sh - tests merging old and new shareable databases 33 # pkits.sh - NIST/PKITS tests 34 # chains.sh - PKIX cert chains tests 35 # dbupgrade.sh - upgrade databases to new shareable version (used 36 # only in upgrade test cycle) 37 # memleak.sh - memory leak testing (optional) 38 # ssl_gtests.sh- Gtest based unit tests for ssl 39 # gtests.sh - Gtest based unit tests for everything else 40 # policy.sh - Crypto Policy tests 41 # bogo.sh - Bogo interop tests (disabled by default) 42 # https://boringssl.googlesource.com/boringssl/+/master/ssl/test/PORTING.md 43 # tlsfuzzer.sh - tlsfuzzer interop tests (disabled by default) 44 # https://github.com/tomato42/tlsfuzzer/ 45 # 46 # NSS testing is now devided to 4 cycles: 47 # --------------------------------------- 48 # standard - run test suites with defaults settings 49 # pkix - run test suites with PKIX enabled 50 # upgradedb - upgrade existing certificate databases to shareable 51 # format (creates them if doesn't exist yet) and run 52 # test suites with those databases. Requires to enable libdm. 53 # sharedb - run test suites with shareable database format 54 # enabled (databases are created directly to this 55 # format). This is the default and doesn't need to be run separately. 56 # threadunsafe - run test suites with thread unsafe environment variable 57 # so simulate running NSS locking for PKCS #11 modules which 58 # are not thread safe. 59 # 60 # Mandatory environment variables (to be set before testing): 61 # ----------------------------------------------------------- 62 # HOST - test machine host name 63 # DOMSUF - test machine domain name 64 # 65 # Optional environment variables to specify build to use: 66 # ------------------------------------------------------- 67 # BUILT_OPT - use optimized/debug build 68 # USE_64 - use 64bit/32bit build 69 # 70 # Optional environment variables to select which cycles/suites to test: 71 # --------------------------------------------------------------------- 72 # NSS_CYCLES - list of cycles to run (separated by space 73 # character) 74 # - by default all cycles are tested 75 # 76 # NSS_TESTS - list of all test suites to run (separated by space 77 # character, without trailing .sh) 78 # - this list can be reduced for individual test cycles 79 # NSS_THREAD_TESTS - list of test suites run in the threadunsafe cycle 80 # 81 # NSS_SSL_TESTS - list of ssl tests to run (see ssl.sh) 82 # NSS_SSL_RUN - list of ssl sub-tests to run (see ssl.sh) 83 # 84 # Testing schema: 85 # --------------- 86 # all.sh ~ (main) 87 # | | 88 # +------------+------------+-----------+--- ~ run_cycles 89 # | | | | | 90 # standard pkix upgradedb sharedb ~ run_cycle_* 91 # ... | ... ... | 92 # +------+------+------+-----> ~ run_tests 93 # | | | | | 94 # cert tools fips ssl ... ~ . *.sh 95 # 96 # Special strings: 97 # ---------------- 98 # FIXME ... known problems, search for this string 99 # NOTE .... unexpected behavior 100 # 101 # NOTE: 102 # ----- 103 # Unlike the old QA this is based on files sourcing each other 104 # This is done to save time, since a great portion of time is lost 105 # in calling and sourcing the same things multiple times over the 106 # network. Also, this way all scripts have all shell function 107 # available and a completely common environment 108 # 109 ######################################################################## 110 111 RUN_FIPS="" 112 113 ############################## run_tests ############################### 114 # run test suites defined in TESTS variable, skip scripts defined in 115 # TESTS_SKIP variable 116 ######################################################################## 117 run_tests() 118 { 119 echo "Running test cycle: ${TEST_MODE} ----------------------" 120 echo "List of tests that will be executed: ${TESTS}" 121 for TEST in ${TESTS} 122 do 123 # NOTE: the spaces are important. If you don't include 124 # the spaces, then turning off ssl_gtests will also turn off ssl 125 # tests. 126 echo " ${TESTS_SKIP} " | grep " ${TEST} " > /dev/null 127 if [ $? -eq 0 ]; then 128 continue 129 fi 130 131 SCRIPTNAME=${TEST}.sh 132 echo "Running tests for ${TEST}" 133 echo "TIMESTAMP ${TEST} BEGIN: `date`" 134 (cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1) 135 echo "TIMESTAMP ${TEST} END: `date`" 136 done 137 } 138 139 ########################## run_cycle_standard ########################## 140 # run test suites with sql database (no PKIX) 141 ######################################################################## 142 run_cycle_standard() 143 { 144 TEST_MODE=STANDARD 145 146 NSS_DISABLE_LIBPKIX_VERIFY="1" 147 export NSS_DISABLE_LIBPKIX_VERIFY 148 149 TESTS="${ALL_TESTS}" 150 TESTS_SKIP="libpkix pkits" 151 152 NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE:-"sql"} 153 export NSS_DEFAULT_DB_TYPE 154 155 run_tests 156 157 unset NSS_DISABLE_LIBPKIX_VERIFY 158 } 159 160 ############################ run_cycle_pkix ############################ 161 # run test suites with PKIX enabled 162 ######################################################################## 163 run_cycle_pkix() 164 { 165 TEST_MODE=PKIX 166 167 TABLE_ARGS="bgcolor=cyan" 168 html_head "Testing with PKIX" 169 html "</TABLE><BR>" 170 171 HOSTDIR="${HOSTDIR}/pkix" 172 mkdir -p "${HOSTDIR}" 173 init_directories 174 175 TESTS="${ALL_TESTS}" 176 TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit" 177 178 export -n NSS_SSL_RUN 179 180 # use the default format. (unset for the shell, export -n for binaries) 181 export -n NSS_DEFAULT_DB_TYPE 182 unset NSS_DEFAULT_DB_TYPE 183 184 run_tests 185 } 186 187 ######################### run_cycle_upgrade_db ######################### 188 # upgrades certificate database to shareable format and run test suites 189 # with those databases 190 ######################################################################## 191 run_cycle_upgrade_db() 192 { 193 TEST_MODE=UPGRADE_DB 194 195 TABLE_ARGS="bgcolor=pink" 196 html_head "Testing with upgraded library" 197 html "</TABLE><BR>" 198 199 OLDHOSTDIR="${HOSTDIR}" 200 HOSTDIR="${HOSTDIR}/upgradedb" 201 mkdir -p "${HOSTDIR}" 202 init_directories 203 204 if [ -r "${OLDHOSTDIR}/cert.log" ]; then 205 DIRS="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server $RUN_FIPS SDR server serverCA stapling tools/copydir cert.log cert.done tests.*" 206 for i in $DIRS 207 do 208 cp -r ${OLDHOSTDIR}/${i} ${HOSTDIR} #2> /dev/null 209 done 210 fi 211 212 # upgrade certs dbs to shared db 213 TESTS="dbupgrade" 214 TESTS_SKIP= 215 216 run_tests 217 218 NSS_DEFAULT_DB_TYPE="sql" 219 export NSS_DEFAULT_DB_TYPE 220 221 # run the subset of tests with the upgraded database 222 TESTS="${ALL_TESTS}" 223 TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains" 224 225 run_tests 226 } 227 228 ########################## run_cycle_shared_db ######################### 229 # run test suites with certificate databases set to shareable format 230 ######################################################################## 231 run_cycle_shared_db() 232 { 233 TEST_MODE=SHARED_DB 234 235 TABLE_ARGS="bgcolor=yellow" 236 html_head "Testing with shared library" 237 html "</TABLE><BR>" 238 239 HOSTDIR="${HOSTDIR}/sharedb" 240 mkdir -p "${HOSTDIR}" 241 init_directories 242 243 NSS_DEFAULT_DB_TYPE="sql" 244 export NSS_DEFAULT_DB_TYPE 245 246 # run the tests for native sharedb support 247 TESTS="${ALL_TESTS}" 248 TESTS_SKIP="dbupgrade" 249 250 export -n NSS_SSL_TESTS 251 export -n NSS_SSL_RUN 252 253 run_tests 254 } 255 256 ########################## run_thread_unsafe ######################### 257 # run test suites with an non-thread safe softoken 258 # This simulates loading a non-threadsafe PKCS #11 module and makes 259 # Sure we don't have any deadlocks in our locking code 260 ######################################################################## 261 run_cycle_thread_unsafe() 262 { 263 TEST_MODE=THREAD_UNSAFE 264 265 TABLE_ARGS="bgcolor=lightgray" 266 html_head "Testing with non-threadsafe softoken" 267 html "</TABLE><BR>" 268 269 HOSTDIR="${HOSTDIR}/threadunsafe" 270 mkdir -p "${HOSTDIR}" 271 init_directories 272 273 NSS_FORCE_TOKEN_LOCK=1 274 export NSS_FORCE_TOKEN_LOCK 275 276 # run the tests for appropriate for thread unsafe 277 # basically it's the ssl tests right now. 278 TESTS="${THREAD_TESTS}" 279 TESTS_SKIP="dbupgrade" 280 281 export -n NSS_SSL_TESTS 282 export -n NSS_SSL_RUN 283 284 run_tests 285 } 286 287 ############################# run_cycles ############################### 288 # run test cycles defined in CYCLES variable 289 ######################################################################## 290 run_cycles() 291 { 292 for CYCLE in ${CYCLES} 293 do 294 case "${CYCLE}" in 295 "standard") 296 run_cycle_standard 297 ;; 298 "pkix") 299 if [ -z "$NSS_DISABLE_LIBPKIX" ]; then 300 run_cycle_pkix 301 fi 302 ;; 303 "upgradedb") 304 run_cycle_upgrade_db 305 ;; 306 "sharedb") 307 run_cycle_shared_db 308 ;; 309 "threadunsafe") 310 run_cycle_thread_unsafe 311 ;; 312 esac 313 . ${ENV_BACKUP} 314 done 315 } 316 317 ############################## main code ############################### 318 319 SCRIPTNAME=all.sh 320 CLEANUP="${SCRIPTNAME}" 321 cd `dirname $0` 322 323 # all.sh should be the first one to try to source the init 324 if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then 325 cd common 326 . ./init.sh 327 fi 328 329 cycles="standard pkix threadunsafe" 330 CYCLES=${NSS_CYCLES:-$cycles} 331 332 NO_INIT_SUPPORT=`certutil --build-flags |grep -cw NSS_NO_INIT_SUPPORT` 333 if [ $NO_INIT_SUPPORT -eq 0 ]; then 334 RUN_FIPS="fips" 335 fi 336 337 tests="cipher lowhash libpkix cert dbtests tools $RUN_FIPS sdr crmf smime ssl ocsp merge pkits ec gtests ssl_gtests policy" 338 thread_tests="ssl ssl_gtests" 339 # Don't run chains tests when we have a gyp build. 340 if [ "$OBJDIR" != "Debug" -a "$OBJDIR" != "Release" ]; then 341 tests="$tests chains" 342 fi 343 TESTS=${NSS_TESTS:-$tests} 344 345 ALL_TESTS=${TESTS} 346 default_thread="" 347 for i in ${ALL_TESTS} 348 do 349 for j in ${thread_tests} 350 do 351 if [ $i = $j ]; then 352 default_thread="$default_thread $i" 353 fi 354 done 355 done 356 THREAD_TESTS=${NSS_THREAD_TESTS-$default_thread} 357 358 nss_ssl_tests="crl iopr policy normal_normal" 359 if [ $NO_INIT_SUPPORT -eq 0 ]; then 360 nss_ssl_tests="$nss_ssl_tests fips_normal normal_fips" 361 fi 362 NSS_SSL_TESTS="${NSS_SSL_TESTS:-$nss_ssl_tests}" 363 364 # NOTE: 'stress' run is omitted by default 365 nss_ssl_run="cov auth stapling signed_cert_timestamps scheme" 366 NSS_SSL_RUN="${NSS_SSL_RUN:-$nss_ssl_run}" 367 368 # NOTE: 369 # Lists of enabled tests and other settings are stored to ${ENV_BACKUP} 370 # file and are are restored after every test cycle. 371 372 ENV_BACKUP=${HOSTDIR}/env.sh 373 env_backup > ${ENV_BACKUP} 374 375 # Print hardware support if we built it. 376 if [ -f ${BINDIR}/hw-support ]; then 377 ${BINDIR}/hw-support 378 fi 379 380 if [ "${O_CRON}" = "ON" ]; then 381 run_cycles >> ${LOGFILE} 382 else 383 run_cycles | tee -a ${LOGFILE} 384 fi 385 386 SCRIPTNAME=all.sh 387 388 . ${QADIR}/common/cleanup.sh