Adding upstream version 115.8.0esr.upstream/115.8.0esr

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 101 insertions, 0 deletions

diff --git a/security/nss/automation/taskcluster/docker-acvp/Dockerfile b/security/nss/automation/taskcluster/docker-acvp/Dockerfile
new file mode 100644
index 0000000000..b981019a44
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-acvp/Dockerfile
@@ -0,0 +1,50 @@
+# Minimal image with clang-format 3.9.
+FROM rust:1.64
+LABEL maintainer="iaroslav.gridin@tuni.fi"
+
+# for new clang/llvm
+RUN echo "deb http://ftp.debian.org/debian/ sid main" > /etc/apt/sources.list.d/sid.list \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    locales \
+    python-dev-is-python3 \
+    mercurial \
+    python3-pip \
+    python-setuptools \
+    build-essential \
+    cargo \
+    rustc \
+    git \
+    gyp \
+    clang-15 \
+    libclang-rt-15-dev \
+    llvm-15 \
+    ninja-build \
+    binutils \
+ && rm -rf /var/lib/apt/lists/* \
+ && apt-get autoremove -y && apt-get clean -y
+
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME $USER
+ENV HOME /home/$USER
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL $LANG
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+RUN locale-gen $LANG \
+ && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
+
+RUN useradd -d $HOME -s $SHELL -m $USER
+WORKDIR $HOME
+
+ADD bin $HOME/bin
+RUN chmod +x $HOME/bin/*
+
+USER $USER
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
diff --git a/security/nss/automation/taskcluster/docker-acvp/bin/checkout.sh b/security/nss/automation/taskcluster/docker-acvp/bin/checkout.sh
new file mode 100755
index 0000000000..2a7d32c46b
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-acvp/bin/checkout.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+hg clone -r $REVISION $REPOSITORY nss
+
+# Clone NSPR if needed.
+hg clone -r default https://hg.mozilla.org/projects/nspr
+
+if [[ -f nss/nspr.patch && "$ALLOW_NSPR_PATCH" == "1" ]]; then
+  pushd nspr
+  cat ../nss/nspr.patch | patch -p1
+  popd
+fi
+
diff --git a/security/nss/automation/taskcluster/docker-acvp/bin/run.sh b/security/nss/automation/taskcluster/docker-acvp/bin/run.sh
new file mode 100755
index 0000000000..a5237850ff
--- /dev/null
+++ b/security/nss/automation/taskcluster/docker-acvp/bin/run.sh
@@ -0,0 +1,26 @@
+#!/bin/bash -eu
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+################################################################################
+export NSS_PATH=$PWD NSS_SOURCES_PATH=$PWD/nss
+export LD_LIBRARY_PATH=$PWD/dist/Debug/lib/
+export RUST_LOG=warn
+export RUSTFLAGS="-C instrument-coverage"
+cd nss
+CC=clang-15 CXX=clang++-15 ./build.sh -g -v --sourcecov --static --disable-tests
+
+git clone --depth=1 https://gitlab.com/nisec/nss-project/acvp-rust.git
+cd acvp-rust
+cargo build
+TESTRUN="cargo run --bin test -- --profdata-command llvm-profdata-15"
+echo "AES-GCM:"
+$TESTRUN acvp-rust/samples/aes-gcm.json symmetric nss
+echo "ECDSA:"
+$TESTRUN acvp-rust/samples/ecdsa.json ecdsa nss
+echo "RSA:"
+$TESTRUN acvp-rust/samples/rsa.json rsa nss
+echo "SHA-256:"
+$TESTRUN acvp-rust/samples/sha256.json sha nss