diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
| commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
| tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/automation/taskcluster/scripts/run_hacl.sh | |
| parent | Initial commit. (diff) | |
| download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip | |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/automation/taskcluster/scripts/run_hacl.sh')
| -rwxr-xr-x | security/nss/automation/taskcluster/scripts/run_hacl.sh | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/nss/automation/taskcluster/scripts/run_hacl.sh b/security/nss/automation/taskcluster/scripts/run_hacl.sh new file mode 100755 index 0000000000..44bdb83885 --- /dev/null +++ b/security/nss/automation/taskcluster/scripts/run_hacl.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +if [[ $(id -u) -eq 0 ]]; then + # Drop privileges by re-running this script. + # Note: this mangles arguments, better to avoid running scripts as root. + exec su worker -c "$0 $*" +fi + +set -e -x -v + +# The docker image this is running in has NSS sources. +# Get the HACL* source, containing a snapshot of the C code, extracted on the +# HACL CI. +git clone -q "https://github.com/hacl-star/hacl-star" ~/hacl-star +git -C ~/hacl-star checkout -q 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 + +# Format the C snapshot. +cd ~/hacl-star/dist/mozilla +cp ~/nss/.clang-format . +find . -type f -name '*.[ch]' -exec clang-format -i {} \+ +cd ~/hacl-star/dist/karamel +cp ~/nss/.clang-format . +find . -type f -name '*.[ch]' -exec clang-format -i {} \+ + +# These diff commands will return 1 if there are differences and stop the script. + +# We have two checks in the script. +# The first one only checks the files in the verified/internal folder; the second one does for all the rest +# It was implemented like this due to not uniqueness of the names in the verified folders +# For instance, the files Hacl_Chacha20.h are present in both directories, but the content differs. + +files=($(find ~/nss/lib/freebl/verified/internal -type f -name '*.[ch]')) +for f in "${files[@]}"; do + file_name=$(basename "$f") + hacl_file=($(find ~/hacl-star/dist/mozilla/internal/ -type f -name $file_name)) + diff $hacl_file $f +done + +files=($(find ~/nss/lib/freebl/verified/ -type f -name '*.[ch]' -not -path "*/freebl/verified/internal/*" -not -path "*/freebl/verified/config.h")) +for f in "${files[@]}"; do + file_name=$(basename "$f") + hacl_file=($(find ~/hacl-star/dist/mozilla/ ~/hacl-star/dist/karamel/ -type f -name $file_name -not -path "*/hacl-star/dist/mozilla/internal/*")) + diff $hacl_file $f +done |