forked from wolfSSL/wolfssl
fips-check.sh: add support for WOLFSSL_REPO and noautogen option; tweak git fetching to keep wolfssl and fips tags distinct, and fetch all needed tags by name to assure availability for checkout. also, hide stdout noise from pushd/popd.
This commit is contained in:
Daniel Pouzzner
@ -18,7 +18,9 @@ FLAVOR="${FLAVOR:-linux}"
|
||||
KEEP="${KEEP:-no}"
|
||||
MAKECHECK=${MAKECHECK:-yes}
|
||||
DOCONFIGURE=${DOCONFIGURE:-yes}
|
||||
DOAUTOGEN=${DOAUTOGEN:-yes}
|
||||
FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
|
||||
WOLFSSL_REPO="${WOLFSSL_REPO:-origin}"
|
||||
|
||||
Usage() {
|
||||
cat <<usageText
|
||||
@ -46,6 +48,7 @@ while [ "$1" ]; do
|
||||
if [ "$1" = 'keep' ]; then KEEP='yes';
|
||||
elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no';
|
||||
elif [ "$1" = 'nodoconfigure' ]; then DOCONFIGURE='no';
|
||||
elif [ "$1" = 'noautogen' ]; then DOCONFIGURE='no'; DOAUTOGEN='no';
|
||||
else FLAVOR="$1"; fi
|
||||
shift
|
||||
done
|
||||
@ -432,25 +435,56 @@ function copy_fips_files() {
|
||||
done
|
||||
}
|
||||
|
||||
# Check to make sure this is not a shallow repo
|
||||
$GIT fetch --unshallow 2>/dev/null
|
||||
declare -A FIPS_TAGS_NEEDED WOLFCRYPT_TAGS_NEEDED
|
||||
for file_entry in "${WOLFCRYPT_FILES[@]}"; do
|
||||
WOLFCRYPT_TAGS_NEEDED["${file_entry#*:}"]=1
|
||||
done
|
||||
for file_entry in "${FIPS_FILES[@]}"; do
|
||||
FIPS_TAGS_NEEDED["${file_entry#*:}"]=1
|
||||
done
|
||||
|
||||
echo "wolfCrypt tag$( [[ ${#WOLFCRYPT_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
|
||||
for tag in "${!WOLFCRYPT_TAGS_NEEDED[@]}"; do
|
||||
if $GIT describe --exact-match --long "$tag" 2>/dev/null; then
|
||||
continue
|
||||
fi
|
||||
if ! $GIT fetch --depth 1 "$WOLFSSL_REPO" tag "$tag"; then
|
||||
echo "Can't fetch wolfCrypt tag: $tag"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
if ! $GIT clone . "$TEST_DIR"; then
|
||||
echo "fips-check: Couldn't duplicate current working directory."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
pushd "$TEST_DIR" || exit 2
|
||||
pushd "$TEST_DIR" 1>/dev/null || exit 2
|
||||
|
||||
if ! $GIT clone "$FIPS_REPO" fips; then
|
||||
echo "fips-check: Couldn't check out FIPS repository."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
pushd fips 1>/dev/null || exit 2
|
||||
|
||||
echo "FIPS tag$( [[ ${#FIPS_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
|
||||
for tag in "${!FIPS_TAGS_NEEDED[@]}"; do
|
||||
if $GIT describe "$tag" 2>/dev/null; then
|
||||
continue
|
||||
fi
|
||||
if ! $GIT fetch --depth 1 "$FIPS_REPO" tag "$tag"; then
|
||||
echo "Can't fetch FIPS tag: $tag"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
popd 1>/dev/null || exit 2
|
||||
|
||||
checkout_files "${WOLFCRYPT_FILES[@]}" || exit 3
|
||||
pushd fips || exit 2
|
||||
pushd fips 1>/dev/null || exit 2
|
||||
copy_fips_files "${FIPS_FILES[@]}" || exit 3
|
||||
popd || exit 2
|
||||
popd 1>/dev/null || exit 2
|
||||
|
||||
# When checking out cert 3389 ready code, NIST will no longer perform
|
||||
# new certifications on 140-2 modules. If we were to use the latest files from
|
||||
@ -464,7 +498,9 @@ if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]; then
|
||||
fi
|
||||
|
||||
# run the make test
|
||||
./autogen.sh
|
||||
if [ "$DOAUTOGEN" = "yes" ]; then
|
||||
./autogen.sh
|
||||
fi
|
||||
|
||||
if [ "$DOCONFIGURE" = "yes" ]; then
|
||||
case "$FIPS_OPTION" in
|
||||
@ -502,7 +538,7 @@ if [ "$DOCONFIGURE" = "yes" ]; then
|
||||
fi
|
||||
|
||||
# Clean up
|
||||
popd || exit 2
|
||||
popd 1>/dev/null || exit 2
|
||||
if [ "$KEEP" = 'no' ]; then
|
||||
rm -rf "$TEST_DIR"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user