From 5fc32a112432a097161d2c32788510e15e5008e8 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 16 Jan 2024 11:58:10 -0500 Subject: [PATCH 1/5] Add in 'make check' bypass --- fips-check.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index d8090cc44..a4b9f7611 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -16,6 +16,7 @@ GIT="${GIT:-git -c advice.detachedHead=false}" TEST_DIR="${TEST_DIR:-XXX-fips-test}" FLAVOR="${FLAVOR:-linux}" KEEP="${KEEP:-no}" +MAKECHECK=${MAKECHECK:-yes} FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}" Usage() { @@ -39,7 +40,9 @@ usageText } while [ "$1" ]; do - if [ "$1" = 'keep' ]; then KEEP='yes'; else FLAVOR="$1"; fi + if [ "$1" = 'keep' ]; then KEEP='yes'; + elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no'; + else FLAVOR="$1"; fi shift done @@ -359,10 +362,11 @@ then fi fi -if ! $MAKE check -then - echo 'fips-check: Test failed. Debris left for analysis.' - exit 3 +if [ "$MAKECHECK" = "yes" ]; then + if ! $MAKE check; then + echo 'fips-check: Test failed. Debris left for analysis.' + exit 3 + fi fi # Clean up From a51c8d54d200bd8eb9f3a599e5f3d8883d42ce9f Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 16 Jan 2024 11:58:34 -0500 Subject: [PATCH 2/5] Standardize script style --- fips-check.sh | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index a4b9f7611..8d116c196 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -265,8 +265,7 @@ esac function checkout_files() { local name local tag - for file_entry in "$@" - do + for file_entry in "$@"; do name=${file_entry%%:*} tag=${file_entry#*:} if ! $GIT rev-parse -q --verify "my$tag" >/dev/null @@ -286,14 +285,12 @@ function copy_fips_files() { local bname local dname local tag - for file_entry in "$@" - do + for file_entry in "$@"; do name=${file_entry%%:*} tag=${file_entry#*:} bname=$(basename "$name") dname=$(dirname "$name") - if ! $GIT rev-parse -q --verify "my$tag" >/dev/null - then + if ! $GIT rev-parse -q --verify "my$tag" >/dev/null; then $GIT branch --no-track "my$tag" "$tag" || exit $? fi $GIT checkout "my$tag" -- "$bname" || exit $? @@ -308,8 +305,7 @@ fi pushd "$TEST_DIR" || exit 2 -if ! $GIT clone "$FIPS_REPO" fips -then +if ! $GIT clone "$FIPS_REPO" fips; then echo "fips-check: Couldn't check out FIPS repository." exit 1 fi @@ -325,8 +321,7 @@ popd || exit 2 # Since OE additions can still be processed for cert3389 we will call 140-2 # ready "fipsv2-OE-ready" indicating it is ready to use for an OE addition but # would not be good for a new certification effort with the latest files. -if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ] -then +if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]; then cp wolfcrypt/src/fips.c wolfcrypt/src/fips.c.bak sed "s/v4.0.0-alpha/fipsv2-OE-ready/" wolfcrypt/src/fips.c.bak >wolfcrypt/src/fips.c fi @@ -346,14 +341,12 @@ cavp-selftest-v2) ;; esac -if ! $MAKE -then +if ! $MAKE; then echo 'fips-check: Make failed. Debris left for analysis.' exit 3 fi -if [ -s wolfcrypt/src/fips_test.c ] -then +if [ -s wolfcrypt/src/fips_test.c ]; then NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p') if [ -n "$NEWHASH" ]; then cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak @@ -371,7 +364,6 @@ fi # Clean up popd || exit 2 -if [ "$KEEP" = 'no' ]; -then +if [ "$KEEP" = 'no' ]; then rm -rf "$TEST_DIR" fi From 79272b58619a3efd0452500b4529974b2d751780 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Tue, 16 Jan 2024 13:39:26 -0500 Subject: [PATCH 3/5] Only take the latest from the repo. Don't need old history. --- fips-check.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fips-check.sh b/fips-check.sh index 8d116c196..d7aa627e4 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -305,9 +305,15 @@ fi pushd "$TEST_DIR" || exit 2 -if ! $GIT clone "$FIPS_REPO" fips; then +# Start from FIPS 140-2 cert3389 +OLDDATE="Tue Jan 9 13:29:37 2018 -0800" +if ! $GIT clone --filter=blob:none --no-checkout --shallow-since="$OLDDATE" "$FIPS_REPO" fips; then echo "fips-check: Couldn't check out FIPS repository." exit 1 +else + pushd fips || exit 2 + git checkout || exit 3 + popd || exit 2 fi checkout_files "${WOLFCRYPT_FILES[@]}" || exit 3 From 81aa495b51dab0ed68446fab43389d5532063d78 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 17 Jan 2024 14:46:19 -0500 Subject: [PATCH 4/5] Fix missing tags --- fips-check.sh | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index d7aa627e4..be6af96c2 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -305,15 +305,9 @@ fi pushd "$TEST_DIR" || exit 2 -# Start from FIPS 140-2 cert3389 -OLDDATE="Tue Jan 9 13:29:37 2018 -0800" -if ! $GIT clone --filter=blob:none --no-checkout --shallow-since="$OLDDATE" "$FIPS_REPO" fips; then +if ! $GIT clone --filter=blob:none --no-checkout "$FIPS_REPO" fips; then echo "fips-check: Couldn't check out FIPS repository." exit 1 -else - pushd fips || exit 2 - git checkout || exit 3 - popd || exit 2 fi checkout_files "${WOLFCRYPT_FILES[@]}" || exit 3 From 41b70b83863007162393b56b1f7897f11c3df6a6 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 17 Jan 2024 17:03:37 -0500 Subject: [PATCH 5/5] Giving up and reverting back to what it was. --- fips-check.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fips-check.sh b/fips-check.sh index be6af96c2..8d116c196 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -305,7 +305,7 @@ fi pushd "$TEST_DIR" || exit 2 -if ! $GIT clone --filter=blob:none --no-checkout "$FIPS_REPO" fips; then +if ! $GIT clone "$FIPS_REPO" fips; then echo "fips-check: Couldn't check out FIPS repository." exit 1 fi