master

分支 (16)

标签 (15)

管理

管理

master

openEuler-23.03

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP1

openEuler-22.03-LTS

openEuler-22.09

openEuler-20.03-LTS

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS-SP3

openEuler-20.09

openEuler-21.03

openEuler-21.09

openEuler1.0

openEuler1.0-base

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

crypto-policies
/
backport-rewrite-test-nss-pl-in-pytho...

From 4fb6cdf626ee35623400ca557198cecb4efd4e88 Mon Sep 17 00:00:00 2001
From: Alexander Sosedkin <[email protected]>
Date: Mon, 18 Jan 2021 17:43:53 +0100
Subject: [PATCH] tests/nss.pl: rewrite in Python

---
 Makefile     |  2 +-
 tests/nss.pl | 41 -----------------------------------------
 tests/nss.py | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 42 deletions(-)
 delete mode 100755 tests/nss.pl
 create mode 100755 tests/nss.py

diff --git a/Makefile b/Makefile
index 2699ac6..a50408e 100644
--- a/Makefile
+++ b/Makefile
@@ -43,7 +43,7 @@ check:
 	python/build-crypto-policies.py --policy FIPS:ECDHE-ONLY --test --flat policies tests/outputs
 	tests/openssl.pl
 	tests/gnutls.pl
-	tests/nss.pl
+	tests/nss.py
 	tests/java.pl
 	tests/krb5.py
 	top_srcdir=. tests/update-crypto-policies.sh
diff --git a/tests/nss.pl b/tests/nss.pl
deleted file mode 100755
index e021ffd..0000000
--- a/tests/nss.pl
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/usr/bin/perl
-
-my $RESULTFILE="result-nss.tmp";
-
-use File::Which qw(which);
-
-print "Checking the NSS configuration\n";
-
-my $dir = 'tests/outputs';
-
-opendir(DIR, $dir) or die $!;
-
-my @nsspolicies
-    = grep {
-        /-nss/             # has -nss in name
-        && -f "$dir/$_"   # and is a file
-    } readdir(DIR);
-
-foreach my $policyfile (@nsspolicies) {
-	my $policy = $policyfile;
-	$policy =~ s/-[^-]+$//;
-
-	print "Checking policy $policy\n";
-	my $tool = which "nss-policy-check";
-
-	if ($policy ne 'EMPTY' and $tool ne undef) {
-
-		system("nss-policy-check $dir/$policyfile >$RESULTFILE 2>&1") ;
-		if ($? != 0) {
-			print "Error in NSS policy for $policy\n";
-			print STDERR "NSS policy for $policy:\n";
-			system("cat $dir/$policyfile 1>&2");
-			print STDERR "\nnss-policy-check error:\n";
-			system("cat $RESULTFILE 1>&2");
-			exit 1;
-		}
-		unlink($RESULTFILE);
-	}
-}
-
-exit 0;
diff --git a/tests/nss.py b/tests/nss.py
new file mode 100755
index 0000000..4d2cee1
--- /dev/null
+++ b/tests/nss.py
@@ -0,0 +1,33 @@
+#!/usr/bin/python3
+
+import glob
+import os
+import shutil
+import subprocess
+import sys
+
+
+if shutil.which('nss-policy-check') is None:
+    print('nss-policy-check not found, skipping check', file=sys.stderr)
+    sys.exit(0)
+
+
+print('Checking the NSS configuration')
+
+for policy_path in glob.glob('tests/outputs/*-nss.txt'):
+    policy = os.path.basename(policy_path)[:-len('-nss.txt')]
+    print(f'Checking policy {policy}')
+    if policy not in ('EMPTY', 'GOST-ONLY'):
+        p = subprocess.Popen(['nss-policy-check', policy_path],
+                             stdout=subprocess.PIPE,
+                             stderr=subprocess.STDOUT)
+        output, _ = p.communicate()
+        if p.wait():
+            print(f'Error in NSS policy for {policy}')
+            print(f'NSS policy for {policy}:', file=sys.stderr)
+            with open(policy_path) as policy_file:
+                shutil.copyfileobj(policy_file, sys.stderr)
+                sys.stderr.write('\n')
+            print('nss-policy-check error:', file=sys.stderr)
+            print(output.decode(), file=sys.stderr)
+            sys.exit(1)
--
1.8.3.1