Split test_psa_compliance.py #209
Conversation
Signed-off-by: Gilles Peskine <[email protected]>
This will allow consuming branches to each have their executable entry point. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
…thms Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
size-s
github-project-automation
bot
moved this to In Development
in Roadmap pull requests (new board)
…odgy) Signed-off-by: Gilles Peskine <[email protected]>
When looking for constructors, do complain if we see an unusual macro with a parameter: there's a significant chance that it's something new that will require specific handling. As a consequence, we need to explicitly skip more things that are known not to be constructors. Keep ignoring macros without parameters that don't look like constructors for the types we care about. Those probably don't matter. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
force-pushed
the
compliance-split-framework
branch
from
7557dd0 to
ca98305
Compare
Having separate patch files has several benefits: * They're available for integrators who wouldn't use our script to test compliance. * We keep them separate so they're easier for us to keep track of, and apply separately if needed. * No need to cheat with unchanged empty lines (normally represented by a line containing a single space in a patch file) to keep `check_files.py` happy. Signed-off-by: Gilles Peskine <[email protected]>
…same name mypy can't deal with two modules with the same basename on its command line. We don't normally want modules with the same name in different directories, to avoid confusion, but it can happen occasionally while moving files across repositories. Signed-off-by: Gilles Peskine <[email protected]>
An unchanged blank line results in a line containing a single space in the diff. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
needs-review
| subprocess.check_call(['git', 'checkout', '--force', 'FETCH_HEAD']) | ||
|
|
||
| if patch: | ||
| if patch_files: |
There was a problem hiding this comment.
I don't understand the logic behind running git reset only if we have a patch to apply. It seems to me that git reset is needed if we had a patch to apply the last time we ran this script (and we are re-using the repo), which might not be the same as we have one now. Also, I don't think calling git reset when not strictly needed does any harm. So, I'd be inclined to just call it unconditionally. Am I missing something?
There was a problem hiding this comment.
I wanted to minimize changes in 3.6 which doesn't need any of the new fancy stuff. Also, arguably, it makes things worse for local debugging where you might want to edit the cached psa-arch-test tree until you get it right. On the other hand, I agree with you that I would have made git reset unconditional if I was doing this from scratch. I'll defer to Bence's preference on that since he know this script's history a lot better than we do.
There was a problem hiding this comment.
In my local copy, I've now changed this to be controlled by the psa-arch-tests ref specification:
- With no argument or
--tests-ref=REFSPEC, check that out, reset, and apply patches. - With
--tests-ref=, reuse whatever is in the working tree: no git checkout, no reset, no patches. (To do reset+patch but not checkout, you can use--tests-ref=HEAD.)
Does that seem sensible?
| patch_file_glob = os.path.join(args.patch_directory, '*.patch') | ||
| patch_files = sorted(glob.glob(patch_file_glob)) |
There was a problem hiding this comment.
Nit: This allows users to pass a patch_directory containing literal glob characters, which might lead to unexpected results.
glob.glob also silently ignores non-existent patch directories
Something like
patch_files = sorted(pathlib.Path(patch_directory).glob('*.patch'))Would allow us to separate the glob from the user input
github-project-automation
bot
moved this from In Development
to Has Approval
in Roadmap pull requests (new board)
github-project-automation
bot
moved this from Has Approval
to Done
in Roadmap pull requests (new board)
bensze01
added
approved
|
I've addressed the non-blocking review comments from this PR and its consumers in #221 and its consumers. |
3 participants
Split the PSA API compliance script
test_psa_compliance.pyinto an engine plus a pre-branch runner, like with many similar scripts. Now each branch has the knowledge of which version of psa-arch-tests it runs against and how to adjust the results if needed.Also do the bare minimum to allow TF-PSA-Crypto to declare SPAKE2+ key types and algorithms in Mbed-TLS/TF-PSA-Crypto#453.
Fixes #158.
PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.