Unverified Commit 1488556b authored by Morgan Jones's avatar Morgan Jones
Browse files

tpm2-pkcs11: enable integration tests 

h/t @illdefined for the work on these; see:
https://github.com/NixOS/nixpkgs/pull/378737#issuecomment-2661555642

Only difference is a nixfmt pass.
parent de85fc8e

pkgs/by-name/tp/tpm2-pkcs11/disable-java-integration.patch

0 → 100644
+58 −0
Original line number Diff line number Diff line 
diff --git a/Makefile-integration.am b/Makefile-integration.am

index e2255de..3cea1d8 100644

--- a/Makefile-integration.am

+++ b/Makefile-integration.am

@@ -7,7 +7,6 @@ integration_scripts = \

     test/integration/pkcs11-dbup.sh.nosetup \

     test/integration/tls-tests.sh \

     test/integration/openssl.sh \

-    test/integration/pkcs11-javarunner.sh.java \

     test/integration/nss-tests.sh \

     test/integration/ptool-link.sh.nosetup \

     test/integration/python-pkcs11.sh

@@ -110,13 +109,5 @@ test_integration_pkcs_lockout_int_CFLAGS  = $(AM_CFLAGS) $(TESTS_CFLAGS)

 test_integration_pkcs_lockout_int_LDADD   = $(TESTS_LDADD)  $(SQLITE3_LIBS)

 test_integration_pkcs_lockout_int_SOURCES = test/integration/pkcs-lockout.int.c test/integration/test.c

 

-#

-# Java Tests

-#

-AM_JAVA_LOG_FLAGS = --tabrmd-tcti=$(TABRMD_TCTI) --tsetup-script=$(top_srcdir)/test/integration/scripts/create_pkcs_store.sh

-JAVA_LOG_COMPILER=$(LOG_COMPILER)

-dist_noinst_JAVA = test/integration/PKCS11JavaTests.java

-CLEANFILES += test/integration/PKCS11JavaTests.class

-

 endif

 # END INTEGRATION

diff --git a/configure.ac b/configure.ac

index 1ec6eb4..7a0a8ee 100644

--- a/configure.ac

+++ b/configure.ac

@@ -258,13 +258,6 @@ AC_ARG_ENABLE(

     [build and execute integration tests])],,

   [enable_integration=no])

 

-# Test for Java compiler and interpreter without throwing fatal errors (since

-# these macros are defined using AC_DEFUN they cannot be called conditionally)

-m4_pushdef([AC_MSG_ERROR], [have_javac=no])

-AX_PROG_JAVAC()

-AX_PROG_JAVA()

-m4_popdef([AC_MSG_ERROR])

-

 AC_DEFUN([integration_test_checks], [

 

   AC_CHECK_PROG([tpm2_createprimary], [tpm2_createprimary], [yes], [no])

@@ -382,13 +375,6 @@ AC_DEFUN([integration_test_checks], [

         [AC_MSG_ERROR([Integration tests enabled but tss2_provision executable not found.])])

   ])

 

-  AS_IF([test "x$have_javac" = "xno"],

-    [AC_MSG_ERROR([Integration tests enabled but no Java compiler was found])])

-  AX_CHECK_CLASS([org.junit.Assert], ,

-    [AC_MSG_ERROR([Integration tests enabled but JUnit not found, try setting CLASSPATH])])

-  AX_CHECK_CLASS([org.hamcrest.SelfDescribing], ,

-    [AC_MSG_ERROR([Integration tests enabled but Hamcrest not found, try setting CLASSPATH])])

-

   AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])

 ]) # end function integration_test_checks

pkgs/by-name/tp/tpm2-pkcs11/package.nix

+92 −18
Original line number Diff line number Diff line 
{

  autoconf-archive,

  autoreconfHook,

  buildEnv,

  clangStdenv,

  cmocka,

  dbus,

  expect,

  fetchFromGitHub,

  glibc,

  gnutls,

  iproute2,

  lib,

  libyaml,

  makeWrapper,

  opensc,

  openssh,

  openssl,

  nss,

  p11-kit,

  patchelf,

  pkg-config,

  python3,

  stdenv,

  sqlite,

  swtpm,

  tpm2-abrmd,

  tpm2-openssl,

  tpm2-pkcs11, # for passthru abrmd tests

  tpm2-tools,

  tpm2-tss,

  which,

  xxd,

  abrmdSupport ? false,

  fapiSupport ? true,

  enableFuzzing ? false,
@@ -38,25 +50,37 @@ chosenStdenv.mkDerivation (finalAttrs: { 
    hash = "sha256-W74ckrpK7ypny1L3Gn7nNbOVh8zbHavIk/TX3b8XbI8=";

  };



  # The preConfigure phase doesn't seem to be working here

  # ./bootstrap MUST be executed as the first step, before all

  # of the autoreconfHook stuff

  # Disable Java‐based tests because of missing dependencies

  patches = [ ./disable-java-integration.patch ];



  postPatch = ''

    echo "$version" > VERSION

    echo ${lib.escapeShellArg finalAttrs.version} >VERSION



    # Don't run git in the bootstrap

    substituteInPlace bootstrap --replace-warn "git" "# git"



    # Don't run tests with dbus

    substituteInPlace Makefile.am --replace-fail "dbus-run-session" "env"

    # Provide configuration file for D-Bus

    substituteInPlace Makefile.am --replace-fail \

      "dbus-run-session" \

      "dbus-run-session --config-file=${dbus}/share/dbus-1/session.conf"



    # Disable failing tests

    sed -E -i '/\<test\/integration\/(pkcs-crypt\.int|pkcs11-tool\.sh)\>/d' \

      Makefile-integration.am



    patchShebangs test

    patchShebangs test tools



    # The preConfigure phase doesn't seem to be working here

    # ./bootstrap MUST be executed as the first step, before all

    # of the autoreconfHook stuff

    ./bootstrap

  '';



  configureFlags =

    lib.singleton (lib.enableFeature finalAttrs.doCheck "unit")

    [

      (lib.enableFeature finalAttrs.doCheck "unit")

      (lib.enableFeature finalAttrs.doCheck "integration")

    ]

    ++ lib.optionals enableFuzzing [

      "--enable-fuzzing"

      "--disable-hardening"
@@ -72,15 +96,20 @@ chosenStdenv.mkDerivation (finalAttrs: { 
    patchelf

    pkg-config

    (python3.withPackages (

      ps: with ps; [

      ps:

      with ps;

      [

        packaging

        pyyaml

        python-pkcs11

        cryptography

        pyasn1-modules

        tpm2-pytss

      ]

      ++ cryptography.optional-dependencies.ssh

    ))

  ];



  buildInputs = [

    libyaml

    opensc
@@ -89,8 +118,28 @@ chosenStdenv.mkDerivation (finalAttrs: { 
    tpm2-tools

    tpm2-tss

  ];



  nativeCheckInputs = [

    dbus

    expect

    gnutls

    iproute2

    nss.tools

    opensc

    openssh

    openssl

    p11-kit

    sqlite

    swtpm

    tpm2-abrmd

    tpm2-tools

    which

    xxd

  ];



  checkInputs = [

    cmocka

    tpm2-abrmd

  ];



  enableParallelBuilding = true;
@@ -106,19 +155,51 @@ chosenStdenv.mkDerivation (finalAttrs: { 
  dontStrip = true;

  dontPatchELF = true;



  preCheck =

    let

      openssl-modules = buildEnv {

        name = "openssl-modules";

        pathsToLink = [ "/lib/ossl-modules" ];

        paths = map lib.getLib [

          openssl

          tpm2-openssl

        ];

      };

    in

    ''

      # Enable tests to load TCTI modules

      export LD_LIBRARY_PATH+=":${

        lib.makeLibraryPath [

          swtpm

          tpm2-tools

          tpm2-abrmd

        ]

      }"



      # Enable tests to load TPM2 OpenSSL module

      export OPENSSL_MODULES="${openssl-modules}/lib/ossl-modules"

    '';



  postInstall = ''

    mkdir -p $bin/bin/ $bin/share/tpm2_pkcs11/

    mv ./tools/* $bin/share/tpm2_pkcs11/

    makeWrapper $bin/share/tpm2_pkcs11/tpm2_ptool.py $bin/bin/tpm2_ptool \

      --prefix PATH : ${lib.makeBinPath [ tpm2-tools ]}

  '';



  # To be able to use the userspace resource manager, the RUNPATH must

  # explicitly include the tpm2-abrmd shared libraries.

  preFixup =

    let

      rpath = lib.makeLibraryPath (

        (lib.optional abrmdSupport tpm2-abrmd)

        ++ [

        [

          glibc

          libyaml

          openssl

          sqlite

          tpm2-tss

        ]

        ++ (lib.optional abrmdSupport tpm2-abrmd)

      );

    in

    ''
@@ -129,13 +210,6 @@ chosenStdenv.mkDerivation (finalAttrs: { 
        $out/lib/libtpm2_pkcs11.so.0.0.0

    '';



  postInstall = ''

    mkdir -p $bin/bin/ $bin/share/tpm2_pkcs11/

    mv ./tools/* $bin/share/tpm2_pkcs11/

    makeWrapper $bin/share/tpm2_pkcs11/tpm2_ptool.py $bin/bin/tpm2_ptool \

      --prefix PATH : ${lib.makeBinPath [ tpm2-tools ]}

  '';



  passthru = {

    tests.tpm2-pkcs11-abrmd = tpm2-pkcs11.override {

      abrmdSupport = true;