From f9e4b775d9665c702b962189a7d90283437700d7 Mon Sep 17 00:00:00 2001 From: thb-sb Date: Mon, 17 Jul 2023 18:24:20 +0200 Subject: [PATCH] Fix a minor bug in the `runtests.sh`. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit fixes a minor bug in `scripts/runtests.sh`: this script is run with POSIX sh on linux machines, meaning that `[[` are not recognized. However, `[[ … ]]` was used (see for instance [this CI job]). Because `set -e` was not set, the minor bug described above did not lead to a CI failure. This commit fixes the `[[ … ]]` by using a simple `if grep`. It also sets `set -e` at the top of the file in order to catch any potential future mistakes. Finally, this commit also fixes minor warnings raised by [ShellCheck]. To display those warnings, one can simply run `shellcheck scripts/runtests.sh`. [this CI job]: https://github.com/open-quantum-safe/oqs-provider/actions/runs/5527705776/jobs/10083733262#step:6:14 [ShellCheck]: https://www.shellcheck.net/ --- scripts/runtests.sh | 129 ++++++++++++++++++++++---------------------- 1 file changed, 63 insertions(+), 66 deletions(-) diff --git a/scripts/runtests.sh b/scripts/runtests.sh index 2179b750..92dd5e45 100755 --- a/scripts/runtests.sh +++ b/scripts/runtests.sh @@ -1,22 +1,23 @@ #!/bin/sh +set -e + rv=0 provider2openssl() { echo echo "Testing oqsprovider->oqs-openssl interop for $1:" - $OQS_PROVIDER_TESTSCRIPTS/oqsprovider-certgen.sh $1 && $OQS_PROVIDER_TESTSCRIPTS/oqsprovider-cmssign.sh $1 sha3-384 && $OQS_PROVIDER_TESTSCRIPTS/oqs-openssl-certverify.sh $1 && $OQS_PROVIDER_TESTSCRIPTS/oqs-openssl-cmsverify.sh $1 + "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-certgen.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-cmssign.sh" "$1" sha3-384 && "${OQS_PROVIDER_TESTSCRIPTS}/oqs-openssl-certverify.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqs-openssl-cmsverify.sh" "$1" } openssl2provider() { echo echo "Testing oqs-openssl->oqsprovider interop for $1:" - $OQS_PROVIDER_TESTSCRIPTS/oqs-openssl-certgen.sh $1 && $OQS_PROVIDER_TESTSCRIPTS/oqs-openssl-cmssign.sh $1 && $OQS_PROVIDER_TESTSCRIPTS/oqsprovider-certverify.sh $1 && $OQS_PROVIDER_TESTSCRIPTS/oqsprovider-cmsverify.sh $1 + "${OQS_PROVIDER_TESTSCRIPTS}/oqs-openssl-certgen.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqs-openssl-cmssign.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-certverify.sh" "$1" && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-cmsverify.sh" "$1" } localalgtest() { - $OQS_PROVIDER_TESTSCRIPTS/oqsprovider-certgen.sh $1 >> interop.log 2>&1 && $OQS_PROVIDER_TESTSCRIPTS/oqsprovider-certverify.sh $1 >> interop.log 2>&1 && $OQS_PROVIDER_TESTSCRIPTS/oqsprovider-cmssign.sh $1 >> interop.log 2>&1 && $OQS_PROVIDER_TESTSCRIPTS/oqsprovider-ca.sh $1 >> interop.log 2>&1 - if [ $? -ne 0 ]; then + if ! ( "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-certgen.sh" "$1" >> interop.log 2>&1 && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-certverify.sh" "$1" >> interop.log 2>&1 && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-cmssign.sh" "$1" >> interop.log 2>&1 && "${OQS_PROVIDER_TESTSCRIPTS}/oqsprovider-ca.sh" "$1" >> interop.log 2>&1 ); then echo "localalgtest $1 failed. Exiting.". cat interop.log exit 1 @@ -26,131 +27,128 @@ localalgtest() { interop() { echo ".\c" # check if we want to run this algorithm: - if [ ! -z "$OQS_SKIP_TESTS" ]; then - GREPTEST=$(echo $OQS_SKIP_TESTS | sed "s/\,/\\\|/g") - if echo $1 | grep -q "$GREPTEST"; then + if [ -n "${OQS_SKIP_TESTS}" ]; then + GREPTEST=$(echo "${OQS_SKIP_TESTS}" | sed "s/\,/\\\|/g") + if echo "$1" | grep -q "${GREPTEST}"; then echo "Not testing $1" >> interop.log return fi fi # Check whether algorithm is supported at all: - $OPENSSL_APP list -signature-algorithms | grep $1 > /dev/null 2>&1 - if [ $? -ne 1 ]; then - if [ -z "$LOCALTESTONLY" ]; then - provider2openssl $1 >> interop.log 2>&1 && openssl2provider $1 >> interop.log 2>&1 + retcode=0 + "${OPENSSL_APP}" list -signature-algorithms | grep -q "$1" || retcode=$? + if [ "${retcode}" -ne 1 ]; then + if [ -z "${LOCALTESTONLY}" ]; then + provider2openssl "$1" >> interop.log 2>&1 && openssl2provider "$1" >> interop.log 2>&1 else - localalgtest $1 + localalgtest "$1" fi else echo "Algorithm $1 not enabled. Exit testing." exit 1 fi - if [ $? -ne 0 ]; then + if [ "${retcode}" -ne 0 ]; then echo "Test for $1 failed. Terminating testing." cat interop.log exit 1 fi } -if [ -z "$OQS_PROVIDER_TESTSCRIPTS" ]; then - export OQS_PROVIDER_TESTSCRIPTS=$(pwd)/scripts +if [ -z "${OQS_PROVIDER_TESTSCRIPTS}" ]; then + export OQS_PROVIDER_TESTSCRIPTS="$(pwd)/scripts" fi -if [ ! -z "$OPENSSL_INSTALL" ]; then +if [ -n "${OPENSSL_INSTALL}" ]; then # trying to set config variables suitably for pre-existing OpenSSL installation - if [ -f $OPENSSL_INSTALL/bin/openssl ]; then - export OPENSSL_APP=$OPENSSL_INSTALL/bin/openssl + if [ -f "${OPENSSL_INSTALL}/bin/openssl" ]; then + export OPENSSL_APP="${OPENSSL_INSTALL}/bin/openssl" fi - if [ -z "$LD_LIBRARY_PATH" ]; then - if [ -d $OPENSSL_INSTALL/lib64 ]; then - export LD_LIBRARY_PATH=$OPENSSL_INSTALL/lib64 - elif [ -d $OPENSSL_INSTALL/lib ]; then - export LD_LIBRARY_PATH=$OPENSSL_INSTALL/lib + if [ -z "${LD_LIBRARY_PATH}" ]; then + if [ -d "${OPENSSL_INSTALL}/lib64" ]; then + export LD_LIBRARY_PATH="${OPENSSL_INSTALL}/lib64" + elif [ -d "${OPENSSL_INSTALL}/lib" ]; then + export LD_LIBRARY_PATH="${OPENSSL_INSTALL}/lib" fi fi - if [ -f $OPENSSL_INSTALL/ssl/openssl.cnf ]; then - export OPENSSL_CONF=$OPENSSL_INSTALL/ssl/openssl.cnf + if [ -f "${OPENSSL_INSTALL}/ssl/openssl.cnf" ]; then + export OPENSSL_CONF="${OPENSSL_INSTALL}/ssl/openssl.cnf" fi fi -if [ -z "$OPENSSL_CONF" ]; then - export OPENSSL_CONF=$(pwd)/scripts/openssl-ca.cnf +if [ -z "${OPENSSL_CONF}" ]; then + export OPENSSL_CONF="$(pwd)/scripts/openssl-ca.cnf" fi -if [ -z "$OPENSSL_APP" ]; then - if [ -f $(pwd)/openssl/apps/openssl ]; then - export OPENSSL_APP=$(pwd)/openssl/apps/openssl +if [ -z "${OPENSSL_APP}" ]; then + if [ -f "$(pwd)/openssl/apps/openssl" ]; then + export OPENSSL_APP="$(pwd)/openssl/apps/openssl" else # if no local openssl src directory is found, rely on PATH... export OPENSSL_APP=openssl fi fi -if [ -z "$OPENSSL_MODULES" ]; then - export OPENSSL_MODULES=$(pwd)/_build/lib +if [ -z "${OPENSSL_MODULES}" ]; then + export OPENSSL_MODULES="$(pwd)/_build/lib" fi -if [ -z "$LD_LIBRARY_PATH" ]; then - if [ -d $(pwd)/.local/lib64 ]; then - export LD_LIBRARY_PATH=$(pwd)/.local/lib64 +if [ -z "${LD_LIBRARY_PATH}" ]; then + if [ -d "$(pwd)/.local/lib64" ]; then + export LD_LIBRARY_PATH="$(pwd)/.local/lib64" else - if [ -d $(pwd)/.local/lib ]; then - export LD_LIBRARY_PATH=$(pwd)/.local/lib + if [ -d "$(pwd)/.local/lib" ]; then + export LD_LIBRARY_PATH="$(pwd)/.local/lib" fi fi fi -if [ ! -z "$OQS_SKIP_TESTS" ]; then - echo "Skipping algs $OQS_SKIP_TESTS" +if [ -n "${OQS_SKIP_TESTS}" ]; then + echo "Skipping algs ${OQS_SKIP_TESTS}" fi # Set OSX DYLD_LIBRARY_PATH if not already externally set -if [ -z "$DYLD_LIBRARY_PATH" ]; then - export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH +if [ -z "${DYLD_LIBRARY_PATH}" ]; then + export DYLD_LIBRARY_PATH="${LD_LIBRARY_PATH}" fi echo "Test setup:" -echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" -echo "OPENSSL_APP=$OPENSSL_APP" -echo "OPENSSL_CONF=$OPENSSL_CONF" -echo "OPENSSL_MODULES=$OPENSSL_MODULES" -if [[ "$OSTYPE" == "darwin"* ]]; then -echo "DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH" +echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}" +echo "OPENSSL_APP=${OPENSSL_APP}" +echo "OPENSSL_CONF=${OPENSSL_CONF}" +echo "OPENSSL_MODULES=${OPENSSL_MODULES}" +if uname -s | grep -q "^Darwin"; then +echo "DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}" fi # check if we can use docker or not: -docker info 2>&1 | grep Server > /dev/null -if [ $? -ne 0 ]; then +if ! docker info 2>&1 | grep -q Server; then echo "No OQS-OpenSSL111 interop test because of absence of docker" export LOCALTESTONLY="Yes" fi -# by default, do not run interop tests as per +# by default, do not run interop tests as per # https://github.com/open-quantum-safe/oqs-provider/issues/32 # comment the following line if they should be run; be sure to # have alignment in algorithms supported in that case export LOCALTESTONLY="Yes" echo "Version information:" -$OPENSSL_APP version +"${OPENSSL_APP}" version # Disable testing for version 3.0.1: Buggy as hell: -$OPENSSL_APP version | grep "OpenSSL 3.0.1" > /dev/null -if [ $? -eq 0 ]; then +if "${OPENSSL_APP}" version | grep -q "OpenSSL 3.0.1"; then echo "Skipping testing of buggy OpenSSL 3.0.1" exit 0 fi -$OPENSSL_APP list -providers -verbose -if [ $? -ne 0 ]; then +if ! "${OPENSSL_APP}" list -providers -verbose; then echo "Baseline openssl invocation failed. Exiting test." exit 1 fi # Ensure "oqsprovider" is registered: -$OPENSSL_APP list -providers -verbose | grep oqsprovider > /dev/null -if [ $? -ne 0 ]; then +if ! "${OPENSSL_APP}" list -providers -verbose | grep -q oqsprovider; then echo "oqsprovider not registered. Exit test." exit 1 fi @@ -162,16 +160,16 @@ rm -f interop.log echo "Cert gen/verify, CMS sign/verify, CA tests for all enabled OQS signature algorithms commencing: " # auto-detect all available signature algorithms: -for alg in `$OPENSSL_APP list -signature-algorithms | grep oqsprovider | sed -e "s/ @ .*//g" | sed -e "s/^ //g"` -do +for alg in $("${OPENSSL_APP}" list -signature-algorithms | grep oqsprovider | sed -e "s/ @ .*//g" | sed -e "s/^ //g") +do if [ "$1" = "-V" ]; then echo "Testing $alg" fi - interop $alg + interop "${alg}" certsgenerated=1 done -if [ -z $certsgenerated ]; then +if [ -z "${certsgenerated}" ]; then echo "No OQS signature algorithms found in provider 'oqsprovider'. No certs generated. Exiting." exit 1 else @@ -185,9 +183,8 @@ echo # Run built-in tests: # Without removing OPENSSL_CONF ctest hangs... ??? unset OPENSSL_CONF -cd _build && ctest $@ && cd .. - -if [ $? -ne 0 ]; then +rv=0 +if ! ( cd _build && ctest $@ ); then rv=1 fi @@ -197,10 +194,10 @@ fi #rm -rf tmp echo -if [ $rv -ne 0 ]; then +if [ "${rv}" -ne 0 ]; then echo "Tests failed." else echo "All oqsprovider tests passed." fi -exit $rv +exit "${rv}"