Closed
Bug 725180
Opened 12 years ago
Closed 12 years ago
Create test suite for libmar
Categories
(Toolkit :: Application Update, defect)
Tracking
()
RESOLVED
FIXED
mozilla12
Tracking | Status | |
---|---|---|
firefox11 | --- | unaffected |
firefox12 | --- | fixed |
firefox13 | --- | fixed |
People
(Reporter: bbondy, Assigned: bbondy)
References
Details
(Whiteboard: [qa-])
Attachments
(3 files, 5 obsolete files)
35.14 KB,
patch
|
robert.strong.bugs
:
review+
|
Details | Diff | Splinter Review |
3.43 KB,
patch
|
bbondy
:
review+
|
Details | Diff | Splinter Review |
3.16 KB,
patch
|
robert.strong.bugs
:
review+
|
Details | Diff | Splinter Review |
This bug is to create a test suite for modules/libmar. This test suite should cover: - Creating MARs - Extracting MARs - Signing MARs - Verifying signed MARs - Stripping MAR signatures - Refreshing Product Info Blocks
Assignee | ||
Comment 1•12 years ago
|
||
Work in progress patch. - Created test suite build files - Added 4 reference MARs and code for creating 4 MARs from source files, and comparing to verify they are what they should be.
Assignee | ||
Comment 2•12 years ago
|
||
- Tests for Creating MARs - Tests for Extraction MARs - Tests for Signing, Verifying, and stripping signatures for MARs, and extracting from signed MARs.
Attachment #595265 -
Attachment is obsolete: true
Attachment #598773 -
Flags: review?(robert.bugzilla)
Assignee | ||
Comment 3•12 years ago
|
||
Updated last Windows only patch to work on all platforms (except android).
Attachment #598773 -
Attachment is obsolete: true
Attachment #598773 -
Flags: review?(robert.bugzilla)
Attachment #598841 -
Flags: review?(robert.bugzilla)
Assignee | ||
Comment 4•12 years ago
|
||
Fixed some build problems and a test problem on Linux and OSX. In particular for test changes, the verify signmar command line differs on Windows vs other platforms since verification is done via DER file vs NSS config directory. In particular for build changes, had to add a prefix. Also I expanded the MAR product, channel, version checks to be only enabled when the define is enabled in confvars.sh like verification of signed mars. So windows only for now. Verified tests are passing now on both OS X and Windows.
Attachment #598841 -
Attachment is obsolete: true
Attachment #598841 -
Flags: review?(robert.bugzilla)
Attachment #599275 -
Flags: review?(robert.bugzilla)
Assignee | ||
Comment 5•12 years ago
|
||
Added new tests for: - For a manually crafted MAR where I manually adjusted the version number of the MAR with a hex editor. Asserts that signature verification should fail. - For extracting old no product info block MARs - For extracting old no product info block MARs that were signed (in use today) - For verifying old product info block MARs that were signed
Attachment #599275 -
Attachment is obsolete: true
Attachment #599275 -
Flags: review?(robert.bugzilla)
Attachment #599461 -
Flags: review?(robert.bugzilla)
Comment 6•12 years ago
|
||
Comment on attachment 599461 [details] [diff] [review] Patch v4. >diff --git a/modules/libmar/Makefile.in b/modules/libmar/Makefile.in >--- a/modules/libmar/Makefile.in >+++ b/modules/libmar/Makefile.in >@@ -38,11 +38,16 @@ > > DEPTH = ../.. > topsrcdir = @top_srcdir@ > srcdir = @srcdir@ > VPATH = @srcdir@ > > include $(DEPTH)/config/autoconf.mk > >-DIRS = sign verify src tool >+DIRS = sign verify src tool >+MODULE = libmar_test >+ >+ifdef ENABLE_TESTS >+DIRS += test nit: I think the current preferred dir name is tests. >+endif > > include $(topsrcdir)/config/rules.mk >diff --git a/modules/libmar/TEST/Makefile.in b/modules/libmar/TEST/Makefile.in Why uppercase?
Comment 7•12 years ago
|
||
Comment on attachment 599461 [details] [diff] [review] Patch v4. >diff --git a/modules/libmar/TEST/unit/head_libmar.js.in b/modules/libmar/TEST/unit/head_libmar.js.in >new file mode 100644 >--- /dev/null >+++ b/modules/libmar/TEST/unit/head_libmar.js.in >@@ -0,0 +1,136 @@ >+/* Any copyright is dedicated to the Public Domain. >+ http://creativecommons.org/publicdomain/zero/1.0/ */ >+ >+const BIN_SUFFIX = "@BIN_SUFFIX@"; >+ >+/** >+ * Compares the binary data of 2 files. Just "Compares binary data of two parameters and throws if they aren't the same." since the files aren't involved at this point Might as well add arr1 and arr2 >+ * Throws on mismatch, does nothing on match. >+*/ >+function compareBinaryData(arr1, arr2) { >+ do_check_eq(arr1.length, arr2.length); >+ for (let i = 0; i < arr1.length; i++) { >+ if (arr1[i] != arr2[i]) { >+ throw "Data differs at index " + i; indentation is off on the above 3 lines >+ } >+ } >+}
Assignee | ||
Comment 8•12 years ago
|
||
> include $(topsrcdir)/config/rules.mk
>diff --git a/modules/libmar/TEST/Makefile.in b/modules/libmar/TEST/Makefile.in
> Why uppercase?
I can't explain why it went uppercase, my local patch that has since been qrefresh'ed no longer has it uppercase.
Comment 9•12 years ago
|
||
Comment on attachment 599461 [details] [diff] [review] Patch v4. >diff --git a/modules/libmar/TEST/unit/head_libmar.js.in b/modules/libmar/TEST/unit/head_libmar.js.in >new file mode 100644 >--- /dev/null >+++ b/modules/libmar/TEST/unit/head_libmar.js.in >@@ -0,0 +1,136 @@ >... >+/** >+ * Reads a file's data and returns it >+ * >+ * @param file The file to read the data from >+ * @return a byte array for the data in the file. >+*/ >+function getBinaryFileData(file) { >+ let fileStream = Components.classes[ nit I'd go with const Cc = Components.classes; const Ci = Components.interfaces; etc. to lessen the additional lines to stay under 80
Comment 10•12 years ago
|
||
Comment on attachment 599461 [details] [diff] [review] Patch v4. Could you split out the c++ code changes and their makefiles into a separate patch? >diff --git a/modules/libmar/tool/Makefile.in b/modules/libmar/tool/Makefile.in >--- a/modules/libmar/tool/Makefile.in >+++ b/modules/libmar/tool/Makefile.in >@@ -49,16 +49,20 @@ USE_STATIC_LIBS = 1 > endif > > # The mar executable is output into dist/host/bin since it is something that > # would only be used by our build system and should not itself be included in a > # Mozilla distribution. > HOST_PROGRAM = mar$(HOST_BIN_SUFFIX) > PROGRAM = signmar$(BIN_SUFFIX) > >+# Don't link the updater against libmozglue. See bug 687139 Copy and paste error. This isn't the updater >+MOZ_GLUE_LDFLAGS = >+MOZ_GLUE_PROGRAM_LDFLAGS = >+ r=me for the c++ code changes and their makefiles. I'm still reviewing the tests but if you could please resubmit with the comments addressed so far.
Assignee | ||
Comment 11•12 years ago
|
||
Updated review comments and removed C++ parts and related Makefiles.
Attachment #599461 -
Attachment is obsolete: true
Attachment #599461 -
Flags: review?(robert.bugzilla)
Attachment #600167 -
Flags: review?(robert.bugzilla)
Assignee | ||
Comment 12•12 years ago
|
||
Marking the C++ parts and their Makefile changes as r+ as per comment 10: rs: > r=me for the c++ code changes and their makefiles.
Attachment #600168 -
Flags: review+
Assignee | ||
Comment 13•12 years ago
|
||
When testing the error handling for cert verification errors, I found that we will try to re-use the service for the new service specific security error codes after re-downloading the full MAR. So this error handling should follow the same as the other service specific error codes (fallback to pending before trying to re-download the MAR).
Attachment #600265 -
Flags: review?(robert.bugzilla)
Comment 14•12 years ago
|
||
Comment on attachment 600167 [details] [diff] [review] Libmar test suite. Patch v5. >diff --git a/modules/libmar/tests/unit/test_sign_verify.js b/modules/libmar/tests/unit/test_sign_verify.js >new file mode 100644 >--- /dev/null >+++ b/modules/libmar/tests/unit/test_sign_verify.js >@@ -0,0 +1,187 @@ >... >+ function verifyMAR(signedMAR, wantSuccess) { >+ if (wantSuccess === undefined) { >+ wantSuccess = true; >+ } >+ // Get a process to the signmar binary from the dist/bin directory. >+ let process = Cc["@mozilla.org/process/util;1"]. >+ createInstance(Ci.nsIProcess); >+ let signmarBin = do_get_file("signmar" + BIN_SUFFIX); >+ >+ // Make sure the signmar binary exists and is an executable. >+ do_check_true(signmarBin.exists()); >+ do_check_true(signmarBin.isExecutable()); >+ >+ let DERFile = do_get_file("data/mycert.der"); >+ >+ // Will reference the arguments to use for verification in signmar >+ let args; >+ >+ // The XPCShell test wiki indicates this is the preferred way for >+ // Windows detection. >+ var isWindows = ("@mozilla.org/windows-registry-key;1" >+ in Cc); nit: why 2 lines? I'm a little concerned that there will be times where Windows file in use will prevent the directory removals but it would be better to fix those if they come up. Looks good!
Attachment #600167 -
Flags: review?(robert.bugzilla) → review+
Comment 15•12 years ago
|
||
Comment on attachment 600265 [details] [diff] [review] Fix error handling Patch v1. This will need to be backed out at the same time that these checks are made when not using the service.
Attachment #600265 -
Flags: review?(robert.bugzilla) → review+
Assignee | ||
Comment 16•12 years ago
|
||
Forgot the 2 line -> 1 line nit before landing but I'll fix this once I do the patch for doing the security checks non service, made a local note.
Comment 17•12 years ago
|
||
Just a nit... not a problem :)
Assignee | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla13
Assignee | ||
Comment 18•12 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/bfb987083bcb http://hg.mozilla.org/mozilla-central/rev/4d9778e932ba
Assignee | ||
Comment 19•12 years ago
|
||
and... http://hg.mozilla.org/mozilla-central/rev/2b1a53905350
Assignee | ||
Comment 20•12 years ago
|
||
> I'm a little concerned that there will be times where Windows file in use
> will prevent the directory removals but it would be better to fix those if
> they come up.
By the way I'm not sure why some updater tests are like that but it's something that we shouldn't need to worry about. I think there is something else going on there (like an unclosed handle somewhere) but I'll look into that at a future date if I have more time :)
Comment 21•12 years ago
|
||
I wouldn't worry about it unless they come up. Also, we've seen cases where we'll run into file in use on opt but not debug with update and other tests.
Assignee | ||
Comment 22•12 years ago
|
||
http://hg.mozilla.org/releases/mozilla-aurora/rev/18840d884c97
status-firefox11:
--- → unaffected
status-firefox12:
--- → fixed
status-firefox13:
--- → fixed
Target Milestone: mozilla13 → mozilla12
You need to log in
before you can comment on or make changes to this bug.
Description
•