Run integv2 tests with nix (aws#3824)

.gitignore

@@ -38,4 +38,4 @@ CMakeFiles/*
 build/
 result
 result-*
-
+*.class

CMakeLists.txt

@@ -36,6 +36,8 @@ option(S2N_LTO, "Enables link time optimizations when building s2n-tls." OFF)
 option(S2N_STACKTRACE "Enables stacktrace functionality in s2n-tls." ON)
 option(COVERAGE "Enable profiling collection for code coverage calculation" OFF)
 option(S2N_INTEG_TESTS "Enable the integrationv2 tests" OFF)
+option(S2N_FAST_INTEG_TESTS "Enable the integrationv2 with more parallelism, only has effect if S2N_INTEG_TESTS=ON" OFF)
+option(S2N_INSTALL_S2NC_S2ND "Install the binaries s2nc and s2nd" OFF)
 
 # Turn BUILD_TESTING=ON by default
 include(CTest)
@@ -661,17 +663,32 @@ if (BUILD_TESTING)
         foreach(test_file_path ${integv2_test_files})
             get_filename_component(test_filename ${test_file_path} NAME_WE)
             string(REGEX REPLACE "^test_" "integrationv2_" test_target ${test_filename})
-            add_test(NAME ${test_target}
-                COMMAND
-                ${CMAKE_COMMAND} -E env
-                DYLD_LIBRARY_PATH=${PROJECT_SOURCE_DIR}/libcrypto-root/lib:$ENV{DYLD_LIBRARY_PATH}
-                LD_LIBRARY_PATH=${PROJECT_SOURCE_DIR}/libcrypto-root/lib:${PROJECT_SOURCE_DIR}/test-deps/openssl-1.1.1/lib:${PROJECT_SOURCE_DIR}/test-deps/gnutls37/nettle/lib:$ENV{LD_LIBRARY_PATH}
-                PATH=${PROJECT_SOURCE_DIR}/bin:${PROJECT_SOURCE_DIR}/test-deps/openssl-1.1.1/bin:${PROJECT_SOURCE_DIR}/test-deps/gnutls37/bin:$ENV{PATH}
-                PYTHONNOUSERSITE=1
-                S2N_INTEG_TEST=1
-                TOX_TEST_NAME=${test_file_path}
-                ${Python3_EXECUTABLE} -m tox
-                WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/tests/integrationv2)
+	    if (S2N_FAST_INTEG_TESTS)
+	        cmake_host_system_information(RESULT N QUERY NUMBER_OF_LOGICAL_CORES)
+	        if (N EQUAL 0)
+		    set(N 1)
+		endif()
+   	        add_test(NAME ${test_target}
+		  COMMAND
+		  pytest
+		  -x -n=${N} --maxfail=1 --reruns=0 --cache-clear -rpfsq
+		  -o log_cli=true --log-cli-level=DEBUG --provider-version=$ENV{S2N_LIBCRYPTO}
+		  --provider-criterion=off --fips-mode=0 --no-pq=0 ${test_file_path}
+		  WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/tests/integrationv2
+		)
+	    else()
+	        add_test(NAME ${test_target}
+                  COMMAND
+                  ${CMAKE_COMMAND} -E env
+                  DYLD_LIBRARY_PATH=${PROJECT_SOURCE_DIR}/libcrypto-root/lib:$ENV{DYLD_LIBRARY_PATH}
+                  LD_LIBRARY_PATH=${PROJECT_SOURCE_DIR}/libcrypto-root/lib:${PROJECT_SOURCE_DIR}/test-deps/openssl-1.1.1/lib:${PROJECT_SOURCE_DIR}/test-deps/gnutls37/nettle/lib:$ENV{LD_LIBRARY_PATH}
+                  PATH=${PROJECT_SOURCE_DIR}/bin:${PROJECT_SOURCE_DIR}/test-deps/openssl-1.1.1/bin:${PROJECT_SOURCE_DIR}/test-deps/gnutls37/bin:$ENV{PATH}
+                  PYTHONNOUSERSITE=1
+                  S2N_INTEG_TEST=1
+                  TOX_TEST_NAME=${test_file_path}
+                  ${Python3_EXECUTABLE} -m tox
+                  WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/tests/integrationv2)
+	    endif()
             set_property(TEST ${test_target} PROPERTY LABELS "integrationv2")
             set_property(TEST ${test_target} PROPERTY TIMEOUT 7200)
         endforeach()
@@ -688,6 +705,12 @@ elseif(NOT DEFINED CMAKE_INSTALL_LIBDIR)
     set(CMAKE_INSTALL_LIBDIR "lib")
 endif()
 
+if (S2N_INSTALL_S2NC_S2ND)
+  install(
+    TARGETS s2nc s2nd RUNTIME DESTINATION bin
+    )
+endif()
+
 install(
         TARGETS ${PROJECT_NAME}
         EXPORT ${PROJECT_NAME}-targets
@@ -696,6 +719,7 @@ install(
         RUNTIME DESTINATION bin COMPONENT Runtime
 )
 
+
 configure_file("cmake/${PROJECT_NAME}-config.cmake"
         "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}-config.cmake"
         @ONLY)

flake.nix

@@ -5,7 +5,20 @@
 
   outputs = { self, nix, nixpkgs, flake-utils }:
     flake-utils.lib.eachDefaultSystem (system:
-      let pkgs = nixpkgs.legacyPackages.${system};
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+        # TODO: We have parts of our CI that rely on clang-format-15, but that is only avalible on github:nixos/nixpkgs/nixos-unstable
+        llvmPkgs = pkgs.llvmPackages_14;
+        pythonEnv = import ./nix/pyenv.nix { pkgs = pkgs; };
+        openssl_0_9_8 = import ./nix/openssl_0_9_8.nix { pkgs = pkgs; };
+        openssl_1_0_2 = import ./nix/openssl_1_0_2.nix { pkgs = pkgs; };
+        openssl_1_1_1 = import ./nix/openssl_1_1_1.nix { pkgs = pkgs; };
+        openssl_3_0 = import ./nix/openssl_3_0.nix { pkgs = pkgs; };
+        libressl = import ./nix/libressl.nix { pkgs = pkgs; };
+        corretto-8 = import nix/amazon-corretto-8.nix { pkgs = pkgs; };
+        gnutls-3-7 = import nix/gnutls.nix { pkgs = pkgs; };
+        writeScript = path:
+          pkgs.writeScript (baseNameOf path) (builtins.readFile path);
       in rec {
         packages.s2n-tls = pkgs.stdenv.mkDerivation {
           src = self;
@@ -15,14 +28,79 @@
           nativeBuildInputs = [ pkgs.cmake ];
           buildInputs = [ pkgs.openssl ];
 
-          cmakeFlags = [
-            "-DBUILD_SHARED_LIBS=ON"
-            "-DCMAKE_BUILD_TYPE=RelWithDebInfo"
-            "-DS2N_NO_PQ=1" # TODO: set when system like aarch64/mips,etc
-          ];
+          configurePhase = ''
+            cmake -S . -B./build \
+                  -DBUILD_SHARED_LIBS=ON \
+                  -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+                  -DS2N_NO_PQ=1
+          ''; # TODO: set when system like aarch64/mips,etc
+
+          buildPhase = ''
+            cmake --build ./build -j $(nproc)
+          '';
+
+          installPhase = ''
+            cmake --install ./build --prefix $out
+          '';
+
+          checkPhase = ''
+            echo Not running tests here. Run `nix develop` to run tests.
+          '';
 
           propagatedBuildInputs = [ pkgs.openssl ];
+        };
+        devShells.default = pkgs.mkShell {
+          # This is a development enviroment shell which should be able to:
+          #  - build s2n-tls
+          #  - run unit tests
+          #  - run integ tests
+          #  - do common development operations (e.g. lint, debug, and manage repos)
+          inherit system;
+          shellHook = ''
+            echo Setting up enviornment from flake.nix...
+            export S2N_LIBCRYPTO=openssl-1.1.1
+            export PATH=${openssl_1_1_1}/bin:${gnutls-3-7}/bin:$PATH
+            export PS1="[nix] $PS1"
+            alias openssl-098=${openssl_0_9_8}/bin/openssl
+            alias openssl-102=${openssl_1_0_2}/bin/openssl
+            alias openssl-30=${openssl_3_0}/bin/openssl
+            source ${writeScript ./nix/shell.sh}
+          '';
+          packages = [
+            # Build Depends
+            openssl_1_1_1
+            pkgs.cmake
+            # Other Libcryptos
+            openssl_0_9_8
+            openssl_1_0_2
+            openssl_3_0
+            libressl
+            pkgs.boringssl
 
+            # Integration Deps
+            pythonEnv
+            corretto-8
+            gnutls-3-7
+
+            # C Compiler Tooling: llvmPkgs.clangUseLLVM -- wrapper to overwrite default compiler with clang
+            llvmPkgs.llvm
+            llvmPkgs.llvm-manpages
+            llvmPkgs.libclang
+            llvmPkgs.clang-manpages
+
+            # Linters/Formatters
+            pkgs.shellcheck
+            pkgs.nixfmt
+            pkgs.python39Packages.pep8
+
+            # Rust
+            pkgs.rustup
+
+            # Quality of Life
+            pkgs.findutils
+            pkgs.git
+            pkgs.which
+          ];
         };
         packages.default = packages.s2n-tls;
         packages.s2n-tls-openssl3 = packages.s2n-tls.overrideAttrs

nix/amazon-corretto-8.nix

@@ -0,0 +1,57 @@
+{ pkgs }:
+pkgs.stdenv.mkDerivation rec {
+  pname = "amazon-corretto";
+  version = "8";
+
+  src = pkgs.fetchzip {
+    url =
+      "https://corretto.aws/downloads/resources/8.362.08.1/amazon-corretto-8.362.08.1-linux-x64.tar.gz";
+    sha256 = "sha256-VRGfnyW97gY8e/UlXbg6zlEThTTYdVc6BdMKhl1osVI=";
+  };
+
+  nativeBuildInputs = [ pkgs.autoPatchelfHook ];
+
+  buildInputs = with pkgs; [
+    alsa-lib
+    cpio
+    file
+    which
+    zip
+    perl
+    zlib
+    cups
+    freetype
+    harfbuzz
+    libjpeg
+    giflib
+    libpng
+    zlib
+    lcms2
+    fontconfig
+    glib
+    xorg.libX11
+    xorg.libXrender
+    xorg.libXext
+    xorg.libXtst
+    xorg.libXt
+    xorg.libXtst
+    xorg.libXi
+    xorg.libXinerama
+    xorg.libXcursor
+    xorg.libXrandr
+    gtk2-x11
+    gdk-pixbuf
+    xorg.libXxf86vm
+  ];
+
+  buildPhase = ''
+    echo "Corretto is already built"
+  '';
+
+  installPhase = ''
+    mkdir $out
+    cp -av ./* $out/
+    echo $out after install
+    ls $out/
+  '';
+}

nix/gnutls.nix

@@ -0,0 +1,30 @@
+{ pkgs }:
+let nettle = (import ./nettle.nix { pkgs = pkgs; });
+in pkgs.stdenv.mkDerivation rec {
+  pname = "gnutls";
+  version = "3.7.3";
+
+  src = fetchTarball {
+    url =
+      "https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2022-01-18_gnutls-3.7.3.tar.xz";
+    sha256 = "sha256:07rk09hz138m0l5vrvymyj2z2is92mwykqzzf81d8xgbpn2dyapc";
+  };
+
+  buildInputs = [ nettle pkgs.m4 pkgs.pkg-config pkgs.gmpxx ];
+
+  configurePhase = ''
+    export PKG_CONFIG_PATH=${nettle}/lib/pkgconfig:$PKG_CONFIG_PATH
+    ./configure --prefix="$out" \
+                --without-p11-kit \
+                --with-included-libtasn1 \
+                --with-included-unistring
+  '';
+
+  buildPhase = ''
+    make -j $(nproc)
+  '';
+
+  installPhase = ''
+    make -j $(nproc) install
+  '';
+}

nix/libressl.nix

@@ -0,0 +1,25 @@
+{ pkgs }:
+pkgs.stdenv.mkDerivation rec {
+  pname = "libressl";
+  version = "3.6.1";
+
+  src = fetchTarball {
+    url =
+      "https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2022-12-01_libressl-3.6.1.tar.gz";
+    sha256 = "sha256:03gqcckknxcj95n6jf35arkxrn5q2530clryqni0ij6ad2qd7d8f";
+  };
+
+  buildInputs = [ pkgs.gnumake ];
+
+  configurePhase = ''
+    ./configure --prefix=$out
+  '';
+
+  buildPhase = ''
+    make -j $(nproc) CFLAGS=-fPIC
+  '';
+
+  installPhase = ''
+    make install
+  '';
+}

nix/nettle.nix

@@ -0,0 +1,29 @@
+{ pkgs }:
+pkgs.stdenv.mkDerivation rec {
+  pname = "nettle";
+  version = "3.7";
+
+  src = fetchTarball {
+    name = "nettle";
+    url =
+      "https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2021-01-04_nettle-3.7.tar.gz";
+    sha256 = "sha256:0xxfxd6hb20qjc6q9nji4pcn0lm8zjvrdpx4knbmmx7fqax0ddb9";
+  };
+
+  buildInputs = [ pkgs.gmpxx pkgs.m4 ];
+
+  configurePhase = ''
+    ./configure --prefix=$out/ \
+             --disable-openssl \
+             --enable-shared
+  '';
+
+  buildPhase = ''
+    make -j $(nproc)
+  '';
+
+  installPhase = ''
+    make -j $(nproc) install
+  '';
+
+}

nix/openssl_0_9_8.nix

@@ -0,0 +1,25 @@
+{ pkgs }:
+pkgs.stdenv.mkDerivation rec {
+  pname = "openssl";
+  version = "0.9.8";
+
+  src = fetchTarball {
+    url = "https://www.openssl.org/source/old/0.9.x/openssl-0.9.8zh.tar.gz";
+    sha256 = "sha256:0h451dgk2pws957cjidjhwb2qlr0qx73klzb0n0l3x601jmw27ih";
+  };
+
+  buildInputs = [ pkgs.gnumake pkgs.perl534 ];
+
+  configurePhase = ''
+    ./config --prefix=$out
+  '';
+
+  buildPhase = ''
+    make depend -j $(nproc)
+    make -j $(nproc)
+  '';
+
+  installPhase = ''
+    make install
+  '';
+}

nix/openssl_1_0_2.nix

@@ -0,0 +1,26 @@
+{ pkgs }:
+pkgs.stdenv.mkDerivation rec {
+  pname = "openssl";
+  version = "1.0.2";
+
+  src = pkgs.fetchzip {
+    url =
+      "https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_0_2u.zip";
+    sha256 = "sha256-UzJzeL4gMzSNVig4eXe3arVvwdFYg5yEUuL9xAcXKiY=";
+  };
+
+  buildInputs = [ pkgs.gnumake pkgs.perl534 ];
+
+  configurePhase = ''
+    ./config -d shared -g3 -fPIC no-libunbound no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-ssl-trace no-store no-zlib no-hw no-mdc2 no-seed no-idea enable-ec_nistp_64_gcc_128 no-camellia no-bf no-ripemd no-dsa no-ssl2 no-capieng -DSSL_FORBID_ENULL -DOPENSSL_NO_DTLS1 -DOPENSSL_NO_HEARTBEATS --prefix=$out
+  '';
+
+  buildPhase = ''
+    make depend -j $(nproc)
+    make -j $(nproc)
+  '';
+
+  installPhase = ''
+    make install_sw
+  '';
+}