Upgrade OE SDK to use mbedTLS 2.16.2 #2184
Conversation
CodeMonkeyLeet
added
the
core
CodeMonkeyLeet
requested review from
achamayou,
andyleejordan,
BRMcLaren,
EmilAlexandruStoica,
johnkord,
mikbras and
radhikaj
as code owners
|
@johnkord, your comment from #2043 is the only remaining blocker for the original PR:
The changeset already has modifications to install Python as a dependency on Windows, but there's no automated system to redeploy dependencies on Windows machines today. All that needs to be done is to install Python on the CI/CD servers. |
|
@CodeMonkeyLeet Thanks Simon! Yep, we just need python on the Windows systems. @EmilAlexandruStoica has been working on that, I believe. Any updates on this @EmilAlexandruStoica ? |
| */ | ||
| c = tmp_buf + sizeof( tmp_buf ); | ||
| c = buf + size; |
There was a problem hiding this comment.
Is there plans to upstream this change?
There was a problem hiding this comment.
Not to my knowledge, so I filed #2179 when I came across this during the update to 2.7.11
There was a problem hiding this comment.
There was an issue opened by @soccerGB with mbedTLS several months ago about this: Mbed-TLS/mbedtls#2631
From the comments, it looks like they've merged the changes in successfully, although I'm not sure which release they're available in: Mbed-TLS/mbedtls#2632
I've connected to oe-bastion and forwarded the port 3389 so I can connect from the localhost to the Windows VM's. Then I tried to connect to the Windows VM's to install Python, but it seems that the RDP connection is not enabled. |
| @@ -35,7 +42,7 @@ addons: | |||
| coverity_scan: | |||
| project: | |||
| name: "ARMmbed/mbedtls" | |||
| notification_email: [email protected] | |||
| notification_email: [email protected] | |||
There was a problem hiding this comment.
I'm curious if there is a better solution than a hard coded individual e-mail address, perhaps an org?
The rationale being if Simon leaves the company, can we guarantee the correct person is notified or that their e-mail would continue to be monitored? Thus creating further changes needed.
It seems this has happened before.
There was a problem hiding this comment.
That's not part of the OE SDK project (it's just a clone of the ARM mbedTLS repo) so I wouldn't worry about it. If/when we move to a git submodule approach for dependencies, then this noise will go away, but in the meantime, you can ignore 72f5a73 as being just a straight clone of the 2.16.2 mbedTLS sources.
There was a problem hiding this comment.
Sounds good, appreciate the clarification!
|
I've updated the systems with Python 3.7.4 and ran the mbed tests manually on one of the systems and all the tests passed. Let's see what Jenkins thinks :) bors try |
tryBuild failed |
|
There appear to be two errors, not sure if they're related.
Notice the "Failed to open test file: /home/jenkins/work_dir/workspace/Bors_trying@3/build/tests/mbed/enc/test_suite_asn1write.datax" line. Associated logs: https://oe-jenkins.eastus.cloudapp.azure.com/blue/rest/organizations/jenkins/pipelines/Bors/branches/trying/runs/995/nodes/64/steps/1042/log/?start=0
I just checked on our CI systems and report_enc is indeed both in the linuxbin path and the copied destination, so I can't diagnose why this failed. Since this failure happened only on one stage, my guess is this failure occurred and then some other stage came along and overwrote it. This may point to some sort of intermittent bug. I'd suggest ignoring this failure and seeing if it reproduces again. Associated logs: https://oe-jenkins.eastus.cloudapp.azure.com/blue/rest/organizations/jenkins/pipelines/Bors/branches/trying/runs/995/nodes/64/steps/1042/log/?start=0 |
|
@johnkord Much appreciated!
|
CodeMonkeyLeet
requested review from
Britel,
dthaler,
gupta-ak and
HernanGatta
as code owners
- Update CHANGELOG.md to reflect new version of mbedTLS.
- Update 3rdparty/mbedtls/update.make to target v2.16.2.
- This version no longer has a yotta/.gitignore that needs to be removed.
- Update mbed tests to use Python instead of Perl to build tests.
- MbedTLS 2.16 no longer has the Perl script for building its tests.
- Add Python dependency to install-windows-prereqs.ps1
- Update mbed tests to pass new .datax files from build folders to test.
- MbedTLS 2.16 no longer parses .data files from the source folders
- Update add_enclave_test.cmake to copy /enc folder instead of just the
enclave binary when under ADD_WINDOWS_ENCLAVE_TESTS.
- Change the target dependency to the build folder instead of the test
enclave binary to prevent file conflicts for tests like mbed that
include multiple enclave test binaries under the same folder.
- Add LSEEK syscall test hook required by updated mbed test suite.
- Add platform_util.c to host and mbedtls build sources.
- This provides symbols referenced by other mbedTLS source files.
- Apply patch to x509write_crt.c for attested TLS support.
Fixes #1457.
Co-authored-by: Marius Oprin <[email protected]>
Co-authored-by: John Kordich <[email protected]>
|
bors r+ |
2184: Upgrade OE SDK to use mbedTLS 2.16.2 r=CodeMonkeyLeet a=CodeMonkeyLeet This PR consolidates and updates #2043 to target the next minor version of 2.16 LTS lineage. It ports the following changes: - Update CHANGELOG.md to reflect new version of mbedTLS. - Update 3rdparty/mbedtls/update.make to target v2.16.2. - This version no longer has a yotta/.gitignore that needs to be removed. - Update mbed tests to use Python instead of Perl to build tests. - MbedTLS 2.16 no longer has the Perl script for building its tests. - Add Python dependency to install-windows-prereqs.ps1 - Remove redundant search for data file to pass to mbed tests. - Add LSEEK syscall test hook required by updated mbed test suite. - Add platform_util.c to host and mbedtls build sources. - This provides symbols referenced by other mbedTLS source files. - Apply patch to x509write_crt.c for attested TLS support. Fixes #1457. Co-authored-by: Simon Leet <[email protected]>
Build succeeded |
This PR consolidates and updates #2043 to target the next minor version of 2.16 LTS lineage. It ports the following changes:
enclave binary when under ADD_WINDOWS_ENCLAVE_TESTS.
enclave binary to prevent file conflicts for tests like mbed that
include multiple enclave test binaries under the same folder.
Fixes #1457.
Co-authored-by: Marius Oprin [email protected]
Co-authored-by: John Kordich [email protected]