Move hardware tests to "make hwtest", with one warning for all test suites.

- "make check" will mark destructive tests as skipped
- "make hwtest" will ask once for user confirmation
This commit is contained in:
Trevor Bentley
2017-10-24 15:10:45 +02:00
parent 4c9004feeb
commit 15f533d7de
5 changed files with 64 additions and 51 deletions
+3 -1
View File
@@ -33,7 +33,6 @@ EXTRA_DIST = windows.mk mac.mk tool/tests/basic.sh tools/fasc.pl
EXTRA_DIST += doc/Attestation.adoc doc/YKCS11_release_notes.adoc doc/YubiKey_PIV_introduction.adoc
if ENABLE_COV
cov-reset:
rm -fr coverage
@@ -68,6 +67,9 @@ doxygen:
doxygen lib/Doxyfile
endif
hwcheck:
@$(srcdir)/tools/confirm.sh && YKPIV_ENV_HWTESTS_CONFIRMED="1" $(MAKE) check
check-doc-dist:
perl -pe "s,^EXTRA_DIST \+= .*,EXTRA_DIST += `cd $(srcdir) && ls doc/*.adoc | xargs echo`," < $(srcdir)/Makefile.am > check-doc-dist.tmp
diff -ur $(srcdir)/Makefile.am check-doc-dist.tmp || \
+13 -27
View File
@@ -38,7 +38,7 @@
#include <check.h>
int confirm_destruction(void);
int destruction_confirmed(void);
ykpiv_state *g_state;
const uint8_t g_cert[] = {
@@ -54,7 +54,8 @@ void setup(void) {
// Require user confirmation to continue, since this test suite will clear
// any data stored on connected keys.
ck_assert(confirm_destruction());
if (!destruction_confirmed())
exit(77); // exit code 77 == skipped tests
res = ykpiv_init(&g_state, true);
ck_assert_int_eq(res, YKPIV_OK);
@@ -655,6 +656,7 @@ START_TEST(test_reset) {
// Try wrong PIN
res = ykpiv_verify(g_state, "AAAAAA", &tries);
ck_assert_int_eq(res, YKPIV_WRONG_PIN);
// Verify 2 PIN retries remaining
tries = 0;
@@ -760,37 +762,21 @@ START_TEST(test_allocator) {
}
END_TEST
int confirm_destruction(void) {
char verify[16];
int destruction_confirmed(void) {
char *confirmed = getenv("YKPIV_ENV_HWTESTS_CONFIRMED");
if (confirmed && confirmed[0] == '1')
return 1;
// Use dprintf() to write directly to stdout, since automake eats the standard stdout/stderr pointers.
dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n");
dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
dprintf(0, "\n");
dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n");
dprintf(0, "\n");
dprintf(0, " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS \n");
dprintf(0, "\n");
dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n");
dprintf(0, "\n");
dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
dprintf(0, "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");
dprintf(0, "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******\n");
dprintf(0, "\n");
dprintf(0, "Are you SURE you wish to proceed? If so, type 'CONFIRM': ");
fgets(verify, 32, stdin);
return strncmp(verify, "CONFIRM", 7) == 0;
dprintf(0, "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n");
return 0;
}
Suite *test_suite(void) {
Suite *s;
TCase *tc;
s = suite_create("libykpiv util");
tc = tcase_create("util");
s = suite_create("libykpiv api");
tc = tcase_create("api");
#ifdef HW_TESTS
tcase_add_unchecked_fixture(tc, setup, teardown);
@@ -800,7 +786,7 @@ Suite *test_suite(void) {
// Authenticate after reset.
tcase_add_test(tc, test_authenticate);
// Test util functionality
// Test API functionality
tcase_add_test(tc, test_change_pin);
tcase_add_test(tc, test_change_puk);
tcase_add_test(tc, test_devicemodel);
+5 -23
View File
@@ -64,6 +64,11 @@ if [[ $HW_TESTS -eq 0 ]]; then
exit 0
fi
# Verify that user has confirmed destructive hw-tests
if [ "x$YKPIV_ENV_HWTESTS_CONFIRMED" != "x1" ]; then
printf "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n" >&0
exit 77 # exit code 77 == skipped tests
fi
#
# Run basic import/validation tests on included keys/certs. Test keys generated
@@ -73,29 +78,6 @@ fi
# $ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
# $ openssl req -x509 -key private.pem -out cert.pem -subj "/CN=YubicoTest/OU=YubicoTestUnit/O=yubico.com/" -new
#
echo >&0
echo "Hardware tests enabled!" >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS " >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo -n "Are you SURE you wish to proceed? If so, type 'CONFIRM': " >&0
read CONFIRM
if [[ "x$CONFIRM" != "xCONFIRM" ]]; then
exit 1
fi
# Reset
$BIN -averify-pin -P000000 || true
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
# Output redirected to fd 0 so it can be run from 'make check' scripts.
echo >&0
echo "Hardware tests enabled!" >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo " ALL DATA WILL BE ERASED ON CONNECTED YUBIKEYS " >&0
echo >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING" >&0
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo -n "Are you SURE you wish to proceed? If so, type 'CONFIRM': " >&0
read CONFIRM
if [[ "x$CONFIRM" != "xCONFIRM" ]]; then
echo "1"
exit 1
fi
echo "0"
+14
View File
@@ -627,6 +627,15 @@ static void test_import_and_sign_all_10_RSA() {
}
#endif
int destruction_confirmed(void) {
char *confirmed = getenv("YKPIV_ENV_HWTESTS_CONFIRMED");
if (confirmed && confirmed[0] == '1')
return 1;
// Use dprintf() to write directly to stdout, since automake eats the standard stdout/stderr pointers.
dprintf(0, "\n***\n*** Hardware tests skipped. Run \"make hwcheck\".\n***\n\n");
return 0;
}
int main(void) {
get_functions(&funcs);
@@ -634,6 +643,11 @@ int main(void) {
test_lib_info();
#ifdef HW_TESTS
// Require user confirmation to continue, since this test suite will clear
// any data stored on connected keys.
if (!destruction_confirmed())
exit(77); // exit code 77 == skipped tests
test_initalize();
test_token_info();
test_mechanism_list_and_info();