build+ci: switch to python3
Also in this commit:
* Sync CI scripts with other projects
* Improve README.md
Refs: #5095
Change-Id: I0972967e92bdf78b8ab7cda0d9db262e38c8b32b
diff --git a/.jenkins b/.jenkins
index 674d751..bc1c847 100755
--- a/.jenkins
+++ b/.jenkins
@@ -1,10 +1,32 @@
#!/usr/bin/env bash
set -e
+source .jenkins.d/util.sh
-DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+export CACHE_DIR=${CACHE_DIR:-/tmp}
+export WAF_JOBS=${WAF_JOBS:-1}
+[[ $JOB_NAME == *"code-coverage" ]] && export DISABLE_ASAN=yes
-for file in "$DIR"/.jenkins.d/*; do
+nanos() {
+ # Cannot use date(1) because macOS does not support %N format specifier
+ python3 -c 'import time; print(int(time.time() * 1e9))'
+}
+
+for file in .jenkins.d/*; do
[[ -f $file && -x $file ]] || continue
- echo "Run: $file"
+
+ if [[ -n $TRAVIS ]]; then
+ label=$(basename "$file" | sed -E 's/[[:digit:]]+-(.*)\..*/\1/')
+ echo -ne "travis_fold:start:${label}\r"
+ echo -ne "travis_time:start:${label}\r"
+ start=$(nanos)
+ fi
+
+ echo "\$ $file"
"$file"
+
+ if [[ -n $TRAVIS ]]; then
+ finish=$(nanos)
+ echo -ne "travis_time:end:${label}:start=${start},finish=${finish},duration=$((finish-start)),event=${label}\r"
+ echo -ne "travis_fold:end:${label}\r"
+ fi
done
diff --git a/.jenkins.d/00-deps.sh b/.jenkins.d/00-deps.sh
index 84c8ae1..458bbd0 100755
--- a/.jenkins.d/00-deps.sh
+++ b/.jenkins.d/00-deps.sh
@@ -1,31 +1,32 @@
#!/usr/bin/env bash
-set -e
-
-JDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source "$JDIR"/util.sh
-
-set -x
+set -ex
if has OSX $NODE_LABELS; then
FORMULAE=(boost openssl pkg-config)
- brew update
- if [[ -n $TRAVIS ]]; then
- # travis images come with a large number of brew packages
- # pre-installed, don't waste time upgrading all of them
- for FORMULA in "${FORMULAE[@]}"; do
- brew outdated $FORMULA || brew upgrade $FORMULA
- done
- else
- brew upgrade
+ if has OSX-10.13 $NODE_LABELS || has OSX-10.14 $NODE_LABELS; then
+ FORMULAE+=(python)
fi
- brew install "${FORMULAE[@]}"
- brew cleanup
-fi
-if has Ubuntu $NODE_LABELS; then
+ if [[ -n $TRAVIS ]]; then
+ # Travis images come with a large number of pre-installed
+ # brew packages, don't waste time upgrading all of them
+ brew list --versions "${FORMULAE[@]}" || brew update
+ for FORMULA in "${FORMULAE[@]}"; do
+ brew list --versions "$FORMULA" || brew install "$FORMULA"
+ done
+ # Ensure /usr/local/opt/openssl exists
+ brew reinstall openssl
+ else
+ brew update
+ brew upgrade
+ brew install "${FORMULAE[@]}"
+ brew cleanup
+ fi
+
+elif has Ubuntu $NODE_LABELS; then
sudo apt-get -qq update
- sudo apt-get -qy install build-essential pkg-config libboost-all-dev \
- libsqlite3-dev libssl-dev
+ sudo apt-get -qy install g++ pkg-config python3-minimal \
+ libboost-all-dev libssl-dev libsqlite3-dev
if [[ $JOB_NAME == *"code-coverage" ]]; then
sudo apt-get -qy install gcovr lcov libgd-perl
diff --git a/.jenkins.d/01-ndn-cxx.sh b/.jenkins.d/01-ndn-cxx.sh
index c9e2a63..7bf1cfe 100755
--- a/.jenkins.d/01-ndn-cxx.sh
+++ b/.jenkins.d/01-ndn-cxx.sh
@@ -1,12 +1,7 @@
#!/usr/bin/env bash
-set -e
+set -ex
-JDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source "$JDIR"/util.sh
-
-set -x
-
-pushd "${CACHE_DIR:-/tmp}" >/dev/null
+pushd "$CACHE_DIR" >/dev/null
INSTALLED_VERSION=
if has OSX $NODE_LABELS; then
@@ -22,35 +17,43 @@
INSTALLED_VERSION=$(git -C ndn-cxx rev-parse HEAD 2>/dev/null || echo NONE)
fi
-sudo rm -Rf ndn-cxx-latest
-
-git clone --depth 1 git://github.com/named-data/ndn-cxx ndn-cxx-latest
-
+sudo rm -rf ndn-cxx-latest
+git clone --depth 1 https://github.com/named-data/ndn-cxx.git ndn-cxx-latest
LATEST_VERSION=$(git -C ndn-cxx-latest rev-parse HEAD 2>/dev/null || echo UNKNOWN)
if [[ $INSTALLED_VERSION != $LATEST_VERSION ]]; then
- sudo rm -Rf ndn-cxx
+ sudo rm -rf ndn-cxx
mv ndn-cxx-latest ndn-cxx
else
- sudo rm -Rf ndn-cxx-latest
+ sudo rm -rf ndn-cxx-latest
fi
sudo rm -f /usr/local/bin/ndnsec*
sudo rm -fr /usr/local/include/ndn-cxx
-sudo rm -f /usr/local/lib/libndn-cxx*
-sudo rm -f /usr/local/lib/pkgconfig/libndn-cxx.pc
+sudo rm -f /usr/local/lib{,64}/libndn-cxx*
+sudo rm -f /usr/local/lib{,64}/pkgconfig/libndn-cxx.pc
pushd ndn-cxx >/dev/null
-./waf configure --color=yes --enable-shared --disable-static --without-osx-keychain
-./waf build --color=yes -j${WAF_JOBS:-1}
-sudo env "PATH=$PATH" ./waf install --color=yes
+if has Linux $NODE_LABELS && [[ $CXX != clang* && -z $DISABLE_ASAN ]]; then
+ # https://stackoverflow.com/a/47022141
+ ASAN="--with-sanitizer=address"
+fi
+if has CentOS-8 $NODE_LABELS; then
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1721553
+ PCH="--without-pch"
+fi
+
+./waf --color=yes configure --disable-static --enable-shared --without-osx-keychain $ASAN $PCH
+./waf --color=yes build -j$WAF_JOBS
+sudo_preserve_env PATH -- ./waf --color=yes install
popd >/dev/null
popd >/dev/null
+if has CentOS-8 $NODE_LABELS; then
+ sudo tee /etc/ld.so.conf.d/ndn.conf >/dev/null <<< /usr/local/lib64
+fi
if has Linux $NODE_LABELS; then
sudo ldconfig
-elif has FreeBSD10 $NODE_LABELS; then
- sudo ldconfig -m
fi
diff --git a/.jenkins.d/10-build.sh b/.jenkins.d/10-build.sh
index b902b1e..20e6bd1 100755
--- a/.jenkins.d/10-build.sh
+++ b/.jenkins.d/10-build.sh
@@ -1,47 +1,41 @@
#!/usr/bin/env bash
-set -e
+set -ex
-JDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source "$JDIR"/util.sh
+git submodule sync
+git submodule update --init
-set -x
-
-if [[ $JOB_NAME == *"code-coverage" ]]; then
- COVERAGE="--with-coverage"
-elif [[ -z $DISABLE_ASAN ]]; then
+if [[ -z $DISABLE_ASAN ]]; then
ASAN="--with-sanitizer=address"
fi
-
-# Cleanup
-sudo env "PATH=$PATH" ./waf --color=yes distclean
-
-if [[ $JOB_NAME != *"code-coverage" && $JOB_NAME != *"limited-build" ]]; then
- # Configure/build in optimized mode with tests
- ./waf --color=yes configure --with-tests
- ./waf --color=yes build -j${WAF_JOBS:-1}
-
- # Cleanup
- sudo env "PATH=$PATH" ./waf --color=yes distclean
-
- # Configure/build in optimized mode without tests
- ./waf --color=yes configure
- ./waf --color=yes build -j${WAF_JOBS:-1}
-
- # Cleanup
- sudo env "PATH=$PATH" ./waf --color=yes distclean
+if [[ $JOB_NAME == *"code-coverage" ]]; then
+ COVERAGE="--with-coverage"
fi
-# Configure/build in debug mode with tests
-./waf --color=yes configure --debug --with-tests $ASAN $COVERAGE
-./waf --color=yes build -j${WAF_JOBS:-1}
+if [[ $JOB_NAME != *"code-coverage" && $JOB_NAME != *"limited-build" ]]; then
+ # Build in release mode with tests
+ ./waf --color=yes configure --with-tests
+ ./waf --color=yes build -j$WAF_JOBS
-# (tests will be run against debug version)
+ # Cleanup
+ ./waf --color=yes distclean
+
+ # Build in release mode without tests
+ ./waf --color=yes configure
+ ./waf --color=yes build -j$WAF_JOBS
+
+ # Cleanup
+ ./waf --color=yes distclean
+fi
+
+# Build in debug mode with tests
+./waf --color=yes configure --debug --with-tests $ASAN $COVERAGE
+./waf --color=yes build -j$WAF_JOBS
+
+# (tests will be run against the debug version)
# Install
-sudo env "PATH=$PATH" ./waf --color=yes install
+sudo_preserve_env PATH -- ./waf --color=yes install
if has Linux $NODE_LABELS; then
sudo ldconfig
-elif has FreeBSD $NODE_LABELS; then
- sudo ldconfig -a
fi
diff --git a/.jenkins.d/20-tests.sh b/.jenkins.d/20-tests.sh
index 816a792..226c77d 100755
--- a/.jenkins.d/20-tests.sh
+++ b/.jenkins.d/20-tests.sh
@@ -1,15 +1,10 @@
#!/usr/bin/env bash
-set -e
-
-JDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source "$JDIR"/util.sh
-
-set -x
+set -ex
# Prepare environment
-rm -Rf ~/.ndn
+rm -rf ~/.ndn
-BOOST_VERSION=$(python -c "import sys; sys.path.append('build/c4che'); import _cache; print(_cache.BOOST_VERSION_NUMBER);")
+BOOST_VERSION=$(python3 -c "import sys; sys.path.append('build/c4che'); import _cache; print(_cache.BOOST_VERSION_NUMBER);")
ut_log_args() {
if (( BOOST_VERSION >= 106200 )); then
@@ -24,13 +19,13 @@
fi
}
+# https://github.com/google/sanitizers/wiki/AddressSanitizerFlags
ASAN_OPTIONS="color=always"
-ASAN_OPTIONS+=":detect_stack_use_after_return=true"
-ASAN_OPTIONS+=":check_initialization_order=true"
-ASAN_OPTIONS+=":strict_init_order=true"
-ASAN_OPTIONS+=":detect_invalid_pointer_pairs=1"
-ASAN_OPTIONS+=":detect_container_overflow=false"
-ASAN_OPTIONS+=":strict_string_checks=true"
+ASAN_OPTIONS+=":check_initialization_order=1"
+ASAN_OPTIONS+=":detect_stack_use_after_return=1"
+ASAN_OPTIONS+=":strict_init_order=1"
+ASAN_OPTIONS+=":strict_string_checks=1"
+ASAN_OPTIONS+=":detect_invalid_pointer_pairs=2"
ASAN_OPTIONS+=":strip_path_prefix=${PWD}/"
export ASAN_OPTIONS
diff --git a/.jenkins.d/30-coverage.sh b/.jenkins.d/30-coverage.sh
index 92a9ceb..46a6d70 100755
--- a/.jenkins.d/30-coverage.sh
+++ b/.jenkins.d/30-coverage.sh
@@ -1,10 +1,5 @@
#!/usr/bin/env bash
-set -e
-
-JDIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
-source "$JDIR"/util.sh
-
-set -x
+set -ex
if [[ $JOB_NAME == *"code-coverage" ]]; then
gcovr --object-directory=build \
diff --git a/.jenkins.d/README.md b/.jenkins.d/README.md
index 5813349..e8dbf37 100644
--- a/.jenkins.d/README.md
+++ b/.jenkins.d/README.md
@@ -1,36 +1,28 @@
-CONTINUOUS INTEGRATION SCRIPTS
-==============================
+# CONTINUOUS INTEGRATION SCRIPTS
-Environment Variables Used in Build Scripts
--------------------------------------------
+## Environment Variables Used in Build Scripts
-- `NODE_LABELS`: the variable defines a list of OS properties. The set values are used by the
- build scripts to select proper behavior for different OS.
+- `NODE_LABELS`: space-separated list of platform properties. The included values are used by
+ the build scripts to select the proper behavior for different operating systems and versions.
- The list should include at least `[OS_TYPE]`, `[DISTRO_TYPE]`, and `[DISTRO_VERSION]`.
+ The list should normally contain `[OS_TYPE]`, `[DISTRO_TYPE]`, and `[DISTRO_VERSION]`.
- Possible values for Linux:
+ Example values:
- * `[OS_TYPE]`: `Linux`
- * `[DISTRO_TYPE]`: `Ubuntu`
- * `[DISTRO_VERSION]`: `Ubuntu-16.04`, `Ubuntu-18.04`
+ - `[OS_TYPE]`: `Linux`, `OSX`
+ - `[DISTRO_TYPE]`: `Ubuntu`, `CentOS`
+ - `[DISTRO_VERSION]`: `Ubuntu-16.04`, `Ubuntu-18.04`, `CentOS-8`, `OSX-10.14`, `OSX-10.15`
- Possible values for OS X / macOS:
-
- * `[OS_TYPE]`: `OSX`
- * `[DISTRO_TYPE]`: `OSX` (can be absent)
- * `[DISTRO_VERSION]`: `OSX-10.11`, `OSX-10.12`, `OSX-10.13`
-
-- `JOB_NAME`: optional variable to define type of the job. Depending on the defined job type,
+- `JOB_NAME`: optional variable that defines the type of build job. Depending on the job type,
the build scripts can perform different tasks.
Possible values:
- * empty: default build process
- * `code-coverage` (Ubuntu Linux is assumed): debug build with tests and code coverage analysis
- * `limited-build`: only a single debug build with tests
+ - empty: default build task
+ - `code-coverage`: debug build with tests and code coverage analysis (Ubuntu Linux is assumed)
+ - `limited-build`: only a single debug build with tests
-- `CACHE_DIR`: the variable defines a path to folder containing cached files from previous builds,
- e.g., a compiled version of ndn-cxx library. If not set, `/tmp` is used.
+- `CACHE_DIR`: directory containing cached files from previous builds, e.g., a compiled version
+ of ndn-cxx. If not set, `/tmp` is used.
-- `WAF_JOBS`: number of parallel build jobs used by waf, defaults to 1.
+- `WAF_JOBS`: number of parallel build threads used by waf, defaults to 1.
diff --git a/.jenkins.d/util.sh b/.jenkins.d/util.sh
index a89bc27..8077a74 100644
--- a/.jenkins.d/util.sh
+++ b/.jenkins.d/util.sh
@@ -16,3 +16,24 @@
set ${saved_xtrace}
return ${ret}
}
+export -f has
+
+sudo_preserve_env() {
+ local saved_xtrace
+ [[ $- == *x* ]] && saved_xtrace=-x || saved_xtrace=+x
+ set +x
+
+ local vars=()
+ while [[ $# -gt 0 ]]; do
+ local arg=$1
+ shift
+ case ${arg} in
+ --) break ;;
+ *) vars+=("${arg}=${!arg}") ;;
+ esac
+ done
+
+ set ${saved_xtrace}
+ sudo env "${vars[@]}" "$@"
+}
+export -f sudo_preserve_env
diff --git a/README.md b/README.md
index 5e6ed6b..a2806e3 100644
--- a/README.md
+++ b/README.md
@@ -1,20 +1,34 @@
# NDN Certificate Management Protocol (NDNCERT)
+
[](https://travis-ci.org/named-data/ndncert)
-NDN certificate management protocol (NDNCERT) enables automatic certificate management in
-NDN. In Named Data Networking (NDN), every entity should have corresponding identity
-(namespace) and the corresponding certificate for this namespace. Moreover, entities need
-simple mechanisms to manage sub-identities and their certificates. NDNCERT provides flexible
-mechanisms to request certificate from a certificate authority(CA) and, as soon as certificate
-is obtained, mechanisms to issue and manage certificates in the designated namespace. Note that
-NDNCERT does not impose any specific trust model or trust anchors. While the primary use case
-of the developed protocol is to manage NDN testbed certificates, it can be used with any other
-set of global and local trust anchors.
+The NDN certificate management protocol (**NDNCERT**) enables automatic certificate management
+in NDN. In Named Data Networking (NDN), every entity should have a corresponding identity
+(namespace) and the corresponding certificate for this namespace. Moreover, entities need simple
+mechanisms to manage sub-identities and their certificates. NDNCERT provides flexible mechanisms
+to request certificates from a certificate authority (CA) and, as soon as the certificate is
+obtained, mechanisms to issue and manage certificates in the designated namespace. Note that
+NDNCERT does not impose any specific trust model or trust anchors. While the primary use case of
+this protocol is to manage NDN testbed certificates, it can be used with any other set of global
+and local trust anchors.
-This specification provides details and packet formats to request certificates, create
-certificates after one of the validation mechanism, and how the issued certificate is retrieved
-by the original requester.
+See [our GitHub wiki](https://github.com/named-data/ndncert/wiki) for more details.
-See [our GitHub wiki](https://github.com/named-data/ndncert/wiki/NDN-Certificate-Management-Protocol)
-for more details.
+## Reporting bugs
+
+Please submit any bug reports or feature requests to the
+[NDNCERT issue tracker](https://redmine.named-data.net/projects/ndncert/issues).
+
+## Contributing
+
+We greatly appreciate contributions to the NDNCERT code base, provided that they are
+licensed under the GPL 3.0+ or a compatible license (see below).
+If you are new to the NDN software community, please read the
+[Contributor's Guide](https://github.com/named-data/.github/blob/master/CONTRIBUTING.md)
+to get started.
+
+## License
+
+NDNCERT is an open source project licensed under the GPL version 3.
+See [`COPYING.md`](COPYING.md) for more information.
diff --git a/client.conf.sample b/client.conf.sample
index 7e7d316..e9fe68d 100644
--- a/client.conf.sample
+++ b/client.conf.sample
@@ -2,11 +2,11 @@
"ca-list":
[
{
- "ca-prefix": "/example",
- "ca-info": "An example NDNCERT CA",
- "probe": "email",
- "certificate": "Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAES9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kqJczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdIMEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F"
+ "ca-prefix": "/example",
+ "ca-info": "An example NDNCERT CA",
+ "probe": "email",
+ "certificate": "Bv0CJAcsCANuZG4IBXNpdGUxCANLRVkICBG8IvRjFf8XCARzZWxmCAn9AAABWcgU2aUUCRgBAhkEADbugBX9AU8wggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAES9Cb9iANUNYmwt5bjwNW1mZgjzIkDJb6FTCdiYWnkMMIVxh2YDllphoWDEAPS6kqJczzCuhnGYpZCp9tTaYKGxZMGwEDHB0HGwgDbmRuCAVzaXRlMQgDS0VZCAgRvCL0YxX/F/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwMzcwMTE3VDIxMjg0NhdIMEYCIQDXkR1hF3GiP7yLXq+0JBJfi9QC+hhAu/1Bykx+MWz6RAIhANwelBTxxZr2C5bD15mjfhWudK4I1tOb4b/9xWCHyM7F"
}
],
"local-ndncert-anchor": "/usr/local/etc/ndncert/anchor.key"
-}
\ No newline at end of file
+}
diff --git a/waf b/waf
index 7ceee16..a1c5c96 100755
--- a/waf
+++ b/waf
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
# encoding: latin-1
# Thomas Nagy, 2005-2018
#