studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity

chore: checkpoint before Python removal

Browse Source
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-26 22:33:59 +00:00
parent 683cec9307
commit e568ddf82a
29972 changed files with 11269302 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

254
vendor/aws-lc-rs/scripts/run-rustls-integration.sh vendored Executable file
View File

@@ -0,0 +1,254 @@
#!/bin/bash -exu
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0 OR ISC
# This script tests aws-lc-rs integration with the rustls ecosystem (rcgen, webpki, rustls).
# It uses Cargo's [patch.crates-io] feature to override dependencies, which is more robust
# than modifying individual dependency declarations.
function usage() {
cat << EOF
Usage: $(basename "$0") [OPTIONS]
Tests aws-lc-rs integration with the rustls ecosystem.
Options:
--latest-release Test against latest stable releases (instead of main branch)
--cleanup Automatically delete cloned repositories on exit
--help Show this help message
Dependencies: jq, cargo-show, cargo-download
EOF
exit 0
}
[[ " $* " =~ " --help " ]] && usage
ROOT="${GITHUB_WORKSPACE:-$(git rev-parse --show-toplevel)}"
latest_release=0
cleanup=0
for arg in "$@"; do
if [ "$arg" = "--latest-release" ]; then
latest_release=1
fi
if [ "$arg" = "--cleanup" ]; then
cleanup=1
fi
done
function check_dependencies() {
local missing=()
command -v jq >/dev/null 2>&1 || missing+=("jq")
command -v cargo-show >/dev/null 2>&1 >/dev/null 2>&1 || missing+=("cargo-show (cargo install cargo-show)")
command -v cargo-download >/dev/null 2>&1 || missing+=("cargo-download (cargo install cargo-download)")
if [ ${#missing[@]} -gt 0 ]; then
echo "Missing dependencies: ${missing[*]}" >&2
exit 1
fi
}
check_dependencies
CLEANUP_ON_EXIT=()
function cleanup() {
if [ ${#CLEANUP_ON_EXIT[@]} -eq 0 ]; then
return
fi
if [ "$cleanup" -eq 0 ]; then
echo "You can delete the following directories:"
echo "${CLEANUP_ON_EXIT[@]}"
else
for x in "${CLEANUP_ON_EXIT[@]}"; do
echo "Deleting: ${x}"
rm -rf "${x}"
done
fi
}
trap cleanup EXIT
# Get the latest stable (non-prerelease) version of a crate from crates.io
function get_latest_stable_version() {
local crate="$1"
cargo show --json "$crate" | jq -r '
[.versions[] |
select(.yanked == false and (.num | test("alpha|beta|rc") | not))
][0].num
'
}
# Get the git commit SHA for a specific crate version from crates.io
function get_crate_commit() {
local crate="$1"
local version="$2"
local tmp_dir
tmp_dir="$(mktemp -d)"
cargo download -o "$tmp_dir/crate.tar.gz" "${crate}=${version}"
tar xzf "$tmp_dir/crate.tar.gz" -C "$tmp_dir" --strip-components=1
local sha
sha="$(jq -r '.git.sha1' "$tmp_dir/.cargo_vcs_info.json")"
rm -rf "$tmp_dir"
echo "$sha"
}
# Add [patch.crates-io] section to a Cargo.toml to override aws-lc-rs and aws-lc-sys
# Usage: add_aws_lc_patch <cargo_toml_path> <aws_lc_rs_workspace_root>
function add_aws_lc_patch() {
local cargo_toml="$1"
local aws_lc_workspace="$2"
# Skip if already patched
if grep -q "aws-lc-rs = { path = \"${aws_lc_workspace}" "$cargo_toml"; then
echo "Patch already present in $cargo_toml"
return
fi
local aws_lc_rs_patch="aws-lc-rs = { path = \"${aws_lc_workspace}/aws-lc-rs\" }"
local aws_lc_sys_patch="aws-lc-sys = { path = \"${aws_lc_workspace}/aws-lc-sys\" }"
if grep -q '^\[patch\.crates-io\]' "$cargo_toml"; then
# [patch.crates-io] section exists - insert our patches after the header
local tmp_file
tmp_file="$(mktemp)"
trap "rm -f '$tmp_file'" RETURN
while IFS= read -r line || [[ -n "$line" ]]; do
echo "$line"
if [[ "$line" == "[patch.crates-io]" ]]; then
echo "$aws_lc_rs_patch"
echo "$aws_lc_sys_patch"
fi
done < "$cargo_toml" > "$tmp_file"
mv "$tmp_file" "$cargo_toml"
else
# No existing [patch.crates-io] section - append to end of file
cat >> "$cargo_toml" << EOF
[patch.crates-io]
${aws_lc_rs_patch}
${aws_lc_sys_patch}
EOF
fi
}
# Clone a repository and optionally checkout a specific commit
# Usage: clone_repo <url> <destination> [commit]
function clone_repo() {
local url="$1"
local dest="$2"
local commit="${3:-}"
git clone --recurse-submodules "$url" "$dest"
if [ -n "$commit" ]; then
pushd "$dest" > /dev/null
git checkout "$commit"
popd > /dev/null
fi
}
echo "=== Testing rcgen with aws-lc-rs ==="
RCGEN_DIR="$(mktemp -d)"
CLEANUP_ON_EXIT+=("$RCGEN_DIR")
if [[ $latest_release == "1" ]]; then
RCGEN_VERSION="$(get_latest_stable_version rcgen)"
RCGEN_COMMIT="$(get_crate_commit rcgen "$RCGEN_VERSION")"
echo "Using rcgen version ${RCGEN_VERSION} (commit: ${RCGEN_COMMIT})"
clone_repo "https://github.com/rustls/rcgen" "$RCGEN_DIR" "$RCGEN_COMMIT"
else
clone_repo "https://github.com/rustls/rcgen" "$RCGEN_DIR"
fi
pushd "$RCGEN_DIR"
add_aws_lc_patch "Cargo.toml" "$ROOT"
if [[ $latest_release != "1" ]]; then
rm -f Cargo.lock
cargo update
else
cargo update -p aws-lc-rs -p aws-lc-sys
fi
cargo tree -i aws-lc-rs --features aws_lc_rs
cargo test --features aws_lc_rs
popd > /dev/null
echo "=== Testing rustls-webpki with aws-lc-rs ==="
WEBPKI_DIR="$(mktemp -d)"
CLEANUP_ON_EXIT+=("$WEBPKI_DIR")
if [[ $latest_release == "1" ]]; then
WEBPKI_VERSION="$(get_latest_stable_version rustls-webpki)"
WEBPKI_COMMIT="$(get_crate_commit rustls-webpki "$WEBPKI_VERSION")"
echo "Using rustls-webpki version ${WEBPKI_VERSION} (commit: ${WEBPKI_COMMIT})"
clone_repo "https://github.com/rustls/webpki.git" "$WEBPKI_DIR" "$WEBPKI_COMMIT"
else
clone_repo "https://github.com/rustls/webpki.git" "$WEBPKI_DIR"
fi
pushd "$WEBPKI_DIR"
add_aws_lc_patch "Cargo.toml" "$ROOT"
if [[ $latest_release != "1" ]]; then
rm -f Cargo.lock
cargo update
else
cargo update -p aws-lc-rs -p aws-lc-sys
fi
# Extract just the [features] section and check for aws-lc-rs feature there.
FEATURES_SECTION=$(sed -n '/^\[features\]/,/^\[/p' Cargo.toml)
if echo "$FEATURES_SECTION" | grep -qE '^aws(-|_)lc(-|_)rs\s*='; then
WEBPKI_FEATURE="aws-lc-rs"
cargo tree -i aws-lc-rs --features "$WEBPKI_FEATURE"
cargo test --features "$WEBPKI_FEATURE"
else
# No aws-lc-rs feature - newer structure uses rustls-aws-lc-rs dev-dependency
echo "No aws-lc-rs feature found, running tests with default configuration"
cargo tree -i aws-lc-rs
cargo test
fi
popd > /dev/null
echo "=== Testing rustls with aws-lc-rs ==="
RUSTLS_DIR="$(mktemp -d)"
CLEANUP_ON_EXIT+=("$RUSTLS_DIR")
if [[ $latest_release == "1" ]]; then
RUSTLS_VERSION="$(get_latest_stable_version rustls)"
RUSTLS_COMMIT="$(get_crate_commit rustls "$RUSTLS_VERSION")"
echo "Using rustls version ${RUSTLS_VERSION} (commit: ${RUSTLS_COMMIT})"
clone_repo "https://github.com/rustls/rustls.git" "$RUSTLS_DIR" "$RUSTLS_COMMIT"
else
clone_repo "https://github.com/rustls/rustls.git" "$RUSTLS_DIR"
fi
pushd "$RUSTLS_DIR"
add_aws_lc_patch "Cargo.toml" "$ROOT"
if [[ $latest_release != "1" ]]; then
rm -f Cargo.lock
cargo update
else
cargo update -p aws-lc-rs -p aws-lc-sys
fi
# Detect which package has the aws-lc-rs feature by checking [features] section.
# Old structure (<=0.23.x): aws-lc-rs feature is in rustls/Cargo.toml
# New structure (>=0.24.x): aws-lc-rs feature is in rustls-test/Cargo.toml
if grep -q '^aws-lc-rs\s*=' ./rustls/Cargo.toml; then
# Old structure: aws-lc-rs feature is in the main rustls crate
pushd ./rustls
cargo tree -i aws-lc-rs --features aws-lc-rs
cargo test --features aws-lc-rs
popd > /dev/null # ./rustls
else
# New structure: aws-lc-rs feature is in rustls-test
pushd ./rustls-test
cargo tree -i aws-lc-rs --features aws-lc-rs
cargo test --features aws-lc-rs
popd > /dev/null # ./rustls-test
fi
popd > /dev/null # "$RUSTLS_DIR"
echo "=== All rustls integration tests passed ==="

19
vendor/aws-lc-rs/scripts/run-s2n-quic-integration.sh vendored Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/bash -exu
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0 OR ISC
S2N_QUIC_TEMP=$(mktemp -d)/s2n-quic
QUIC_AWS_LC_RS_STRING="^aws-lc-rs = .*"
QUIC_PATH_STRING="aws-lc-rs = { path = \"${PWD}\" }"
git clone https://github.com/aws/s2n-quic.git $S2N_QUIC_TEMP
cd $S2N_QUIC_TEMP
# replace instances of ring with our crate
if [[ "$(uname)" == "Darwin" ]]; then
find ./ -type f -name "Cargo.toml" | xargs sed -i '' -e "s|${QUIC_AWS_LC_RS_STRING}|${QUIC_PATH_STRING}|"
else
find ./ -type f -name "Cargo.toml" | xargs sed -i -e "s|${QUIC_AWS_LC_RS_STRING}|${QUIC_PATH_STRING}|"
fi
cargo test

227
vendor/aws-lc-rs/scripts/run-valgrind.sh vendored Executable file
View File

@@ -0,0 +1,227 @@
#!/usr/bin/env bash
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0 OR ISC
# # Helper script for running aws-lc-rs tests under Valgrind
#
# Usage:
# ./scripts/run-valgrind.sh [OPTIONS] [TEST_NAME]
#
# Examples:
# ./scripts/run-valgrind.sh # Run all tests
# ./scripts/run-valgrind.sh pqdsa_test # Run specific test
# ./scripts/run-valgrind.sh --no-suppress # Run without suppressions
# ./scripts/run-valgrind.sh --release # Run release build
# ./scripts/run-valgrind.sh --strict-leaks # Only check for real leaks (definite/indirect)
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Default configuration
USE_SUPPRESSIONS=1
BUILD_MODE="debug"
LEAK_CHECK="full"
SHOW_LEAK_KINDS="all"
ERROR_EXITCODE=1
TEST_THREADS=1
FEATURES="unstable"
PACKAGE="aws-lc-rs"
VALGRIND_EXTRA_ARGS=""
GEN_SUPPRESSIONS=0
STRICT_LEAKS=0
export AWS_LC_RS_DISABLE_SLOW_TESTS=1
# Parse command line arguments
while [[ $# -gt 0 ]]; do
case $1 in
--no-suppress)
USE_SUPPRESSIONS=0
shift
;;
--gen-suppressions)
GEN_SUPPRESSIONS=1
shift
;;
--strict-leaks)
STRICT_LEAKS=1
shift
;;
--release)
BUILD_MODE="release"
shift
;;
--debug)
BUILD_MODE="debug"
shift
;;
--threads)
TEST_THREADS="$2"
shift 2
;;
--features)
FEATURES="$2"
shift 2
;;
--package|-p)
PACKAGE="$2"
shift 2
;;
--help|-h)
echo "Usage: $0 [OPTIONS] [TEST_NAME]"
echo ""
echo "Options:"
echo " --no-suppress Disable Valgrind suppressions (show all warnings)"
echo " --gen-suppressions Generate suppression rules for errors found"
echo " --strict-leaks Only report real leaks (definite/indirect), ignores"
echo " possibly lost and still reachable. Use this to verify"
echo " suppressions aren't masking actual memory leaks."
echo " --release Use release build (faster but less debug info)"
echo " --debug Use debug build (default)"
echo " --threads N Number of test threads (default: 1)"
echo " --features FEATS Cargo features to enable (default: unstable)"
echo " --package PKG Package to test (default: aws-lc-rs)"
echo " --help, -h Show this help message"
echo ""
echo "Examples:"
echo " $0 # Run all tests"
echo " $0 pqdsa_test # Run specific test"
echo " $0 --no-suppress # Run without suppressions"
echo " $0 --gen-suppressions # Generate suppression rules"
echo " $0 --strict-leaks # Verify no real leaks (ignores false positives)"
echo " $0 --release pqdsa_test # Run specific test in release mode"
exit 0
;;
--*)
echo -e "${RED}Error: Unknown option $1${NC}"
exit 1
;;
*)
# Assume it's a test name
TEST_NAME="$1"
shift
;;
esac
done
# Get the repository root directory
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
cd "$REPO_ROOT/aws-lc-rs"
# Check if Valgrind is installed
if ! command -v valgrind &> /dev/null; then
echo -e "${RED}Error: Valgrind is not installed${NC}"
echo "Install it with:"
echo " Ubuntu/Debian: sudo apt-get install valgrind"
echo " macOS: brew install valgrind"
exit 1
fi
# Handle strict-leaks mode - only show definite and indirect leaks (real leaks)
if [ $STRICT_LEAKS -eq 1 ]; then
SHOW_LEAK_KINDS="definite,indirect"
USE_SUPPRESSIONS=0 # No need for suppressions in strict mode
echo -e "${YELLOW}=== STRICT LEAKS MODE ===${NC}"
echo -e "${YELLOW}Only checking for real memory leaks (definite/indirect).${NC}"
echo -e "${YELLOW}Possibly lost and still reachable are IGNORED.${NC}"
echo -e "${YELLOW}If this passes, your suppressions are NOT masking real leaks.${NC}"
echo ""
fi
# Build Valgrind command
VALGRIND_CMD="valgrind --error-exitcode=${ERROR_EXITCODE} --leak-check=${LEAK_CHECK} --show-leak-kinds=${SHOW_LEAK_KINDS}"
# Add gen-suppressions if enabled
if [ $GEN_SUPPRESSIONS -eq 1 ]; then
VALGRIND_CMD="${VALGRIND_CMD} --gen-suppressions=all"
echo -e "${BLUE}Generating suppression rules for all errors${NC}"
# Disable error exit code when generating suppressions to see all issues
ERROR_EXITCODE=0
fi
# Add suppression file if enabled
if [ $USE_SUPPRESSIONS -eq 1 ]; then
SUPPRESSION_FILE="${REPO_ROOT}/.valgrind/rust-test.supp"
if [ -f "$SUPPRESSION_FILE" ]; then
VALGRIND_CMD="${VALGRIND_CMD} --suppressions=${SUPPRESSION_FILE}"
echo -e "${BLUE}Using suppressions from: ${SUPPRESSION_FILE}${NC}"
else
echo -e "${YELLOW}Warning: Suppression file not found: ${SUPPRESSION_FILE}${NC}"
fi
else
echo -e "${YELLOW}Running WITHOUT suppressions - expect false positives${NC}"
fi
# Add any extra Valgrind arguments
if [ -n "$VALGRIND_EXTRA_ARGS" ]; then
VALGRIND_CMD="${VALGRIND_CMD} ${VALGRIND_EXTRA_ARGS}"
fi
# Build cargo command
CARGO_CMD="cargo test -p ${PACKAGE} --features ${FEATURES}"
if [ "$BUILD_MODE" = "release" ]; then
CARGO_CMD="${CARGO_CMD} --release"
echo -e "${BLUE}Using release build${NC}"
else
echo -e "${BLUE}Using debug build${NC}"
fi
# Add test name if provided
if [ -n "$TEST_NAME" ]; then
CARGO_CMD="${CARGO_CMD} --test ${TEST_NAME}"
echo -e "${BLUE}Running test: ${TEST_NAME}${NC}"
else
echo -e "${BLUE}Running all tests${NC}"
fi
# Add test arguments
CARGO_CMD="${CARGO_CMD} -- --test-threads=${TEST_THREADS}"
# Print configuration
echo -e "${GREEN}=== Valgrind Test Configuration ===${NC}"
echo "Package: ${PACKAGE}"
echo "Features: ${FEATURES}"
echo "Build: ${BUILD_MODE}"
echo "Test threads: ${TEST_THREADS}"
echo "Suppressions: $([ $USE_SUPPRESSIONS -eq 1 ] && echo 'enabled' || echo 'disabled')"
echo "Generate suppressions: $([ $GEN_SUPPRESSIONS -eq 1 ] && echo 'enabled' || echo 'disabled')"
echo "Strict leaks mode: $([ $STRICT_LEAKS -eq 1 ] && echo 'enabled (only definite/indirect)' || echo 'disabled')"
echo ""
# Export environment variables
export CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER="${VALGRIND_CMD}"
export AWS_LC_RS_DISABLE_SLOW_TESTS=1
echo -e "${GREEN}=== Starting Valgrind Test Run ===${NC}"
echo "Command: ${CARGO_CMD}"
echo ""
# Run the tests
if eval ${CARGO_CMD}; then
echo ""
echo -e "${GREEN}=== Valgrind tests PASSED ===${NC}"
exit 0
else
EXIT_CODE=$?
echo ""
echo -e "${RED}=== Valgrind tests FAILED ===${NC}"
echo ""
echo "Possible causes:"
echo " 1. Memory leak detected (check output above)"
echo " 2. Uninitialized memory usage"
echo " 3. Invalid memory access"
echo ""
echo "Next steps:"
echo " - Review the Valgrind output above"
echo " - Check .valgrind/KNOWN_ISSUES.md for known issues"
echo " - Run with --no-suppress to see all warnings"
echo " - Run with --gen-suppressions to generate suppression rules"
echo " - For false positives in stdlib, add to .valgrind/rust-test.supp"
exit $EXIT_CODE
fi

60
vendor/aws-lc-rs/scripts/run-windows-debug-crt-static-test.sh vendored Executable file
View File

@@ -0,0 +1,60 @@
#!/bin/bash -exu
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0 OR ISC
# Parse command line arguments
FIPS_MODE=false
for arg in "$@"; do
case $arg in
--fips)
FIPS_MODE=true
shift
;;
*)
;;
esac
done
SRC_ROOT="${GITHUB_WORKSPACE:-$(git rev-parse --show-toplevel)}/aws-lc-rs"
case `uname -s` in
CYGWIN*) echo Cygwin;;
MINGW*) echo MinGw;;
MSYS_NT*) echo MSys;;
*) echo Unknown OS: `uname -s`; exit 1;;
esac
TMP_DIR=`mktemp -d`
pushd "${TMP_DIR}"
cargo new --bin aws-lc-rs-test
pushd aws-lc-rs-test
# Add aws-lc-rs with or without fips feature
if [ "$FIPS_MODE" = true ]; then
cargo add aws-lc-rs --features fips
else
cargo add aws-lc-rs
fi
cargo add rustls rustls-platform-verifier
cat << EOF >> Cargo.toml
[profile.release]
debug = "limited"
[patch.crates-io]
"aws-lc-rs" = { path = "${SRC_ROOT//\\/\/}" }
EOF
mkdir -p .cargo
cat << EOF > .cargo/config.toml
[target.'cfg(target_os = "windows")']
rustflags = ["-C", "target-feature=+crt-static"]
EOF
cargo update
cargo build --release
popd
popd