NSS tinderbox MEMORY LEAK build slave setup on Linux
How to configure a Linux computer to build and test NSS. In addition to other platforms, Linux can perform memory leak testing with valgrind. These instructions will enable memory leak testing (which will run a set of tests that differs from the standard set).
These instructions were used on top of a 64-bit Centos 6 system.
- Install required packages
yum install nano screen wget valgrind man mailx zlib-devel yum groupinstall "Development tools"
- create user nssleak, same password as Administrator
useradd -m nssleak
- optional: setup .ssh/autorized_keys for both "root" and "nssleak" user accounts. (I found that Centos 6 with selinux enabled requires to use the restorecon utility to make key based authentication work. See http://bugs.centos.org/view.php?id=4959 .)
- Unless you want to diagnose potential problems, set selinux to permissive, edit /etc/selinux/config and change "restricted" to "permissive", then reboot.
- figure out which SMTP server to use, depending on the network, e.g. smtp.mozilla.org
- decide which email address to use for bounces (e.g. youremail+buildslaveidentifier@yourdomain)
- switch login to user nssleak
- send a test email to verify it's working
echo hello | mailx -v -S smtp=smtp://smtp.mozilla.org -r youremail+buildslaveidentifier@yourdomain youremail@yourdomain
- go to $HOME directory and checkout the tinderbox build/test scripts
cvs -d :pserver:email@example.com:/cvsroot co mozilla/security/tinderlight
- create data directories:
mkdir -p $HOME/mozilla/security/tinderlight/data/mozilla-cvs mkdir $HOME/pkits cd $HOME/pkits
- get PKITS_data.zip, e.g. using:
wget http://kuix.de/mozilla/nss/PKITS_data.zip unzip PKITS_data.zip
- (optional, should you decide to automatically backup the system, you should exclude the $HOME/mozilla/security/tinderlight/data directory)
- adjust the scripts, go to mozilla/security/tinderlight and edit file env.sh:
- change MAIL to good mail command for your environment, (also see above), like
MAIL="mailx -S smtp=smtp://my.smtp.host:25 -r firstname.lastname@example.org"
- if necessary, adjust CVS_STABLE, e.g. use HEAD for nspr and jss, use NSS_3_13_4_BRANCH for all NSS directories, BUT DON'T change the line with ecl-curve.h (keep at 3_11_1_RTM)
- enable the correct line for pkits, e.g.:
- if desired, adjust CYCLE_MAX and CYCLE_TIME values
- is your machine's IP registered in DNS? is your hostname a fully qualified domain name? If not, you must edit file config.sh and enable good HOST/DOMSUF lines. Test to ping the combination of HOST dot DOMSUF and ensure it works
- have a look at
- let's use a configuration that runs 64 bit, always debug, memory leak testing, alternates between the branches (trunk/stable), runs all tests on each cycle, and doesn't test JSS.
- Edit a file named "run" that we'll use to start the continous build test cycle, and insert
./tinder.sh --bits=64 --opt=DBG --memtest --nojss --permcvs=$HOME/mozilla/security/tinderlight/data/mozilla-cvs
- Save the file and
chmod +x run
- while there are scripts to automatically run these tests on boot, these are lazy instructions where we'll have to start the testing loop manually each time after the system boots. Start a "screen" session (if you don't get the nice bash prompt afterwards, type bash -l) and execute
- detach the screen session with "ctrl a d". You can later get back to the screen session with: screen -r (You may check if a screen session (or multiple ones) are active: screen -ls)