From MozillaWiki
Jump to: navigation, search

NSS tinderbox MEMORY LEAK build slave setup on Linux

How to configure a Linux computer to build and test NSS. In addition to other platforms, Linux can perform memory leak testing with valgrind. These instructions will enable memory leak testing (which will run a set of tests that differs from the standard set).

These instructions were used on top of a 64-bit Centos 6 system.

  • Install required packages
 yum install nano screen wget valgrind man mailx zlib-devel
 yum groupinstall "Development tools"
  • create user nssleak, same password as Administrator
 useradd -m nssleak
  • optional: setup .ssh/autorized_keys for both "root" and "nssleak" user accounts. (I found that Centos 6 with selinux enabled requires to use the restorecon utility to make key based authentication work. See http://bugs.centos.org/view.php?id=4959 .)
  • Unless you want to diagnose potential problems, set selinux to permissive, edit /etc/selinux/config and change "restricted" to "permissive", then reboot.
  • figure out which SMTP server to use, depending on the network, e.g. smtp.mozilla.org
  • decide which email address to use for bounces (e.g. youremail+buildslaveidentifier@yourdomain)
  • switch login to user nssleak
  • send a test email to verify it's working
 echo hello | mailx -v -S smtp=smtp://smtp.mozilla.org -r youremail+buildslaveidentifier@yourdomain youremail@yourdomain
  • go to $HOME directory and checkout the tinderbox build/test scripts
 cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co mozilla/security/tinderlight
  • create data directories:
 mkdir -p $HOME/mozilla/security/tinderlight/data/mozilla-cvs
 mkdir $HOME/pkits
 cd $HOME/pkits
  • get PKITS_data.zip, e.g. using:
 wget http://kuix.de/mozilla/nss/PKITS_data.zip
 unzip PKITS_data.zip
  • (optional, should you decide to automatically backup the system, you should exclude the $HOME/mozilla/security/tinderlight/data directory)
  • adjust the scripts, go to mozilla/security/tinderlight and edit file env.sh:
  • change MAIL to good mail command for your environment, (also see above), like
 MAIL="mailx -S smtp=smtp://my.smtp.host:25 -r my-sender@email.address"
  • if necessary, adjust CVS_STABLE, e.g. use HEAD for nspr and jss, use NSS_3_13_4_BRANCH for all NSS directories, BUT DON'T change the line with ecl-curve.h (keep at 3_11_1_RTM)
  • enable the correct line for pkits, e.g.:
 export PKITS_DATA=$HOME/pkits
  • if desired, adjust CYCLE_MAX and CYCLE_TIME values
  • is your machine's IP registered in DNS? is your hostname a fully qualified domain name? If not, you must edit file config.sh and enable good HOST/DOMSUF lines. Test to ping the combination of HOST dot DOMSUF and ensure it works
  • have a look at
 ./tinder.sh --help
  • let's use a configuration that runs 64 bit, always debug, memory leak testing, alternates between the branches (trunk/stable), runs all tests on each cycle, and doesn't test JSS.
  • Edit a file named "run" that we'll use to start the continous build test cycle, and insert
 ./tinder.sh --bits=64 --opt=DBG --memtest --nojss --permcvs=$HOME/mozilla/security/tinderlight/data/mozilla-cvs
  • Save the file and
 chmod +x run
  • while there are scripts to automatically run these tests on boot, these are lazy instructions where we'll have to start the testing loop manually each time after the system boots. Start a "screen" session (if you don't get the nice bash prompt afterwards, type bash -l) and execute
  • detach the screen session with "ctrl a d". You can later get back to the screen session with: screen -r (You may check if a screen session (or multiple ones) are active: screen -ls)