RFR JDK-8164639: Configure PKCS11 tests to use user-supplied NSS libraries
Weijun Wang
weijun.wang at oracle.com
Mon Aug 13 08:31:37 UTC 2018
> On Aug 13, 2018, at 3:36 PM, sha.jiang at oracle.com wrote:
>
> Hi Max,
>
> On 2018/8/13 13:58, Weijun Wang wrote:
>>
>>> On Aug 13, 2018, at 1:46 PM, sha.jiang at oracle.com wrote:
>>>
>>> On 2018/8/13 11:25, Weijun Wang wrote:
>>>> Can test.nss.lib.path contain multiple paths? For example, some systems might have libsoftkn3.so and libnss3.so in different directories [1] and depending on whether secmod is used the test might load one or the other.
>>> I assume the custom libs are in a single directory.
>>> This property is used for manual test run. When run different tests, users can specify different target lib path.
>> But as [1] shows they can be in different directories. Therefore either you have to move them into a single directory or you will not be able to run all PKCS11 tests with a single jtreg command.
> For some platforms, including linux-x64 and linux-x86, the test may search multiple directories for a specific NSS lib, namely softokn3 or nss3.
> Please see method getOsMap() in PKCS11Test.java.
>
> But I assume this property is used when a user-built NSS libs, but not system NSS libs, are needed.
> The user-built NSS libs could be in a single directory.
We still take [1] as the example. Suppose someone build and install NSS libs on an arm64 machine. (I don't have the experience to use an arm64 machine, just speculating). The files might be
/usr/local/lib/aarch64-linux-gnu/libnss3.so
/usr/local/lib/aarch64-linux-gnu/nss/libsoftokn3.so
With the "/usr/local" prefix the existing hardcoded osMap will not locate the libraries and one has to use the new system property. I really don't want to require the user to copy the files to a single directory before running the test.
No other comment except for:
>
>> If multiple tests are running in agentvm mode, is there a risk they share the same local path and see incomplete download?
> They should share the same local path.
> If no synchronization on actions of building local directory structure, downloading and/or unpacking, some issue may raise.
> I will consult infra team on this issue.
Thanks
Max
>
> Best regards,
> John Jiang
More information about the security-dev
mailing list