Split test_psa_compliance.py #209
Open
+243
−148
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This will allow consuming branches to each have their executable entry point. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
…thms Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added
size-s
github-project-automation
bot
moved this to In Development
in Roadmap pull requests (new board)
…odgy) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When looking for constructors, do complain if we see an unusual macro with a parameter: there's a significant chance that it's something new that will require specific handling. As a consequence, we need to explicitly skip more things that are known not to be constructors. Keep ignoring macros without parameters that don't look like constructors for the types we care about. Those probably don't matter. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
force-pushed
the
compliance-split-framework
branch
from
7557dd0 to
ca98305
Compare
Having separate patch files has several benefits: * They're available for integrators who wouldn't use our script to test compliance. * We keep them separate so they're easier for us to keep track of, and apply separately if needed. * No need to cheat with unchanged empty lines (normally represented by a line containing a single space in a patch file) to keep `check_files.py` happy. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
…same name mypy can't deal with two modules with the same basename on its command line. We don't normally want modules with the same name in different directories, to avoid confusion, but it can happen occasionally while moving files across repositories. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
bensze01
requested changes
Sep 12, 2025
An unchanged blank line results in a line containing a single space in the diff. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added
needs-review
mpg
reviewed
Sep 15, 2025
| @@ -59,12 +61,12 @@ def test_compliance(library_build_dir: str, | |||
| subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, psa_arch_tests_ref]) | |||
| subprocess.check_call(['git', 'checkout', '--force', 'FETCH_HEAD']) | |||
|
|
|||
| if patch: | |||
| if patch_files: | |||
There was a problem hiding this comment.
I don't understand the logic behind running git reset only if we have a patch to apply. It seems to me that git reset is needed if we had a patch to apply the last time we ran this script (and we are re-using the repo), which might not be the same as we have one now. Also, I don't think calling git reset when not strictly needed does any harm. So, I'd be inclined to just call it unconditionally. Am I missing something?
There was a problem hiding this comment.
I wanted to minimize changes in 3.6 which doesn't need any of the new fancy stuff. Also, arguably, it makes things worse for local debugging where you might want to edit the cached psa-arch-test tree until you get it right. On the other hand, I agree with you that I would have made git reset unconditional if I was doing this from scratch. I'll defer to Bence's preference on that since he know this script's history a lot better than we do.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Split the PSA API compliance script
test_psa_compliance.pyinto an engine plus a pre-branch runner, like with many similar scripts. Now each branch has the knowledge of which version of psa-arch-tests it runs against and how to adjust the results if needed.Also do the bare minimum to allow TF-PSA-Crypto to declare SPAKE2+ key types and algorithms in Mbed-TLS/TF-PSA-Crypto#453.
Fixes #158.
PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.