From 4a21496d6f9aa92d2d7f537ec199e39c7dafecc9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Feb 2026 13:40:07 +0100 Subject: [PATCH 1/4] Prepare to generalize check_option_lists.py We're going to have more committed generated files. Signed-off-by: Gilles Peskine --- ...check_option_lists.py => check_committed_generated_files.py} | 0 tests/scripts/components-basic-checks.sh | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename tests/scripts/{check_option_lists.py => check_committed_generated_files.py} (100%) diff --git a/tests/scripts/check_option_lists.py b/tests/scripts/check_committed_generated_files.py similarity index 100% rename from tests/scripts/check_option_lists.py rename to tests/scripts/check_committed_generated_files.py diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 1e480dd12b..73636ee66c 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -47,7 +47,7 @@ component_check_generated_files () { # This is necessary for subsequent components! msg "Check committed generated files" - tests/scripts/check_option_lists.py + tests/scripts/check_committed_generated_files.py } component_check_doxy_blocks () { From 260992c0f44b9e7d7f285db106f1b8ce8a14ac6b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Feb 2026 17:21:25 +0100 Subject: [PATCH 2/4] check_committed_generated_files.py: use the new generate_files_helper module Signed-off-by: Gilles Peskine --- .../check_committed_generated_files.py | 42 ++++--------------- 1 file changed, 8 insertions(+), 34 deletions(-) diff --git a/tests/scripts/check_committed_generated_files.py b/tests/scripts/check_committed_generated_files.py index c9b643bb6d..eee4d92023 100755 --- a/tests/scripts/check_committed_generated_files.py +++ b/tests/scripts/check_committed_generated_files.py @@ -1,46 +1,20 @@ #!/usr/bin/env python3 """ -Check that files with lists of config options are up-to-date, or update them. - -This script checks the following file: -scripts/data_files/config-options-current.txt +Check that TF-PSA-Crypto files that can be regenerated are up-to-date, or update them. """ # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -import argparse -import sys - import scripts_path # pylint: disable=unused-import from mbedtls_framework import config_macros +from mbedtls_framework import generate_files_helper +GENERATORS = [ + config_macros.Current(shadow_missing_ok=True), +] -def main(): - parser = argparse.ArgumentParser(description=__doc__) - # For now this script only acts on one target file. - # If we check/update more files, we should add a way to select which - # file(s) to operate on. - parser.add_argument('--always-update', '-U', - action='store_true', - help=('Update target files unconditionally ' - '(overrides --update)')) - parser.add_argument('--update', '-u', - action='store_true', - help='Update target files if needed') - args = parser.parse_args() - data = config_macros.Current(shadow_missing_ok=True) - if args.update or args.always_update: - data.update_shadow_file(args.always_update) - else: - up_to_date = True - if not data.is_shadow_file_up_to_date(): - print(f'{data.shadow_file_path()} is out of date') - print(f'After adding or removing a config option, you need to run') - print(f'{sys.argv[0]} -u and commit the result.') - up_to_date = False - sys.exit(0 if up_to_date else 1) - -if __name__ == "__main__": - main() +if __name__ == '__main__': + generate_files_helper.main(generators=GENERATORS, + description=__doc__) From 61cf7bdc904a05907cff81d58409b72bf0691cb1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Feb 2026 18:16:13 +0100 Subject: [PATCH 3/4] Add Python requirements from framework/util Any `all.sh` component that runs a script that requires a more recent version of Python must have a `support_xxx` function that checks for the requisite Python version or package. At this time, there is no such requirement yet in the mbedtls repository. The directory `framework/util` is not yet checked by `pylint` or `mypy`, because we use older versions of these tools that don't work well with modern Python versions. Signed-off-by: Gilles Peskine --- scripts/ci.requirements.txt | 6 ++++++ tests/scripts/components-basic-checks.sh | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 7525036441..296c1faaf0 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -17,3 +17,9 @@ pylint == 2.4.4; platform_system == 'Linux' # https://github.com/Mbed-TLS/mbedtls-framework/issues/50 # mypy 0.942 is the version in Ubuntu 22.04. mypy == 0.942; platform_system == 'Linux' + +# More requirements for scripts in the framework that might not work in +# older versions of Python. Note that requirements that are not available +# in the oldest version of Python on our CI must be annodated with +# "python >= ...". +-r ../framework/util/requirements.txt diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 73636ee66c..72bd2c036d 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -14,6 +14,16 @@ component_check_recursion () { ./framework/scripts/recursion.pl library/*.c } +support_check_generated_files () { + # Add requirements on the Python installation here for + # the sake of check_committed_generated_files.py in mbedtls. + # + # Check the Python version, not the presence of the package, + # because the CI runs `all.sh --list-components` outside of the + # venv that has our desired packages. + : +} + component_check_generated_files () { msg "Check make_generated_files.py consistency" $MAKE_COMMAND neat From aa40ca90d9e0c5680946bbfbae10cfe34cd605a1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Feb 2026 12:51:24 +0100 Subject: [PATCH 4/4] Move check_committed_generated_files to its own component This will probably help when a framework change causes the content of these files to change. See https://github.com/Mbed-TLS/mbedtls-test/issues/252 Signed-off-by: Gilles Peskine --- tests/scripts/components-basic-checks.sh | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 72bd2c036d..272efe2ae5 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -14,16 +14,6 @@ component_check_recursion () { ./framework/scripts/recursion.pl library/*.c } -support_check_generated_files () { - # Add requirements on the Python installation here for - # the sake of check_committed_generated_files.py in mbedtls. - # - # Check the Python version, not the presence of the package, - # because the CI runs `all.sh --list-components` outside of the - # venv that has our desired packages. - : -} - component_check_generated_files () { msg "Check make_generated_files.py consistency" $MAKE_COMMAND neat @@ -55,7 +45,19 @@ component_check_generated_files () { # This component ends with the generated files present in the source tree. # This is necessary for subsequent components! +} +support_check_committed_generated_files () { + # Add requirements on the Python installation here for + # the sake of check_committed_generated_files.py in mbedtls. + # + # Check the Python version, not the presence of the package, + # because the CI runs `all.sh --list-components` outside of the + # venv that has our desired packages. + : +} + +component_check_committed_generated_files () { msg "Check committed generated files" tests/scripts/check_committed_generated_files.py }