mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
separate darwin and non-darwin OS autodetection, add NOAUTODETECT support for top1m performance
This patch implements two structural changes. First, OS-level detection routines are broken out into a case statement. Darwin doesn't need to test for readlink/timeout nor Busybox, so this noticeably improves performance over multiple runs on Darwin. Linux suffers no additional penalty, since we already ran if $(uname) every time anyways, and continues to use the more complex timeout/gtimeout/busybox logic at the (preexisting, unaffected) cost to performance over multiple runs. Second, if NOAUTODETECT is set, then the script assumes (and verifies) that you're providing TIMEOUTBIN and OPENSSLBIN values. If both of those values are executable files, then the script will proceed, else it will abort. In this scenario, readlink is unnecessary and is thus unused. The combination of these two changes will improve performance over multiple runs both on Darwin and when NOAUTODETECT is set for top1m.
This commit is contained in:
parent
12ede64882
commit
4b87301eb4
97
cipherscan
97
cipherscan
@ -18,14 +18,80 @@ if [[ ${BASH_VERSINFO[0]} -lt 4 ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
DIRNAMEPATH=$(dirname "$0")
|
if [[ -n $NOAUTODETECT ]]; then
|
||||||
REALPATH="$DIRNAMEPATH"
|
if ! [[ -f $TIMEOUTBIN && -x $TIMEOUTBIN ]]; then
|
||||||
# make sure this doesn't error out when readlink -f isn't available (OSX)
|
echo "NOAUTODETECT set, but TIMEOUTBIN is not an executable file" 1>&2
|
||||||
readlink -f "$0" &>/dev/null && REALPATH=$(dirname "$(readlink -f "$0")")
|
exit 1
|
||||||
if [[ "$(uname -s)" == "Darwin" ]]; then
|
fi
|
||||||
OPENSSLBIN="${REALPATH}/openssl-darwin64"
|
if ! [[ -f $OPENSSLBIN && -x $OPENSSLBIN ]]; then
|
||||||
|
echo "NOAUTODETECT set, but OPENSSLBIN is not an executable file" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
OPENSSLBIN="${REALPATH}/openssl"
|
case "$(uname -s)" in
|
||||||
|
Darwin)
|
||||||
|
opensslbin_name="openssl-darwin64"
|
||||||
|
|
||||||
|
READLINKBIN=$(which greadlink 2>/dev/null)
|
||||||
|
if [[ -z $READLINKBIN ]]; then
|
||||||
|
echo "greadlink not found. (try: brew install coreutils)" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
TIMEOUTBIN=$(which gtimeout 2>/dev/null)
|
||||||
|
if [[ -z $TIMEOUTBIN ]]; then
|
||||||
|
echo "gtimeout not found. (try: brew install coreutils)" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
opensslbin_name="openssl"
|
||||||
|
|
||||||
|
# test that readlink or greadlink (darwin) are present
|
||||||
|
READLINKBIN="$(which readlink)"
|
||||||
|
|
||||||
|
if [[ "$READLINKBIN" == "" ]]; then
|
||||||
|
READLINKBIN="$(which greadlink)"
|
||||||
|
if [[ "$READLINKBIN" == "" ]]; then
|
||||||
|
echo "neither readlink nor greadlink are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# test that timeout or gtimeout (darwin) are present
|
||||||
|
TIMEOUTBIN="$(which timeout)"
|
||||||
|
|
||||||
|
if [[ "$TIMEOUTBIN" == "" ]]; then
|
||||||
|
TIMEOUTBIN="$(which gtimeout)"
|
||||||
|
if [[ "$TIMEOUTBIN" == "" ]]; then
|
||||||
|
echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check for busybox, which has different arguments
|
||||||
|
TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)"
|
||||||
|
if [[ "$TIMEOUTOUTPUT" =~ BusyBox ]]; then
|
||||||
|
TIMEOUTBIN="$TIMEOUTBIN -t"
|
||||||
|
fi
|
||||||
|
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
DIRNAMEPATH=$(dirname "$0")
|
||||||
|
|
||||||
|
if [[ -z $OPENSSLBIN ]]; then
|
||||||
|
readlink_result=$("$READLINKBIN" -f "$0")
|
||||||
|
if [[ -z $readlink_result ]]; then
|
||||||
|
echo "$READLINKBIN -f $0 failed, aborting." 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
REALPATH=$(dirname "$readlink_result")
|
||||||
|
if [[ -z $REALPATH ]]; then
|
||||||
|
echo "dirname $REALPATH failed, aborting." 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
OPENSSLBIN="${REALPATH}/${opensslbin_name}"
|
||||||
fi
|
fi
|
||||||
OPENSSLBINHELP="$($OPENSSLBIN s_client -help 2>&1)"
|
OPENSSLBINHELP="$($OPENSSLBIN s_client -help 2>&1)"
|
||||||
if ! [[ $OPENSSLBINHELP =~ -connect ]]; then
|
if ! [[ $OPENSSLBINHELP =~ -connect ]]; then
|
||||||
@ -33,23 +99,6 @@ if ! [[ $OPENSSLBINHELP =~ -connect ]]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# test that timeout or gtimeout (darwin) are present
|
|
||||||
TIMEOUTBIN="$(which timeout)"
|
|
||||||
|
|
||||||
if [[ "$TIMEOUTBIN" == "" ]]; then
|
|
||||||
TIMEOUTBIN="$(which gtimeout)"
|
|
||||||
if [[ "$TIMEOUTBIN" == "" ]]; then
|
|
||||||
echo "neither timeout nor gtimeout are present. install coreutils with {apt-get,yum,brew} install coreutils"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check for busybox, which has different arguments
|
|
||||||
TIMEOUTOUTPUT="$($TIMEOUTBIN --help 2>&1)"
|
|
||||||
if [[ "$TIMEOUTOUTPUT" =~ BusyBox ]]; then
|
|
||||||
TIMEOUTBIN="$TIMEOUTBIN -t"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# use custom config file to enable GOST ciphers
|
# use custom config file to enable GOST ciphers
|
||||||
if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then
|
if [[ -e $DIRNAMEPATH/openssl.cnf ]]; then
|
||||||
export OPENSSL_CONF="$DIRNAMEPATH/openssl.cnf"
|
export OPENSSL_CONF="$DIRNAMEPATH/openssl.cnf"
|
||||||
|
Loading…
Reference in New Issue
Block a user