From 2e436e75ee7a0965ab08f0895d165a2b0267a180 Mon Sep 17 00:00:00 2001
From: Doug Chapman <dougch@amazon.com>
Date: Mon, 29 Jan 2024 22:17:52 +0000
Subject: [PATCH 1/9] ci: add libcrypto shortcuts

---
 flake.nix    |  6 ++++++
 nix/shell.sh | 14 ++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/flake.nix b/flake.nix
index 17beda26c8d..35e05aac96a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -94,6 +94,12 @@
           buildInputs = [ pkgs.cmake openssl_3_0 ];
           packages = common_packages;
           S2N_LIBCRYPTO = "openssl-3.0";
+          OPENSSL_1_0_2_INSTALL_DIR = "${openssl_1_0_2}";
+          OPENSSL_1_1_1_INSTALL_DIR = "${openssl_1_1_1}";
+          OPENSSL_3_0_INSTALL_DIR = "${openssl_3_0}";
+          AWSLC_INSTALL_DIR = "${aws-lc}";
+          GNUTLS_INSTALL_DIR = "${pkgs.gnutls}";
+          LIBRESSL_INSTALL_DIR = "${libressl}";
           # Integ s_client/server tests expect openssl 1.1.1.
           shellHook = ''
             echo Setting up $S2N_LIBCRYPTO environment from flake.nix...
diff --git a/nix/shell.sh b/nix/shell.sh
index 198afb6df30..36bda4f6e28 100644
--- a/nix/shell.sh
+++ b/nix/shell.sh
@@ -9,6 +9,20 @@ banner()
     echo "+---------------------------------------------------------+"
 }
 
+function libcrypto_alias {
+    if [[ -f $2 ]]; then
+      alias $1=$2
+      else
+      banner "Could not find libcrdypto $2 for alias"
+    fi
+}
+libcrypto_alias openssl102 "${OPENSSL_1_0_2_INSTALL_DIR}/bin/openssl"
+libcrypto_alias openssl111 "${OPENSSL_1_1_1_INSTALL_DIR}/bin/openssl"
+libcrypto_alias openssl30 "${OPENSSL_3_0_INSTALL_DIR}/bin/openssl"
+libcrypto_alias bssl "${AWSLC_INSTALL_DIR}/bin/bssl"
+libcrypto_alias libressl "${LIBRESSL_INSTALL_DIR}/bin/openssl"
+libcrypto_alias gnutls-cli "${GNUTLS_INSTALL_DIR}/bin/gnutls-cli"
+
 
 function clean {
     banner "Cleanup ./build"

From dd0fd1f3bd01184843611ccf5184335be5254f0d Mon Sep 17 00:00:00 2001
From: Doug Chapman <dougch@amazon.com>
Date: Fri, 16 Feb 2024 17:06:50 +0000
Subject: [PATCH 2/9] feedback from #4252

---
 nix/shell.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nix/shell.sh b/nix/shell.sh
index 36bda4f6e28..4192a7a240e 100644
--- a/nix/shell.sh
+++ b/nix/shell.sh
@@ -12,6 +12,7 @@ banner()
 function libcrypto_alias {
     if [[ -f $2 ]]; then
       alias $1=$2
+      echo "Libcrypto $2 available as $1"
       else
       banner "Could not find libcrdypto $2 for alias"
     fi

From 689230f7df53cc2dd3b548c8ccc2c2e8fabbc3f2 Mon Sep 17 00:00:00 2001
From: Doug Chapman <54039637+dougch@users.noreply.github.com>
Date: Thu, 29 Feb 2024 13:12:31 -0800
Subject: [PATCH 3/9] Update nix/shell.sh

Co-authored-by: James Mayclin <maycj@amazon.com>
---
 nix/shell.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nix/shell.sh b/nix/shell.sh
index 4192a7a240e..68a0ca7f44a 100644
--- a/nix/shell.sh
+++ b/nix/shell.sh
@@ -14,7 +14,7 @@ function libcrypto_alias {
       alias $1=$2
       echo "Libcrypto $2 available as $1"
       else
-      banner "Could not find libcrdypto $2 for alias"
+      banner "Could not find libcrypto $2 for alias"
     fi
 }
 libcrypto_alias openssl102 "${OPENSSL_1_0_2_INSTALL_DIR}/bin/openssl"

From c8c64b2867fe2810a32cf5c005f7c8a50e52c899 Mon Sep 17 00:00:00 2001
From: Doug Chapman <dougch@amazon.com>
Date: Thu, 29 Feb 2024 21:25:22 +0000
Subject: [PATCH 4/9] PR feedback

---
 nix/shell.sh | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/nix/shell.sh b/nix/shell.sh
index 68a0ca7f44a..264bffcced6 100644
--- a/nix/shell.sh
+++ b/nix/shell.sh
@@ -10,11 +10,13 @@ banner()
 }
 
 function libcrypto_alias {
-    if [[ -f $2 ]]; then
-      alias $1=$2
-      echo "Libcrypto $2 available as $1"
-      else
-      banner "Could not find libcrypto $2 for alias"
+    local libcrypto_name=$1
+    local libcrypto_binary_path=$2
+    if [[ -f $libcrypto_binary_path ]]; then
+      alias $libcrypto_name=$libcrypto_binary_path
+      echo "Libcrypto binary $libcrypto_binary_path available as $libcrypto_name"
+    else
+      banner "Could not find libcrypto $libcrypto_binary_path for alias"
     fi
 }
 libcrypto_alias openssl102 "${OPENSSL_1_0_2_INSTALL_DIR}/bin/openssl"
@@ -22,8 +24,7 @@ libcrypto_alias openssl111 "${OPENSSL_1_1_1_INSTALL_DIR}/bin/openssl"
 libcrypto_alias openssl30 "${OPENSSL_3_0_INSTALL_DIR}/bin/openssl"
 libcrypto_alias bssl "${AWSLC_INSTALL_DIR}/bin/bssl"
 libcrypto_alias libressl "${LIBRESSL_INSTALL_DIR}/bin/openssl"
-libcrypto_alias gnutls-cli "${GNUTLS_INSTALL_DIR}/bin/gnutls-cli"
-
+#No need to alias gnutls because of it's included in common_packages (see flake.nix)
 
 function clean {
     banner "Cleanup ./build"

From 88c8cb69899e6b0ae2a80bd259f4c4faba4bb507 Mon Sep 17 00:00:00 2001
From: Doug Chapman <dougch@amazon.com>
Date: Thu, 29 Feb 2024 23:59:52 +0000
Subject: [PATCH 5/9] Typos

---
 flake.nix    | 2 +-
 nix/shell.sh | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.nix b/flake.nix
index 35e05aac96a..df7da105507 100644
--- a/flake.nix
+++ b/flake.nix
@@ -147,7 +147,7 @@
             # Integ s_client/server tests expect openssl 1.1.1.
             # GnuTLS-cli and serv utilities needed for some integration tests.
             shellHook = ''
-              echo Setting up $S2N_LIBCRYPTO enviornment from flake.nix...
+              echo Setting up $S2N_LIBCRYPTO environment from flake.nix...
               export PATH=${openssl_1_1_1}/bin:$PATH
               export PS1="[nix $S2N_LIBCRYPTO] $PS1"
               source ${writeScript ./nix/shell.sh}
diff --git a/nix/shell.sh b/nix/shell.sh
index 264bffcced6..bed64de1d4c 100644
--- a/nix/shell.sh
+++ b/nix/shell.sh
@@ -24,7 +24,7 @@ libcrypto_alias openssl111 "${OPENSSL_1_1_1_INSTALL_DIR}/bin/openssl"
 libcrypto_alias openssl30 "${OPENSSL_3_0_INSTALL_DIR}/bin/openssl"
 libcrypto_alias bssl "${AWSLC_INSTALL_DIR}/bin/bssl"
 libcrypto_alias libressl "${LIBRESSL_INSTALL_DIR}/bin/openssl"
-#No need to alias gnutls because of it's included in common_packages (see flake.nix)
+#No need to alias gnutls because it is included in common_packages (see flake.nix).
 
 function clean {
     banner "Cleanup ./build"
@@ -134,7 +134,7 @@ function do-clang-format {
 
 function test_toolchain_counts {
     # This is a starting point for a unit test of the devShell.
-    # The choosen S2N_LIBCRYPTO should be 2, and the others should be zero.
+    # The chosen S2N_LIBCRYPTO should be 2, and the others should be zero.
     banner "Checking the CMAKE_INCLUDE_PATH for libcrypto counts"
     echo $CMAKE_INCLUDE_PATH|gawk 'BEGIN{RS=":"; o10=0; o11=0; o3=0;awslc=0;libre=0}
       /openssl-3.0/{o3++}

From 3f8ed078d1fea0404929fe39eb51dd2321131206 Mon Sep 17 00:00:00 2001
From: Doug Chapman <dougch@amazon.com>
Date: Wed, 27 Mar 2024 16:48:44 -0700
Subject: [PATCH 6/9] nix develop in debug mode with large instance to search
 for flakyness

---
 codebuild/spec/buildspec_generalbatch.yml | 4 ++--
 codebuild/spec/buildspec_ktls.yml         | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/codebuild/spec/buildspec_generalbatch.yml b/codebuild/spec/buildspec_generalbatch.yml
index d1e6bc6b5fe..07385dd812f 100644
--- a/codebuild/spec/buildspec_generalbatch.yml
+++ b/codebuild/spec/buildspec_generalbatch.yml
@@ -356,13 +356,13 @@ batch:
     - identifier: ktls
       buildspec: codebuild/spec/buildspec_ktls.yml
       env:
-        compute-type: BUILD_GENERAL1_LARGE
+        compute-type: BUILD_GENERAL1_2XLARGE
         image: aws/codebuild/standard:7.0
         privileged-mode: true
     - identifier: ktlsASAN
       buildspec: codebuild/spec/buildspec_ktls.yml
       env:
-        compute-type: BUILD_GENERAL1_LARGE
+        compute-type: BUILD_GENERAL1_2XLARGE
         image: aws/codebuild/standard:7.0
         privileged-mode: true
         variables:
diff --git a/codebuild/spec/buildspec_ktls.yml b/codebuild/spec/buildspec_ktls.yml
index 9ef592fa39e..4b6bb0640e0 100644
--- a/codebuild/spec/buildspec_ktls.yml
+++ b/codebuild/spec/buildspec_ktls.yml
@@ -19,6 +19,6 @@ phases:
             cd s2n-tls; sudo modprobe tls; \
             export S2N_CMAKE_OPTIONS=${S2N_CMAKE_OPTIONS}; \
             export S2N_KTLS_TESTING_EXPECTED=1; \
-            nix develop .#openssl111 --command bash -c \
+            nix develop --debug .#openssl111 --command bash -c \
                 'source ./nix/shell.sh && clean && configure && build && unit' \
         "

From 0e1b2dc18a0c8804b5bd51292f6ce2e7e4c64585 Mon Sep 17 00:00:00 2001
From: Doug Chapman <dougch@amazon.com>
Date: Thu, 28 Mar 2024 00:12:53 +0000
Subject: [PATCH 7/9] temp bump the qemu core count

---
 codebuild/spec/buildspec_ktls.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/codebuild/spec/buildspec_ktls.yml b/codebuild/spec/buildspec_ktls.yml
index 4b6bb0640e0..7c888627646 100644
--- a/codebuild/spec/buildspec_ktls.yml
+++ b/codebuild/spec/buildspec_ktls.yml
@@ -9,7 +9,7 @@ phases:
   pre_build:
     commands:
       - aws s3 --quiet sync s3://s2n-ktls-testing ./qemu
-      - cd qemu; bash ./run.sh; cd ..
+      - cd qemu; bash ./runbig.sh; cd ..
       - rsync -avz --exclude=qemu --exclude=tests/fuzz -e 'ssh -p 2222' . codebuild@localhost:/home/codebuild/s2n-tls
   build:
     commands:

From d54236e880c8707ec80a79c9bf8169a901b99ab8 Mon Sep 17 00:00:00 2001
From: Doug Chapman <dougch@amazon.com>
Date: Fri, 29 Mar 2024 17:05:05 +0000
Subject: [PATCH 8/9] debugging/nix caching

---
 codebuild/spec/buildspec_generalbatch.yml | 5 +++--
 codebuild/spec/buildspec_ktls.yml         | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/codebuild/spec/buildspec_generalbatch.yml b/codebuild/spec/buildspec_generalbatch.yml
index 07385dd812f..f1c59c75799 100644
--- a/codebuild/spec/buildspec_generalbatch.yml
+++ b/codebuild/spec/buildspec_generalbatch.yml
@@ -356,13 +356,14 @@ batch:
     - identifier: ktls
       buildspec: codebuild/spec/buildspec_ktls.yml
       env:
-        compute-type: BUILD_GENERAL1_2XLARGE
+        debug-session: true
+        compute-type: BUILD_GENERAL1_XLARGE
         image: aws/codebuild/standard:7.0
         privileged-mode: true
     - identifier: ktlsASAN
       buildspec: codebuild/spec/buildspec_ktls.yml
       env:
-        compute-type: BUILD_GENERAL1_2XLARGE
+        compute-type: BUILD_GENERAL1_XLARGE
         image: aws/codebuild/standard:7.0
         privileged-mode: true
         variables:
diff --git a/codebuild/spec/buildspec_ktls.yml b/codebuild/spec/buildspec_ktls.yml
index 7c888627646..82e3c390fd9 100644
--- a/codebuild/spec/buildspec_ktls.yml
+++ b/codebuild/spec/buildspec_ktls.yml
@@ -19,6 +19,6 @@ phases:
             cd s2n-tls; sudo modprobe tls; \
             export S2N_CMAKE_OPTIONS=${S2N_CMAKE_OPTIONS}; \
             export S2N_KTLS_TESTING_EXPECTED=1; \
-            nix develop --debug .#openssl111 --command bash -c \
+            nix develop .#openssl111 --command bash -c \
                 'source ./nix/shell.sh && clean && configure && build && unit' \
         "

From 0a91c5728930f1c6b99ce82b0aba15a28eb663be Mon Sep 17 00:00:00 2001
From: Doug Chapman <dougch@amazon.com>
Date: Fri, 29 Mar 2024 18:44:57 +0000
Subject: [PATCH 9/9] Revert debugging

---
 codebuild/spec/buildspec_generalbatch.yml | 5 ++---
 codebuild/spec/buildspec_ktls.yml         | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/codebuild/spec/buildspec_generalbatch.yml b/codebuild/spec/buildspec_generalbatch.yml
index f1c59c75799..d1e6bc6b5fe 100644
--- a/codebuild/spec/buildspec_generalbatch.yml
+++ b/codebuild/spec/buildspec_generalbatch.yml
@@ -356,14 +356,13 @@ batch:
     - identifier: ktls
       buildspec: codebuild/spec/buildspec_ktls.yml
       env:
-        debug-session: true
-        compute-type: BUILD_GENERAL1_XLARGE
+        compute-type: BUILD_GENERAL1_LARGE
         image: aws/codebuild/standard:7.0
         privileged-mode: true
     - identifier: ktlsASAN
       buildspec: codebuild/spec/buildspec_ktls.yml
       env:
-        compute-type: BUILD_GENERAL1_XLARGE
+        compute-type: BUILD_GENERAL1_LARGE
         image: aws/codebuild/standard:7.0
         privileged-mode: true
         variables:
diff --git a/codebuild/spec/buildspec_ktls.yml b/codebuild/spec/buildspec_ktls.yml
index 82e3c390fd9..9ef592fa39e 100644
--- a/codebuild/spec/buildspec_ktls.yml
+++ b/codebuild/spec/buildspec_ktls.yml
@@ -9,7 +9,7 @@ phases:
   pre_build:
     commands:
       - aws s3 --quiet sync s3://s2n-ktls-testing ./qemu
-      - cd qemu; bash ./runbig.sh; cd ..
+      - cd qemu; bash ./run.sh; cd ..
       - rsync -avz --exclude=qemu --exclude=tests/fuzz -e 'ssh -p 2222' . codebuild@localhost:/home/codebuild/s2n-tls
   build:
     commands: