]>
git.ipfire.org Git - thirdparty/pdns.git/blob - tasks.py
95c940616675f91321e01130946ba742b269f6b9
1 from invoke
import task
2 from invoke
.exceptions
import Failure
, UnexpectedExit
31 auth_build_deps
= [ # FIXME: perhaps we should be stealing these from the debian (Ubuntu) control file
32 'default-libmysqlclient-dev',
34 'libcurl4-openssl-dev',
69 dnsdist_build_deps
= [
81 auth_test_deps
= [ # FIXME: we should be generating some of these from shlibdeps in build
86 'default-jre-headless',
93 'libboost-serialization1.71.0',
122 c
.sudo('apt-get update')
123 c
.sudo('apt-get dist-upgrade')
126 def install_clang(c
):
128 install clang-12 and llvm-12
130 c
.sudo('apt-get -qq -y --no-install-recommends install clang-12 llvm-12')
133 def install_clang_runtime(c
):
134 # this gives us the symbolizer, for symbols in asan/ubsan traces
135 c
.sudo('apt-get -qq -y --no-install-recommends install clang-12')
137 def install_libdecaf(c
, product
):
138 c
.run('git clone https://git.code.sf.net/p/ed448goldilocks/code /tmp/libdecaf')
139 with c
.cd('/tmp/libdecaf'):
140 c
.run('git checkout 41f349')
141 c
.run('cmake -B build '
142 '-DCMAKE_INSTALL_PREFIX=/usr/local '
143 '-DCMAKE_INSTALL_LIBDIR=lib '
144 '-DENABLE_STATIC=OFF '
145 '-DENABLE_TESTS=OFF '
146 '-DCMAKE_C_FLAGS="-Wno-sizeof-array-div -Wno-array-parameter" .')
147 c
.run('make -C build')
148 c
.run('sudo make -C build install')
149 c
.sudo(f
'mkdir -p /opt/{product}/libdecaf')
150 c
.sudo(f
'cp /usr/local/lib/libdecaf.so* /opt/{product}/libdecaf/.')
153 def install_auth_build_deps(c
):
154 c
.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ auth_build_deps
))
155 install_libdecaf(c
, 'pdns-auth')
157 def setup_authbind(c
):
158 c
.sudo('touch /etc/authbind/byport/53')
159 c
.sudo('chmod 755 /etc/authbind/byport/53')
161 auth_backend_test_deps
= dict(
162 gsqlite3
=['sqlite3'],
163 gmysql
=['default-libmysqlclient-dev'],
164 gpgsql
=['libpq-dev'],
174 @task(help={'backend': 'Backend to install test deps for, e.g. gsqlite3; can be repeated'}, iterable
=['backend'], optional
=['backend'])
175 def install_auth_test_deps(c
, backend
): # FIXME: rename this, we do way more than apt-get
178 extra
.extend(auth_backend_test_deps
[b
])
179 c
.sudo('apt-get -y -qq install ' + ' '.join(extra
+auth_test_deps
))
181 c
.run('chmod +x /opt/pdns-auth/bin/* /opt/pdns-auth/sbin/*')
182 # c.run('''if [ ! -e $HOME/bin/jdnssec-verifyzone ]; then
183 # wget https://github.com/dblacka/jdnssec-tools/releases/download/0.14/jdnssec-tools-0.14.tar.gz
184 # tar xfz jdnssec-tools-0.14.tar.gz -C $HOME
185 # rm jdnssec-tools-0.14.tar.gz
187 # echo 'export PATH=$HOME/jdnssec-tools-0.14/bin:$PATH' >> $BASH_ENV''') # FIXME: why did this fail with no error?
188 c
.run('touch regression-tests/tests/verify-dnssec-zone/allow-missing regression-tests.nobackend/rectify-axfr/allow-missing') # FIXME: can this go?
189 # FIXME we may want to start a background recursor here to make ALIAS tests more robust
193 c
.sudo('mkdir -p /usr/local/lib')
194 c
.sudo('cp /opt/pdns-auth/libdecaf/libdecaf.so* /usr/local/lib/.')
197 def install_rec_bulk_deps(c
): # FIXME: rename this, we do way more than apt-get
198 c
.sudo('apt-get --no-install-recommends -qq -y install ' + ' '.join(rec_bulk_deps
))
199 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
202 def install_rec_test_deps(c
): # FIXME: rename this, we do way more than apt-get
203 c
.sudo('apt-get --no-install-recommends install -qq -y ' + ' '.join(rec_bulk_deps
) + ' \
204 pdns-server pdns-backend-bind daemontools \
205 jq libfaketime lua-posix lua-socket bc authbind \
206 python3-venv python3-dev default-libmysqlclient-dev libpq-dev \
207 protobuf-compiler snmpd prometheus')
209 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
213 c
.run('sed "s/agentxperms 0700 0755 recursor/agentxperms 0777 0755/g" regression-tests.recursor-dnssec/snmpd.conf | sudo tee /etc/snmp/snmpd.conf')
214 c
.sudo('systemctl restart snmpd')
216 c
.sudo('chmod 755 /var/agentx')
219 def install_dnsdist_test_deps(c
): # FIXME: rename this, we do way more than apt-get
220 c
.sudo('apt-get install -qq -y \
225 libcurl4-openssl-dev \
238 python3-venv snmpd prometheus')
239 c
.run('sed "s/agentxperms 0700 0755 dnsdist/agentxperms 0777 0755/g" regression-tests.dnsdist/snmpd.conf | sudo tee /etc/snmp/snmpd.conf')
240 c
.sudo('systemctl restart snmpd')
242 c
.sudo('chmod 755 /var/agentx')
245 def install_rec_build_deps(c
):
246 c
.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ rec_build_deps
))
249 def install_dnsdist_build_deps(c
):
250 c
.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ dnsdist_build_deps
))
254 c
.run('BUILDER_VERSION=0.0.0-git1 autoreconf -vfi')
257 def ci_auth_configure(c
):
258 res
= c
.run('''CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \
259 CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \
263 LDFLAGS='-L/usr/local/lib -Wl,-rpath,/usr/local/lib' \
264 --enable-option-checking=fatal \
265 --with-modules='bind geoip gmysql godbc gpgsql gsqlite3 ldap lmdb lua2 pipe remote tinydns' \
268 --enable-unit-tests \
269 --enable-backend-unit-tests \
270 --enable-fuzz-targets \
271 --enable-experimental-pkcs11 \
272 --enable-experimental-gss-tsig \
273 --enable-remotebackend-zeromq \
277 --prefix=/opt/pdns-auth \
280 --enable-ubsan''', warn
=True)
282 c
.run('cat config.log')
283 raise UnexpectedExit(res
)
285 def ci_rec_configure(c
):
286 sanitizers
= ' '.join('--enable-'+x
for x
in os
.getenv('SANITIZERS').split('+'))
287 res
= c
.run(''' CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \
288 CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \
292 --enable-option-checking=fatal \
293 --enable-unit-tests \
296 --prefix=/opt/pdns-recursor \
301 --enable-dns-over-tls ''' + sanitizers
, warn
=True)
303 c
.run('cat config.log')
304 raise UnexpectedExit(res
)
307 def ci_dnsdist_configure(c
, features
):
308 additional_flags
= ''
309 if features
== 'full':
310 features_set
= '--enable-dnstap \
312 --enable-dns-over-tls \
313 --enable-dns-over-https \
315 --prefix=/opt/dnsdist \
323 features_set
= '--disable-dnstap \
331 --without-libsodium \
336 additional_flags
= '-DDISABLE_COMPLETION \
337 -DDISABLE_DELAY_PIPE \
338 -DDISABLE_DYNBLOCKS \
339 -DDISABLE_PROMETHEUS \
341 -DDISABLE_BUILTIN_HTML \
344 -DDISABLE_DEPRECATED_DYNBLOCK \
345 -DDISABLE_LUA_WEB_HANDLERS \
346 -DDISABLE_NON_FFI_DQ_BINDINGS \
347 -DDISABLE_POLICIES_BINDINGS \
348 -DDISABLE_PACKETCACHE_BINDINGS \
349 -DDISABLE_DOWNSTREAM_BINDINGS \
350 -DDISABLE_COMBO_ADDR_BINDINGS \
351 -DDISABLE_CLIENT_STATE_BINDINGS \
352 -DDISABLE_QPS_LIMITER_BINDINGS \
353 -DDISABLE_SUFFIX_MATCH_BINDINGS \
354 -DDISABLE_NETMASK_BINDINGS \
355 -DDISABLE_DNSNAME_BINDINGS \
356 -DDISABLE_DNSHEADER_BINDINGS \
358 -DDISABLE_WEB_CONFIG \
359 -DDISABLE_RULES_ALTERING_QUERIES \
360 -DDISABLE_ECS_ACTIONS \
361 -DDISABLE_TOP_N_BINDINGS \
362 -DDISABLE_OCSP_STAPLING \
363 -DDISABLE_HASHED_CREDENTIALS \
364 -DDISABLE_FALSE_SHARING_PADDING \
366 sanitizers
= ' '.join('--enable-'+x
for x
in os
.getenv('SANITIZERS').split('+'))
367 cflags
= '-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int'
368 cxxflags
= cflags
+ ' -Wp,-D_GLIBCXX_ASSERTIONS ' + additional_flags
369 res
= c
.run('''CFLAGS="%s" \
374 --enable-option-checking=fatal \
375 --enable-unit-tests \
376 --prefix=/opt/dnsdist %s %s''' % (cflags
, cxxflags
, features_set
, sanitizers
), warn
=True)
378 c
.run('cat config.log')
379 raise UnexpectedExit(res
)
383 c
.run('make -j8 -k V=1')
387 c
.run('make -j8 -k V=1')
390 def ci_dnsdist_make(c
):
391 c
.run('make -j4 -k V=1')
394 def ci_auth_install_remotebackend_test_deps(c
):
395 with c
.cd('modules/remotebackend'):
396 # c.run('bundle config set path vendor/bundle')
397 c
.run('sudo ruby -S bundle install')
398 c
.sudo('apt-get install -qq -y socat')
401 def ci_auth_run_unit_tests(c
):
402 res
= c
.run('make check', warn
=True)
404 c
.run('cat pdns/test-suite.log', warn
=True)
405 c
.run('cat modules/remotebackend/test-suite.log', warn
=True)
406 raise UnexpectedExit(res
)
409 def ci_rec_run_unit_tests(c
):
410 res
= c
.run('make check', warn
=True)
412 c
.run('cat test-suite.log')
413 raise UnexpectedExit(res
)
416 def ci_dnsdist_run_unit_tests(c
):
417 res
= c
.run('make check', warn
=True)
419 c
.run('cat test-suite.log')
420 raise UnexpectedExit(res
)
423 def ci_make_install(c
):
424 res
= c
.run('make install') # FIXME: this builds auth docs - again
427 def add_auth_repo(c
):
428 dist
= 'ubuntu' # FIXME take these from the caller?
432 c
.sudo('apt-get install -qq -y curl gnupg2')
433 if version
== 'master':
434 c
.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/CBC8B383-pub.asc')
436 c
.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/FD380FBB-pub.asc')
437 c
.run(f
"echo 'deb [arch=amd64] http://repo.powerdns.com/{dist} {release}-auth-{version} main' | sudo tee /etc/apt/sources.list.d/pdns.list")
438 c
.run("echo 'Package: pdns-*' | sudo tee /etc/apt/preferences.d/pdns")
439 c
.run("echo 'Pin: origin repo.powerdns.com' | sudo tee -a /etc/apt/preferences.d/pdns")
440 c
.run("echo 'Pin-Priority: 600' | sudo tee -a /etc/apt/preferences.d/pdns")
441 c
.sudo('apt-get update')
444 def test_api(c
, product
, backend
=''):
445 if product
== 'recursor':
446 with c
.cd('regression-tests.api'):
447 c
.run(f
'PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor ./runtests recursor {backend}')
448 elif product
== 'auth':
449 with c
.cd('regression-tests.api'):
450 c
.run(f
'PDNSSERVER=/opt/pdns-auth/sbin/pdns_server PDNSUTIL=/opt/pdns-auth/bin/pdnsutil SDIG=/opt/pdns-auth/bin/sdig MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./runtests authoritative {backend}')
452 raise Failure('unknown product')
454 backend_regress_tests
= dict(
458 'bind-dnssec-nsec3-both',
459 'bind-dnssec-nsec3-optout-both',
460 'bind-dnssec-nsec3-narrow',
461 # FIXME 'bind-dnssec-pkcs11'
466 # FIXME: also run this with the mmdb we ship
476 'remotebackend-pipe',
477 'remotebackend-unix',
478 'remotebackend-http',
479 'remotebackend-zeromq',
480 'remotebackend-pipe-dnssec',
481 'remotebackend-unix-dnssec',
482 'remotebackend-http-dnssec',
483 'remotebackend-zeromq-dnssec'
486 'lmdb-nodnssec-both',
489 'lmdb-nsec3-optout-both',
492 gmysql
= ['gmysql', 'gmysql-nodnssec-both', 'gmysql-nsec3-both', 'gmysql-nsec3-optout-both', 'gmysql-nsec3-narrow', 'gmysql_sp-both'],
493 gpgsql
= ['gpgsql', 'gpgsql-nodnssec-both', 'gpgsql-nsec3-both', 'gpgsql-nsec3-optout-both', 'gpgsql-nsec3-narrow', 'gpgsql_sp-both'],
494 gsqlite3
= ['gsqlite3', 'gsqlite3-nodnssec-both', 'gsqlite3-nsec3-both', 'gsqlite3-nsec3-optout-both', 'gsqlite3-nsec3-narrow'],
498 def test_auth_backend(c
, backend
):
499 if backend
== 'remote':
500 ci_auth_install_remotebackend_test_deps(c
)
502 if backend
== 'authpy':
503 with c
.cd('regression-tests.auth-py'):
504 c
.run(f
'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" WITHKERBEROS=YES ./runtests')
507 with c
.cd('regression-tests'):
508 if backend
== 'lua2':
509 c
.run('touch trustedkeys') # avoid silly error during cleanup
510 for variant
in backend_regress_tests
[backend
]:
511 # FIXME this long line is terrible
512 c
.run(f
'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./start-test-stop 5300 {variant}')
514 if backend
== 'gsqlite3':
515 with c
.cd('regression-tests.nobackend'):
516 c
.run(f
'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST=127.0.0.1 GMYSQL2HOST=127.0.0.1 MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./runtests')
517 c
.run('/opt/pdns-auth/bin/pdnsutil test-algorithms')
521 def test_ixfrdist(c
):
522 with c
.cd('regression-tests.ixfrdist'):
523 c
.run('IXFRDISTBIN=/opt/pdns-auth/bin/ixfrdist ./runtests')
527 c
.run('chmod +x /opt/dnsdist/bin/*')
528 c
.run('ls -ald /var /var/agentx /var/agentx/master')
529 c
.run('ls -al /var/agentx/master')
530 with c
.cd('regression-tests.dnsdist'):
531 c
.run('DNSDISTBIN=/opt/dnsdist/bin/dnsdist ./runtests')
534 def test_regression_recursor(c
):
535 c
.run('/opt/pdns-recursor/sbin/pdns_recursor --version')
536 c
.run('PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control SKIP_IPV6_TESTS=y ./build-scripts/test-recursor')
539 def test_bulk_recursor(c
, threads
, mthreads
, shards
):
540 # We run an extremely small version of the bulk test, as GH does not seem to be able to handle the UDP load
541 with c
.cd('regression-tests'):
542 c
.run('curl -LO http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip')
543 c
.run('unzip top-1m.csv.zip -d .')
544 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
545 c
.run(f
'DNSBULKTEST=/usr/bin/dnsbulktest RECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control THRESHOLD=95 TRACE=no ./timestamp ./recursor-test 5300 100 {threads} {mthreads} {shards}')
548 def install_swagger_tools(c
):
549 c
.run('npm install -g api-spec-converter')
552 def swagger_syntax_check(c
):
553 c
.run('api-spec-converter docs/http-api/swagger/authoritative-api-swagger.yaml -f swagger_2 -t openapi_3 -s json -c')
557 if '/usr/lib/ccache' not in os
.environ
['PATH']:
558 os
.environ
['PATH']='/usr/lib/ccache:'+os
.environ
['PATH']