[people/ms/strongswan.git] / scripts / test.sh

#!/bin/sh
# Build script for Travis CI

build_botan()
{
	# same revision used in the build recipe of the testing environment
	BOTAN_REV=2.12.0
	BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan

	if test -d "$BOTAN_DIR"; then
		return
	fi

	echo "$ build_botan()"

	# if the leak detective is enabled we have to disable threading support
	# (used for std::async) as that causes invalid frees somehow, the
	# locking allocator causes a static leak via the first function that
	# references it (e.g. crypter or hasher), so we disable that too
	if test "$LEAK_DETECTIVE" = "yes"; then
		BOTAN_CONFIG="--without-os-features=threads
					  --disable-modules=locking_allocator"
	fi
	# disable some larger modules we don't need for the tests
	BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"

	git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
	cd $BOTAN_DIR &&
	git checkout -qf $BOTAN_REV &&
	python ./configure.py --amalgamation $BOTAN_CONFIG &&
	make -j4 libs >/dev/null &&
	sudo make install >/dev/null &&
	sudo ldconfig || exit $?
	cd -
}

build_wolfssl()
{
	WOLFSSL_REV=v4.1.0-stable
	WOLFSSL_DIR=$TRAVIS_BUILD_DIR/../wolfssl

	if test -d "$WOLFSSL_DIR"; then
		return
	fi

	echo "$ build_wolfssl()"

	WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB"
	WOLFSSL_CONFIG="--enable-keygen --enable-rsapss --enable-aesccm
					--enable-aesctr --enable-des3 --enable-camellia
					--enable-curve25519 --enable-ed25519"

	git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR &&
	cd $WOLFSSL_DIR &&
	git checkout -qf $WOLFSSL_REV &&
	./autogen.sh &&
	./configure C_EXTRA_FLAGS="$WOLFSSL_CFLAGS" $WOLFSSL_CONFIG &&
	make -j4 >/dev/null &&
	sudo make install >/dev/null &&
	sudo ldconfig || exit $?
	cd -
}

build_tss2()
{
	TSS2_REV=2.3.1
	TSS2_PKG=tpm2-tss-$TSS2_REV
	TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG
	TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz

	if test -d "$TSS2_DIR"; then
		return
	fi

	echo "$ build_tss2()"

	# the default version of libgcrypt in Ubuntu 16.04 is too old
	sudo apt-get update -qq && \
	sudo apt-get install -qq libgcrypt20-dev &&
	curl -L $TSS2_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
	cd $TSS2_DIR &&
	./configure --disable-doxygen-doc &&
	make -j4 >/dev/null &&
	sudo make install >/dev/null &&
	sudo ldconfig || exit $?
	cd -
}

build_openssl()
{
	SSL_REV=1.1.1d
	SSL_PKG=openssl-$SSL_REV
	SSL_DIR=$TRAVIS_BUILD_DIR/../$SSL_PKG
	SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz
	SSL_INS=/usr/local/ssl
	SSL_OPT="shared no-tls no-dtls no-ssl3 no-zlib no-comp no-idea no-psk no-srp
			 no-stdio no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128
			 --api=1.1.0"

	if test -d "$SSL_DIR"; then
		return
	fi

	echo "$ build_openssl()"

	curl -L $SSL_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
	cd $SSL_DIR &&
	./config --prefix=$SSL_INS --openssldir=$SSL_INS $SSL_OPT &&
	make -j4 >/dev/null &&
	sudo make install_sw >/dev/null &&
	echo $SSL_INS/lib | sudo tee /etc/ld.so.conf.d/openssl-$SSL_REV.conf >/dev/null &&
	sudo ldconfig || exit $?
	cd -
}

use_custom_openssl()
{
	CFLAGS="$CFLAGS -I/usr/local/ssl/include"
	LDFLAGS="$LDFLAGS -L/usr/local/ssl/lib"
	export LDFLAGS
	if test "$1" = "deps"; then
		build_openssl
	fi
}

if test -z $TRAVIS_BUILD_DIR; then
	TRAVIS_BUILD_DIR=$PWD
fi

cd $TRAVIS_BUILD_DIR

TARGET=check

DEPS="libgmp-dev"

CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"

case "$TEST" in
default)
	# should be the default, but lets make sure
	CONFIG="--with-printf-hooks=glibc"
	;;
openssl*)
	CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem"
	export TESTS_PLUGINS="test-vectors pem openssl!"
	DEPS="libssl-dev"
	if test "$TEST" != "openssl-1.0"; then
		DEPS=""
		use_custom_openssl $1
	fi
	;;
gcrypt)
	CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
	export TESTS_PLUGINS="test-vectors pkcs1 gcrypt!"
	DEPS="libgcrypt11-dev"
	;;
botan)
	CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem"
	export TESTS_PLUGINS="test-vectors pem botan!"
	# we can't use the old package that comes with Ubuntu so we build from
	# the current master until 2.8.0 is released and then probably switch to
	# that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
	# currently required)
	DEPS=""
	if test "$1" = "deps"; then
		build_botan
	fi
	;;
wolfssl)
	CONFIG="--disable-defaults --enable-pki --enable-wolfssl --enable-pem"
	export TESTS_PLUGINS="test-vectors pem wolfssl!"
	# build with custom options to enable all the features the plugin supports
	DEPS=""
	if test "$1" = "deps"; then
		build_wolfssl
	fi
	;;
printf-builtin)
	CONFIG="--with-printf-hooks=builtin"
	;;
all|coverage|sonarcloud)
	CONFIG="--enable-all --disable-android-dns --disable-android-log
			--disable-kernel-pfroute --disable-keychain
			--disable-lock-profiler --disable-padlock --disable-fuzzing
			--disable-osx-attr --disable-tkm --disable-uci
			--disable-soup --disable-unwind-backtraces
			--disable-svc --disable-dbghelp-backtraces --disable-socket-win
			--disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
	# not enabled on the build server
	CONFIG="$CONFIG --disable-af-alg"
	if test "$TEST" != "coverage"; then
		CONFIG="$CONFIG --disable-coverage"
	else
		# not actually required but configure checks for it
		DEPS="$DEPS lcov"
	fi
	DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
		  libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
		  libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev libnm-dev
		  libjson0-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
	PYDEPS="pytest"
	if test "$1" = "deps"; then
		build_botan
		build_wolfssl
		build_tss2
	fi
	use_custom_openssl $1
	;;
win*)
	CONFIG="--disable-defaults --enable-svc --enable-ikev2
			--enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
			--enable-constraints --enable-revocation --enable-pem --enable-pkcs1
			--enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
			--enable-eap-tnc --enable-eap-ttls --enable-eap-identity
			--enable-updown --enable-ext-auth --enable-libipsec
			--enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
			--enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
			--enable-pki --enable-swanctl --enable-socket-win
			--enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
	# no make check for Windows binaries unless we run on a windows host
	if test "$APPVEYOR" != "True"; then
		TARGET=
		CCACHE=ccache
	else
		CONFIG="$CONFIG --enable-openssl"
		CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
		LDFLAGS="-L/c/OpenSSL-$TEST"
		export LDFLAGS
	fi
	CFLAGS="$CFLAGS -mno-ms-bitfields"
	DEPS="gcc-mingw-w64-base"
	case "$TEST" in
	win64)
		CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
		DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
		CC="$CCACHE x86_64-w64-mingw32-gcc"
		;;
	win32)
		CONFIG="--host=i686-w64-mingw32 $CONFIG"
		DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
		CC="$CCACHE i686-w64-mingw32-gcc"
		;;
	esac
	;;
osx)
	# this causes a false positive in ip-packet.c since Xcode 8.3
	CFLAGS="$CFLAGS -Wno-address-of-packed-member"
	# use the same options as in the Homebrew Formula
	CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
			--enable-curl --enable-eap-gtc --enable-eap-identity
			--enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
			--enable-kernel-libipsec --enable-kernel-pfkey
			--enable-kernel-pfroute --enable-nonce --enable-openssl
			--enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
			--enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
			--enable-scepclient --enable-socket-default --enable-sshkey
			--enable-stroke --enable-swanctl --enable-unity --enable-updown
			--enable-x509 --enable-xauth-generic"
	DEPS="bison gettext openssl curl"
	BREW_PREFIX=$(brew --prefix)
	export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
	export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
	for pkg in openssl curl
	do
		PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
		CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
		LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
	done
	export PKG_CONFIG_PATH
	export CPPFLAGS
	export LDFLAGS
	;;
freebsd)
	# use the options of the FreeBSD port (including options), except smp,
	# which requires a patch but is deprecated anyway, only using the builtin
	# printf hooks
	CONFIG="--enable-kernel-pfkey --enable-kernel-pfroute --disable-scripts
			--disable-kernel-netlink --enable-openssl --enable-eap-identity
			--enable-eap-md5 --enable-eap-tls --enable-eap-mschapv2
			--enable-eap-peap --enable-eap-ttls --enable-md4 --enable-blowfish
			--enable-addrblock --enable-whitelist --enable-cmd --enable-curl
			--enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-dynamic
			--enable-eap-radius --enable-eap-sim --enable-eap-sim-file
			--enable-gcm --enable-ipseckey --enable-kernel-libipsec
			--enable-load-tester --enable-ldap --enable-mediation
			--enable-mysql --enable-sqlite --enable-tpm	--enable-unbound
			--enable-unity --enable-xauth-eap --enable-xauth-pam
			--with-printf-hooks=builtin --enable-attr-sql --enable-sql"
	DEPS="gmp openldap-client libxml2 mysql80-client sqlite3 unbound ldns"
	export GPERF=/usr/local/bin/gperf
	export LEX=/usr/local/bin/flex
	;;
fuzzing)
	CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
	CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
			--enable-imc-test --enable-tnccs-20"
	# don't run any of the unit tests
	export TESTS_RUNNERS=
	# prepare corpora
	if test -z "$1"; then
		if test -z "$FUZZING_CORPORA"; then
			git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
			export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
		fi
		# these are about the same as those on OSS-Fuzz (except for the
		# symbolize options and strip_path_prefix)
		export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
			allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
			coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
			alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
			handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
			symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
	fi
	;;
dist)
	TARGET=distcheck
	;;
apidoc)
	DEPS="doxygen"
	CONFIG="--disable-defaults"
	TARGET=apidoc
	;;
*)
	echo "$0: unknown test $TEST" >&2
	exit 1
	;;
esac

if test "$1" = "deps"; then
	case "$TRAVIS_OS_NAME" in
	linux)
		sudo apt-get update -qq && \
		sudo apt-get install -qq bison flex gperf gettext $DEPS
		;;
	osx)
		brew update && \
		# workaround for issue #6352
		brew uninstall --force libtool && brew install libtool && \
		brew install $DEPS
		;;
	freebsd)
		pkg install -y automake autoconf libtool pkgconf && \
		pkg install -y bison flex gperf gettext $DEPS
		;;
	esac
	exit $?
fi

if test "$1" = "pydeps"; then
	test -z "$PYDEPS" || pip -q install --user $PYDEPS
	exit $?
fi

CONFIG="$CONFIG
	--disable-dependency-tracking
	--enable-silent-rules
	--enable-test-vectors
	--enable-monolithic=${MONOLITHIC-no}
	--enable-leak-detective=${LEAK_DETECTIVE-no}"

echo "$ ./autogen.sh"
./autogen.sh || exit $?
echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?

case "$TEST" in
apidoc)
	exec 2>make.warnings
	;;
*)
	;;
esac

echo "$ make $TARGET"
case "$TEST" in
sonarcloud)
	# without target, coverage is currently not supported anyway because
	# sonarqube only supports gcov, not lcov
	build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
	;;
*)
	make -j4 $TARGET || exit $?
	;;
esac

case "$TEST" in
apidoc)
	if test -s make.warnings; then
		cat make.warnings
		exit 1
	fi
	rm make.warnings
	;;
sonarcloud)
	sonar-scanner \
		-Dsonar.projectKey=strongswan \
		-Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
		-Dsonar.sources=. \
		-Dsonar.cfamily.threads=2 \
		-Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
	rm -r bw-output .scannerwork
	;;
*)
	;;
esac

# ensure there are no unignored build artifacts (or other changes) in the Git repo
unclean="$(git status --porcelain)"
if test -n "$unclean"; then
	echo "Unignored build artifacts or other changes:"
	echo "$unclean"
	exit 1
fi
Commit	Line	Data
d151cd28 TB	1	#!/bin/sh
	2	# Build script for Travis CI
	3
e5d52774 TB	4	build_botan()
e5d52774 TB	5	{
1bbb736e	6	# same revision used in the build recipe of the testing environment
07368826	7	BOTAN_REV=2.12.0
24af02b0 TB	8	BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
24af02b0 TB	9
d4068a1d TB	10	if test -d "$BOTAN_DIR"; then
	11	return
	12	fi
	13
2a58030b TB	14	echo "$ build_botan()"
2a58030b TB	15
e5d52774 TB	16	# if the leak detective is enabled we have to disable threading support
	17	# (used for std::async) as that causes invalid frees somehow, the
	18	# locking allocator causes a static leak via the first function that
	19	# references it (e.g. crypter or hasher), so we disable that too
	20	if test "$LEAK_DETECTIVE" = "yes"; then
	21	BOTAN_CONFIG="--without-os-features=threads
	22	--disable-modules=locking_allocator"
	23	fi
	24	# disable some larger modules we don't need for the tests
	25	BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
1bbb736e TB	26
1bbb736e TB	27	git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
24af02b0	28	cd $BOTAN_DIR &&
bbe72f97	29	git checkout -qf $BOTAN_REV &&
24af02b0	30	python ./configure.py --amalgamation $BOTAN_CONFIG &&
e5d52774 TB	31	make -j4 libs >/dev/null &&
	32	sudo make install >/dev/null &&
	33	sudo ldconfig \|\| exit $?
24af02b0	34	cd -
e5d52774 TB	35	}
e5d52774 TB	36
d50bb81c TB	37	build_wolfssl()
d50bb81c TB	38	{
f00c9f91	39	WOLFSSL_REV=v4.1.0-stable
d50bb81c TB	40	WOLFSSL_DIR=$TRAVIS_BUILD_DIR/../wolfssl
	41
	42	if test -d "$WOLFSSL_DIR"; then
	43	return
	44	fi
	45
	46	echo "$ build_wolfssl()"
	47
	48	WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB"
	49	WOLFSSL_CONFIG="--enable-keygen --enable-rsapss --enable-aesccm
	50	--enable-aesctr --enable-des3 --enable-camellia
	51	--enable-curve25519 --enable-ed25519"
	52
	53	git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR &&
	54	cd $WOLFSSL_DIR &&
	55	git checkout -qf $WOLFSSL_REV &&
	56	./autogen.sh &&
	57	./configure C_EXTRA_FLAGS="$WOLFSSL_CFLAGS" $WOLFSSL_CONFIG &&
	58	make -j4 >/dev/null &&
	59	sudo make install >/dev/null &&
	60	sudo ldconfig \|\| exit $?
	61	cd -
	62	}
	63
7b46089e TB	64	build_tss2()
7b46089e TB	65	{
936d101d	66	TSS2_REV=2.3.1
7b46089e TB	67	TSS2_PKG=tpm2-tss-$TSS2_REV
	68	TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG
	69	TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz
	70
	71	if test -d "$TSS2_DIR"; then
	72	return
	73	fi
	74
2a58030b TB	75	echo "$ build_tss2()"
	76
	77	# the default version of libgcrypt in Ubuntu 16.04 is too old
7b46089e TB	78	sudo apt-get update -qq && \
	79	sudo apt-get install -qq libgcrypt20-dev &&
	80	curl -L $TSS2_SRC \| tar xz -C $TRAVIS_BUILD_DIR/.. &&
	81	cd $TSS2_DIR &&
936d101d	82	./configure --disable-doxygen-doc &&
248f3491 TB	83	make -j4 >/dev/null &&
248f3491 TB	84	sudo make install >/dev/null &&
7b46089e TB	85	sudo ldconfig \|\| exit $?
	86	cd -
	87	}
	88
2a58030b TB	89	build_openssl()
2a58030b TB	90	{
55879d32	91	SSL_REV=1.1.1d
2a58030b TB	92	SSL_PKG=openssl-$SSL_REV
	93	SSL_DIR=$TRAVIS_BUILD_DIR/../$SSL_PKG
	94	SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz
	95	SSL_INS=/usr/local/ssl
	96	SSL_OPT="shared no-tls no-dtls no-ssl3 no-zlib no-comp no-idea no-psk no-srp
91dce6e8 TB	97	no-stdio no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128
91dce6e8 TB	98	--api=1.1.0"
2a58030b TB	99
	100	if test -d "$SSL_DIR"; then
	101	return
	102	fi
	103
	104	echo "$ build_openssl()"
	105
	106	curl -L $SSL_SRC \| tar xz -C $TRAVIS_BUILD_DIR/.. &&
	107	cd $SSL_DIR &&
	108	./config --prefix=$SSL_INS --openssldir=$SSL_INS $SSL_OPT &&
	109	make -j4 >/dev/null &&
	110	sudo make install_sw >/dev/null &&
	111	echo $SSL_INS/lib \| sudo tee /etc/ld.so.conf.d/openssl-$SSL_REV.conf >/dev/null &&
	112	sudo ldconfig \|\| exit $?
	113	cd -
	114	}
	115
	116	use_custom_openssl()
	117	{
	118	CFLAGS="$CFLAGS -I/usr/local/ssl/include"
	119	LDFLAGS="$LDFLAGS -L/usr/local/ssl/lib"
	120	export LDFLAGS
	121	if test "$1" = "deps"; then
	122	build_openssl
	123	fi
	124	}
	125
d151cd28 TB	126	if test -z $TRAVIS_BUILD_DIR; then
	127	TRAVIS_BUILD_DIR=$PWD
	128	fi
	129
	130	cd $TRAVIS_BUILD_DIR
	131
	132	TARGET=check
	133
60a0bb67 TB	134	DEPS="libgmp-dev"
60a0bb67 TB	135
95e67e8d MW	136	CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
95e67e8d MW	137
d151cd28 TB	138	case "$TEST" in
d151cd28 TB	139	default)
316aa4b4 TB	140	# should be the default, but lets make sure
316aa4b4 TB	141	CONFIG="--with-printf-hooks=glibc"
d151cd28	142	;;
2a58030b TB	143	openssl*)
2a58030b TB	144	CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem"
885c05b0	145	export TESTS_PLUGINS="test-vectors pem openssl!"
60a0bb67	146	DEPS="libssl-dev"
2a58030b TB	147	if test "$TEST" != "openssl-1.0"; then
	148	DEPS=""
	149	use_custom_openssl $1
	150	fi
d151cd28 TB	151	;;
d151cd28 TB	152	gcrypt)
3986c1e3	153	CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
885c05b0	154	export TESTS_PLUGINS="test-vectors pkcs1 gcrypt!"
60a0bb67	155	DEPS="libgcrypt11-dev"
d151cd28	156	;;
9ee23d5e	157	botan)
4bcc4bac	158	CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem"
885c05b0	159	export TESTS_PLUGINS="test-vectors pem botan!"
9ee23d5e TB	160	# we can't use the old package that comes with Ubuntu so we build from
	161	# the current master until 2.8.0 is released and then probably switch to
	162	# that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
	163	# currently required)
	164	DEPS=""
	165	if test "$1" = "deps"; then
e5d52774	166	build_botan
9ee23d5e TB	167	fi
9ee23d5e TB	168	;;
d50bb81c TB	169	wolfssl)
d50bb81c TB	170	CONFIG="--disable-defaults --enable-pki --enable-wolfssl --enable-pem"
885c05b0	171	export TESTS_PLUGINS="test-vectors pem wolfssl!"
d50bb81c TB	172	# build with custom options to enable all the features the plugin supports
	173	DEPS=""
	174	if test "$1" = "deps"; then
	175	build_wolfssl
	176	fi
	177	;;
316aa4b4 TB	178	printf-builtin)
	179	CONFIG="--with-printf-hooks=builtin"
	180	;;
e2d8833f	181	all\|coverage\|sonarcloud)
d151cd28	182	CONFIG="--enable-all --disable-android-dns --disable-android-log
66c4735f	183	--disable-kernel-pfroute --disable-keychain
157742be	184	--disable-lock-profiler --disable-padlock --disable-fuzzing
e4fd163a	185	--disable-osx-attr --disable-tkm --disable-uci
cfdab423	186	--disable-soup --disable-unwind-backtraces
4732e29a	187	--disable-svc --disable-dbghelp-backtraces --disable-socket-win
c572401b	188	--disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
d151cd28 TB	189	# not enabled on the build server
d151cd28 TB	190	CONFIG="$CONFIG --disable-af-alg"
42f7c989 TB	191	if test "$TEST" != "coverage"; then
	192	CONFIG="$CONFIG --disable-coverage"
	193	else
	194	# not actually required but configure checks for it
	195	DEPS="$DEPS lcov"
	196	fi
60a0bb67 TB	197	DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
60a0bb67 TB	198	libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
cfdab423 TB	199	libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev libnm-dev
cfdab423 TB	200	libjson0-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
75a84579	201	PYDEPS="pytest"
e5d52774 TB	202	if test "$1" = "deps"; then
e5d52774 TB	203	build_botan
d50bb81c	204	build_wolfssl
7b46089e	205	build_tss2
e5d52774	206	fi
2a58030b	207	use_custom_openssl $1
d151cd28	208	;;
fd372e13 MW	209	win*)
fd372e13 MW	210	CONFIG="--disable-defaults --enable-svc --enable-ikev2
d930d184 MW	211	--enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
	212	--enable-constraints --enable-revocation --enable-pem --enable-pkcs1
	213	--enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
	214	--enable-eap-tnc --enable-eap-ttls --enable-eap-identity
1da56773	215	--enable-updown --enable-ext-auth --enable-libipsec
d930d184 MW	216	--enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
d930d184 MW	217	--enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
cfdab423 TB	218	--enable-pki --enable-swanctl --enable-socket-win
cfdab423 TB	219	--enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
6eb7dd11 TB	220	# no make check for Windows binaries unless we run on a windows host
	221	if test "$APPVEYOR" != "True"; then
	222	TARGET=
8a4f1102	223	CCACHE=ccache
09662628 TB	224	else
	225	CONFIG="$CONFIG --enable-openssl"
	226	CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
	227	LDFLAGS="-L/c/OpenSSL-$TEST"
	228	export LDFLAGS
6eb7dd11	229	fi
d930d184	230	CFLAGS="$CFLAGS -mno-ms-bitfields"
94a69986	231	DEPS="gcc-mingw-w64-base"
fd372e13 MW	232	case "$TEST" in
fd372e13 MW	233	win64)
cfdab423	234	CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
94a69986	235	DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
8a4f1102	236	CC="$CCACHE x86_64-w64-mingw32-gcc"
fd372e13 MW	237	;;
	238	win32)
	239	CONFIG="--host=i686-w64-mingw32 $CONFIG"
cfdab423	240	DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
8a4f1102	241	CC="$CCACHE i686-w64-mingw32-gcc"
fd372e13 MW	242	;;
fd372e13 MW	243	esac
d930d184	244	;;
e36b1e2e	245	osx)
fd9edf7f TB	246	# this causes a false positive in ip-packet.c since Xcode 8.3
fd9edf7f TB	247	CFLAGS="$CFLAGS -Wno-address-of-packed-member"
e36b1e2e TB	248	# use the same options as in the Homebrew Formula
	249	CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
	250	--enable-curl --enable-eap-gtc --enable-eap-identity
	251	--enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
	252	--enable-kernel-libipsec --enable-kernel-pfkey
	253	--enable-kernel-pfroute --enable-nonce --enable-openssl
	254	--enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
	255	--enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
	256	--enable-scepclient --enable-socket-default --enable-sshkey
	257	--enable-stroke --enable-swanctl --enable-unity --enable-updown
	258	--enable-x509 --enable-xauth-generic"
	259	DEPS="bison gettext openssl curl"
	260	BREW_PREFIX=$(brew --prefix)
	261	export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
	262	export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
	263	for pkg in openssl curl
	264	do
8486b3b4	265	PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
e36b1e2e TB	266	CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
	267	LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
	268	done
	269	export PKG_CONFIG_PATH
	270	export CPPFLAGS
	271	export LDFLAGS
	272	;;
d6949b15 TB	273	freebsd)
	274	# use the options of the FreeBSD port (including options), except smp,
	275	# which requires a patch but is deprecated anyway, only using the builtin
	276	# printf hooks
	277	CONFIG="--enable-kernel-pfkey --enable-kernel-pfroute --disable-scripts
	278	--disable-kernel-netlink --enable-openssl --enable-eap-identity
	279	--enable-eap-md5 --enable-eap-tls --enable-eap-mschapv2
	280	--enable-eap-peap --enable-eap-ttls --enable-md4 --enable-blowfish
	281	--enable-addrblock --enable-whitelist --enable-cmd --enable-curl
	282	--enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-dynamic
	283	--enable-eap-radius --enable-eap-sim --enable-eap-sim-file
	284	--enable-gcm --enable-ipseckey --enable-kernel-libipsec
	285	--enable-load-tester --enable-ldap --enable-mediation
	286	--enable-mysql --enable-sqlite --enable-tpm --enable-unbound
	287	--enable-unity --enable-xauth-eap --enable-xauth-pam
	288	--with-printf-hooks=builtin --enable-attr-sql --enable-sql"
	289	DEPS="gmp openldap-client libxml2 mysql80-client sqlite3 unbound ldns"
	290	export GPERF=/usr/local/bin/gperf
	291	export LEX=/usr/local/bin/flex
	292	;;
1ce2721d TB	293	fuzzing)
1ce2721d TB	294	CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
508b3087	295	CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
75181f48	296	--enable-imc-test --enable-tnccs-20"
1ce2721d TB	297	# don't run any of the unit tests
	298	export TESTS_RUNNERS=
	299	# prepare corpora
	300	if test -z "$1"; then
	301	if test -z "$FUZZING_CORPORA"; then
	302	git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
	303	export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
	304	fi
7421884d TB	305	# these are about the same as those on OSS-Fuzz (except for the
	306	# symbolize options and strip_path_prefix)
	307	export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
	308	allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
	309	coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
	310	alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
	311	handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
	312	symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
1ce2721d TB	313	fi
1ce2721d TB	314	;;
d151cd28 TB	315	dist)
	316	TARGET=distcheck
	317	;;
4e8f5a18 TB	318	apidoc)
	319	DEPS="doxygen"
	320	CONFIG="--disable-defaults"
	321	TARGET=apidoc
	322	;;
d151cd28 TB	323	*)
	324	echo "$0: unknown test $TEST" >&2
	325	exit 1
	326	;;
	327	esac
	328
60a0bb67	329	if test "$1" = "deps"; then
e36b1e2e TB	330	case "$TRAVIS_OS_NAME" in
	331	linux)
	332	sudo apt-get update -qq && \
	333	sudo apt-get install -qq bison flex gperf gettext $DEPS
	334	;;
	335	osx)
	336	brew update && \
1806ba08 TB	337	# workaround for issue #6352
1806ba08 TB	338	brew uninstall --force libtool && brew install libtool && \
e36b1e2e TB	339	brew install $DEPS
e36b1e2e TB	340	;;
d6949b15 TB	341	freebsd)
	342	pkg install -y automake autoconf libtool pkgconf && \
	343	pkg install -y bison flex gperf gettext $DEPS
	344	;;
e36b1e2e	345	esac
60a0bb67 TB	346	exit $?
	347	fi
	348
75a84579	349	if test "$1" = "pydeps"; then
6ccfeeb1	350	test -z "$PYDEPS" \|\| pip -q install --user $PYDEPS
75a84579 MW	351	exit $?
	352	fi
	353
d151cd28	354	CONFIG="$CONFIG
e36b1e2e	355	--disable-dependency-tracking
d151cd28 TB	356	--enable-silent-rules
	357	--enable-test-vectors
	358	--enable-monolithic=${MONOLITHIC-no}
	359	--enable-leak-detective=${LEAK_DETECTIVE-no}"
	360
e36b1e2e TB	361	echo "$ ./autogen.sh"
e36b1e2e TB	362	./autogen.sh \|\| exit $?
4e8f5a18 TB	363	echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
	364	CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG \|\| exit $?
	365
	366	case "$TEST" in
	367	apidoc)
	368	exec 2>make.warnings
	369	;;
	370	*)
	371	;;
	372	esac
	373
	374	echo "$ make $TARGET"
e2d8833f TB	375	case "$TEST" in
	376	sonarcloud)
	377	# without target, coverage is currently not supported anyway because
	378	# sonarqube only supports gcov, not lcov
	379	build-wrapper-linux-x86-64 --out-dir bw-output make -j4 \|\| exit $?
	380	;;
	381	*)
	382	make -j4 $TARGET \|\| exit $?
	383	;;
	384	esac
4e8f5a18 TB	385
	386	case "$TEST" in
	387	apidoc)
	388	if test -s make.warnings; then
	389	cat make.warnings
	390	exit 1
	391	fi
f36e3755	392	rm make.warnings
4e8f5a18	393	;;
e2d8833f TB	394	sonarcloud)
	395	sonar-scanner \
	396	-Dsonar.projectKey=strongswan \
	397	-Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
	398	-Dsonar.sources=. \
187ab298	399	-Dsonar.cfamily.threads=2 \
e2d8833f	400	-Dsonar.cfamily.build-wrapper-output=bw-output \|\| exit $?
f36e3755	401	rm -r bw-output .scannerwork
e2d8833f	402	;;
4e8f5a18 TB	403	*)
	404	;;
	405	esac
f36e3755 TB	406
	407	# ensure there are no unignored build artifacts (or other changes) in the Git repo
	408	unclean="$(git status --porcelain)"
	409	if test -n "$unclean"; then
	410	echo "Unignored build artifacts or other changes:"
	411	echo "$unclean"
	412	exit 1
	413	fi