]>
Commit | Line | Data |
---|---|---|
d151cd28 TB |
1 | #!/bin/sh |
2 | # Build script for Travis CI | |
3 | ||
e5d52774 TB |
4 | build_botan() |
5 | { | |
1bbb736e | 6 | # same revision used in the build recipe of the testing environment |
07368826 | 7 | BOTAN_REV=2.12.0 |
24af02b0 TB |
8 | BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan |
9 | ||
d4068a1d TB |
10 | if test -d "$BOTAN_DIR"; then |
11 | return | |
12 | fi | |
13 | ||
2a58030b TB |
14 | echo "$ build_botan()" |
15 | ||
e5d52774 TB |
16 | # if the leak detective is enabled we have to disable threading support |
17 | # (used for std::async) as that causes invalid frees somehow, the | |
18 | # locking allocator causes a static leak via the first function that | |
19 | # references it (e.g. crypter or hasher), so we disable that too | |
20 | if test "$LEAK_DETECTIVE" = "yes"; then | |
21 | BOTAN_CONFIG="--without-os-features=threads | |
22 | --disable-modules=locking_allocator" | |
23 | fi | |
24 | # disable some larger modules we don't need for the tests | |
25 | BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss" | |
1bbb736e TB |
26 | |
27 | git clone https://github.com/randombit/botan.git $BOTAN_DIR && | |
24af02b0 | 28 | cd $BOTAN_DIR && |
bbe72f97 | 29 | git checkout -qf $BOTAN_REV && |
24af02b0 | 30 | python ./configure.py --amalgamation $BOTAN_CONFIG && |
e5d52774 TB |
31 | make -j4 libs >/dev/null && |
32 | sudo make install >/dev/null && | |
33 | sudo ldconfig || exit $? | |
24af02b0 | 34 | cd - |
e5d52774 TB |
35 | } |
36 | ||
d50bb81c TB |
37 | build_wolfssl() |
38 | { | |
f00c9f91 | 39 | WOLFSSL_REV=v4.1.0-stable |
d50bb81c TB |
40 | WOLFSSL_DIR=$TRAVIS_BUILD_DIR/../wolfssl |
41 | ||
42 | if test -d "$WOLFSSL_DIR"; then | |
43 | return | |
44 | fi | |
45 | ||
46 | echo "$ build_wolfssl()" | |
47 | ||
48 | WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB" | |
49 | WOLFSSL_CONFIG="--enable-keygen --enable-rsapss --enable-aesccm | |
50 | --enable-aesctr --enable-des3 --enable-camellia | |
51 | --enable-curve25519 --enable-ed25519" | |
52 | ||
53 | git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR && | |
54 | cd $WOLFSSL_DIR && | |
55 | git checkout -qf $WOLFSSL_REV && | |
56 | ./autogen.sh && | |
57 | ./configure C_EXTRA_FLAGS="$WOLFSSL_CFLAGS" $WOLFSSL_CONFIG && | |
58 | make -j4 >/dev/null && | |
59 | sudo make install >/dev/null && | |
60 | sudo ldconfig || exit $? | |
61 | cd - | |
62 | } | |
63 | ||
7b46089e TB |
64 | build_tss2() |
65 | { | |
936d101d | 66 | TSS2_REV=2.3.1 |
7b46089e TB |
67 | TSS2_PKG=tpm2-tss-$TSS2_REV |
68 | TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG | |
69 | TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz | |
70 | ||
71 | if test -d "$TSS2_DIR"; then | |
72 | return | |
73 | fi | |
74 | ||
2a58030b TB |
75 | echo "$ build_tss2()" |
76 | ||
77 | # the default version of libgcrypt in Ubuntu 16.04 is too old | |
7b46089e TB |
78 | sudo apt-get update -qq && \ |
79 | sudo apt-get install -qq libgcrypt20-dev && | |
80 | curl -L $TSS2_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. && | |
81 | cd $TSS2_DIR && | |
936d101d | 82 | ./configure --disable-doxygen-doc && |
248f3491 TB |
83 | make -j4 >/dev/null && |
84 | sudo make install >/dev/null && | |
7b46089e TB |
85 | sudo ldconfig || exit $? |
86 | cd - | |
87 | } | |
88 | ||
2a58030b TB |
89 | build_openssl() |
90 | { | |
55879d32 | 91 | SSL_REV=1.1.1d |
2a58030b TB |
92 | SSL_PKG=openssl-$SSL_REV |
93 | SSL_DIR=$TRAVIS_BUILD_DIR/../$SSL_PKG | |
94 | SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz | |
95 | SSL_INS=/usr/local/ssl | |
96 | SSL_OPT="shared no-tls no-dtls no-ssl3 no-zlib no-comp no-idea no-psk no-srp | |
91dce6e8 TB |
97 | no-stdio no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128 |
98 | --api=1.1.0" | |
2a58030b TB |
99 | |
100 | if test -d "$SSL_DIR"; then | |
101 | return | |
102 | fi | |
103 | ||
104 | echo "$ build_openssl()" | |
105 | ||
106 | curl -L $SSL_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. && | |
107 | cd $SSL_DIR && | |
108 | ./config --prefix=$SSL_INS --openssldir=$SSL_INS $SSL_OPT && | |
109 | make -j4 >/dev/null && | |
110 | sudo make install_sw >/dev/null && | |
111 | echo $SSL_INS/lib | sudo tee /etc/ld.so.conf.d/openssl-$SSL_REV.conf >/dev/null && | |
112 | sudo ldconfig || exit $? | |
113 | cd - | |
114 | } | |
115 | ||
116 | use_custom_openssl() | |
117 | { | |
118 | CFLAGS="$CFLAGS -I/usr/local/ssl/include" | |
119 | LDFLAGS="$LDFLAGS -L/usr/local/ssl/lib" | |
120 | export LDFLAGS | |
121 | if test "$1" = "deps"; then | |
122 | build_openssl | |
123 | fi | |
124 | } | |
125 | ||
d151cd28 TB |
126 | if test -z $TRAVIS_BUILD_DIR; then |
127 | TRAVIS_BUILD_DIR=$PWD | |
128 | fi | |
129 | ||
130 | cd $TRAVIS_BUILD_DIR | |
131 | ||
132 | TARGET=check | |
133 | ||
60a0bb67 TB |
134 | DEPS="libgmp-dev" |
135 | ||
95e67e8d MW |
136 | CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror" |
137 | ||
d151cd28 TB |
138 | case "$TEST" in |
139 | default) | |
316aa4b4 TB |
140 | # should be the default, but lets make sure |
141 | CONFIG="--with-printf-hooks=glibc" | |
d151cd28 | 142 | ;; |
2a58030b TB |
143 | openssl*) |
144 | CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem" | |
885c05b0 | 145 | export TESTS_PLUGINS="test-vectors pem openssl!" |
60a0bb67 | 146 | DEPS="libssl-dev" |
2a58030b TB |
147 | if test "$TEST" != "openssl-1.0"; then |
148 | DEPS="" | |
149 | use_custom_openssl $1 | |
150 | fi | |
d151cd28 TB |
151 | ;; |
152 | gcrypt) | |
3986c1e3 | 153 | CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1" |
885c05b0 | 154 | export TESTS_PLUGINS="test-vectors pkcs1 gcrypt!" |
60a0bb67 | 155 | DEPS="libgcrypt11-dev" |
d151cd28 | 156 | ;; |
9ee23d5e | 157 | botan) |
4bcc4bac | 158 | CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem" |
885c05b0 | 159 | export TESTS_PLUGINS="test-vectors pem botan!" |
9ee23d5e TB |
160 | # we can't use the old package that comes with Ubuntu so we build from |
161 | # the current master until 2.8.0 is released and then probably switch to | |
162 | # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is | |
163 | # currently required) | |
164 | DEPS="" | |
165 | if test "$1" = "deps"; then | |
e5d52774 | 166 | build_botan |
9ee23d5e TB |
167 | fi |
168 | ;; | |
d50bb81c TB |
169 | wolfssl) |
170 | CONFIG="--disable-defaults --enable-pki --enable-wolfssl --enable-pem" | |
885c05b0 | 171 | export TESTS_PLUGINS="test-vectors pem wolfssl!" |
d50bb81c TB |
172 | # build with custom options to enable all the features the plugin supports |
173 | DEPS="" | |
174 | if test "$1" = "deps"; then | |
175 | build_wolfssl | |
176 | fi | |
177 | ;; | |
316aa4b4 TB |
178 | printf-builtin) |
179 | CONFIG="--with-printf-hooks=builtin" | |
180 | ;; | |
e2d8833f | 181 | all|coverage|sonarcloud) |
d151cd28 | 182 | CONFIG="--enable-all --disable-android-dns --disable-android-log |
66c4735f | 183 | --disable-kernel-pfroute --disable-keychain |
157742be | 184 | --disable-lock-profiler --disable-padlock --disable-fuzzing |
e4fd163a | 185 | --disable-osx-attr --disable-tkm --disable-uci |
cfdab423 | 186 | --disable-soup --disable-unwind-backtraces |
4732e29a | 187 | --disable-svc --disable-dbghelp-backtraces --disable-socket-win |
c572401b | 188 | --disable-kernel-wfp --disable-kernel-iph --disable-winhttp" |
d151cd28 TB |
189 | # not enabled on the build server |
190 | CONFIG="$CONFIG --disable-af-alg" | |
42f7c989 TB |
191 | if test "$TEST" != "coverage"; then |
192 | CONFIG="$CONFIG --disable-coverage" | |
193 | else | |
194 | # not actually required but configure checks for it | |
195 | DEPS="$DEPS lcov" | |
196 | fi | |
60a0bb67 TB |
197 | DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev |
198 | libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev | |
cfdab423 TB |
199 | libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev libnm-dev |
200 | libjson0-dev iptables-dev python-pip libtspi-dev libsystemd-dev" | |
75a84579 | 201 | PYDEPS="pytest" |
e5d52774 TB |
202 | if test "$1" = "deps"; then |
203 | build_botan | |
d50bb81c | 204 | build_wolfssl |
7b46089e | 205 | build_tss2 |
e5d52774 | 206 | fi |
2a58030b | 207 | use_custom_openssl $1 |
d151cd28 | 208 | ;; |
fd372e13 MW |
209 | win*) |
210 | CONFIG="--disable-defaults --enable-svc --enable-ikev2 | |
d930d184 MW |
211 | --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce |
212 | --enable-constraints --enable-revocation --enable-pem --enable-pkcs1 | |
213 | --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert | |
214 | --enable-eap-tnc --enable-eap-ttls --enable-eap-identity | |
1da56773 | 215 | --enable-updown --enable-ext-auth --enable-libipsec |
d930d184 MW |
216 | --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation |
217 | --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc | |
cfdab423 TB |
218 | --enable-pki --enable-swanctl --enable-socket-win |
219 | --enable-kernel-iph --enable-kernel-wfp --enable-winhttp" | |
6eb7dd11 TB |
220 | # no make check for Windows binaries unless we run on a windows host |
221 | if test "$APPVEYOR" != "True"; then | |
222 | TARGET= | |
8a4f1102 | 223 | CCACHE=ccache |
09662628 TB |
224 | else |
225 | CONFIG="$CONFIG --enable-openssl" | |
226 | CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include" | |
227 | LDFLAGS="-L/c/OpenSSL-$TEST" | |
228 | export LDFLAGS | |
6eb7dd11 | 229 | fi |
d930d184 | 230 | CFLAGS="$CFLAGS -mno-ms-bitfields" |
94a69986 | 231 | DEPS="gcc-mingw-w64-base" |
fd372e13 MW |
232 | case "$TEST" in |
233 | win64) | |
cfdab423 | 234 | CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces" |
94a69986 | 235 | DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS" |
8a4f1102 | 236 | CC="$CCACHE x86_64-w64-mingw32-gcc" |
fd372e13 MW |
237 | ;; |
238 | win32) | |
239 | CONFIG="--host=i686-w64-mingw32 $CONFIG" | |
cfdab423 | 240 | DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS" |
8a4f1102 | 241 | CC="$CCACHE i686-w64-mingw32-gcc" |
fd372e13 MW |
242 | ;; |
243 | esac | |
d930d184 | 244 | ;; |
e36b1e2e | 245 | osx) |
fd9edf7f TB |
246 | # this causes a false positive in ip-packet.c since Xcode 8.3 |
247 | CFLAGS="$CFLAGS -Wno-address-of-packed-member" | |
e36b1e2e TB |
248 | # use the same options as in the Homebrew Formula |
249 | CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints | |
250 | --enable-curl --enable-eap-gtc --enable-eap-identity | |
251 | --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2 | |
252 | --enable-kernel-libipsec --enable-kernel-pfkey | |
253 | --enable-kernel-pfroute --enable-nonce --enable-openssl | |
254 | --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1 | |
255 | --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation | |
256 | --enable-scepclient --enable-socket-default --enable-sshkey | |
257 | --enable-stroke --enable-swanctl --enable-unity --enable-updown | |
258 | --enable-x509 --enable-xauth-generic" | |
259 | DEPS="bison gettext openssl curl" | |
260 | BREW_PREFIX=$(brew --prefix) | |
261 | export PATH=$BREW_PREFIX/opt/bison/bin:$PATH | |
262 | export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH | |
263 | for pkg in openssl curl | |
264 | do | |
8486b3b4 | 265 | PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH |
e36b1e2e TB |
266 | CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS" |
267 | LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS" | |
268 | done | |
269 | export PKG_CONFIG_PATH | |
270 | export CPPFLAGS | |
271 | export LDFLAGS | |
272 | ;; | |
d6949b15 TB |
273 | freebsd) |
274 | # use the options of the FreeBSD port (including options), except smp, | |
275 | # which requires a patch but is deprecated anyway, only using the builtin | |
276 | # printf hooks | |
277 | CONFIG="--enable-kernel-pfkey --enable-kernel-pfroute --disable-scripts | |
278 | --disable-kernel-netlink --enable-openssl --enable-eap-identity | |
279 | --enable-eap-md5 --enable-eap-tls --enable-eap-mschapv2 | |
280 | --enable-eap-peap --enable-eap-ttls --enable-md4 --enable-blowfish | |
281 | --enable-addrblock --enable-whitelist --enable-cmd --enable-curl | |
282 | --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-dynamic | |
283 | --enable-eap-radius --enable-eap-sim --enable-eap-sim-file | |
284 | --enable-gcm --enable-ipseckey --enable-kernel-libipsec | |
285 | --enable-load-tester --enable-ldap --enable-mediation | |
286 | --enable-mysql --enable-sqlite --enable-tpm --enable-unbound | |
287 | --enable-unity --enable-xauth-eap --enable-xauth-pam | |
288 | --with-printf-hooks=builtin --enable-attr-sql --enable-sql" | |
289 | DEPS="gmp openldap-client libxml2 mysql80-client sqlite3 unbound ldns" | |
290 | export GPERF=/usr/local/bin/gperf | |
291 | export LEX=/usr/local/bin/flex | |
292 | ;; | |
1ce2721d TB |
293 | fuzzing) |
294 | CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE" | |
508b3087 | 295 | CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts |
75181f48 | 296 | --enable-imc-test --enable-tnccs-20" |
1ce2721d TB |
297 | # don't run any of the unit tests |
298 | export TESTS_RUNNERS= | |
299 | # prepare corpora | |
300 | if test -z "$1"; then | |
301 | if test -z "$FUZZING_CORPORA"; then | |
302 | git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora | |
303 | export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora | |
304 | fi | |
7421884d TB |
305 | # these are about the same as those on OSS-Fuzz (except for the |
306 | # symbolize options and strip_path_prefix) | |
307 | export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\ | |
308 | allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\ | |
309 | coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\ | |
310 | alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\ | |
311 | handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\ | |
312 | symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5 | |
1ce2721d TB |
313 | fi |
314 | ;; | |
d151cd28 TB |
315 | dist) |
316 | TARGET=distcheck | |
317 | ;; | |
4e8f5a18 TB |
318 | apidoc) |
319 | DEPS="doxygen" | |
320 | CONFIG="--disable-defaults" | |
321 | TARGET=apidoc | |
322 | ;; | |
d151cd28 TB |
323 | *) |
324 | echo "$0: unknown test $TEST" >&2 | |
325 | exit 1 | |
326 | ;; | |
327 | esac | |
328 | ||
60a0bb67 | 329 | if test "$1" = "deps"; then |
e36b1e2e TB |
330 | case "$TRAVIS_OS_NAME" in |
331 | linux) | |
332 | sudo apt-get update -qq && \ | |
333 | sudo apt-get install -qq bison flex gperf gettext $DEPS | |
334 | ;; | |
335 | osx) | |
336 | brew update && \ | |
1806ba08 TB |
337 | # workaround for issue #6352 |
338 | brew uninstall --force libtool && brew install libtool && \ | |
e36b1e2e TB |
339 | brew install $DEPS |
340 | ;; | |
d6949b15 TB |
341 | freebsd) |
342 | pkg install -y automake autoconf libtool pkgconf && \ | |
343 | pkg install -y bison flex gperf gettext $DEPS | |
344 | ;; | |
e36b1e2e | 345 | esac |
60a0bb67 TB |
346 | exit $? |
347 | fi | |
348 | ||
75a84579 | 349 | if test "$1" = "pydeps"; then |
6ccfeeb1 | 350 | test -z "$PYDEPS" || pip -q install --user $PYDEPS |
75a84579 MW |
351 | exit $? |
352 | fi | |
353 | ||
d151cd28 | 354 | CONFIG="$CONFIG |
e36b1e2e | 355 | --disable-dependency-tracking |
d151cd28 TB |
356 | --enable-silent-rules |
357 | --enable-test-vectors | |
358 | --enable-monolithic=${MONOLITHIC-no} | |
359 | --enable-leak-detective=${LEAK_DETECTIVE-no}" | |
360 | ||
e36b1e2e TB |
361 | echo "$ ./autogen.sh" |
362 | ./autogen.sh || exit $? | |
4e8f5a18 TB |
363 | echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG" |
364 | CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $? | |
365 | ||
366 | case "$TEST" in | |
367 | apidoc) | |
368 | exec 2>make.warnings | |
369 | ;; | |
370 | *) | |
371 | ;; | |
372 | esac | |
373 | ||
374 | echo "$ make $TARGET" | |
e2d8833f TB |
375 | case "$TEST" in |
376 | sonarcloud) | |
377 | # without target, coverage is currently not supported anyway because | |
378 | # sonarqube only supports gcov, not lcov | |
379 | build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $? | |
380 | ;; | |
381 | *) | |
382 | make -j4 $TARGET || exit $? | |
383 | ;; | |
384 | esac | |
4e8f5a18 TB |
385 | |
386 | case "$TEST" in | |
387 | apidoc) | |
388 | if test -s make.warnings; then | |
389 | cat make.warnings | |
390 | exit 1 | |
391 | fi | |
f36e3755 | 392 | rm make.warnings |
4e8f5a18 | 393 | ;; |
e2d8833f TB |
394 | sonarcloud) |
395 | sonar-scanner \ | |
396 | -Dsonar.projectKey=strongswan \ | |
397 | -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \ | |
398 | -Dsonar.sources=. \ | |
187ab298 | 399 | -Dsonar.cfamily.threads=2 \ |
e2d8833f | 400 | -Dsonar.cfamily.build-wrapper-output=bw-output || exit $? |
f36e3755 | 401 | rm -r bw-output .scannerwork |
e2d8833f | 402 | ;; |
4e8f5a18 TB |
403 | *) |
404 | ;; | |
405 | esac | |
f36e3755 TB |
406 | |
407 | # ensure there are no unignored build artifacts (or other changes) in the Git repo | |
408 | unclean="$(git status --porcelain)" | |
409 | if test -n "$unclean"; then | |
410 | echo "Unignored build artifacts or other changes:" | |
411 | echo "$unclean" | |
412 | exit 1 | |
413 | fi |