]>
Commit | Line | Data |
---|---|---|
d151cd28 TB |
1 | #!/bin/sh |
2 | # Build script for Travis CI | |
3 | ||
e5d52774 TB |
4 | build_botan() |
5 | { | |
1bbb736e | 6 | # same revision used in the build recipe of the testing environment |
f43302dc | 7 | BOTAN_REV=2.10.0 |
24af02b0 TB |
8 | BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan |
9 | ||
d4068a1d TB |
10 | if test -d "$BOTAN_DIR"; then |
11 | return | |
12 | fi | |
13 | ||
2a58030b TB |
14 | echo "$ build_botan()" |
15 | ||
e5d52774 TB |
16 | # if the leak detective is enabled we have to disable threading support |
17 | # (used for std::async) as that causes invalid frees somehow, the | |
18 | # locking allocator causes a static leak via the first function that | |
19 | # references it (e.g. crypter or hasher), so we disable that too | |
20 | if test "$LEAK_DETECTIVE" = "yes"; then | |
21 | BOTAN_CONFIG="--without-os-features=threads | |
22 | --disable-modules=locking_allocator" | |
23 | fi | |
24 | # disable some larger modules we don't need for the tests | |
25 | BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss" | |
1bbb736e TB |
26 | |
27 | git clone https://github.com/randombit/botan.git $BOTAN_DIR && | |
24af02b0 | 28 | cd $BOTAN_DIR && |
bbe72f97 | 29 | git checkout -qf $BOTAN_REV && |
24af02b0 | 30 | python ./configure.py --amalgamation $BOTAN_CONFIG && |
e5d52774 TB |
31 | make -j4 libs >/dev/null && |
32 | sudo make install >/dev/null && | |
33 | sudo ldconfig || exit $? | |
24af02b0 | 34 | cd - |
e5d52774 TB |
35 | } |
36 | ||
d50bb81c TB |
37 | build_wolfssl() |
38 | { | |
39 | WOLFSSL_REV=v4.0.0-stable | |
40 | WOLFSSL_DIR=$TRAVIS_BUILD_DIR/../wolfssl | |
41 | ||
42 | if test -d "$WOLFSSL_DIR"; then | |
43 | return | |
44 | fi | |
45 | ||
46 | echo "$ build_wolfssl()" | |
47 | ||
48 | WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB" | |
49 | WOLFSSL_CONFIG="--enable-keygen --enable-rsapss --enable-aesccm | |
50 | --enable-aesctr --enable-des3 --enable-camellia | |
51 | --enable-curve25519 --enable-ed25519" | |
52 | ||
53 | git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR && | |
54 | cd $WOLFSSL_DIR && | |
55 | git checkout -qf $WOLFSSL_REV && | |
56 | ./autogen.sh && | |
57 | ./configure C_EXTRA_FLAGS="$WOLFSSL_CFLAGS" $WOLFSSL_CONFIG && | |
58 | make -j4 >/dev/null && | |
59 | sudo make install >/dev/null && | |
60 | sudo ldconfig || exit $? | |
61 | cd - | |
62 | } | |
63 | ||
7b46089e TB |
64 | build_tss2() |
65 | { | |
66 | TSS2_REV=2.1.0 | |
67 | TSS2_PKG=tpm2-tss-$TSS2_REV | |
68 | TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG | |
69 | TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz | |
70 | ||
71 | if test -d "$TSS2_DIR"; then | |
72 | return | |
73 | fi | |
74 | ||
2a58030b TB |
75 | echo "$ build_tss2()" |
76 | ||
77 | # the default version of libgcrypt in Ubuntu 16.04 is too old | |
7b46089e TB |
78 | sudo apt-get update -qq && \ |
79 | sudo apt-get install -qq libgcrypt20-dev && | |
80 | curl -L $TSS2_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. && | |
81 | cd $TSS2_DIR && | |
82 | ./configure && | |
248f3491 TB |
83 | make -j4 >/dev/null && |
84 | sudo make install >/dev/null && | |
7b46089e TB |
85 | sudo ldconfig || exit $? |
86 | cd - | |
87 | } | |
88 | ||
2a58030b TB |
89 | build_openssl() |
90 | { | |
6cc0688e | 91 | SSL_REV=1.1.1c |
2a58030b TB |
92 | SSL_PKG=openssl-$SSL_REV |
93 | SSL_DIR=$TRAVIS_BUILD_DIR/../$SSL_PKG | |
94 | SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz | |
95 | SSL_INS=/usr/local/ssl | |
96 | SSL_OPT="shared no-tls no-dtls no-ssl3 no-zlib no-comp no-idea no-psk no-srp | |
91dce6e8 TB |
97 | no-stdio no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128 |
98 | --api=1.1.0" | |
2a58030b TB |
99 | |
100 | if test -d "$SSL_DIR"; then | |
101 | return | |
102 | fi | |
103 | ||
104 | echo "$ build_openssl()" | |
105 | ||
106 | curl -L $SSL_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. && | |
107 | cd $SSL_DIR && | |
108 | ./config --prefix=$SSL_INS --openssldir=$SSL_INS $SSL_OPT && | |
109 | make -j4 >/dev/null && | |
110 | sudo make install_sw >/dev/null && | |
111 | echo $SSL_INS/lib | sudo tee /etc/ld.so.conf.d/openssl-$SSL_REV.conf >/dev/null && | |
112 | sudo ldconfig || exit $? | |
113 | cd - | |
114 | } | |
115 | ||
116 | use_custom_openssl() | |
117 | { | |
118 | CFLAGS="$CFLAGS -I/usr/local/ssl/include" | |
119 | LDFLAGS="$LDFLAGS -L/usr/local/ssl/lib" | |
120 | export LDFLAGS | |
121 | if test "$1" = "deps"; then | |
122 | build_openssl | |
123 | fi | |
124 | } | |
125 | ||
d151cd28 TB |
126 | if test -z $TRAVIS_BUILD_DIR; then |
127 | TRAVIS_BUILD_DIR=$PWD | |
128 | fi | |
129 | ||
130 | cd $TRAVIS_BUILD_DIR | |
131 | ||
132 | TARGET=check | |
133 | ||
60a0bb67 TB |
134 | DEPS="libgmp-dev" |
135 | ||
95e67e8d MW |
136 | CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror" |
137 | ||
d151cd28 TB |
138 | case "$TEST" in |
139 | default) | |
316aa4b4 TB |
140 | # should be the default, but lets make sure |
141 | CONFIG="--with-printf-hooks=glibc" | |
d151cd28 | 142 | ;; |
2a58030b TB |
143 | openssl*) |
144 | CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem" | |
885c05b0 | 145 | export TESTS_PLUGINS="test-vectors pem openssl!" |
60a0bb67 | 146 | DEPS="libssl-dev" |
2a58030b TB |
147 | if test "$TEST" != "openssl-1.0"; then |
148 | DEPS="" | |
149 | use_custom_openssl $1 | |
150 | fi | |
d151cd28 TB |
151 | ;; |
152 | gcrypt) | |
3986c1e3 | 153 | CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1" |
885c05b0 | 154 | export TESTS_PLUGINS="test-vectors pkcs1 gcrypt!" |
60a0bb67 | 155 | DEPS="libgcrypt11-dev" |
d151cd28 | 156 | ;; |
9ee23d5e | 157 | botan) |
4bcc4bac | 158 | CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem" |
885c05b0 | 159 | export TESTS_PLUGINS="test-vectors pem botan!" |
9ee23d5e TB |
160 | # we can't use the old package that comes with Ubuntu so we build from |
161 | # the current master until 2.8.0 is released and then probably switch to | |
162 | # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is | |
163 | # currently required) | |
164 | DEPS="" | |
165 | if test "$1" = "deps"; then | |
e5d52774 | 166 | build_botan |
9ee23d5e TB |
167 | fi |
168 | ;; | |
d50bb81c TB |
169 | wolfssl) |
170 | CONFIG="--disable-defaults --enable-pki --enable-wolfssl --enable-pem" | |
885c05b0 | 171 | export TESTS_PLUGINS="test-vectors pem wolfssl!" |
d50bb81c TB |
172 | # build with custom options to enable all the features the plugin supports |
173 | DEPS="" | |
174 | if test "$1" = "deps"; then | |
175 | build_wolfssl | |
176 | fi | |
177 | ;; | |
316aa4b4 TB |
178 | printf-builtin) |
179 | CONFIG="--with-printf-hooks=builtin" | |
180 | ;; | |
e2d8833f | 181 | all|coverage|sonarcloud) |
d151cd28 | 182 | CONFIG="--enable-all --disable-android-dns --disable-android-log |
66c4735f | 183 | --disable-kernel-pfroute --disable-keychain |
157742be | 184 | --disable-lock-profiler --disable-padlock --disable-fuzzing |
e4fd163a | 185 | --disable-osx-attr --disable-tkm --disable-uci |
cfdab423 | 186 | --disable-soup --disable-unwind-backtraces |
4732e29a | 187 | --disable-svc --disable-dbghelp-backtraces --disable-socket-win |
c572401b | 188 | --disable-kernel-wfp --disable-kernel-iph --disable-winhttp" |
d151cd28 TB |
189 | # not enabled on the build server |
190 | CONFIG="$CONFIG --disable-af-alg" | |
42f7c989 TB |
191 | if test "$TEST" != "coverage"; then |
192 | CONFIG="$CONFIG --disable-coverage" | |
193 | else | |
194 | # not actually required but configure checks for it | |
195 | DEPS="$DEPS lcov" | |
196 | fi | |
60a0bb67 TB |
197 | DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev |
198 | libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev | |
cfdab423 TB |
199 | libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev libnm-dev |
200 | libjson0-dev iptables-dev python-pip libtspi-dev libsystemd-dev" | |
75a84579 | 201 | PYDEPS="pytest" |
e5d52774 TB |
202 | if test "$1" = "deps"; then |
203 | build_botan | |
d50bb81c | 204 | build_wolfssl |
7b46089e | 205 | build_tss2 |
e5d52774 | 206 | fi |
2a58030b | 207 | use_custom_openssl $1 |
d151cd28 | 208 | ;; |
fd372e13 MW |
209 | win*) |
210 | CONFIG="--disable-defaults --enable-svc --enable-ikev2 | |
d930d184 MW |
211 | --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce |
212 | --enable-constraints --enable-revocation --enable-pem --enable-pkcs1 | |
213 | --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert | |
214 | --enable-eap-tnc --enable-eap-ttls --enable-eap-identity | |
1da56773 | 215 | --enable-updown --enable-ext-auth --enable-libipsec |
d930d184 MW |
216 | --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation |
217 | --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc | |
cfdab423 TB |
218 | --enable-pki --enable-swanctl --enable-socket-win |
219 | --enable-kernel-iph --enable-kernel-wfp --enable-winhttp" | |
6eb7dd11 TB |
220 | # no make check for Windows binaries unless we run on a windows host |
221 | if test "$APPVEYOR" != "True"; then | |
222 | TARGET= | |
8a4f1102 | 223 | CCACHE=ccache |
09662628 TB |
224 | else |
225 | CONFIG="$CONFIG --enable-openssl" | |
226 | CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include" | |
227 | LDFLAGS="-L/c/OpenSSL-$TEST" | |
228 | export LDFLAGS | |
6eb7dd11 | 229 | fi |
d930d184 | 230 | CFLAGS="$CFLAGS -mno-ms-bitfields" |
94a69986 | 231 | DEPS="gcc-mingw-w64-base" |
fd372e13 MW |
232 | case "$TEST" in |
233 | win64) | |
cfdab423 | 234 | CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces" |
94a69986 | 235 | DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS" |
8a4f1102 | 236 | CC="$CCACHE x86_64-w64-mingw32-gcc" |
fd372e13 MW |
237 | ;; |
238 | win32) | |
239 | CONFIG="--host=i686-w64-mingw32 $CONFIG" | |
cfdab423 | 240 | DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS" |
8a4f1102 | 241 | CC="$CCACHE i686-w64-mingw32-gcc" |
fd372e13 MW |
242 | ;; |
243 | esac | |
d930d184 | 244 | ;; |
e36b1e2e | 245 | osx) |
fd9edf7f TB |
246 | # this causes a false positive in ip-packet.c since Xcode 8.3 |
247 | CFLAGS="$CFLAGS -Wno-address-of-packed-member" | |
e36b1e2e TB |
248 | # use the same options as in the Homebrew Formula |
249 | CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints | |
250 | --enable-curl --enable-eap-gtc --enable-eap-identity | |
251 | --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2 | |
252 | --enable-kernel-libipsec --enable-kernel-pfkey | |
253 | --enable-kernel-pfroute --enable-nonce --enable-openssl | |
254 | --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1 | |
255 | --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation | |
256 | --enable-scepclient --enable-socket-default --enable-sshkey | |
257 | --enable-stroke --enable-swanctl --enable-unity --enable-updown | |
258 | --enable-x509 --enable-xauth-generic" | |
259 | DEPS="bison gettext openssl curl" | |
260 | BREW_PREFIX=$(brew --prefix) | |
261 | export PATH=$BREW_PREFIX/opt/bison/bin:$PATH | |
262 | export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH | |
263 | for pkg in openssl curl | |
264 | do | |
8486b3b4 | 265 | PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH |
e36b1e2e TB |
266 | CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS" |
267 | LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS" | |
268 | done | |
269 | export PKG_CONFIG_PATH | |
270 | export CPPFLAGS | |
271 | export LDFLAGS | |
272 | ;; | |
1ce2721d TB |
273 | fuzzing) |
274 | CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE" | |
508b3087 | 275 | CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts |
75181f48 | 276 | --enable-imc-test --enable-tnccs-20" |
1ce2721d TB |
277 | # don't run any of the unit tests |
278 | export TESTS_RUNNERS= | |
279 | # prepare corpora | |
280 | if test -z "$1"; then | |
281 | if test -z "$FUZZING_CORPORA"; then | |
282 | git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora | |
283 | export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora | |
284 | fi | |
7421884d TB |
285 | # these are about the same as those on OSS-Fuzz (except for the |
286 | # symbolize options and strip_path_prefix) | |
287 | export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\ | |
288 | allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\ | |
289 | coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\ | |
290 | alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\ | |
291 | handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\ | |
292 | symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5 | |
1ce2721d TB |
293 | fi |
294 | ;; | |
d151cd28 TB |
295 | dist) |
296 | TARGET=distcheck | |
297 | ;; | |
4e8f5a18 TB |
298 | apidoc) |
299 | DEPS="doxygen" | |
300 | CONFIG="--disable-defaults" | |
301 | TARGET=apidoc | |
302 | ;; | |
d151cd28 TB |
303 | *) |
304 | echo "$0: unknown test $TEST" >&2 | |
305 | exit 1 | |
306 | ;; | |
307 | esac | |
308 | ||
60a0bb67 | 309 | if test "$1" = "deps"; then |
e36b1e2e TB |
310 | case "$TRAVIS_OS_NAME" in |
311 | linux) | |
312 | sudo apt-get update -qq && \ | |
313 | sudo apt-get install -qq bison flex gperf gettext $DEPS | |
314 | ;; | |
315 | osx) | |
316 | brew update && \ | |
1806ba08 TB |
317 | # workaround for issue #6352 |
318 | brew uninstall --force libtool && brew install libtool && \ | |
e36b1e2e TB |
319 | brew install $DEPS |
320 | ;; | |
321 | esac | |
60a0bb67 TB |
322 | exit $? |
323 | fi | |
324 | ||
75a84579 | 325 | if test "$1" = "pydeps"; then |
6ccfeeb1 | 326 | test -z "$PYDEPS" || pip -q install --user $PYDEPS |
75a84579 MW |
327 | exit $? |
328 | fi | |
329 | ||
d151cd28 | 330 | CONFIG="$CONFIG |
e36b1e2e | 331 | --disable-dependency-tracking |
d151cd28 TB |
332 | --enable-silent-rules |
333 | --enable-test-vectors | |
334 | --enable-monolithic=${MONOLITHIC-no} | |
335 | --enable-leak-detective=${LEAK_DETECTIVE-no}" | |
336 | ||
e36b1e2e TB |
337 | echo "$ ./autogen.sh" |
338 | ./autogen.sh || exit $? | |
4e8f5a18 TB |
339 | echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG" |
340 | CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $? | |
341 | ||
342 | case "$TEST" in | |
343 | apidoc) | |
344 | exec 2>make.warnings | |
345 | ;; | |
346 | *) | |
347 | ;; | |
348 | esac | |
349 | ||
350 | echo "$ make $TARGET" | |
e2d8833f TB |
351 | case "$TEST" in |
352 | sonarcloud) | |
353 | # without target, coverage is currently not supported anyway because | |
354 | # sonarqube only supports gcov, not lcov | |
355 | build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $? | |
356 | ;; | |
357 | *) | |
358 | make -j4 $TARGET || exit $? | |
359 | ;; | |
360 | esac | |
4e8f5a18 TB |
361 | |
362 | case "$TEST" in | |
363 | apidoc) | |
364 | if test -s make.warnings; then | |
365 | cat make.warnings | |
366 | exit 1 | |
367 | fi | |
f36e3755 | 368 | rm make.warnings |
4e8f5a18 | 369 | ;; |
e2d8833f TB |
370 | sonarcloud) |
371 | sonar-scanner \ | |
372 | -Dsonar.projectKey=strongswan \ | |
373 | -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \ | |
374 | -Dsonar.sources=. \ | |
187ab298 | 375 | -Dsonar.cfamily.threads=2 \ |
e2d8833f | 376 | -Dsonar.cfamily.build-wrapper-output=bw-output || exit $? |
f36e3755 | 377 | rm -r bw-output .scannerwork |
e2d8833f | 378 | ;; |
4e8f5a18 TB |
379 | *) |
380 | ;; | |
381 | esac | |
f36e3755 TB |
382 | |
383 | # ensure there are no unignored build artifacts (or other changes) in the Git repo | |
384 | unclean="$(git status --porcelain)" | |
385 | if test -n "$unclean"; then | |
386 | echo "Unignored build artifacts or other changes:" | |
387 | echo "$unclean" | |
388 | exit 1 | |
389 | fi |