2 # Build script for Travis CI
6 # same revision used in the build recipe of the testing environment
7 BOTAN_REV
=1872f899716854927ecc68022fac318735be8824
8 BOTAN_DIR
=$TRAVIS_BUILD_DIR/..
/botan
10 if test -d "$BOTAN_DIR"; then
14 # if the leak detective is enabled we have to disable threading support
15 # (used for std::async) as that causes invalid frees somehow, the
16 # locking allocator causes a static leak via the first function that
17 # references it (e.g. crypter or hasher), so we disable that too
18 if test "$LEAK_DETECTIVE" = "yes"; then
19 BOTAN_CONFIG
="--without-os-features=threads
20 --disable-modules=locking_allocator"
22 # disable some larger modules we don't need for the tests
23 BOTAN_CONFIG
="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
25 git clone https
://github.com
/randombit
/botan.git
$BOTAN_DIR &&
27 git checkout
-qf $BOTAN_REV &&
28 python .
/configure.py
--amalgamation $BOTAN_CONFIG &&
29 make -j4 libs
>/dev
/null
&&
30 sudo
make install >/dev
/null
&&
31 sudo ldconfig ||
exit $?
38 TSS2_PKG
=tpm2-tss-
$TSS2_REV
39 TSS2_DIR
=$TRAVIS_BUILD_DIR/..
/$TSS2_PKG
40 TSS2_SRC
=https
://github.com
/tpm2-software
/tpm2-tss
/releases
/download
/$TSS2_REV/$TSS2_PKG.
tar.gz
42 if test -d "$TSS2_DIR"; then
46 # the default version of libgcrypt in Ubuntu 14.04 is too old
47 sudo apt-get update
-qq && \
48 sudo apt-get
install -qq libgcrypt20-dev
&&
49 curl
-L $TSS2_SRC |
tar xz
-C $TRAVIS_BUILD_DIR/..
&&
52 sudo
make -j4 install >/dev
/null
&&
53 sudo ldconfig ||
exit $?
57 if test -z $TRAVIS_BUILD_DIR; then
67 CFLAGS
="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
71 # should be the default, but lets make sure
72 CONFIG
="--with-printf-hooks=glibc"
75 CONFIG
="--disable-defaults --enable-pki --enable-openssl"
79 CONFIG
="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
80 DEPS
="libgcrypt11-dev"
83 CONFIG
="--disable-defaults --enable-pki --enable-botan"
84 # we can't use the old package that comes with Ubuntu so we build from
85 # the current master until 2.8.0 is released and then probably switch to
86 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
89 if test "$1" = "deps"; then
94 CONFIG
="--with-printf-hooks=builtin"
96 all|coverage|sonarcloud
)
97 CONFIG
="--enable-all --disable-android-dns --disable-android-log
98 --disable-kernel-pfroute --disable-keychain
99 --disable-lock-profiler --disable-padlock --disable-fuzzing
100 --disable-osx-attr --disable-tkm --disable-uci
101 --disable-systemd --disable-soup --disable-unwind-backtraces
102 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
103 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
104 # Ubuntu 14.04 does not provide libnm
105 CONFIG
="$CONFIG --disable-nm"
106 # not enabled on the build server
107 CONFIG
="$CONFIG --disable-af-alg"
108 if test "$TEST" != "coverage"; then
109 CONFIG
="$CONFIG --disable-coverage"
111 # not actually required but configure checks for it
114 DEPS
="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
115 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
116 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev
117 libjson0-dev iptables-dev python-pip libtspi-dev"
119 if test "$1" = "deps"; then
125 CONFIG
="--disable-defaults --enable-svc --enable-ikev2
126 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
127 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
128 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
129 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
130 --enable-updown --enable-ext-auth --enable-libipsec
131 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
132 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
133 --enable-pki --enable-swanctl --enable-socket-win"
134 # no make check for Windows binaries unless we run on a windows host
135 if test "$APPVEYOR" != "True"; then
138 CONFIG
="$CONFIG --enable-openssl"
139 CFLAGS
="$CFLAGS -I/c/OpenSSL-$TEST/include"
140 LDFLAGS
="-L/c/OpenSSL-$TEST"
143 CFLAGS
="$CFLAGS -mno-ms-bitfields"
144 DEPS
="gcc-mingw-w64-base"
147 # headers on 12.04 are too old, so we only build the plugins here
148 CONFIG
="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces
149 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
150 DEPS
="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
151 CC
="x86_64-w64-mingw32-gcc"
152 # apply patch to MinGW headers
153 if test "$APPVEYOR" != "True" -a -z "$1"; then
154 sudo
patch -f -p 4 -d /usr
/share
/mingw-w64
/include
< src
/libcharon
/plugins
/kernel_wfp
/mingw-w64-4.8
.1.
diff
158 CONFIG
="--host=i686-w64-mingw32 $CONFIG"
159 # currently only works on 12.04, so use mingw-w64-dev instead of mingw-w64-i686-dev
160 DEPS
="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-dev $DEPS"
161 CC
="i686-w64-mingw32-gcc"
166 # this causes a false positive in ip-packet.c since Xcode 8.3
167 CFLAGS
="$CFLAGS -Wno-address-of-packed-member"
168 # use the same options as in the Homebrew Formula
169 CONFIG
="--disable-defaults --enable-charon --enable-cmd --enable-constraints
170 --enable-curl --enable-eap-gtc --enable-eap-identity
171 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
172 --enable-kernel-libipsec --enable-kernel-pfkey
173 --enable-kernel-pfroute --enable-nonce --enable-openssl
174 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
175 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
176 --enable-scepclient --enable-socket-default --enable-sshkey
177 --enable-stroke --enable-swanctl --enable-unity --enable-updown
178 --enable-x509 --enable-xauth-generic"
179 DEPS
="bison gettext openssl curl"
180 BREW_PREFIX
=$
(brew
--prefix)
181 export PATH
=$BREW_PREFIX/opt
/bison
/bin
:$PATH
182 export ACLOCAL_PATH
=$BREW_PREFIX/opt
/gettext
/share
/aclocal
:$ACLOCAL_PATH
183 for pkg
in openssl curl
185 PKG_CONFIG_PATH
=$BREW_PREFIX/opt
/$pkg/lib
/pkgconfig
:$PKG_CONFIG_PATH
186 CPPFLAGS
="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
187 LDFLAGS
="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
189 export PKG_CONFIG_PATH
194 CFLAGS
="$CFLAGS -DNO_CHECK_MEMWIPE"
195 CONFIG
="--enable-fuzzing --enable-static --disable-shared --disable-scripts
196 --enable-imc-test --enable-tnccs-20"
197 # don't run any of the unit tests
198 export TESTS_RUNNERS
=
200 if test -z "$1"; then
201 if test -z "$FUZZING_CORPORA"; then
202 git clone
--depth 1 https
://github.com
/strongswan
/fuzzing-corpora.git fuzzing-corpora
203 export FUZZING_CORPORA
=$TRAVIS_BUILD_DIR/fuzzing-corpora
205 # these are about the same as those on OSS-Fuzz (except for the
206 # symbolize options and strip_path_prefix)
207 export ASAN_OPTIONS
=redzone
=16:handle_sigill
=1:strict_string_check
=1:\
208 allocator_release_to_os_interval_ms
=500:strict_memcmp
=1:detect_container_overflow
=1:\
209 coverage
=0:allocator_may_return_null
=1:use_sigaltstack
=1:detect_stack_use_after_return
=1:\
210 alloc_dealloc_mismatch
=0:detect_leaks
=1:print_scariness
=1:max_uar_stack_size_log
=16:\
211 handle_abort
=1:check_malloc_usable_size
=0:quarantine_size_mb
=10:detect_odr_violation
=0:\
212 symbolize
=1:handle_segv
=1:fast_unwind_on_fatal
=0:external_symbolizer_path
=/usr
/bin
/llvm-symbolizer-3.5
220 CONFIG
="--disable-defaults"
224 echo "$0: unknown test $TEST" >&2
229 if test "$1" = "deps"; then
230 case "$TRAVIS_OS_NAME" in
232 sudo apt-get update
-qq && \
233 sudo apt-get
install -qq bison flex gperf
gettext $DEPS
237 # workaround for issue #6352
238 brew uninstall
--force libtool
&& brew
install libtool
&& \
245 if test "$1" = "pydeps"; then
246 test -z "$PYDEPS" || pip
-q install --user $PYDEPS
251 --disable-dependency-tracking
252 --enable-silent-rules
253 --enable-test-vectors
254 --enable-monolithic=${MONOLITHIC-no}
255 --enable-leak-detective=${LEAK_DETECTIVE-no}"
257 echo "$ ./autogen.sh"
258 .
/autogen.sh ||
exit $?
259 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
260 CC
="$CC" CFLAGS
="$CFLAGS" .
/configure
$CONFIG ||
exit $?
270 echo "$ make $TARGET"
273 # without target, coverage is currently not supported anyway because
274 # sonarqube only supports gcov, not lcov
275 build-wrapper-linux-x86-64
--out-dir bw-output
make -j4 ||
exit $?
278 make -j4 $TARGET ||
exit $?
284 if test -s make.warnings
; then
291 -Dsonar.projectKey
=strongswan \
292 -Dsonar.projectVersion
=$
(git describe
)+${TRAVIS_BUILD_NUMBER} \
294 -Dsonar.cfamily.build-wrapper-output
=bw-output ||
exit $?