]> git.ipfire.org Git - people/ms/strongswan.git/blob - scripts/test.sh
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
travis: Build botan plugin also in the tests that build everything
[people/ms/strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 build_botan()
5 {
6 # if the leak detective is enabled we have to disable threading support
7 # (used for std::async) as that causes invalid frees somehow, the
8 # locking allocator causes a static leak via the first function that
9 # references it (e.g. crypter or hasher), so we disable that too
10 if test "$LEAK_DETECTIVE" = "yes"; then
11 BOTAN_CONFIG="--without-os-features=threads
12 --disable-modules=locking_allocator"
13 fi
14 # disable some larger modules we don't need for the tests
15 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
16 git clone --depth 1 https://github.com/randombit/botan.git botan &&
17 cd botan &&
18 python ./configure.py $BOTAN_CONFIG &&
19 make -j4 libs >/dev/null &&
20 sudo make install >/dev/null &&
21 sudo ldconfig || exit $?
22 }
23
24 if test -z $TRAVIS_BUILD_DIR; then
25 TRAVIS_BUILD_DIR=$PWD
26 fi
27
28 cd $TRAVIS_BUILD_DIR
29
30 TARGET=check
31
32 DEPS="libgmp-dev"
33
34 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
35
36 case "$TEST" in
37 default)
38 # should be the default, but lets make sure
39 CONFIG="--with-printf-hooks=glibc"
40 ;;
41 openssl)
42 CONFIG="--disable-defaults --enable-pki --enable-openssl"
43 DEPS="libssl-dev"
44 ;;
45 gcrypt)
46 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
47 DEPS="libgcrypt11-dev"
48 ;;
49 botan)
50 CONFIG="--disable-defaults --enable-pki --enable-botan"
51 # we can't use the old package that comes with Ubuntu so we build from
52 # the current master until 2.8.0 is released and then probably switch to
53 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
54 # currently required)
55 DEPS=""
56 if test "$1" = "deps"; then
57 build_botan
58 fi
59 ;;
60 printf-builtin)
61 CONFIG="--with-printf-hooks=builtin"
62 ;;
63 all|coverage|sonarcloud)
64 CONFIG="--enable-all --disable-android-dns --disable-android-log
65 --disable-kernel-pfroute --disable-keychain
66 --disable-lock-profiler --disable-padlock --disable-fuzzing
67 --disable-osx-attr --disable-tkm --disable-uci
68 --disable-systemd --disable-soup --disable-unwind-backtraces
69 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
70 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
71 # Ubuntu 14.04 does provide a too old libtss2-dev
72 CONFIG="$CONFIG --disable-tss-tss2"
73 # Ubuntu 14.04 does not provide libnm
74 CONFIG="$CONFIG --disable-nm"
75 # not enabled on the build server
76 CONFIG="$CONFIG --disable-af-alg"
77 if test "$TEST" != "coverage"; then
78 CONFIG="$CONFIG --disable-coverage"
79 else
80 # not actually required but configure checks for it
81 DEPS="$DEPS lcov"
82 fi
83 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
84 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
85 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev
86 libjson0-dev iptables-dev python-pip libtspi-dev"
87 PYDEPS="pytest"
88 if test "$1" = "deps"; then
89 build_botan
90 fi
91 ;;
92 win*)
93 CONFIG="--disable-defaults --enable-svc --enable-ikev2
94 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
95 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
96 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
97 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
98 --enable-updown --enable-ext-auth --enable-libipsec
99 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
100 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
101 --enable-pki --enable-swanctl --enable-socket-win"
102 # no make check for Windows binaries unless we run on a windows host
103 if test "$APPVEYOR" != "True"; then
104 TARGET=
105 else
106 CONFIG="$CONFIG --enable-openssl"
107 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
108 LDFLAGS="-L/c/OpenSSL-$TEST"
109 export LDFLAGS
110 fi
111 CFLAGS="$CFLAGS -mno-ms-bitfields"
112 DEPS="gcc-mingw-w64-base"
113 case "$TEST" in
114 win64)
115 # headers on 12.04 are too old, so we only build the plugins here
116 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces
117 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
118 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
119 CC="x86_64-w64-mingw32-gcc"
120 # apply patch to MinGW headers
121 if test "$APPVEYOR" != "True" -a -z "$1"; then
122 sudo patch -f -p 4 -d /usr/share/mingw-w64/include < src/libcharon/plugins/kernel_wfp/mingw-w64-4.8.1.diff
123 fi
124 ;;
125 win32)
126 CONFIG="--host=i686-w64-mingw32 $CONFIG"
127 # currently only works on 12.04, so use mingw-w64-dev instead of mingw-w64-i686-dev
128 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-dev $DEPS"
129 CC="i686-w64-mingw32-gcc"
130 ;;
131 esac
132 ;;
133 osx)
134 # this causes a false positive in ip-packet.c since Xcode 8.3
135 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
136 # use the same options as in the Homebrew Formula
137 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
138 --enable-curl --enable-eap-gtc --enable-eap-identity
139 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
140 --enable-kernel-libipsec --enable-kernel-pfkey
141 --enable-kernel-pfroute --enable-nonce --enable-openssl
142 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
143 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
144 --enable-scepclient --enable-socket-default --enable-sshkey
145 --enable-stroke --enable-swanctl --enable-unity --enable-updown
146 --enable-x509 --enable-xauth-generic"
147 DEPS="bison gettext openssl curl"
148 BREW_PREFIX=$(brew --prefix)
149 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
150 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
151 for pkg in openssl curl
152 do
153 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
154 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
155 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
156 done
157 export PKG_CONFIG_PATH
158 export CPPFLAGS
159 export LDFLAGS
160 ;;
161 fuzzing)
162 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
163 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
164 --enable-imc-test --enable-tnccs-20"
165 # don't run any of the unit tests
166 export TESTS_RUNNERS=
167 # prepare corpora
168 if test -z "$1"; then
169 if test -z "$FUZZING_CORPORA"; then
170 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
171 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
172 fi
173 # these are about the same as those on OSS-Fuzz (except for the
174 # symbolize options and strip_path_prefix)
175 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
176 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
177 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
178 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
179 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
180 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
181 fi
182 ;;
183 dist)
184 TARGET=distcheck
185 ;;
186 apidoc)
187 DEPS="doxygen"
188 CONFIG="--disable-defaults"
189 TARGET=apidoc
190 ;;
191 *)
192 echo "$0: unknown test $TEST" >&2
193 exit 1
194 ;;
195 esac
196
197 if test "$1" = "deps"; then
198 case "$TRAVIS_OS_NAME" in
199 linux)
200 sudo apt-get update -qq && \
201 sudo apt-get install -qq bison flex gperf gettext $DEPS
202 ;;
203 osx)
204 brew update && \
205 # workaround for issue #6352
206 brew uninstall --force libtool && brew install libtool && \
207 brew install $DEPS
208 ;;
209 esac
210 exit $?
211 fi
212
213 if test "$1" = "pydeps"; then
214 test -z "$PYDEPS" || pip -q install --user $PYDEPS
215 exit $?
216 fi
217
218 CONFIG="$CONFIG
219 --disable-dependency-tracking
220 --enable-silent-rules
221 --enable-test-vectors
222 --enable-monolithic=${MONOLITHIC-no}
223 --enable-leak-detective=${LEAK_DETECTIVE-no}"
224
225 echo "$ ./autogen.sh"
226 ./autogen.sh || exit $?
227 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
228 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
229
230 case "$TEST" in
231 apidoc)
232 exec 2>make.warnings
233 ;;
234 *)
235 ;;
236 esac
237
238 echo "$ make $TARGET"
239 case "$TEST" in
240 sonarcloud)
241 # without target, coverage is currently not supported anyway because
242 # sonarqube only supports gcov, not lcov
243 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
244 ;;
245 *)
246 make -j4 $TARGET || exit $?
247 ;;
248 esac
249
250 case "$TEST" in
251 apidoc)
252 if test -s make.warnings; then
253 cat make.warnings
254 exit 1
255 fi
256 ;;
257 sonarcloud)
258 sonar-scanner \
259 -Dsonar.projectKey=strongswan \
260 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
261 -Dsonar.sources=. \
262 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
263 ;;
264 *)
265 ;;
266 esac
Michael's strongswan development tree