2 # Build script for Travis CI
6 # if the leak detective is enabled we have to disable threading support
7 # (used for std::async) as that causes invalid frees somehow, the
8 # locking allocator causes a static leak via the first function that
9 # references it (e.g. crypter or hasher), so we disable that too
10 if test "$LEAK_DETECTIVE" = "yes"; then
11 BOTAN_CONFIG
="--without-os-features=threads
12 --disable-modules=locking_allocator"
14 # disable some larger modules we don't need for the tests
15 BOTAN_CONFIG
="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
16 git clone
--depth 1 https
://github.com
/randombit
/botan.git botan
&&
18 python .
/configure.py
$BOTAN_CONFIG &&
19 make -j4 libs
>/dev
/null
&&
20 sudo
make install >/dev
/null
&&
21 sudo ldconfig ||
exit $?
24 if test -z $TRAVIS_BUILD_DIR; then
34 CFLAGS
="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
38 # should be the default, but lets make sure
39 CONFIG
="--with-printf-hooks=glibc"
42 CONFIG
="--disable-defaults --enable-pki --enable-openssl"
46 CONFIG
="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
47 DEPS
="libgcrypt11-dev"
50 CONFIG
="--disable-defaults --enable-pki --enable-botan"
51 # we can't use the old package that comes with Ubuntu so we build from
52 # the current master until 2.8.0 is released and then probably switch to
53 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
56 if test "$1" = "deps"; then
61 CONFIG
="--with-printf-hooks=builtin"
63 all|coverage|sonarcloud
)
64 CONFIG
="--enable-all --disable-android-dns --disable-android-log
65 --disable-kernel-pfroute --disable-keychain
66 --disable-lock-profiler --disable-padlock --disable-fuzzing
67 --disable-osx-attr --disable-tkm --disable-uci
68 --disable-systemd --disable-soup --disable-unwind-backtraces
69 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
70 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
71 # Ubuntu 14.04 does provide a too old libtss2-dev
72 CONFIG
="$CONFIG --disable-tss-tss2"
73 # Ubuntu 14.04 does not provide libnm
74 CONFIG
="$CONFIG --disable-nm"
75 # not enabled on the build server
76 CONFIG
="$CONFIG --disable-af-alg"
77 if test "$TEST" != "coverage"; then
78 CONFIG
="$CONFIG --disable-coverage"
80 # not actually required but configure checks for it
83 DEPS
="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
84 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
85 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev
86 libjson0-dev iptables-dev python-pip libtspi-dev"
88 if test "$1" = "deps"; then
93 CONFIG
="--disable-defaults --enable-svc --enable-ikev2
94 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
95 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
96 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
97 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
98 --enable-updown --enable-ext-auth --enable-libipsec
99 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
100 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
101 --enable-pki --enable-swanctl --enable-socket-win"
102 # no make check for Windows binaries unless we run on a windows host
103 if test "$APPVEYOR" != "True"; then
106 CONFIG
="$CONFIG --enable-openssl"
107 CFLAGS
="$CFLAGS -I/c/OpenSSL-$TEST/include"
108 LDFLAGS
="-L/c/OpenSSL-$TEST"
111 CFLAGS
="$CFLAGS -mno-ms-bitfields"
112 DEPS
="gcc-mingw-w64-base"
115 # headers on 12.04 are too old, so we only build the plugins here
116 CONFIG
="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces
117 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
118 DEPS
="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
119 CC
="x86_64-w64-mingw32-gcc"
120 # apply patch to MinGW headers
121 if test "$APPVEYOR" != "True" -a -z "$1"; then
122 sudo
patch -f -p 4 -d /usr
/share
/mingw-w64
/include
< src
/libcharon
/plugins
/kernel_wfp
/mingw-w64-4.8
.1.
diff
126 CONFIG
="--host=i686-w64-mingw32 $CONFIG"
127 # currently only works on 12.04, so use mingw-w64-dev instead of mingw-w64-i686-dev
128 DEPS
="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-dev $DEPS"
129 CC
="i686-w64-mingw32-gcc"
134 # this causes a false positive in ip-packet.c since Xcode 8.3
135 CFLAGS
="$CFLAGS -Wno-address-of-packed-member"
136 # use the same options as in the Homebrew Formula
137 CONFIG
="--disable-defaults --enable-charon --enable-cmd --enable-constraints
138 --enable-curl --enable-eap-gtc --enable-eap-identity
139 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
140 --enable-kernel-libipsec --enable-kernel-pfkey
141 --enable-kernel-pfroute --enable-nonce --enable-openssl
142 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
143 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
144 --enable-scepclient --enable-socket-default --enable-sshkey
145 --enable-stroke --enable-swanctl --enable-unity --enable-updown
146 --enable-x509 --enable-xauth-generic"
147 DEPS
="bison gettext openssl curl"
148 BREW_PREFIX
=$
(brew
--prefix)
149 export PATH
=$BREW_PREFIX/opt
/bison
/bin
:$PATH
150 export ACLOCAL_PATH
=$BREW_PREFIX/opt
/gettext
/share
/aclocal
:$ACLOCAL_PATH
151 for pkg
in openssl curl
153 PKG_CONFIG_PATH
=$BREW_PREFIX/opt
/$pkg/lib
/pkgconfig
:$PKG_CONFIG_PATH
154 CPPFLAGS
="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
155 LDFLAGS
="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
157 export PKG_CONFIG_PATH
162 CFLAGS
="$CFLAGS -DNO_CHECK_MEMWIPE"
163 CONFIG
="--enable-fuzzing --enable-static --disable-shared --disable-scripts
164 --enable-imc-test --enable-tnccs-20"
165 # don't run any of the unit tests
166 export TESTS_RUNNERS
=
168 if test -z "$1"; then
169 if test -z "$FUZZING_CORPORA"; then
170 git clone
--depth 1 https
://github.com
/strongswan
/fuzzing-corpora.git fuzzing-corpora
171 export FUZZING_CORPORA
=$TRAVIS_BUILD_DIR/fuzzing-corpora
173 # these are about the same as those on OSS-Fuzz (except for the
174 # symbolize options and strip_path_prefix)
175 export ASAN_OPTIONS
=redzone
=16:handle_sigill
=1:strict_string_check
=1:\
176 allocator_release_to_os_interval_ms
=500:strict_memcmp
=1:detect_container_overflow
=1:\
177 coverage
=0:allocator_may_return_null
=1:use_sigaltstack
=1:detect_stack_use_after_return
=1:\
178 alloc_dealloc_mismatch
=0:detect_leaks
=1:print_scariness
=1:max_uar_stack_size_log
=16:\
179 handle_abort
=1:check_malloc_usable_size
=0:quarantine_size_mb
=10:detect_odr_violation
=0:\
180 symbolize
=1:handle_segv
=1:fast_unwind_on_fatal
=0:external_symbolizer_path
=/usr
/bin
/llvm-symbolizer-3.5
188 CONFIG
="--disable-defaults"
192 echo "$0: unknown test $TEST" >&2
197 if test "$1" = "deps"; then
198 case "$TRAVIS_OS_NAME" in
200 sudo apt-get update
-qq && \
201 sudo apt-get
install -qq bison flex gperf
gettext $DEPS
205 # workaround for issue #6352
206 brew uninstall
--force libtool
&& brew
install libtool
&& \
213 if test "$1" = "pydeps"; then
214 test -z "$PYDEPS" || pip
-q install --user $PYDEPS
219 --disable-dependency-tracking
220 --enable-silent-rules
221 --enable-test-vectors
222 --enable-monolithic=${MONOLITHIC-no}
223 --enable-leak-detective=${LEAK_DETECTIVE-no}"
225 echo "$ ./autogen.sh"
226 .
/autogen.sh ||
exit $?
227 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
228 CC
="$CC" CFLAGS
="$CFLAGS" .
/configure
$CONFIG ||
exit $?
238 echo "$ make $TARGET"
241 # without target, coverage is currently not supported anyway because
242 # sonarqube only supports gcov, not lcov
243 build-wrapper-linux-x86-64
--out-dir bw-output
make -j4 ||
exit $?
246 make -j4 $TARGET ||
exit $?
252 if test -s make.warnings
; then
259 -Dsonar.projectKey
=strongswan \
260 -Dsonar.projectVersion
=$
(git describe
)+${TRAVIS_BUILD_NUMBER} \
262 -Dsonar.cfamily.build-wrapper-output
=bw-output ||
exit $?