]>
git.ipfire.org Git - thirdparty/pdns.git/blob - tasks.py
1 from invoke
import task
2 from invoke
.exceptions
import Failure
, UnexpectedExit
9 auth_backend_ip_addr
= os
.getenv('AUTH_BACKEND_IP_ADDR', '127.0.0.1')
11 clang_version
= os
.getenv('CLANG_VERSION', '13')
18 'libssl-dev', # This will install libssl 1.1 on Debian 11 and libssl3 on Debian 12
36 auth_build_deps
= [ # FIXME: perhaps we should be stealing these from the debian (Ubuntu) control file
37 'default-libmysqlclient-dev',
39 'libcurl4-openssl-dev',
73 dnsdist_build_deps
= [
85 dnsdist_xdp_build_deps
= [
89 auth_test_deps
= [ # FIXME: we should be generating some of these from shlibdeps in build
94 'default-jre-headless',
100 '"libboost-serialization1.7[1-9]+"',
105 '"libldap-2.[1-9]+"',
115 '"libyaml-cpp0.[1-9]+"',
147 'texlive-formats-extra',
148 'texlive-latex-extra',
153 c
.sudo('apt-get update')
154 c
.sudo('apt-get -y --allow-downgrades dist-upgrade')
157 def install_clang(c
):
159 install clang and llvm
161 c
.sudo(f
'apt-get -y --no-install-recommends install clang-{clang_version} llvm-{clang_version}')
164 def install_clang_tidy_tools(c
):
165 c
.sudo(f
'apt-get -y --no-install-recommends install clang-tidy-{clang_version} clang-tools-{clang_version} bear python3-yaml')
168 def install_clang_runtime(c
):
169 # this gives us the symbolizer, for symbols in asan/ubsan traces
170 c
.sudo(f
'apt-get -y --no-install-recommends install clang-{clang_version}')
173 def ci_install_rust(c
, repo
):
174 with c
.cd(f
'{repo}/builder-support/helpers/'):
175 c
.run('sudo sh install_rust.sh')
177 def install_libdecaf(c
, product
):
178 c
.run('git clone https://git.code.sf.net/p/ed448goldilocks/code /tmp/libdecaf')
179 with c
.cd('/tmp/libdecaf'):
180 c
.run('git checkout 41f349')
181 c
.run(f
'CC={get_c_compiler()} CXX={get_cxx_compiler()} '
183 '-DCMAKE_INSTALL_PREFIX=/usr/local '
184 '-DCMAKE_INSTALL_LIBDIR=lib '
185 '-DENABLE_STATIC=OFF '
186 '-DENABLE_TESTS=OFF '
187 '-DCMAKE_C_FLAGS="-Wno-sizeof-array-div -Wno-array-parameter" .')
188 c
.run('make -C build')
189 c
.run('sudo make -C build install')
190 c
.sudo(f
'mkdir -p /opt/{product}/libdecaf')
191 c
.sudo(f
'cp /usr/local/lib/libdecaf.so* /opt/{product}/libdecaf/.')
194 def install_doc_deps(c
):
195 c
.sudo('apt-get install -y ' + ' '.join(doc_deps
))
198 def install_doc_deps_pdf(c
):
199 c
.sudo('apt-get install -y ' + ' '.join(doc_deps_pdf
))
202 def install_auth_build_deps(c
):
203 c
.sudo('apt-get install -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ auth_build_deps
))
204 if os
.getenv('DECAF_SUPPORT', 'no') == 'yes':
205 install_libdecaf(c
, 'pdns-auth')
207 def is_coverage_enabled():
208 sanitizers
= os
.getenv('SANITIZERS')
210 sanitizers
= sanitizers
.split('+')
211 if 'tsan' in sanitizers
:
213 return os
.getenv('COVERAGE') == 'yes'
216 return '--enable-coverage=clang' if is_coverage_enabled() else ''
219 def install_coverage_deps(c
):
220 if is_coverage_enabled():
221 c
.sudo(f
'apt-get install -y --no-install-recommends llvm-{clang_version}')
224 def generate_coverage_info(c
, binary
, outputDir
):
225 if is_coverage_enabled():
226 version
= os
.getenv('BUILDER_VERSION')
227 c
.run(f
'llvm-profdata-{clang_version} merge -sparse -o {outputDir}/temp.profdata /tmp/code-*.profraw')
228 c
.run(f
'llvm-cov-{clang_version} export --format=lcov --ignore-filename-regex=\'^/usr/\' -instr-profile={outputDir}/temp.profdata -object {binary} > {outputDir}/coverage.lcov')
229 c
.run(f
'{outputDir}/.github/scripts/normalize_paths_in_coverage.py {outputDir} {version} {outputDir}/coverage.lcov {outputDir}/normalized_coverage.lcov')
230 c
.run(f
'mv {outputDir}/normalized_coverage.lcov {outputDir}/coverage.lcov')
232 def setup_authbind(c
):
233 c
.sudo('touch /etc/authbind/byport/53')
234 c
.sudo('chmod 755 /etc/authbind/byport/53')
236 auth_backend_test_deps
= dict(
237 gsqlite3
=['sqlite3'],
238 gmysql
=['default-libmysqlclient-dev'],
239 gpgsql
=['libpq-dev'],
247 godbc_sqlite3
=['libsqliteodbc'],
248 godbc_mssql
=['freetds-bin','tdsodbc'],
253 @task(help={'backend': 'Backend to install test deps for, e.g. gsqlite3; can be repeated'}, iterable
=['backend'], optional
=['backend'])
254 def install_auth_test_deps(c
, backend
): # FIXME: rename this, we do way more than apt-get
257 extra
.extend(auth_backend_test_deps
[b
])
258 c
.sudo('DEBIAN_FRONTEND=noninteractive apt-get -y install ' + ' '.join(extra
+auth_test_deps
))
260 c
.run('chmod +x /opt/pdns-auth/bin/* /opt/pdns-auth/sbin/*')
261 # c.run('''if [ ! -e $HOME/bin/jdnssec-verifyzone ]; then
262 # wget https://github.com/dblacka/jdnssec-tools/releases/download/0.14/jdnssec-tools-0.14.tar.gz
263 # tar xfz jdnssec-tools-0.14.tar.gz -C $HOME
264 # rm jdnssec-tools-0.14.tar.gz
266 # echo 'export PATH=$HOME/jdnssec-tools-0.14/bin:$PATH' >> $BASH_ENV''') # FIXME: why did this fail with no error?
267 c
.run('touch regression-tests/tests/verify-dnssec-zone/allow-missing regression-tests.nobackend/rectify-axfr/allow-missing') # FIXME: can this go?
268 # FIXME we may want to start a background recursor here to make ALIAS tests more robust
271 if os
.getenv('DECAF_SUPPORT', 'no') == 'yes':
273 c
.sudo('mkdir -p /usr/local/lib')
274 c
.sudo('cp /opt/pdns-auth/libdecaf/libdecaf.so* /usr/local/lib/.')
277 def install_rec_bulk_deps(c
): # FIXME: rename this, we do way more than apt-get
278 c
.sudo('apt-get --no-install-recommends -y install ' + ' '.join(rec_bulk_deps
))
279 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
282 def install_rec_test_deps(c
): # FIXME: rename this, we do way more than apt-get
283 c
.sudo('apt-get --no-install-recommends install -y ' + ' '.join(rec_bulk_deps
) + ' \
284 pdns-server pdns-backend-bind daemontools \
285 jq libfaketime lua-posix lua-socket bc authbind \
286 python3-venv python3-dev default-libmysqlclient-dev libpq-dev \
287 protobuf-compiler snmpd prometheus')
289 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
293 c
.run('sed "s/agentxperms 0700 0755 recursor/agentxperms 0777 0755/g" regression-tests.recursor-dnssec/snmpd.conf | sudo tee /etc/snmp/snmpd.conf')
294 c
.sudo('/etc/init.d/snmpd restart')
296 c
.sudo('chmod 755 /var/agentx')
298 @task(optional
=['skipXDP'])
299 def install_dnsdist_test_deps(c
, skipXDP
=False): # FIXME: rename this, we do way more than apt-get
300 deps
= 'libluajit-5.1-2 \
304 libcurl4-openssl-dev \
317 python3-venv snmpd prometheus'
323 c
.sudo(f
'apt-get install -y {deps}')
324 c
.run('sed "s/agentxperms 0700 0755 dnsdist/agentxperms 0777 0755/g" regression-tests.dnsdist/snmpd.conf | sudo tee /etc/snmp/snmpd.conf')
325 c
.sudo('/etc/init.d/snmpd restart')
327 c
.sudo('chmod 755 /var/agentx')
330 def install_rec_build_deps(c
):
331 c
.sudo('apt-get install -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ rec_build_deps
))
333 @task(optional
=['skipXDP'])
334 def install_dnsdist_build_deps(c
, skipXDP
=False):
335 c
.sudo('apt-get install -y --no-install-recommends ' + ' '.join(all_build_deps
+ git_build_deps
+ dnsdist_build_deps
+ (dnsdist_xdp_build_deps
if not skipXDP
else [])))
339 c
.run('autoreconf -vfi')
342 def ci_docs_rec_generate(c
):
343 c
.run('python3 generate.py')
346 def ci_docs_build(c
):
347 c
.run('make -f Makefile.sphinx -C docs html')
350 def ci_docs_build_pdf(c
):
351 c
.run('make -f Makefile.sphinx -C docs latexpdf')
354 def ci_docs_upload_master(c
, docs_host
, pdf
, username
, product
, directory
=""):
355 rsync_cmd
= " ".join([
364 c
.run(f
"{rsync_cmd} --delete ./docs/_build/{product}-html-docs/ {username}@{docs_host}:{directory}")
365 c
.run(f
"{rsync_cmd} ./docs/_build/{product}-html-docs.tar.bz2 {username}@{docs_host}:{directory}/html-docs.tar.bz2")
366 c
.run(f
"{rsync_cmd} ./docs/_build/latex/{pdf} {username}@{docs_host}:{directory}")
369 def ci_docs_add_ssh(c
, ssh_key
, host_key
):
370 c
.run('mkdir -m 700 -p ~/.ssh')
371 c
.run(f
'echo "{ssh_key}" > ~/.ssh/id_ed25519')
372 c
.run('chmod 600 ~/.ssh/id_ed25519')
373 c
.run(f
'echo "{host_key}" > ~/.ssh/known_hosts')
376 def get_sanitizers():
377 sanitizers
= os
.getenv('SANITIZERS', '')
379 sanitizers
= sanitizers
.split('+')
380 sanitizers
= ['--enable-' + sanitizer
for sanitizer
in sanitizers
]
381 sanitizers
= ' '.join(sanitizers
)
384 def get_unit_tests(auth
=False):
385 if os
.getenv('UNIT_TESTS') != 'yes':
387 return '--enable-unit-tests --enable-backend-unit-tests' if auth
else '--enable-unit-tests'
389 def get_build_concurrency(default
=8):
390 return os
.getenv('CONCURRENCY', default
)
392 def get_fuzzing_targets():
393 return '--enable-fuzz-targets' if os
.getenv('FUZZING_TARGETS') == 'yes' else ''
395 def is_compiler_clang():
396 compiler
= os
.getenv('COMPILER', 'clang')
397 return compiler
== 'clang'
399 def get_c_compiler():
400 return f
'clang-{clang_version}' if is_compiler_clang() else 'gcc'
402 def get_cxx_compiler():
403 return f
'clang++-{clang_version}' if is_compiler_clang() else 'g++'
405 def get_optimizations():
406 optimizations
= os
.getenv('OPTIMIZATIONS', 'yes')
407 return '-O1' if optimizations
== 'yes' else '-O0'
415 "-Werror=format-security",
416 "-fstack-clash-protection",
417 "-fstack-protector-strong",
418 "-fcf-protection=full",
419 "-Werror=string-plus-int" if is_compiler_clang() else '',
426 "-Wp,-D_GLIBCXX_ASSERTIONS",
430 def get_base_configure_cmd(additional_c_flags
='', additional_cxx_flags
='', enable_systemd
=True, enable_sodium
=True):
431 cflags
= " ".join([get_cflags(), additional_c_flags
])
432 cxxflags
= " ".join([get_cxxflags(), additional_cxx_flags
])
434 f
'CFLAGS="{cflags}"',
435 f
'CXXFLAGS="{cxxflags}"',
437 f
"CC='{get_c_compiler()}'",
438 f
"CXX='{get_cxx_compiler()}'",
439 "--enable-option-checking=fatal",
440 "--enable-systemd" if enable_systemd
else '',
441 "--with-libsodium" if enable_sodium
else '',
442 "--enable-fortify-source=auto",
443 "--enable-auto-var-init=pattern",
450 def ci_auth_configure(c
):
451 unittests
= get_unit_tests(True)
452 fuzz_targets
= get_fuzzing_targets()
467 configure_cmd
= " ".join([
468 get_base_configure_cmd(),
469 "LDFLAGS='-L/usr/local/lib -Wl,-rpath,/usr/local/lib'",
470 f
"--with-modules='{modules}'",
472 "--enable-dns-over-tls",
473 "--enable-experimental-pkcs11",
474 "--enable-experimental-gss-tsig",
475 "--enable-remotebackend-zeromq",
476 "--enable-verbose-logging",
478 "--with-libdecaf" if os
.getenv('DECAF_SUPPORT', 'no') == 'yes' else '',
479 "--prefix=/opt/pdns-auth",
484 res
= c
.run(configure_cmd
, warn
=True)
486 c
.run('cat config.log')
487 raise UnexpectedExit(res
)
491 def ci_rec_configure(c
, features
):
492 unittests
= get_unit_tests()
494 if features
== 'full':
495 configure_cmd
= " ".join([
496 get_base_configure_cmd(),
497 "--prefix=/opt/pdns-recursor",
498 "--enable-option-checking",
499 "--enable-verbose-logging",
500 "--enable-dns-over-tls",
508 configure_cmd
= " ".join([
509 get_base_configure_cmd(),
510 "--prefix=/opt/pdns-recursor",
511 "--enable-option-checking",
512 "--enable-verbose-logging",
513 "--disable-dns-over-tls",
520 "--without-libdecaf",
521 "--without-libsodium",
522 "--without-net-snmp",
525 res
= c
.run(configure_cmd
, warn
=True)
527 c
.run('cat config.log')
528 raise UnexpectedExit(res
)
532 def ci_dnsdist_configure(c
, features
):
533 additional_flags
= ''
534 if features
== 'full':
535 features_set
= '--enable-dnstap \
537 --enable-dns-over-tls \
538 --enable-dns-over-https \
539 --enable-dns-over-quic \
540 --enable-dns-over-http3 \
542 --prefix=/opt/dnsdist \
552 features_set
= '--disable-dnstap \
561 --without-libsodium \
566 additional_flags
= '-DDISABLE_COMPLETION \
567 -DDISABLE_DELAY_PIPE \
568 -DDISABLE_DYNBLOCKS \
569 -DDISABLE_PROMETHEUS \
571 -DDISABLE_BUILTIN_HTML \
574 -DDISABLE_DEPRECATED_DYNBLOCK \
575 -DDISABLE_LUA_WEB_HANDLERS \
576 -DDISABLE_NON_FFI_DQ_BINDINGS \
577 -DDISABLE_POLICIES_BINDINGS \
578 -DDISABLE_PACKETCACHE_BINDINGS \
579 -DDISABLE_DOWNSTREAM_BINDINGS \
580 -DDISABLE_COMBO_ADDR_BINDINGS \
581 -DDISABLE_CLIENT_STATE_BINDINGS \
582 -DDISABLE_QPS_LIMITER_BINDINGS \
583 -DDISABLE_SUFFIX_MATCH_BINDINGS \
584 -DDISABLE_NETMASK_BINDINGS \
585 -DDISABLE_DNSNAME_BINDINGS \
586 -DDISABLE_DNSHEADER_BINDINGS \
588 -DDISABLE_WEB_CACHE_MANAGEMENT \
589 -DDISABLE_WEB_CONFIG \
590 -DDISABLE_RULES_ALTERING_QUERIES \
591 -DDISABLE_ECS_ACTIONS \
592 -DDISABLE_TOP_N_BINDINGS \
593 -DDISABLE_OCSP_STAPLING \
594 -DDISABLE_HASHED_CREDENTIALS \
595 -DDISABLE_FALSE_SHARING_PADDING \
597 unittests
= get_unit_tests()
598 fuzztargets
= get_fuzzing_targets()
599 tools
= f
'''AR=llvm-ar-{clang_version} RANLIB=llvm-ranlib-{clang_version}''' if is_compiler_clang() else ''
600 configure_cmd
= " ".join([
602 get_base_configure_cmd(additional_c_flags
='', additional_cxx_flags
=additional_flags
, enable_systemd
=False, enable_sodium
=False),
607 '--prefix=/opt/dnsdist'
610 res
= c
.run(configure_cmd
, warn
=True)
612 c
.run('cat config.log')
613 raise UnexpectedExit(res
)
617 c
.run(f
'make -j{get_build_concurrency()} -k V=1')
620 def ci_auth_make_bear(c
):
621 c
.run(f
'bear --append -- make -j{get_build_concurrency()} -k V=1')
625 c
.run(f
'make -j{get_build_concurrency()} -k V=1')
628 def ci_rec_make_bear(c
):
629 # Assumed to be running under ./pdns/recursordist/
630 c
.run(f
'bear --append -- make -j{get_build_concurrency()} -k V=1')
633 def ci_dnsdist_make(c
):
634 c
.run(f
'make -j{get_build_concurrency(4)} -k V=1')
637 def ci_dnsdist_make_bear(c
):
638 # Assumed to be running under ./pdns/dnsdistdist/
639 c
.run(f
'bear --append -- make -j{get_build_concurrency(4)} -k V=1')
642 def ci_auth_install_remotebackend_test_deps(c
):
643 c
.sudo('apt-get install -y socat')
646 def ci_auth_run_unit_tests(c
):
647 res
= c
.run('make check', warn
=True)
649 c
.run('cat pdns/test-suite.log', warn
=True)
650 c
.run('more modules/remotebackend/*.log', warn
=True)
651 raise UnexpectedExit(res
)
654 def ci_rec_run_unit_tests(c
):
655 res
= c
.run('make check', warn
=True)
657 c
.run('cat test-suite.log')
658 raise UnexpectedExit(res
)
661 def ci_dnsdist_run_unit_tests(c
):
662 res
= c
.run('make check', warn
=True)
664 c
.run('cat test-suite.log')
665 raise UnexpectedExit(res
)
668 def ci_make_distdir(c
):
669 res
= c
.run('make distdir')
672 def ci_make_install(c
):
673 res
= c
.run('make install') # FIXME: this builds auth docs - again
676 def add_auth_repo(c
, dist_name
, dist_release_name
, pdns_repo_version
):
677 c
.sudo('apt-get install -y curl gnupg2')
678 if pdns_repo_version
== 'master':
679 c
.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/CBC8B383-pub.asc')
681 c
.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/FD380FBB-pub.asc')
682 c
.run(f
"echo 'deb [arch=amd64] http://repo.powerdns.com/{dist_name} {dist_release_name}-auth-{pdns_repo_version} main' | sudo tee /etc/apt/sources.list.d/pdns.list")
683 c
.run("echo 'Package: pdns-*' | sudo tee /etc/apt/preferences.d/pdns")
684 c
.run("echo 'Pin: origin repo.powerdns.com' | sudo tee -a /etc/apt/preferences.d/pdns")
685 c
.run("echo 'Pin-Priority: 600' | sudo tee -a /etc/apt/preferences.d/pdns")
686 c
.sudo('apt-get update')
689 def test_api(c
, product
, backend
=''):
690 if product
== 'recursor':
691 with c
.cd('regression-tests.api'):
692 c
.run(f
'PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor ./runtests recursor {backend}')
693 elif product
== 'auth':
694 with c
.cd('regression-tests.api'):
695 c
.run(f
'PDNSSERVER=/opt/pdns-auth/sbin/pdns_server PDNSUTIL=/opt/pdns-auth/bin/pdnsutil SDIG=/opt/pdns-auth/bin/sdig MYSQL_HOST={auth_backend_ip_addr} PGHOST={auth_backend_ip_addr} PGPORT=5432 ./runtests authoritative {backend}')
697 raise Failure('unknown product')
699 backend_regress_tests
= dict(
703 'bind-dnssec-nsec3-both',
704 'bind-dnssec-nsec3-optout-both',
705 'bind-dnssec-nsec3-narrow',
712 lua2
= ['lua2', 'lua2-dnssec'],
713 tinydns
= ['tinydns'],
715 'remotebackend-pipe',
716 'remotebackend-unix',
717 'remotebackend-http',
718 'remotebackend-zeromq',
719 'remotebackend-pipe-dnssec',
720 'remotebackend-unix-dnssec',
721 'remotebackend-http-dnssec',
722 'remotebackend-zeromq-dnssec'
725 'lmdb-nodnssec-both',
728 'lmdb-nsec3-optout-both',
733 'gmysql-nodnssec-both',
735 'gmysql-nsec3-optout-both',
736 'gmysql-nsec3-narrow',
741 'gpgsql-nodnssec-both',
743 'gpgsql-nsec3-optout-both',
744 'gpgsql-nsec3-narrow',
749 'gsqlite3-nodnssec-both',
750 'gsqlite3-nsec3-both',
751 'gsqlite3-nsec3-optout-both',
752 'gsqlite3-nsec3-narrow'
754 godbc_sqlite3
= ['godbc_sqlite3-nodnssec'],
757 'godbc_mssql-nodnssec',
759 'godbc_mssql-nsec3-optout',
760 'godbc_mssql-nsec3-narrow'
767 geoip_mmdb
= ['geoip'],
770 godbc_mssql_credentials
= {"username": "sa", "password": "SAsa12%%-not-a-secret-password"}
776 Server={auth_backend_ip_addr}
781 [pdns-mssql-docker-nodb]
784 Server={auth_backend_ip_addr}
790 Database = pdns.sqlite3
794 Database = pdns.sqlite32
797 def setup_godbc_mssql(c
):
798 with
open(os
.path
.expanduser("~/.odbc.ini"), "a") as f
:
799 f
.write(godbc_config
)
800 c
.sudo('sh -c \'echo "Threading=1" | cat /usr/share/tdsodbc/odbcinst.ini - | tee -a /etc/odbcinst.ini\'')
801 c
.sudo('sed -i "s/libtdsodbc.so/\/usr\/lib\/x86_64-linux-gnu\/odbc\/libtdsodbc.so/g" /etc/odbcinst.ini')
802 c
.run(f
'echo "create database pdns" | isql -v pdns-mssql-docker-nodb {godbc_mssql_credentials["username"]} {godbc_mssql_credentials["password"]}')
803 # FIXME: Skip 8bit-txt-unescaped test
804 c
.run('touch ${PWD}/regression-tests/tests/8bit-txt-unescaped/skip')
806 def setup_godbc_sqlite3(c
):
807 with
open(os
.path
.expanduser("~/.odbc.ini"), "a") as f
:
808 f
.write(godbc_config
)
809 c
.sudo('sed -i "s/libsqlite3odbc.so/\/usr\/lib\/x86_64-linux-gnu\/odbc\/libsqlite3odbc.so/g" /etc/odbcinst.ini')
811 def setup_ldap_client(c
):
812 c
.sudo('DEBIAN_FRONTEND=noninteractive apt-get install -y ldap-utils')
813 c
.sudo(f
'sh -c \'echo "{auth_backend_ip_addr} ldapserver" | tee -a /etc/hosts\'')
815 def setup_softhsm(c
):
816 # Modify the location of the softhsm tokens and configuration directory.
817 # Enables token generation by non-root users (runner)
818 c
.run('mkdir -p /opt/pdns-auth/softhsm/tokens')
819 c
.run('echo "directories.tokendir = /opt/pdns-auth/softhsm/tokens" > /opt/pdns-auth/softhsm/softhsm2.conf')
822 def test_auth_backend(c
, backend
):
823 pdns_auth_env_vars
= f
'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST={auth_backend_ip_addr} GMYSQL2HOST={auth_backend_ip_addr} MYSQL_HOST={auth_backend_ip_addr} PGHOST={auth_backend_ip_addr} PGPORT=5432'
825 if backend
== 'remote':
826 ci_auth_install_remotebackend_test_deps(c
)
828 if backend
== 'authpy':
829 c
.sudo(f
'sh -c \'echo "{auth_backend_ip_addr} kerberos-server" | tee -a /etc/hosts\'')
830 with c
.cd('regression-tests.auth-py'):
831 c
.run(f
'{pdns_auth_env_vars} WITHKERBEROS=YES ./runtests')
834 if backend
== 'bind':
836 with c
.cd('regression-tests'):
837 for variant
in backend_regress_tests
[backend
]:
838 c
.run(f
'{pdns_auth_env_vars} SOFTHSM2_CONF=/opt/pdns-auth/softhsm/softhsm2.conf ./start-test-stop 5300 {variant}')
841 if backend
== 'godbc_sqlite3':
842 setup_godbc_sqlite3(c
)
843 with c
.cd('regression-tests'):
844 for variant
in backend_regress_tests
[backend
]:
845 c
.run(f
'{pdns_auth_env_vars} GODBC_SQLITE3_DSN=pdns-sqlite3-1 ./start-test-stop 5300 {variant}')
848 if backend
== 'godbc_mssql':
850 with c
.cd('regression-tests'):
851 for variant
in backend_regress_tests
[backend
]:
852 c
.run(f
'{pdns_auth_env_vars} GODBC_MSSQL_PASSWORD={godbc_mssql_credentials["password"]} GODBC_MSSQL_USERNAME={godbc_mssql_credentials["username"]} GODBC_MSSQL_DSN=pdns-mssql-docker GODBC_MSSQL2_PASSWORD={godbc_mssql_credentials["password"]} GODBC_MSSQL2_USERNAME={godbc_mssql_credentials["username"]} GODBC_MSSQL2_DSN=pdns-mssql-docker ./start-test-stop 5300 {variant}')
855 if backend
== 'ldap':
858 if backend
== 'geoip_mmdb':
859 with c
.cd('regression-tests'):
860 for variant
in backend_regress_tests
[backend
]:
861 c
.run(f
'{pdns_auth_env_vars} geoipdatabase=../modules/geoipbackend/regression-tests/GeoLiteCity.mmdb ./start-test-stop 5300 {variant}')
864 with c
.cd('regression-tests'):
865 if backend
== 'lua2':
866 c
.run('touch trustedkeys') # avoid silly error during cleanup
867 for variant
in backend_regress_tests
[backend
]:
868 c
.run(f
'{pdns_auth_env_vars} ./start-test-stop 5300 {variant}')
870 if backend
== 'gsqlite3':
871 if os
.getenv('SKIP_IPV6_TESTS'):
872 pdns_auth_env_vars
+= ' context=noipv6'
873 with c
.cd('regression-tests.nobackend'):
874 c
.run(f
'{pdns_auth_env_vars} ./runtests')
875 c
.run('/opt/pdns-auth/bin/pdnsutil test-algorithms')
879 def test_ixfrdist(c
):
880 with c
.cd('regression-tests.ixfrdist'):
881 c
.run('IXFRDISTBIN=/opt/pdns-auth/bin/ixfrdist ./runtests')
885 c
.run('chmod +x /opt/dnsdist/bin/*')
886 c
.run('ls -ald /var /var/agentx /var/agentx/master')
887 c
.run('ls -al /var/agentx/master')
888 with c
.cd('regression-tests.dnsdist'):
889 c
.run('DNSDISTBIN=/opt/dnsdist/bin/dnsdist LD_LIBRARY_PATH=/opt/dnsdist/lib/ ENABLE_SUDO_TESTS=1 ./runtests')
892 def test_regression_recursor(c
):
893 c
.run('/opt/pdns-recursor/sbin/pdns_recursor --version')
894 c
.run('PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control ./build-scripts/test-recursor')
897 def test_bulk_recursor(c
, threads
, mthreads
, shards
):
898 # We run an extremely small version of the bulk test, as GH does not seem to be able to handle the UDP load
899 with c
.cd('regression-tests'):
900 c
.run('curl -LO http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip')
901 c
.run('unzip top-1m.csv.zip -d .')
902 c
.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
903 c
.run(f
'DNSBULKTEST=/usr/bin/dnsbulktest RECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control THRESHOLD=95 TRACE=no ./recursor-test 5300 100 {threads} {mthreads} {shards}')
906 def install_swagger_tools(c
):
907 c
.run('npm install -g api-spec-converter')
910 def swagger_syntax_check(c
):
911 c
.run('api-spec-converter docs/http-api/swagger/authoritative-api-swagger.yaml -f swagger_2 -t openapi_3 -s json -c')
914 def install_coverity_tools(c
, project
):
915 token
= os
.getenv('COVERITY_TOKEN')
916 c
.run(f
'curl -s https://scan.coverity.com/download/linux64 --data "token={token}&project={project}" | gunzip | sudo tar xvf /dev/stdin --strip-components=1 --no-same-owner -C /usr/local', hide
=True)
919 def coverity_clang_configure(c
):
920 c
.sudo(f
'/usr/local/bin/cov-configure --template --comptype clangcc --compiler clang++-{clang_version}')
923 def coverity_make(c
):
924 c
.run('/usr/local/bin/cov-build --dir cov-int make -j8 -k')
927 def coverity_tarball(c
, tarball
):
928 c
.run(f
'tar caf {tarball} cov-int')
931 def coverity_upload(c
, email
, project
, tarball
):
932 token
= os
.getenv('COVERITY_TOKEN')
933 c
.run(f
'curl --form token={token} \
934 --form email="{email}" \
935 --form file=@{tarball} \
936 --form version="$(./builder-support/gen-version)" \
937 --form description="master build" \
938 https://scan.coverity.com/builds?project={project}', hide
=True)
941 def ci_build_and_install_quiche(c
, repo
):
942 with
open(f
'{repo}/builder-support/helpers/quiche.json') as quiche_json
:
943 quiche_data
= json
.load(quiche_json
)
944 quiche_version
= quiche_data
['version']
945 quiche_hash
= quiche_data
['SHA256SUM']
947 # we have to pass -L because GitHub will do a redirect, sadly
948 c
.run(f
'curl -L -o quiche-{quiche_version}.tar.gz https://github.com/cloudflare/quiche/archive/{quiche_version}.tar.gz')
949 # Line below should echo two spaces between digest and name
950 c
.run(f
'echo {quiche_hash}" "quiche-{quiche_version}.tar.gz | sha256sum -c -')
951 c
.run(f
'tar xf quiche-{quiche_version}.tar.gz')
952 with c
.cd(f
'quiche-{quiche_version}'):
953 c
.run('cargo build --release --no-default-features --features ffi,boringssl-boring-crate --package quiche')
954 # cannot use c.sudo() inside a cd() context, see https://github.com/pyinvoke/invoke/issues/687
955 c
.run('sudo install -Dm644 quiche/include/quiche.h /usr/include')
956 c
.run('sudo install -Dm644 target/release/libquiche.so /usr/lib')
957 c
.run('install -D target/release/libquiche.so /opt/dnsdist/lib/libquiche.so')
958 c
.run(f
"""sudo install -Dm644 /dev/stdin /usr/lib/pkgconfig/quiche.pc <<PC
961 Description: quiche library
962 URL: https://github.com/cloudflare/quiche
963 Version: {quiche_version}
969 if '/usr/lib/ccache' not in os
.environ
['PATH']:
970 os
.environ
['PATH']='/usr/lib/ccache:'+os
.environ
['PATH']