]> git.ipfire.org Git - thirdparty/pdns.git/blob - tasks.py
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #13142 from rgacogne/fix-channel-warning
[thirdparty/pdns.git] / tasks.py
1 from invoke import task
2 from invoke.exceptions import Failure, UnexpectedExit
3
4 import os
5 import sys
6 import time
7
8 auth_backend_ip_addr = os.getenv('AUTH_BACKEND_IP_ADDR', '127.0.0.1')
9
10 clang_version = os.getenv('CLANG_VERSION', '13')
11
12 all_build_deps = [
13 'ccache',
14 'libboost-all-dev',
15 'libluajit-5.1-dev',
16 'libsodium-dev',
17 'libssl-dev',
18 'libsystemd-dev',
19 'libtool',
20 'make',
21 'pkg-config',
22 'python3-venv',
23 'systemd',
24 ]
25 git_build_deps = [
26 'autoconf',
27 'automake',
28 'bison',
29 'bzip2',
30 'curl',
31 'flex',
32 'git',
33 'ragel'
34 ]
35 auth_build_deps = [ # FIXME: perhaps we should be stealing these from the debian (Ubuntu) control file
36 'default-libmysqlclient-dev',
37 'libcdb-dev',
38 'libcurl4-openssl-dev',
39 'libgeoip-dev',
40 'libkrb5-dev',
41 'libldap2-dev',
42 'liblmdb-dev',
43 'libmaxminddb-dev',
44 'libp11-kit-dev',
45 'libpq-dev',
46 'libsqlite3-dev',
47 'libyaml-cpp-dev',
48 'libzmq3-dev',
49 'ruby-bundler',
50 'ruby-dev',
51 'sqlite3',
52 'unixodbc-dev',
53 'cmake',
54 ]
55 rec_build_deps = [
56 'libcap-dev',
57 'libfstrm-dev',
58 'libsnmp-dev',
59 ]
60 rec_bulk_deps = [
61 'curl',
62 'libboost-all-dev',
63 'libcap2',
64 'libfstrm0',
65 'libluajit-5.1-2',
66 '"libsnmp[1-9]+"',
67 'libsodium23',
68 'libssl1.1',
69 'libsystemd0',
70 'moreutils',
71 'pdns-tools',
72 'unzip',
73 ]
74 dnsdist_build_deps = [
75 'libcap-dev',
76 'libcdb-dev',
77 'libedit-dev',
78 'libfstrm-dev',
79 'libgnutls28-dev',
80 'libh2o-evloop-dev',
81 'liblmdb-dev',
82 'libnghttp2-dev',
83 'libre2-dev',
84 'libsnmp-dev',
85 ]
86 auth_test_deps = [ # FIXME: we should be generating some of these from shlibdeps in build
87 'authbind',
88 'bc',
89 'bind9utils',
90 'curl',
91 'default-jre-headless',
92 'dnsutils',
93 'docker-compose',
94 'faketime',
95 'gawk',
96 'krb5-user',
97 'ldnsutils',
98 '"libboost-serialization1.7[1-9]+"',
99 'libcdb1',
100 'libcurl4',
101 'libgeoip1',
102 'libkrb5-3',
103 'libldap-2.4-2',
104 'liblmdb0',
105 'libluajit-5.1-2',
106 'libmaxminddb0',
107 'libnet-dns-perl',
108 'libp11-kit0',
109 'libpq5',
110 'libsodium23',
111 'libsqlite3-dev',
112 'libssl1.1',
113 'libsystemd0',
114 'libyaml-cpp0.6',
115 'libzmq3-dev',
116 'lmdb-utils',
117 'prometheus',
118 'ruby-bundler',
119 'ruby-dev',
120 'socat',
121 'softhsm2',
122 'unbound-host',
123 'unixodbc',
124 'wget',
125 ]
126 doc_deps = [
127 'autoconf',
128 'automake',
129 'bison',
130 'curl',
131 'flex',
132 'g++',
133 'git',
134 'latexmk',
135 'libboost-all-dev',
136 'libedit-dev',
137 'libluajit-5.1-dev',
138 'libssl-dev',
139 'make',
140 'pkg-config',
141 'python3-venv',
142 'ragel',
143 'rsync',
144 ]
145 doc_deps_pdf = [
146 'texlive-binaries',
147 'texlive-formats-extra',
148 'texlive-latex-extra',
149 ]
150
151 @task
152 def apt_fresh(c):
153 c.sudo('sed -i \'s/azure\.//\' /etc/apt/sources.list')
154 c.sudo('apt-get update')
155 c.sudo('apt-get -y --allow-downgrades dist-upgrade')
156
157 @task
158 def install_clang(c):
159 """
160 install clang and llvm
161 """
162 c.sudo(f'apt-get -y --no-install-recommends install clang-{clang_version} llvm-{clang_version}')
163
164 @task
165 def install_clang_tidy_tools(c):
166 c.sudo(f'apt-get -y --no-install-recommends install clang-tidy-{clang_version} clang-tools-{clang_version} bear python3-yaml')
167
168 @task
169 def install_clang_runtime(c):
170 # this gives us the symbolizer, for symbols in asan/ubsan traces
171 c.sudo(f'apt-get -y --no-install-recommends install clang-{clang_version}')
172
173 def install_libdecaf(c, product):
174 c.run('git clone https://git.code.sf.net/p/ed448goldilocks/code /tmp/libdecaf')
175 with c.cd('/tmp/libdecaf'):
176 c.run('git checkout 41f349')
177 c.run(f'CC=clang-{clang_version} CXX=clang-{clang_version} '
178 'cmake -B build '
179 '-DCMAKE_INSTALL_PREFIX=/usr/local '
180 '-DCMAKE_INSTALL_LIBDIR=lib '
181 '-DENABLE_STATIC=OFF '
182 '-DENABLE_TESTS=OFF '
183 '-DCMAKE_C_FLAGS="-Wno-sizeof-array-div -Wno-array-parameter" .')
184 c.run('make -C build')
185 c.run('sudo make -C build install')
186 c.sudo(f'mkdir -p /opt/{product}/libdecaf')
187 c.sudo(f'cp /usr/local/lib/libdecaf.so* /opt/{product}/libdecaf/.')
188
189 @task
190 def install_doc_deps(c):
191 c.sudo('apt-get install -y ' + ' '.join(doc_deps))
192
193 @task
194 def install_doc_deps_pdf(c):
195 c.sudo('apt-get install -y ' + ' '.join(doc_deps_pdf))
196
197 @task
198 def install_auth_build_deps(c):
199 c.sudo('apt-get install -y --no-install-recommends ' + ' '.join(all_build_deps + git_build_deps + auth_build_deps))
200 install_libdecaf(c, 'pdns-auth')
201
202 def setup_authbind(c):
203 c.sudo('touch /etc/authbind/byport/53')
204 c.sudo('chmod 755 /etc/authbind/byport/53')
205
206 auth_backend_test_deps = dict(
207 gsqlite3=['sqlite3'],
208 gmysql=['default-libmysqlclient-dev'],
209 gpgsql=['libpq-dev'],
210 lmdb=[],
211 remote=[],
212 bind=[],
213 geoip=[],
214 lua2=[],
215 tinydns=[],
216 authpy=[],
217 godbc_sqlite3=['libsqliteodbc'],
218 godbc_mssql=['freetds-bin','tdsodbc'],
219 ldap=[],
220 geoip_mmdb=[]
221 )
222
223 @task(help={'backend': 'Backend to install test deps for, e.g. gsqlite3; can be repeated'}, iterable=['backend'], optional=['backend'])
224 def install_auth_test_deps(c, backend): # FIXME: rename this, we do way more than apt-get
225 extra=[]
226 for b in backend:
227 extra.extend(auth_backend_test_deps[b])
228 c.sudo('DEBIAN_FRONTEND=noninteractive apt-get -y install ' + ' '.join(extra+auth_test_deps))
229
230 c.run('chmod +x /opt/pdns-auth/bin/* /opt/pdns-auth/sbin/*')
231 # c.run('''if [ ! -e $HOME/bin/jdnssec-verifyzone ]; then
232 # wget https://github.com/dblacka/jdnssec-tools/releases/download/0.14/jdnssec-tools-0.14.tar.gz
233 # tar xfz jdnssec-tools-0.14.tar.gz -C $HOME
234 # rm jdnssec-tools-0.14.tar.gz
235 # fi
236 # echo 'export PATH=$HOME/jdnssec-tools-0.14/bin:$PATH' >> $BASH_ENV''') # FIXME: why did this fail with no error?
237 c.run('touch regression-tests/tests/verify-dnssec-zone/allow-missing regression-tests.nobackend/rectify-axfr/allow-missing') # FIXME: can this go?
238 # FIXME we may want to start a background recursor here to make ALIAS tests more robust
239 setup_authbind(c)
240
241 # Copy libdecaf out
242 c.sudo('mkdir -p /usr/local/lib')
243 c.sudo('cp /opt/pdns-auth/libdecaf/libdecaf.so* /usr/local/lib/.')
244
245 @task
246 def install_rec_bulk_deps(c): # FIXME: rename this, we do way more than apt-get
247 c.sudo('apt-get --no-install-recommends -y install ' + ' '.join(rec_bulk_deps))
248 c.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
249
250 @task
251 def install_rec_test_deps(c): # FIXME: rename this, we do way more than apt-get
252 c.sudo('apt-get --no-install-recommends install -y ' + ' '.join(rec_bulk_deps) + ' \
253 pdns-server pdns-backend-bind daemontools \
254 jq libfaketime lua-posix lua-socket bc authbind \
255 python3-venv python3-dev default-libmysqlclient-dev libpq-dev \
256 protobuf-compiler snmpd prometheus')
257
258 c.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
259
260 setup_authbind(c)
261
262 c.run('sed "s/agentxperms 0700 0755 recursor/agentxperms 0777 0755/g" regression-tests.recursor-dnssec/snmpd.conf | sudo tee /etc/snmp/snmpd.conf')
263 c.sudo('/etc/init.d/snmpd restart')
264 time.sleep(5)
265 c.sudo('chmod 755 /var/agentx')
266
267 @task
268 def install_dnsdist_test_deps(c): # FIXME: rename this, we do way more than apt-get
269 c.sudo('apt-get install -y \
270 libluajit-5.1-2 \
271 libboost-all-dev \
272 libcap2 \
273 libcdb1 \
274 libcurl4-openssl-dev \
275 libfstrm0 \
276 libgnutls30 \
277 libh2o-evloop0.13 \
278 liblmdb0 \
279 libnghttp2-14 \
280 "libre2-[1-9]+" \
281 libssl-dev \
282 libsystemd0 \
283 libsodium23 \
284 lua-socket \
285 patch \
286 protobuf-compiler \
287 python3-venv snmpd prometheus')
288 c.run('sed "s/agentxperms 0700 0755 dnsdist/agentxperms 0777 0755/g" regression-tests.dnsdist/snmpd.conf | sudo tee /etc/snmp/snmpd.conf')
289 c.sudo('/etc/init.d/snmpd restart')
290 time.sleep(5)
291 c.sudo('chmod 755 /var/agentx')
292
293 @task
294 def install_rec_build_deps(c):
295 c.sudo('apt-get install -y --no-install-recommends ' + ' '.join(all_build_deps + git_build_deps + rec_build_deps))
296
297 @task
298 def install_dnsdist_build_deps(c):
299 c.sudo('apt-get install -y --no-install-recommends ' + ' '.join(all_build_deps + git_build_deps + dnsdist_build_deps))
300
301 @task
302 def ci_autoconf(c):
303 c.run('BUILDER_VERSION=0.0.0-git1 autoreconf -vfi')
304
305 @task
306 def ci_docs_build(c):
307 c.run('make -f Makefile.sphinx -C docs html')
308
309 @task
310 def ci_docs_build_pdf(c):
311 c.run('make -f Makefile.sphinx -C docs latexpdf')
312
313 @task
314 def ci_docs_upload_master(c, docs_host, pdf, username, product, directory=""):
315 rsync_cmd = " ".join([
316 "rsync",
317 "--checksum",
318 "--recursive",
319 "--verbose",
320 "--no-p",
321 "--chmod=g=rwX",
322 "--exclude '*~'",
323 ])
324 c.run(f"{rsync_cmd} --delete ./docs/_build/{product}-html-docs/ {username}@{docs_host}:{directory}")
325 c.run(f"{rsync_cmd} ./docs/_build/{product}-html-docs.tar.bz2 {username}@{docs_host}:{directory}/html-docs.tar.bz2")
326 c.run(f"{rsync_cmd} ./docs/_build/latex/{pdf} {username}@{docs_host}:{directory}")
327
328 @task
329 def ci_docs_add_ssh(c, ssh_key, host_key):
330 c.run('mkdir -m 700 -p ~/.ssh')
331 c.run(f'echo "{ssh_key}" > ~/.ssh/id_ed25519')
332 c.run('chmod 600 ~/.ssh/id_ed25519')
333 c.run(f'echo "{host_key}" > ~/.ssh/known_hosts')
334
335
336 def get_sanitizers():
337 sanitizers = os.getenv('SANITIZERS')
338 if sanitizers != '':
339 sanitizers = sanitizers.split('+')
340 sanitizers = ['--enable-' + sanitizer for sanitizer in sanitizers]
341 sanitizers = ' '.join(sanitizers)
342 return sanitizers
343
344
345 def get_cflags():
346 return " ".join([
347 "-O1",
348 "-Werror=vla",
349 "-Werror=shadow",
350 "-Wformat=2",
351 "-Werror=format-security",
352 "-Werror=string-plus-int",
353 ])
354
355
356 def get_cxxflags():
357 return " ".join([
358 get_cflags(),
359 "-Wp,-D_GLIBCXX_ASSERTIONS",
360 ])
361
362
363 def get_base_configure_cmd():
364 return " ".join([
365 f'CFLAGS="{get_cflags()}"',
366 f'CXXFLAGS="{get_cxxflags()}"',
367 './configure',
368 f"CC='clang-{clang_version}'",
369 f"CXX='clang++-{clang_version}'",
370 "--enable-option-checking=fatal",
371 "--enable-systemd",
372 "--with-libsodium",
373 "--enable-fortify-source=auto",
374 "--enable-auto-var-init=pattern",
375 ])
376
377
378 @task
379 def ci_auth_configure(c):
380 sanitizers = get_sanitizers()
381
382 unittests = os.getenv('UNIT_TESTS')
383 if unittests == 'yes':
384 unittests = '--enable-unit-tests --enable-backend-unit-tests'
385 else:
386 unittests = ''
387
388 fuzz_targets = os.getenv('FUZZING_TARGETS')
389 fuzz_targets = '--enable-fuzz-targets' if fuzz_targets == 'yes' else ''
390
391 modules = " ".join([
392 "bind",
393 "geoip",
394 "gmysql",
395 "godbc",
396 "gpgsql",
397 "gsqlite3",
398 "ldap",
399 "lmdb",
400 "lua2",
401 "pipe",
402 "remote",
403 "tinydns",
404 ])
405 configure_cmd = " ".join([
406 get_base_configure_cmd(),
407 "LDFLAGS='-L/usr/local/lib -Wl,-rpath,/usr/local/lib'",
408 f"--with-modules='{modules}'",
409 "--enable-tools",
410 "--enable-experimental-pkcs11",
411 "--enable-experimental-gss-tsig",
412 "--enable-remotebackend-zeromq",
413 "--with-lmdb=/usr",
414 "--with-libdecaf",
415 "--prefix=/opt/pdns-auth",
416 "--enable-ixfrdist",
417 sanitizers,
418 unittests,
419 fuzz_targets,
420 ])
421 res = c.run(configure_cmd, warn=True)
422 if res.exited != 0:
423 c.run('cat config.log')
424 raise UnexpectedExit(res)
425
426
427 @task
428 def ci_rec_configure(c):
429 sanitizers = get_sanitizers()
430
431 unittests = os.getenv('UNIT_TESTS')
432 unittests = '--enable-unit-tests' if unittests == 'yes' else ''
433
434 configure_cmd = " ".join([
435 get_base_configure_cmd(),
436 "--enable-nod",
437 "--prefix=/opt/pdns-recursor",
438 "--with-lua=luajit",
439 "--with-libcap",
440 "--with-net-snmp",
441 "--enable-dns-over-tls",
442 sanitizers,
443 unittests,
444 ])
445 res = c.run(configure_cmd, warn=True)
446 if res.exited != 0:
447 c.run('cat config.log')
448 raise UnexpectedExit(res)
449
450
451 @task
452 def ci_dnsdist_configure(c, features):
453 additional_flags = ''
454 if features == 'full':
455 features_set = '--enable-dnstap \
456 --enable-dnscrypt \
457 --enable-dns-over-tls \
458 --enable-dns-over-https \
459 --enable-systemd \
460 --prefix=/opt/dnsdist \
461 --with-gnutls \
462 --with-libsodium \
463 --with-lua=luajit \
464 --with-libcap \
465 --with-net-snmp \
466 --with-nghttp2 \
467 --with-re2 '
468 else:
469 features_set = '--disable-dnstap \
470 --disable-dnscrypt \
471 --disable-ipcipher \
472 --disable-systemd \
473 --without-cdb \
474 --without-ebpf \
475 --without-gnutls \
476 --without-libedit \
477 --without-libsodium \
478 --without-lmdb \
479 --without-net-snmp \
480 --without-nghttp2 \
481 --without-re2 '
482 additional_flags = '-DDISABLE_COMPLETION \
483 -DDISABLE_DELAY_PIPE \
484 -DDISABLE_DYNBLOCKS \
485 -DDISABLE_PROMETHEUS \
486 -DDISABLE_PROTOBUF \
487 -DDISABLE_BUILTIN_HTML \
488 -DDISABLE_CARBON \
489 -DDISABLE_SECPOLL \
490 -DDISABLE_DEPRECATED_DYNBLOCK \
491 -DDISABLE_LUA_WEB_HANDLERS \
492 -DDISABLE_NON_FFI_DQ_BINDINGS \
493 -DDISABLE_POLICIES_BINDINGS \
494 -DDISABLE_PACKETCACHE_BINDINGS \
495 -DDISABLE_DOWNSTREAM_BINDINGS \
496 -DDISABLE_COMBO_ADDR_BINDINGS \
497 -DDISABLE_CLIENT_STATE_BINDINGS \
498 -DDISABLE_QPS_LIMITER_BINDINGS \
499 -DDISABLE_SUFFIX_MATCH_BINDINGS \
500 -DDISABLE_NETMASK_BINDINGS \
501 -DDISABLE_DNSNAME_BINDINGS \
502 -DDISABLE_DNSHEADER_BINDINGS \
503 -DDISABLE_RECVMMSG \
504 -DDISABLE_WEB_CACHE_MANAGEMENT \
505 -DDISABLE_WEB_CONFIG \
506 -DDISABLE_RULES_ALTERING_QUERIES \
507 -DDISABLE_ECS_ACTIONS \
508 -DDISABLE_TOP_N_BINDINGS \
509 -DDISABLE_OCSP_STAPLING \
510 -DDISABLE_HASHED_CREDENTIALS \
511 -DDISABLE_FALSE_SHARING_PADDING \
512 -DDISABLE_NPN'
513 unittests = ' --enable-unit-tests' if os.getenv('UNIT_TESTS') == 'yes' else ''
514 sanitizers = ' '.join('--enable-'+x for x in os.getenv('SANITIZERS').split('+')) if os.getenv('SANITIZERS') != '' else ''
515 cflags = '-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int'
516 cxxflags = cflags + ' -Wp,-D_GLIBCXX_ASSERTIONS ' + additional_flags
517 res = c.run(f'''CFLAGS="%s" \
518 CXXFLAGS="%s" \
519 AR=llvm-ar-{clang_version} \
520 RANLIB=llvm-ranlib-{clang_version} \
521 ./configure \
522 CC='clang-{clang_version}' \
523 CXX='clang++-{clang_version}' \
524 --enable-option-checking=fatal \
525 --enable-fortify-source=auto \
526 --enable-auto-var-init=pattern \
527 --enable-lto=thin \
528 --prefix=/opt/dnsdist %s %s %s''' % (cflags, cxxflags, features_set, sanitizers, unittests), warn=True)
529 if res.exited != 0:
530 c.run('cat config.log')
531 raise UnexpectedExit(res)
532
533 @task
534 def ci_auth_make(c):
535 c.run('make -j8 -k V=1')
536
537 @task
538 def ci_auth_make_bear(c):
539 # Needed for clang-tidy -line-filter vs project structure shenanigans
540 with c.cd('pdns'):
541 c.run('bear --append -- make -j8 -k V=1 -C ..')
542
543 @task
544 def ci_rec_make(c):
545 c.run('make -j8 -k V=1')
546
547 @task
548 def ci_rec_make_bear(c):
549 # Assumed to be running under ./pdns/recursordist/
550 c.run('bear --append -- make -j8 -k V=1')
551
552 @task
553 def ci_dnsdist_make(c):
554 c.run('make -j4 -k V=1')
555
556 @task
557 def ci_dnsdist_make_bear(c):
558 # Assumed to be running under ./pdns/dnsdistdist/
559 c.run('bear --append -- make -j4 -k V=1')
560
561 @task
562 def ci_auth_install_remotebackend_test_deps(c):
563 with c.cd('modules/remotebackend'):
564 # c.run('bundle config set path vendor/bundle')
565 c.run('sudo ruby -S bundle install')
566 c.sudo('apt-get install -y socat')
567
568 @task
569 def ci_auth_run_unit_tests(c):
570 res = c.run('make check', warn=True)
571 if res.exited != 0:
572 c.run('cat pdns/test-suite.log', warn=True)
573 c.run('cat modules/remotebackend/test-suite.log', warn=True)
574 raise UnexpectedExit(res)
575
576 @task
577 def ci_rec_run_unit_tests(c):
578 res = c.run('make check', warn=True)
579 if res.exited != 0:
580 c.run('cat test-suite.log')
581 raise UnexpectedExit(res)
582
583 @task
584 def ci_dnsdist_run_unit_tests(c):
585 res = c.run('make check', warn=True)
586 if res.exited != 0:
587 c.run('cat test-suite.log')
588 raise UnexpectedExit(res)
589
590 @task
591 def ci_make_install(c):
592 res = c.run('make install') # FIXME: this builds auth docs - again
593
594 @task
595 def add_auth_repo(c, dist_name, dist_release_name, pdns_repo_version):
596 c.sudo('apt-get install -y curl gnupg2')
597 if pdns_repo_version == 'master':
598 c.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/CBC8B383-pub.asc')
599 else:
600 c.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/FD380FBB-pub.asc')
601 c.run(f"echo 'deb [arch=amd64] http://repo.powerdns.com/{dist_name} {dist_release_name}-auth-{pdns_repo_version} main' | sudo tee /etc/apt/sources.list.d/pdns.list")
602 c.run("echo 'Package: pdns-*' | sudo tee /etc/apt/preferences.d/pdns")
603 c.run("echo 'Pin: origin repo.powerdns.com' | sudo tee -a /etc/apt/preferences.d/pdns")
604 c.run("echo 'Pin-Priority: 600' | sudo tee -a /etc/apt/preferences.d/pdns")
605 c.sudo('apt-get update')
606
607 @task
608 def test_api(c, product, backend=''):
609 if product == 'recursor':
610 with c.cd('regression-tests.api'):
611 c.run(f'PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor ./runtests recursor {backend}')
612 elif product == 'auth':
613 with c.cd('regression-tests.api'):
614 c.run(f'PDNSSERVER=/opt/pdns-auth/sbin/pdns_server PDNSUTIL=/opt/pdns-auth/bin/pdnsutil SDIG=/opt/pdns-auth/bin/sdig MYSQL_HOST={auth_backend_ip_addr} PGHOST={auth_backend_ip_addr} PGPORT=5432 ./runtests authoritative {backend}')
615 else:
616 raise Failure('unknown product')
617
618 backend_regress_tests = dict(
619 bind = [
620 'bind-both',
621 'bind-dnssec-both',
622 'bind-dnssec-nsec3-both',
623 'bind-dnssec-nsec3-optout-both',
624 'bind-dnssec-nsec3-narrow',
625 # FIXME 'bind-dnssec-pkcs11'
626 ],
627 geoip = [
628 'geoip',
629 'geoip-nsec3-narrow'
630 ],
631 lua2 = ['lua2', 'lua2-dnssec'],
632 tinydns = ['tinydns'],
633 remote = [
634 'remotebackend-pipe',
635 'remotebackend-unix',
636 'remotebackend-http',
637 'remotebackend-zeromq',
638 'remotebackend-pipe-dnssec',
639 'remotebackend-unix-dnssec',
640 'remotebackend-http-dnssec',
641 'remotebackend-zeromq-dnssec'
642 ],
643 lmdb = [
644 'lmdb-nodnssec-both',
645 'lmdb-both',
646 'lmdb-nsec3-both',
647 'lmdb-nsec3-optout-both',
648 'lmdb-nsec3-narrow'
649 ],
650 gmysql = [
651 'gmysql',
652 'gmysql-nodnssec-both',
653 'gmysql-nsec3-both',
654 'gmysql-nsec3-optout-both',
655 'gmysql-nsec3-narrow',
656 'gmysql_sp-both'
657 ],
658 gpgsql = [
659 'gpgsql',
660 'gpgsql-nodnssec-both',
661 'gpgsql-nsec3-both',
662 'gpgsql-nsec3-optout-both',
663 'gpgsql-nsec3-narrow',
664 'gpgsql_sp-both'
665 ],
666 gsqlite3 = [
667 'gsqlite3',
668 'gsqlite3-nodnssec-both',
669 'gsqlite3-nsec3-both',
670 'gsqlite3-nsec3-optout-both',
671 'gsqlite3-nsec3-narrow'
672 ],
673 godbc_sqlite3 = ['godbc_sqlite3-nodnssec'],
674 godbc_mssql = [
675 'godbc_mssql',
676 'godbc_mssql-nodnssec',
677 'godbc_mssql-nsec3',
678 'godbc_mssql-nsec3-optout',
679 'godbc_mssql-nsec3-narrow'
680 ],
681 ldap = [
682 'ldap-tree',
683 'ldap-simple',
684 'ldap-strict'
685 ],
686 geoip_mmdb = ['geoip'],
687 )
688
689 godbc_mssql_credentials = {"username": "sa", "password": "SAsa12%%"}
690
691 godbc_config = f'''
692 [pdns-mssql-docker]
693 Driver=FreeTDS
694 Trace=No
695 Server={auth_backend_ip_addr}
696 Port=1433
697 Database=pdns
698 TDS_Version=7.1
699
700 [pdns-mssql-docker-nodb]
701 Driver=FreeTDS
702 Trace=No
703 Server={auth_backend_ip_addr}
704 Port=1433
705 TDS_Version=7.1
706
707 [pdns-sqlite3-1]
708 Driver = SQLite3
709 Database = pdns.sqlite3
710
711 [pdns-sqlite3-2]
712 Driver = SQLite3
713 Database = pdns.sqlite32
714 '''
715
716 def setup_godbc_mssql(c):
717 with open(os.path.expanduser("~/.odbc.ini"), "a") as f:
718 f.write(godbc_config)
719 c.sudo('sh -c \'echo "Threading=1" | cat /usr/share/tdsodbc/odbcinst.ini - | tee -a /etc/odbcinst.ini\'')
720 c.sudo('sed -i "s/libtdsodbc.so/\/usr\/lib\/x86_64-linux-gnu\/odbc\/libtdsodbc.so/g" /etc/odbcinst.ini')
721 c.run(f'echo "create database pdns" | isql -v pdns-mssql-docker-nodb {godbc_mssql_credentials["username"]} {godbc_mssql_credentials["password"]}')
722 # FIXME: Skip 8bit-txt-unescaped test
723 c.run('touch ${PWD}/regression-tests/tests/8bit-txt-unescaped/skip')
724
725 def setup_godbc_sqlite3(c):
726 with open(os.path.expanduser("~/.odbc.ini"), "a") as f:
727 f.write(godbc_config)
728 c.sudo('sed -i "s/libsqlite3odbc.so/\/usr\/lib\/x86_64-linux-gnu\/odbc\/libsqlite3odbc.so/g" /etc/odbcinst.ini')
729
730 def setup_ldap_client(c):
731 c.sudo('DEBIAN_FRONTEND=noninteractive apt-get install -y ldap-utils')
732 c.sudo(f'sh -c \'echo "{auth_backend_ip_addr} ldapserver" | tee -a /etc/hosts\'')
733
734 @task
735 def test_auth_backend(c, backend):
736 pdns_auth_env_vars = f'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap ZONE2JSON=/opt/pdns-auth/bin/zone2json PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig GMYSQLHOST={auth_backend_ip_addr} GMYSQL2HOST={auth_backend_ip_addr} MYSQL_HOST={auth_backend_ip_addr} PGHOST={auth_backend_ip_addr} PGPORT=5432'
737
738 if backend == 'remote':
739 ci_auth_install_remotebackend_test_deps(c)
740
741 if backend == 'authpy':
742 c.sudo(f'sh -c \'echo "{auth_backend_ip_addr} kerberos-server" | tee -a /etc/hosts\'')
743 with c.cd('regression-tests.auth-py'):
744 c.run(f'{pdns_auth_env_vars} WITHKERBEROS=YES ./runtests')
745 return
746
747 if backend == 'godbc_sqlite3':
748 setup_godbc_sqlite3(c)
749 with c.cd('regression-tests'):
750 for variant in backend_regress_tests[backend]:
751 c.run(f'{pdns_auth_env_vars} GODBC_SQLITE3_DSN=pdns-sqlite3-1 ./start-test-stop 5300 {variant}')
752 return
753
754 if backend == 'godbc_mssql':
755 setup_godbc_mssql(c)
756 with c.cd('regression-tests'):
757 for variant in backend_regress_tests[backend]:
758 c.run(f'{pdns_auth_env_vars} GODBC_MSSQL_PASSWORD={godbc_mssql_credentials["password"]} GODBC_MSSQL_USERNAME={godbc_mssql_credentials["username"]} GODBC_MSSQL_DSN=pdns-mssql-docker GODBC_MSSQL2_PASSWORD={godbc_mssql_credentials["password"]} GODBC_MSSQL2_USERNAME={godbc_mssql_credentials["username"]} GODBC_MSSQL2_DSN=pdns-mssql-docker ./start-test-stop 5300 {variant}')
759 return
760
761 if backend == 'ldap':
762 setup_ldap_client(c)
763
764 if backend == 'geoip_mmdb':
765 with c.cd('regression-tests'):
766 for variant in backend_regress_tests[backend]:
767 c.run(f'{pdns_auth_env_vars} geoipdatabase=../modules/geoipbackend/regression-tests/GeoLiteCity.mmdb ./start-test-stop 5300 {variant}')
768 return
769
770 with c.cd('regression-tests'):
771 if backend == 'lua2':
772 c.run('touch trustedkeys') # avoid silly error during cleanup
773 for variant in backend_regress_tests[backend]:
774 c.run(f'{pdns_auth_env_vars} ./start-test-stop 5300 {variant}')
775
776 if backend == 'gsqlite3':
777 if os.getenv('SKIP_IPV6_TESTS'):
778 pdns_auth_env_vars += ' context=noipv6'
779 with c.cd('regression-tests.nobackend'):
780 c.run(f'{pdns_auth_env_vars} ./runtests')
781 c.run('/opt/pdns-auth/bin/pdnsutil test-algorithms')
782 return
783
784 @task
785 def test_ixfrdist(c):
786 with c.cd('regression-tests.ixfrdist'):
787 c.run('IXFRDISTBIN=/opt/pdns-auth/bin/ixfrdist ./runtests')
788
789 @task
790 def test_dnsdist(c):
791 c.run('chmod +x /opt/dnsdist/bin/*')
792 c.run('ls -ald /var /var/agentx /var/agentx/master')
793 c.run('ls -al /var/agentx/master')
794 with c.cd('regression-tests.dnsdist'):
795 c.run('DNSDISTBIN=/opt/dnsdist/bin/dnsdist ./runtests')
796
797 @task
798 def test_regression_recursor(c):
799 c.run('/opt/pdns-recursor/sbin/pdns_recursor --version')
800 c.run('PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control ./build-scripts/test-recursor')
801
802 @task
803 def test_bulk_recursor(c, threads, mthreads, shards):
804 # We run an extremely small version of the bulk test, as GH does not seem to be able to handle the UDP load
805 with c.cd('regression-tests'):
806 c.run('curl -LO http://s3-us-west-1.amazonaws.com/umbrella-static/top-1m.csv.zip')
807 c.run('unzip top-1m.csv.zip -d .')
808 c.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*')
809 c.run(f'DNSBULKTEST=/usr/bin/dnsbulktest RECURSOR=/opt/pdns-recursor/sbin/pdns_recursor RECCONTROL=/opt/pdns-recursor/bin/rec_control THRESHOLD=95 TRACE=no ./timestamp ./recursor-test 5300 100 {threads} {mthreads} {shards}')
810
811 @task
812 def install_swagger_tools(c):
813 c.run('npm install -g api-spec-converter')
814
815 @task
816 def swagger_syntax_check(c):
817 c.run('api-spec-converter docs/http-api/swagger/authoritative-api-swagger.yaml -f swagger_2 -t openapi_3 -s json -c')
818
819 @task
820 def install_coverity_tools(c, project):
821 token = os.getenv('COVERITY_TOKEN')
822 c.run(f'curl -s https://scan.coverity.com/download/linux64 --data "token={token}&project={project}" | gunzip | sudo tar xvf /dev/stdin --strip-components=1 --no-same-owner -C /usr/local', hide=True)
823
824 @task
825 def coverity_clang_configure(c):
826 c.sudo(f'/usr/local/bin/cov-configure --template --comptype clangcc --compiler clang++-{clang_version}')
827
828 @task
829 def coverity_make(c):
830 c.run('/usr/local/bin/cov-build --dir cov-int make -j8 -k')
831
832 @task
833 def coverity_tarball(c, tarball):
834 c.run(f'tar caf {tarball} cov-int')
835
836 @task
837 def coverity_upload(c, email, project, tarball):
838 token = os.getenv('COVERITY_TOKEN')
839 c.run(f'curl --form token={token} \
840 --form email="{email}" \
841 --form file=@{tarball} \
842 --form version="$(./builder-support/gen-version)" \
843 --form description="master build" \
844 https://scan.coverity.com/builds?project={project}', hide=True)
845
846 # this is run always
847 def setup():
848 if '/usr/lib/ccache' not in os.environ['PATH']:
849 os.environ['PATH']='/usr/lib/ccache:'+os.environ['PATH']
850
851 setup()
Unnamed repository; edit this file 'description' to name the repository.