build_botan()
{
# same revision used in the build recipe of the testing environment
- BOTAN_REV=1872f899716854927ecc68022fac318735be8824
+ BOTAN_REV=2.13.0
BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
+ if test -d "$BOTAN_DIR"; then
+ return
+ fi
+
+ echo "$ build_botan()"
+
# if the leak detective is enabled we have to disable threading support
# (used for std::async) as that causes invalid frees somehow, the
# locking allocator causes a static leak via the first function that
git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
cd $BOTAN_DIR &&
- git checkout $BOTAN_REV &&
+ git checkout -qf $BOTAN_REV &&
python ./configure.py --amalgamation $BOTAN_CONFIG &&
make -j4 libs >/dev/null &&
sudo make install >/dev/null &&
cd -
}
+build_wolfssl()
+{
+ WOLFSSL_REV=v4.3.0-stable
+ WOLFSSL_DIR=$TRAVIS_BUILD_DIR/../wolfssl
+
+ if test -d "$WOLFSSL_DIR"; then
+ return
+ fi
+
+ echo "$ build_wolfssl()"
+
+ WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB"
+ WOLFSSL_CONFIG="--enable-keygen --enable-rsapss --enable-aesccm
+ --enable-aesctr --enable-des3 --enable-camellia
+ --enable-curve25519 --enable-ed25519"
+
+ git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR &&
+ cd $WOLFSSL_DIR &&
+ git checkout -qf $WOLFSSL_REV &&
+ ./autogen.sh &&
+ ./configure C_EXTRA_FLAGS="$WOLFSSL_CFLAGS" $WOLFSSL_CONFIG &&
+ make -j4 >/dev/null &&
+ sudo make install >/dev/null &&
+ sudo ldconfig || exit $?
+ cd -
+}
+
+build_tss2()
+{
+ TSS2_REV=2.3.1
+ TSS2_PKG=tpm2-tss-$TSS2_REV
+ TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG
+ TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz
+
+ if test -d "$TSS2_DIR"; then
+ return
+ fi
+
+ echo "$ build_tss2()"
+
+ # the default version of libgcrypt in Ubuntu 16.04 is too old
+ sudo apt-get update -qq && \
+ sudo apt-get install -qq libgcrypt20-dev &&
+ curl -L $TSS2_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
+ cd $TSS2_DIR &&
+ ./configure --disable-doxygen-doc &&
+ make -j4 >/dev/null &&
+ sudo make install >/dev/null &&
+ sudo ldconfig || exit $?
+ cd -
+}
+
if test -z $TRAVIS_BUILD_DIR; then
TRAVIS_BUILD_DIR=$PWD
fi
# should be the default, but lets make sure
CONFIG="--with-printf-hooks=glibc"
;;
-openssl)
- CONFIG="--disable-defaults --enable-pki --enable-openssl"
+openssl*)
+ CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem"
+ export TESTS_PLUGINS="test-vectors pem openssl!"
DEPS="libssl-dev"
;;
gcrypt)
CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
+ export TESTS_PLUGINS="test-vectors pkcs1 gcrypt!"
DEPS="libgcrypt11-dev"
;;
botan)
- CONFIG="--disable-defaults --enable-pki --enable-botan"
+ CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem"
+ export TESTS_PLUGINS="test-vectors pem botan!"
# we can't use the old package that comes with Ubuntu so we build from
# the current master until 2.8.0 is released and then probably switch to
# that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
build_botan
fi
;;
+wolfssl)
+ CONFIG="--disable-defaults --enable-pki --enable-wolfssl --enable-pem"
+ export TESTS_PLUGINS="test-vectors pem wolfssl!"
+ # build with custom options to enable all the features the plugin supports
+ DEPS=""
+ if test "$1" = "deps"; then
+ build_wolfssl
+ fi
+ ;;
printf-builtin)
CONFIG="--with-printf-hooks=builtin"
;;
--disable-kernel-pfroute --disable-keychain
--disable-lock-profiler --disable-padlock --disable-fuzzing
--disable-osx-attr --disable-tkm --disable-uci
- --disable-systemd --disable-soup --disable-unwind-backtraces
+ --disable-soup --disable-unwind-backtraces
--disable-svc --disable-dbghelp-backtraces --disable-socket-win
--disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
- # Ubuntu 14.04 does provide a too old libtss2-dev
- CONFIG="$CONFIG --disable-tss-tss2"
- # Ubuntu 14.04 does not provide libnm
- CONFIG="$CONFIG --disable-nm"
# not enabled on the build server
CONFIG="$CONFIG --disable-af-alg"
if test "$TEST" != "coverage"; then
fi
DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
- libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev
- libjson0-dev iptables-dev python-pip libtspi-dev"
- PYDEPS="pytest"
+ libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev libnm-dev
+ libjson-c-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
+ PYDEPS="tox"
if test "$1" = "deps"; then
build_botan
+ build_wolfssl
+ build_tss2
fi
;;
win*)
--enable-updown --enable-ext-auth --enable-libipsec
--enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
--enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
- --enable-pki --enable-swanctl --enable-socket-win"
+ --enable-pki --enable-swanctl --enable-socket-win
+ --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
# no make check for Windows binaries unless we run on a windows host
if test "$APPVEYOR" != "True"; then
TARGET=
+ CCACHE=ccache
else
CONFIG="$CONFIG --enable-openssl"
CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
DEPS="gcc-mingw-w64-base"
case "$TEST" in
win64)
- # headers on 12.04 are too old, so we only build the plugins here
- CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces
- --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
+ CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
- CC="x86_64-w64-mingw32-gcc"
- # apply patch to MinGW headers
- if test "$APPVEYOR" != "True" -a -z "$1"; then
- sudo patch -f -p 4 -d /usr/share/mingw-w64/include < src/libcharon/plugins/kernel_wfp/mingw-w64-4.8.1.diff
- fi
+ CC="$CCACHE x86_64-w64-mingw32-gcc"
;;
win32)
CONFIG="--host=i686-w64-mingw32 $CONFIG"
- # currently only works on 12.04, so use mingw-w64-dev instead of mingw-w64-i686-dev
- DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-dev $DEPS"
- CC="i686-w64-mingw32-gcc"
+ DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
+ CC="$CCACHE i686-w64-mingw32-gcc"
;;
esac
;;
export CPPFLAGS
export LDFLAGS
;;
+freebsd)
+ # use the options of the FreeBSD port (including options), except smp,
+ # which requires a patch but is deprecated anyway, only using the builtin
+ # printf hooks
+ CONFIG="--enable-kernel-pfkey --enable-kernel-pfroute --disable-scripts
+ --disable-kernel-netlink --enable-openssl --enable-eap-identity
+ --enable-eap-md5 --enable-eap-tls --enable-eap-mschapv2
+ --enable-eap-peap --enable-eap-ttls --enable-md4 --enable-blowfish
+ --enable-addrblock --enable-whitelist --enable-cmd --enable-curl
+ --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-dynamic
+ --enable-eap-radius --enable-eap-sim --enable-eap-sim-file
+ --enable-gcm --enable-ipseckey --enable-kernel-libipsec
+ --enable-load-tester --enable-ldap --enable-mediation
+ --enable-mysql --enable-sqlite --enable-tpm --enable-unbound
+ --enable-unity --enable-xauth-eap --enable-xauth-pam
+ --with-printf-hooks=builtin --enable-attr-sql --enable-sql"
+ DEPS="gmp openldap-client libxml2 mysql80-client sqlite3 unbound ldns"
+ export GPERF=/usr/local/bin/gperf
+ export LEX=/usr/local/bin/flex
+ ;;
fuzzing)
CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
;;
osx)
brew update && \
- # workaround for issue #6352
- brew uninstall --force libtool && brew install libtool && \
brew install $DEPS
;;
+ freebsd)
+ pkg install -y automake autoconf libtool pkgconf && \
+ pkg install -y bison flex gperf gettext $DEPS
+ ;;
esac
exit $?
fi
echo "$ make $TARGET"
case "$TEST" in
sonarcloud)
+ # there is an issue with the platform detection that causes sonarqube to
+ # fail on bionic with "ERROR: ld.so: object '...libinterceptor-${PLATFORM}.so'
+ # from LD_PRELOAD cannot be preloaded (cannot open shared object file)"
+ # https://jira.sonarsource.com/browse/CPP-2027
+ BW_PATH=$(dirname $(which build-wrapper-linux-x86-64))
+ cp $BW_PATH/libinterceptor-x86_64.so $BW_PATH/libinterceptor-haswell.so
# without target, coverage is currently not supported anyway because
# sonarqube only supports gcov, not lcov
build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
cat make.warnings
exit 1
fi
+ rm make.warnings
;;
sonarcloud)
sonar-scanner \
-Dsonar.projectKey=strongswan \
-Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
-Dsonar.sources=. \
+ -Dsonar.cfamily.threads=2 \
-Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
+ rm -r bw-output .scannerwork
;;
*)
;;
esac
+
+# ensure there are no unignored build artifacts (or other changes) in the Git repo
+unclean="$(git status --porcelain)"
+if test -n "$unclean"; then
+ echo "Unignored build artifacts or other changes:"
+ echo "$unclean"
+ exit 1
+fi