From: Tobias Brunner Date: Fri, 22 Aug 2025 06:14:29 +0000 (+0200) Subject: wip X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Fbotan-test;p=thirdparty%2Fstrongswan.git wip --- diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index e3c3d41328..e126d0ff70 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -23,75 +23,6 @@ jobs: with: concurrent_skipping: 'same_content_newer' - latest: - needs: pre-check - if: ${{ needs.pre-check.outputs.should_skip != 'true' }} - runs-on: ${{ matrix.os || 'ubuntu-latest' }} - strategy: - matrix: - test: [ all, default, printf-builtin ] - compiler: [ gcc, clang ] - leak-detective: [ no, yes ] - monolithic: [ no, yes ] - exclude: - # leaks will show up whether we build monolithic or not - - leak-detective: yes - monolithic: yes - # monolithic builds don't affect the printf-hook implementation - - test: printf-builtin - monolithic: yes - include: - - test: apidoc - - test: coverage - - test: dist - - test: nm - - test: no-dbg - - test: no-dbg - compiler: clang - - test: no-testable-ke - - test: no-testable-ke - compiler: clang - - test: fuzzing - compiler: clang - monolithic: yes - env: - LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }} - MONOLITHIC: ${{ matrix.monolithic || 'no' }} - CC: ${{ matrix.compiler || 'gcc' }} - TEST: ${{ matrix.test }} - steps: - - uses: actions/checkout@v4 - - uses: actions/cache@v4 - with: - path: ~/.cache/ccache - # with regards to ccache, monolithic builds don't differ from regular - # builds and, similarly, builds with leak-detective only differ in two - # files (LD itself and library.c); but different tests build different - # dependencies, so different caches are needed - key: ccache-ubuntu-latest-${{ env.CC }}-${{ matrix.test }}-${{ github.sha }} - restore-keys: | - ccache-ubuntu-latest-${{ env.CC }}-${{ matrix.test }}- - ccache-ubuntu-latest-${{ env.CC }}- - - run: | - sudo apt-get install -qq ccache - echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV - ccache -z - - uses: ./.github/actions/default - - run: ccache -s - - if: ${{ success() && matrix.test == 'coverage' }} - uses: codecov/codecov-action@v4 - with: - disable_search: true - fail_ci_if_error: true - file: coverage/coverage.cleaned.info - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true - - if: ${{ failure() }} - uses: actions/upload-artifact@v4 - with: - name: Logs ${{ github.job }} - path: config.log - retention-days: 5 crypto: needs: pre-check @@ -99,7 +30,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - test: [ botan, wolfssl, openssl, openssl-3, openssl-awslc, gcrypt ] + test: [ botan ] os: [ ubuntu-latest, ubuntu-22.04 ] leak-detective: [ no, yes ] exclude: @@ -148,44 +79,3 @@ jobs: name: Logs ${{ github.job }} path: config.log retention-days: 5 - - older: - needs: pre-check - if: ${{ needs.pre-check.outputs.should_skip != 'true' }} - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ ubuntu-22.04 ] - test: [ all, nm ] - compiler: [ gcc, clang ] - exclude: - - test: nm - compiler: clang - env: - LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }} - CC: ${{ matrix.compiler || 'gcc' }} - TEST: ${{ matrix.test }} - steps: - - uses: actions/checkout@v4 - - uses: actions/cache@v4 - with: - # path is different on newer systems - path: | - ~/.cache/ccache - ~/.ccache - key: ccache-${{ matrix.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.sha }} - restore-keys: | - ccache-${{ matrix.os }}-${{ env.CC }}-${{ matrix.test }}- - ccache-${{ matrix.os }}-${{ env.CC }}- - - run: | - sudo apt-get install -qq ccache - echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV - ccache -z - - uses: ./.github/actions/default - - run: ccache -s - - if: ${{ failure() }} - uses: actions/upload-artifact@v4 - with: - name: Logs ${{ github.job }} - path: config.log - retention-days: 5 diff --git a/scripts/test.sh b/scripts/test.sh index b1a513c699..d6768c9c9f 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -28,7 +28,7 @@ build_botan() git clone https://github.com/randombit/botan.git $BOTAN_DIR && cd $BOTAN_DIR && git checkout -qf $BOTAN_REV && - ./configure.py --amalgamation $BOTAN_CONFIG && + ./configure.py $BOTAN_CONFIG && make -j$(nproc) libs >/dev/null && sudo make install >/dev/null && sudo ldconfig || exit $? @@ -253,10 +253,10 @@ botan) CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem --enable-hmac --enable-x509 --enable-constraints --enable-drbg" export TESTS_PLUGINS="test-vectors botan! pem hmac x509 constraints drbg" DEPS="" - if [ "$LEAK_DETECTIVE" = "yes" ]; then - CONFIG="$CONFIG --enable-bfd-backtraces" - DEPS="$DEPS binutils-dev" - fi + #if [ "$LEAK_DETECTIVE" = "yes" ]; then + # CONFIG="$CONFIG --enable-bfd-backtraces" + # DEPS="$DEPS binutils-dev" + #fi if test "$1" = "build-deps"; then build_botan fi diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 96ed7a8b5a..038cd0a0ce 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -666,7 +666,6 @@ static char *whitelist[] = { "botan_privkey_create", "botan_privkey_load_ecdh", "botan_privkey_load", - "botan_privkey_load.cold", "botan_privkey_load_rsa_pkcs1", "botan_kdf", /* C++ due to Botan */