]>
Commit | Line | Data |
---|---|---|
99bb3530 PD |
1 | from invoke import task |
2 | from invoke.exceptions import Failure, UnexpectedExit | |
3 | ||
7ec6fb65 | 4 | import os |
99bb3530 PD |
5 | import sys |
6 | import time | |
7 | ||
8 | all_build_deps = [ | |
d3cb00f9 | 9 | 'ccache', |
99bb3530 PD |
10 | 'libboost-all-dev', |
11 | 'libluajit-5.1-dev', | |
12 | 'libsodium-dev', | |
13 | 'libssl-dev', | |
14 | 'libsystemd-dev', | |
15 | 'libtool', | |
16 | 'make', | |
17 | 'pkg-config', | |
18 | 'python3-venv', | |
19 | 'systemd', | |
20 | ] | |
21 | git_build_deps = [ | |
22 | 'autoconf', | |
23 | 'automake', | |
24 | 'bison', | |
25 | 'bzip2', | |
26 | 'curl', | |
27 | 'flex', | |
28 | 'git', | |
29 | 'ragel' | |
30 | ] | |
31 | auth_build_deps = [ # FIXME: perhaps we should be stealing these from the debian (Ubuntu) control file | |
32 | 'default-libmysqlclient-dev', | |
33 | 'libcdb-dev', | |
34 | 'libcurl4-openssl-dev', | |
35 | 'libgeoip-dev', | |
36 | 'libkrb5-dev', | |
37 | 'libldap2-dev', | |
38 | 'liblmdb-dev', | |
39 | 'libmaxminddb-dev', | |
40 | 'libp11-kit-dev', | |
41 | 'libpq-dev', | |
42 | 'libsqlite3-dev', | |
43 | 'libyaml-cpp-dev', | |
44 | 'libzmq3-dev', | |
45 | 'ruby-bundler', | |
46 | 'ruby-dev', | |
47 | 'sqlite3', | |
48 | ] | |
49 | rec_build_deps = [ | |
50 | 'libcap-dev', | |
51 | 'libfstrm-dev', | |
52 | 'libsnmp-dev', | |
53 | ] | |
54 | dnsdist_build_deps = [ | |
55 | 'libcap-dev', | |
56 | 'libcdb-dev', | |
57 | 'libedit-dev', | |
58 | 'libfstrm-dev', | |
79e3404d | 59 | 'libgnutls28-dev', |
99bb3530 PD |
60 | 'libh2o-evloop-dev', |
61 | 'liblmdb-dev', | |
62 | 'libre2-dev', | |
63 | 'libsnmp-dev', | |
64 | ] | |
65 | auth_test_deps = [ # FIXME: we should be generating some of these from shlibdeps in build | |
66 | 'authbind', | |
67 | 'bc', | |
68 | 'bind9utils', | |
69 | 'curl', | |
70 | 'default-jre-headless', | |
71 | 'dnsutils', | |
72 | 'gawk', | |
73 | 'ldnsutils', | |
74 | 'libboost-serialization1.71.0', | |
75 | 'libcdb1', | |
76 | 'libcurl4', | |
77 | 'libgeoip1', | |
78 | 'libkrb5-3', | |
79 | 'libldap-2.4-2', | |
80 | 'liblmdb0', | |
81 | 'libluajit-5.1-2', | |
82 | 'libmaxminddb0', | |
83 | 'libnet-dns-perl', | |
84 | 'libp11-kit0', | |
85 | 'libpq5', | |
86 | 'libsodium23', | |
87 | 'libsqlite3-dev', | |
88 | 'libssl1.1', | |
89 | 'libsystemd0', | |
90 | 'libyaml-cpp0.6', | |
91 | 'libzmq3-dev', | |
92 | 'pdns-recursor', | |
0e77de07 PD |
93 | 'ruby-bundler', |
94 | 'ruby-dev', | |
99bb3530 PD |
95 | 'socat', |
96 | 'softhsm2', | |
97 | 'unbound-host', | |
98 | 'unixodbc', | |
99 | 'wget' | |
100 | ] | |
101 | ||
102 | @task | |
103 | def apt_fresh(c): | |
104 | c.sudo('apt-get update') | |
105 | c.sudo('apt-get dist-upgrade') | |
106 | ||
107 | @task | |
108 | def install_clang(c): | |
109 | """ | |
110 | install clang-11 and llvm-11 | |
111 | """ | |
112 | c.sudo('apt-get -qq -y --no-install-recommends install clang-11 llvm-11') | |
113 | ||
114 | @task | |
115 | def install_clang_runtime(c): | |
116 | # this gives us the symbolizer, for symbols in asan/ubsan traces | |
117 | c.sudo('apt-get -qq -y --no-install-recommends install clang-11') | |
118 | ||
119 | @task | |
120 | def install_auth_build_deps(c): | |
121 | c.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps + git_build_deps + auth_build_deps)) | |
122 | ||
123 | def setup_authbind(c): | |
124 | c.sudo('touch /etc/authbind/byport/53') | |
125 | c.sudo('chmod 755 /etc/authbind/byport/53') | |
126 | ||
127 | auth_backend_test_deps = dict( | |
128 | gsqlite3=['sqlite3'], | |
129 | gmysql=['default-libmysqlclient-dev'], | |
130 | gpgsql=['libpq-dev'], | |
0e77de07 PD |
131 | lmdb=[], |
132 | remote=[] | |
99bb3530 PD |
133 | ) |
134 | ||
135 | @task(help={'backend': 'Backend to install test deps for, e.g. gsqlite3; can be repeated'}, iterable=['backend'], optional=['backend']) | |
136 | def install_auth_test_deps(c, backend): # FIXME: rename this, we do way more than apt-get | |
137 | extra=[] | |
138 | for b in backend: | |
139 | extra.extend(auth_backend_test_deps[b]) | |
140 | c.sudo('apt-get -y -qq install ' + ' '.join(extra+auth_test_deps)) | |
141 | ||
142 | c.run('chmod +x /opt/pdns-auth/bin/* /opt/pdns-auth/sbin/*') | |
143 | # c.run('''if [ ! -e $HOME/bin/jdnssec-verifyzone ]; then | |
144 | # wget https://github.com/dblacka/jdnssec-tools/releases/download/0.14/jdnssec-tools-0.14.tar.gz | |
145 | # tar xfz jdnssec-tools-0.14.tar.gz -C $HOME | |
146 | # rm jdnssec-tools-0.14.tar.gz | |
147 | # fi | |
148 | # echo 'export PATH=$HOME/jdnssec-tools-0.14/bin:$PATH' >> $BASH_ENV''') # FIXME: why did this fail with no error? | |
149 | c.run('touch regression-tests/tests/verify-dnssec-zone/allow-missing') # FIXME: can this go? | |
150 | # FIXME we need to start a background recursor here for some tests | |
151 | setup_authbind(c) | |
152 | ||
153 | @task | |
154 | def install_rec_test_deps(c): # FIXME: rename this, we do way more than apt-get | |
155 | c.sudo('apt-get --no-install-recommends install -qq -y authbind python3-venv python3-dev default-libmysqlclient-dev libpq-dev pdns-tools libluajit-5.1-2 \ | |
156 | libboost-all-dev \ | |
157 | libcap2 \ | |
158 | libssl1.1 \ | |
159 | libsystemd0 \ | |
160 | libsodium23 \ | |
161 | libfstrm0 \ | |
162 | libsnmp35') | |
163 | ||
164 | c.run('chmod +x /opt/pdns-recursor/bin/* /opt/pdns-recursor/sbin/*') | |
165 | ||
166 | setup_authbind(c) | |
167 | ||
168 | @task | |
169 | def install_dnsdist_test_deps(c): # FIXME: rename this, we do way more than apt-get | |
170 | c.sudo('apt-get install -qq -y \ | |
171 | libluajit-5.1-2 \ | |
172 | libboost-all-dev \ | |
173 | libcap2 \ | |
174 | libcdb1 \ | |
175 | libcurl4-openssl-dev \ | |
176 | libfstrm0 \ | |
79e3404d | 177 | libgnutls30 \ |
99bb3530 PD |
178 | libh2o-evloop0.13 \ |
179 | liblmdb0 \ | |
180 | libre2-5 \ | |
181 | libssl-dev \ | |
182 | libsystemd0 \ | |
183 | libsodium23 \ | |
184 | patch \ | |
185 | protobuf-compiler \ | |
186 | python3-venv snmpd prometheus') | |
187 | c.run('sed "s/agentxperms 0700 0755 dnsdist/agentxperms 0777 0755/g" regression-tests.dnsdist/snmpd.conf | sudo tee /etc/snmp/snmpd.conf') | |
188 | c.sudo('systemctl restart snmpd') | |
189 | time.sleep(5) | |
190 | c.sudo('chmod 755 /var/agentx') | |
191 | ||
192 | @task | |
193 | def install_rec_build_deps(c): | |
194 | c.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps + git_build_deps + rec_build_deps)) | |
195 | ||
196 | @task | |
197 | def install_dnsdist_build_deps(c): | |
198 | c.sudo('apt-get install -qq -y --no-install-recommends ' + ' '.join(all_build_deps + git_build_deps + dnsdist_build_deps)) | |
199 | ||
200 | @task | |
201 | def ci_autoconf(c): | |
202 | c.run('BUILDER_VERSION=0.0.0-git1 autoreconf -vfi') | |
203 | ||
204 | @task | |
205 | def ci_auth_configure(c): | |
206 | res = c.run('''CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \ | |
207 | CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \ | |
208 | ./configure \ | |
209 | CC='clang-11' \ | |
210 | CXX='clang++-11' \ | |
211 | --enable-option-checking=fatal \ | |
9a205757 | 212 | --with-modules='bind geoip gmysql godbc gpgsql gsqlite3 ldap lmdb lua2 pipe remote tinydns' \ |
99bb3530 PD |
213 | --enable-systemd \ |
214 | --enable-tools \ | |
215 | --enable-unit-tests \ | |
216 | --enable-backend-unit-tests \ | |
217 | --enable-fuzz-targets \ | |
218 | --enable-experimental-pkcs11 \ | |
219 | --enable-remotebackend-zeromq \ | |
220 | --with-lmdb=/usr \ | |
221 | --with-libsodium \ | |
222 | --prefix=/opt/pdns-auth \ | |
223 | --enable-ixfrdist \ | |
224 | --enable-asan \ | |
225 | --enable-ubsan''', warn=True) | |
226 | if res.exited != 0: | |
227 | c.run('cat config.log') | |
228 | raise UnexpectedExit(res) | |
229 | @task | |
230 | def ci_rec_configure(c): | |
231 | res = c.run(''' CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \ | |
232 | CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \ | |
233 | ./configure \ | |
234 | CC='clang-11' \ | |
235 | CXX='clang++-11' \ | |
236 | --enable-option-checking=fatal \ | |
237 | --enable-unit-tests \ | |
238 | --enable-nod \ | |
239 | --enable-systemd \ | |
240 | --prefix=/opt/pdns-recursor \ | |
241 | --with-libsodium \ | |
242 | --with-lua=luajit \ | |
243 | --with-libcap \ | |
244 | --with-net-snmp \ | |
245 | --enable-dns-over-tls \ | |
246 | --enable-asan \ | |
247 | --enable-ubsan''', warn=True) | |
248 | if res.exited != 0: | |
249 | c.run('cat config.log') | |
250 | raise UnexpectedExit(res) | |
251 | ||
252 | @task | |
253 | def ci_dnsdist_configure(c): | |
7ec6fb65 | 254 | sanitizers = ' '.join('--enable-'+x for x in os.getenv('SANITIZERS').split('+')) |
99bb3530 PD |
255 | res = c.run('''CFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int" \ |
256 | CXXFLAGS="-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int -Wp,-D_GLIBCXX_ASSERTIONS" \ | |
257 | ./configure \ | |
258 | CC='clang-11' \ | |
259 | CXX='clang++-11' \ | |
260 | --enable-option-checking=fatal \ | |
261 | --enable-unit-tests \ | |
262 | --enable-dnstap \ | |
263 | --enable-dnscrypt \ | |
264 | --enable-dns-over-tls \ | |
265 | --enable-dns-over-https \ | |
266 | --enable-systemd \ | |
267 | --prefix=/opt/dnsdist \ | |
79e3404d | 268 | --with-gnutls \ |
99bb3530 PD |
269 | --with-libsodium \ |
270 | --with-lua=luajit \ | |
271 | --with-libcap \ | |
7ec6fb65 | 272 | --with-re2 ''' + sanitizers, warn=True) |
99bb3530 PD |
273 | if res.exited != 0: |
274 | c.run('cat config.log') | |
275 | raise UnexpectedExit(res) | |
276 | ||
277 | @task | |
278 | def ci_auth_make(c): | |
279 | c.run('make -j8 -k V=1') | |
280 | ||
281 | @task | |
282 | def ci_rec_make(c): | |
283 | c.run('make -j8 -k V=1') | |
284 | ||
285 | @task | |
286 | def ci_dnsdist_make(c): | |
287 | c.run('make -j4 -k V=1') | |
288 | ||
289 | @task | |
290 | def ci_auth_install_remotebackend_ruby_deps(c): | |
291 | with c.cd('modules/remotebackend'): | |
0e77de07 PD |
292 | # c.run('bundle config set path vendor/bundle') |
293 | c.run('sudo ruby -S bundle install') | |
99bb3530 PD |
294 | |
295 | @task | |
296 | def ci_auth_run_unit_tests(c): | |
297 | res = c.run('make check', warn=True) | |
298 | if res.exited != 0: | |
299 | c.run('cat pdns/test-suite.log') | |
300 | raise UnexpectedExit(res) | |
301 | ||
302 | @task | |
303 | def ci_rec_run_unit_tests(c): | |
304 | res = c.run('make check', warn=True) | |
305 | if res.exited != 0: | |
306 | c.run('cat test-suite.log') | |
307 | raise UnexpectedExit(res) | |
308 | ||
309 | @task | |
310 | def ci_dnsdist_run_unit_tests(c): | |
311 | res = c.run('make check', warn=True) | |
312 | if res.exited != 0: | |
313 | c.run('cat test-suite.log') | |
314 | raise UnexpectedExit(res) | |
315 | ||
316 | @task | |
317 | def ci_make_install(c): | |
318 | res = c.run('make install') # FIXME: this builds auth docs - again | |
319 | ||
320 | @task | |
321 | def add_auth_repo(c): | |
322 | dist = 'ubuntu' # FIXME take these from the caller? | |
323 | release = 'focal' | |
324 | version = '44' | |
325 | ||
326 | c.sudo('apt-get install -qq -y curl gnupg2') | |
327 | if version == 'master': | |
328 | c.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/CBC8B383-pub.asc') | |
329 | else: | |
330 | c.sudo('curl -s -o /etc/apt/trusted.gpg.d/pdns-repo.asc https://repo.powerdns.com/FD380FBB-pub.asc') | |
331 | c.run(f"echo 'deb [arch=amd64] http://repo.powerdns.com/{dist} {release}-auth-{version} main' | sudo tee /etc/apt/sources.list.d/pdns.list") | |
332 | c.run("echo 'Package: pdns-*' | sudo tee /etc/apt/preferences.d/pdns") | |
333 | c.run("echo 'Pin: origin repo.powerdns.com' | sudo tee -a /etc/apt/preferences.d/pdns") | |
334 | c.run("echo 'Pin-Priority: 600' | sudo tee -a /etc/apt/preferences.d/pdns") | |
335 | c.sudo('apt-get update') | |
336 | ||
337 | @task | |
338 | def test_api(c, product, backend=''): | |
339 | if product == 'recursor': | |
340 | with c.cd('regression-tests.api'): | |
341 | c.run(f'PDNSRECURSOR=/opt/pdns-recursor/sbin/pdns_recursor ./runtests recursor {backend}') | |
342 | elif product == 'auth': | |
343 | with c.cd('regression-tests.api'): | |
344 | c.run(f'PDNSSERVER=/opt/pdns-auth/sbin/pdns_server PDNSUTIL=/opt/pdns-auth/bin/pdnsutil SDIG=/opt/pdns-auth/bin/sdig MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./runtests authoritative {backend}') | |
345 | else: | |
346 | raise Failure('unknown product') | |
347 | ||
0e77de07 PD |
348 | backend_regress_tests = dict( |
349 | remote = ['pipe', 'unix', 'http', 'zeromq', 'pipe-dnssec', 'unix-dnssec', 'http-dnssec', 'zeromq-dnssec'] | |
350 | ) | |
351 | ||
352 | @task | |
353 | def test_auth_backend(c, backend): | |
354 | if backend == 'remote': | |
355 | ci_auth_install_remotebackend_ruby_deps(c) | |
356 | ||
357 | with c.cd('regression-tests'): | |
358 | for t in backend_regress_tests[backend]: | |
359 | # FIXME this long line is terrible | |
360 | # FIXME this appends 'backend' but that's only correct for 'remote' | |
361 | c.run(f'PDNS=/opt/pdns-auth/sbin/pdns_server PDNS2=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig NOTIFY=/opt/pdns-auth/bin/pdns_notify NSEC3DIG=/opt/pdns-auth/bin/nsec3dig SAXFR=/opt/pdns-auth/bin/saxfr ZONE2SQL=/opt/pdns-auth/bin/zone2sql ZONE2LDAP=/opt/pdns-auth/bin/zone2ldap PDNSUTIL=/opt/pdns-auth/bin/pdnsutil PDNSCONTROL=/opt/pdns-auth/bin/pdns_control PDNSSERVER=/opt/pdns-auth/sbin/pdns_server SDIG=/opt/pdns-auth/bin/sdig MYSQL_HOST="127.0.0.1" PGHOST="127.0.0.1" PGPORT="5432" ./start-test-stop 5300 {backend}backend-{t}') | |
362 | ||
99bb3530 PD |
363 | @task |
364 | def test_dnsdist(c): | |
365 | c.run('chmod +x /opt/dnsdist/bin/*') | |
366 | c.run('ls -ald /var /var/agentx /var/agentx/master') | |
367 | c.run('ls -al /var/agentx/master') | |
368 | with c.cd('regression-tests.dnsdist'): | |
369 | c.run('DNSDISTBIN=/opt/dnsdist/bin/dnsdist ./runtests') | |
d3cb00f9 PD |
370 | |
371 | # this is run always | |
372 | def setup(): | |
373 | if '/usr/lib/ccache' not in os.environ['PATH']: | |
374 | os.environ['PATH']='/usr/lib/ccache:'+os.environ['PATH'] | |
375 | ||
376 | setup() |