]>
Commit | Line | Data |
---|---|---|
fdce492e | 1 | #!/bin/sh |
de401e0e | 2 | # Build script for CI |
d151cd28 | 3 | |
e5d52774 TB |
4 | build_botan() |
5 | { | |
1bbb736e | 6 | # same revision used in the build recipe of the testing environment |
b7fdc10a | 7 | BOTAN_REV=3.3.0 |
da9e4fa0 | 8 | BOTAN_DIR=$DEPS_BUILD_DIR/botan |
24af02b0 | 9 | |
d4068a1d TB |
10 | if test -d "$BOTAN_DIR"; then |
11 | return | |
12 | fi | |
13 | ||
2a58030b TB |
14 | echo "$ build_botan()" |
15 | ||
e5d52774 TB |
16 | # if the leak detective is enabled we have to disable threading support |
17 | # (used for std::async) as that causes invalid frees somehow, the | |
18 | # locking allocator causes a static leak via the first function that | |
19 | # references it (e.g. crypter or hasher), so we disable that too | |
20 | if test "$LEAK_DETECTIVE" = "yes"; then | |
21 | BOTAN_CONFIG="--without-os-features=threads | |
22 | --disable-modules=locking_allocator" | |
23 | fi | |
24 | # disable some larger modules we don't need for the tests | |
da9e4fa0 TB |
25 | BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss |
26 | --prefix=$DEPS_PREFIX" | |
1bbb736e TB |
27 | |
28 | git clone https://github.com/randombit/botan.git $BOTAN_DIR && | |
24af02b0 | 29 | cd $BOTAN_DIR && |
bbe72f97 | 30 | git checkout -qf $BOTAN_REV && |
24af02b0 | 31 | python ./configure.py --amalgamation $BOTAN_CONFIG && |
e5d52774 TB |
32 | make -j4 libs >/dev/null && |
33 | sudo make install >/dev/null && | |
34 | sudo ldconfig || exit $? | |
24af02b0 | 35 | cd - |
e5d52774 TB |
36 | } |
37 | ||
d50bb81c TB |
38 | build_wolfssl() |
39 | { | |
84166508 | 40 | WOLFSSL_REV=v5.7.0-stable |
da9e4fa0 | 41 | WOLFSSL_DIR=$DEPS_BUILD_DIR/wolfssl |
d50bb81c TB |
42 | |
43 | if test -d "$WOLFSSL_DIR"; then | |
44 | return | |
45 | fi | |
46 | ||
47 | echo "$ build_wolfssl()" | |
48 | ||
19611b1d TB |
49 | WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB -DHAVE_AES_ECB \ |
50 | -DHAVE_ECC_BRAINPOOL -DWOLFSSL_MIN_AUTH_TAG_SZ=8" | |
da9e4fa0 | 51 | WOLFSSL_CONFIG="--prefix=$DEPS_PREFIX |
7ae4ced0 | 52 | --disable-crypttests --disable-examples |
19611b1d TB |
53 | --enable-aesccm --enable-aesctr --enable-camellia |
54 | --enable-curve25519 --enable-curve448 --enable-des3 | |
55 | --enable-ecccustcurves --enable-ed25519 --enable-ed448 | |
e288c507 | 56 | --enable-keygen --with-max-rsa-bits=8192 --enable-md4 |
eae30af0 | 57 | --enable-rsapss --enable-sha3 --enable-shake256" |
d50bb81c TB |
58 | |
59 | git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR && | |
60 | cd $WOLFSSL_DIR && | |
61 | git checkout -qf $WOLFSSL_REV && | |
62 | ./autogen.sh && | |
63 | ./configure C_EXTRA_FLAGS="$WOLFSSL_CFLAGS" $WOLFSSL_CONFIG && | |
64 | make -j4 >/dev/null && | |
65 | sudo make install >/dev/null && | |
66 | sudo ldconfig || exit $? | |
67 | cd - | |
68 | } | |
69 | ||
7b46089e TB |
70 | build_tss2() |
71 | { | |
287ef047 | 72 | TSS2_REV=3.2.3 |
7b46089e | 73 | TSS2_PKG=tpm2-tss-$TSS2_REV |
da9e4fa0 | 74 | TSS2_DIR=$DEPS_BUILD_DIR/$TSS2_PKG |
7b46089e TB |
75 | TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz |
76 | ||
77 | if test -d "$TSS2_DIR"; then | |
78 | return | |
79 | fi | |
80 | ||
2a58030b TB |
81 | echo "$ build_tss2()" |
82 | ||
da9e4fa0 | 83 | curl -L $TSS2_SRC | tar xz -C $DEPS_BUILD_DIR && |
7b46089e | 84 | cd $TSS2_DIR && |
da9e4fa0 | 85 | ./configure --prefix=$DEPS_PREFIX --disable-doxygen-doc && |
248f3491 TB |
86 | make -j4 >/dev/null && |
87 | sudo make install >/dev/null && | |
7b46089e TB |
88 | sudo ldconfig || exit $? |
89 | cd - | |
90 | } | |
91 | ||
a5cfa571 TB |
92 | build_openssl() |
93 | { | |
0e88b8a8 | 94 | SSL_REV=3.1.1 |
a5cfa571 TB |
95 | SSL_PKG=openssl-$SSL_REV |
96 | SSL_DIR=$DEPS_BUILD_DIR/$SSL_PKG | |
97 | SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz | |
98 | SSL_INS=$DEPS_PREFIX/ssl | |
03541c73 | 99 | SSL_OPT="-d shared no-dtls no-ssl3 no-zlib no-idea no-psk no-srp |
0fea6a7f | 100 | no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128" |
a5cfa571 TB |
101 | |
102 | if test -d "$SSL_DIR"; then | |
103 | return | |
104 | fi | |
105 | ||
106 | # insist on compiling with gcc and debug information as symbols are otherwise not found | |
107 | if test "$LEAK_DETECTIVE" = "yes"; then | |
108 | SSL_OPT="$SSL_OPT CC=gcc -d" | |
109 | fi | |
110 | ||
111 | echo "$ build_openssl()" | |
112 | ||
eac27ce6 TB |
113 | curl -L $SSL_SRC | tar xz -C $DEPS_BUILD_DIR || exit $? |
114 | ||
115 | if [ "$TEST" = "android" ]; then | |
116 | OPENSSL_SRC=${SSL_DIR} \ | |
117 | NO_DOCKER=1 src/frontends/android/openssl/build.sh || exit $? | |
118 | else | |
119 | cd $SSL_DIR && | |
120 | ./config --prefix=$SSL_INS --openssldir=$SSL_INS --libdir=lib $SSL_OPT && | |
121 | make -j4 >/dev/null && | |
122 | sudo make install_sw >/dev/null && | |
123 | sudo ldconfig || exit $? | |
124 | cd - | |
125 | fi | |
a5cfa571 TB |
126 | } |
127 | ||
1301c762 GR |
128 | build_awslc() |
129 | { | |
907079bd | 130 | LC_REV=1.24.0 |
1301c762 GR |
131 | LC_PKG=aws-lc-$LC_REV |
132 | LC_DIR=$DEPS_BUILD_DIR/$LC_PKG | |
133 | LC_SRC=https://github.com/aws/aws-lc/archive/refs/tags/v${LC_REV}.tar.gz | |
134 | LC_BUILD=$LC_DIR/build | |
135 | LC_INS=$DEPS_PREFIX/ssl | |
136 | ||
137 | mkdir -p $LC_BUILD | |
138 | ||
139 | echo "$ build_awslc()" | |
140 | ||
141 | curl -L $LC_SRC | tar xz -C $DEPS_BUILD_DIR || exit $? | |
142 | ||
143 | cd $LC_BUILD && | |
144 | cmake -GNinja -DCMAKE_INSTALL_PREFIX=$LC_INS .. && | |
145 | ninja && | |
146 | sudo ninja install || exit $? | |
147 | cd - | |
148 | } | |
149 | ||
a5cfa571 TB |
150 | use_custom_openssl() |
151 | { | |
152 | CFLAGS="$CFLAGS -I$DEPS_PREFIX/ssl/include" | |
153 | export LDFLAGS="$LDFLAGS -L$DEPS_PREFIX/ssl/lib" | |
154 | export LD_LIBRARY_PATH="$DEPS_PREFIX/ssl/lib:$LD_LIBRARY_PATH" | |
155 | if test "$1" = "build-deps"; then | |
1301c762 GR |
156 | case "$TEST" in |
157 | openssl-awslc) | |
158 | build_awslc | |
159 | ;; | |
160 | *) | |
161 | build_openssl | |
162 | ;; | |
163 | esac | |
a5cfa571 TB |
164 | fi |
165 | } | |
166 | ||
0fea6a7f TB |
167 | system_uses_openssl3() |
168 | { | |
169 | pkg-config --atleast-version=3.0.0 libcrypto | |
170 | return $? | |
171 | } | |
172 | ||
173 | prepare_system_openssl() | |
174 | { | |
175 | # On systems that ship OpenSSL 3 (e.g. Ubuntu 22.04), we require debug | |
176 | # symbols to whitelist leaks | |
177 | if test "$1" = "deps"; then | |
178 | echo "deb http://ddebs.ubuntu.com $(lsb_release -cs) main restricted | |
179 | deb http://ddebs.ubuntu.com $(lsb_release -cs)-updates main restricted | |
180 | deb http://ddebs.ubuntu.com $(lsb_release -cs)-proposed main restricted" | \ | |
181 | sudo tee -a /etc/apt/sources.list.d/ddebs.list | |
182 | sudo apt-get install -qq ubuntu-dbgsym-keyring | |
183 | DEPS="$DEPS libssl3-dbgsym" | |
184 | fi | |
185 | if test "$LEAK_DETECTIVE" = "yes"; then | |
186 | # make sure we can properly whitelist functions with leak detective | |
187 | DEPS="$DEPS binutils-dev" | |
188 | CONFIG="$CONFIG --enable-bfd-backtraces" | |
189 | else | |
190 | # with ASan we have to use the (extremely) slow stack unwind as the | |
191 | # shipped version of the library is built with -fomit-frame-pointer | |
192 | export ASAN_OPTIONS=fast_unwind_on_malloc=0 | |
193 | fi | |
194 | } | |
195 | ||
de401e0e TB |
196 | : ${BUILD_DIR=$PWD} |
197 | : ${DEPS_BUILD_DIR=$BUILD_DIR/..} | |
da9e4fa0 | 198 | : ${DEPS_PREFIX=/usr/local} |
d151cd28 | 199 | |
742e0f21 TB |
200 | if [ -e /etc/os-release ]; then |
201 | . /etc/os-release | |
202 | elif [ -e /usr/lib/os-release ]; then | |
203 | . /usr/lib/os-release | |
204 | fi | |
205 | ||
d151cd28 TB |
206 | TARGET=check |
207 | ||
60a0bb67 TB |
208 | DEPS="libgmp-dev" |
209 | ||
1f242e77 | 210 | CFLAGS="-g -O2" |
95e67e8d | 211 | |
d151cd28 TB |
212 | case "$TEST" in |
213 | default) | |
316aa4b4 TB |
214 | # should be the default, but lets make sure |
215 | CONFIG="--with-printf-hooks=glibc" | |
d151cd28 | 216 | ;; |
2a58030b TB |
217 | openssl*) |
218 | CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem" | |
89559781 | 219 | export TESTS_PLUGINS="test-vectors openssl! pem" |
60a0bb67 | 220 | DEPS="libssl-dev" |
a5cfa571 TB |
221 | if test "$TEST" = "openssl-3"; then |
222 | DEPS="" | |
223 | use_custom_openssl $1 | |
1301c762 GR |
224 | elif test "$TEST" = "openssl-awslc"; then |
225 | DEPS="cmake ninja-build golang" | |
226 | use_custom_openssl $1 | |
0fea6a7f TB |
227 | elif system_uses_openssl3; then |
228 | prepare_system_openssl $1 | |
a5cfa571 | 229 | fi |
d151cd28 TB |
230 | ;; |
231 | gcrypt) | |
77a15f55 | 232 | CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-random --enable-pem --enable-pkcs1 --enable-pkcs8 --enable-gcm --enable-hmac --enable-kdf -enable-curve25519 --enable-x509 --enable-constraints" |
89559781 | 233 | export TESTS_PLUGINS="test-vectors gcrypt! random pem pkcs1 pkcs8 gcm hmac kdf curve25519 x509 constraints" |
89936186 | 234 | DEPS="libgcrypt20-dev" |
d151cd28 | 235 | ;; |
9ee23d5e | 236 | botan) |
77a15f55 | 237 | CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem --enable-hmac --enable-x509 --enable-constraints" |
89559781 | 238 | export TESTS_PLUGINS="test-vectors botan! pem hmac x509 constraints" |
9ee23d5e | 239 | DEPS="" |
0ff93958 | 240 | if test "$1" = "build-deps"; then |
e5d52774 | 241 | build_botan |
9ee23d5e TB |
242 | fi |
243 | ;; | |
d50bb81c | 244 | wolfssl) |
77a15f55 | 245 | CONFIG="--disable-defaults --enable-pki --enable-wolfssl --enable-pem --enable-pkcs1 --enable-pkcs8 --enable-x509 --enable-constraints" |
89559781 | 246 | export TESTS_PLUGINS="test-vectors wolfssl! pem pkcs1 pkcs8 x509 constraints" |
d50bb81c TB |
247 | # build with custom options to enable all the features the plugin supports |
248 | DEPS="" | |
0ff93958 | 249 | if test "$1" = "build-deps"; then |
d50bb81c TB |
250 | build_wolfssl |
251 | fi | |
252 | ;; | |
316aa4b4 TB |
253 | printf-builtin) |
254 | CONFIG="--with-printf-hooks=builtin" | |
255 | ;; | |
b73a476c | 256 | all|alpine|codeql|coverage|sonarcloud|no-dbg) |
f830e714 NK |
257 | if [ "$TEST" = "sonarcloud" ]; then |
258 | if [ -z "$SONAR_PROJECT" -o -z "$SONAR_ORGANIZATION" -o -z "$SONAR_TOKEN" ]; then | |
259 | echo "The SONAR_PROJECT, SONAR_ORGANIZATION and SONAR_TOKEN" \ | |
260 | "environment variables are required to run this test" | |
261 | exit 1 | |
262 | fi | |
263 | fi | |
0d3fcd10 TB |
264 | if [ "$TEST" = "codeql" ]; then |
265 | # don't run tests, only analyze built code | |
266 | TARGET= | |
267 | fi | |
027ba4d1 TB |
268 | if [ "$TEST" = "no-dbg" ]; then |
269 | CFLAGS="$CFLAGS -DDEBUG_LEVEL=-1" | |
270 | fi | |
d151cd28 | 271 | CONFIG="--enable-all --disable-android-dns --disable-android-log |
66c4735f | 272 | --disable-kernel-pfroute --disable-keychain |
157742be | 273 | --disable-lock-profiler --disable-padlock --disable-fuzzing |
e4fd163a | 274 | --disable-osx-attr --disable-tkm --disable-uci |
5833bc4b | 275 | --disable-unwind-backtraces |
4732e29a | 276 | --disable-svc --disable-dbghelp-backtraces --disable-socket-win |
de401e0e TB |
277 | --disable-kernel-wfp --disable-kernel-iph --disable-winhttp |
278 | --disable-python-eggs-install" | |
d151cd28 TB |
279 | # not enabled on the build server |
280 | CONFIG="$CONFIG --disable-af-alg" | |
36b1a6d7 TB |
281 | # unable to build Botan on Ubuntu 20.04 |
282 | if [ "$ID" = "ubuntu" -a "$VERSION_ID" = "20.04" ]; then | |
283 | CONFIG="$CONFIG --disable-botan" | |
284 | fi | |
42f7c989 TB |
285 | if test "$TEST" != "coverage"; then |
286 | CONFIG="$CONFIG --disable-coverage" | |
287 | else | |
42f7c989 | 288 | DEPS="$DEPS lcov" |
75c5c566 | 289 | TARGET="coverage" |
42f7c989 | 290 | fi |
60a0bb67 TB |
291 | DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev |
292 | libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev | |
de401e0e | 293 | libldap2-dev libpcsclite-dev libpam0g-dev binutils-dev libnm-dev |
fe5f2733 | 294 | libgcrypt20-dev libjson-c-dev python3-pip libtspi-dev libsystemd-dev |
89936186 | 295 | libselinux1-dev libiptc-dev" |
b73a476c TB |
296 | if [ "$TEST" = "alpine" ]; then |
297 | # override the whole list for alpine | |
298 | DEPS="git gmp-dev openldap-dev curl-dev ldns-dev unbound-dev libsoup-dev | |
299 | tpm2-tss-dev mariadb-dev wolfssl-dev libgcrypt-dev botan3-dev | |
300 | pcsc-lite-dev networkmanager-dev linux-pam-dev iptables-dev | |
301 | libselinux-dev binutils-dev libunwind-dev ruby py3-setuptools" | |
302 | # musl does not provide backtrace(), so use libunwind | |
303 | CONFIG="$CONFIG --enable-unwind-backtraces" | |
304 | # alpine doesn't have systemd | |
305 | CONFIG="$CONFIG --disable-systemd --disable-cert-enroll-timer" | |
306 | # no TrouSerS either | |
307 | CONFIG="$CONFIG --disable-tss-trousers --disable-aikgen" | |
308 | # and no Clearsilver | |
309 | CONFIG="$CONFIG --disable-fast --disable-manager --disable-medsrv" | |
310 | fi | |
bf91b71f | 311 | PYDEPS="tox" |
0ff93958 | 312 | if test "$1" = "build-deps"; then |
36b1a6d7 TB |
313 | if [ "$ID" = "ubuntu" -a "$VERSION_ID" != "20.04" ]; then |
314 | build_botan | |
315 | fi | |
d50bb81c | 316 | build_wolfssl |
7b46089e | 317 | build_tss2 |
e5d52774 | 318 | fi |
a5cfa571 | 319 | use_custom_openssl $1 |
d151cd28 | 320 | ;; |
fd372e13 MW |
321 | win*) |
322 | CONFIG="--disable-defaults --enable-svc --enable-ikev2 | |
d930d184 MW |
323 | --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce |
324 | --enable-constraints --enable-revocation --enable-pem --enable-pkcs1 | |
325 | --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert | |
326 | --enable-eap-tnc --enable-eap-ttls --enable-eap-identity | |
8bb772a9 | 327 | --enable-eap-radius |
14a0c082 | 328 | --enable-updown --enable-ext-auth --enable-libipsec --enable-pkcs11 |
d930d184 MW |
329 | --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation |
330 | --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc | |
cfdab423 TB |
331 | --enable-pki --enable-swanctl --enable-socket-win |
332 | --enable-kernel-iph --enable-kernel-wfp --enable-winhttp" | |
6eb7dd11 TB |
333 | # no make check for Windows binaries unless we run on a windows host |
334 | if test "$APPVEYOR" != "True"; then | |
335 | TARGET= | |
09662628 | 336 | else |
d2506209 | 337 | CONFIG="$CONFIG --enable-openssl" |
08e31138 TB |
338 | case "$IMG" in |
339 | 2015|2017) | |
340 | # old OpenSSL versions don't provide HKDF | |
341 | CONFIG="$CONFIG --enable-kdf" | |
342 | ;; | |
343 | esac | |
d2506209 | 344 | |
a5f4b996 | 345 | CFLAGS="$CFLAGS -I$OPENSSL_DIR/include" |
d2506209 TB |
346 | LDFLAGS="-L$OPENSSL_DIR/lib" |
347 | case "$IMG" in | |
348 | 2015) | |
349 | # gcc/ld might be too old to find libeay32 via .lib instead of .dll | |
350 | LDFLAGS="-L$OPENSSL_DIR" | |
351 | ;; | |
352 | esac | |
09662628 | 353 | export LDFLAGS |
6eb7dd11 | 354 | fi |
d930d184 | 355 | CFLAGS="$CFLAGS -mno-ms-bitfields" |
94a69986 | 356 | DEPS="gcc-mingw-w64-base" |
fd372e13 MW |
357 | case "$TEST" in |
358 | win64) | |
cfdab423 | 359 | CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces" |
94a69986 | 360 | DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS" |
de401e0e | 361 | CC="x86_64-w64-mingw32-gcc" |
fd372e13 MW |
362 | ;; |
363 | win32) | |
364 | CONFIG="--host=i686-w64-mingw32 $CONFIG" | |
cfdab423 | 365 | DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS" |
de401e0e | 366 | CC="i686-w64-mingw32-gcc" |
fd372e13 MW |
367 | ;; |
368 | esac | |
d930d184 | 369 | ;; |
763f07c5 | 370 | android) |
eac27ce6 TB |
371 | if test "$1" = "build-deps"; then |
372 | build_openssl | |
763f07c5 TB |
373 | fi |
374 | TARGET=distdir | |
375 | ;; | |
de401e0e | 376 | macos) |
fd9edf7f TB |
377 | # this causes a false positive in ip-packet.c since Xcode 8.3 |
378 | CFLAGS="$CFLAGS -Wno-address-of-packed-member" | |
e36b1e2e TB |
379 | # use the same options as in the Homebrew Formula |
380 | CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints | |
381 | --enable-curl --enable-eap-gtc --enable-eap-identity | |
8d8739ac TB |
382 | --enable-eap-md5 --enable-eap-mschapv2 --enable-farp --enable-ikev1 |
383 | --enable-ikev2 --enable-kernel-libipsec --enable-kernel-pfkey | |
e36b1e2e TB |
384 | --enable-kernel-pfroute --enable-nonce --enable-openssl |
385 | --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1 | |
386 | --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation | |
73901d2c TB |
387 | --enable-socket-default --enable-sshkey --enable-stroke |
388 | --enable-swanctl --enable-unity --enable-updown | |
e36b1e2e | 389 | --enable-x509 --enable-xauth-generic" |
798e25f3 | 390 | DEPS="automake autoconf libtool bison gettext gperf pkg-config openssl@1.1 curl" |
e36b1e2e TB |
391 | BREW_PREFIX=$(brew --prefix) |
392 | export PATH=$BREW_PREFIX/opt/bison/bin:$PATH | |
393 | export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH | |
3e148e5b | 394 | for pkg in openssl@1.1 curl |
e36b1e2e | 395 | do |
8486b3b4 | 396 | PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH |
e36b1e2e TB |
397 | CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS" |
398 | LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS" | |
399 | done | |
400 | export PKG_CONFIG_PATH | |
401 | export CPPFLAGS | |
402 | export LDFLAGS | |
403 | ;; | |
d6949b15 TB |
404 | freebsd) |
405 | # use the options of the FreeBSD port (including options), except smp, | |
406 | # which requires a patch but is deprecated anyway, only using the builtin | |
407 | # printf hooks | |
408 | CONFIG="--enable-kernel-pfkey --enable-kernel-pfroute --disable-scripts | |
409 | --disable-kernel-netlink --enable-openssl --enable-eap-identity | |
410 | --enable-eap-md5 --enable-eap-tls --enable-eap-mschapv2 | |
411 | --enable-eap-peap --enable-eap-ttls --enable-md4 --enable-blowfish | |
412 | --enable-addrblock --enable-whitelist --enable-cmd --enable-curl | |
413 | --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-dynamic | |
414 | --enable-eap-radius --enable-eap-sim --enable-eap-sim-file | |
415 | --enable-gcm --enable-ipseckey --enable-kernel-libipsec | |
416 | --enable-load-tester --enable-ldap --enable-mediation | |
51f48376 TB |
417 | --enable-mysql --enable-sqlite --enable-tpm --enable-tss-tss2 |
418 | --enable-unbound --enable-unity --enable-xauth-eap --enable-xauth-pam | |
1af4ae87 TB |
419 | --with-printf-hooks=builtin --enable-attr-sql --enable-sql |
420 | --enable-farp" | |
d42f4367 | 421 | DEPS="git gmp libxml2 mysql80-client sqlite3 unbound ldns tpm2-tss" |
d6949b15 | 422 | ;; |
1ce2721d TB |
423 | fuzzing) |
424 | CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE" | |
508b3087 | 425 | CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts |
75181f48 | 426 | --enable-imc-test --enable-tnccs-20" |
1ce2721d TB |
427 | # don't run any of the unit tests |
428 | export TESTS_RUNNERS= | |
429 | # prepare corpora | |
430 | if test -z "$1"; then | |
431 | if test -z "$FUZZING_CORPORA"; then | |
432 | git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora | |
de401e0e | 433 | export FUZZING_CORPORA=$BUILD_DIR/fuzzing-corpora |
1ce2721d | 434 | fi |
7421884d TB |
435 | # these are about the same as those on OSS-Fuzz (except for the |
436 | # symbolize options and strip_path_prefix) | |
437 | export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\ | |
438 | allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\ | |
439 | coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\ | |
440 | alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\ | |
441 | handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\ | |
442 | symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5 | |
1ce2721d TB |
443 | fi |
444 | ;; | |
0fea6a7f | 445 | nm) |
658b6df4 | 446 | DEPS="gnome-common libsecret-1-dev libgtk-3-dev libnm-dev libnma-dev" |
658b6df4 TB |
447 | cd src/frontends/gnome |
448 | # don't run ./configure with ./autogen.sh | |
449 | export NOCONFIGURE=1 | |
450 | ;; | |
d151cd28 TB |
451 | dist) |
452 | TARGET=distcheck | |
453 | ;; | |
4e8f5a18 TB |
454 | apidoc) |
455 | DEPS="doxygen" | |
456 | CONFIG="--disable-defaults" | |
457 | TARGET=apidoc | |
458 | ;; | |
d151cd28 TB |
459 | *) |
460 | echo "$0: unknown test $TEST" >&2 | |
461 | exit 1 | |
462 | ;; | |
463 | esac | |
464 | ||
0ff93958 TB |
465 | case "$1" in |
466 | deps) | |
de401e0e | 467 | case "$OS_NAME" in |
e36b1e2e TB |
468 | linux) |
469 | sudo apt-get update -qq && \ | |
470 | sudo apt-get install -qq bison flex gperf gettext $DEPS | |
471 | ;; | |
b73a476c TB |
472 | alpine) |
473 | apk add --no-cache build-base automake autoconf libtool pkgconfig && \ | |
474 | apk add --no-cache bison flex gperf gettext-dev tzdata $DEPS | |
475 | ;; | |
de401e0e | 476 | macos) |
e36b1e2e TB |
477 | brew update && \ |
478 | brew install $DEPS | |
479 | ;; | |
d6949b15 TB |
480 | freebsd) |
481 | pkg install -y automake autoconf libtool pkgconf && \ | |
482 | pkg install -y bison flex gperf gettext $DEPS | |
483 | ;; | |
e36b1e2e | 484 | esac |
60a0bb67 | 485 | exit $? |
0ff93958 TB |
486 | ;; |
487 | pydeps) | |
742e0f21 | 488 | test -z "$PYDEPS" || pip3 -q install --user $PYDEPS |
75a84579 | 489 | exit $? |
0ff93958 TB |
490 | ;; |
491 | build-deps) | |
492 | exit | |
493 | ;; | |
494 | *) | |
495 | ;; | |
496 | esac | |
75a84579 | 497 | |
d151cd28 | 498 | CONFIG="$CONFIG |
e36b1e2e | 499 | --disable-dependency-tracking |
d151cd28 TB |
500 | --enable-silent-rules |
501 | --enable-test-vectors | |
502 | --enable-monolithic=${MONOLITHIC-no} | |
503 | --enable-leak-detective=${LEAK_DETECTIVE-no}" | |
504 | ||
d29af802 | 505 | case "$TEST" in |
b73a476c | 506 | alpine|codeql|coverage|freebsd|fuzzing|sonarcloud|win*) |
d29af802 TB |
507 | # don't use AddressSanitizer if it's not available or causes conflicts |
508 | CONFIG="$CONFIG --disable-asan" | |
509 | ;; | |
510 | *) | |
89936186 | 511 | if [ "$LEAK_DETECTIVE" != "yes" ]; then |
d29af802 TB |
512 | CONFIG="$CONFIG --enable-asan" |
513 | fi | |
514 | ;; | |
515 | esac | |
516 | ||
e36b1e2e TB |
517 | echo "$ ./autogen.sh" |
518 | ./autogen.sh || exit $? | |
4e8f5a18 TB |
519 | echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG" |
520 | CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $? | |
521 | ||
522 | case "$TEST" in | |
523 | apidoc) | |
524 | exec 2>make.warnings | |
525 | ;; | |
526 | *) | |
527 | ;; | |
528 | esac | |
529 | ||
530 | echo "$ make $TARGET" | |
e2d8833f TB |
531 | case "$TEST" in |
532 | sonarcloud) | |
533 | # without target, coverage is currently not supported anyway because | |
534 | # sonarqube only supports gcov, not lcov | |
535 | build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $? | |
536 | ;; | |
537 | *) | |
538 | make -j4 $TARGET || exit $? | |
539 | ;; | |
540 | esac | |
4e8f5a18 TB |
541 | |
542 | case "$TEST" in | |
543 | apidoc) | |
544 | if test -s make.warnings; then | |
545 | cat make.warnings | |
546 | exit 1 | |
547 | fi | |
f36e3755 | 548 | rm make.warnings |
4e8f5a18 | 549 | ;; |
e2d8833f TB |
550 | sonarcloud) |
551 | sonar-scanner \ | |
de401e0e | 552 | -Dsonar.host.url=https://sonarcloud.io \ |
fd5cf311 TB |
553 | -Dsonar.projectKey=${SONAR_PROJECT} \ |
554 | -Dsonar.organization=${SONAR_ORGANIZATION} \ | |
10a876d5 | 555 | -Dsonar.token=${SONAR_TOKEN} \ |
4ae9b482 | 556 | -Dsonar.projectVersion=$(git describe --exclude 'android-*')+${BUILD_NUMBER} \ |
e2d8833f | 557 | -Dsonar.sources=. \ |
187ab298 | 558 | -Dsonar.cfamily.threads=2 \ |
03c08423 TB |
559 | -Dsonar.cfamily.analysisCache.mode=fs \ |
560 | -Dsonar.cfamily.analysisCache.path=$HOME/.sonar-cache \ | |
e2d8833f | 561 | -Dsonar.cfamily.build-wrapper-output=bw-output || exit $? |
f36e3755 | 562 | rm -r bw-output .scannerwork |
e2d8833f | 563 | ;; |
763f07c5 TB |
564 | android) |
565 | rm -r strongswan-* | |
566 | cd src/frontends/android | |
567 | echo "$ ./gradlew build" | |
71b0c031 | 568 | NDK_CCACHE=ccache ./gradlew build --info || exit $? |
763f07c5 | 569 | ;; |
4e8f5a18 TB |
570 | *) |
571 | ;; | |
572 | esac | |
f36e3755 TB |
573 | |
574 | # ensure there are no unignored build artifacts (or other changes) in the Git repo | |
575 | unclean="$(git status --porcelain)" | |
576 | if test -n "$unclean"; then | |
577 | echo "Unignored build artifacts or other changes:" | |
578 | echo "$unclean" | |
579 | exit 1 | |
580 | fi |