]> git.ipfire.org Git - thirdparty/strongswan.git/blob - scripts/test.sh
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
github: Use tpm2-tss 3.2.3 for tests
[thirdparty/strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 build_botan()
5 {
6 # same revision used in the build recipe of the testing environment
7 BOTAN_REV=2.11.0
8 BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
9
10 if test -d "$BOTAN_DIR"; then
11 return
12 fi
13
14 echo "$ build_botan()"
15
16 # if the leak detective is enabled we have to disable threading support
17 # (used for std::async) as that causes invalid frees somehow, the
18 # locking allocator causes a static leak via the first function that
19 # references it (e.g. crypter or hasher), so we disable that too
20 if test "$LEAK_DETECTIVE" = "yes"; then
21 BOTAN_CONFIG="--without-os-features=threads
22 --disable-modules=locking_allocator"
23 fi
24 # disable some larger modules we don't need for the tests
25 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
26
27 git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
28 cd $BOTAN_DIR &&
29 git checkout -qf $BOTAN_REV &&
30 python ./configure.py --amalgamation $BOTAN_CONFIG &&
31 make -j4 libs >/dev/null &&
32 sudo make install >/dev/null &&
33 sudo ldconfig || exit $?
34 cd -
35 }
36
37 build_wolfssl()
38 {
39 WOLFSSL_REV=v4.1.0-stable
40 WOLFSSL_DIR=$TRAVIS_BUILD_DIR/../wolfssl
41
42 if test -d "$WOLFSSL_DIR"; then
43 return
44 fi
45
46 echo "$ build_wolfssl()"
47
48 WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB"
49 WOLFSSL_CONFIG="--enable-keygen --enable-rsapss --enable-aesccm
50 --enable-aesctr --enable-des3 --enable-camellia
51 --enable-curve25519 --enable-ed25519"
52
53 git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR &&
54 cd $WOLFSSL_DIR &&
55 git checkout -qf $WOLFSSL_REV &&
56 ./autogen.sh &&
57 ./configure C_EXTRA_FLAGS="$WOLFSSL_CFLAGS" $WOLFSSL_CONFIG &&
58 make -j4 >/dev/null &&
59 sudo make install >/dev/null &&
60 sudo ldconfig || exit $?
61 cd -
62 }
63
64 build_tss2()
65 {
66 TSS2_REV=2.1.0
67 TSS2_PKG=tpm2-tss-$TSS2_REV
68 TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG
69 TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz
70
71 if test -d "$TSS2_DIR"; then
72 return
73 fi
74
75 echo "$ build_tss2()"
76
77 # the default version of libgcrypt in Ubuntu 16.04 is too old
78 sudo apt-get update -qq && \
79 sudo apt-get install -qq libgcrypt20-dev &&
80 curl -L $TSS2_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
81 cd $TSS2_DIR &&
82 ./configure &&
83 make -j4 >/dev/null &&
84 sudo make install >/dev/null &&
85 sudo ldconfig || exit $?
86 cd -
87 }
88
89 build_openssl()
90 {
91 SSL_REV=1.1.1c
92 SSL_PKG=openssl-$SSL_REV
93 SSL_DIR=$TRAVIS_BUILD_DIR/../$SSL_PKG
94 SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz
95 SSL_INS=/usr/local/ssl
96 SSL_OPT="shared no-tls no-dtls no-ssl3 no-zlib no-comp no-idea no-psk no-srp
97 no-stdio no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128
98 --api=1.1.0"
99
100 if test -d "$SSL_DIR"; then
101 return
102 fi
103
104 echo "$ build_openssl()"
105
106 curl -L $SSL_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
107 cd $SSL_DIR &&
108 ./config --prefix=$SSL_INS --openssldir=$SSL_INS $SSL_OPT &&
109 make -j4 >/dev/null &&
110 sudo make install_sw >/dev/null &&
111 echo $SSL_INS/lib | sudo tee /etc/ld.so.conf.d/openssl-$SSL_REV.conf >/dev/null &&
112 sudo ldconfig || exit $?
113 cd -
114 }
115
116 use_custom_openssl()
117 {
118 CFLAGS="$CFLAGS -I/usr/local/ssl/include"
119 LDFLAGS="$LDFLAGS -L/usr/local/ssl/lib"
120 export LDFLAGS
121 if test "$1" = "deps"; then
122 build_openssl
123 fi
124 }
125
126 if test -z $TRAVIS_BUILD_DIR; then
127 TRAVIS_BUILD_DIR=$PWD
128 fi
129
130 cd $TRAVIS_BUILD_DIR
131
132 TARGET=check
133
134 DEPS="libgmp-dev"
135
136 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
137
138 case "$TEST" in
139 default)
140 # should be the default, but lets make sure
141 CONFIG="--with-printf-hooks=glibc"
142 ;;
143 openssl*)
144 CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem"
145 export TESTS_PLUGINS="test-vectors pem openssl!"
146 DEPS="libssl-dev"
147 if test "$TEST" != "openssl-1.0"; then
148 DEPS=""
149 use_custom_openssl $1
150 fi
151 ;;
152 gcrypt)
153 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
154 export TESTS_PLUGINS="test-vectors pkcs1 gcrypt!"
155 DEPS="libgcrypt11-dev"
156 ;;
157 botan)
158 CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem"
159 export TESTS_PLUGINS="test-vectors pem botan!"
160 # we can't use the old package that comes with Ubuntu so we build from
161 # the current master until 2.8.0 is released and then probably switch to
162 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
163 # currently required)
164 DEPS=""
165 if test "$1" = "deps"; then
166 build_botan
167 fi
168 ;;
169 wolfssl)
170 CONFIG="--disable-defaults --enable-pki --enable-wolfssl --enable-pem"
171 export TESTS_PLUGINS="test-vectors pem wolfssl!"
172 # build with custom options to enable all the features the plugin supports
173 DEPS=""
174 if test "$1" = "deps"; then
175 build_wolfssl
176 fi
177 ;;
178 printf-builtin)
179 CONFIG="--with-printf-hooks=builtin"
180 ;;
181 all|coverage|sonarcloud)
182 CONFIG="--enable-all --disable-android-dns --disable-android-log
183 --disable-kernel-pfroute --disable-keychain
184 --disable-lock-profiler --disable-padlock --disable-fuzzing
185 --disable-osx-attr --disable-tkm --disable-uci
186 --disable-soup --disable-unwind-backtraces
187 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
188 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
189 # not enabled on the build server
190 CONFIG="$CONFIG --disable-af-alg"
191 if test "$TEST" != "coverage"; then
192 CONFIG="$CONFIG --disable-coverage"
193 else
194 # not actually required but configure checks for it
195 DEPS="$DEPS lcov"
196 fi
197 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
198 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
199 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev libnm-dev
200 libjson0-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
201 PYDEPS="pytest"
202 if test "$1" = "deps"; then
203 build_botan
204 build_wolfssl
205 build_tss2
206 fi
207 use_custom_openssl $1
208 ;;
209 win*)
210 CONFIG="--disable-defaults --enable-svc --enable-ikev2
211 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
212 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
213 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
214 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
215 --enable-updown --enable-ext-auth --enable-libipsec
216 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
217 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
218 --enable-pki --enable-swanctl --enable-socket-win
219 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
220 # no make check for Windows binaries unless we run on a windows host
221 if test "$APPVEYOR" != "True"; then
222 TARGET=
223 CCACHE=ccache
224 else
225 CONFIG="$CONFIG --enable-openssl"
226 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
227 LDFLAGS="-L/c/OpenSSL-$TEST"
228 export LDFLAGS
229 fi
230 CFLAGS="$CFLAGS -mno-ms-bitfields"
231 DEPS="gcc-mingw-w64-base"
232 case "$TEST" in
233 win64)
234 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
235 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
236 CC="$CCACHE x86_64-w64-mingw32-gcc"
237 ;;
238 win32)
239 CONFIG="--host=i686-w64-mingw32 $CONFIG"
240 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
241 CC="$CCACHE i686-w64-mingw32-gcc"
242 ;;
243 esac
244 ;;
245 osx)
246 # this causes a false positive in ip-packet.c since Xcode 8.3
247 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
248 # use the same options as in the Homebrew Formula
249 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
250 --enable-curl --enable-eap-gtc --enable-eap-identity
251 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
252 --enable-kernel-libipsec --enable-kernel-pfkey
253 --enable-kernel-pfroute --enable-nonce --enable-openssl
254 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
255 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
256 --enable-scepclient --enable-socket-default --enable-sshkey
257 --enable-stroke --enable-swanctl --enable-unity --enable-updown
258 --enable-x509 --enable-xauth-generic"
259 DEPS="bison gettext openssl curl"
260 BREW_PREFIX=$(brew --prefix)
261 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
262 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
263 for pkg in openssl curl
264 do
265 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
266 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
267 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
268 done
269 export PKG_CONFIG_PATH
270 export CPPFLAGS
271 export LDFLAGS
272 ;;
273 fuzzing)
274 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
275 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
276 --enable-imc-test --enable-tnccs-20"
277 # don't run any of the unit tests
278 export TESTS_RUNNERS=
279 # prepare corpora
280 if test -z "$1"; then
281 if test -z "$FUZZING_CORPORA"; then
282 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
283 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
284 fi
285 # these are about the same as those on OSS-Fuzz (except for the
286 # symbolize options and strip_path_prefix)
287 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
288 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
289 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
290 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
291 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
292 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
293 fi
294 ;;
295 dist)
296 TARGET=distcheck
297 ;;
298 apidoc)
299 DEPS="doxygen"
300 CONFIG="--disable-defaults"
301 TARGET=apidoc
302 ;;
303 *)
304 echo "$0: unknown test $TEST" >&2
305 exit 1
306 ;;
307 esac
308
309 if test "$1" = "deps"; then
310 case "$TRAVIS_OS_NAME" in
311 linux)
312 sudo apt-get update -qq && \
313 sudo apt-get install -qq bison flex gperf gettext $DEPS
314 ;;
315 osx)
316 brew update && \
317 # workaround for issue #6352
318 brew uninstall --force libtool && brew install libtool && \
319 brew install $DEPS
320 ;;
321 esac
322 exit $?
323 fi
324
325 if test "$1" = "pydeps"; then
326 test -z "$PYDEPS" || pip -q install --user $PYDEPS
327 exit $?
328 fi
329
330 CONFIG="$CONFIG
331 --disable-dependency-tracking
332 --enable-silent-rules
333 --enable-test-vectors
334 --enable-monolithic=${MONOLITHIC-no}
335 --enable-leak-detective=${LEAK_DETECTIVE-no}"
336
337 echo "$ ./autogen.sh"
338 ./autogen.sh || exit $?
339 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
340 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
341
342 case "$TEST" in
343 apidoc)
344 exec 2>make.warnings
345 ;;
346 *)
347 ;;
348 esac
349
350 echo "$ make $TARGET"
351 case "$TEST" in
352 sonarcloud)
353 # without target, coverage is currently not supported anyway because
354 # sonarqube only supports gcov, not lcov
355 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
356 ;;
357 *)
358 make -j4 $TARGET || exit $?
359 ;;
360 esac
361
362 case "$TEST" in
363 apidoc)
364 if test -s make.warnings; then
365 cat make.warnings
366 exit 1
367 fi
368 rm make.warnings
369 ;;
370 sonarcloud)
371 sonar-scanner \
372 -Dsonar.projectKey=strongswan \
373 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
374 -Dsonar.sources=. \
375 -Dsonar.cfamily.threads=2 \
376 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
377 rm -r bw-output .scannerwork
378 ;;
379 *)
380 ;;
381 esac
382
383 # ensure there are no unignored build artifacts (or other changes) in the Git repo
384 unclean="$(git status --porcelain)"
385 if test -n "$unclean"; then
386 echo "Unignored build artifacts or other changes:"
387 echo "$unclean"
388 exit 1
389 fi
Unnamed repository; edit this file 'description' to name the repository.