]> git.ipfire.org Git - thirdparty/strongswan.git/blob - scripts/test.sh
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
travis: Add build tests for NM plugin
[thirdparty/strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 build_botan()
5 {
6 # same revision used in the build recipe of the testing environment
7 BOTAN_REV=0881f2c33ff7 # 2.13.0 + amalgamation patch
8 BOTAN_DIR=$DEPS_BUILD_DIR/botan
9
10 if test -d "$BOTAN_DIR"; then
11 return
12 fi
13
14 echo "$ build_botan()"
15
16 # if the leak detective is enabled we have to disable threading support
17 # (used for std::async) as that causes invalid frees somehow, the
18 # locking allocator causes a static leak via the first function that
19 # references it (e.g. crypter or hasher), so we disable that too
20 if test "$LEAK_DETECTIVE" = "yes"; then
21 BOTAN_CONFIG="--without-os-features=threads
22 --disable-modules=locking_allocator"
23 fi
24 # disable some larger modules we don't need for the tests
25 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss
26 --prefix=$DEPS_PREFIX"
27
28 git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
29 cd $BOTAN_DIR &&
30 git checkout -qf $BOTAN_REV &&
31 python ./configure.py --amalgamation $BOTAN_CONFIG &&
32 make -j4 libs >/dev/null &&
33 sudo make install >/dev/null &&
34 sudo ldconfig || exit $?
35 cd -
36 }
37
38 build_wolfssl()
39 {
40 WOLFSSL_REV=87859f9e810b # v4.3.0-stable + IBM Z patch
41 WOLFSSL_DIR=$DEPS_BUILD_DIR/wolfssl
42
43 if test -d "$WOLFSSL_DIR"; then
44 return
45 fi
46
47 echo "$ build_wolfssl()"
48
49 WOLFSSL_CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DES_ECB"
50 WOLFSSL_CONFIG="--prefix=$DEPS_PREFIX
51 --enable-keygen --enable-rsapss --enable-aesccm
52 --enable-aesctr --enable-des3 --enable-camellia
53 --enable-curve25519 --enable-ed25519"
54
55 git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR &&
56 cd $WOLFSSL_DIR &&
57 git checkout -qf $WOLFSSL_REV &&
58 ./autogen.sh &&
59 ./configure C_EXTRA_FLAGS="$WOLFSSL_CFLAGS" $WOLFSSL_CONFIG &&
60 make -j4 >/dev/null &&
61 sudo make install >/dev/null &&
62 sudo ldconfig || exit $?
63 cd -
64 }
65
66 build_tss2()
67 {
68 TSS2_REV=2.3.1
69 TSS2_PKG=tpm2-tss-$TSS2_REV
70 TSS2_DIR=$DEPS_BUILD_DIR/$TSS2_PKG
71 TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz
72
73 if test -d "$TSS2_DIR"; then
74 return
75 fi
76
77 echo "$ build_tss2()"
78
79 curl -L $TSS2_SRC | tar xz -C $DEPS_BUILD_DIR &&
80 cd $TSS2_DIR &&
81 ./configure --prefix=$DEPS_PREFIX --disable-doxygen-doc &&
82 make -j4 >/dev/null &&
83 sudo make install >/dev/null &&
84 sudo ldconfig || exit $?
85 cd -
86 }
87
88 : ${TRAVIS_BUILD_DIR=$PWD}
89 : ${DEPS_BUILD_DIR=$TRAVIS_BUILD_DIR/..}
90 : ${DEPS_PREFIX=/usr/local}
91
92 TARGET=check
93
94 DEPS="libgmp-dev"
95
96 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
97
98 case "$TEST" in
99 default)
100 # should be the default, but lets make sure
101 CONFIG="--with-printf-hooks=glibc"
102 ;;
103 openssl*)
104 CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem"
105 export TESTS_PLUGINS="test-vectors pem openssl!"
106 DEPS="libssl-dev"
107 ;;
108 gcrypt)
109 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
110 export TESTS_PLUGINS="test-vectors pkcs1 gcrypt!"
111 DEPS="libgcrypt11-dev"
112 ;;
113 botan)
114 CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem"
115 export TESTS_PLUGINS="test-vectors pem botan!"
116 # we can't use the old package that comes with Ubuntu so we build from
117 # the current master until 2.8.0 is released and then probably switch to
118 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
119 # currently required)
120 DEPS=""
121 if test "$1" = "deps"; then
122 build_botan
123 fi
124 ;;
125 wolfssl)
126 CONFIG="--disable-defaults --enable-pki --enable-wolfssl --enable-pem"
127 export TESTS_PLUGINS="test-vectors pem wolfssl!"
128 # build with custom options to enable all the features the plugin supports
129 DEPS=""
130 if test "$1" = "deps"; then
131 build_wolfssl
132 fi
133 ;;
134 printf-builtin)
135 CONFIG="--with-printf-hooks=builtin"
136 ;;
137 all|coverage|sonarcloud)
138 CONFIG="--enable-all --disable-android-dns --disable-android-log
139 --disable-kernel-pfroute --disable-keychain
140 --disable-lock-profiler --disable-padlock --disable-fuzzing
141 --disable-osx-attr --disable-tkm --disable-uci
142 --disable-unwind-backtraces
143 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
144 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
145 # not enabled on the build server
146 CONFIG="$CONFIG --disable-af-alg"
147 if test "$TRAVIS_CPU_ARCH" != "amd64"; then
148 CONFIG="$CONFIG --disable-aesni --disable-rdrand"
149 fi
150 if test "$TEST" != "coverage"; then
151 CONFIG="$CONFIG --disable-coverage"
152 else
153 # not actually required but configure checks for it
154 DEPS="$DEPS lcov"
155 fi
156 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
157 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
158 libpcsclite-dev libpam0g-dev binutils-dev libnm-dev libgcrypt20-dev
159 libjson-c-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
160 PYDEPS="tox"
161 if test "$1" = "deps"; then
162 build_botan
163 build_wolfssl
164 build_tss2
165 fi
166 ;;
167 win*)
168 CONFIG="--disable-defaults --enable-svc --enable-ikev2
169 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
170 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
171 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
172 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
173 --enable-updown --enable-ext-auth --enable-libipsec
174 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
175 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
176 --enable-pki --enable-swanctl --enable-socket-win
177 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
178 # no make check for Windows binaries unless we run on a windows host
179 if test "$APPVEYOR" != "True"; then
180 TARGET=
181 CCACHE=ccache
182 else
183 CONFIG="$CONFIG --enable-openssl"
184 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
185 LDFLAGS="-L/c/OpenSSL-$TEST"
186 export LDFLAGS
187 fi
188 CFLAGS="$CFLAGS -mno-ms-bitfields"
189 DEPS="gcc-mingw-w64-base"
190 case "$TEST" in
191 win64)
192 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
193 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
194 CC="$CCACHE x86_64-w64-mingw32-gcc"
195 ;;
196 win32)
197 CONFIG="--host=i686-w64-mingw32 $CONFIG"
198 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
199 CC="$CCACHE i686-w64-mingw32-gcc"
200 ;;
201 esac
202 ;;
203 osx)
204 # this causes a false positive in ip-packet.c since Xcode 8.3
205 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
206 # use the same options as in the Homebrew Formula
207 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
208 --enable-curl --enable-eap-gtc --enable-eap-identity
209 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
210 --enable-kernel-libipsec --enable-kernel-pfkey
211 --enable-kernel-pfroute --enable-nonce --enable-openssl
212 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
213 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
214 --enable-scepclient --enable-socket-default --enable-sshkey
215 --enable-stroke --enable-swanctl --enable-unity --enable-updown
216 --enable-x509 --enable-xauth-generic"
217 DEPS="bison gettext openssl curl"
218 BREW_PREFIX=$(brew --prefix)
219 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
220 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
221 for pkg in openssl curl
222 do
223 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
224 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
225 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
226 done
227 export PKG_CONFIG_PATH
228 export CPPFLAGS
229 export LDFLAGS
230 ;;
231 freebsd)
232 # use the options of the FreeBSD port (including options), except smp,
233 # which requires a patch but is deprecated anyway, only using the builtin
234 # printf hooks
235 CONFIG="--enable-kernel-pfkey --enable-kernel-pfroute --disable-scripts
236 --disable-kernel-netlink --enable-openssl --enable-eap-identity
237 --enable-eap-md5 --enable-eap-tls --enable-eap-mschapv2
238 --enable-eap-peap --enable-eap-ttls --enable-md4 --enable-blowfish
239 --enable-addrblock --enable-whitelist --enable-cmd --enable-curl
240 --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-dynamic
241 --enable-eap-radius --enable-eap-sim --enable-eap-sim-file
242 --enable-gcm --enable-ipseckey --enable-kernel-libipsec
243 --enable-load-tester --enable-ldap --enable-mediation
244 --enable-mysql --enable-sqlite --enable-tpm --enable-unbound
245 --enable-unity --enable-xauth-eap --enable-xauth-pam
246 --with-printf-hooks=builtin --enable-attr-sql --enable-sql"
247 DEPS="gmp openldap-client libxml2 mysql80-client sqlite3 unbound ldns"
248 export GPERF=/usr/local/bin/gperf
249 export LEX=/usr/local/bin/flex
250 ;;
251 fuzzing)
252 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
253 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
254 --enable-imc-test --enable-tnccs-20"
255 # don't run any of the unit tests
256 export TESTS_RUNNERS=
257 # prepare corpora
258 if test -z "$1"; then
259 if test -z "$FUZZING_CORPORA"; then
260 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
261 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
262 fi
263 # these are about the same as those on OSS-Fuzz (except for the
264 # symbolize options and strip_path_prefix)
265 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
266 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
267 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
268 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
269 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
270 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
271 fi
272 ;;
273 nm|nm-no-glib)
274 DEPS="gnome-common libsecret-1-dev libgtk-3-dev libnm-dev libnma-dev"
275 if test "$TEST" = "nm"; then
276 DEPS="$DEPS libnm-glib-vpn-dev libnm-gtk-dev"
277 else
278 CONFIG="$CONFIG --without-libnm-glib"
279 fi
280 cd src/frontends/gnome
281 # don't run ./configure with ./autogen.sh
282 export NOCONFIGURE=1
283 ;;
284 dist)
285 TARGET=distcheck
286 ;;
287 apidoc)
288 DEPS="doxygen"
289 CONFIG="--disable-defaults"
290 TARGET=apidoc
291 ;;
292 lgtm)
293 DEPS="jq"
294
295 if test -z "$1"; then
296 # fall back to the parent of the latest commit (on new branches we might
297 # not have a range, also on duplicate branches)
298 base="${TRAVIS_COMMIT}^"
299 if test -n "$TRAVIS_COMMIT_RANGE"; then
300 base="${TRAVIS_COMMIT_RANGE%...*}"
301 # after rebases, the first commit ID in the range might not be valid
302 git rev-parse -q --verify $base
303 if [ $? != 0 ]; then
304 # this will always compare against master, while the range
305 # otherwise only contains "new" commits
306 base=$(git merge-base origin/master ${TRAVIS_COMMIT})
307 fi
308 fi
309 base=$(git rev-parse $base)
310 project_id=1506185006272
311
312 echo "Starting code review for $TRAVIS_COMMIT (base $base) on lgtm.com"
313 git diff --binary $base > lgtm.patch || exit $?
314 curl -s -X POST --data-binary @lgtm.patch \
315 "https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${TRAVIS_BUILD_NUMBER}" \
316 -H 'Content-Type: application/octet-stream' \
317 -H 'Accept: application/json' \
318 -H "Authorization: Bearer ${LGTM_TOKEN}" > lgtm.res || exit $?
319 lgtm_check_url=$(jq -r '."task-result-url"' lgtm.res)
320 if [ "$lgtm_check_url" = "null" ]; then
321 cat lgtm.res | jq
322 exit 1
323 fi
324 lgtm_url=$(jq -r '."task-result"."results-url"' lgtm.res)
325 echo "Progress and full results: ${lgtm_url}"
326
327 echo -n "Waiting for completion: "
328 lgtm_status=pending
329 while [ "$lgtm_status" = "pending" ]; do
330 sleep 15
331 curl -s -X GET "${lgtm_check_url}" \
332 -H 'Accept: application/json' \
333 -H "Authorization: Bearer ${LGTM_TOKEN}" > lgtm.res
334 if [ $? != 0 ]; then
335 echo -n "-"
336 continue
337 fi
338 echo -n "."
339 lgtm_status=$(jq -r '.status' lgtm.res)
340 done
341 echo ""
342
343 if [ "$lgtm_status" != "success" ]; then
344 lgtm_message=$(jq -r '.["status-message"]' lgtm.res)
345 echo "Code review failed: ${lgtm_message}"
346 exit 1
347 fi
348 lgtm_new=$(jq -r '.languages[].new' lgtm.res | awk '{t+=$1} END {print t}')
349 lgtm_fixed=$(jq -r '.languages[].fixed' lgtm.res | awk '{t+=$1} END {print t}')
350 echo -n "Code review complete: "
351 printf "%b\n" "\e[1;31m${lgtm_new}\e[0m new alerts, \e[1;32m${lgtm_fixed}\e[0m fixed"
352 exit $lgtm_new
353 fi
354 ;;
355 *)
356 echo "$0: unknown test $TEST" >&2
357 exit 1
358 ;;
359 esac
360
361 if test "$1" = "deps"; then
362 case "$TRAVIS_OS_NAME" in
363 linux)
364 sudo apt-get update -qq && \
365 sudo apt-get install -qq bison flex gperf gettext $DEPS
366 ;;
367 osx)
368 brew update && \
369 brew install $DEPS
370 ;;
371 freebsd)
372 pkg install -y automake autoconf libtool pkgconf && \
373 pkg install -y bison flex gperf gettext $DEPS
374 ;;
375 esac
376 exit $?
377 fi
378
379 if test "$1" = "pydeps"; then
380 test -z "$PYDEPS" || pip -q install --user $PYDEPS
381 exit $?
382 fi
383
384 CONFIG="$CONFIG
385 --disable-dependency-tracking
386 --enable-silent-rules
387 --enable-test-vectors
388 --enable-monolithic=${MONOLITHIC-no}
389 --enable-leak-detective=${LEAK_DETECTIVE-no}"
390
391 echo "$ ./autogen.sh"
392 ./autogen.sh || exit $?
393 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
394 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
395
396 case "$TEST" in
397 apidoc)
398 exec 2>make.warnings
399 ;;
400 *)
401 ;;
402 esac
403
404 echo "$ make $TARGET"
405 case "$TEST" in
406 sonarcloud)
407 # there is an issue with the platform detection that causes sonarqube to
408 # fail on bionic with "ERROR: ld.so: object '...libinterceptor-${PLATFORM}.so'
409 # from LD_PRELOAD cannot be preloaded (cannot open shared object file)"
410 # https://jira.sonarsource.com/browse/CPP-2027
411 BW_PATH=$(dirname $(which build-wrapper-linux-x86-64))
412 cp $BW_PATH/libinterceptor-x86_64.so $BW_PATH/libinterceptor-haswell.so
413 # without target, coverage is currently not supported anyway because
414 # sonarqube only supports gcov, not lcov
415 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
416 ;;
417 *)
418 make -j4 $TARGET || exit $?
419 ;;
420 esac
421
422 case "$TEST" in
423 apidoc)
424 if test -s make.warnings; then
425 cat make.warnings
426 exit 1
427 fi
428 rm make.warnings
429 ;;
430 sonarcloud)
431 sonar-scanner \
432 -Dsonar.projectKey=strongswan \
433 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
434 -Dsonar.sources=. \
435 -Dsonar.cfamily.threads=2 \
436 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
437 rm -r bw-output .scannerwork
438 ;;
439 *)
440 ;;
441 esac
442
443 # ensure there are no unignored build artifacts (or other changes) in the Git repo
444 unclean="$(git status --porcelain)"
445 if test -n "$unclean"; then
446 echo "Unignored build artifacts or other changes:"
447 echo "$unclean"
448 exit 1
449 fi
Unnamed repository; edit this file 'description' to name the repository.