From: Evgeny Vereshchagin Date: Mon, 12 Apr 2021 16:25:31 +0000 (+0000) Subject: ci: switch to lxc-exercise from the lxc-ci repository X-Git-Tag: lxc-5.0.0~200^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f1500a92a961cc461cd5fd6236eb8d97360a937;p=thirdparty%2Flxc.git ci: switch to lxc-exercise from the lxc-ci repository Signed-off-by: Evgeny Vereshchagin --- diff --git a/.github/workflows/lxc-exercise b/.github/workflows/lxc-exercise deleted file mode 100755 index 45b3b914c..000000000 --- a/.github/workflows/lxc-exercise +++ /dev/null @@ -1,184 +0,0 @@ -#!/bin/bash -# Environment -set -eu -set -x -set -o pipefail - -unset TMPDIR - -TEST_PASS=0 -TEST_FAIL=0 -TEST_IGNORED=0 - -IGNORE_LIST="" - -export ASAN_OPTIONS=detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1 - -# https://github.com/lxc/lxc/issues/3757 -ASAN_OPTIONS="$ASAN_OPTIONS:detect_odr_violation=0" - -export UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 - -# Helper functions -pass() { - TEST_PASS=$((${TEST_PASS}+1)) - - CURRENT_TIME=$(date +%s) - DURATION=$((CURRENT_TIME-START_TIME)) - - echo "PASS: $1 (${DURATION}s)" -} - -fail() { - for entry in $IGNORE_LIST; do - if [ "$entry" = "$2" ]; then - ignore $1 - return - fi - done - - TEST_FAIL=$((${TEST_FAIL}+1)) - - CURRENT_TIME=$(date +%s) - DURATION=$((CURRENT_TIME-START_TIME)) - - echo "FAIL: $1 (${DURATION}s)" - - if [ -f "$3" ]; then - echo "---" - cat $3 - echo "---" - fi -} - -ignore() { - TEST_IGNORED=$((${TEST_IGNORED}+1)) - echo "IGNORED: $*" -} - -summary() { - echo "" - echo "SUMMARY: pass=$TEST_PASS, fail=$TEST_FAIL, ignored=$TEST_IGNORED" -} - -apt-get install --yes --no-install-recommends \ - apparmor automake autoconf bash-completion bridge-utils build-essential \ - busybox-static clang cloud-image-utils curl dbus debhelper debootstrap \ - devscripts dh-apparmor dh-autoreconf dh-systemd dnsmasq-base \ - docbook2x doxygen ed fakeroot file gcc gnupg graphviz git iptables \ - net-tools libapparmor-dev libcap-dev libgnutls28-dev liblua5.2-dev \ - libpam0g-dev libseccomp-dev libselinux1-dev libtool linux-libc-dev \ - llvm lsb-release make openssl pkg-config python3-all-dev \ - python3-setuptools rsync squashfs-tools uidmap unzip uuid-runtime \ - wget xz-utils - -# init.lxc.static is run in arbitrary containers where the libasan library lxc has been built with -# isn't always installed. To make it work let's override GCC's default and link both libasan -# and libubsan statically. It should help to fix issues like -# ... -# ++ lxc-execute -n c1 -- sudo -u ubuntu /nnptest -# lxc-init: error while loading shared libraries: libasan.so.5: cannot open shared object file: No such file or directory -if [[ "$CC" == "gcc" ]]; then - sed -i '/init_lxc_static_LDFLAGS/s/$/ -static-libasan -static-libubsan/' src/lxc/Makefile.am -fi - -./autogen.sh -CFLAGS=-fsanitize=address,undefined ./configure --enable-tests --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-no-undefined -make -make install - -sed -i 's/USE_LXC_BRIDGE="false"/USE_LXC_BRIDGE="true"/' /etc/default/lxc -systemctl daemon-reload -systemctl restart apparmor -systemctl restart lxc-net - -# Source distro information -[ -e /etc/lsb-release ] && . /etc/lsb-release - -# Workaround for broken gpg2 -if [ -n "${http_proxy:-}" ] && [ -e /usr/bin/dirmngr ]; then - dpkg-divert --divert /usr/bin/dirmngr.orig --rename --add /usr/bin/dirmngr - ( - cat << EOF -#!/bin/sh -exec /usr/bin/dirmngr.orig --honor-http-proxy \$@ -EOF - ) > /usr/bin/dirmngr - chmod +x /usr/bin/dirmngr -fi - -# Override the GPG server -sed -i "s/^DOWNLOAD_VALIDATE.*/DOWNLOAD_VALIDATE=\"false\"/" /usr/share/lxc/templates/lxc-download -export DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com:80" - -# The actual tests -## Default testsuite -for testbin in /usr/bin/lxc-test-*; do - STRING="lxc-tests: $testbin" - [ ! -x "$testbin" ] && continue - - # Some tests can't be run standalone - [ "$testbin" = "/usr/bin/lxc-test-may-control" ] && continue - - # Skip some tests when running in a container - if [ -f /run/container_type ] || (type systemd-detect-virt >/dev/null 2>&1 && systemd-detect-virt --container >/dev/null 2>&1); then - [ "$testbin" = "/usr/bin/lxc-test-reboot" ] && \ - ignore "$STRING" && continue - fi - - # Skip userns tests in unprivileged containers - if [ -f /proc/self/uid_map ] && \ - ! grep -q "4294967295$" /proc/self/uid_map; then - - [ "$testbin" = "/usr/bin/lxc-test-unpriv" ] && \ - ignore "$STRING" && continue - - [ "$testbin" = "/usr/bin/lxc-test-usernic" ] && \ - ignore "$STRING" && continue - fi - - # Skip some tests on old kernels - if [ ! -f /proc/self/uid_map ] || [ ! -f /etc/subuid ] || \ - [ ! -f /etc/subgid ]; then - [ "$testbin" = "/usr/bin/lxc-test-unpriv" ] && \ - ignore "$STRING" && continue - - [ "$testbin" = "/usr/bin/lxc-test-usernic" ] && \ - ignore "$STRING" && continue - fi - - OUT=$(mktemp) - START_TIME=$(date +%s) - echo "$testbin" - (timeout 10m $testbin |& tee $OUT) && pass "$STRING" || fail "$STRING" "$testbin" "$OUT" - rm $OUT -done - -## Python3 testsuite -STRING="python3: API" -if [ ! -f /usr/share/doc/python3-lxc/examples/api_test.py.gz ]; then - ignore "$STRING" -else - OUT=$(mktemp) - - PYTEST=$(mktemp) - cat /usr/share/doc/python3-lxc/examples/api_test.py.gz | gzip -d > $PYTEST - python3 $PYTEST >$OUT 2>&1 && pass "$STRING" || \ - fail "$STRING" "python3" "$OUT" - rm $PYTEST - - rm $OUT -fi - -# Workaround for broken gpg2 -if [ -n "${http_proxy:-}" ] && [ -e /usr/bin/dirmngr ]; then - rm /usr/bin/dirmngr - dpkg-divert --divert /usr/bin/dirmngr.orig --rename --remove /usr/bin/dirmngr -fi - -# Test summary -summary - -[ "$TEST_FAIL" != "0" ] && exit 1 - -exit 0 diff --git a/.github/workflows/sanitizers.sh b/.github/workflows/sanitizers.sh new file mode 100755 index 000000000..0146a18fc --- /dev/null +++ b/.github/workflows/sanitizers.sh @@ -0,0 +1,44 @@ +#!/bin/bash +set -eux +set -o pipefail + +export ASAN_OPTIONS=detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1 + +# https://github.com/lxc/lxc/issues/3757 +ASAN_OPTIONS="$ASAN_OPTIONS:detect_odr_violation=0" + +export UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 + +apt-get install --yes --no-install-recommends \ + apparmor automake autoconf bash-completion bridge-utils build-essential \ + busybox-static clang cloud-image-utils curl dbus debhelper debootstrap \ + devscripts dh-apparmor dh-autoreconf dh-systemd dnsmasq-base \ + docbook2x doxygen ed fakeroot file gcc gnupg graphviz git iptables \ + net-tools libapparmor-dev libcap-dev libgnutls28-dev liblua5.2-dev \ + libpam0g-dev libseccomp-dev libselinux1-dev libtool linux-libc-dev \ + llvm lsb-release make openssl pkg-config python3-all-dev \ + python3-setuptools rsync squashfs-tools uidmap unzip uuid-runtime \ + wget xz-utils + +# init.lxc.static is run in arbitrary containers where the libasan library lxc has been built with +# isn't always installed. To make it work let's override GCC's default and link both libasan +# and libubsan statically. It should help to fix issues like +# ... +# ++ lxc-execute -n c1 -- sudo -u ubuntu /nnptest +# lxc-init: error while loading shared libraries: libasan.so.5: cannot open shared object file: No such file or directory +if [[ "$CC" == "gcc" ]]; then + sed -i '/init_lxc_static_LDFLAGS/s/$/ -static-libasan -static-libubsan/' src/lxc/Makefile.am +fi + +./autogen.sh +CFLAGS=-fsanitize=address,undefined ./configure --enable-tests --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-no-undefined +make +make install + +sed -i 's/USE_LXC_BRIDGE="false"/USE_LXC_BRIDGE="true"/' /etc/default/lxc +systemctl daemon-reload +systemctl restart apparmor +systemctl restart lxc-net + +git clone --depth=1 https://github.com/lxc/lxc-ci +lxc-ci/deps/lxc-exercise diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml index ae78f18a9..663de7101 100644 --- a/.github/workflows/sanitizers.yml +++ b/.github/workflows/sanitizers.yml @@ -3,7 +3,7 @@ on: - push - pull_request jobs: - test: + sanitizers: strategy: fail-fast: false matrix: @@ -16,7 +16,5 @@ jobs: uses: actions/checkout@v2 - name: Build - env: - CC: ${{ matrix.compiler }} run: | - sudo CC=${{ matrix.compiler }} .github/workflows/lxc-exercise + sudo CC=${{ matrix.compiler }} .github/workflows/sanitizers.sh