stages:
- - stage1-testing
-
-# we utilize the images generated by the build-images project, to
-# speed up CI runs. We also use ccache and store config.cache
-# to speed up compilation. We include a version number in cache
-# name to allow expiration of old caches.
-
-cache:
- key: "$CI_JOB_NAME-ver18"
- paths:
- - cache/
-
-before_script:
- # CCache Config
- - mkdir -p cache
- - export CCACHE_BASEDIR=${PWD}
- - export CCACHE_DIR=${PWD}/cache
- - export CC="ccache gcc"
-
-# With just one virtual core, parallel builds only make sense when
-# I/O wait is involved. If too many parallel builds are used, the overall
-# time even increases (e.g. due to more cache misses).
-# $BUILDJOBS seems to be best with $(nproc)+1, while $CHECKJOBS can be much
-# higher because several tests have a large I/O waiting time.
-# The numbers are hard-coded since FreeBSD doesn't know the nproc command.
- - export BUILDJOBS=2
- - export CHECKJOBS=16
-
-after_script:
- # somehow after_script looses environment
- - export CCACHE_BASEDIR=${PWD}
- - export CCACHE_DIR=${PWD}/cache
- - ccache -s
+ - build
+ - test
+ - archive
variables:
+ # we utilize the images generated by the build-images project, to
+ # speed up CI runs. We also use ccache and store config.cache
+ # to speed up compilation. We include a version number in cache
+ # name to allow expiration of old caches.
BUILD_IMAGES_PROJECT: gnutls/build-images
DEBIAN_BUILD: buildenv-debian-testing
DEBIAN_CROSS_BUILD: buildenv-debian-cross-testing
DEBIAN_X86_CROSS_BUILD: buildenv-debian-x86-cross
- FEDORA28_BUILD: buildenv-f28
FEDORA_BUILD: buildenv-fedora33
MINGW_BUILD: buildenv-mingw-fedora33
ALPINE_BASE_BUILD: buildenv-alpine-base-nettle36
+ COMPILER: gcc
CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'"
GET_SOURCES_ATTEMPTS: "3"
+ # With just one virtual core, parallel builds only make sense when
+ # I/O wait is involved. If too many parallel builds are used, the overall
+ # time even increases (e.g. due to more cache misses).
+ # $BUILDJOBS seems to be best with $(nproc)+1, while $CHECKJOBS can be much
+ # higher because several tests have a large I/O waiting time.
+ # The numbers are hard-coded since FreeBSD doesn't know the nproc command.
+ BUILDJOBS: 2
+ CHECKJOBS: 16
-##################################################
-# Stage 1, documentation, and advanced checks
-##################################################
+cache:
+ key: "$CI_JOB_NAME-ver19"
+ paths:
+ - cache/
-commit-check:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BASE_BUILD
+.prepare-ccache: &prepare-ccache
+ # CCache Config
+ - mkdir -p cache
+ - export CCACHE_BASEDIR=${PWD}
+ - export CCACHE_DIR=${PWD}/cache
+ - export CCACHE_FILE=${CCACHE_DIR}/config.cache
+ - export CC="ccache $COMPILER"
+
+default:
before_script:
- - /bin/true
- after_script:
- - /bin/true
- except:
- - master@gnutls/gnutls
- cache:
- # do not load cache files
- key: none
- policy: pull
- script:
- # we want $ALPINE_BASE_BUILD without git, so add it here
- - apk add git bash
- - devel/check_if_signed
- retry: 0
+ - *prepare-ccache
-doc-dist.Fedora:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
- script:
- - SUBMODULE_NOFETCH=1 ./bootstrap
- - GUILE=/usr/bin/guile2.2
- - GUILD=/usr/bin/guild2.2
- - guile_snarf=/usr/bin/guile-snarf2.2
- - export GUILE GUILD guile_snarf
- - CFLAGS="-std=c99 -O2 -g" dash ./configure --disable-gcc-warnings --cache-file cache/config.cache --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode
- - make -j$BUILDJOBS -C doc stamp-vti
- - make -j$BUILDJOBS -C doc stamp-1
- - make -j$BUILDJOBS -C doc stamp_enums
- - make -j$BUILDJOBS
- - make -j$BUILDJOBS -C doc gnutls.html
- - make -j$BUILDJOBS -C doc/latex gnutls.pdf
- - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print))
- - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub
-# check whether distribution with or without included libopts is ok
- - make -j$CHECKJOBS distcheck DISTCHECK_CONFIGURE_FLAGS="--enable-local-libopts --disable-tests"
- - make -j$CHECKJOBS distcheck
- tags:
- - shared
- - linux
- except:
- - tags
- retry: 1
+ after_script:
+ # after_script is executed in separate shell
+ - *prepare-ccache
+ - ccache -s
-abi/coverage:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
- script:
- - SUBMODULE_NOFETCH=1 ./bootstrap
- - GUILE=/usr/bin/guile2.2
- - GUILD=/usr/bin/guild2.2
- - guile_snarf=/usr/bin/guile-snarf2.2
- - export GUILE GUILD guile_snarf
- - CFLAGS="-g -Og" dash ./configure --disable-gcc-warnings --cache-file cache/config.cache --prefix=/usr --libdir=/usr/lib64 --enable-code-coverage --disable-maintainer-mode --disable-doc
- - make -j$BUILDJOBS
- - make abi-check
- - make pic-check
- - make -j$CHECKJOBS check
- - make local-code-coverage-output || true
- - if objdump -R lib/.libs/libgnutls.so | grep INTERNAL ; then false ; fi
+.build:
+ stage: build
tags:
- - shared
- - linux
+ - shared
+ - linux
except:
- - tags
+ - tags # TODO
artifacts:
- expire_in: 1 week
- when: on_failure
+ expire_in: 1 day
+ #when: on_failure
paths:
- - ./*.xml
- - ./gnutls-prev-abi.tmp/
- - compat_reports/
- - ./*.log
- - tests/*.log
- - tests/*/*.log
- - tests/suite/*/*.log
- - guile/tests/*.log
- retry: 1
-
-minimal.Fedora.x86_64:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+ - ./
+ exclude:
+ - .git/ # passing forward .git causes warnings and possibly problems
+ - ./**/.git/ # passing forward .git causes warnings and possibly problems
+ - ./**/*.c
+ - ./**/*.h
+ - ./**/*.o
+
+.test:
+ stage: test
script:
- - echo "No tools build"
- - ./bootstrap
- - dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-full-test-suite --disable-doc --disable-guile --disable-tools --enable-tests
- - make -j$BUILDJOBS
- - make -j$CHECKJOBS check
- - echo "Minimal build"
- - dnf remove -y libunistring-devel libtasn1-devel libidn-devel
- - dash ./configure --cache-file cache/config.cache --with-included-libtasn1
- --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-tests
- --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication
- --disable-anon-authentication --disable-dhe --disable-ecdhe
- --disable-ocsp --disable-non-suiteb-curves --with-included-unistring
- --disable-nls --disable-libdane --without-p11-kit --without-tpm
- --disable-ssl3-support --disable-ssl2-support --disable-doc --enable-openssl-compatibility
- --disable-gcc-warnings --with-system-priority-file=""
- --disable-gost
- --disable-guile
- - make clean
- - make -j$BUILDJOBS
- - make -j$CHECKJOBS check
+ - make -j$CHECKJOBS check
tags:
- - shared
- - linux
+ - shared
+ - linux
except:
- - tags
+ - tags # TODO
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- - fuzz/*.log
- - tests/*.log
- - tests/*/*.log
- - tests/suite/*/*.log
- retry: 1
-
-# This enables SSL3.0 and SHA-1 support, and runs interop tests
-# with openssl 1.1.0, which include legacy algorithms like DSA.
-SSL-3.0.Fedora.x86_64:
- stage: stage1-testing
+ - ./**/*.log
+
+.fedora:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
- script:
- - update-crypto-policies --set LEGACY
- - ./bootstrap
- - mkdir -p build
- - cd build
- - dash ../configure --disable-tls13-interop --disable-gcc-warnings --cache-file ../cache/config.cache --enable-sha1-support --enable-ssl3-support --enable-seccomp-tests --disable-doc --disable-guile --disable-strict-der-time
- - make -j$BUILDJOBS
- - make -j$CHECKJOBS check
- - cd ..
- tags:
- - shared
- - linux
+
+.fedora-nettle:
+ extends:
+ - .fedora
+ variables:
+ COMPILER: clang
+ NETTLE_DIR: nettle
+
+.debian:
+ image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD
+
+.debian-cross-i686:
+ image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_X86_CROSS_BUILD
+
+.debian-cross-other:
+ image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_CROSS_BUILD
+
+.mingw:
+ image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+ variables:
+ COMPILER: "${arch_name}-w64-mingw32-gcc"
+ CFLAGS: "-fstack-protector"
+ CXXFLAGS: "-fstack-protector"
+ LDFLAGS: "-fstack-protector"
+ WINEPATH: "/usr/${arch_name}-w64-mingw32/sys-root/mingw/bin"
+ before_script:
+ - *prepare-ccache
+ - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
+ - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
+
+.mingw-vista:
+ variables:
+ # Target Vista instead of XP, currently the default in mingw
+ CPPFLAGS: "-D_WIN32_WINNT=0x600"
+
+.mingw32:
+ extends:
+ - .mingw
+ variables:
+ arch_bits: 32
+ arch_name: i686
+
+.mingw64:
+ extends:
+ - .mingw
+ variables:
+ arch_bits: 64
+ arch_name: x86_64
+
+##############################################################################
+############# Standalone checks without dependencies #########################
+##############################################################################
+
+commit-check:
+ stage: test
+ image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BASE_BUILD
+ needs: [] # can be run immediately
+ before_script: []
+ after_script: []
except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - build/guile/tests/*.log
- - build/tests/*.log
- - build/*.log
- - build/tests/*/*.log
- - build/tests/suite/*/*.log
- retry: 1
-
-FIPS140-2.Fedora.x86_64:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+ - master@gnutls/gnutls
+ cache: {}
script:
- - ./bootstrap
- - mkdir -p build
- - cd build
- - dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --disable-non-suiteb-curves --enable-fips140-mode --disable-doc --disable-full-test-suite --disable-guile
- - make -j$BUILDJOBS
- - make -j$CHECKJOBS check
- - mkdir -p lib/.libs/fipscheck
- - |
- for i in lib/.libs/libgnutls.so*; do
- openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP -hex $i | cut -f 2 -d ' ' > lib/.libs/fipscheck/$(basename $i).hmac
- done
- - GNUTLS_FORCE_FIPS_MODE=1 make -j$CHECKJOBS check
- - cd ..
- tags:
- - shared
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - build/guile/tests/*.log
- - build/tests/*.log
- - build/tests/*/*.log
- retry: 1
+ # we want $ALPINE_BASE_BUILD without git, so we are adding it here
+ - apk add git bash
+ - devel/check_if_signed
+ retry: 0
-valgrind.Fedora.x86_64:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+doc-dist.Fedora:
+ extends:
+ - .test
+ - .fedora
+ needs: [] # can be run immediately
script:
- - ./bootstrap
-# gcc in fedora31 inlines strcmp in a way that causes valgrind errors
- - CFLAGS="-O2 -g -fno-builtin-strcmp" ./configure --disable-gcc-warnings --disable-doc --cache-file cache/config.cache --disable-guile --disable-full-test-suite --enable-valgrind-tests
- - make -j$BUILDJOBS
- - make -j$CHECKJOBS check
- tags:
- - shared
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - ./*.log
- - tests/*.log
- - tests/*/*.log
- retry: 1
+ - SUBMODULE_NOFETCH=1 ./bootstrap
+ - GUILE=/usr/bin/guile2.2
+ - GUILD=/usr/bin/guild2.2
+ - guile_snarf=/usr/bin/guile-snarf2.2
+ - export GUILE GUILD guile_snarf
+ - CFLAGS="-std=c99 -O2 -g" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode
+ - make -j$BUILDJOBS -C doc stamp-vti
+ - make -j$BUILDJOBS -C doc stamp-1
+ - make -j$BUILDJOBS -C doc stamp_enums
+ - make -j$BUILDJOBS
+ - make -j$BUILDJOBS -C doc gnutls.html
+ - make -j$BUILDJOBS -C doc/latex gnutls.pdf
+ - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print))
+ - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub
+ # check whether distribution with or without included libopts is ok
+ - make -j$CHECKJOBS distcheck DISTCHECK_CONFIGURE_FLAGS="--enable-local-libopts --disable-tests"
+ - make -j$CHECKJOBS distcheck
-threadsan.Fedora.x86_64:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+
+# That is a specific runner that we cannot enable universally.
+# We restrict it to builds under the $BUILD_IMAGES_PROJECT project.
+FreeBSD.x86_64:
+ extends:
+ - .test
+ needs: [] # builds own artifacts, no need to wait
+ variables:
+ COMPILER: clang
+ image:
script:
- - ./bootstrap
- - CFLAGS="-fsanitize=thread -g -O2" CXXFLAGS=$CFLAGS
- dash ./configure --disable-gcc-warnings --disable-doc --cache-file cache/config.cache --disable-non-suiteb-curves --disable-guile --enable-fips140-mode --disable-full-test-suite
- - make -j$BUILDJOBS
- - make -j$CHECKJOBS -C tests check SUBDIRS=. TESTS="tls-pthread dtls-pthread fips-mode-pthread rng-pthread" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1
+ - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git
+ - export NETTLE_DIR=${PWD}/nettle
+ - cd nettle-git
+ - ./.bootstrap
+ - ./configure --enable-mini-gmp --disable-documentation --disable-openssl --prefix=$NETTLE_DIR
+ - gmake
+ - gmake install
+ - cd -
+ - ./bootstrap
+ - export LDFLAGS="-Wl,-rpath,$NETTLE_DIR/lib -L$NETTLE_DIR/lib -L/usr/local/lib"
+ - export PKG_CONFIG_PATH=$NETTLE_DIR/lib/pkgconfig
+ - export CPPFLAGS=`pkg-config hogweed --cflags-only-I`
+ - export LD_LIBRARY_PATH=$NETTLE_DIR/lib
+ - ./configure --disable-full-test-suite --cache-file $CCACHE_FILE --disable-gcc-warnings --disable-guile --disable-doc --with-nettle-mini
+ - gmake V=1 2>&1 | tee make.log
+ - gmake check
tags:
- - shared
- - linux
+ - freebsd
+ only:
+ - branches@gnutls/gnutls
except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - ./*.log
- - fuzz/*.log
- - tests/*.log
- - tests/*/*.log
- - tests/suite/*/*.log
- retry: 1
-
-static-analyzers.Fedora.x86_64:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
- before_script:
- - /bin/true
+ - tags
+
+# Two runs, one with normal backend and another with pkcs11 trust store
+UB+ASAN-Werror.Fedora.x86_64.gcc:
+ extends:
+ - .test
+ - .fedora
+ needs: [] # builds own artifacts, no need to wait
script:
- - ./bootstrap
- - scan-build ./configure --cache-file cache/config.cache --disable-doc --disable-guile --enable-fips140-mode
- - make -j$BUILDJOBS syntax-check gnulib_dir=$GNULIB_SRCDIR
- - make -j$BUILDJOBS -C gl
- - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C lib
- - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C libdane
- - make -j$BUILDJOBS -C src/gl
- - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C src
- - cppcheck --force -q -Ilib/include -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring -i lib/minitasn1 -i lib/nettle/backport -i lib/nettle/ecc -j2 $CPPCHECK_OPTIONS
- - cppcheck --force -q -Ilib/include -Igl/ -Ilibdane/ -I. --error-exitcode=1 libdane/ -j2 $CPPCHECK_OPTIONS
- after_script:
- - /bin/true
+ - ./bootstrap
+ - export UBSAN_OPTIONS=print_stacktrace=1
+ - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
+ - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope"
+ - export CXXFLAGS="$CFLAGS"
+ - dash ./configure --cache-file $CCACHE_FILE --disable-guile --disable-doc --disable-hardware-acceleration
+ - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
+ - make -j$BUILDJOBS
+ # Use $BUILDJOBS since the fuzzers should use mainly CPU (no blocking I/O)
+ - make -j$BUILDJOBS check -C fuzz
+ - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x1
+ - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x2
+ - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x4
+ - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x8
+ - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x20
+ - make -j$CHECKJOBS check -C tests
+ - dash ./configure --cache-file $CCACHE_FILE --disable-guile --disable-doc --disable-hardware-acceleration --with-default-trust-store-pkcs11="pkcs11:" --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM
+ - make clean
+ - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
+ - make -j$BUILDJOBS
+ # Use $BUILDJOBS since most of the job is building all tests, then just running 4 tests
+ - make -j$BUILDJOBS check -C tests TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=.
tags:
- - shared
- - linux
+ - shared
+ - linux
except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - ./*.log
- - scan-build-lib/*
- - scan-build-libdane/*
- retry: 1
+ - tags
+##############################################################################
+########################### Fedora pipelines #################################
+##############################################################################
-MinGW32.DLLs:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+fedora-notools/build:
+ extends:
+ - .build
+ - .fedora
script:
- - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
- - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
- - ./bootstrap
- - export CC="ccache i686-w64-mingw32-gcc"
- - export CFLAGS="-fstack-protector"
- - export CXXFLAGS="-fstack-protector"
- - export LDFLAGS="-fstack-protector"
- - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin
- - dash ./configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-nls --disable-guile --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc
- - mingw32-make -j$BUILDJOBS
- - mingw32-make -j$BUILDJOBS -C tests check
-# Combine generated apps and DLLs.
-#libwinpthread is required by libgcc
-#libffi is required by libp11-kit
- - mkdir -p win32-build/bin win32-build/lib/includes
- - cp lib/.libs/*.dll src/.libs/*.exe win32-build/bin
- - i686-w64-mingw32-strip --strip-unneeded win32-build/bin/*.dll
- - i686-w64-mingw32-strip win32-build/bin/*.exe
- - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win32-build/bin
- - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win32-build/bin
- - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win32-build/bin
- - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win32-build/bin
- - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win32-build/bin
- - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win32-build/bin
- - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win32-build/bin
- - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win32-build/bin
- - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win32-build/lib
- - cp lib/includes/gnutls/*.h win32-build/lib/includes
- tags:
- - shared
- - docker
- - linux
- only:
- - tags
- artifacts:
- name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
- paths:
- - win32-build/
- retry: 1
+ - ./bootstrap
+ - dash ./configure --cache-file $CCACHE_FILE --disable-gcc-warnings --disable-full-test-suite --disable-doc --disable-guile --disable-tools --enable-tests
+ - make -j$BUILDJOBS
+ # build tests, but don't execute them
+ - make -j$BUILDJOBS check TESTS=""
-MinGW64.DLLs:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+fedora-notools/test:
+ extends:
+ - .test
+ - .fedora
+ dependencies:
+ - fedora-notools/build
+ needs:
+ - fedora-notools/build
+
+fedora-minimal/build:
+ extends:
+ - .build
+ - .fedora
script:
- - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
- - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
- - ./bootstrap
- - export CC="ccache x86_64-w64-mingw32-gcc"
- - export CFLAGS="-fstack-protector"
- - export CXXFLAGS="-fstack-protector"
- - export LDFLAGS="-fstack-protector"
- - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin
- - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc
- - mingw64-make -j$BUILDJOBS
- - mingw64-make -j$BUILDJOBS -C tests check
-# Combine generated apps and DLLs.
-#libwinpthread is required by libgcc
-#libffi is required by libp11-kit
- - mkdir -p win64-build/bin win64-build/lib/includes
- - cp lib/.libs/*.dll src/.libs/*.exe win64-build/bin
- - x86_64-w64-mingw32-strip --strip-unneeded win64-build/bin/*.dll
- - x86_64-w64-mingw32-strip win64-build/bin/*.exe
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win64-build/bin
- - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win64-build/lib
- - cp lib/includes/gnutls/*.h win64-build/lib/includes
- tags:
- - shared
- - docker
- - linux
- only:
- - tags
- artifacts:
- name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
- paths:
- - win64-build/
- retry: 1
+ - ./bootstrap
+ - dnf remove -y libunistring-devel libtasn1-devel libidn-devel
+ - dash ./configure --cache-file $CCACHE_FILE --with-included-libtasn1
+ --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-tests
+ --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication
+ --disable-anon-authentication --disable-dhe --disable-ecdhe
+ --disable-ocsp --disable-non-suiteb-curves --with-included-unistring
+ --disable-nls --disable-libdane --without-p11-kit --without-tpm
+ --disable-ssl3-support --disable-ssl2-support --disable-doc --enable-openssl-compatibility
+ --disable-gcc-warnings --with-system-priority-file=""
+ --disable-gost
+ --disable-guile
+ - make -j$BUILDJOBS
+ # build tests, but don't execute them
+ - make -j$BUILDJOBS check TESTS=""
-MinGW64.DLLs.Vista+:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+fedora-minimal/test:
+ extends:
+ - .test
+ - .fedora
+ dependencies:
+ - fedora-minimal/build
+ needs:
+ - fedora-minimal/build
+
+fedora-SSL-3.0/build:
+ extends:
+ - .build
+ - .fedora
script:
- - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
- - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
- - ./bootstrap
- - export CC="ccache x86_64-w64-mingw32-gcc"
- - export CFLAGS="-fstack-protector"
- - export CXXFLAGS="-fstack-protector"
- - export LDFLAGS="-fstack-protector"
- # Target Vista instead of XP, currently the default in mingw
- - export CPPFLAGS="-D_WIN32_WINNT=0x600"
- - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin
- - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc
- - mingw64-make -j$BUILDJOBS
- - mingw64-make -j$BUILDJOBS -C tests check
-# Combine generated apps and DLLs.
-#libwinpthread is required by libgcc
-#libffi is required by libp11-kit
- - mkdir -p win64-build/bin win64-build/lib/includes
- - cp lib/.libs/*.dll src/.libs/*.exe win64-build/bin
- - x86_64-w64-mingw32-strip --strip-unneeded win64-build/bin/*.dll
- - x86_64-w64-mingw32-strip win64-build/bin/*.exe
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win64-build/bin
- - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win64-build/bin
- - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win64-build/lib
- - cp lib/includes/gnutls/*.h win64-build/lib/includes
- tags:
- - shared
- - docker
- - linux
- only:
- - tags
- artifacts:
- name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
- paths:
- - win64-build/
- retry: 1
+ - update-crypto-policies --set LEGACY
+ - ./bootstrap
+ - dash ./configure --disable-tls13-interop --disable-gcc-warnings --cache-file $CCACHE_FILE --enable-sha1-support --enable-ssl3-support --enable-seccomp-tests --disable-doc --disable-guile --disable-strict-der-time
+ - make -j$BUILDJOBS
+ # build tests, but don't execute them
+ - make -j$BUILDJOBS check TESTS=""
-MinGW64.Vista+:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+fedora-SSL-3.0/test:
+ extends:
+ - .test
+ - .fedora
+ dependencies:
+ - fedora-SSL-3.0/build
+ needs:
+ - fedora-SSL-3.0/build
+
+fedora-FIPS140-2/build:
+ extends:
+ - .build
+ - .fedora
script:
- - ./bootstrap
- - export CC="ccache x86_64-w64-mingw32-gcc"
- - export CFLAGS="-fstack-protector"
- - export CXXFLAGS="-fstack-protector"
- - export LDFLAGS="-fstack-protector"
- # Target Vista instead of XP, currently the default in mingw
- - export CPPFLAGS="-D_WIN32_WINNT=0x600"
- - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin
- - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
- - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register
- - mkdir -p build
- - cd build
- - dash ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc
- # generate the certtool autogen file to check whether later compilation will modify it
- - mingw64-make -j$BUILDJOBS -C src certtool-args.c.bak
- - mingw64-make -j$BUILDJOBS
- - mingw64-make -j$CHECKJOBS -C tests check
- - cd ..
- # since we use --enable-local-libopts the generated files must equal the .bak
- - cmp build/src/certtool-args.c build/src/certtool-args.c.bak || false
- tags:
- - shared
- - docker
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - build/*.log
- - build/tests/*.log
- - build/tests/*/*.log
- retry: 1
+ - ./bootstrap
+ - dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --disable-non-suiteb-curves --enable-fips140-mode --disable-doc --disable-full-test-suite --disable-guile
+ - make -j$BUILDJOBS
+ - make -j$CHECKJOBS check
+ - mkdir -p lib/.libs/fipscheck
+ - |
+ for i in lib/.libs/libgnutls.so*; do
+ openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP -hex $i | cut -f 2 -d ' ' > lib/.libs/fipscheck/$(basename $i).hmac
+ done
+ # build tests, but don't execute them
+ - GNUTLS_FORCE_FIPS_MODE=1 make -j$BUILDJOBS check TESTS=""
-MinGW64:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+fedora-FIPS140-2/test:
+ extends:
+ - .test
+ - .fedora
+ dependencies:
+ - fedora-FIPS140-2/build
+ needs:
+ - fedora-FIPS140-2/build
script:
- - ./bootstrap
- - export CC="ccache x86_64-w64-mingw32-gcc"
- - export CFLAGS="-fstack-protector"
- - export CXXFLAGS="-fstack-protector"
- - export LDFLAGS="-fstack-protector"
- - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin
- - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
- - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register
- - mkdir -p build
- - cd build
- - dash ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc
- # generate the certtool autogen file to check whether later compilation will modify it
- - mingw64-make -j$BUILDJOBS -C src certtool-args.c.bak
- - mingw64-make -j$BUILDJOBS
- - mingw64-make -j$CHECKJOBS -C tests check
- - cd ..
- # since we use --enable-local-libopts the generated files must equal the .bak
- - cmp build/src/certtool-args.c build/src/certtool-args.c.bak || false
- tags:
- - shared
- - docker
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - build/*.log
- - build/tests/*.log
- - build/tests/*/*.log
- retry: 1
+ - GNUTLS_FORCE_FIPS_MODE=1 make -j$CHECKJOBS check
-MinGW32:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
+.fedora-nettle/build:
+ extends:
+ - .build
+ - .fedora-nettle
script:
- - ./bootstrap
- - export CC="ccache i686-w64-mingw32-gcc"
- - export CFLAGS="-fstack-protector"
- - export CXXFLAGS="-fstack-protector"
- - export LDFLAGS="-fstack-protector"
- - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin
- - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
- - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
- - mkdir -p build
- - cd build
- - dash ../configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc
- - mingw32-make -j$BUILDJOBS
- - mingw32-make -j$CHECKJOBS -C tests check
- - cd ..
- tags:
- - shared
- - docker
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - build/*.log
- - build/tests/*.log
- - build/tests/*/*.log
- retry: 1
+ - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git
+ - pushd nettle-git
+ - ./.bootstrap
+ - ./configure --disable-documentation --prefix=${PWD}/$NETTLE_DIR $NETTLE_CONFIGURE_ARGS
+ - make -j$BUILDJOBS
+ - make -j$BUILDJOBS install
+ - popd
+ - SUBMODULE_NOFETCH=1 ./bootstrap
+ - PKG_CONFIG_PATH=${PWD}/$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-doc --disable-guile
+ - make -j$BUILDJOBS
+ - make -j$BUILDJOBS check TESTS=""
-# That is a specific runner that we cannot enable universally.
-# We restrict it to builds under the $BUILD_IMAGES_PROJECT project.
-FreeBSD.x86_64:
- stage: stage1-testing
- image:
+.fedora-nettle/test:
+ extends:
+ - .test
+ - .fedora-nettle
script:
- - export CC="ccache clang"
- - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git
- - export NETTLE_DIR=${PWD}/nettle
- - cd nettle-git
- - ./.bootstrap
- - ./configure --enable-mini-gmp --disable-documentation --disable-openssl --prefix=$NETTLE_DIR
- - gmake
- - gmake install
- - cd -
- - ./bootstrap
- - export LDFLAGS="-Wl,-rpath,$NETTLE_DIR/lib -L$NETTLE_DIR/lib -L/usr/local/lib"
- - export PKG_CONFIG_PATH=$NETTLE_DIR/lib/pkgconfig
- - export CPPFLAGS=`pkg-config hogweed --cflags-only-I`
- - export LD_LIBRARY_PATH=$NETTLE_DIR/lib
- - ./configure --disable-full-test-suite --cache-file cache/config.cache --disable-gcc-warnings --disable-guile --disable-doc --with-nettle-mini
- - gmake V=1 2>&1 | tee make.log
- - gmake check
- tags:
- - freebsd
- only:
- - branches@gnutls/gnutls
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - ./*.log
- - tests/*.log
- - tests/*/*.log
- retry: 1
+ - PKG_CONFIG_PATH=${PWD}/$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=${PWD}/$NETTLE_DIR/lib64 make -j$CHECKJOBS check
-# Two runs, one with normal backend and another with pkcs11 trust store
-UB+ASAN-Werror.Fedora.x86_64.gcc:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+fedora-nettle/build:
+ extends:
+ - .fedora-nettle/build
+ variables:
+ NETTLE_CONFIGURE_ARGS: ""
+
+fedora-nettle/test:
+ extends:
+ - .fedora-nettle/test
+ dependencies:
+ - fedora-nettle/build
+ needs:
+ - fedora-nettle/build
+
+fedora-nettle-minigmp/build:
+ extends:
+ - .fedora-nettle/build
+ variables:
+ NETTLE_CONFIGURE_ARGS: "--enable-mini-gmp"
+
+fedora-nettle-minigmp/test:
+ extends:
+ - .fedora-nettle/test
+ dependencies:
+ - fedora-nettle-minigmp/build
+ needs:
+ - fedora-nettle-minigmp/build
+
+fedora-valgrind/build:
+ extends:
+ - .build
+ - .fedora
script:
- - ./bootstrap
- - export UBSAN_OPTIONS=print_stacktrace=1
- - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
- - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope"
- - export CXXFLAGS="$CFLAGS"
- - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration
- - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
- - make -j$BUILDJOBS
- # Use $BUILDJOBS since the fuzzers should use mainly CPU (no blocking I/O)
- - make -j$BUILDJOBS check -C fuzz
- - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x1
- - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x2
- - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x4
- - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x8
- - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x20
- - make -j$CHECKJOBS check -C tests
- - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration --with-default-trust-store-pkcs11="pkcs11:" --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM
- - make clean
- - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
- - make -j$BUILDJOBS
- # Use $BUILDJOBS since most of the job is building all tests, then just running 4 tests
- - make -j$BUILDJOBS check -C tests TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=.
+ - ./bootstrap
+ # gcc in fedora31 inlines strcmp in a way that causes valgrind errors
+ - CFLAGS="-O2 -g -fno-builtin-strcmp" ./configure --disable-gcc-warnings --disable-doc --cache-file $CCACHE_FILE --disable-guile --disable-full-test-suite --enable-valgrind-tests
+ - make -j$BUILDJOBS
+ - make -j$BUILDJOBS check TESTS=""
+
+fedora-valgrind/test:
+ extends:
+ - .test
+ - .fedora
+ dependencies:
+ - fedora-valgrind/build
+ needs:
+ - fedora-valgrind/build
+ timeout: 2h
+
+fedora-threadsan/build:
+ extends:
+ - .build
+ - .fedora
+ script:
+ - ./bootstrap
+ - CFLAGS="-fsanitize=thread -g -O2" CXXFLAGS=$CFLAGS
+ dash ./configure --disable-gcc-warnings --disable-doc --cache-file $CCACHE_FILE --disable-non-suiteb-curves --disable-guile --enable-fips140-mode --disable-full-test-suite
+ - make -j$BUILDJOBS
+ - make -j$BUILDJOBS -C tests check SUBDIRS=. TESTS="" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1
+
+fedora-threadsan/test:
+ extends:
+ - .test
+ - .fedora
+ dependencies:
+ - fedora-threadsan/build
+ needs:
+ - fedora-threadsan/build
+ script:
+ - make -j$CHECKJOBS -C tests check SUBDIRS=. TESTS="tls-pthread dtls-pthread fips-mode-pthread rng-pthread" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1
+
+fedora-static-analyzers/build:
+ extends:
+ - .build
+ - .fedora
+ #TODO originally, before_script was set to "/bin/true".. is there a reason not to create the cache?
+ script:
+ - ./bootstrap
+ - scan-build ./configure --cache-file $CCACHE_FILE --disable-doc --disable-guile --enable-fips140-mode
+ - make -j$BUILDJOBS syntax-check gnulib_dir=$GNULIB_SRCDIR
+ - make -j$BUILDJOBS -C gl
+ - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C lib
+ - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C libdane
+ - make -j$BUILDJOBS -C src/gl
+ - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C src
+ #TODO originally, after_script was set to "/bin/true".. is there a reason not to create the cache?
+
+fedora-static-analyzers/test:
+ extends:
+ - .test
+ - .fedora
+ dependencies:
+ - fedora-static-analyzers/build
+ needs:
+ - fedora-static-analyzers/build
+ script:
+ - cppcheck --force -q -Ilib/include -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring -i lib/minitasn1 -i lib/nettle/backport -i lib/nettle/ecc -j2 $CPPCHECK_OPTIONS
+ - cppcheck --force -q -Ilib/include -Igl/ -Ilibdane/ -I. --error-exitcode=1 libdane/ -j2 $CPPCHECK_OPTIONS
+
+# TODO this does not work, so we keep using old job doc-dist.Fedora
+# Keeping it here until I figure it out.
+#fedora-docdist/build:
+# extends:
+# - .build
+# - .fedora
+# script:
+# - SUBMODULE_NOFETCH=1 ./bootstrap
+# - GUILE=/usr/bin/guile2.2
+# - GUILD=/usr/bin/guild2.2
+# - guile_snarf=/usr/bin/guile-snarf2.2
+# - export GUILE GUILD guile_snarf
+# - CFLAGS="-std=c99 -O2 -g" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode
+# - make -j$BUILDJOBS -C doc stamp-vti
+# - make -j$BUILDJOBS -C doc stamp-1
+# - make -j$BUILDJOBS -C doc stamp_enums
+# - make -j$BUILDJOBS
+# - make -j$BUILDJOBS -C doc gnutls.html
+# - make -j$BUILDJOBS -C doc/latex gnutls.pdf
+# - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print))
+# - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub
+# # we don't throw away intermediate compilation results as /test job does some compiling, too
+# artifacts:
+# expire_in: 1 day
+# paths:
+# - ./
+# exclude:
+# - .git/ # passing forward .git causes warnings and possibly problems
+# - ./**/.git/ # passing forward .git causes warnings and possibly problems
+#
+#fedora-docdist/test:
+# extends:
+# - .test
+# - .fedora
+# dependencies:
+# - fedora-docdist/build
+# needs:
+# - fedora-docdist/build
+# script: # shall we separate it to two jobs?
+# - export CFLAGS="-std=c99 -O2 -g"
+# - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print))
+# - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub
+# # check whether distribution with or without included libopts is ok
+# - make -j$CHECKJOBS distcheck DISTCHECK_CONFIGURE_FLAGS="--enable-local-libopts --disable-tests"
+# - make -j$CHECKJOBS distcheck
+
+fedora-abicoverage/build:
+ extends:
+ - .build
+ - .fedora
+ script:
+ script:
+ - SUBMODULE_NOFETCH=1 ./bootstrap
+ - GUILE=/usr/bin/guile2.2
+ - GUILD=/usr/bin/guild2.2
+ - guile_snarf=/usr/bin/guile-snarf2.2
+ - export GUILE GUILD guile_snarf
+ - CFLAGS="-g -Og" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --enable-code-coverage --disable-maintainer-mode --disable-doc
+ - make -j$BUILDJOBS
+ - make -j$BUILDJOBS check TESTS=""
tags:
- - shared
- - linux
+ - shared
+ - linux
except:
- - tags
+ - tags
+
+fedora-abicoverage/test:
+ extends:
+ - .test
+ - .fedora
+ dependencies:
+ - fedora-abicoverage/build
+ needs:
+ - fedora-abicoverage/build
+ script:
+ - make abi-check
+ - make pic-check
+ - make -j$CHECKJOBS check
+ - make local-code-coverage-output || true
+ - if objdump -R lib/.libs/libgnutls.so | grep INTERNAL ; then false ; fi
artifacts:
expire_in: 1 week
when: on_failure
paths:
- - guile/tests/*.log
+ - ./*.xml
- ./*.log
- - fuzz/*.log
- - tests/*.log
- - tests/*/*.log
- - tests/suite/*/*.log
- retry: 1
-
-# This includes interoperability testing with gnutls 2.12.x
-Debian.x86_64:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD
+ - ./**/*.log
+ - gnutls-prev-abi.tmp/
+ - compat_reports/
+
+##############################################################################
+########################### Debian pipelines #################################
+##############################################################################
+
+debian/build:
+ extends:
+ - .build
+ - .debian
script:
- ./bootstrap
- - mkdir -p build
- - cd build
- - dash ../configure --enable-oldgnutls-interop --disable-gcc-warnings --cache-file ../cache/config.cache --disable-doc --disable-guile LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now'
+ - dash ./configure --enable-oldgnutls-interop --disable-gcc-warnings --cache-file $CCACHE_FILE --disable-doc --disable-guile LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now'
- make -j$BUILDJOBS
- - make -j$CHECKJOBS check
- - cd ..
- tags:
- - shared
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - build/guile/tests/*.log
- - build/*.log
- - build/tests/*.log
- - build/tests/*/*.log
- - build/tests/suite/*/*.log
- retry: 1
-
-Debian.cross.i686-linux-gnu:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_X86_CROSS_BUILD
+ - make -j$BUILDJOBS check TESTS=""
+
+debian/test:
+ extends:
+ - .test
+ - .debian
+ dependencies:
+ - debian/build
+ needs:
+ - debian/build
+
+.debian-cross/build:
+ extends:
+ - .build
script:
- - build=$(dpkg-architecture -qDEB_HOST_GNU_TYPE)
- - host=i686-linux-gnu
- # not setting CC_FOR_BUILD paired with qemu-user/binfmt somehow causes
- # config.guess to detect the target as the build platform and not activate
- # cross-compile mode even though --build is given
- - export CC_FOR_BUILD="ccache gcc"
- - export CC="ccache $host-gcc"
- - ./bootstrap
- - mkdir -p build
- - cd build
- # Debian's softhsm package is not multiarch yet. Missing softhsm libraries
- # for the target will cause the test suite to fail when p11-kit is enabled.
- - dash ../configure --build=$build --host=$host --disable-gcc-warnings
- --cache-file ../cache/config.cache --disable-doc --disable-guile
- --without-p11-kit --disable-full-test-suite
- - make -j$BUILDJOBS
- - make pic-check
- # Parallel tests cause random failures, likely timing errors
- - make -j1 check
- - cd ..
+ - build=$(dpkg-architecture -qDEB_HOST_GNU_TYPE)
+ - host=$(echo $CI_JOB_NAME |cut -d/ -f2)
+ - echo "host is $host"
+ # not setting CC_FOR_BUILD paired with qemu-user/binfmt somehow causes
+ # config.guess to detect the target as the build platform and not activate
+ # cross-compile mode even though --build is given
+ - export CC_FOR_BUILD="ccache gcc"
+ - export CC="ccache $host-gcc"
+ - ./bootstrap
+ # Debian's softhsm package is not multiarch yet. Missing softhsm libraries
+ # for the target will cause the test suite to fail when p11-kit is enabled.
+ - dash ./configure --build=$build --host=$host --disable-gcc-warnings
+ --cache-file $CCACHE_FILE --disable-doc --disable-guile
+ --without-p11-kit --disable-full-test-suite
+ - make -j$BUILDJOBS
+ # build tests, but don't execute them
+ - make -j$BUILDJOBS check TESTS=""
tags:
- - shared
- - docker
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - build/guile/tests/*.log
- - build/*.log
- - build/tests/*.log
- - build/tests/*/*.log
- - build/tests/suite/*/*.log
- retry: 1
-
-.Debian.cross.template: &Debian_cross_template
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_CROSS_BUILD
+ - shared
+ - docker
+ - linux
+
+.debian-cross/test:
+ extends:
+ - .test
script:
- - build=$(dpkg-architecture -qDEB_HOST_GNU_TYPE)
- - host="${CI_JOB_NAME#*.cross.}"
- # not setting CC_FOR_BUILD paired with qemu-user/binfmt somehow causes
- # config.guess to detect the target as the build platform and not activate
- # cross-compile mode even though --build is given
- - export CC_FOR_BUILD="ccache gcc"
- - export CC="ccache $host-gcc"
- - ./bootstrap
- - sed -i '/errno.==.EINVAL/d' src/gl/tests/test-strerror.c
- - mkdir -p build
- - cd build
- # Debian's softhsm package is not multiarch yet. Missing softhsm libraries
- # for the target will cause the test suite to fail when p11-kit is enabled.
- - dash ../configure --build=$build --host=$host --disable-gcc-warnings
- --cache-file ../cache/config.cache --disable-doc --disable-guile
- --without-p11-kit --disable-full-test-suite
- - make -j$BUILDJOBS
- # Parallel tests cause random failures, likely timing errors
- - make -j1 check
- - cd ..
+ - make pic-check
+ # Parallel tests cause random failures, likely timing errors
+ - make -j1 check
tags:
- - shared
- - docker
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - build/guile/tests/*.log
- - build/*.log
- - build/tests/*.log
- - build/tests/*/*.log
- - build/tests/suite/*/*.log
- retry: 1
-
-Debian.cross.arm-linux-gnueabihf:
- <<: *Debian_cross_template
-
-Debian.cross.aarch64-linux-gnu:
- <<: *Debian_cross_template
+ - shared
+ - docker
+ - linux
+
+debian-cross/i686-linux-gnu/build: # name is important, see .debian-cross/build
+ extends:
+ - .debian-cross/build
+ - .debian-cross-i686
+
+debian-cross/i686-linux-gnu/test:
+ extends:
+ - .debian-cross/test
+ - .debian-cross-i686
+ dependencies:
+ - debian-cross/i686-linux-gnu/build
+ needs:
+ - debian-cross/i686-linux-gnu/build
+
+debian-cross/arm-linux-gnueabihf/build: # name is important, see .debian-cross/build
+ extends:
+ - .debian-cross/build
+ - .debian-cross-other
+
+debian-cross/arm-linux-gnueabihf/test:
+ extends:
+ - .debian-cross/test
+ - .debian-cross-other
+ dependencies:
+ - debian-cross/arm-linux-gnueabihf/build
+ needs:
+ - debian-cross/arm-linux-gnueabihf/build
+ timeout: 2h
+
+debian-cross/aarch64-linux-gnu/build: # name is important, see .debian-cross/build
+ extends:
+ - .debian-cross/build
+ - .debian-cross-other
+
+debian-cross/aarch64-linux-gnu/test:
+ extends:
+ - .debian-cross/test
+ - .debian-cross-other
+ dependencies:
+ - debian-cross/aarch64-linux-gnu/build
+ needs:
+ - debian-cross/aarch64-linux-gnu/build
+ timeout: 2h
allow_failure: true
-nettle-master.Fedora:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+.mingw/build:
+ extends:
+ - .build
script:
- - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git
- - export NETTLE_DIR=${PWD}/nettle
- - pushd nettle-git
- - ./.bootstrap
- - ./configure --disable-documentation --prefix=$NETTLE_DIR
- - make -j$BUILDJOBS
- - make -j$BUILDJOBS install
- - popd
- - SUBMODULE_NOFETCH=1 ./bootstrap
- - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-doc --disable-guile
- - make -j$BUILDJOBS
- - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$CHECKJOBS check
- tags:
- - shared
- - linux
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - ./*.log
- - fuzz/*.log
- - tests/*.log
- - tests/*/*.log
- - tests/suite/*/*.log
- retry: 1
-
-nettle-master-minigmp.Fedora:
- stage: stage1-testing
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+# - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
+# - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
+ - ./bootstrap
+ - dash ./configure --disable-gcc-warnings --host=${arch_name}-w64-mingw32 --target=${arch_name}-w64-mingw32 --cache-file $CCACHE_FILE --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc
+ # since we use --enable-local-libopts the generated files must equal the .bak
+ - mingw${arch_bits}-make -j$BUILDJOBS -C src certtool-args.c.bak
+ - cmp src/certtool-args.c src/certtool-args.c.bak || false # TODO not really sure about what is this for
+ - mingw${arch_bits}-make -j$BUILDJOBS
+ - mingw${arch_bits}-make -j$BUILDJOBS -C tests check TESTS=""
+
+##############################################################################
+########################### MinGW pipelines ##################################
+##############################################################################
+
+.mingw/test:
+ extends:
+ - .test
script:
- - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git
- - export NETTLE_DIR=${PWD}/nettle
- - pushd nettle-git
- - ./.bootstrap
- - ./configure --disable-documentation --enable-mini-gmp --prefix=$NETTLE_DIR
- - make -j$BUILDJOBS
- - make -j$BUILDJOBS install
- - popd
- - SUBMODULE_NOFETCH=1 ./bootstrap
- - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-doc --disable-guile --disable-full-test-suite
- - make -j$BUILDJOBS
- - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$CHECKJOBS check
- tags:
- - shared
- - linux
- except:
- - tags
+ - mingw${arch_bits}-make -j$CHECKJOBS -C tests check
+
+.mingw/archive:
+ stage: archive
+# TODO this should be here, but I want to see if it works without tagging
+# only:
+# - tags
+ script:
+ # Combine generated apps and DLLs.
+ #libwinpthread is required by libgcc
+ #libffi is required by libp11-kit
+ - mkdir -p win${arch_bits}-build/bin win${arch_bits}-build/lib/includes
+ - cp lib/.libs/*.dll src/.libs/*.exe win${arch_bits}-build/bin
+ - ${arch_name}-w64-mingw32-strip --strip-unneeded win${arch_bits}-build/bin/*.dll
+ - ${arch_name}-w64-mingw32-strip win${arch_bits}-build/bin/*.exe
+ - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win${arch_bits}-build/bin
+ - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win${arch_bits}-build/bin
+ - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win${arch_bits}-build/bin
+ - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win${arch_bits}-build/bin
+ - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win${arch_bits}-build/bin
+ - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win${arch_bits}-build/bin
+ - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win${arch_bits}-build/bin
+ - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win${arch_bits}-build/bin
+ - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win${arch_bits}-build/lib
+ - cp lib/includes/gnutls/*.h win${arch_bits}-build/lib/includes
artifacts:
- expire_in: 1 week
- when: on_failure
+ name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
paths:
- - ./*.log
- - fuzz/*.log
- - tests/*.log
- - tests/*/*.log
- - tests/suite/*/*.log
- retry: 1
+ - win${arch_bits}-build/
+
+mingw64/build:
+ extends:
+ - .mingw/build
+ - .mingw64
+
+mingw64/test:
+ extends:
+ - .mingw/test
+ - .mingw64
+ dependencies:
+ - mingw64/build
+ needs:
+ - mingw64/build
+
+mingw64/archive:
+ extends:
+ - .mingw/archive
+ - .mingw64
+ dependencies:
+ - mingw64/build
+ needs: # archive only if tests successful
+ - mingw64/build
+ - mingw64/test
+
+mingw64-vista/build:
+ extends:
+ - .mingw/build
+ - .mingw64
+ - .mingw-vista
+
+mingw64-vista/test:
+ extends:
+ - .mingw/test
+ - .mingw64
+ - .mingw-vista
+ dependencies:
+ - mingw64-vista/build
+ needs:
+ - mingw64-vista/build
+
+mingw64-vista/archive:
+ extends:
+ - .mingw/archive
+ - .mingw64
+ - .mingw-vista
+ dependencies:
+ - mingw64-vista/build
+ needs: # archive only if tests successful
+ - mingw64-vista/build
+ - mingw64-vista/test
+
+mingw32/build:
+ extends:
+ - .mingw/build
+ - .mingw32
+
+mingw32/test:
+ extends:
+ - .mingw/test
+ - .mingw32
+ dependencies:
+ - mingw32/build
+ needs:
+ - mingw32/build
+
+mingw32/archive:
+ extends:
+ - .mingw/archive
+ - .mingw32
+ dependencies:
+ - mingw32/build
+ needs: # archive only if tests successful
+ - mingw32/build
+ - mingw32/test
+
+mingw32-vista/build:
+ extends:
+ - .mingw/build
+ - .mingw32
+ - .mingw-vista
+
+mingw32-vista/test:
+ extends:
+ - .mingw/test
+ - .mingw32
+ - .mingw-vista
+ dependencies:
+ - mingw32-vista/build
+ needs:
+ - mingw32-vista/build
+
+mingw32-vista/archive:
+ extends:
+ - .mingw/archive
+ - .mingw32
+ - .mingw-vista
+ dependencies:
+ - mingw32-vista/build
+ needs: # archive only if tests successful
+ - mingw32-vista/build
+ - mingw32-vista/test
projects / thirdparty / gnutls.git / commitdiff
