android: New release after fixing DB update and adding UTF-8 for EAP-MSCHAPv2
[strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 build_botan()
5 {
6 # same revision used in the build recipe of the testing environment
7 BOTAN_REV=2.10.0
8 BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
9
10 if test -d "$BOTAN_DIR"; then
11 return
12 fi
13
14 echo "$ build_botan()"
15
16 # if the leak detective is enabled we have to disable threading support
17 # (used for std::async) as that causes invalid frees somehow, the
18 # locking allocator causes a static leak via the first function that
19 # references it (e.g. crypter or hasher), so we disable that too
20 if test "$LEAK_DETECTIVE" = "yes"; then
21 BOTAN_CONFIG="--without-os-features=threads
22 --disable-modules=locking_allocator"
23 fi
24 # disable some larger modules we don't need for the tests
25 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
26
27 git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
28 cd $BOTAN_DIR &&
29 git checkout -qf $BOTAN_REV &&
30 python ./configure.py --amalgamation $BOTAN_CONFIG &&
31 make -j4 libs >/dev/null &&
32 sudo make install >/dev/null &&
33 sudo ldconfig || exit $?
34 cd -
35 }
36
37 build_tss2()
38 {
39 TSS2_REV=2.1.0
40 TSS2_PKG=tpm2-tss-$TSS2_REV
41 TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG
42 TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz
43
44 if test -d "$TSS2_DIR"; then
45 return
46 fi
47
48 echo "$ build_tss2()"
49
50 # the default version of libgcrypt in Ubuntu 16.04 is too old
51 sudo apt-get update -qq && \
52 sudo apt-get install -qq libgcrypt20-dev &&
53 curl -L $TSS2_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
54 cd $TSS2_DIR &&
55 ./configure &&
56 make -j4 >/dev/null &&
57 sudo make install >/dev/null &&
58 sudo ldconfig || exit $?
59 cd -
60 }
61
62 build_openssl()
63 {
64 SSL_REV=1.1.1b
65 SSL_PKG=openssl-$SSL_REV
66 SSL_DIR=$TRAVIS_BUILD_DIR/../$SSL_PKG
67 SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz
68 SSL_INS=/usr/local/ssl
69 SSL_OPT="shared no-tls no-dtls no-ssl3 no-zlib no-comp no-idea no-psk no-srp
70 no-stdio no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128"
71
72 if test -d "$SSL_DIR"; then
73 return
74 fi
75
76 echo "$ build_openssl()"
77
78 curl -L $SSL_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
79 cd $SSL_DIR &&
80 ./config --prefix=$SSL_INS --openssldir=$SSL_INS $SSL_OPT &&
81 make -j4 >/dev/null &&
82 sudo make install_sw >/dev/null &&
83 echo $SSL_INS/lib | sudo tee /etc/ld.so.conf.d/openssl-$SSL_REV.conf >/dev/null &&
84 sudo ldconfig || exit $?
85 cd -
86 }
87
88 use_custom_openssl()
89 {
90 CFLAGS="$CFLAGS -I/usr/local/ssl/include"
91 LDFLAGS="$LDFLAGS -L/usr/local/ssl/lib"
92 export LDFLAGS
93 if test "$1" = "deps"; then
94 build_openssl
95 fi
96 }
97
98 if test -z $TRAVIS_BUILD_DIR; then
99 TRAVIS_BUILD_DIR=$PWD
100 fi
101
102 cd $TRAVIS_BUILD_DIR
103
104 TARGET=check
105
106 DEPS="libgmp-dev"
107
108 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
109
110 case "$TEST" in
111 default)
112 # should be the default, but lets make sure
113 CONFIG="--with-printf-hooks=glibc"
114 ;;
115 openssl*)
116 CONFIG="--disable-defaults --enable-pki --enable-openssl --enable-pem"
117 DEPS="libssl-dev"
118 if test "$TEST" != "openssl-1.0"; then
119 DEPS=""
120 use_custom_openssl $1
121 fi
122 ;;
123 gcrypt)
124 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
125 DEPS="libgcrypt11-dev"
126 ;;
127 botan)
128 CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem"
129 # we can't use the old package that comes with Ubuntu so we build from
130 # the current master until 2.8.0 is released and then probably switch to
131 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
132 # currently required)
133 DEPS=""
134 if test "$1" = "deps"; then
135 build_botan
136 fi
137 ;;
138 printf-builtin)
139 CONFIG="--with-printf-hooks=builtin"
140 ;;
141 all|coverage|sonarcloud)
142 CONFIG="--enable-all --disable-android-dns --disable-android-log
143 --disable-kernel-pfroute --disable-keychain
144 --disable-lock-profiler --disable-padlock --disable-fuzzing
145 --disable-osx-attr --disable-tkm --disable-uci
146 --disable-soup --disable-unwind-backtraces
147 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
148 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
149 # not enabled on the build server
150 CONFIG="$CONFIG --disable-af-alg"
151 if test "$TEST" != "coverage"; then
152 CONFIG="$CONFIG --disable-coverage"
153 else
154 # not actually required but configure checks for it
155 DEPS="$DEPS lcov"
156 fi
157 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
158 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
159 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev libnm-dev
160 libjson0-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
161 PYDEPS="pytest"
162 if test "$1" = "deps"; then
163 build_botan
164 build_tss2
165 fi
166 use_custom_openssl $1
167 ;;
168 win*)
169 CONFIG="--disable-defaults --enable-svc --enable-ikev2
170 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
171 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
172 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
173 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
174 --enable-updown --enable-ext-auth --enable-libipsec
175 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
176 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
177 --enable-pki --enable-swanctl --enable-socket-win
178 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
179 # no make check for Windows binaries unless we run on a windows host
180 if test "$APPVEYOR" != "True"; then
181 TARGET=
182 CCACHE=ccache
183 else
184 CONFIG="$CONFIG --enable-openssl"
185 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
186 LDFLAGS="-L/c/OpenSSL-$TEST"
187 export LDFLAGS
188 fi
189 CFLAGS="$CFLAGS -mno-ms-bitfields"
190 DEPS="gcc-mingw-w64-base"
191 case "$TEST" in
192 win64)
193 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
194 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
195 CC="$CCACHE x86_64-w64-mingw32-gcc"
196 ;;
197 win32)
198 CONFIG="--host=i686-w64-mingw32 $CONFIG"
199 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
200 CC="$CCACHE i686-w64-mingw32-gcc"
201 ;;
202 esac
203 ;;
204 osx)
205 # this causes a false positive in ip-packet.c since Xcode 8.3
206 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
207 # use the same options as in the Homebrew Formula
208 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
209 --enable-curl --enable-eap-gtc --enable-eap-identity
210 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
211 --enable-kernel-libipsec --enable-kernel-pfkey
212 --enable-kernel-pfroute --enable-nonce --enable-openssl
213 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
214 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
215 --enable-scepclient --enable-socket-default --enable-sshkey
216 --enable-stroke --enable-swanctl --enable-unity --enable-updown
217 --enable-x509 --enable-xauth-generic"
218 DEPS="bison gettext openssl curl"
219 BREW_PREFIX=$(brew --prefix)
220 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
221 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
222 for pkg in openssl curl
223 do
224 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
225 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
226 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
227 done
228 export PKG_CONFIG_PATH
229 export CPPFLAGS
230 export LDFLAGS
231 ;;
232 fuzzing)
233 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
234 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
235 --enable-imc-test --enable-tnccs-20"
236 # don't run any of the unit tests
237 export TESTS_RUNNERS=
238 # prepare corpora
239 if test -z "$1"; then
240 if test -z "$FUZZING_CORPORA"; then
241 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
242 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
243 fi
244 # these are about the same as those on OSS-Fuzz (except for the
245 # symbolize options and strip_path_prefix)
246 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
247 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
248 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
249 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
250 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
251 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
252 fi
253 ;;
254 dist)
255 TARGET=distcheck
256 ;;
257 apidoc)
258 DEPS="doxygen"
259 CONFIG="--disable-defaults"
260 TARGET=apidoc
261 ;;
262 *)
263 echo "$0: unknown test $TEST" >&2
264 exit 1
265 ;;
266 esac
267
268 if test "$1" = "deps"; then
269 case "$TRAVIS_OS_NAME" in
270 linux)
271 sudo apt-get update -qq && \
272 sudo apt-get install -qq bison flex gperf gettext $DEPS
273 ;;
274 osx)
275 brew update && \
276 # workaround for issue #6352
277 brew uninstall --force libtool && brew install libtool && \
278 brew install $DEPS
279 ;;
280 esac
281 exit $?
282 fi
283
284 if test "$1" = "pydeps"; then
285 test -z "$PYDEPS" || pip -q install --user $PYDEPS
286 exit $?
287 fi
288
289 CONFIG="$CONFIG
290 --disable-dependency-tracking
291 --enable-silent-rules
292 --enable-test-vectors
293 --enable-monolithic=${MONOLITHIC-no}
294 --enable-leak-detective=${LEAK_DETECTIVE-no}"
295
296 echo "$ ./autogen.sh"
297 ./autogen.sh || exit $?
298 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
299 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
300
301 case "$TEST" in
302 apidoc)
303 exec 2>make.warnings
304 ;;
305 *)
306 ;;
307 esac
308
309 echo "$ make $TARGET"
310 case "$TEST" in
311 sonarcloud)
312 # without target, coverage is currently not supported anyway because
313 # sonarqube only supports gcov, not lcov
314 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
315 ;;
316 *)
317 make -j4 $TARGET || exit $?
318 ;;
319 esac
320
321 case "$TEST" in
322 apidoc)
323 if test -s make.warnings; then
324 cat make.warnings
325 exit 1
326 fi
327 rm make.warnings
328 ;;
329 sonarcloud)
330 sonar-scanner \
331 -Dsonar.projectKey=strongswan \
332 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
333 -Dsonar.sources=. \
334 -Dsonar.cfamily.threads=2 \
335 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
336 rm -r bw-output .scannerwork
337 ;;
338 *)
339 ;;
340 esac
341
342 # ensure there are no unignored build artifacts (or other changes) in the Git repo
343 unclean="$(git status --porcelain)"
344 if test -n "$unclean"; then
345 echo "Unignored build artifacts or other changes:"
346 echo "$unclean"
347 exit 1
348 fi