travis: Use a fix revision for Botan and speed up subsequent builds via ccache
[strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 build_botan()
5 {
6 # same revision used in the build recipe of the testing environment
7 BOTAN_REV=1872f899716854927ecc68022fac318735be8824
8 BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
9
10 # if the leak detective is enabled we have to disable threading support
11 # (used for std::async) as that causes invalid frees somehow, the
12 # locking allocator causes a static leak via the first function that
13 # references it (e.g. crypter or hasher), so we disable that too
14 if test "$LEAK_DETECTIVE" = "yes"; then
15 BOTAN_CONFIG="--without-os-features=threads
16 --disable-modules=locking_allocator"
17 fi
18 # disable some larger modules we don't need for the tests
19 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
20
21 git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
22 cd $BOTAN_DIR &&
23 git checkout $BOTAN_REV &&
24 python ./configure.py --amalgamation $BOTAN_CONFIG &&
25 make -j4 libs >/dev/null &&
26 sudo make install >/dev/null &&
27 sudo ldconfig || exit $?
28 cd -
29 }
30
31 if test -z $TRAVIS_BUILD_DIR; then
32 TRAVIS_BUILD_DIR=$PWD
33 fi
34
35 cd $TRAVIS_BUILD_DIR
36
37 TARGET=check
38
39 DEPS="libgmp-dev"
40
41 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
42
43 case "$TEST" in
44 default)
45 # should be the default, but lets make sure
46 CONFIG="--with-printf-hooks=glibc"
47 ;;
48 openssl)
49 CONFIG="--disable-defaults --enable-pki --enable-openssl"
50 DEPS="libssl-dev"
51 ;;
52 gcrypt)
53 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
54 DEPS="libgcrypt11-dev"
55 ;;
56 botan)
57 CONFIG="--disable-defaults --enable-pki --enable-botan"
58 # we can't use the old package that comes with Ubuntu so we build from
59 # the current master until 2.8.0 is released and then probably switch to
60 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
61 # currently required)
62 DEPS=""
63 if test "$1" = "deps"; then
64 build_botan
65 fi
66 ;;
67 printf-builtin)
68 CONFIG="--with-printf-hooks=builtin"
69 ;;
70 all|coverage|sonarcloud)
71 CONFIG="--enable-all --disable-android-dns --disable-android-log
72 --disable-kernel-pfroute --disable-keychain
73 --disable-lock-profiler --disable-padlock --disable-fuzzing
74 --disable-osx-attr --disable-tkm --disable-uci
75 --disable-systemd --disable-soup --disable-unwind-backtraces
76 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
77 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
78 # Ubuntu 14.04 does provide a too old libtss2-dev
79 CONFIG="$CONFIG --disable-tss-tss2"
80 # Ubuntu 14.04 does not provide libnm
81 CONFIG="$CONFIG --disable-nm"
82 # not enabled on the build server
83 CONFIG="$CONFIG --disable-af-alg"
84 if test "$TEST" != "coverage"; then
85 CONFIG="$CONFIG --disable-coverage"
86 else
87 # not actually required but configure checks for it
88 DEPS="$DEPS lcov"
89 fi
90 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
91 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
92 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev
93 libjson0-dev iptables-dev python-pip libtspi-dev"
94 PYDEPS="pytest"
95 if test "$1" = "deps"; then
96 build_botan
97 fi
98 ;;
99 win*)
100 CONFIG="--disable-defaults --enable-svc --enable-ikev2
101 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
102 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
103 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
104 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
105 --enable-updown --enable-ext-auth --enable-libipsec
106 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
107 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
108 --enable-pki --enable-swanctl --enable-socket-win"
109 # no make check for Windows binaries unless we run on a windows host
110 if test "$APPVEYOR" != "True"; then
111 TARGET=
112 else
113 CONFIG="$CONFIG --enable-openssl"
114 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
115 LDFLAGS="-L/c/OpenSSL-$TEST"
116 export LDFLAGS
117 fi
118 CFLAGS="$CFLAGS -mno-ms-bitfields"
119 DEPS="gcc-mingw-w64-base"
120 case "$TEST" in
121 win64)
122 # headers on 12.04 are too old, so we only build the plugins here
123 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces
124 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
125 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
126 CC="x86_64-w64-mingw32-gcc"
127 # apply patch to MinGW headers
128 if test "$APPVEYOR" != "True" -a -z "$1"; then
129 sudo patch -f -p 4 -d /usr/share/mingw-w64/include < src/libcharon/plugins/kernel_wfp/mingw-w64-4.8.1.diff
130 fi
131 ;;
132 win32)
133 CONFIG="--host=i686-w64-mingw32 $CONFIG"
134 # currently only works on 12.04, so use mingw-w64-dev instead of mingw-w64-i686-dev
135 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-dev $DEPS"
136 CC="i686-w64-mingw32-gcc"
137 ;;
138 esac
139 ;;
140 osx)
141 # this causes a false positive in ip-packet.c since Xcode 8.3
142 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
143 # use the same options as in the Homebrew Formula
144 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
145 --enable-curl --enable-eap-gtc --enable-eap-identity
146 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
147 --enable-kernel-libipsec --enable-kernel-pfkey
148 --enable-kernel-pfroute --enable-nonce --enable-openssl
149 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
150 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
151 --enable-scepclient --enable-socket-default --enable-sshkey
152 --enable-stroke --enable-swanctl --enable-unity --enable-updown
153 --enable-x509 --enable-xauth-generic"
154 DEPS="bison gettext openssl curl"
155 BREW_PREFIX=$(brew --prefix)
156 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
157 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
158 for pkg in openssl curl
159 do
160 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
161 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
162 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
163 done
164 export PKG_CONFIG_PATH
165 export CPPFLAGS
166 export LDFLAGS
167 ;;
168 fuzzing)
169 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
170 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
171 --enable-imc-test --enable-tnccs-20"
172 # don't run any of the unit tests
173 export TESTS_RUNNERS=
174 # prepare corpora
175 if test -z "$1"; then
176 if test -z "$FUZZING_CORPORA"; then
177 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
178 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
179 fi
180 # these are about the same as those on OSS-Fuzz (except for the
181 # symbolize options and strip_path_prefix)
182 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
183 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
184 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
185 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
186 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
187 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
188 fi
189 ;;
190 dist)
191 TARGET=distcheck
192 ;;
193 apidoc)
194 DEPS="doxygen"
195 CONFIG="--disable-defaults"
196 TARGET=apidoc
197 ;;
198 *)
199 echo "$0: unknown test $TEST" >&2
200 exit 1
201 ;;
202 esac
203
204 if test "$1" = "deps"; then
205 case "$TRAVIS_OS_NAME" in
206 linux)
207 sudo apt-get update -qq && \
208 sudo apt-get install -qq bison flex gperf gettext $DEPS
209 ;;
210 osx)
211 brew update && \
212 # workaround for issue #6352
213 brew uninstall --force libtool && brew install libtool && \
214 brew install $DEPS
215 ;;
216 esac
217 exit $?
218 fi
219
220 if test "$1" = "pydeps"; then
221 test -z "$PYDEPS" || pip -q install --user $PYDEPS
222 exit $?
223 fi
224
225 CONFIG="$CONFIG
226 --disable-dependency-tracking
227 --enable-silent-rules
228 --enable-test-vectors
229 --enable-monolithic=${MONOLITHIC-no}
230 --enable-leak-detective=${LEAK_DETECTIVE-no}"
231
232 echo "$ ./autogen.sh"
233 ./autogen.sh || exit $?
234 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
235 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
236
237 case "$TEST" in
238 apidoc)
239 exec 2>make.warnings
240 ;;
241 *)
242 ;;
243 esac
244
245 echo "$ make $TARGET"
246 case "$TEST" in
247 sonarcloud)
248 # without target, coverage is currently not supported anyway because
249 # sonarqube only supports gcov, not lcov
250 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
251 ;;
252 *)
253 make -j4 $TARGET || exit $?
254 ;;
255 esac
256
257 case "$TEST" in
258 apidoc)
259 if test -s make.warnings; then
260 cat make.warnings
261 exit 1
262 fi
263 ;;
264 sonarcloud)
265 sonar-scanner \
266 -Dsonar.projectKey=strongswan \
267 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
268 -Dsonar.sources=. \
269 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
270 ;;
271 *)
272 ;;
273 esac