travis: Use amalgamation build for Botan and build outside our source tree
[strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 build_botan()
5 {
6 BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
7
8 # if the leak detective is enabled we have to disable threading support
9 # (used for std::async) as that causes invalid frees somehow, the
10 # locking allocator causes a static leak via the first function that
11 # references it (e.g. crypter or hasher), so we disable that too
12 if test "$LEAK_DETECTIVE" = "yes"; then
13 BOTAN_CONFIG="--without-os-features=threads
14 --disable-modules=locking_allocator"
15 fi
16 # disable some larger modules we don't need for the tests
17 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
18 git clone --depth 1 https://github.com/randombit/botan.git $BOTAN_DIR &&
19 cd $BOTAN_DIR &&
20 python ./configure.py --amalgamation $BOTAN_CONFIG &&
21 make -j4 libs >/dev/null &&
22 sudo make install >/dev/null &&
23 sudo ldconfig || exit $?
24 cd -
25 }
26
27 if test -z $TRAVIS_BUILD_DIR; then
28 TRAVIS_BUILD_DIR=$PWD
29 fi
30
31 cd $TRAVIS_BUILD_DIR
32
33 TARGET=check
34
35 DEPS="libgmp-dev"
36
37 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
38
39 case "$TEST" in
40 default)
41 # should be the default, but lets make sure
42 CONFIG="--with-printf-hooks=glibc"
43 ;;
44 openssl)
45 CONFIG="--disable-defaults --enable-pki --enable-openssl"
46 DEPS="libssl-dev"
47 ;;
48 gcrypt)
49 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
50 DEPS="libgcrypt11-dev"
51 ;;
52 botan)
53 CONFIG="--disable-defaults --enable-pki --enable-botan"
54 # we can't use the old package that comes with Ubuntu so we build from
55 # the current master until 2.8.0 is released and then probably switch to
56 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
57 # currently required)
58 DEPS=""
59 if test "$1" = "deps"; then
60 build_botan
61 fi
62 ;;
63 printf-builtin)
64 CONFIG="--with-printf-hooks=builtin"
65 ;;
66 all|coverage|sonarcloud)
67 CONFIG="--enable-all --disable-android-dns --disable-android-log
68 --disable-kernel-pfroute --disable-keychain
69 --disable-lock-profiler --disable-padlock --disable-fuzzing
70 --disable-osx-attr --disable-tkm --disable-uci
71 --disable-systemd --disable-soup --disable-unwind-backtraces
72 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
73 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
74 # Ubuntu 14.04 does provide a too old libtss2-dev
75 CONFIG="$CONFIG --disable-tss-tss2"
76 # Ubuntu 14.04 does not provide libnm
77 CONFIG="$CONFIG --disable-nm"
78 # not enabled on the build server
79 CONFIG="$CONFIG --disable-af-alg"
80 if test "$TEST" != "coverage"; then
81 CONFIG="$CONFIG --disable-coverage"
82 else
83 # not actually required but configure checks for it
84 DEPS="$DEPS lcov"
85 fi
86 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
87 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
88 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev
89 libjson0-dev iptables-dev python-pip libtspi-dev"
90 PYDEPS="pytest"
91 if test "$1" = "deps"; then
92 build_botan
93 fi
94 ;;
95 win*)
96 CONFIG="--disable-defaults --enable-svc --enable-ikev2
97 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
98 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
99 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
100 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
101 --enable-updown --enable-ext-auth --enable-libipsec
102 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
103 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
104 --enable-pki --enable-swanctl --enable-socket-win"
105 # no make check for Windows binaries unless we run on a windows host
106 if test "$APPVEYOR" != "True"; then
107 TARGET=
108 else
109 CONFIG="$CONFIG --enable-openssl"
110 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
111 LDFLAGS="-L/c/OpenSSL-$TEST"
112 export LDFLAGS
113 fi
114 CFLAGS="$CFLAGS -mno-ms-bitfields"
115 DEPS="gcc-mingw-w64-base"
116 case "$TEST" in
117 win64)
118 # headers on 12.04 are too old, so we only build the plugins here
119 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces
120 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
121 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
122 CC="x86_64-w64-mingw32-gcc"
123 # apply patch to MinGW headers
124 if test "$APPVEYOR" != "True" -a -z "$1"; then
125 sudo patch -f -p 4 -d /usr/share/mingw-w64/include < src/libcharon/plugins/kernel_wfp/mingw-w64-4.8.1.diff
126 fi
127 ;;
128 win32)
129 CONFIG="--host=i686-w64-mingw32 $CONFIG"
130 # currently only works on 12.04, so use mingw-w64-dev instead of mingw-w64-i686-dev
131 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-dev $DEPS"
132 CC="i686-w64-mingw32-gcc"
133 ;;
134 esac
135 ;;
136 osx)
137 # this causes a false positive in ip-packet.c since Xcode 8.3
138 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
139 # use the same options as in the Homebrew Formula
140 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
141 --enable-curl --enable-eap-gtc --enable-eap-identity
142 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
143 --enable-kernel-libipsec --enable-kernel-pfkey
144 --enable-kernel-pfroute --enable-nonce --enable-openssl
145 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
146 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
147 --enable-scepclient --enable-socket-default --enable-sshkey
148 --enable-stroke --enable-swanctl --enable-unity --enable-updown
149 --enable-x509 --enable-xauth-generic"
150 DEPS="bison gettext openssl curl"
151 BREW_PREFIX=$(brew --prefix)
152 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
153 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
154 for pkg in openssl curl
155 do
156 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
157 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
158 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
159 done
160 export PKG_CONFIG_PATH
161 export CPPFLAGS
162 export LDFLAGS
163 ;;
164 fuzzing)
165 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
166 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
167 --enable-imc-test --enable-tnccs-20"
168 # don't run any of the unit tests
169 export TESTS_RUNNERS=
170 # prepare corpora
171 if test -z "$1"; then
172 if test -z "$FUZZING_CORPORA"; then
173 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
174 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
175 fi
176 # these are about the same as those on OSS-Fuzz (except for the
177 # symbolize options and strip_path_prefix)
178 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
179 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
180 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
181 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
182 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
183 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
184 fi
185 ;;
186 dist)
187 TARGET=distcheck
188 ;;
189 apidoc)
190 DEPS="doxygen"
191 CONFIG="--disable-defaults"
192 TARGET=apidoc
193 ;;
194 *)
195 echo "$0: unknown test $TEST" >&2
196 exit 1
197 ;;
198 esac
199
200 if test "$1" = "deps"; then
201 case "$TRAVIS_OS_NAME" in
202 linux)
203 sudo apt-get update -qq && \
204 sudo apt-get install -qq bison flex gperf gettext $DEPS
205 ;;
206 osx)
207 brew update && \
208 # workaround for issue #6352
209 brew uninstall --force libtool && brew install libtool && \
210 brew install $DEPS
211 ;;
212 esac
213 exit $?
214 fi
215
216 if test "$1" = "pydeps"; then
217 test -z "$PYDEPS" || pip -q install --user $PYDEPS
218 exit $?
219 fi
220
221 CONFIG="$CONFIG
222 --disable-dependency-tracking
223 --enable-silent-rules
224 --enable-test-vectors
225 --enable-monolithic=${MONOLITHIC-no}
226 --enable-leak-detective=${LEAK_DETECTIVE-no}"
227
228 echo "$ ./autogen.sh"
229 ./autogen.sh || exit $?
230 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
231 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
232
233 case "$TEST" in
234 apidoc)
235 exec 2>make.warnings
236 ;;
237 *)
238 ;;
239 esac
240
241 echo "$ make $TARGET"
242 case "$TEST" in
243 sonarcloud)
244 # without target, coverage is currently not supported anyway because
245 # sonarqube only supports gcov, not lcov
246 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
247 ;;
248 *)
249 make -j4 $TARGET || exit $?
250 ;;
251 esac
252
253 case "$TEST" in
254 apidoc)
255 if test -s make.warnings; then
256 cat make.warnings
257 exit 1
258 fi
259 ;;
260 sonarcloud)
261 sonar-scanner \
262 -Dsonar.projectKey=strongswan \
263 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
264 -Dsonar.sources=. \
265 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
266 ;;
267 *)
268 ;;
269 esac