Merge branch 'travis-xenial'
[strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 build_botan()
5 {
6 # same revision used in the build recipe of the testing environment
7 BOTAN_REV=2.8.0
8 BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
9
10 if test -d "$BOTAN_DIR"; then
11 return
12 fi
13
14 # if the leak detective is enabled we have to disable threading support
15 # (used for std::async) as that causes invalid frees somehow, the
16 # locking allocator causes a static leak via the first function that
17 # references it (e.g. crypter or hasher), so we disable that too
18 if test "$LEAK_DETECTIVE" = "yes"; then
19 BOTAN_CONFIG="--without-os-features=threads
20 --disable-modules=locking_allocator"
21 fi
22 # disable some larger modules we don't need for the tests
23 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
24
25 git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
26 cd $BOTAN_DIR &&
27 git checkout -qf $BOTAN_REV &&
28 python ./configure.py --amalgamation $BOTAN_CONFIG &&
29 make -j4 libs >/dev/null &&
30 sudo make install >/dev/null &&
31 sudo ldconfig || exit $?
32 cd -
33 }
34
35 build_tss2()
36 {
37 TSS2_REV=2.1.0
38 TSS2_PKG=tpm2-tss-$TSS2_REV
39 TSS2_DIR=$TRAVIS_BUILD_DIR/../$TSS2_PKG
40 TSS2_SRC=https://github.com/tpm2-software/tpm2-tss/releases/download/$TSS2_REV/$TSS2_PKG.tar.gz
41
42 if test -d "$TSS2_DIR"; then
43 return
44 fi
45
46 # the default version of libgcrypt in Ubuntu 14.04 is too old
47 sudo apt-get update -qq && \
48 sudo apt-get install -qq libgcrypt20-dev &&
49 curl -L $TSS2_SRC | tar xz -C $TRAVIS_BUILD_DIR/.. &&
50 cd $TSS2_DIR &&
51 ./configure &&
52 make -j4 >/dev/null &&
53 sudo make install >/dev/null &&
54 sudo ldconfig || exit $?
55 cd -
56 }
57
58 if test -z $TRAVIS_BUILD_DIR; then
59 TRAVIS_BUILD_DIR=$PWD
60 fi
61
62 cd $TRAVIS_BUILD_DIR
63
64 TARGET=check
65
66 DEPS="libgmp-dev"
67
68 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
69
70 case "$TEST" in
71 default)
72 # should be the default, but lets make sure
73 CONFIG="--with-printf-hooks=glibc"
74 ;;
75 openssl)
76 CONFIG="--disable-defaults --enable-pki --enable-openssl"
77 DEPS="libssl-dev"
78 ;;
79 gcrypt)
80 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
81 DEPS="libgcrypt11-dev"
82 ;;
83 botan)
84 CONFIG="--disable-defaults --enable-pki --enable-botan --enable-pem"
85 # we can't use the old package that comes with Ubuntu so we build from
86 # the current master until 2.8.0 is released and then probably switch to
87 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
88 # currently required)
89 DEPS=""
90 if test "$1" = "deps"; then
91 build_botan
92 fi
93 ;;
94 printf-builtin)
95 CONFIG="--with-printf-hooks=builtin"
96 ;;
97 all|coverage|sonarcloud)
98 CONFIG="--enable-all --disable-android-dns --disable-android-log
99 --disable-kernel-pfroute --disable-keychain
100 --disable-lock-profiler --disable-padlock --disable-fuzzing
101 --disable-osx-attr --disable-tkm --disable-uci
102 --disable-soup --disable-unwind-backtraces
103 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
104 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
105 # not enabled on the build server
106 CONFIG="$CONFIG --disable-af-alg"
107 if test "$TEST" != "coverage"; then
108 CONFIG="$CONFIG --disable-coverage"
109 else
110 # not actually required but configure checks for it
111 DEPS="$DEPS lcov"
112 fi
113 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
114 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
115 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev libnm-dev
116 libjson0-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
117 PYDEPS="pytest"
118 if test "$1" = "deps"; then
119 build_botan
120 build_tss2
121 fi
122 ;;
123 win*)
124 CONFIG="--disable-defaults --enable-svc --enable-ikev2
125 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
126 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
127 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
128 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
129 --enable-updown --enable-ext-auth --enable-libipsec
130 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
131 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
132 --enable-pki --enable-swanctl --enable-socket-win
133 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
134 # no make check for Windows binaries unless we run on a windows host
135 if test "$APPVEYOR" != "True"; then
136 TARGET=
137 CCACHE=ccache
138 else
139 CONFIG="$CONFIG --enable-openssl"
140 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
141 LDFLAGS="-L/c/OpenSSL-$TEST"
142 export LDFLAGS
143 fi
144 CFLAGS="$CFLAGS -mno-ms-bitfields"
145 DEPS="gcc-mingw-w64-base"
146 case "$TEST" in
147 win64)
148 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
149 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
150 CC="$CCACHE x86_64-w64-mingw32-gcc"
151 ;;
152 win32)
153 CONFIG="--host=i686-w64-mingw32 $CONFIG"
154 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
155 CC="$CCACHE i686-w64-mingw32-gcc"
156 ;;
157 esac
158 ;;
159 osx)
160 # this causes a false positive in ip-packet.c since Xcode 8.3
161 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
162 # use the same options as in the Homebrew Formula
163 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
164 --enable-curl --enable-eap-gtc --enable-eap-identity
165 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
166 --enable-kernel-libipsec --enable-kernel-pfkey
167 --enable-kernel-pfroute --enable-nonce --enable-openssl
168 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
169 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
170 --enable-scepclient --enable-socket-default --enable-sshkey
171 --enable-stroke --enable-swanctl --enable-unity --enable-updown
172 --enable-x509 --enable-xauth-generic"
173 DEPS="bison gettext openssl curl"
174 BREW_PREFIX=$(brew --prefix)
175 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
176 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
177 for pkg in openssl curl
178 do
179 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
180 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
181 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
182 done
183 export PKG_CONFIG_PATH
184 export CPPFLAGS
185 export LDFLAGS
186 ;;
187 fuzzing)
188 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
189 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
190 --enable-imc-test --enable-tnccs-20"
191 # don't run any of the unit tests
192 export TESTS_RUNNERS=
193 # prepare corpora
194 if test -z "$1"; then
195 if test -z "$FUZZING_CORPORA"; then
196 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
197 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
198 fi
199 # these are about the same as those on OSS-Fuzz (except for the
200 # symbolize options and strip_path_prefix)
201 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
202 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
203 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
204 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
205 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
206 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
207 fi
208 ;;
209 dist)
210 TARGET=distcheck
211 ;;
212 apidoc)
213 DEPS="doxygen"
214 CONFIG="--disable-defaults"
215 TARGET=apidoc
216 ;;
217 *)
218 echo "$0: unknown test $TEST" >&2
219 exit 1
220 ;;
221 esac
222
223 if test "$1" = "deps"; then
224 case "$TRAVIS_OS_NAME" in
225 linux)
226 sudo apt-get update -qq && \
227 sudo apt-get install -qq bison flex gperf gettext $DEPS
228 ;;
229 osx)
230 brew update && \
231 # workaround for issue #6352
232 brew uninstall --force libtool && brew install libtool && \
233 brew install $DEPS
234 ;;
235 esac
236 exit $?
237 fi
238
239 if test "$1" = "pydeps"; then
240 test -z "$PYDEPS" || pip -q install --user $PYDEPS
241 exit $?
242 fi
243
244 CONFIG="$CONFIG
245 --disable-dependency-tracking
246 --enable-silent-rules
247 --enable-test-vectors
248 --enable-monolithic=${MONOLITHIC-no}
249 --enable-leak-detective=${LEAK_DETECTIVE-no}"
250
251 echo "$ ./autogen.sh"
252 ./autogen.sh || exit $?
253 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
254 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
255
256 case "$TEST" in
257 apidoc)
258 exec 2>make.warnings
259 ;;
260 *)
261 ;;
262 esac
263
264 echo "$ make $TARGET"
265 case "$TEST" in
266 sonarcloud)
267 # without target, coverage is currently not supported anyway because
268 # sonarqube only supports gcov, not lcov
269 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
270 ;;
271 *)
272 make -j4 $TARGET || exit $?
273 ;;
274 esac
275
276 case "$TEST" in
277 apidoc)
278 if test -s make.warnings; then
279 cat make.warnings
280 exit 1
281 fi
282 ;;
283 sonarcloud)
284 sonar-scanner \
285 -Dsonar.projectKey=strongswan \
286 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
287 -Dsonar.sources=. \
288 -Dsonar.cfamily.threads=2 \
289 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
290 ;;
291 *)
292 ;;
293 esac