travis: Add Botan build
[strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 if test -z $TRAVIS_BUILD_DIR; then
5 TRAVIS_BUILD_DIR=$PWD
6 fi
7
8 cd $TRAVIS_BUILD_DIR
9
10 TARGET=check
11
12 DEPS="libgmp-dev"
13
14 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
15
16 case "$TEST" in
17 default)
18 # should be the default, but lets make sure
19 CONFIG="--with-printf-hooks=glibc"
20 ;;
21 openssl)
22 CONFIG="--disable-defaults --enable-pki --enable-openssl"
23 DEPS="libssl-dev"
24 ;;
25 gcrypt)
26 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
27 DEPS="libgcrypt11-dev"
28 ;;
29 botan)
30 CONFIG="--disable-defaults --enable-pki --enable-botan"
31 # we can't use the old package that comes with Ubuntu so we build from
32 # the current master until 2.8.0 is released and then probably switch to
33 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
34 # currently required)
35 DEPS=""
36 if test "$1" = "deps"; then
37 # if the leak detective is enabled we have to disable threading support
38 # (used for std::async) as that causes invalid frees somehow, the
39 # locking allocator causes a static leak via the first function that
40 # references it (e.g. crypter or hasher), so we disable that too
41 if test "$LEAK_DETECTIVE" = "yes"; then
42 BOTAN_CONFIG="--without-os-features=threads
43 --disable-modules=locking_allocator"
44 fi
45 # disable some larger modules we don't need for the tests
46 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
47 git clone --depth 1 https://github.com/randombit/botan.git botan &&
48 cd botan &&
49 python ./configure.py $BOTAN_CONFIG &&
50 make -j4 libs >/dev/null &&
51 sudo make install >/dev/null &&
52 sudo ldconfig || exit $?
53 fi
54 ;;
55 printf-builtin)
56 CONFIG="--with-printf-hooks=builtin"
57 ;;
58 all|coverage|sonarcloud)
59 CONFIG="--enable-all --disable-android-dns --disable-android-log
60 --disable-kernel-pfroute --disable-keychain
61 --disable-lock-profiler --disable-padlock --disable-fuzzing
62 --disable-osx-attr --disable-tkm --disable-uci
63 --disable-systemd --disable-soup --disable-unwind-backtraces
64 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
65 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
66 # Ubuntu 14.04 does provide a too old libtss2-dev
67 CONFIG="$CONFIG --disable-tss-tss2"
68 # Ubuntu 14.04 does not provide libnm
69 CONFIG="$CONFIG --disable-nm"
70 # not enabled on the build server
71 CONFIG="$CONFIG --disable-af-alg"
72 # separate test case with external dependency
73 CONFIG="$CONFIG --disable-botan"
74 if test "$TEST" != "coverage"; then
75 CONFIG="$CONFIG --disable-coverage"
76 else
77 # not actually required but configure checks for it
78 DEPS="$DEPS lcov"
79 fi
80 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
81 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
82 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev
83 libjson0-dev iptables-dev python-pip libtspi-dev"
84 PYDEPS="pytest"
85 ;;
86 win*)
87 CONFIG="--disable-defaults --enable-svc --enable-ikev2
88 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
89 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
90 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
91 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
92 --enable-updown --enable-ext-auth --enable-libipsec
93 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
94 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
95 --enable-pki --enable-swanctl --enable-socket-win"
96 # no make check for Windows binaries unless we run on a windows host
97 if test "$APPVEYOR" != "True"; then
98 TARGET=
99 else
100 CONFIG="$CONFIG --enable-openssl"
101 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
102 LDFLAGS="-L/c/OpenSSL-$TEST"
103 export LDFLAGS
104 fi
105 CFLAGS="$CFLAGS -mno-ms-bitfields"
106 DEPS="gcc-mingw-w64-base"
107 case "$TEST" in
108 win64)
109 # headers on 12.04 are too old, so we only build the plugins here
110 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces
111 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
112 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
113 CC="x86_64-w64-mingw32-gcc"
114 # apply patch to MinGW headers
115 if test "$APPVEYOR" != "True" -a -z "$1"; then
116 sudo patch -f -p 4 -d /usr/share/mingw-w64/include < src/libcharon/plugins/kernel_wfp/mingw-w64-4.8.1.diff
117 fi
118 ;;
119 win32)
120 CONFIG="--host=i686-w64-mingw32 $CONFIG"
121 # currently only works on 12.04, so use mingw-w64-dev instead of mingw-w64-i686-dev
122 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-dev $DEPS"
123 CC="i686-w64-mingw32-gcc"
124 ;;
125 esac
126 ;;
127 osx)
128 # this causes a false positive in ip-packet.c since Xcode 8.3
129 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
130 # use the same options as in the Homebrew Formula
131 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
132 --enable-curl --enable-eap-gtc --enable-eap-identity
133 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
134 --enable-kernel-libipsec --enable-kernel-pfkey
135 --enable-kernel-pfroute --enable-nonce --enable-openssl
136 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
137 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
138 --enable-scepclient --enable-socket-default --enable-sshkey
139 --enable-stroke --enable-swanctl --enable-unity --enable-updown
140 --enable-x509 --enable-xauth-generic"
141 DEPS="bison gettext openssl curl"
142 BREW_PREFIX=$(brew --prefix)
143 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
144 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
145 for pkg in openssl curl
146 do
147 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
148 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
149 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
150 done
151 export PKG_CONFIG_PATH
152 export CPPFLAGS
153 export LDFLAGS
154 ;;
155 fuzzing)
156 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
157 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
158 --enable-imc-test --enable-tnccs-20"
159 # don't run any of the unit tests
160 export TESTS_RUNNERS=
161 # prepare corpora
162 if test -z "$1"; then
163 if test -z "$FUZZING_CORPORA"; then
164 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
165 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
166 fi
167 # these are about the same as those on OSS-Fuzz (except for the
168 # symbolize options and strip_path_prefix)
169 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
170 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
171 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
172 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
173 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
174 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
175 fi
176 ;;
177 dist)
178 TARGET=distcheck
179 ;;
180 apidoc)
181 DEPS="doxygen"
182 CONFIG="--disable-defaults"
183 TARGET=apidoc
184 ;;
185 *)
186 echo "$0: unknown test $TEST" >&2
187 exit 1
188 ;;
189 esac
190
191 if test "$1" = "deps"; then
192 case "$TRAVIS_OS_NAME" in
193 linux)
194 sudo apt-get update -qq && \
195 sudo apt-get install -qq bison flex gperf gettext $DEPS
196 ;;
197 osx)
198 brew update && \
199 # workaround for issue #6352
200 brew uninstall --force libtool && brew install libtool && \
201 brew install $DEPS
202 ;;
203 esac
204 exit $?
205 fi
206
207 if test "$1" = "pydeps"; then
208 test -z "$PYDEPS" || pip -q install --user $PYDEPS
209 exit $?
210 fi
211
212 CONFIG="$CONFIG
213 --disable-dependency-tracking
214 --enable-silent-rules
215 --enable-test-vectors
216 --enable-monolithic=${MONOLITHIC-no}
217 --enable-leak-detective=${LEAK_DETECTIVE-no}"
218
219 echo "$ ./autogen.sh"
220 ./autogen.sh || exit $?
221 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
222 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
223
224 case "$TEST" in
225 apidoc)
226 exec 2>make.warnings
227 ;;
228 *)
229 ;;
230 esac
231
232 echo "$ make $TARGET"
233 case "$TEST" in
234 sonarcloud)
235 # without target, coverage is currently not supported anyway because
236 # sonarqube only supports gcov, not lcov
237 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
238 ;;
239 *)
240 make -j4 $TARGET || exit $?
241 ;;
242 esac
243
244 case "$TEST" in
245 apidoc)
246 if test -s make.warnings; then
247 cat make.warnings
248 exit 1
249 fi
250 ;;
251 sonarcloud)
252 sonar-scanner \
253 -Dsonar.projectKey=strongswan \
254 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
255 -Dsonar.sources=. \
256 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
257 ;;
258 *)
259 ;;
260 esac