travis: Don't build botan twice if installing dependencies is retried
[strongswan.git] / scripts / test.sh
1 #!/bin/sh
2 # Build script for Travis CI
3
4 build_botan()
5 {
6 # same revision used in the build recipe of the testing environment
7 BOTAN_REV=1872f899716854927ecc68022fac318735be8824
8 BOTAN_DIR=$TRAVIS_BUILD_DIR/../botan
9
10 if test -d "$BOTAN_DIR"; then
11 return
12 fi
13
14 # if the leak detective is enabled we have to disable threading support
15 # (used for std::async) as that causes invalid frees somehow, the
16 # locking allocator causes a static leak via the first function that
17 # references it (e.g. crypter or hasher), so we disable that too
18 if test "$LEAK_DETECTIVE" = "yes"; then
19 BOTAN_CONFIG="--without-os-features=threads
20 --disable-modules=locking_allocator"
21 fi
22 # disable some larger modules we don't need for the tests
23 BOTAN_CONFIG="$BOTAN_CONFIG --disable-modules=pkcs11,tls,x509,xmss"
24
25 git clone https://github.com/randombit/botan.git $BOTAN_DIR &&
26 cd $BOTAN_DIR &&
27 git checkout -qf $BOTAN_REV &&
28 python ./configure.py --amalgamation $BOTAN_CONFIG &&
29 make -j4 libs >/dev/null &&
30 sudo make install >/dev/null &&
31 sudo ldconfig || exit $?
32 cd -
33 }
34
35 if test -z $TRAVIS_BUILD_DIR; then
36 TRAVIS_BUILD_DIR=$PWD
37 fi
38
39 cd $TRAVIS_BUILD_DIR
40
41 TARGET=check
42
43 DEPS="libgmp-dev"
44
45 CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror"
46
47 case "$TEST" in
48 default)
49 # should be the default, but lets make sure
50 CONFIG="--with-printf-hooks=glibc"
51 ;;
52 openssl)
53 CONFIG="--disable-defaults --enable-pki --enable-openssl"
54 DEPS="libssl-dev"
55 ;;
56 gcrypt)
57 CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
58 DEPS="libgcrypt11-dev"
59 ;;
60 botan)
61 CONFIG="--disable-defaults --enable-pki --enable-botan"
62 # we can't use the old package that comes with Ubuntu so we build from
63 # the current master until 2.8.0 is released and then probably switch to
64 # that unless we need newer features (at least 2.7.0 plus PKCS#1 patch is
65 # currently required)
66 DEPS=""
67 if test "$1" = "deps"; then
68 build_botan
69 fi
70 ;;
71 printf-builtin)
72 CONFIG="--with-printf-hooks=builtin"
73 ;;
74 all|coverage|sonarcloud)
75 CONFIG="--enable-all --disable-android-dns --disable-android-log
76 --disable-kernel-pfroute --disable-keychain
77 --disable-lock-profiler --disable-padlock --disable-fuzzing
78 --disable-osx-attr --disable-tkm --disable-uci
79 --disable-systemd --disable-soup --disable-unwind-backtraces
80 --disable-svc --disable-dbghelp-backtraces --disable-socket-win
81 --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
82 # Ubuntu 14.04 does provide a too old libtss2-dev
83 CONFIG="$CONFIG --disable-tss-tss2"
84 # Ubuntu 14.04 does not provide libnm
85 CONFIG="$CONFIG --disable-nm"
86 # not enabled on the build server
87 CONFIG="$CONFIG --disable-af-alg"
88 if test "$TEST" != "coverage"; then
89 CONFIG="$CONFIG --disable-coverage"
90 else
91 # not actually required but configure checks for it
92 DEPS="$DEPS lcov"
93 fi
94 DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
95 libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
96 libpcsclite-dev libpam0g-dev binutils-dev libunwind8-dev
97 libjson0-dev iptables-dev python-pip libtspi-dev"
98 PYDEPS="pytest"
99 if test "$1" = "deps"; then
100 build_botan
101 fi
102 ;;
103 win*)
104 CONFIG="--disable-defaults --enable-svc --enable-ikev2
105 --enable-ikev1 --enable-static --enable-test-vectors --enable-nonce
106 --enable-constraints --enable-revocation --enable-pem --enable-pkcs1
107 --enable-pkcs8 --enable-x509 --enable-pubkey --enable-acert
108 --enable-eap-tnc --enable-eap-ttls --enable-eap-identity
109 --enable-updown --enable-ext-auth --enable-libipsec
110 --enable-tnccs-20 --enable-imc-attestation --enable-imv-attestation
111 --enable-imc-os --enable-imv-os --enable-tnc-imv --enable-tnc-imc
112 --enable-pki --enable-swanctl --enable-socket-win"
113 # no make check for Windows binaries unless we run on a windows host
114 if test "$APPVEYOR" != "True"; then
115 TARGET=
116 else
117 CONFIG="$CONFIG --enable-openssl"
118 CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
119 LDFLAGS="-L/c/OpenSSL-$TEST"
120 export LDFLAGS
121 fi
122 CFLAGS="$CFLAGS -mno-ms-bitfields"
123 DEPS="gcc-mingw-w64-base"
124 case "$TEST" in
125 win64)
126 # headers on 12.04 are too old, so we only build the plugins here
127 CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces
128 --enable-kernel-iph --enable-kernel-wfp --enable-winhttp"
129 DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
130 CC="x86_64-w64-mingw32-gcc"
131 # apply patch to MinGW headers
132 if test "$APPVEYOR" != "True" -a -z "$1"; then
133 sudo patch -f -p 4 -d /usr/share/mingw-w64/include < src/libcharon/plugins/kernel_wfp/mingw-w64-4.8.1.diff
134 fi
135 ;;
136 win32)
137 CONFIG="--host=i686-w64-mingw32 $CONFIG"
138 # currently only works on 12.04, so use mingw-w64-dev instead of mingw-w64-i686-dev
139 DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-dev $DEPS"
140 CC="i686-w64-mingw32-gcc"
141 ;;
142 esac
143 ;;
144 osx)
145 # this causes a false positive in ip-packet.c since Xcode 8.3
146 CFLAGS="$CFLAGS -Wno-address-of-packed-member"
147 # use the same options as in the Homebrew Formula
148 CONFIG="--disable-defaults --enable-charon --enable-cmd --enable-constraints
149 --enable-curl --enable-eap-gtc --enable-eap-identity
150 --enable-eap-md5 --enable-eap-mschapv2 --enable-ikev1 --enable-ikev2
151 --enable-kernel-libipsec --enable-kernel-pfkey
152 --enable-kernel-pfroute --enable-nonce --enable-openssl
153 --enable-osx-attr --enable-pem --enable-pgp --enable-pkcs1
154 --enable-pkcs8 --enable-pki --enable-pubkey --enable-revocation
155 --enable-scepclient --enable-socket-default --enable-sshkey
156 --enable-stroke --enable-swanctl --enable-unity --enable-updown
157 --enable-x509 --enable-xauth-generic"
158 DEPS="bison gettext openssl curl"
159 BREW_PREFIX=$(brew --prefix)
160 export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
161 export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
162 for pkg in openssl curl
163 do
164 PKG_CONFIG_PATH=$BREW_PREFIX/opt/$pkg/lib/pkgconfig:$PKG_CONFIG_PATH
165 CPPFLAGS="-I$BREW_PREFIX/opt/$pkg/include $CPPFLAGS"
166 LDFLAGS="-L$BREW_PREFIX/opt/$pkg/lib $LDFLAGS"
167 done
168 export PKG_CONFIG_PATH
169 export CPPFLAGS
170 export LDFLAGS
171 ;;
172 fuzzing)
173 CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
174 CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
175 --enable-imc-test --enable-tnccs-20"
176 # don't run any of the unit tests
177 export TESTS_RUNNERS=
178 # prepare corpora
179 if test -z "$1"; then
180 if test -z "$FUZZING_CORPORA"; then
181 git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
182 export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
183 fi
184 # these are about the same as those on OSS-Fuzz (except for the
185 # symbolize options and strip_path_prefix)
186 export ASAN_OPTIONS=redzone=16:handle_sigill=1:strict_string_check=1:\
187 allocator_release_to_os_interval_ms=500:strict_memcmp=1:detect_container_overflow=1:\
188 coverage=0:allocator_may_return_null=1:use_sigaltstack=1:detect_stack_use_after_return=1:\
189 alloc_dealloc_mismatch=0:detect_leaks=1:print_scariness=1:max_uar_stack_size_log=16:\
190 handle_abort=1:check_malloc_usable_size=0:quarantine_size_mb=10:detect_odr_violation=0:\
191 symbolize=1:handle_segv=1:fast_unwind_on_fatal=0:external_symbolizer_path=/usr/bin/llvm-symbolizer-3.5
192 fi
193 ;;
194 dist)
195 TARGET=distcheck
196 ;;
197 apidoc)
198 DEPS="doxygen"
199 CONFIG="--disable-defaults"
200 TARGET=apidoc
201 ;;
202 *)
203 echo "$0: unknown test $TEST" >&2
204 exit 1
205 ;;
206 esac
207
208 if test "$1" = "deps"; then
209 case "$TRAVIS_OS_NAME" in
210 linux)
211 sudo apt-get update -qq && \
212 sudo apt-get install -qq bison flex gperf gettext $DEPS
213 ;;
214 osx)
215 brew update && \
216 # workaround for issue #6352
217 brew uninstall --force libtool && brew install libtool && \
218 brew install $DEPS
219 ;;
220 esac
221 exit $?
222 fi
223
224 if test "$1" = "pydeps"; then
225 test -z "$PYDEPS" || pip -q install --user $PYDEPS
226 exit $?
227 fi
228
229 CONFIG="$CONFIG
230 --disable-dependency-tracking
231 --enable-silent-rules
232 --enable-test-vectors
233 --enable-monolithic=${MONOLITHIC-no}
234 --enable-leak-detective=${LEAK_DETECTIVE-no}"
235
236 echo "$ ./autogen.sh"
237 ./autogen.sh || exit $?
238 echo "$ CC=$CC CFLAGS=\"$CFLAGS\" ./configure $CONFIG"
239 CC="$CC" CFLAGS="$CFLAGS" ./configure $CONFIG || exit $?
240
241 case "$TEST" in
242 apidoc)
243 exec 2>make.warnings
244 ;;
245 *)
246 ;;
247 esac
248
249 echo "$ make $TARGET"
250 case "$TEST" in
251 sonarcloud)
252 # without target, coverage is currently not supported anyway because
253 # sonarqube only supports gcov, not lcov
254 build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
255 ;;
256 *)
257 make -j4 $TARGET || exit $?
258 ;;
259 esac
260
261 case "$TEST" in
262 apidoc)
263 if test -s make.warnings; then
264 cat make.warnings
265 exit 1
266 fi
267 ;;
268 sonarcloud)
269 sonar-scanner \
270 -Dsonar.projectKey=strongswan \
271 -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
272 -Dsonar.sources=. \
273 -Dsonar.cfamily.build-wrapper-output=bw-output || exit $?
274 ;;
275 *)
276 ;;
277 esac