language: c git: depth: 3 # use focal which provides libtommath 1.20 dist: focal matrix: include: - name: "plain linux" compiler: gcc env: WEXTRAFLAGS=-Werror - name: "multi binary" env: MULTI=1 WEXTRAFLAGS=-Werror - name: "bundled libtom, xenial, no writev()" # NOWRITEV is unrelated to libtom/xenial, test here to save a job env: CONFIGURE_FLAGS=--enable-bundled-libtom WEXTRAFLAGS=-Werror NOWRITEV=1 # can use an older distro with bundled libtom dist: xenial - name: "linux clang" os: linux compiler: clang env: WEXTRAFLAGS=-Werror - name: "osx" os: osx compiler: clang # OS X says daemon() and utmp are deprecated env: WEXTRAFLAGS="-Wno-deprecated-declarations -Werror" # Note: the fuzzing malloc wrapper doesn't replace free() in system libtomcrypt, so need bundled. # Address sanitizer - name: "fuzz-asan" env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=address EXTRACFLAGS=-fsanitize=address CXX=clang++ compiler: clang # Undefined Behaviour sanitizer - name: "fuzz-ubsan" # don't fail with alignment due to env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=undefined EXTRACFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment" CXX=clang++ compiler: clang # container-based builds addons: apt: packages: # packages list: - zlib1g-dev - libtomcrypt-dev - libtommath-dev - mercurial before_install: - if [ "$CC" = "clang" ]; then WEXTRAFLAGS="$WEXTRAFLAGS -Wno-error=incompatible-library-redeclaration" ; fi # workaround install: - ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1) - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi - make lint - make -j3 - test -z $DO_FUZZ || make fuzzstandalone # avoid concurrent install, osx/freebsd is racey ( - make install script: - ~/inst/bin/dropbearkey -t rsa -f testrsa - ~/inst/bin/dropbearkey -t dss -f testdss - ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256 - ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384 - ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521 - ~/inst/bin/dropbearkey -t ed25519 -f tested25519 - test -z $DO_FUZZ || ./ branches: only: - master - coverity