# HG changeset patch # User Matt Johnston # Date 1634570512 -28800 # Node ID 827cee5feb461c8d1b0a55a4d82cf99a33299b92 # Parent d757f48ae29f84dd8b964d2de32f0a7fae623313 Add github actions build workflow, remove travis CI diff -r d757f48ae29f -r 827cee5feb46 .github/workflows/build.yml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.github/workflows/build.yml Mon Oct 18 23:21:52 2021 +0800 @@ -0,0 +1,141 @@ +# Can be used locally with https://github.com/nektos/act + +name: BuildTest +on: + pull_request: + push: + branches: + - master +jobs: + build: + runs-on: ${{ matrix.os || 'ubuntu-20.04' }} + strategy: + matrix: + include: + - name: plain linux + + - name: multi binary + multi: 1 + + - name: bundled libtom, bionic , no writev() + # test can use an older distro with bundled libtommath + os: ubuntu-18.04 + configure_flags: --enable-bundled-libtom + # NOWRITEV is unrelated, test here to save a job + nowritev: 1 + # pytest relies on python3.7 + skipcheck: True + + - name: linux clang + cc: clang + + - name: macos 10.15 + os: macos-10.15 + cc: clang + # OS X says daemon() and utmp are deprecated + wextraflags: -Wno-deprecated-declarations -Werror + + - name: macos 11 + os: macos-11 + cc: clang + # OS X says daemon() and utmp are deprecated + wextraflags: -Wno-deprecated-declarations -Werror + + # Fuzzers run standalone. A bit superfluous with cifuzz, but + # good to run the whole corpus to keep it working. + - name: fuzzing with address sanitizer + configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom + ldflags: -fsanitize=address + extracflags: -fsanitize=address + fuzz: True + cc: clang + + # Undefined Behaviour sanitizer + - name: fuzzing with undefined behaviour sanitizer + configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom + ldflags: -fsanitize=undefined + # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549 + extracflags: -fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment + fuzz: True + cc: clang + + env: + MULTI: ${{ matrix.multi }} + WEXTRAFLAGS: ${{ matrix.wextraflags || '-Werror' }} + CC: ${{ matrix.cc || 'gcc' }} + LDFLAGS: ${{ matrix.ldflags }} + EXTRACFLAGS: ${{ matrix.extracflags }} + CONFIGURE_FLAGS: ${{ matrix.configure_flags }} + # for fuzzing + CXX: clang++ + + steps: + - name: deps + run: | + apt-get -y update + apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv socat $CC + + - uses: actions/checkout@v2 + + - name: cache pip + uses: actions/cache@v2 + with: + path: test/venv + key: ${{ runner.os }}-pip-${{ hashFiles('test/requirements.txt') }} + restore-keys: ${{ runner.os }}-pip- + + - name: cache fuzzcorpus + uses: actions/cache@v2 + with: + path: fuzzcorpus + key: "hg.ucc/fuzzcorpus" + + - name: configure + run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1) + + - name: nowritev + if: ${{ matrix.nowritev }} + run: sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h + + - name: make + run: make -j3 + + - name: multilink + if: ${{ matrix.multi }} + run: make multilink + + - name: makefuzz + run: make fuzzstandalone + if: ${{ matrix.fuzz }} + + # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093) + - name: make install + run: make install + + - name: keys + run: | + mkdir -p ~/.ssh + ~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys + + - name: check + if: ${{ !matrix.skipcheck }} + # run in a TTY for some tests + run: socat - EXEC:"make check",pty + + # Sanity check that the binary runs + - name: genrsa + run: ~/inst/bin/dropbearkey -t rsa -f testrsa + - name: gendss + run: ~/inst/bin/dropbearkey -t dss -f testdss + - name: genecdsa256 + run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256 + - name: genecdsa384 + run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384 + - name: genecdsa521 + run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521 + - name: gened25519 + run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519 + + - name: fuzz + if: ${{ matrix.fuzz }} + run: ./fuzzers_test.sh diff -r d757f48ae29f -r 827cee5feb46 .travis.yml --- a/.travis.yml Mon Oct 18 23:20:32 2021 +0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,76 +0,0 @@ -language: c - -git: - depth: 3 - -# use focal which provides libtommath 1.20 -dist: focal - -matrix: - include: - - name: "plain linux" - compiler: gcc - env: WEXTRAFLAGS=-Werror - - name: "multi binary" - env: MULTI=1 WEXTRAFLAGS=-Werror - - name: "bundled libtom, xenial, no writev()" - # NOWRITEV is unrelated to libtom/xenial, test here to save a job - env: CONFIGURE_FLAGS=--enable-bundled-libtom WEXTRAFLAGS=-Werror NOWRITEV=1 - # can use an older distro with bundled libtom - dist: xenial - - name: "linux clang" - os: linux - compiler: clang - env: WEXTRAFLAGS=-Werror - - name: "osx" - os: osx - compiler: clang - # OS X says daemon() and utmp are deprecated - env: WEXTRAFLAGS="-Wno-deprecated-declarations -Werror" - # Note: the fuzzing malloc wrapper doesn't replace free() in system libtomcrypt, so need bundled. - # Address sanitizer - - name: "fuzz-asan" - env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=address EXTRACFLAGS=-fsanitize=address CXX=clang++ - compiler: clang - # Undefined Behaviour sanitizer - - name: "fuzz-ubsan" - # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549 - env: DO_FUZZ=1 CONFIGURE_FLAGS="--enable-fuzz --disable-harden --enable-bundled-libtom" WEXTRAFLAGS=-Werror LDFLAGS=-fsanitize=undefined EXTRACFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment" CXX=clang++ - compiler: clang - -# container-based builds -addons: - apt: - packages: - # packages list: https://github.com/travis-ci/apt-package-whitelist/blob/master/ubuntu-precise - - zlib1g-dev - - libtomcrypt-dev - - libtommath-dev - - mercurial - -before_install: - - if [ "$CC" = "clang" ]; then WEXTRAFLAGS="$WEXTRAFLAGS -Wno-error=incompatible-library-redeclaration" ; fi # workaround - -install: - - ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1) - - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi - - make lint - - make -j3 - - test -z $DO_FUZZ || make fuzzstandalone - # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093) - - make install - -script: - - ~/inst/bin/dropbearkey -t rsa -f testrsa - - ~/inst/bin/dropbearkey -t dss -f testdss - - ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256 - - ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384 - - ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521 - - ~/inst/bin/dropbearkey -t ed25519 -f tested25519 - - test -z $DO_FUZZ || ./fuzzers_test.sh - -branches: - only: - - master - - coverity -