ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

sync github July 2024

Browse Source
This commit is contained in:
allegroai
2024-07-24 03:31:27 +03:00
parent 35427a2d0b
commit b63e8d8694
194 changed files with 2174 additions and 1150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/autoconf.yml vendored
View File

@@ -1,5 +1,5 @@
# Checks that autoconf has been run if configure.ac was updated
# Assumes that autoconf 2.69 was run, the same as ubuntu 20.04
# Assumes that autoconf 2.71 was run, the same as ubuntu 22.04
name: Autoconf Up To Date
on:
pull_request:
@@ -16,7 +16,7 @@ jobs:
sudo apt-get -y update
sudo apt-get -y install autoconf
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: run autoconf
run: autoconf && autoheader

58
.github/workflows/build.yml vendored
View File

@@ -42,7 +42,7 @@ jobs:
- name: bundled libtom, bionic , no writev()
# test can use an older distro with bundled libtommath
os: ubuntu-18.04
os: ubuntu-20.04
configure_flags: --enable-bundled-libtom --enable-werror
# NOWRITEV is unrelated, test here to save a job
nowritev: 1
@@ -57,6 +57,21 @@ jobs:
# early declarations so we specify it anyway.
- name: c89
extracflags: -std=c89 -Wdeclaration-after-statement
# enable all options
nondefault: 1
configure_flags: --enable-pam
- name: macos 14
os: macos-14
cc: clang
# OS X says daemon() and utmp are deprecated.
# OS X tests for undefined TARGET_OS_EMBEDDED in libc headers
extracflags: -Wno-deprecated-declarations -Wno-undef
runcheck: 'no'
apt: 'no'
# fails with:
# .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols
ranlib: ranlib -no_warning_for_no_symbols
- name: macos 12
os: macos-12
@@ -70,16 +85,10 @@ jobs:
# .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols
ranlib: ranlib -no_warning_for_no_symbols
- name: macos 11
os: macos-11
cc: clang
extracflags: -Wno-deprecated-declarations -Wno-undef
runcheck: 'no'
apt: 'no'
ranlib: ranlib -no_warning_for_no_symbols
# Check that debug code doesn't bitrot
- name: DEBUG_TRACE
nondefault: 1
configure_flags: --enable-pam
localoptions: |
#define DEBUG_TRACE 5
@@ -124,6 +133,22 @@ jobs:
#define DROPBEAR_USE_PASSWORD_ENV 0
#define DROPBEAR_SFTPSERVER 0
- name: other algo combos
runcheck: 'no'
# disables all sha1
localoptions: |
#define DROPBEAR_SHA1_HMAC 0
#define DROPBEAR_RSA_SHA1 0
#define DROPBEAR_DH_GROUP14_SHA1 0
#define DROPBEAR_ECDSA 0
#define DROPBEAR_ED25519 0
#define DROPBEAR_SK_KEYS 0
#define DROPBEAR_ENABLE_GCM_MODE 1
#define DROPBEAR_3DES 1
#define DROPBEAR_DH_GROUP16 1
#define DROPBEAR_SHA2_512_HMAC 1
#define DROPBEAR_CLI_PUBKEY_AUTH 0
# # Fuzzers run standalone. A bit superfluous with cifuzz, but
# # good to run the whole corpus to keep it working.
# - name: fuzzing with address sanitizer
@@ -168,7 +193,7 @@ jobs:
sudo apt-get -y update
sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv libpam0g-dev $CC
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: configure
run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)
@@ -179,22 +204,22 @@ jobs:
- name: localoptions
run: |
echo "$LOCALOPTIONS" > localoptions.h
echo "#define DROPBEAR_DSS 1" >> localoptions.h
cat localoptions.h
echo "$LOCALOPTIONS" | tee localoptions.h
- name: nondefault
if: ${{ matrix.nondefault }}
run: |
# Turn on anything that's off by default. Rough but seems sufficient
grep ' 0$' default_options.h | sed 's/0$/1/' > localoptions.h
grep ' 0$' src/default_options.h | sed 's/0$/1/' > localoptions.h
# PAM clashes with password
echo "#define DROPBEAR_SVR_PASSWORD_AUTH 0" >> localoptions.h
# 1 second timeout is too short
sed -i "s/DEFAULT_IDLE_TIMEOUT 1/DEFAULT_IDLE_TIMEOUT 99/" localoptions.h
- name: make
run: make -j3 $MAKE_TARGET
run: |
cat localoptions.h
make -j3 $MAKE_TARGET
- name: multilink
if: ${{ matrix.multilink }}
@@ -247,9 +272,6 @@ jobs:
- name: genrsa
if: ${{ matrix.runcheck != 'no' }}
run: ~/inst/bin/dropbearkey -t rsa -f testrsa
- name: gendss
if: ${{ matrix.runcheck != 'no' }}
run: ~/inst/bin/dropbearkey -t dss -f testdss
- name: genecdsa256
if: ${{ matrix.runcheck != 'no' }}
run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256

2
.github/workflows/cifuzz.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
fuzz-seconds: 1200
dry-run: false
- name: Upload Crash
uses: actions/upload-artifact@v1
uses: actions/upload-artifact@v4
if: failure() && steps.build.outcome == 'success'
with:
name: artifacts

25
.github/workflows/outoftree.yml vendored Normal file
View File

@@ -0,0 +1,25 @@
# Can be used locally with https://github.com/nektos/act
name: Out of tree build
on:
pull_request:
push:
branches:
- master
jobs:
outoftree:
runs-on: 'ubuntu-22.04'
steps:
- uses: actions/checkout@v4
- name: build
run: |
mkdir build
cd build
../configure --enable-fuzz --enable-bundled-libtom --prefix=$PWD/inst
make -j3
make -j3 fuzzstandalone
make install
test -x inst/bin/dbclient
test -f inst/share/man/man8/dropbear.8

8
.github/workflows/tarball.yml vendored
View File

@@ -8,19 +8,19 @@ jobs:
runs-on: 'ubuntu-22.04'
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: release.sh
run: ./release.sh --testrel | tee log1.txt
- name: extract output
run: |
grep ^SHA256 log1.txt > sha256sum.txt
grep ^SHA256 log1.txt | tee sha256sum.txt
sed 's/.*= *//' < sha256sum.txt > hash.txt
mv `tail -n1 log1.txt` rel.tar.bz2
- name: sha256sum
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: sha256sum
path: |
@@ -28,7 +28,7 @@ jobs:
hash.txt
- name: tarball
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: tarball
# only keep for debugging