mirror of
https://github.com/clearml/dropbear
synced 2025-01-31 10:57:01 +00:00
8da9646c83
Change tests to avoid double-negative for skipcheck Skip some actions when running under act
165 lines
5.3 KiB
YAML
165 lines
5.3 KiB
YAML
# Can be used locally with https://github.com/nektos/act
|
|
|
|
name: BuildTest
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- master
|
|
jobs:
|
|
build:
|
|
runs-on: ${{ matrix.os || 'ubuntu-20.04' }}
|
|
strategy:
|
|
matrix:
|
|
# Rather than a boolean False we use eg
|
|
# runcheck: 'no'
|
|
# Otherwise GH expressions will make a None var
|
|
# compare with False. We want an undefined default of True.
|
|
include:
|
|
- name: plain linux
|
|
|
|
- name: multi binary
|
|
multi: 1
|
|
|
|
- name: bundled libtom, bionic , no writev()
|
|
# test can use an older distro with bundled libtommath
|
|
os: ubuntu-18.04
|
|
configure_flags: --enable-bundled-libtom
|
|
# NOWRITEV is unrelated, test here to save a job
|
|
nowritev: 1
|
|
# pytest relies on python3.7
|
|
runcheck: 'no'
|
|
|
|
- name: linux clang
|
|
cc: clang
|
|
|
|
- name: macos 10.15
|
|
os: macos-10.15
|
|
cc: clang
|
|
# OS X says daemon() and utmp are deprecated
|
|
wextraflags: -Wno-deprecated-declarations -Werror
|
|
runcheck: 'no'
|
|
apt: 'no'
|
|
# fails with:
|
|
# .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols
|
|
ranlib: ranlib -no_warning_for_no_symbols
|
|
|
|
- name: macos 11
|
|
os: macos-11
|
|
cc: clang
|
|
wextraflags: -Wno-deprecated-declarations -Werror
|
|
runcheck: 'no'
|
|
apt: 'no'
|
|
ranlib: ranlib -no_warning_for_no_symbols
|
|
|
|
# # Fuzzers run standalone. A bit superfluous with cifuzz, but
|
|
# # good to run the whole corpus to keep it working.
|
|
# - name: fuzzing with address sanitizer
|
|
# configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom
|
|
# ldflags: -fsanitize=address
|
|
# extracflags: -fsanitize=address
|
|
# fuzz: True
|
|
# cc: clang
|
|
|
|
# # Undefined Behaviour sanitizer
|
|
# - name: fuzzing with undefined behaviour sanitizer
|
|
# configure_flags: --enable-fuzz --disable-harden --enable-bundled-libtom
|
|
# ldflags: -fsanitize=undefined
|
|
# # don't fail with alignment due to https://github.com/libtom/libtomcrypt/issues/549
|
|
# extracflags: -fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-recover=alignment
|
|
# fuzz: True
|
|
# cc: clang
|
|
|
|
env:
|
|
MULTI: ${{ matrix.multi }}
|
|
WEXTRAFLAGS: ${{ matrix.wextraflags || '-Werror' }}
|
|
CC: ${{ matrix.cc || 'gcc' }}
|
|
LDFLAGS: ${{ matrix.ldflags }}
|
|
EXTRACFLAGS: ${{ matrix.extracflags }}
|
|
CONFIGURE_FLAGS: ${{ matrix.configure_flags }}
|
|
# for fuzzing
|
|
CXX: clang++
|
|
RANLIB: ${{ matrix.ranlib || 'ranlib' }}
|
|
|
|
steps:
|
|
- name: deps
|
|
if: ${{ matrix.apt != 'no' }}
|
|
run: |
|
|
sudo apt-get -y update
|
|
sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv socat $CC
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: cache pip
|
|
if: ${{ !env.ACT }}
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: test/venv
|
|
key: ${{ runner.os }}-pip-${{ hashFiles('test/requirements.txt') }}
|
|
restore-keys: ${{ runner.os }}-pip-
|
|
|
|
- name: cache fuzzcorpus
|
|
if: ${{ !env.ACT }}
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: fuzzcorpus
|
|
key: "hg.ucc/fuzzcorpus"
|
|
|
|
- name: configure
|
|
run: ./configure $CONFIGURE_FLAGS CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS $EXTRACFLAGS" --prefix="$HOME/inst" || (cat config.log; exit 1)
|
|
|
|
- name: nowritev
|
|
if: ${{ matrix.nowritev }}
|
|
run: sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h
|
|
|
|
- name: make
|
|
run: make -j3
|
|
|
|
- name: multilink
|
|
if: ${{ matrix.multi }}
|
|
run: make multilink
|
|
|
|
- name: makefuzz
|
|
run: make fuzzstandalone
|
|
if: ${{ matrix.fuzz }}
|
|
|
|
# avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
|
|
- name: make install
|
|
run: make install
|
|
|
|
- name: keys
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
~/inst/bin/dropbearkey -t ecdsa -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys
|
|
|
|
# upload config.log if something has failed
|
|
- name: config.log
|
|
if: ${{ !env.ACT && (failure() || cancelled()) }}
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: config.log
|
|
path: config.log
|
|
|
|
- name: check
|
|
if: ${{ matrix.runcheck != 'no' }}
|
|
# run in a TTY for some tests
|
|
run: socat - EXEC:"make check",pty
|
|
|
|
# Sanity check that the binary runs
|
|
- name: genrsa
|
|
run: ~/inst/bin/dropbearkey -t rsa -f testrsa
|
|
- name: gendss
|
|
run: ~/inst/bin/dropbearkey -t dss -f testdss
|
|
- name: genecdsa256
|
|
run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
|
|
- name: genecdsa384
|
|
run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
|
|
- name: genecdsa521
|
|
run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
|
|
- name: gened25519
|
|
run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519
|
|
|
|
- name: fuzz
|
|
if: ${{ matrix.fuzz }}
|
|
run: ./fuzzers_test.sh
|