openssh-portable/.github/setup_ci.sh

202 lines
5.0 KiB
Bash
Raw Normal View History

2021-04-23 06:53:32 +02:00
#!/bin/sh
PACKAGES=""
. .github/configs $@
case "`./config.guess`" in
*cygwin)
PACKAGER=setup
echo Setting CYGWIN sustem environment variable.
setx CYGWIN "binmode"
chmod -R go-rw /cygdrive/d/a
umask 077
PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
;;
*-darwin*)
PACKAGER=brew
2021-01-12 09:22:47 +01:00
brew install automake
exit 0
;;
*)
PACKAGER=apt
esac
TARGETS=$@
INSTALL_FIDO_PPA="no"
2021-09-23 23:03:18 +02:00
export DEBIAN_FRONTEND=noninteractive
#echo "Setting up for '$TARGETS'"
set -ex
if [ -x "`which lsb_release 2>&1`" ]; then
lsb_release -a
fi
# Ubuntu 22.04 defaults to private home dirs which prevent the
# agent-getpeerid test from running ssh-add as nobody. See
# https://github.com/actions/runner-images/issues/6106
if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then
echo ~ is not executable by nobody, adding perms.
chmod go+x ~
fi
if [ "${TARGETS}" = "kitchensink" ]; then
TARGETS="krb5 libedit pam sk selinux"
fi
for flag in $CONFIGFLAGS; do
case "$flag" in
--with-pam) TARGETS="${TARGETS} pam" ;;
--with-libedit) TARGETS="${TARGETS} libedit" ;;
esac
done
for TARGET in $TARGETS; do
case $TARGET in
default|without-openssl|without-zlib|c89)
# nothing to do
;;
2022-07-03 13:46:44 +02:00
clang-sanitize*)
PACKAGES="$PACKAGES clang-12"
;;
cygwin-release)
PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel"
;;
2022-07-05 08:23:28 +02:00
gcc-sanitize*)
;;
clang-*|gcc-*)
compiler=$(echo $TARGET | sed 's/-Werror//')
PACKAGES="$PACKAGES $compiler"
;;
2021-10-22 13:54:33 +02:00
krb5)
PACKAGES="$PACKAGES libkrb5-dev"
;;
heimdal)
PACKAGES="$PACKAGES heimdal-dev"
;;
libedit)
case "$PACKAGER" in
setup) PACKAGES="$PACKAGES libedit-devel" ;;
apt) PACKAGES="$PACKAGES libedit-dev" ;;
esac
;;
*pam)
PACKAGES="$PACKAGES libpam0g-dev"
;;
sk)
INSTALL_FIDO_PPA="yes"
2021-04-05 15:46:42 +02:00
PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev"
;;
selinux)
PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
;;
hardenedmalloc)
INSTALL_HARDENED_MALLOC=yes
2021-10-12 13:55:51 +02:00
;;
2022-02-18 02:12:21 +01:00
musl)
PACKAGES="$PACKAGES musl-tools"
;;
2021-10-12 13:55:51 +02:00
tcmalloc)
PACKAGES="$PACKAGES libgoogle-perftools-dev"
;;
2021-04-26 07:34:23 +02:00
openssl-noec)
INSTALL_OPENSSL=OpenSSL_1_1_1k
SSLCONFOPTS="no-ec"
;;
openssl-*)
INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-)
case ${INSTALL_OPENSSL} in
1.1.1_stable) INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;;
1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;;
3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;;
esac
2021-04-26 06:29:03 +02:00
PACKAGES="${PACKAGES} putty-tools"
;;
libressl-*)
INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
case ${INSTALL_LIBRESSL} in
master) ;;
*) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;;
esac
2021-04-26 06:29:03 +02:00
PACKAGES="${PACKAGES} putty-tools"
;;
valgrind*)
2021-02-19 00:16:56 +01:00
PACKAGES="$PACKAGES valgrind"
;;
*) echo "Invalid option '${TARGET}'"
exit 1
;;
esac
done
2021-04-23 11:49:46 +02:00
if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
sudo apt update -qq
2021-09-23 23:03:18 +02:00
sudo apt install -qy software-properties-common
sudo apt-add-repository -y ppa:yubico/stable
fi
tries=3
while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do
case "$PACKAGER" in
apt)
sudo apt update -qq
if sudo apt install -qy $PACKAGES; then
PACKAGES=""
fi
;;
setup)
if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then
PACKAGES=""
fi
;;
esac
if [ ! -z "$PACKAGES" ]; then
sleep 90
fi
tries=$(($tries - 1))
done
if [ ! -z "$PACKAGES" ]; then
echo "Package installation failed."
exit 1
fi
if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
(cd ${HOME} &&
git clone https://github.com/GrapheneOS/hardened_malloc.git &&
cd ${HOME}/hardened_malloc &&
make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/)
fi
if [ ! -z "${INSTALL_OPENSSL}" ]; then
(cd ${HOME} &&
git clone https://github.com/openssl/openssl.git &&
cd ${HOME}/openssl &&
git checkout ${INSTALL_OPENSSL} &&
./config no-threads shared ${SSLCONFOPTS} \
--prefix=/opt/openssl &&
make && sudo make install_sw)
fi
if [ ! -z "${INSTALL_LIBRESSL}" ]; then
if [ "${INSTALL_LIBRESSL}" = "master" ]; then
(mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
git clone https://github.com/libressl-portable/portable.git &&
cd ${HOME}/libressl/portable &&
git checkout ${INSTALL_LIBRESSL} &&
sh update.sh && sh autogen.sh &&
./configure --prefix=/opt/libressl &&
make -j2 && sudo make install)
else
LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL
(cd ${HOME} &&
wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz &&
tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz &&
cd libressl-${INSTALL_LIBRESSL} &&
./configure --prefix=/opt/libressl && make -j2 && sudo make install)
fi
fi