Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
2021-01-15 04:11:43 +01:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# usage: configs vmname test_config (or '' for default)
|
|
|
|
#
|
|
|
|
# Sets the following variables:
|
|
|
|
# CONFIGFLAGS options to ./configure
|
|
|
|
# SSHD_CONFOPTS sshd_config options
|
|
|
|
# TEST_TARGET make target used when testing. defaults to "tests".
|
|
|
|
# LTESTS
|
|
|
|
|
|
|
|
config=$1
|
|
|
|
|
|
|
|
TEST_TARGET="tests"
|
|
|
|
LTESTS=""
|
2021-02-21 22:09:27 +01:00
|
|
|
SKIP_LTESTS=""
|
Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
2021-01-15 04:11:43 +01:00
|
|
|
SUDO=sudo # run with sudo by default
|
|
|
|
TEST_SSH_UNSAFE_PERMISSIONS=1
|
|
|
|
|
|
|
|
CONFIGFLAGS=""
|
|
|
|
LIBCRYPTOFLAGS=""
|
|
|
|
|
|
|
|
case "$config" in
|
|
|
|
default|sol64)
|
|
|
|
;;
|
2021-02-17 08:41:30 +01:00
|
|
|
kitchensink)
|
2021-02-18 04:54:07 +01:00
|
|
|
CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
|
|
|
|
CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
|
|
|
|
CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
|
2021-02-17 08:41:30 +01:00
|
|
|
;;
|
|
|
|
hardenedmalloc)
|
|
|
|
CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
|
|
|
|
;;
|
|
|
|
kerberos5)
|
|
|
|
CONFIGFLAGS="--with-kerberos5"
|
|
|
|
;;
|
|
|
|
libedit)
|
|
|
|
CONFIGFLAGS="--with-libedit"
|
|
|
|
;;
|
Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
2021-01-15 04:11:43 +01:00
|
|
|
*pam)
|
|
|
|
CONFIGFLAGS="--with-pam"
|
|
|
|
SSHD_CONFOPTS="UsePam yes"
|
|
|
|
;;
|
2021-02-17 08:41:30 +01:00
|
|
|
libressl-head)
|
|
|
|
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath,"
|
|
|
|
;;
|
|
|
|
openssl-head)
|
|
|
|
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath,"
|
|
|
|
;;
|
|
|
|
selinux)
|
|
|
|
CONFIGFLAGS="--with-selinux"
|
|
|
|
;;
|
|
|
|
sk)
|
|
|
|
CONFIGFLAGS="--with-security-key-builtin"
|
|
|
|
;;
|
Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
2021-01-15 04:11:43 +01:00
|
|
|
without-openssl)
|
|
|
|
LIBCRYPTOFLAGS="--without-openssl"
|
2021-02-17 08:41:30 +01:00
|
|
|
TEST_TARGET=t-exec
|
Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
2021-01-15 04:11:43 +01:00
|
|
|
;;
|
2021-02-21 22:09:27 +01:00
|
|
|
valgrind-1)
|
2021-02-20 03:34:02 +01:00
|
|
|
# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
|
|
|
|
CONFIGFLAGS="--without-sandbox --without-hardening"
|
|
|
|
CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
|
|
|
|
# Valgrind slows things down enough that the agent timeout test
|
|
|
|
# won't reliably pass, and the unit tests run longer than allowed
|
|
|
|
# by github.
|
2021-02-21 22:09:27 +01:00
|
|
|
TEST_TARGET="t-exec USE_VALGRIND=1"
|
|
|
|
SKIP_LTESTS="agent-timeout rekey try-ciphers cert-userkey integrity"
|
|
|
|
;;
|
|
|
|
valgrind-2)
|
|
|
|
CONFIGFLAGS="--without-sandbox --without-hardening"
|
|
|
|
CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
|
|
|
|
# The rekey test takes >30 min so run separately.
|
|
|
|
TEST_TARGET="t-exec USE_VALGRIND=1"
|
|
|
|
LTESTS="rekey try-ciphers cert-userkey integrity"
|
2021-02-19 00:16:56 +01:00
|
|
|
;;
|
Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
2021-01-15 04:11:43 +01:00
|
|
|
*)
|
|
|
|
echo "Unknown configuration $config"
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
# The Solaris 64bit targets are special since they need a non-flag arg.
|
|
|
|
case "$config" in
|
|
|
|
sol64*)
|
|
|
|
CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
|
|
|
|
LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
case "${TARGET_HOST}" in
|
2021-02-18 00:10:00 +01:00
|
|
|
sol10|sol11)
|
|
|
|
# sol10 VM is 32bit and the unit tests are slow.
|
|
|
|
# sol11 has 4 test configs so skip unit tests to speed up.
|
Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
2021-01-15 04:11:43 +01:00
|
|
|
TEST_TARGET="tests SKIP_UNIT=1"
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
# If we have a local openssl/libressl, use that.
|
|
|
|
if [ -z "${LIBCRYPTOFLAGS}" ]; then
|
|
|
|
# last-match
|
2021-02-17 08:41:30 +01:00
|
|
|
for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
|
2021-02-17 10:21:29 +01:00
|
|
|
if [ -x ${i}/bin/openssl ]; then
|
Add self-hosted runners for VMs of other platforms.
Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
2021-01-15 04:11:43 +01:00
|
|
|
LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
|
|
|
|
CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
|
|
|
|
|
|
|
|
export LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS
|