Convert most github hosted tests to new config structure.

This commit is contained in:
Darren Tucker 2021-02-17 18:41:30 +11:00
parent 65380ff7e0
commit 09f4b84654
3 changed files with 61 additions and 85 deletions

31
.github/configs vendored
View File

@ -21,13 +21,38 @@ LIBCRYPTOFLAGS=""
case "$config" in case "$config" in
default|sol64) default|sol64)
;; ;;
kitchensink)
CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin"
CONFIGFLAGS="${CONFIGFLAGS} --with-selinux"
;;
hardenedmalloc)
CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
;;
kerberos5)
CONFIGFLAGS="--with-kerberos5"
;;
libedit)
CONFIGFLAGS="--with-libedit"
;;
*pam) *pam)
CONFIGFLAGS="--with-pam" CONFIGFLAGS="--with-pam"
SSHD_CONFOPTS="UsePam yes" SSHD_CONFOPTS="UsePam yes"
;; ;;
libressl-head)
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath,"
;;
openssl-head)
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath,"
;;
selinux)
CONFIGFLAGS="--with-selinux"
;;
sk)
CONFIGFLAGS="--with-security-key-builtin"
;;
without-openssl) without-openssl)
LIBCRYPTOFLAGS="--without-openssl" LIBCRYPTOFLAGS="--without-openssl"
TEST_TARGET=t-exec TEST_TARGET=t-exec
;; ;;
*) *)
echo "Unknown configuration $config" echo "Unknown configuration $config"
@ -53,8 +78,8 @@ esac
# If we have a local openssl/libressl, use that. # If we have a local openssl/libressl, use that.
if [ -z "${LIBCRYPTOFLAGS}" ]; then if [ -z "${LIBCRYPTOFLAGS}" ]; then
# last-match # last-match
for i in /usr/local /usr/local/ssl; do for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
if [ -x ${i}/bin/openssl ]; then if [ -d ${i}/bin/openssl ]; then
LIBCRYPTOFLAGS="--with-ssl-dir=${i}" LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
fi fi
done done

22
.github/setup_ci.sh vendored
View File

@ -18,35 +18,39 @@ set -ex
lsb_release -a lsb_release -a
if [ "${TARGETS}" = "kitchensink" ]; then
TARGETS="kerberos5 libedit pam sk selinux"
fi
for TARGET in $TARGETS; do for TARGET in $TARGETS; do
case $TARGET in case $TARGET in
""|--without-openssl|--without-zlib|--with-Werror|--with-rpath*|--with-ssl-dir=*|--with-zlib=*) default|without-openssl|without-zlib)
# nothing to do # nothing to do
;; ;;
"--with-kerberos5") kerberos5)
PACKAGES="$PACKAGES heimdal-dev" PACKAGES="$PACKAGES heimdal-dev"
#PACKAGES="$PACKAGES libkrb5-dev" #PACKAGES="$PACKAGES libkrb5-dev"
;; ;;
"--with-libedit") libedit)
PACKAGES="$PACKAGES libedit-dev" PACKAGES="$PACKAGES libedit-dev"
;; ;;
"--with-pam") *pam)
PACKAGES="$PACKAGES libpam0g-dev" PACKAGES="$PACKAGES libpam0g-dev"
;; ;;
"--with-security-key-builtin") sk)
INSTALL_FIDO_PPA="yes" INSTALL_FIDO_PPA="yes"
PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev" PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev"
;; ;;
"--with-selinux") selinux)
PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev" PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
;; ;;
"--with-ldflags=-lhardened_malloc") hardenedmalloc)
INSTALL_HARDENED_MALLOC=yes INSTALL_HARDENED_MALLOC=yes
;; ;;
"--with-ssl-dir=/opt/openssl/head") openssl-head)
INSTALL_OPENSSL_HEAD=yes INSTALL_OPENSSL_HEAD=yes
;; ;;
"--with-ssl-dir=/opt/libressl/head") libressl-head)
INSTALL_LIBRESSL_HEAD=yes INSTALL_LIBRESSL_HEAD=yes
;; ;;
*) echo "Invalid option '${TARGET}'" *) echo "Invalid option '${TARGET}'"

View File

@ -7,17 +7,27 @@ on:
branches: [ master ] branches: [ master ]
jobs: jobs:
ubuntu-20_04: linux:
if: github.repository != 'openssh/openssh-portable-selfhosted' if: github.repository != 'openssh/openssh-portable-selfhosted'
runs-on: ubuntu-20.04
strategy: strategy:
fail-fast: false
matrix: matrix:
configs: os: [ubuntu-16_04, ubuntu-18_04, ubuntu-20.04]
- "" configs: [default, pam]
- "--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin --with-selinux --with-Werror" # Then we include any extra configs we want to test for specific VMs.
- "--with-ldflags=-lhardened_malloc" include:
- "--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath," - { os: ubuntu-20.04, configs: kitchensink }
- "--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath," - { os: ubuntu-20.04, configs: hardenedmalloc }
- { os: ubuntu-20.04, configs: libressl-head }
- { os: ubuntu-20.04, configs: openssl-head }
- { os: ubuntu-18.04, configs: kerberos5 }
- { os: ubuntu-18.04, configs: libedit }
- { os: ubuntu-18.04, configs: sk }
- { os: ubuntu-18.04, configs: selinux }
- { os: ubuntu-18.04, configs: kitchensink }
- { os: ubuntu-18.04, configs: without-openssl }
- { os: ubuntu-16_04, configs: kitchensink }
runs-on: ${{ matrix.os }}
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: setup CI system - name: setup CI system
@ -25,7 +35,7 @@ jobs:
- name: autoreconf - name: autoreconf
run: autoreconf run: autoreconf
- name: configure - name: configure
run: ./configure ${{ matrix.configs }} run: ./.github/configure.sh ${{ matrix.configs }}
- name: make - name: make
run: make -j2 run: make -j2
- name: copy moduli - name: copy moduli
@ -36,75 +46,12 @@ jobs:
SUDO: sudo SUDO: sudo
TEST_SSH_UNSAFE_PERMISSIONS: 1 TEST_SSH_UNSAFE_PERMISSIONS: 1
ubuntu-18_04:
if: github.repository != 'openssh/openssh-portable-selfhosted'
runs-on: ubuntu-18.04
strategy:
matrix:
configs:
- ""
- "--with-kerberos5"
- "--with-libedit"
- "--with-pam"
- "--with-security-key-builtin"
- "--with-selinux"
- "--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin --with-selinux"
- "--without-openssl --without-zlib"
steps:
- uses: actions/checkout@v2
- name: setup CI system
run: ./.github/setup_ci.sh ${{ matrix.configs }}
- name: autoreconf
run: autoreconf
- name: configure
run: ./configure ${{ matrix.configs }}
- name: make
run: make -j2
- name: copy moduli
run: sudo cp moduli /usr/local/etc/
- name: make tests
run: ./.github/run_test.sh ${{ matrix.configs }}
env:
SUDO: sudo
TEST_SSH_UNSAFE_PERMISSIONS: 1
ubuntu-16_04:
if: github.repository != 'openssh/openssh-portable-selfhosted'
runs-on: ubuntu-16.04
strategy:
matrix:
configs:
- ""
- "--with-pam --with-selinux --with-libedit --with-kerberos5 "
steps:
- uses: actions/checkout@v2
- name: setup CI system
run: ./.github/setup_ci.sh ${{ matrix.configs }}
- name: autoreconf
run: autoreconf
- name: configure
run: ./configure ${{ matrix.configs }}
- name: make
run: make -j2
- name: copy moduli
run: sudo cp moduli /usr/local/etc/
- name: make tests
run: ./.github/run_test.sh ${{ matrix.configs }}
env:
SUDO: sudo
TEST_SSH_UNSAFE_PERMISSIONS: 1
macos: macos:
if: github.repository != 'openssh/openssh-portable-selfhosted' if: github.repository != 'openssh/openssh-portable-selfhosted'
strategy: strategy:
matrix: matrix:
os: [ macos-10.15, macos-11.0 ] os: [ macos-10.15, macos-11.0 ]
configs: configs: [default, pam]
- ""
- "--with-pam"
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2