#!/bin/sh # # usage: configs vmname test_config (or '' for default) # # Sets the following variables: # CONFIGFLAGS options to ./configure # SSHD_CONFOPTS sshd_config options # TEST_TARGET make target used when testing. defaults to "tests". # LTESTS config=$1 TEST_TARGET="tests" LTESTS="" SKIP_LTESTS="" SUDO=sudo # run with sudo by default TEST_SSH_UNSAFE_PERMISSIONS=1 CONFIGFLAGS="" LIBCRYPTOFLAGS="" case "$config" in default|sol64) ;; kitchensink) CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam" CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux" CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG" ;; hardenedmalloc) CONFIGFLAGS="--with-ldflags=-lhardened_malloc" ;; kerberos5) CONFIGFLAGS="--with-kerberos5" ;; libedit) CONFIGFLAGS="--with-libedit" ;; *pam) CONFIGFLAGS="--with-pam" SSHD_CONFOPTS="UsePam yes" ;; libressl-head) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath," ;; openssl-head) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath," ;; selinux) CONFIGFLAGS="--with-selinux" ;; sk) CONFIGFLAGS="--with-security-key-builtin" ;; without-openssl) LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec ;; valgrind-1) # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. CONFIGFLAGS="--without-sandbox --without-hardening" CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" # Valgrind slows things down enough that the agent timeout test # won't reliably pass, and the unit tests run longer than allowed # by github. TEST_TARGET="t-exec USE_VALGRIND=1" SKIP_LTESTS="agent-timeout rekey try-ciphers cert-userkey integrity" ;; valgrind-2) CONFIGFLAGS="--without-sandbox --without-hardening" CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" # The rekey test takes >30 min so run separately. TEST_TARGET="t-exec USE_VALGRIND=1" LTESTS="rekey try-ciphers cert-userkey integrity" ;; *) echo "Unknown configuration $config" exit 1 ;; esac # The Solaris 64bit targets are special since they need a non-flag arg. case "$config" in sol64*) CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}" LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64" ;; esac case "${TARGET_HOST}" in sol10|sol11) # sol10 VM is 32bit and the unit tests are slow. # sol11 has 4 test configs so skip unit tests to speed up. TEST_TARGET="tests SKIP_UNIT=1" ;; esac # If we have a local openssl/libressl, use that. if [ -z "${LIBCRYPTOFLAGS}" ]; then # last-match for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do if [ -x ${i}/bin/openssl ]; then LIBCRYPTOFLAGS="--with-ssl-dir=${i}" fi done fi CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}" export LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS