164 lines
4.2 KiB
Bash
Executable File
164 lines
4.2 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# usage: configs vmname test_config (or '' for default)
|
|
#
|
|
# Sets the following variables:
|
|
# CONFIGFLAGS options to ./configure
|
|
# SSHD_CONFOPTS sshd_config options
|
|
# TEST_TARGET make target used when testing. defaults to "tests".
|
|
# LTESTS
|
|
|
|
config=$1
|
|
|
|
TEST_TARGET="tests"
|
|
LTESTS=""
|
|
SKIP_LTESTS=""
|
|
SUDO=sudo # run with sudo by default
|
|
TEST_SSH_UNSAFE_PERMISSIONS=1
|
|
|
|
CONFIGFLAGS=""
|
|
LIBCRYPTOFLAGS=""
|
|
|
|
case "$config" in
|
|
default|sol64)
|
|
;;
|
|
c89)
|
|
CC="gcc"
|
|
CFLAGS="-Wall -std=c89 -pedantic -Werror=vla"
|
|
CONFIGFLAGS="--without-openssl --without-zlib"
|
|
TEST_TARGET=t-exec
|
|
;;
|
|
kitchensink)
|
|
CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
|
|
CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
|
|
CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
|
|
;;
|
|
hardenedmalloc)
|
|
CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
|
|
;;
|
|
kerberos5)
|
|
CONFIGFLAGS="--with-kerberos5"
|
|
;;
|
|
libedit)
|
|
CONFIGFLAGS="--with-libedit"
|
|
;;
|
|
pam-krb5)
|
|
CONFIGFLAGS="--with-pam --with-kerberos5"
|
|
SSHD_CONFOPTS="UsePam yes"
|
|
;;
|
|
*pam)
|
|
CONFIGFLAGS="--with-pam"
|
|
SSHD_CONFOPTS="UsePam yes"
|
|
;;
|
|
libressl-*)
|
|
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
|
|
;;
|
|
openssl-*)
|
|
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
|
|
;;
|
|
selinux)
|
|
CONFIGFLAGS="--with-selinux"
|
|
;;
|
|
sk)
|
|
CONFIGFLAGS="--with-security-key-builtin"
|
|
;;
|
|
without-openssl)
|
|
LIBCRYPTOFLAGS="--without-openssl"
|
|
TEST_TARGET=t-exec
|
|
;;
|
|
valgrind-[1-4]|valgrind-unit)
|
|
# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
|
|
CONFIGFLAGS="--without-sandbox --without-hardening"
|
|
CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
|
|
TEST_TARGET="t-exec USE_VALGRIND=1"
|
|
TEST_SSH_ELAPSED_TIMES=1
|
|
export TEST_SSH_ELAPSED_TIMES
|
|
# Valgrind slows things down enough that the agent timeout test
|
|
# won't reliably pass, and the unit tests run longer than allowed
|
|
# by github so split into three separate tests.
|
|
tests2="rekey integrity"
|
|
tests3="krl forward-control sshsig"
|
|
tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment"
|
|
case "$config" in
|
|
valgrind-1)
|
|
# All tests except agent-timeout (which is flaky under valgrind)
|
|
#) and slow ones that run separately to increase parallelism.
|
|
SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}"
|
|
;;
|
|
valgrind-2)
|
|
LTESTS="${tests2}"
|
|
;;
|
|
valgrind-3)
|
|
LTESTS="${tests3}"
|
|
;;
|
|
valgrind-4)
|
|
LTESTS="${tests4}"
|
|
;;
|
|
valgrind-unit)
|
|
TEST_TARGET="unit USE_VALGRIND=1"
|
|
;;
|
|
esac
|
|
;;
|
|
*)
|
|
echo "Unknown configuration $config"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# The Solaris 64bit targets are special since they need a non-flag arg.
|
|
case "$config" in
|
|
sol64*)
|
|
CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
|
|
LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
|
|
;;
|
|
esac
|
|
|
|
case "${TARGET_HOST}" in
|
|
minix3)
|
|
CC="clang"
|
|
LIBCRYPTOFLAGS="--without-openssl"
|
|
# Minix does not have a loopback interface so we have to skip any
|
|
# test that relies on it.
|
|
TEST_TARGET=t-exec
|
|
SKIP_LTESTS="addrmatch cfgparse key-options reexec agent connect"
|
|
SKIP_LTESTS="$SKIP_LTESTS keyscan rekey allow-deny-users connect-uri"
|
|
SKIP_LTESTS="$SKIP_LTESTS knownhosts-command sftp-uri brokenkeys"
|
|
SKIP_LTESTS="$SKIP_LTESTS exit-status login-timeout stderr-data"
|
|
SKIP_LTESTS="$SKIP_LTESTS cfgmatch forward-control multiplex transfer"
|
|
SKIP_LTESTS="$SKIP_LTESTS cfgmatchlisten forwarding reconfigure"
|
|
SUDO=""
|
|
;;
|
|
nbsd4)
|
|
# System compiler will ICE on some files with fstack-protector
|
|
CONFIGFLAGS="${CONFIGFLAGS} --without-hardening"
|
|
;;
|
|
sol10|sol11)
|
|
# sol10 VM is 32bit and the unit tests are slow.
|
|
# sol11 has 4 test configs so skip unit tests to speed up.
|
|
TEST_TARGET="tests SKIP_UNIT=1"
|
|
;;
|
|
win10)
|
|
# No sudo on Windows.
|
|
SUDO=""
|
|
;;
|
|
esac
|
|
|
|
# If we have a local openssl/libressl, use that.
|
|
if [ -z "${LIBCRYPTOFLAGS}" ]; then
|
|
# last-match
|
|
for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
|
|
if [ -x ${i}/bin/openssl ]; then
|
|
LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
|
|
fi
|
|
done
|
|
fi
|
|
|
|
CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
|
|
|
|
if [ -x "$(which plink 2>/dev/null)" ]; then
|
|
REGRESS_INTEROP_PUTTY=yes
|
|
export REGRESS_INTEROP_PUTTY
|
|
fi
|
|
|
|
export CC CFLAGS LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS
|