From 1660d4b7a65d9ad2ce0deaa19d35579ca4084ac5 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 10:06:26 +0200 Subject: Adding upstream version 2:2.6.1. Signed-off-by: Daniel Baumann --- .gitlab/ci/alpinelinux.yml | 55 +++++++++++++++ .gitlab/ci/annocheck.yml | 19 +++++ .gitlab/ci/centos.yml | 59 ++++++++++++++++ .gitlab/ci/cibuild-setup-ubuntu.sh | 50 +++++++++++++ .gitlab/ci/cifuzz.yml | 46 ++++++++++++ .gitlab/ci/clang-Wall | 49 +++++++++++++ .gitlab/ci/compilation-clang.gitlab-ci.yml | 27 +++++++ .gitlab/ci/compilation-gcc.gitlab-ci.yml | 27 +++++++ .gitlab/ci/compilation-various-disables.yml | 21 ++++++ .gitlab/ci/csmock.yml | 17 +++++ .gitlab/ci/debian.yml | 56 +++++++++++++++ .gitlab/ci/fedora.yml | 60 ++++++++++++++++ .gitlab/ci/gcc-Wall | 57 +++++++++++++++ .gitlab/ci/gitlab-shared-docker.yml | 31 ++++++++ .gitlab/ci/rhel.yml | 106 ++++++++++++++++++++++++++++ .gitlab/ci/ubuntu-32bit.yml | 41 +++++++++++ 16 files changed, 721 insertions(+) create mode 100644 .gitlab/ci/alpinelinux.yml create mode 100644 .gitlab/ci/annocheck.yml create mode 100644 .gitlab/ci/centos.yml create mode 100755 .gitlab/ci/cibuild-setup-ubuntu.sh create mode 100644 .gitlab/ci/cifuzz.yml create mode 100755 .gitlab/ci/clang-Wall create mode 100644 .gitlab/ci/compilation-clang.gitlab-ci.yml create mode 100644 .gitlab/ci/compilation-gcc.gitlab-ci.yml create mode 100644 .gitlab/ci/compilation-various-disables.yml create mode 100644 .gitlab/ci/csmock.yml create mode 100644 .gitlab/ci/debian.yml create mode 100644 .gitlab/ci/fedora.yml create mode 100755 .gitlab/ci/gcc-Wall create mode 100644 .gitlab/ci/gitlab-shared-docker.yml create mode 100644 .gitlab/ci/rhel.yml create mode 100644 .gitlab/ci/ubuntu-32bit.yml (limited to '.gitlab/ci') diff --git a/.gitlab/ci/alpinelinux.yml b/.gitlab/ci/alpinelinux.yml new file mode 100644 index 0000000..81bd6cb --- /dev/null +++ b/.gitlab/ci/alpinelinux.yml @@ -0,0 +1,55 @@ +.alpinelinux-dependencies: + after_script: + - sudo dmesg > /mnt/artifacts/dmesg.log + - sudo cp /var/log/messages /mnt/artifacts/ + - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true' + before_script: + - > + sudo apk add + lvm2-dev openssl1.1-compat-dev popt-dev util-linux-dev json-c-dev + argon2-dev device-mapper which sharutils gettext gettext-dev automake + autoconf libtool build-base keyutils tar jq expect git asciidoctor + - ./autogen.sh + - ./configure --prefix=/usr --libdir=/lib --sbindir=/sbin --disable-static --enable-libargon2 --with-crypto_backend=openssl --disable-external-tokens --disable-ssh-token --enable-asciidoc + +test-main-commit-job-alpinelinux: + extends: + - .alpinelinux-dependencies + tags: + - libvirt + - alpinelinux + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "0" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check + +test-mergerq-job-alpinelinux: + extends: + - .alpinelinux-dependencies + tags: + - libvirt + - alpinelinux + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "0" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check diff --git a/.gitlab/ci/annocheck.yml b/.gitlab/ci/annocheck.yml new file mode 100644 index 0000000..5b3a715 --- /dev/null +++ b/.gitlab/ci/annocheck.yml @@ -0,0 +1,19 @@ +test-main-commit-job-annocheck: + extends: + - .dump_kernel_log + tags: + - libvirt + - rhel9-annocheck + stage: test + interruptible: true + allow_failure: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - /opt/build-rpm-script.sh > /dev/null 2>&1 + - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el9 + - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el8 diff --git a/.gitlab/ci/centos.yml b/.gitlab/ci/centos.yml new file mode 100644 index 0000000..6f5559c --- /dev/null +++ b/.gitlab/ci/centos.yml @@ -0,0 +1,59 @@ +.centos-openssl-backend: + extends: + - .dump_kernel_log + before_script: + - > + sudo dnf -y -q install + autoconf automake device-mapper-devel gcc gettext-devel json-c-devel + libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool + libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd + pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper + expect gettext git jq keyutils openssl-devel openssl gem + - sudo gem install asciidoctor + - sudo -E git clean -xdf + - ./autogen.sh + - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc + +# non-FIPS jobs + +test-main-commit-centos-stream9: + extends: + - .centos-openssl-backend + tags: + - libvirt + - centos-stream9 + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check + +test-mergerq-centos-stream9: + extends: + - .centos-openssl-backend + tags: + - libvirt + - centos-stream9 + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check diff --git a/.gitlab/ci/cibuild-setup-ubuntu.sh b/.gitlab/ci/cibuild-setup-ubuntu.sh new file mode 100755 index 0000000..07b0990 --- /dev/null +++ b/.gitlab/ci/cibuild-setup-ubuntu.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +set -ex + +PACKAGES=( + git make autoconf automake autopoint pkg-config libtool libtool-bin + gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev + libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev + sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass + asciidoctor +) + +COMPILER="${COMPILER:?}" +COMPILER_VERSION="${COMPILER_VERSION:?}" + +grep -E '^deb' /etc/apt/sources.list > /etc/apt/sources.list~ +sed -Ei 's/^deb /deb-src /' /etc/apt/sources.list~ +cat /etc/apt/sources.list~ >> /etc/apt/sources.list + +apt-get -y update --fix-missing +DEBIAN_FRONTEND=noninteractive apt-get -yq install software-properties-common wget lsb-release +RELEASE="$(lsb_release -cs)" + +if [[ $COMPILER == "gcc" ]]; then + # Latest gcc stack deb packages provided by + # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test + add-apt-repository -y ppa:ubuntu-toolchain-r/test + PACKAGES+=(gcc-$COMPILER_VERSION) +elif [[ $COMPILER == "clang" ]]; then + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - + add-apt-repository "deb http://apt.llvm.org/${RELEASE}/ llvm-toolchain-${RELEASE}-${COMPILER_VERSION} main" + + # scan-build + PACKAGES+=(clang-tools-$COMPILER_VERSION clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION) + PACKAGES+=(perl) +else + exit 1 +fi + +apt-get -y update --fix-missing +DEBIAN_FRONTEND=noninteractive apt-get -yq install "${PACKAGES[@]}" +apt-get -y build-dep cryptsetup + +echo "====================== VERSIONS ===================" +if [[ $COMPILER == "clang" ]]; then + echo "Using scan-build${COMPILER_VERSION:+-$COMPILER_VERSION}" +fi + +${COMPILER}-$COMPILER_VERSION -v +echo "====================== END VERSIONS ===================" diff --git a/.gitlab/ci/cifuzz.yml b/.gitlab/ci/cifuzz.yml new file mode 100644 index 0000000..063b912 --- /dev/null +++ b/.gitlab/ci/cifuzz.yml @@ -0,0 +1,46 @@ +cifuzz: + variables: + OSS_FUZZ_PROJECT_NAME: cryptsetup + CFL_PLATFORM: gitlab + CIFUZZ_DEBUG: "True" + FUZZ_SECONDS: 300 # 5 minutes per fuzzer + ARCHITECTURE: "x86_64" + DRY_RUN: "False" + LOW_DISK_SPACE: "True" + BAD_BUILD_CHECK: "True" + LANGUAGE: "c" + DOCKER_HOST: "tcp://docker:2375" + DOCKER_IN_DOCKER: "true" + DOCKER_DRIVER: overlay2 + DOCKER_TLS_CERTDIR: "" + image: + name: gcr.io/oss-fuzz-base/cifuzz-base + entrypoint: [""] + services: + - docker:dind + + stage: test + parallel: + matrix: + - SANITIZER: [address, undefined, memory] + rules: + # Default code change. + # - if: $CI_PIPELINE_SOURCE == "merge_request_event" + # variables: + # MODE: "code-change" + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $BUILD_AND_RUN_FUZZERS != null + before_script: + # Get gitlab's container id. + - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset` + script: + # Will build and run the fuzzers. + # We use a hack to override CI_JOB_ID, because otherwise a bad path is used + # in GitLab CI environment + - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py" + artifacts: + # Upload artifacts when a crash makes the job fail. + when: always + paths: + - artifacts/ diff --git a/.gitlab/ci/clang-Wall b/.gitlab/ci/clang-Wall new file mode 100755 index 0000000..d09e154 --- /dev/null +++ b/.gitlab/ci/clang-Wall @@ -0,0 +1,49 @@ +#!/bin/bash +# clang -Wall plus other important warnings not included in -Wall + +for arg in "$@" +do + case $arg in + -O*) Wuninitialized=-Wuninitialized;; # only makes sense with `-O' + esac +done + +CLANG="clang${COMPILER_VERSION:+-$COMPILER_VERSION}" + +#PEDANTIC="-std=gnu99" +#PEDANTIC="-pedantic -std=gnu99" +#PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros" +#CONVERSION="-Wconversion" + +EXTRA="\ + -Wextra \ + -Wsign-compare \ + -Wcast-align + -Werror-implicit-function-declaration \ + -Wpointer-arith \ + -Wwrite-strings \ + -Wswitch \ + -Wmissing-format-attribute \ + -Winit-self \ + -Wdeclaration-after-statement \ + -Wold-style-definition \ + -Wno-missing-field-initializers \ + -Wno-unused-parameter \ + -Wno-long-long" + +exec $CLANG $PEDANTIC $CONVERSION \ + -Wall $Wuninitialized \ + -Wno-switch \ + -Wdisabled-optimization \ + -Wwrite-strings \ + -Wpointer-arith \ + -Wbad-function-cast \ + -Wmissing-prototypes \ + -Wmissing-declarations \ + -Wstrict-prototypes \ + -Wnested-externs \ + -Wcomment \ + -Winline \ + -Wcast-qual \ + -Wredundant-decls $EXTRA \ + "$@" diff --git a/.gitlab/ci/compilation-clang.gitlab-ci.yml b/.gitlab/ci/compilation-clang.gitlab-ci.yml new file mode 100644 index 0000000..6f5cd42 --- /dev/null +++ b/.gitlab/ci/compilation-clang.gitlab-ci.yml @@ -0,0 +1,27 @@ +test-clang-compilation: + extends: + - .gitlab-shared-clang + script: + - export CFLAGS="-Wall -Werror" + - ./configure + - make -j + - make -j check-programs + +test-clang-Wall-script: + extends: + - .gitlab-shared-clang + script: + - export CFLAGS="-g -O0" + - export CC="$CI_PROJECT_DIR/.gitlab/ci/clang-Wall" + - ./configure + - make -j CFLAGS="-g -O0 -Werror" + - make -j CFLAGS="-g -O0 -Werror" check-programs + +test-scan-build: + extends: + - .gitlab-shared-clang + script: + - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} -V ./configure CFLAGS="-g -O0" + - make clean + - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j + - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j check-programs diff --git a/.gitlab/ci/compilation-gcc.gitlab-ci.yml b/.gitlab/ci/compilation-gcc.gitlab-ci.yml new file mode 100644 index 0000000..00fae36 --- /dev/null +++ b/.gitlab/ci/compilation-gcc.gitlab-ci.yml @@ -0,0 +1,27 @@ +test-gcc-compilation: + extends: + - .gitlab-shared-gcc + script: + - export CFLAGS="-Wall -Werror" + - ./configure + - make -j + - make -j check-programs + +test-gcc-Wall-script: + extends: + - .gitlab-shared-gcc + script: + - export CFLAGS="-g -O0" + - export CC="$CI_PROJECT_DIR/.gitlab/ci/gcc-Wall" + - ./configure + - make -j CFLAGS="-g -O0 -Werror" + - make -j CFLAGS="-g -O0 -Werror" check-programs + +test-gcc-fanalyzer: + extends: + - .gitlab-shared-gcc + script: + - export CFLAGS="-Wall -Werror -g -O0 -fanalyzer -fdiagnostics-path-format=separate-events" + - ./configure + - make -j + - make -j check-programs diff --git a/.gitlab/ci/compilation-various-disables.yml b/.gitlab/ci/compilation-various-disables.yml new file mode 100644 index 0000000..1414f9e --- /dev/null +++ b/.gitlab/ci/compilation-various-disables.yml @@ -0,0 +1,21 @@ +test-gcc-disable-compiles: + extends: + - .gitlab-shared-gcc + parallel: + matrix: + - DISABLE_FLAGS: [ + "--disable-keyring", + "--disable-external-tokens --disable-ssh-token", + "--disable-luks2-reencryption", + "--disable-cryptsetup --disable-veritysetup --disable-integritysetup", + "--disable-kernel_crypto", + "--disable-selinux", + "--disable-udev", + "--disable-internal-argon2", + "--disable-blkid" + ] + script: + - export CFLAGS="-Wall -Werror" + - ./configure $DISABLE_FLAGS + - make -j + - make -j check-programs diff --git a/.gitlab/ci/csmock.yml b/.gitlab/ci/csmock.yml new file mode 100644 index 0000000..72b53ed --- /dev/null +++ b/.gitlab/ci/csmock.yml @@ -0,0 +1,17 @@ +test-commit-job-csmock: + extends: + - .dump_kernel_log + tags: + - libvirt + - rhel7-csmock + stage: test + interruptible: true + allow_failure: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ || $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - /opt/csmock-run-script.sh diff --git a/.gitlab/ci/debian.yml b/.gitlab/ci/debian.yml new file mode 100644 index 0000000..fad9d97 --- /dev/null +++ b/.gitlab/ci/debian.yml @@ -0,0 +1,56 @@ +.debian-prep: + extends: + - .dump_kernel_log + before_script: + - > + [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] || + sudo apt-get -y install -y -qq swtpm meson ninja-build python3-jinja2 + gperf libcap-dev tpm2-tss-engine-dev libmount-dev swtpm-tools + - > + sudo apt-get -y install -y -qq git gcc make autoconf automake autopoint + pkgconf libtool libtool-bin gettext libssl-dev libdevmapper-dev + libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev + tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect + keyutils netcat passwd openssh-client sshpass asciidoctor + - sudo apt-get -y build-dep cryptsetup + - sudo -E git clean -xdf + - ./autogen.sh + - ./configure --enable-libargon2 --enable-asciidoc + +test-mergerq-job-debian: + extends: + - .debian-prep + tags: + - libvirt + - debian11 + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check + +test-main-commit-job-debian: + extends: + - .debian-prep + tags: + - libvirt + - debian11 + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check diff --git a/.gitlab/ci/fedora.yml b/.gitlab/ci/fedora.yml new file mode 100644 index 0000000..7fd9c7e --- /dev/null +++ b/.gitlab/ci/fedora.yml @@ -0,0 +1,60 @@ +.dnf-openssl-backend: + extends: + - .dump_kernel_log + before_script: + - > + [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] || + sudo dnf -y -q install + swtpm meson ninja-build python3-jinja2 gperf libcap-devel tpm2-tss-devel + libmount-devel swtpm-tools + - > + sudo dnf -y -q install + autoconf automake device-mapper-devel gcc gettext-devel json-c-devel + libargon2-devel libblkid-devel libpwquality-devel libselinux-devel + libssh-devel libtool libuuid-devel make popt-devel + libsepol-devel.x86_64 netcat openssh-clients passwd pkgconfig sharutils + sshpass tar uuid-devel vim-common device-mapper expect gettext git jq + keyutils openssl-devel openssl asciidoctor + - sudo -E git clean -xdf + - ./autogen.sh + - ./configure --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl --enable-asciidoc + +test-main-commit-job-rawhide: + extends: + - .dnf-openssl-backend + tags: + - libvirt + - fedora-rawhide + stage: test + interruptible: true + allow_failure: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check + +test-mergerq-job-rawhide: + extends: + - .dnf-openssl-backend + tags: + - libvirt + - fedora-rawhide + stage: test + interruptible: true + allow_failure: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check diff --git a/.gitlab/ci/gcc-Wall b/.gitlab/ci/gcc-Wall new file mode 100755 index 0000000..6669504 --- /dev/null +++ b/.gitlab/ci/gcc-Wall @@ -0,0 +1,57 @@ +#!/bin/bash +# gcc -Wall plus other important warnings not included in -Wall + +for arg in "$@" +do + case $arg in + -O*) Wuninitialized=-Wuninitialized;; # only makes sense with `-O' + esac +done + +GCC="gcc${COMPILER_VERSION:+-$COMPILER_VERSION}" + +#PEDANTIC="-std=gnu99" +#PEDANTIC="-pedantic -std=gnu99" +#PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros" +#CONVERSION="-Wconversion" +# -Wpacked \ + +# This does more than expected for gcc (mixed code with declarations) +# -Wdeclaration-after-statement \ + +EXTRA="-Wextra \ + -Wsign-compare \ + -Werror-implicit-function-declaration \ + -Wpointer-arith \ + -Wwrite-strings \ + -Wswitch \ + -Wmissing-format-attribute \ + -Wstrict-aliasing=3 \ + -Winit-self \ + -Wunsafe-loop-optimizations \ + -Wold-style-definition \ + -Wno-missing-field-initializers \ + -Wno-unused-parameter \ + -Wno-long-long \ + -Wmaybe-uninitialized \ + -Wvla \ + -Wformat-overflow \ + -Wformat-truncation" + +exec $GCC $PEDANTIC $CONVERSION \ + -Wall $Wuninitialized \ + -Wno-switch \ + -Wdisabled-optimization \ + -Wwrite-strings \ + -Wpointer-arith \ + -Wbad-function-cast \ + -Wmissing-prototypes \ + -Wmissing-declarations \ + -Wstrict-prototypes \ + -Wnested-externs \ + -Wcomment \ + -Winline \ + -Wcast-align=strict \ + -Wcast-qual \ + -Wredundant-decls $EXTRA \ + "$@" diff --git a/.gitlab/ci/gitlab-shared-docker.yml b/.gitlab/ci/gitlab-shared-docker.yml new file mode 100644 index 0000000..1edacc8 --- /dev/null +++ b/.gitlab/ci/gitlab-shared-docker.yml @@ -0,0 +1,31 @@ +.gitlab-shared-docker: + image: ubuntu:focal + tags: + - gitlab-org-docker + stage: test + interruptible: true + rules: + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + before_script: + - .gitlab/ci/cibuild-setup-ubuntu.sh + - export CC="${COMPILER}${COMPILER_VERSION:+-$COMPILER_VERSION}" + - export CXX="${COMPILER}++${COMPILER_VERSION:+-$COMPILER_VERSION}" + - ./autogen.sh + +.gitlab-shared-gcc: + extends: + - .gitlab-shared-docker + variables: + COMPILER: "gcc" + COMPILER_VERSION: "11" + RUN_SSH_PLUGIN_TEST: "1" + +.gitlab-shared-clang: + extends: + - .gitlab-shared-docker + variables: + COMPILER: "clang" + COMPILER_VERSION: "13" + RUN_SSH_PLUGIN_TEST: "1" diff --git a/.gitlab/ci/rhel.yml b/.gitlab/ci/rhel.yml new file mode 100644 index 0000000..f71533c --- /dev/null +++ b/.gitlab/ci/rhel.yml @@ -0,0 +1,106 @@ +.rhel-openssl-backend: + extends: + - .dump_kernel_log + before_script: + - > + sudo yum -y -q install + autoconf automake device-mapper-devel gcc gettext-devel json-c-devel + libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool + libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd + pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper + expect gettext git jq keyutils openssl-devel openssl gem > /dev/null 2>&1 + - sudo gem install asciidoctor + - sudo -E git clean -xdf + - ./autogen.sh + - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc + +# non-FIPS jobs + +test-main-commit-rhel8: + extends: + - .rhel-openssl-backend + tags: + - libvirt + - rhel8 + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check + +test-main-commit-rhel9: + extends: + - .rhel-openssl-backend + tags: + - libvirt + - rhel9 + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check + +# FIPS jobs + +test-main-commit-rhel8-fips: + extends: + - .rhel-openssl-backend + tags: + - libvirt + - rhel8-fips + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - fips-mode-setup --check || exit 1 + - make -j + - make -j -C tests check-programs + - sudo -E make check + +test-main-commit-rhel9-fips: + extends: + - .rhel-openssl-backend + tags: + - libvirt + - rhel9-fips + stage: test + interruptible: true + allow_failure: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - fips-mode-setup --check || exit 1 + - make -j + - make -j -C tests check-programs + - sudo -E make check diff --git a/.gitlab/ci/ubuntu-32bit.yml b/.gitlab/ci/ubuntu-32bit.yml new file mode 100644 index 0000000..f51c059 --- /dev/null +++ b/.gitlab/ci/ubuntu-32bit.yml @@ -0,0 +1,41 @@ +test-mergerq-job-ubuntu-32bit: + extends: + - .debian-prep + tags: + - libvirt + - ubuntu-bionic-32bit + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check + +test-main-commit-job-ubuntu-32bit: + extends: + - .debian-prep + tags: + - libvirt + - ubuntu-bionic-32bit + stage: test + interruptible: true + variables: + RUN_SSH_PLUGIN_TEST: "1" + rules: + - if: $RUN_SYSTEMD_PLUGIN_TEST != null + when: never + - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup" + when: never + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ + script: + - make -j + - make -j -C tests check-programs + - sudo -E make check -- cgit v1.2.3