1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
|
name: CI RPM
on:
push:
branches-ignore:
- coverity_scan
pull_request:
env:
CC: gcc
jobs:
rpm-build:
strategy:
matrix:
env:
- { NAME: "centos-7", OS: "centos:7", BADNODE: true }
- { NAME: "rocky-8", OS: "rockylinux/rockylinux:8", BADNODE: false }
- { NAME: "rocky-9", OS: "rockylinux/rockylinux:9", BADNODE: false }
fail-fast: false
runs-on: ubuntu-latest
container:
image: ${{ matrix.env.OS }}
env:
HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci
HOSTAPD_GIT_TAG: hostapd_2_8
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: ${{ matrix.env.BADNODE }}
name: "RPM build"
steps:
- name: Fix up CentOS 7 repositories
if: ${{ matrix.env.NAME == 'centos-7' }}
run: |
sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-*
sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
# Required so that the checkout action uses git protocol rather than the GitHub REST API.
# make rpm requires the FR directory to be a git repository.
- name: Install recent git for CentOS 7
if: ${{ matrix.env.NAME == 'centos-7' }}
run: |
yum install -y https://packages.endpointdev.com/rhel/7/os/x86_64/git-core-2.30.1-1.ep7.x86_64.rpm
# Rocky 9 uses dnf by default. CentOS 7 doesn't have dnf. Install yum on Rocky 9 so all distros work
- name: Install yum
if: ${{ matrix.env.NAME == 'rocky-9'}}
run: |
dnf install -y yum
- name: Install distro git for Rocky.
if: ${{ startsWith(matrix.env.NAME, 'rocky-') }}
run: |
yum install -y git-core
- uses: actions/checkout@v3
with:
path: freeradius
- name: Prepare filesystem
run: |
pwd
ls -la
mkdir rpms
ls -la
- name: LTB repo for CentOS and Rocky Linux 8
if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }}
run: |
echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo
echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo
echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo
echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo
echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo
echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo
rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project
- name: Enable EPEL for CentOS and Rocky Linux
if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }}
run: |
yum install -y epel-release
- name: Enable PowerTools on Rocky 8.
if: ${{ matrix.env.NAME == 'rocky-8' }}
run: |
yum install -y yum-utils
yum config-manager --enable PowerTools || :
yum config-manager --enable powertools || :
- name: Enable Code Ready Builer on Rocky 9.
if: ${{ matrix.env.NAME == 'rocky-9' }}
run: |
yum install -y yum-utils
yum config-manager --enable crb
- name: Install common tools
run: |
yum install -y \
bzip2 \
gcc \
make \
perl \
rpm-build \
yum-utils
#
# We just patch the SPEC file for Fedora since we want to use the standard
# make rpm target which wants to build with LDAP.
#
- name: Disable rlm_ldap on Fedora (no LTB packages)
if: ${{ startsWith(matrix.env.NAME, 'fedora-') }}
run: |
sed -ie 's/%bcond_without ldap/%global _without_ldap: 1/' freeradius/redhat/freeradius.spec
- name: Install build dependencies
run: |
yum-builddep -y freeradius/redhat/freeradius.spec
#
# It has been observed that sometimes not all the dependencies are
# installed on the first go. Give it a second chance.
#
- name: Second run of install build dependencies
run: |
yum-builddep -y redhat/freeradius.spec
working-directory: freeradius
- name: Show versions
run: |
$CC --version
make --version
krb5-config --all || :
openssl version
# For pkill and ps
- name: Enable procps-ng on Rocky
if: ${{ startsWith(matrix.env.NAME, 'rocky-') }}
run: |
yum install -y procps-ng
- name: Build RPMs
run: |
[ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || :
./configure
make rpm
working-directory: freeradius
- name: Collect RPMs
run: |
mv freeradius/rpmbuild/RPMS/x86_64/*.rpm rpms/
- name: Restore eapol_test build directory from cache
uses: actions/cache@v3
id: hostapd-cache
with:
path: ${{ env.HOSTAPD_BUILD_DIR }}
key: hostapd-${{ matrix.env.NAME }}-${{ env.HOSTAPD_GIT_TAG }}-v1
- name: Build eapol_test
run: |
yum install -y libnl3-devel which
[ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || :
scripts/ci/eapol_test-build.sh
mv scripts/ci/eapol_test/eapol_test ../rpms/
working-directory: freeradius
- name: Store RPMs
uses: actions/upload-artifact@v3
with:
name: rpms-${{ matrix.env.NAME }}
path: rpms
#
# If the CI has failed and the branch is ci-debug then start a tmate
# session. SSH rendezvous point is emited continuously in the job output.
#
- name: "Debug: Package dependancies for tmate"
run: |
yum install -y xz
ln -s /bin/true /bin/apt-get
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
- name: "Debug: Start tmate"
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
sudo: false
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
rpm-test:
needs:
- rpm-build
strategy:
matrix:
env:
- { NAME: "centos-7", OS: "centos:7", BADNODE: true }
- { NAME: "rocky-8", OS: "rockylinux/rockylinux:8", BADNODE: false }
- { NAME: "rocky-9", OS: "rockylinux/rockylinux:9", BADNODE: false }
fail-fast: false
runs-on: ubuntu-latest
container:
image: ${{ matrix.env.OS }}
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: ${{ matrix.env.BADNODE }}
name: "RPM install test"
steps:
- name: Fix up CentOS 7 repositories
if: ${{ matrix.env.NAME == 'centos-7' }}
run: |
sed -i "s/^mirrorlist/#mirrorlist/g" /etc/yum.repos.d/CentOS-*
sed -i "s|#\s*baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
- name: Install yum
if: ${{ matrix.env.NAME == 'rocky-9'}}
run: |
dnf install -y yum
- name: LTB repo for CentOS and Rocky 8
if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }}
run: |
echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo
echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo
echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo
echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo
echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo
echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo
rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project
- name: Enable EPEL for CentOS and Rocky Linux
if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }}
run: |
yum install -y epel-release
- name: Enable PowerTools on Rocky 8
if: ${{ matrix.env.NAME == 'rocky-8' }}
run: |
yum install -y yum-utils
yum config-manager --enable PowerTools || :
yum config-manager --enable powertools || :
- name: Enable Code Ready Builer on Rocky 9.
if: ${{ matrix.env.NAME == 'rocky-9' }}
run: |
yum install -y yum-utils
yum config-manager --enable crb
# For pkill
- name: Enable procps-ng on Centos and Rocky
if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }}
run: |
yum install -y procps-ng
- name: Load RPMs
uses: actions/download-artifact@v3
with:
name: rpms-${{ matrix.env.NAME }}
- name: Install RPMs
run: |
yum install -y *.rpm
- name: Ensure certificates are created
if: ${{ matrix.env.NAME == 'centos-7' }}
run: |
if [ ! -e /etc/raddb/certs/server.pem ]; then
/sbin/runuser -g radiusd -c 'umask 007; /etc/raddb/certs/bootstrap'
fi
- name: Config check
run: |
radiusd -XxC
#
# We now perform some post-install tests that depend on the availability
# of the source tree
#
- name: Install pre-built eapol_test
run: |
yum install -y libnl3 make gdb which
mv eapol_test /usr/local/bin
chmod +x /usr/local/bin/eapol_test
- uses: actions/checkout@v3
with:
path: freeradius
- name: Run the post-install test target
run: |
echo "top_builddir := $(pwd)" > Make.inc
make -C src/tests/ OPENSSL_LIBS=1 EAPOL_TEST_BIN="$(which eapol_test)" $(pwd)/build/tests/eapol_test/eapol_test.mk
make -f scripts/ci/package-test.mk package-test
working-directory: freeradius
- name: Upload radius logs on failure
if: ${{ failure() }}
uses: actions/upload-artifact@v3
with:
name: radius-logs-${{ matrix.env.NAME }}.tgz
path: |
/var/log/radius
freeradius/build/tests/eapol_test
#
# See above comments for tmate
#
- name: "Debug: Package dependancies for tmate"
run: |
yum install -y xz
ln -s /bin/true /bin/apt-get
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
- name: "Debug: Start tmate"
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
sudo: false
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }}
|
