diff options
Diffstat (limited to '.github/setup_ci.sh')
-rwxr-xr-x | .github/setup_ci.sh | 201 |
1 files changed, 201 insertions, 0 deletions
diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh new file mode 100755 index 0000000..e4480e6 --- /dev/null +++ b/.github/setup_ci.sh @@ -0,0 +1,201 @@ +#!/bin/sh + +PACKAGES="" + + . .github/configs $@ + +case "`./config.guess`" in +*cygwin) + PACKAGER=setup + echo Setting CYGWIN sustem environment variable. + setx CYGWIN "binmode" + chmod -R go-rw /cygdrive/d/a + umask 077 + PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" + PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel" + ;; +*-darwin*) + PACKAGER=brew + brew install automake + exit 0 + ;; +*) + PACKAGER=apt +esac + +TARGETS=$@ + +INSTALL_FIDO_PPA="no" +export DEBIAN_FRONTEND=noninteractive + +#echo "Setting up for '$TARGETS'" + +set -ex + +if [ -x "`which lsb_release 2>&1`" ]; then + lsb_release -a +fi + +# Ubuntu 22.04 defaults to private home dirs which prevent the +# agent-getpeerid test from running ssh-add as nobody. See +# https://github.com/actions/runner-images/issues/6106 +if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then + echo ~ is not executable by nobody, adding perms. + chmod go+x ~ +fi + +if [ "${TARGETS}" = "kitchensink" ]; then + TARGETS="krb5 libedit pam sk selinux" +fi + +for flag in $CONFIGFLAGS; do + case "$flag" in + --with-pam) TARGETS="${TARGETS} pam" ;; + --with-libedit) TARGETS="${TARGETS} libedit" ;; + esac +done + +for TARGET in $TARGETS; do + case $TARGET in + default|without-openssl|without-zlib|c89) + # nothing to do + ;; + clang-sanitize*) + PACKAGES="$PACKAGES clang-12" + ;; + cygwin-release) + PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel" + ;; + gcc-sanitize*) + ;; + clang-*|gcc-*) + compiler=$(echo $TARGET | sed 's/-Werror//') + PACKAGES="$PACKAGES $compiler" + ;; + krb5) + PACKAGES="$PACKAGES libkrb5-dev" + ;; + heimdal) + PACKAGES="$PACKAGES heimdal-dev" + ;; + libedit) + case "$PACKAGER" in + setup) PACKAGES="$PACKAGES libedit-devel" ;; + apt) PACKAGES="$PACKAGES libedit-dev" ;; + esac + ;; + *pam) + PACKAGES="$PACKAGES libpam0g-dev" + ;; + sk) + INSTALL_FIDO_PPA="yes" + PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev" + ;; + selinux) + PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev" + ;; + hardenedmalloc) + INSTALL_HARDENED_MALLOC=yes + ;; + musl) + PACKAGES="$PACKAGES musl-tools" + ;; + tcmalloc) + PACKAGES="$PACKAGES libgoogle-perftools-dev" + ;; + openssl-noec) + INSTALL_OPENSSL=OpenSSL_1_1_1k + SSLCONFOPTS="no-ec" + ;; + openssl-*) + INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-) + case ${INSTALL_OPENSSL} in + 1.1.1_stable) INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;; + 1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;; + 3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;; + esac + PACKAGES="${PACKAGES} putty-tools" + ;; + libressl-*) + INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-) + case ${INSTALL_LIBRESSL} in + master) ;; + *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;; + esac + PACKAGES="${PACKAGES} putty-tools" + ;; + valgrind*) + PACKAGES="$PACKAGES valgrind" + ;; + *) echo "Invalid option '${TARGET}'" + exit 1 + ;; + esac +done + +if [ "yes" = "$INSTALL_FIDO_PPA" ]; then + sudo apt update -qq + sudo apt install -qy software-properties-common + sudo apt-add-repository -y ppa:yubico/stable +fi + +tries=3 +while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do + case "$PACKAGER" in + apt) + sudo apt update -qq + if sudo apt install -qy $PACKAGES; then + PACKAGES="" + fi + ;; + setup) + if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then + PACKAGES="" + fi + ;; + esac + if [ ! -z "$PACKAGES" ]; then + sleep 90 + fi + tries=$(($tries - 1)) +done +if [ ! -z "$PACKAGES" ]; then + echo "Package installation failed." + exit 1 +fi + +if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then + (cd ${HOME} && + git clone https://github.com/GrapheneOS/hardened_malloc.git && + cd ${HOME}/hardened_malloc && + make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/) +fi + +if [ ! -z "${INSTALL_OPENSSL}" ]; then + (cd ${HOME} && + git clone https://github.com/openssl/openssl.git && + cd ${HOME}/openssl && + git checkout ${INSTALL_OPENSSL} && + ./config no-threads shared ${SSLCONFOPTS} \ + --prefix=/opt/openssl && + make && sudo make install_sw) +fi + +if [ ! -z "${INSTALL_LIBRESSL}" ]; then + if [ "${INSTALL_LIBRESSL}" = "master" ]; then + (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl && + git clone https://github.com/libressl-portable/portable.git && + cd ${HOME}/libressl/portable && + git checkout ${INSTALL_LIBRESSL} && + sh update.sh && sh autogen.sh && + ./configure --prefix=/opt/libressl && + make -j2 && sudo make install) + else + LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL + (cd ${HOME} && + wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz && + tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz && + cd libressl-${INSTALL_LIBRESSL} && + ./configure --prefix=/opt/libressl && make -j2 && sudo make install) + fi +fi |