summaryrefslogtreecommitdiffstats
path: root/.github/setup_ci.sh
diff options
context:
space:
mode:
Diffstat (limited to '.github/setup_ci.sh')
-rwxr-xr-x.github/setup_ci.sh201
1 files changed, 201 insertions, 0 deletions
diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
new file mode 100755
index 0000000..e4480e6
--- /dev/null
+++ b/.github/setup_ci.sh
@@ -0,0 +1,201 @@
+#!/bin/sh
+
+PACKAGES=""
+
+ . .github/configs $@
+
+case "`./config.guess`" in
+*cygwin)
+ PACKAGER=setup
+ echo Setting CYGWIN sustem environment variable.
+ setx CYGWIN "binmode"
+ chmod -R go-rw /cygdrive/d/a
+ umask 077
+ PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
+ PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
+ ;;
+*-darwin*)
+ PACKAGER=brew
+ brew install automake
+ exit 0
+ ;;
+*)
+ PACKAGER=apt
+esac
+
+TARGETS=$@
+
+INSTALL_FIDO_PPA="no"
+export DEBIAN_FRONTEND=noninteractive
+
+#echo "Setting up for '$TARGETS'"
+
+set -ex
+
+if [ -x "`which lsb_release 2>&1`" ]; then
+ lsb_release -a
+fi
+
+# Ubuntu 22.04 defaults to private home dirs which prevent the
+# agent-getpeerid test from running ssh-add as nobody. See
+# https://github.com/actions/runner-images/issues/6106
+if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then
+ echo ~ is not executable by nobody, adding perms.
+ chmod go+x ~
+fi
+
+if [ "${TARGETS}" = "kitchensink" ]; then
+ TARGETS="krb5 libedit pam sk selinux"
+fi
+
+for flag in $CONFIGFLAGS; do
+ case "$flag" in
+ --with-pam) TARGETS="${TARGETS} pam" ;;
+ --with-libedit) TARGETS="${TARGETS} libedit" ;;
+ esac
+done
+
+for TARGET in $TARGETS; do
+ case $TARGET in
+ default|without-openssl|without-zlib|c89)
+ # nothing to do
+ ;;
+ clang-sanitize*)
+ PACKAGES="$PACKAGES clang-12"
+ ;;
+ cygwin-release)
+ PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel"
+ ;;
+ gcc-sanitize*)
+ ;;
+ clang-*|gcc-*)
+ compiler=$(echo $TARGET | sed 's/-Werror//')
+ PACKAGES="$PACKAGES $compiler"
+ ;;
+ krb5)
+ PACKAGES="$PACKAGES libkrb5-dev"
+ ;;
+ heimdal)
+ PACKAGES="$PACKAGES heimdal-dev"
+ ;;
+ libedit)
+ case "$PACKAGER" in
+ setup) PACKAGES="$PACKAGES libedit-devel" ;;
+ apt) PACKAGES="$PACKAGES libedit-dev" ;;
+ esac
+ ;;
+ *pam)
+ PACKAGES="$PACKAGES libpam0g-dev"
+ ;;
+ sk)
+ INSTALL_FIDO_PPA="yes"
+ PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev"
+ ;;
+ selinux)
+ PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
+ ;;
+ hardenedmalloc)
+ INSTALL_HARDENED_MALLOC=yes
+ ;;
+ musl)
+ PACKAGES="$PACKAGES musl-tools"
+ ;;
+ tcmalloc)
+ PACKAGES="$PACKAGES libgoogle-perftools-dev"
+ ;;
+ openssl-noec)
+ INSTALL_OPENSSL=OpenSSL_1_1_1k
+ SSLCONFOPTS="no-ec"
+ ;;
+ openssl-*)
+ INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-)
+ case ${INSTALL_OPENSSL} in
+ 1.1.1_stable) INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;;
+ 1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;;
+ 3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;;
+ esac
+ PACKAGES="${PACKAGES} putty-tools"
+ ;;
+ libressl-*)
+ INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
+ case ${INSTALL_LIBRESSL} in
+ master) ;;
+ *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;;
+ esac
+ PACKAGES="${PACKAGES} putty-tools"
+ ;;
+ valgrind*)
+ PACKAGES="$PACKAGES valgrind"
+ ;;
+ *) echo "Invalid option '${TARGET}'"
+ exit 1
+ ;;
+ esac
+done
+
+if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
+ sudo apt update -qq
+ sudo apt install -qy software-properties-common
+ sudo apt-add-repository -y ppa:yubico/stable
+fi
+
+tries=3
+while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do
+ case "$PACKAGER" in
+ apt)
+ sudo apt update -qq
+ if sudo apt install -qy $PACKAGES; then
+ PACKAGES=""
+ fi
+ ;;
+ setup)
+ if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then
+ PACKAGES=""
+ fi
+ ;;
+ esac
+ if [ ! -z "$PACKAGES" ]; then
+ sleep 90
+ fi
+ tries=$(($tries - 1))
+done
+if [ ! -z "$PACKAGES" ]; then
+ echo "Package installation failed."
+ exit 1
+fi
+
+if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
+ (cd ${HOME} &&
+ git clone https://github.com/GrapheneOS/hardened_malloc.git &&
+ cd ${HOME}/hardened_malloc &&
+ make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/)
+fi
+
+if [ ! -z "${INSTALL_OPENSSL}" ]; then
+ (cd ${HOME} &&
+ git clone https://github.com/openssl/openssl.git &&
+ cd ${HOME}/openssl &&
+ git checkout ${INSTALL_OPENSSL} &&
+ ./config no-threads shared ${SSLCONFOPTS} \
+ --prefix=/opt/openssl &&
+ make && sudo make install_sw)
+fi
+
+if [ ! -z "${INSTALL_LIBRESSL}" ]; then
+ if [ "${INSTALL_LIBRESSL}" = "master" ]; then
+ (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
+ git clone https://github.com/libressl-portable/portable.git &&
+ cd ${HOME}/libressl/portable &&
+ git checkout ${INSTALL_LIBRESSL} &&
+ sh update.sh && sh autogen.sh &&
+ ./configure --prefix=/opt/libressl &&
+ make -j2 && sudo make install)
+ else
+ LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL
+ (cd ${HOME} &&
+ wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz &&
+ tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz &&
+ cd libressl-${INSTALL_LIBRESSL} &&
+ ./configure --prefix=/opt/libressl && make -j2 && sudo make install)
+ fi
+fi