summaryrefslogtreecommitdiffstats
path: root/.gitlab/ci
diff options
context:
space:
mode:
Diffstat (limited to '.gitlab/ci')
-rw-r--r--.gitlab/ci/alpinelinux.yml55
-rw-r--r--.gitlab/ci/annocheck.yml19
-rw-r--r--.gitlab/ci/centos.yml59
-rwxr-xr-x.gitlab/ci/cibuild-setup-ubuntu.sh50
-rw-r--r--.gitlab/ci/cifuzz.yml46
-rwxr-xr-x.gitlab/ci/clang-Wall49
-rw-r--r--.gitlab/ci/compilation-clang.gitlab-ci.yml27
-rw-r--r--.gitlab/ci/compilation-gcc.gitlab-ci.yml27
-rw-r--r--.gitlab/ci/compilation-various-disables.yml21
-rw-r--r--.gitlab/ci/csmock.yml17
-rw-r--r--.gitlab/ci/debian.yml56
-rw-r--r--.gitlab/ci/fedora.yml60
-rwxr-xr-x.gitlab/ci/gcc-Wall57
-rw-r--r--.gitlab/ci/gitlab-shared-docker.yml31
-rw-r--r--.gitlab/ci/rhel.yml106
-rw-r--r--.gitlab/ci/ubuntu-32bit.yml41
16 files changed, 721 insertions, 0 deletions
diff --git a/.gitlab/ci/alpinelinux.yml b/.gitlab/ci/alpinelinux.yml
new file mode 100644
index 0000000..81bd6cb
--- /dev/null
+++ b/.gitlab/ci/alpinelinux.yml
@@ -0,0 +1,55 @@
+.alpinelinux-dependencies:
+ after_script:
+ - sudo dmesg > /mnt/artifacts/dmesg.log
+ - sudo cp /var/log/messages /mnt/artifacts/
+ - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true'
+ before_script:
+ - >
+ sudo apk add
+ lvm2-dev openssl1.1-compat-dev popt-dev util-linux-dev json-c-dev
+ argon2-dev device-mapper which sharutils gettext gettext-dev automake
+ autoconf libtool build-base keyutils tar jq expect git asciidoctor
+ - ./autogen.sh
+ - ./configure --prefix=/usr --libdir=/lib --sbindir=/sbin --disable-static --enable-libargon2 --with-crypto_backend=openssl --disable-external-tokens --disable-ssh-token --enable-asciidoc
+
+test-main-commit-job-alpinelinux:
+ extends:
+ - .alpinelinux-dependencies
+ tags:
+ - libvirt
+ - alpinelinux
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "0"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-mergerq-job-alpinelinux:
+ extends:
+ - .alpinelinux-dependencies
+ tags:
+ - libvirt
+ - alpinelinux
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "0"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
diff --git a/.gitlab/ci/annocheck.yml b/.gitlab/ci/annocheck.yml
new file mode 100644
index 0000000..5b3a715
--- /dev/null
+++ b/.gitlab/ci/annocheck.yml
@@ -0,0 +1,19 @@
+test-main-commit-job-annocheck:
+ extends:
+ - .dump_kernel_log
+ tags:
+ - libvirt
+ - rhel9-annocheck
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - /opt/build-rpm-script.sh > /dev/null 2>&1
+ - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el9
+ - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el8
diff --git a/.gitlab/ci/centos.yml b/.gitlab/ci/centos.yml
new file mode 100644
index 0000000..6f5559c
--- /dev/null
+++ b/.gitlab/ci/centos.yml
@@ -0,0 +1,59 @@
+.centos-openssl-backend:
+ extends:
+ - .dump_kernel_log
+ before_script:
+ - >
+ sudo dnf -y -q install
+ autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
+ libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool
+ libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd
+ pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper
+ expect gettext git jq keyutils openssl-devel openssl gem
+ - sudo gem install asciidoctor
+ - sudo -E git clean -xdf
+ - ./autogen.sh
+ - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc
+
+# non-FIPS jobs
+
+test-main-commit-centos-stream9:
+ extends:
+ - .centos-openssl-backend
+ tags:
+ - libvirt
+ - centos-stream9
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-mergerq-centos-stream9:
+ extends:
+ - .centos-openssl-backend
+ tags:
+ - libvirt
+ - centos-stream9
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
diff --git a/.gitlab/ci/cibuild-setup-ubuntu.sh b/.gitlab/ci/cibuild-setup-ubuntu.sh
new file mode 100755
index 0000000..07b0990
--- /dev/null
+++ b/.gitlab/ci/cibuild-setup-ubuntu.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+set -ex
+
+PACKAGES=(
+ git make autoconf automake autopoint pkg-config libtool libtool-bin
+ gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev
+ libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev
+ sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
+ asciidoctor
+)
+
+COMPILER="${COMPILER:?}"
+COMPILER_VERSION="${COMPILER_VERSION:?}"
+
+grep -E '^deb' /etc/apt/sources.list > /etc/apt/sources.list~
+sed -Ei 's/^deb /deb-src /' /etc/apt/sources.list~
+cat /etc/apt/sources.list~ >> /etc/apt/sources.list
+
+apt-get -y update --fix-missing
+DEBIAN_FRONTEND=noninteractive apt-get -yq install software-properties-common wget lsb-release
+RELEASE="$(lsb_release -cs)"
+
+if [[ $COMPILER == "gcc" ]]; then
+ # Latest gcc stack deb packages provided by
+ # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
+ add-apt-repository -y ppa:ubuntu-toolchain-r/test
+ PACKAGES+=(gcc-$COMPILER_VERSION)
+elif [[ $COMPILER == "clang" ]]; then
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+ add-apt-repository "deb http://apt.llvm.org/${RELEASE}/ llvm-toolchain-${RELEASE}-${COMPILER_VERSION} main"
+
+ # scan-build
+ PACKAGES+=(clang-tools-$COMPILER_VERSION clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION)
+ PACKAGES+=(perl)
+else
+ exit 1
+fi
+
+apt-get -y update --fix-missing
+DEBIAN_FRONTEND=noninteractive apt-get -yq install "${PACKAGES[@]}"
+apt-get -y build-dep cryptsetup
+
+echo "====================== VERSIONS ==================="
+if [[ $COMPILER == "clang" ]]; then
+ echo "Using scan-build${COMPILER_VERSION:+-$COMPILER_VERSION}"
+fi
+
+${COMPILER}-$COMPILER_VERSION -v
+echo "====================== END VERSIONS ==================="
diff --git a/.gitlab/ci/cifuzz.yml b/.gitlab/ci/cifuzz.yml
new file mode 100644
index 0000000..063b912
--- /dev/null
+++ b/.gitlab/ci/cifuzz.yml
@@ -0,0 +1,46 @@
+cifuzz:
+ variables:
+ OSS_FUZZ_PROJECT_NAME: cryptsetup
+ CFL_PLATFORM: gitlab
+ CIFUZZ_DEBUG: "True"
+ FUZZ_SECONDS: 300 # 5 minutes per fuzzer
+ ARCHITECTURE: "x86_64"
+ DRY_RUN: "False"
+ LOW_DISK_SPACE: "True"
+ BAD_BUILD_CHECK: "True"
+ LANGUAGE: "c"
+ DOCKER_HOST: "tcp://docker:2375"
+ DOCKER_IN_DOCKER: "true"
+ DOCKER_DRIVER: overlay2
+ DOCKER_TLS_CERTDIR: ""
+ image:
+ name: gcr.io/oss-fuzz-base/cifuzz-base
+ entrypoint: [""]
+ services:
+ - docker:dind
+
+ stage: test
+ parallel:
+ matrix:
+ - SANITIZER: [address, undefined, memory]
+ rules:
+ # Default code change.
+ # - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ # variables:
+ # MODE: "code-change"
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $BUILD_AND_RUN_FUZZERS != null
+ before_script:
+ # Get gitlab's container id.
+ - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset`
+ script:
+ # Will build and run the fuzzers.
+ # We use a hack to override CI_JOB_ID, because otherwise a bad path is used
+ # in GitLab CI environment
+ - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"
+ artifacts:
+ # Upload artifacts when a crash makes the job fail.
+ when: always
+ paths:
+ - artifacts/
diff --git a/.gitlab/ci/clang-Wall b/.gitlab/ci/clang-Wall
new file mode 100755
index 0000000..d09e154
--- /dev/null
+++ b/.gitlab/ci/clang-Wall
@@ -0,0 +1,49 @@
+#!/bin/bash
+# clang -Wall plus other important warnings not included in -Wall
+
+for arg in "$@"
+do
+ case $arg in
+ -O*) Wuninitialized=-Wuninitialized;; # only makes sense with `-O'
+ esac
+done
+
+CLANG="clang${COMPILER_VERSION:+-$COMPILER_VERSION}"
+
+#PEDANTIC="-std=gnu99"
+#PEDANTIC="-pedantic -std=gnu99"
+#PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros"
+#CONVERSION="-Wconversion"
+
+EXTRA="\
+ -Wextra \
+ -Wsign-compare \
+ -Wcast-align
+ -Werror-implicit-function-declaration \
+ -Wpointer-arith \
+ -Wwrite-strings \
+ -Wswitch \
+ -Wmissing-format-attribute \
+ -Winit-self \
+ -Wdeclaration-after-statement \
+ -Wold-style-definition \
+ -Wno-missing-field-initializers \
+ -Wno-unused-parameter \
+ -Wno-long-long"
+
+exec $CLANG $PEDANTIC $CONVERSION \
+ -Wall $Wuninitialized \
+ -Wno-switch \
+ -Wdisabled-optimization \
+ -Wwrite-strings \
+ -Wpointer-arith \
+ -Wbad-function-cast \
+ -Wmissing-prototypes \
+ -Wmissing-declarations \
+ -Wstrict-prototypes \
+ -Wnested-externs \
+ -Wcomment \
+ -Winline \
+ -Wcast-qual \
+ -Wredundant-decls $EXTRA \
+ "$@"
diff --git a/.gitlab/ci/compilation-clang.gitlab-ci.yml b/.gitlab/ci/compilation-clang.gitlab-ci.yml
new file mode 100644
index 0000000..6f5cd42
--- /dev/null
+++ b/.gitlab/ci/compilation-clang.gitlab-ci.yml
@@ -0,0 +1,27 @@
+test-clang-compilation:
+ extends:
+ - .gitlab-shared-clang
+ script:
+ - export CFLAGS="-Wall -Werror"
+ - ./configure
+ - make -j
+ - make -j check-programs
+
+test-clang-Wall-script:
+ extends:
+ - .gitlab-shared-clang
+ script:
+ - export CFLAGS="-g -O0"
+ - export CC="$CI_PROJECT_DIR/.gitlab/ci/clang-Wall"
+ - ./configure
+ - make -j CFLAGS="-g -O0 -Werror"
+ - make -j CFLAGS="-g -O0 -Werror" check-programs
+
+test-scan-build:
+ extends:
+ - .gitlab-shared-clang
+ script:
+ - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} -V ./configure CFLAGS="-g -O0"
+ - make clean
+ - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j
+ - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j check-programs
diff --git a/.gitlab/ci/compilation-gcc.gitlab-ci.yml b/.gitlab/ci/compilation-gcc.gitlab-ci.yml
new file mode 100644
index 0000000..00fae36
--- /dev/null
+++ b/.gitlab/ci/compilation-gcc.gitlab-ci.yml
@@ -0,0 +1,27 @@
+test-gcc-compilation:
+ extends:
+ - .gitlab-shared-gcc
+ script:
+ - export CFLAGS="-Wall -Werror"
+ - ./configure
+ - make -j
+ - make -j check-programs
+
+test-gcc-Wall-script:
+ extends:
+ - .gitlab-shared-gcc
+ script:
+ - export CFLAGS="-g -O0"
+ - export CC="$CI_PROJECT_DIR/.gitlab/ci/gcc-Wall"
+ - ./configure
+ - make -j CFLAGS="-g -O0 -Werror"
+ - make -j CFLAGS="-g -O0 -Werror" check-programs
+
+test-gcc-fanalyzer:
+ extends:
+ - .gitlab-shared-gcc
+ script:
+ - export CFLAGS="-Wall -Werror -g -O0 -fanalyzer -fdiagnostics-path-format=separate-events"
+ - ./configure
+ - make -j
+ - make -j check-programs
diff --git a/.gitlab/ci/compilation-various-disables.yml b/.gitlab/ci/compilation-various-disables.yml
new file mode 100644
index 0000000..1414f9e
--- /dev/null
+++ b/.gitlab/ci/compilation-various-disables.yml
@@ -0,0 +1,21 @@
+test-gcc-disable-compiles:
+ extends:
+ - .gitlab-shared-gcc
+ parallel:
+ matrix:
+ - DISABLE_FLAGS: [
+ "--disable-keyring",
+ "--disable-external-tokens --disable-ssh-token",
+ "--disable-luks2-reencryption",
+ "--disable-cryptsetup --disable-veritysetup --disable-integritysetup",
+ "--disable-kernel_crypto",
+ "--disable-selinux",
+ "--disable-udev",
+ "--disable-internal-argon2",
+ "--disable-blkid"
+ ]
+ script:
+ - export CFLAGS="-Wall -Werror"
+ - ./configure $DISABLE_FLAGS
+ - make -j
+ - make -j check-programs
diff --git a/.gitlab/ci/csmock.yml b/.gitlab/ci/csmock.yml
new file mode 100644
index 0000000..72b53ed
--- /dev/null
+++ b/.gitlab/ci/csmock.yml
@@ -0,0 +1,17 @@
+test-commit-job-csmock:
+ extends:
+ - .dump_kernel_log
+ tags:
+ - libvirt
+ - rhel7-csmock
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ || $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - /opt/csmock-run-script.sh
diff --git a/.gitlab/ci/debian.yml b/.gitlab/ci/debian.yml
new file mode 100644
index 0000000..fad9d97
--- /dev/null
+++ b/.gitlab/ci/debian.yml
@@ -0,0 +1,56 @@
+.debian-prep:
+ extends:
+ - .dump_kernel_log
+ before_script:
+ - >
+ [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] ||
+ sudo apt-get -y install -y -qq swtpm meson ninja-build python3-jinja2
+ gperf libcap-dev tpm2-tss-engine-dev libmount-dev swtpm-tools
+ - >
+ sudo apt-get -y install -y -qq git gcc make autoconf automake autopoint
+ pkgconf libtool libtool-bin gettext libssl-dev libdevmapper-dev
+ libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev
+ tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect
+ keyutils netcat passwd openssh-client sshpass asciidoctor
+ - sudo apt-get -y build-dep cryptsetup
+ - sudo -E git clean -xdf
+ - ./autogen.sh
+ - ./configure --enable-libargon2 --enable-asciidoc
+
+test-mergerq-job-debian:
+ extends:
+ - .debian-prep
+ tags:
+ - libvirt
+ - debian11
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-main-commit-job-debian:
+ extends:
+ - .debian-prep
+ tags:
+ - libvirt
+ - debian11
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
diff --git a/.gitlab/ci/fedora.yml b/.gitlab/ci/fedora.yml
new file mode 100644
index 0000000..7fd9c7e
--- /dev/null
+++ b/.gitlab/ci/fedora.yml
@@ -0,0 +1,60 @@
+.dnf-openssl-backend:
+ extends:
+ - .dump_kernel_log
+ before_script:
+ - >
+ [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] ||
+ sudo dnf -y -q install
+ swtpm meson ninja-build python3-jinja2 gperf libcap-devel tpm2-tss-devel
+ libmount-devel swtpm-tools
+ - >
+ sudo dnf -y -q install
+ autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
+ libargon2-devel libblkid-devel libpwquality-devel libselinux-devel
+ libssh-devel libtool libuuid-devel make popt-devel
+ libsepol-devel.x86_64 netcat openssh-clients passwd pkgconfig sharutils
+ sshpass tar uuid-devel vim-common device-mapper expect gettext git jq
+ keyutils openssl-devel openssl asciidoctor
+ - sudo -E git clean -xdf
+ - ./autogen.sh
+ - ./configure --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl --enable-asciidoc
+
+test-main-commit-job-rawhide:
+ extends:
+ - .dnf-openssl-backend
+ tags:
+ - libvirt
+ - fedora-rawhide
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-mergerq-job-rawhide:
+ extends:
+ - .dnf-openssl-backend
+ tags:
+ - libvirt
+ - fedora-rawhide
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
diff --git a/.gitlab/ci/gcc-Wall b/.gitlab/ci/gcc-Wall
new file mode 100755
index 0000000..6669504
--- /dev/null
+++ b/.gitlab/ci/gcc-Wall
@@ -0,0 +1,57 @@
+#!/bin/bash
+# gcc -Wall plus other important warnings not included in -Wall
+
+for arg in "$@"
+do
+ case $arg in
+ -O*) Wuninitialized=-Wuninitialized;; # only makes sense with `-O'
+ esac
+done
+
+GCC="gcc${COMPILER_VERSION:+-$COMPILER_VERSION}"
+
+#PEDANTIC="-std=gnu99"
+#PEDANTIC="-pedantic -std=gnu99"
+#PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros"
+#CONVERSION="-Wconversion"
+# -Wpacked \
+
+# This does more than expected for gcc (mixed code with declarations)
+# -Wdeclaration-after-statement \
+
+EXTRA="-Wextra \
+ -Wsign-compare \
+ -Werror-implicit-function-declaration \
+ -Wpointer-arith \
+ -Wwrite-strings \
+ -Wswitch \
+ -Wmissing-format-attribute \
+ -Wstrict-aliasing=3 \
+ -Winit-self \
+ -Wunsafe-loop-optimizations \
+ -Wold-style-definition \
+ -Wno-missing-field-initializers \
+ -Wno-unused-parameter \
+ -Wno-long-long \
+ -Wmaybe-uninitialized \
+ -Wvla \
+ -Wformat-overflow \
+ -Wformat-truncation"
+
+exec $GCC $PEDANTIC $CONVERSION \
+ -Wall $Wuninitialized \
+ -Wno-switch \
+ -Wdisabled-optimization \
+ -Wwrite-strings \
+ -Wpointer-arith \
+ -Wbad-function-cast \
+ -Wmissing-prototypes \
+ -Wmissing-declarations \
+ -Wstrict-prototypes \
+ -Wnested-externs \
+ -Wcomment \
+ -Winline \
+ -Wcast-align=strict \
+ -Wcast-qual \
+ -Wredundant-decls $EXTRA \
+ "$@"
diff --git a/.gitlab/ci/gitlab-shared-docker.yml b/.gitlab/ci/gitlab-shared-docker.yml
new file mode 100644
index 0000000..1edacc8
--- /dev/null
+++ b/.gitlab/ci/gitlab-shared-docker.yml
@@ -0,0 +1,31 @@
+.gitlab-shared-docker:
+ image: ubuntu:focal
+ tags:
+ - gitlab-org-docker
+ stage: test
+ interruptible: true
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ before_script:
+ - .gitlab/ci/cibuild-setup-ubuntu.sh
+ - export CC="${COMPILER}${COMPILER_VERSION:+-$COMPILER_VERSION}"
+ - export CXX="${COMPILER}++${COMPILER_VERSION:+-$COMPILER_VERSION}"
+ - ./autogen.sh
+
+.gitlab-shared-gcc:
+ extends:
+ - .gitlab-shared-docker
+ variables:
+ COMPILER: "gcc"
+ COMPILER_VERSION: "11"
+ RUN_SSH_PLUGIN_TEST: "1"
+
+.gitlab-shared-clang:
+ extends:
+ - .gitlab-shared-docker
+ variables:
+ COMPILER: "clang"
+ COMPILER_VERSION: "13"
+ RUN_SSH_PLUGIN_TEST: "1"
diff --git a/.gitlab/ci/rhel.yml b/.gitlab/ci/rhel.yml
new file mode 100644
index 0000000..f71533c
--- /dev/null
+++ b/.gitlab/ci/rhel.yml
@@ -0,0 +1,106 @@
+.rhel-openssl-backend:
+ extends:
+ - .dump_kernel_log
+ before_script:
+ - >
+ sudo yum -y -q install
+ autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
+ libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool
+ libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd
+ pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper
+ expect gettext git jq keyutils openssl-devel openssl gem > /dev/null 2>&1
+ - sudo gem install asciidoctor
+ - sudo -E git clean -xdf
+ - ./autogen.sh
+ - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc
+
+# non-FIPS jobs
+
+test-main-commit-rhel8:
+ extends:
+ - .rhel-openssl-backend
+ tags:
+ - libvirt
+ - rhel8
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-main-commit-rhel9:
+ extends:
+ - .rhel-openssl-backend
+ tags:
+ - libvirt
+ - rhel9
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+# FIPS jobs
+
+test-main-commit-rhel8-fips:
+ extends:
+ - .rhel-openssl-backend
+ tags:
+ - libvirt
+ - rhel8-fips
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - fips-mode-setup --check || exit 1
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-main-commit-rhel9-fips:
+ extends:
+ - .rhel-openssl-backend
+ tags:
+ - libvirt
+ - rhel9-fips
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - fips-mode-setup --check || exit 1
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
diff --git a/.gitlab/ci/ubuntu-32bit.yml b/.gitlab/ci/ubuntu-32bit.yml
new file mode 100644
index 0000000..f51c059
--- /dev/null
+++ b/.gitlab/ci/ubuntu-32bit.yml
@@ -0,0 +1,41 @@
+test-mergerq-job-ubuntu-32bit:
+ extends:
+ - .debian-prep
+ tags:
+ - libvirt
+ - ubuntu-bionic-32bit
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-main-commit-job-ubuntu-32bit:
+ extends:
+ - .debian-prep
+ tags:
+ - libvirt
+ - ubuntu-bionic-32bit
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check