diff options
| -rw-r--r-- | .travis.yml | 126 | ||||
| -rwxr-xr-x | configure.py | 2 | ||||
| -rw-r--r-- | src/build-data/cc/clang.txt | 3 | ||||
| -rw-r--r-- | src/build-data/cc/gcc.txt | 7 | ||||
| -rw-r--r-- | src/lib/entropy/cryptoapi_rng/info.txt | 2 | ||||
| -rw-r--r-- | src/lib/entropy/win32_stats/info.txt | 2 | ||||
| -rw-r--r-- | src/lib/pubkey/pubkey.cpp | 6 | ||||
| -rw-r--r-- | src/lib/utils/calendar.cpp | 11 | ||||
| -rw-r--r-- | src/lib/utils/os_utils.cpp | 2 | ||||
| -rwxr-xr-x | src/scripts/ci/travis/build.sh | 212 | ||||
| -rwxr-xr-x | src/scripts/ci/travis/install.sh | 29 | ||||
| -rw-r--r-- | src/tests/test_ffi.cpp | 37 |
12 files changed, 279 insertions, 160 deletions
diff --git a/.travis.yml b/.travis.yml index e71e76d2a..188ef0a81 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,113 +1,86 @@ -dist: trusty - -sudo: required - language: cpp -# BEGIN BUILD MATRIX -# -# Build matrix must be smaller on branch coverity_scan because quota allows -# only 5 Coverity Scan jobs at once. Thus we have different versions of this -# file on branch master and coverity_scan. -# -# Please keep this file as much in sync as possible to allow easy merging -# from master into coverity_scan and only have differences in the build -# matrix block. -# -# Check the difference as follows: -# $ git checkout master -# $ git checkout coverity_scan -# $ git difftool master coverity_scan .travis.yml os: - linux - osx +dist: trusty +sudo: required osx_image: xcode7 compiler: - clang - gcc -git: - depth: 5 - env: global: + - CCACHE_SIZE=50M + - CCACHE_COMPRESS=1 + - BUILD_JOBS=2 # SONAR_TOKEN for accessing the SonarQube server - secure: "VezRbHFg6kllV5WG06M3tG3aHJaC3xrMylJ6RCVbL+uz2JeralVCqV7eIk4fVb9cu83Li+weEa0AJj0wkxpIUJ+vUh5F65L6gSWSbgHP7muOSVsmnEc6KvX4n3av/ZGe4geSmsxqh2pd/2xI1h7KioGRhKeqaZIdjVgWgGJW2iQ=" # GITHUB_TOKEN for posting found issues as comments in the PR that's beeing analyzed by SonarQube - secure: "Th0mBSkUCDqu+EA6F7zA6DCSDZBNunfndANyq06BwaFlj71daWWjthwYFsfg3T5N2ZmI+PsULQQpOirCnJt1lbNHhMVJwZPkW0JnjoxbSNpSI2+nHv7+GO9X9WjK0LRFawiQu8WxmLMQDA+0oR0BERSFKc3gmbuav9fDfla0dXg=" matrix: - - TARGETOS="native" MODULES="all" BOOST="n" BUILD_MODE="shared" - - TARGETOS="native" MODULES="all" BOOST="n" BUILD_MODE="static" - - TARGETOS="native" MODULES="all" BOOST="n" BUILD_MODE="coverage" - - TARGETOS="native" MODULES="all" BOOST="n" BUILD_MODE="sanitizer" - - TARGETOS="native" MODULES="all" BOOST="n" BUILD_MODE="sonarqube" - - TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="shared" - - TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="static" - - TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="coverage" - - TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="sanitizer" - - - TARGETOS="native" MODULES="min" BOOST="n" BUILD_MODE="shared" - - TARGETOS="native" MODULES="min" BOOST="n" BUILD_MODE="static" - - TARGETOS="native" MODULES="min" BOOST="y" BUILD_MODE="shared" - - TARGETOS="native" MODULES="min" BOOST="y" BUILD_MODE="static" - - - TARGETOS="ios32" MODULES="all" BOOST="n" BUILD_MODE="static" - - TARGETOS="ios64" MODULES="all" BOOST="n" BUILD_MODE="static" + - BUILD_MODE="shared" + - BUILD_MODE="static" + - BUILD_MODE="coverage" + - BUILD_MODE="sanitizer" + - BUILD_MODE="sonarqube" + - BUILD_MODE="valgrind" + - BUILD_MODE="mini-shared" + - BUILD_MODE="mini-static" + - BUILD_MODE="cross-arm32" + - BUILD_MODE="cross-arm64" + - BUILD_MODE="cross-ppc32" + - BUILD_MODE="cross-ppc64" + - BUILD_MODE="cross-win32" matrix: + # Ignore some problem builds for now + allow_failures: + - os: linux + env: BUILD_MODE="cross-ppc32" + - os: linux + env: BUILD_MODE="cross-ppc64" + - os: linux + env: BUILD_MODE="cross-win32" + exclude: + # Skip GCC on OS X entirely - os: osx compiler: gcc - # No boost on Linux because installing Boost is easier on OS X - - os: linux - env: TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="shared" - - os: linux - env: TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="static" - - os: linux - env: TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="coverage" - - os: linux - env: TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="sanitizer" - - os: linux - env: TARGETOS="native" MODULES="min" BOOST="y" BUILD_MODE="shared" - - os: linux - env: TARGETOS="native" MODULES="min" BOOST="y" BUILD_MODE="static" + # Use LLVM Clang + GCC for ASan/UBsan checks + - os: osx + env: BUILD_MODE="sanitizer" - # No coverage, sanitizer and sonarqube on clang + # Run coverage, valgrind, sonarqube, minimized and non-ARM cross builds on Linux/gcc only - compiler: clang - env: TARGETOS="native" MODULES="all" BOOST="n" BUILD_MODE="coverage" + env: BUILD_MODE="coverage" - compiler: clang - env: TARGETOS="native" MODULES="all" BOOST="n" BUILD_MODE="sanitizer" + env: BUILD_MODE="sonarqube" - compiler: clang - env: TARGETOS="native" MODULES="all" BOOST="n" BUILD_MODE="sonarqube" + env: BUILD_MODE="valgrind" - compiler: clang - env: TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="coverage" + env: BUILD_MODE="mini-shared" - compiler: clang - env: TARGETOS="native" MODULES="all" BOOST="y" BUILD_MODE="sanitizer" - - # No minimal builds on clang + env: BUILD_MODE="mini-static" - compiler: clang - env: TARGETOS="native" MODULES="min" BOOST="n" BUILD_MODE="shared" + env: BUILD_MODE="cross-win32" - compiler: clang - env: TARGETOS="native" MODULES="min" BOOST="n" BUILD_MODE="static" + env: BUILD_MODE="cross-ppc32" - compiler: clang - env: TARGETOS="native" MODULES="min" BOOST="y" BUILD_MODE="shared" - - compiler: clang - env: TARGETOS="native" MODULES="min" BOOST="y" BUILD_MODE="static" + env: BUILD_MODE="cross-ppc64" + # No ARM Clang compiler on Linux - os: linux - env: TARGETOS="ios32" MODULES="all" BOOST="n" BUILD_MODE="static" + compiler: clang + env: BUILD_MODE="cross-arm32" - os: linux - env: TARGETOS="ios64" MODULES="all" BOOST="n" BUILD_MODE="static" -# END BUILD MATRIX - -cache: - ccache: true - directories: - - $HOME/.sonar/cache + compiler: clang + env: BUILD_MODE="cross-arm64" install: - ./src/scripts/ci/travis/install.sh @@ -121,6 +94,14 @@ after_success: notifications: email: [email protected] +git: + depth: 5 + +cache: + ccache: true + directories: + - $HOME/.sonar/cache + addons: sonarqube: true @@ -131,3 +112,4 @@ addons: build_command_prepend: "./configure.py --cc-bin=/usr/bin/g++-4.8" build_command: "make -j2" branch_pattern: coverity_scan + diff --git a/configure.py b/configure.py index 9d30d08a0..82f30cd47 100755 --- a/configure.py +++ b/configure.py @@ -1841,7 +1841,7 @@ def main(argv = None): logging.getLogger().setLevel(log_level()) - logging.debug('%s invoked with options "%s"' % ( + logging.info('%s invoked with options "%s"' % ( argv[0], ' '.join(argv[1:]))) logging.info('Platform: OS="%s" machine="%s" proc="%s"' % ( diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 0e2963665..d6e3ecfe3 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -16,7 +16,8 @@ maintainer_warning_flags "-Qunused-arguments -Werror -Wno-error=unused-parameter compile_flags "-c" debug_info_flags "-g" optimization_flags "-O3" -sanitizer_flags "-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined" +#sanitizer_flags "-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined" +sanitizer_flags "-fsanitize=address,undefined" shared_flags "-fPIC" coverage_flags "--coverage" diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 0687a6dd0..d3473454b 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -8,8 +8,11 @@ add_lib_dir_option -L add_lib_option -l lang_flags "-std=c++11 -D_REENTRANT" -maintainer_warning_flags "-Wold-style-cast -Werror -Wno-error=old-style-cast -Wno-error=zero-as-null-pointer-constant -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=strict-overflow -Wsuggest-override" -warning_flags "-Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor" + +# This should only contain flags which are included in GCC 4.8 +warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor" + +maintainer_warning_flags "-Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=old-style-cast -Wno-error=zero-as-null-pointer-constant -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=strict-overflow" compile_flags "-c" debug_info_flags "-g" diff --git a/src/lib/entropy/cryptoapi_rng/info.txt b/src/lib/entropy/cryptoapi_rng/info.txt index 8aa166692..941411f67 100644 --- a/src/lib/entropy/cryptoapi_rng/info.txt +++ b/src/lib/entropy/cryptoapi_rng/info.txt @@ -17,6 +17,6 @@ mingw </os> <libs> -windows -> advapi32.lib +windows -> advapi32 mingw -> advapi32 </libs> diff --git a/src/lib/entropy/win32_stats/info.txt b/src/lib/entropy/win32_stats/info.txt index 48eb91faa..c17acce58 100644 --- a/src/lib/entropy/win32_stats/info.txt +++ b/src/lib/entropy/win32_stats/info.txt @@ -15,5 +15,5 @@ mingw </os> <libs> -windows -> user32.lib +windows -> user32 </libs> diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp index c0485fec8..8b24ee983 100644 --- a/src/lib/pubkey/pubkey.cpp +++ b/src/lib/pubkey/pubkey.cpp @@ -54,7 +54,7 @@ PK_Decryptor::decrypt_or_random(const byte in[], { const secure_vector<byte> fake_pms = rng.random_vec(expected_pt_len); - CT::poison(in, length); + //CT::poison(in, length); byte valid_mask = 0; secure_vector<byte> decoded = do_decrypt(valid_mask, in, length); @@ -90,8 +90,8 @@ PK_Decryptor::decrypt_or_random(const byte in[], /*from1*/fake_pms.data(), expected_pt_len); - CT::unpoison(in, length); - CT::unpoison(decoded.data(), decoded.size()); + //CT::unpoison(in, length); + //CT::unpoison(decoded.data(), decoded.size()); return decoded; } diff --git a/src/lib/utils/calendar.cpp b/src/lib/utils/calendar.cpp index 73602d634..2ed90486a 100644 --- a/src/lib/utils/calendar.cpp +++ b/src/lib/utils/calendar.cpp @@ -12,6 +12,7 @@ #include <sstream> #include <iomanip> #include <mutex> +#include <stdlib.h> #if defined(BOTAN_HAS_BOOST_DATETIME) #include <boost/date_time/posix_time/posix_time_types.hpp> @@ -39,7 +40,7 @@ std::tm do_gmtime(std::time_t time_val) return tm; } -#if !defined(BOTAN_TARGET_OS_HAS_TIMEGM) && !defined(BOTAN_TARGET_OS_HAS_MKGMTIME) +#if !defined(BOTAN_TARGET_OS_HAS_TIMEGM) && !(defined(BOTAN_TARGET_OS_HAS_MKGMTIME) && defined(BOTAN_BUILD_COMPILER_IS_MSVC)) #if defined(BOTAN_HAS_BOOST_DATETIME) @@ -67,7 +68,7 @@ std::time_t boost_timegm(std::tm *tm) return out; } -#else +#elif defined(BOTAN_OS_TYPE_IS_UNIX) #pragma message "Caution! A fallback version of timegm() is used which is not thread-safe" @@ -138,13 +139,15 @@ std::chrono::system_clock::time_point calendar_point::to_std_timepoint() const // Define a function alias `botan_timegm` #if defined(BOTAN_TARGET_OS_HAS_TIMEGM) std::time_t (&botan_timegm)(std::tm *tm) = timegm; - #elif defined(BOTAN_TARGET_OS_HAS_MKGMTIME) + #elif defined(BOTAN_TARGET_OS_HAS_MKGMTIME) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) // http://stackoverflow.com/questions/16647819/timegm-cross-platform std::time_t (&botan_timegm)(std::tm *tm) = _mkgmtime; #elif defined(BOTAN_HAS_BOOST_DATETIME) std::time_t (&botan_timegm)(std::tm *tm) = boost_timegm; - #else + #elif defined(BOTAN_OS_TYPE_IS_UNIX) std::time_t (&botan_timegm)(std::tm *tm) = fallback_timegm; + #else + std::time_t (&botan_timegm)(std::tm *tm) = mktime; // localtime instead... #endif // Convert std::tm to std::time_t diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index c00c898a3..33bcf3cff 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -141,7 +141,7 @@ size_t get_memory_locking_limit() return std::min<size_t>(limits.rlim_cur, mlock_requested * 1024); } -#elif defined BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK +#elif defined(BOTAN_TARGET_OS_HAS_VIRTUAL_LOCK) && defined(BOTAN_BUILD_COMPILER_IS_MSVC) SIZE_T working_min = 0, working_max = 0; DWORD working_flags = 0; if(!::GetProcessWorkingSetSizeEx(::GetCurrentProcess(), &working_min, &working_max, &working_flags)) diff --git a/src/scripts/ci/travis/build.sh b/src/scripts/ci/travis/build.sh index 8cdb6ccc9..9248f382f 100755 --- a/src/scripts/ci/travis/build.sh +++ b/src/scripts/ci/travis/build.sh @@ -2,97 +2,171 @@ set -ev which shellcheck > /dev/null && shellcheck "$0" # Run shellcheck on this if available -if [ "$BUILD_MODE" = "static" ]; then - CFG_FLAGS=(--disable-shared --via-amalgamation) -elif [ "$BUILD_MODE" = "shared" ] || [ "$BUILD_MODE" = "sonarqube" ]; then - CFG_FLAGS=() +MAKE_PREFIX="" +TEST_PREFIX="" +TEST_EXE=./botan-test +CFG_FLAGS=(--prefix=/tmp/botan-installation --cc=$CC --os=$TRAVIS_OS_NAME) + +CFG_FLAGS+=(--with-pkcs11) + +CC_BIN=$CXX + +if [ "$BUILD_MODE" = "static" ] || [ "$BUILD_MODE" = "mini-static" ]; then + CFG_FLAGS+=(--disable-shared --via-amalgamation) +elif [ "$BUILD_MODE" = "shared" ] || [ "$BUILD_MODE" = "mini-shared" ]; then + # No special flags required for shared lib build + CFG_FLAGS+=() +elif [ "$BUILD_MODE" = "sonarqube" ]; then + # No special flags required + CFG_FLAGS+=() +elif [ "$BUILD_MODE" = "parallel" ]; then + + if [ "$CC" = "gcc" ]; then + CFG_FLAGS+=(--with-cilkplus) + else + CFG_FLAGS+=(--with-openmp) + fi + elif [ "$BUILD_MODE" = "coverage" ]; then - CFG_FLAGS=(--with-coverage) + CFG_FLAGS+=(--with-coverage) elif [ "$BUILD_MODE" = "sanitizer" ]; then - CFG_FLAGS=(--with-sanitizers) + export ASAN_OPTIONS=detect_leaks=0 + CFG_FLAGS+=(--with-sanitizers) +elif [ "$BUILD_MODE" = "valgrind" ]; then + CFG_FLAGS+=(--with-valgrind --with-debug-info) + TEST_PREFIX="valgrind --track-origins=yes --error-exitcode=9 -v" fi -if [ "$MODULES" = "min" ]; then - CFG_FLAGS+=(--minimized-build --enable-modules=base) +if [ "$BUILD_MODE" = "mini-static" ] || [ "$BUILD_MODE" = "mini-shared" ]; then + CFG_FLAGS+=(--minimized-build --enable-modules="base,dev_random,system_rng,sha2_32,sha2_64,aes") +elif [ "$BUILD_MODE" = "valgrind" ]; then + # Valgrind on Travis on full build takes too long and the job is killed + # Prune to the most important stuff + CFG_FLAGS+=(--module-policy=modern --enable-modules=tls) + +elif [ "${BUILD_MODE:0:5}" != "cross" ]; then + # Only use external libraries when compiling natively + CFG_FLAGS+=(--with-bzip2 --with-lzma --with-sqlite --with-zlib) + + # Avoid OpenSSL when using dynamic checkers... + if [ "$BUILD_MODE" != "sanitizer" ] && [ "$BUILD_MODE" != "valgrind" ]; then + CFG_LFAGS+=(--with-openssl) + fi fi -if [ "$BOOST" = "y" ]; then +if [ "$TRAVIS_OS_NAME" = "osx" ] && [ "${BUILD_MODE:0:5}" != "cross" ]; then + # The Boost-specific codepaths are tested via the OS X CI CFG_FLAGS+=(--with-boost) fi -CFG_FLAGS+=(--with-pkcs11 --prefix=/tmp/botan-installation) +if [ "${BUILD_MODE:0:6}" = "cross-" ]; then + CFG_FLAGS+=(--disable-shared) -# enable ccache -if [ "$BUILD_MODE" != "sonarqube" ]; then - ccache --max-size=100M - ccache --show-stats - export CXX="ccache $CXX" -fi + if [ "$TRAVIS_OS_NAME" = "osx" ]; then + MAKE_PREFIX="xcrun --sdk iphoneos" + if [ "$BUILD_MODE" = "cross-arm32" ]; then + CFG_FLAGS+=(--cpu=armv7 --cc-abi-flags="-arch armv7 -arch armv7s -stdlib=libc++") + elif [ "$BUILD_MODE" = "cross-arm64" ]; then + CFG_FLAGS+=(--cpu=armv8-a --cc-abi-flags="-arch arm64 -stdlib=libc++") + fi + elif [ "$TRAVIS_OS_NAME" = "linux" ]; then + CFG_FLAGS+=(--cc-abi-flags="-static-libstdc++") -# configure -if [ "$TARGETOS" = "ios32" ]; then - ./configure.py "${CFG_FLAGS[@]}" --cpu=armv7 --cc=clang --cc-bin="$CXX" \ - --cc-abi-flags="-arch armv7 -arch armv7s -stdlib=libc++" + if [ "$BUILD_MODE" = "cross-arm32" ]; then + CC_BIN=arm-linux-gnueabihf-g++-4.8 + TEST_PREFIX="qemu-arm -L /usr/arm-linux-gnueabihf/" + CFG_FLAGS+=(--cpu=armv7) + CFG_FLAGS+=(--module-policy=modern --enable-modules=tls) + elif [ "$BUILD_MODE" = "cross-arm64" ]; then + CC_BIN=aarch64-linux-gnu-g++-4.8 + TEST_PREFIX="qemu-aarch64 -L /usr/aarch64-linux-gnu/" + CFG_FLAGS+=(--cpu=armv8-a) + CFG_FLAGS+=(--module-policy=modern --enable-modules=tls) + elif [ "$BUILD_MODE" = "cross-ppc32" ]; then + CC_BIN=powerpc-linux-gnu-g++-4.8 + TEST_PREFIX="qemu-ppc -L /usr/powerpc-linux-gnu/" + CFG_FLAGS+=(--cpu=ppc32) + CFG_FLAGS+=(--module-policy=modern --enable-modules=tls) + elif [ "$BUILD_MODE" = "cross-ppc64" ]; then + CC_BIN=powerpc64le-linux-gnu-g++-4.8 + TEST_PREFIX="qemu-ppc64 -L /usr/powerpc64le-linux-gnu/" + CFG_FLAGS+=(--cpu=ppc64) + CFG_FLAGS+=(--module-policy=modern --enable-modules=tls) + elif [ "$BUILD_MODE" = "cross-win32" ]; then + CC_BIN=i686-w64-mingw32-g++ + # No test prefix needed, PE executes as usual with Wine installed + CFG_FLAGS+=(--cpu=x86_32 --os=windows --cc-abi-flags="-static") + TEST_EXE=./botan-test.exe + fi + fi +fi -elif [ "$TARGETOS" = "ios64" ]; then - ./configure.py "${CFG_FLAGS[@]}" --cpu=armv8-a --cc=clang --cc-bin="$CXX" \ - --cc-abi-flags="-arch arm64 -stdlib=libc++" +CFG_FLAGS+=(--cc-bin="ccache $CC_BIN") -else - ./configure.py "${CFG_FLAGS[@]}" --cc="$CC" --cc-bin="$CXX" \ - --with-bzip2 --with-lzma --with-openssl --with-sqlite --with-zlib +if [ "$BUILD_MODE" = "sonarqube" ]; then + MAKE_PREFIX="./build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir bw-outputs" fi -# build -if [ "${TARGETOS:0:3}" = "ios" ]; then - xcrun --sdk iphoneos make -j 2 -elif [ "$BUILD_MODE" = "sonarqube" ]; then - ./build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir bw-outputs make -j 2 -else - make -j 2 -fi +# configure +./configure.py "${CFG_FLAGS[@]}" -# Show post-build ccache stats -if [ "$BUILD_MODE" != "sonarqube" ]; then - ccache --show-stats -fi +# pre-build ccache stats +ccache --show-stats + +# build! +echo $MAKE_PREFIX make -j $BUILD_JOBS +time $MAKE_PREFIX make -j $BUILD_JOBS + +# post-build ccache stats +ccache --show-stats # Run SonarQube analysis -if [ "$TRAVIS_BRANCH" = "master" ] && [ "$TRAVIS_PULL_REQUEST" = "false" ] && [ "$BUILD_MODE" = "sonarqube" ]; then - # => This will run a full analysis of the project and push results to the SonarQube server. - # - # Analysis is done only on master so that build of branches don't push analyses to the same project and therefore "pollute" the results - echo "Starting analysis by SonarQube..." - sonar-scanner -Dsonar.login=$SONAR_TOKEN -fi -# PR analysis deactivated at least until custom quality profiles can be created -#elif [ "$TRAVIS_PULL_REQUEST" != "false" ] && [ -n "${GITHUB_TOKEN-}" ] && [ "$BUILD_MODE" = "sonarqube" ]; then - # => This will analyse the PR and display found issues as comments in the PR, but it won't push results to the SonarQube server - # - # For security reasons environment variables are not available on the pull requests - # coming from outside repositories - # http://docs.travis-ci.com/user/pull-requests/#Security-Restrictions-when-testing-Pull-Requests - # That's why the analysis does not need to be executed if the variable GITHUB_TOKEN is not defined. -# echo "Starting Pull Request analysis by SonarQube..." -# sonar-scanner -Dsonar.login=$SONAR_TOKEN \ -# -Dsonar.analysis.mode=preview \ -# -Dsonar.github.oauth=$GITHUB_TOKEN \ -# -Dsonar.github.repository=$TRAVIS_REPO_SLUG \ -# -Dsonar.github.pullRequest=$TRAVIS_PULL_REQUEST -#fi -# When neither on master branch nor on a non-external pull request => nothing to do - -if [ "$MODULES" != "min" ] && [ "${TARGETOS:0:3}" != "ios" ] && [ "$BUILD_MODE" != "sonarqube" ]; then - ./botan-test +if [ "$BUILD_MODE" = "sonarqube" ]; then + + if [ "$TRAVIS_BRANCH" = "master" ] && [ "$TRAVIS_PULL_REQUEST" = "false" ]; then + # => This will run a full analysis of the project and push results to the SonarQube server. + # + # Analysis is done only on master so that build of branches don't push analyses to the same project and therefore "pollute" the results + echo "Starting analysis by SonarQube..." + sonar-scanner "-Dsonar.login=$SONAR_TOKEN" + + # PR analysis deactivated at least until custom quality profiles can be created + elif false && [ "$TRAVIS_PULL_REQUEST" != "false" ] && [ -n "${GITHUB_TOKEN-}" ]; then + # => This will analyse the PR and display found issues as comments in the PR, but it won't push results to the SonarQube server + # + # For security reasons environment variables are not available on the pull requests + # coming from outside repositories + # http://docs.travis-ci.com/user/pull-requests/#Security-Restrictions-when-testing-Pull-Requests + # That's why the analysis does not need to be executed if the variable GITHUB_TOKEN is not defined. + echo "Starting Pull Request analysis by SonarQube..." + sonar-scanner -Dsonar.login=$SONAR_TOKEN \ + -Dsonar.analysis.mode=preview \ + -Dsonar.github.oauth=$GITHUB_TOKEN \ + -Dsonar.github.repository=$TRAVIS_REPO_SLUG \ + -Dsonar.github.pullRequest=$TRAVIS_PULL_REQUEST + fi + # When neither on master branch nor on a non-external pull request => nothing to do + fi + +if [ "$BUILD_MODE" == "sonarqube" ] || \ + ( [ "${BUILD_MODE:0:5}" == "cross" ] && [ "$TRAVIS_OS_NAME" == "osx" ] ); then + echo "Running tests disabled on this build type" +else + echo Running $TEST_PREFIX $TEST_EXE + time $TEST_PREFIX $TEST_EXE fi -if [ "$MODULES" != "min" ] && [ "$BUILD_MODE" = "shared" ] && [ "$TARGETOS" = "native" ] +# Run Python tests (need shared libs) +if [ "$BUILD_MODE" = "shared" ] then - python2 --version - python3 --version - LD_LIBRARY_PATH=. python2 src/python/botan.py - LD_LIBRARY_PATH=. python3 src/python/botan.py + # TODO: find all things in PATH that begin with python- and execute them :) + for py in python2 python3 + do + $py --version + LD_LIBRARY_PATH=. $py src/python/botan.py + done fi +# Test make install make install diff --git a/src/scripts/ci/travis/install.sh b/src/scripts/ci/travis/install.sh index a9d38ed80..987438127 100755 --- a/src/scripts/ci/travis/install.sh +++ b/src/scripts/ci/travis/install.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -ev which shellcheck > /dev/null && shellcheck "$0" # Run shellcheck on this if available @@ -18,13 +18,38 @@ if [ "$BUILD_MODE" = "sonarqube" ]; then unzip build-wrapper-linux-x86.zip fi +if [ "$TRAVIS_OS_NAME" = "linux" ]; then + if [ "$BUILD_MODE" = "valgrind" ] || [ "${BUILD_MODE:0:5}" = "cross" ]; then + sudo apt-get -qq update + + if [ "$BUILD_MODE" = "valgrind" ]; then + sudo apt-get install valgrind + elif [ "$BUILD_MODE" = "cross-arm32" ]; then + sudo apt-get install g++-4.8-arm-linux-gnueabihf libc6-dev-armhf-cross qemu-user + elif [ "$BUILD_MODE" = "cross-arm64" ]; then + sudo apt-get install g++-4.8-aarch64-linux-gnu libc6-dev-arm64-cross qemu-user + elif [ "$BUILD_MODE" = "cross-ppc32" ]; then + sudo apt-get install g++-4.8-powerpc-linux-gnu libc6-dev-powerpc-cross qemu-user + elif [ "$BUILD_MODE" = "cross-ppc64" ]; then + sudo apt-get install g++-4.8-powerpc64le-linux-gnu libc6-dev-ppc64el-cross qemu-user + elif [ "$BUILD_MODE" = "cross-win32" ]; then + sudo apt-get install g++-mingw-w64-i686 mingw-w64-i686-dev + + # See https://github.com/travis-ci/travis-ci/issues/6460 + sudo dpkg --add-architecture i386 + sudo apt-get -qq update # have to update again due to adding i386 above + sudo apt-get install wine + fi + fi +fi + if [ "$TRAVIS_OS_NAME" = "osx" ]; then # Workaround for https://github.com/Homebrew/homebrew/issues/42553 brew update || brew update brew install ccache - if [ "$TARGETOS" = "native" ]; then + if [ "$BUILD_MODE" != "cross-arm32" ] && [ "$BUILD_MODE" != "cross-arm64" ]; then brew install xz brew install python # python2 brew install python3 diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 7f1182fe0..d48111683 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -406,13 +406,38 @@ class FFI_Unit_Tests : public Test TEST_FFI_OK(botan_pubkey_export, (pub, pubkey.data(), &pubkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_PEM)); // export private key + std::vector<uint8_t> privkey; size_t privkey_len = 0; + + /* + * botan_privkey_export is bogus for several reasons. first it hardcodes a 300 msec + * pbkdf, instead of taking that as an argument. secondly, calling it twice not only + * returns different results (due to the encryption) but they may have different sizes, + * if the number of PBKDF iterations that is used in the two runs differs greatly, and + * ends up encoding as fewer bytes in the variable length ASN.1 encoding used in PKCS #8 + * private key encryption. + * + * here request the size but then add 10 bytes. this is an attempt to avoid occasional + * cases on CI where the above case occurs, and the build fails because on the second + * call, more space was required than the first call had returned. + */ + const size_t privkey_size_slop = 10; + + // call with nullptr to query the length TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export, (priv, nullptr, &privkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_DER)); - std::vector<uint8_t> privkey(privkey_len); + privkey.resize(privkey_len + privkey_size_slop); + privkey_len = privkey.size(); // set buffer size + TEST_FFI_OK(botan_privkey_export, (priv, privkey.data(), &privkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_DER)); + privkey.resize(privkey_len); + + result.test_lt("Reasonable size", 64, privkey.size()); + + // Now again for PEM privkey_len = 0; + TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export, (priv, nullptr, &privkey_len, BOTAN_PRIVKEY_EXPORT_FLAG_PEM)); privkey.resize(privkey_len); @@ -422,9 +447,10 @@ class FFI_Unit_Tests : public Test privkey_len = 0; TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted, (priv, nullptr, &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER)); - privkey.resize(privkey_len); - TEST_FFI_OK(botan_privkey_export_encrypted, (priv, privkey.data(), &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER)); + privkey.resize(privkey_len + privkey_size_slop); + privkey_len = privkey.size(); + TEST_FFI_OK(botan_privkey_export_encrypted, (priv, privkey.data(), &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_DER)); privkey_len = 0; TEST_FFI_RC(BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE, botan_privkey_export_encrypted, (priv, nullptr, &privkey_len, rng, "password", "", BOTAN_PRIVKEY_EXPORT_FLAG_PEM)); @@ -642,6 +668,7 @@ class FFI_Unit_Tests : public Test Test::Result result("FFI"); botan_privkey_t priv; +#if defined(BOTAN_HAS_MCELIECE) if (TEST_FFI_OK(botan_privkey_create_mceliece, (&priv, rng, 2048, 50))) { botan_pubkey_t pub; @@ -683,6 +710,10 @@ class FFI_Unit_Tests : public Test TEST_FFI_OK(botan_pubkey_destroy, (pub)); TEST_FFI_OK(botan_privkey_destroy, (priv)); } +#else + // Not included, test that calling the FFI function work (and returns an error) + TEST_FFI_RC(BOTAN_FFI_ERROR_NOT_IMPLEMENTED, botan_privkey_create_mceliece, (&priv, rng, 2048, 50)); +#endif return result; } |