diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2025-10-06 12:29:14 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2025-10-06 12:29:14 +0000 |
| commit | 6409980cbba7323bd1c86249ed16f8bea9fa5490 (patch) | |
| tree | 3710eb5988e5c6b0dd82c46413e96bba7cd18544 /.github | |
| parent | 9792a032f0a99557271d6b7f7b0a955386c1fdbe (diff) | |
Diffstat (limited to '.github')
| -rw-r--r-- | .github/ci-status.md | 22 | ||||
| -rwxr-xr-x | .github/configs | 13 | ||||
| -rwxr-xr-x | .github/install_libcrypto.sh | 75 | ||||
| -rwxr-xr-x | .github/install_putty.sh | 37 | ||||
| -rwxr-xr-x | .github/run_test.sh | 23 | ||||
| -rwxr-xr-x | .github/setup_ci.sh | 73 | ||||
| -rw-r--r-- | .github/workflows/c-cpp.yml | 89 | ||||
| -rw-r--r-- | .github/workflows/selfhosted.yml | 15 | ||||
| -rw-r--r-- | .github/workflows/upstream.yml | 11 | ||||
| -rw-r--r-- | .github/workflows/vm.yml | 371 |
10 files changed, 630 insertions, 99 deletions
diff --git a/.github/ci-status.md b/.github/ci-status.md index 68275715dfb1..5b1f77f2369c 100644 --- a/.github/ci-status.md +++ b/.github/ci-status.md @@ -1,19 +1,17 @@ master : -[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:master) +[](../../../actions/workflows/c-cpp.yml?query=branch:master) +[](../../../actions/workflows/vm.yml?query=branch:master) [](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:master) [](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master) -[](https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml) -[](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) +[](../../../actions/workflows/cifuzz.yml) +[](https://issues.oss-fuzz.com/issues?q="Project:+openssh"+is:open) [](https://scan.coverity.com/projects/openssh-portable) +<br> + +10.0 : +[](../../../actions/workflows/c-cpp.yml?query=branch:V_10_0) +[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_10_0) 9.9 : -[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_9) +[](../../../actions/workflows/c-cpp.yml?query=branch:V_9_9) [](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_9) - -9.8 : -[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_8) -[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_8) - -9.7 : -[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) -[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/.github/configs b/.github/configs index 2526e3ef4812..230258f93f24 100755 --- a/.github/configs +++ b/.github/configs @@ -13,6 +13,10 @@ if [ "$config" = "" ]; then config="default" fi +if [ ! -z "${LTESTS}" ]; then + OVERRIDE_LTESTS="${LTESTS}" +fi + unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO TEST_TARGET="tests compat-tests" @@ -144,6 +148,8 @@ case "$config" in TCMALLOC_STACKTRACE_METHOD=generic_fp TEST_SSH_SSHD_ENV="TCMALLOC_STACKTRACE_METHOD=generic_fp" export TCMALLOC_STACKTRACE_METHOD TEST_SSH_SSHD_ENV + + SKIP_LTESTS="agent-restrict" ;; krb5|heimdal) CONFIGFLAGS="--with-kerberos5" @@ -277,7 +283,7 @@ case "${TARGET_HOST}" in # Native linker is not great with PIC so OpenSSL is built w/out. CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" ;; - fbsd14-ppc64) + fbsd14-ppc64|nbsd-arm64be) # Disable security key tests for bigendian interop test. CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" ;; @@ -392,5 +398,10 @@ if [ -x "$(which plink 2>/dev/null)" ]; then export REGRESS_INTEROP_PUTTY fi +if [ ! -z "${OVERRIDE_LTESTS}" ]; then + echo >&2 "Overriding LTESTS, was '${LTESTS}', now '${OVERRIDE_LTESTS}'" + LTESTS="${OVERRIDE_LTESTS}" +fi + export CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL diff --git a/.github/install_libcrypto.sh b/.github/install_libcrypto.sh new file mode 100755 index 000000000000..d1aa23450679 --- /dev/null +++ b/.github/install_libcrypto.sh @@ -0,0 +1,75 @@ +#!/bin/sh +# +# Install specified libcrypto. +# -a : install version for ABI compatibility test. +# -n : dry run, don't actually build and install. +# +# Usage: $0 [-a] [-n] openssl-$branch/tag destdir [config options] + +set -e + +bincompat_test="" +dryrun="" +while [ "$1" = "-a" ] || [ "$1" = "-n" ]; do + if [ "$1" = "-a" ]; then + abi_compat_test=y + elif [ "$1" = "-n" ]; then + dryrun="echo dryrun:" + fi + shift +done + +ver="$1" +destdir="$2" +opts="$3" + +if [ -z "${ver}" ] || [ -z "${destdir}" ]; then + echo tag/branch and destdir required + exit 1 +fi + +set -x + +if [ ! -d ${HOME}/openssl ]; then + cd ${HOME} + git clone https://github.com/openssl/openssl.git + cd ${HOME}/openssl + git fetch --all +fi +cd ${HOME}/openssl + +if [ "${abi_compat_test}" = "y" ]; then + echo selecting ABI test release/branch for ${ver} + case "${ver}" in + openssl-3.6) + ver=openssl-3.0.0 + echo "selecting older release ${ver}" + ;; + openssl-3.[012345]) + major=$(echo ${ver} | cut -f1 -d.) + minor=$(echo ${ver} | cut -f2 -d.) + ver="${major}.$((${minor} + 1))" + echo selecting next release branch ${ver} + ;; + openssl-3.*.*) + major=$(echo ${ver} | cut -f1 -d.) + minor=$(echo ${ver} | cut -f2 -d.) + patch=$(echo ${ver} | cut -f3 -d.) + ver="${major}.${minor}.$((${patch} + 1))" + echo checking for release tag ${ver} + if git tag | grep -q "^${ver}\$"; then + echo selected next patch release ${ver} + else + ver="${major}.${minor}" + echo not found, selecting release branch ${ver} + fi + ;; + esac +fi + +git checkout ${ver} +make clean >/dev/null 2>&1 || true +${dryrun} ./config no-threads shared ${opts} --prefix=${destdir} \ + -Wl,-rpath,${destdir}/lib64 +${dryrun} make -j4 +${dryrun} sudo make install_sw diff --git a/.github/install_putty.sh b/.github/install_putty.sh new file mode 100755 index 000000000000..6d6d0ad49f41 --- /dev/null +++ b/.github/install_putty.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +ver="$1" + +echo +echo -------------------------------------- +echo Installing PuTTY version ${ver} +echo -------------------------------------- + +cd /tmp + +case "${ver}" in +snapshot) + tarball=putty.tar.gz + url=https://tartarus.org/~simon/putty-snapshots/${tarball} + ;; +*) + tarball=putty-${ver}.tar.gz + url=https://the.earth.li/~sgtatham/putty/${ver}/${tarball} + ;; +esac + +if [ ! -f ${tarball} ]; then + wget -q ${url} +fi + +mkdir -p /tmp/puttybuild +cd /tmp/puttybuild + +tar xfz /tmp/${tarball} && cd putty-* +if [ -f CMakeLists.txt ]; then + cmake . && cmake --build . -j4 && sudo cmake --build . --target install +else + ./configure && make -j4 && sudo make install +fi +sudo rm -rf /tmp/puttybuild +/usr/local/bin/plink -V diff --git a/.github/run_test.sh b/.github/run_test.sh index 74ab2423c0d8..aac9ce57942e 100755 --- a/.github/run_test.sh +++ b/.github/run_test.sh @@ -21,18 +21,6 @@ if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then done fi -output_failed_logs() { - for i in regress/failed*.log; do - if [ -f "$i" ]; then - echo ------------------------------------------------------------------------- - echo LOGFILE $i - cat $i - echo ------------------------------------------------------------------------- - fi - done -} -trap output_failed_logs 0 - env="" if [ ! -z "${SUDO}" ]; then env="${env} SUDO=${SUDO}" @@ -47,6 +35,17 @@ if [ ! -z "${env}" ]; then env="env${env}" fi +if [ "$1" = "putty-versions" ]; then + for ver in 0.71 0.72 0.73 0.74 0.75 0.76 0.77 0.78 0.79 0.80 \ + 0.81 0.82 0.83 snapshot; do + .github/install_putty.sh "${ver}" + ${env} make ${TEST_TARGET} \ + SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}" + done + + exit 0 +fi + if [ -z "${LTESTS}" ]; then ${env} make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" else diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh index f6c4a5c84fb5..c90969627022 100755 --- a/.github/setup_ci.sh +++ b/.github/setup_ci.sh @@ -1,8 +1,17 @@ #!/bin/sh +config="$1" +target="$2" + PACKAGES="" - . .github/configs $@ +echo Running as: +id + +echo Environment: +set + + . .github/configs ${config} host=`./config.guess` echo "config.guess: $host" @@ -10,9 +19,17 @@ case "$host" in *cygwin) PACKAGER=setup echo Setting CYGWIN system environment variable. - setx CYGWIN "binmode" + setx CYGWIN "winsymlinks:native" echo Removing extended ACLs so umask works as expected. + set -x setfacl -b . regress + icacls regress /c /t /q /Inheritance:d + icacls regress /c /t /q /Grant ${USERNAME}:F + icacls regress /c /t /q /Remove:g "Authenticated Users" \ + BUILTIN\\Administrators BUILTIN Everyone System Users + takeown /F regress + icacls regress + set +x PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" PACKAGES="$PACKAGES,make,openssl,libssl-devel,zlib-devel" ;; @@ -24,7 +41,7 @@ case "$host" in PACKAGER=apt esac -TARGETS=$@ +TARGETS=${config} INSTALL_FIDO_PPA="no" export DEBIAN_FRONTEND=noninteractive @@ -147,7 +164,7 @@ for TARGET in $TARGETS; do PACKAGES="${PACKAGES} cmake ninja-build" ;; putty-*) - INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-) + INSTALL_PUTTY=0.83 PACKAGES="${PACKAGES} cmake" ;; valgrind*) @@ -184,7 +201,8 @@ while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do fi ;; setup) - if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then + setup="/cygdrive/$(echo "${CYGWIN_SETUP}" | tr -d : | tr '\' '/')" + if "${setup}" -q -P `echo "$PACKAGES" | tr ' ' ,`; then PACKAGES="" fi ;; @@ -207,13 +225,8 @@ if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then fi if [ ! -z "${INSTALL_OPENSSL}" ]; then - (cd ${HOME} && - git clone https://github.com/openssl/openssl.git && - cd ${HOME}/openssl && - git checkout ${INSTALL_OPENSSL} && - ./config no-threads shared ${SSLCONFOPTS} \ - --prefix=/opt/openssl && - make && sudo make install_sw) + .github/install_libcrypto.sh \ + "${INSTALL_OPENSSL}" /opt/openssl "${SSLCONFOPTS}" fi if [ ! -z "${INSTALL_LIBRESSL}" ]; then @@ -240,7 +253,7 @@ if [ ! -z "${INSTALL_BORINGSSL}" ]; then cd ${HOME}/boringssl && mkdir build && cd build && cmake -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja && mkdir -p /opt/boringssl/lib && - cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib && + cp ${HOME}/boringssl/build/libcrypto.a /opt/boringssl/lib && cp -r ${HOME}/boringssl/include /opt/boringssl) fi @@ -260,23 +273,23 @@ if [ ! -z "${INSTALL_ZLIB}" ]; then fi if [ ! -z "${INSTALL_PUTTY}" ]; then - ver="${INSTALL_PUTTY}" - case "${INSTALL_PUTTY}" in - snapshot) - tarball=putty.tar.gz - (cd /tmp && wget https://tartarus.org/~simon/putty-snapshots/${tarball}) - ;; - *) - tarball=putty-${ver}.tar.gz - (cd /tmp && wget https://the.earth.li/~sgtatham/putty/${ver}/${tarball}) + .github/install_putty.sh "${INSTALL_PUTTY}" +fi + +# If we're running on an ephemeral VM, set a random password and set +# up to run the password auth test. +if [ ! -z "${EPHEMERAL_VM}" ]; then + + # This is the github "target" as specified in the yml file. + # In particular, ubuntu-latest sets the password field to the locked + # value, so unless we reset it here most of the tests will fail. + case "${target}" in + ubuntu-*) + echo ${target} target: setting random password. + openssl rand -base64 9 >regress/password + pw=$(tr -d '\n' <regress/password | openssl passwd -6 -stdin) + sudo usermod --password "${pw}" runner + sudo usermod --unlock runner ;; esac - (cd ${HOME} && tar xfz /tmp/${tarball} && cd putty-* - if [ -f CMakeLists.txt ]; then - cmake . && cmake --build . && sudo cmake --build . --target install - else - ./configure && make && sudo make install - fi - ) - /usr/local/bin/plink -V fi diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index 424c193fb207..f64803b55ef6 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -1,10 +1,20 @@ -name: C/C++ CI +name: CI + +# For testing, you can set variables in your repo (Repo -> Settings -> +# Security -> Actions -> Variables) to restrict the tests that are run. +# The supported variables are: +# +# RUN_ONLY_TARGET_CONFIG: Run only the single matching target and config, +# separated by spaces, eg "ubuntu-latest default". All other tests will +# fail immediately. +# +# LTESTS: Override the set of tests run. on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yml' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/*.sh', '.github/workflows/c-cpp.yml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yml' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/*.sh', '.github/workflows/c-cpp.yml' ] jobs: ci: @@ -22,14 +32,14 @@ jobs: - macos-13 - macos-14 - macos-15 - - windows-2019 - windows-2022 + - windows-2025 config: [default] # Then we include any extra configs we want to test for specific VMs. # Valgrind slows things down quite a bit, so start them first. include: - - { target: windows-2019, config: cygwin-release } - { target: windows-2022, config: cygwin-release } + - { target: windows-2025, config: cygwin-release } - { target: ubuntu-22.04, config: c89 } - { target: ubuntu-22.04, config: clang-11 } - { target: ubuntu-22.04, config: clang-12-Werror } @@ -61,46 +71,41 @@ jobs: - { target: ubuntu-latest, config: boringssl } - { target: ubuntu-latest, config: aws-lc } - { target: ubuntu-latest, config: libressl-master } - - { target: ubuntu-latest, config: libressl-3.2.6 } + - { target: ubuntu-latest, config: libressl-3.2.7 } - { target: ubuntu-latest, config: libressl-3.3.6 } - { target: ubuntu-latest, config: libressl-3.4.3 } - - { target: ubuntu-latest, config: libressl-3.5.3 } - - { target: ubuntu-latest, config: libressl-3.6.1 } - - { target: ubuntu-latest, config: libressl-3.7.2 } + - { target: ubuntu-latest, config: libressl-3.5.4 } + - { target: ubuntu-latest, config: libressl-3.6.3 } + - { target: ubuntu-latest, config: libressl-3.7.3 } - { target: ubuntu-latest, config: libressl-3.8.4 } - { target: ubuntu-latest, config: libressl-3.9.2 } - { target: ubuntu-latest, config: libressl-4.0.0 } + - { target: ubuntu-latest, config: libressl-4.1.0 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } - { target: ubuntu-latest, config: openssl-1.1.1t } - { target: ubuntu-latest, config: openssl-1.1.1w } - { target: ubuntu-latest, config: openssl-3.0.0 } - - { target: ubuntu-latest, config: openssl-3.0.15 } + - { target: ubuntu-latest, config: openssl-3.0.18 } - { target: ubuntu-latest, config: openssl-3.1.0 } - - { target: ubuntu-latest, config: openssl-3.1.7 } - - { target: ubuntu-latest, config: openssl-3.2.3 } - - { target: ubuntu-latest, config: openssl-3.3.2 } + - { target: ubuntu-latest, config: openssl-3.1.8 } + - { target: ubuntu-latest, config: openssl-3.2.6 } + - { target: ubuntu-latest, config: openssl-3.3.5 } - { target: ubuntu-latest, config: openssl-3.4.0 } + - { target: ubuntu-latest, config: openssl-3.4.3 } + - { target: ubuntu-latest, config: openssl-3.5.0 } + - { target: ubuntu-latest, config: openssl-3.5.3 } # keep + - { target: ubuntu-latest, config: openssl-3.5.4 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch - { target: ubuntu-latest, config: openssl-3.1 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch - { target: ubuntu-latest, config: openssl-3.3 } # stable branch - - { target: ubuntu-latest, config: putty-0.71 } - - { target: ubuntu-latest, config: putty-0.72 } - - { target: ubuntu-latest, config: putty-0.73 } - - { target: ubuntu-latest, config: putty-0.74 } - - { target: ubuntu-latest, config: putty-0.75 } - - { target: ubuntu-latest, config: putty-0.76 } - - { target: ubuntu-latest, config: putty-0.77 } - - { target: ubuntu-latest, config: putty-0.78 } - - { target: ubuntu-latest, config: putty-0.79 } - - { target: ubuntu-latest, config: putty-0.80 } - - { target: ubuntu-latest, config: putty-0.81 } - - { target: ubuntu-latest, config: putty-0.82 } - - { target: ubuntu-latest, config: putty-0.83 } - - { target: ubuntu-latest, config: putty-snapshot } + - { target: ubuntu-latest, config: openssl-3.4 } # stable branch + - { target: ubuntu-latest, config: openssl-3.5 } # stable branch + - { target: ubuntu-latest, config: openssl-3.6 } # stable branch + - { target: ubuntu-latest, config: putty-versions } - { target: ubuntu-latest, config: zlib-develop } - { target: ubuntu-latest, config: tcmalloc } - { target: ubuntu-latest, config: musl } @@ -110,16 +115,26 @@ jobs: - { target: macos-14, config: pam } - { target: macos-15, config: pam } runs-on: ${{ matrix.target }} + env: + EPHEMERAL_VM: yes steps: + - name: check RUN_ONLY_TARGET_CONFIG + if: vars.RUN_ONLY_TARGET_CONFIG != '' + run: sh -c 'if [ "${{ vars.RUN_ONLY_TARGET_CONFIG }}" != "${{ matrix.target }} ${{matrix.config }}" ]; then exit 1; else exit 0; fi' - name: set cygwin git params if: ${{ startsWith(matrix.target, 'windows') }} run: git config --global core.autocrlf input - name: install cygwin + id: cygwin_install if: ${{ startsWith(matrix.target, 'windows') }} uses: cygwin/cygwin-install-action@master + env: + CYGWIN: "winsymlinks:native" - uses: actions/checkout@main - name: setup CI system - run: sh ./.github/setup_ci.sh ${{ matrix.config }} + run: sh ./.github/setup_ci.sh ${{ matrix.config }} ${{ matrix.target }} + env: + CYGWIN_SETUP: ${{ steps.cygwin_install.outputs.setup }} - name: autoreconf run: sh -c autoreconf - name: configure @@ -138,6 +153,18 @@ jobs: env: TEST_SSH_UNSAFE_PERMISSIONS: 1 TEST_SSH_HOSTBASED_AUTH: yes + LTESTS: ${{ vars.LTESTS }} + - name: test OpenSSL3 ABI compatibility + if: ${{ startsWith(matrix.config, 'openssl-3') }} + run: | + sh .github/install_libcrypto.sh -a ${{ matrix.config }} /opt/openssl + sh .github/run_test.sh ${{ matrix.config }} + - name: show logs + if: failure() + run: for i in regress/failed*.log; do echo ====; echo logfile $i; echo =====; cat $i; done + - name: chown logs + if: failure() + run: test -x "$(which sudo 2>&1)" && sudo chown -R "${LOGNAME}" regress - name: save logs if: failure() uses: actions/upload-artifact@main @@ -146,8 +173,4 @@ jobs: path: | config.h config.log - regress/*.log - regress/valgrind-out/ - regress/asan.log.* - regress/msan.log.* - regress/log/* + regress/ diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml index d892a28c3eb6..a46d8a451aa7 100644 --- a/.github/workflows/selfhosted.yml +++ b/.github/workflows/selfhosted.yml @@ -1,8 +1,8 @@ -name: C/C++ CI self-hosted +name: CI self-hosted on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/selfhosted.yml' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/run_tests.sh', '.github/workflows/selfhosted.yml' ] jobs: selfhosted: @@ -11,7 +11,6 @@ jobs: runs-on: ${{ matrix.host }} timeout-minutes: 600 env: - DEBUG_ACTIONS: false HOST: ${{ matrix.host }} TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} @@ -21,7 +20,7 @@ jobs: REMOTE: ${{ startsWith(matrix.host, 'remote') }} VM: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') }} SSHFS: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') || startsWith(matrix.host, 'remote') }} - BIGENDIAN: ${{ matrix.target == 'aix51' || matrix.target == 'fbsd14-ppc64' || matrix.target == 'openwrt-mips' }} + BIGENDIAN: ${{ matrix.target == 'aix51' || matrix.target == 'nbsd-arm64be' || matrix.target == 'openwrt-mips' }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the @@ -49,8 +48,9 @@ jobs: - obsd51 - obsd67 - obsd72 - - obsd73 - obsd74 + - obsd76 + - obsd77 - obsdsnap - obsdsnap-i386 - omnios @@ -63,7 +63,6 @@ jobs: include: # Long-running/slow tests have access to high priority runners. - { target: aix51, config: default, host: libvirt-hipri } - - { target: fbsd14-ppc64, config: default, host: libvirt-hipri } - { target: openindiana, config: pam, host: libvirt-hipri } - { target: sol10, config: default, host: libvirt-hipri } - { target: sol10, config: pam, host: libvirt-hipri } @@ -100,6 +99,7 @@ jobs: - { target: debian-riscv64, config: default, host: remote-debian-riscv64 } - { target: openwrt-mips, config: default, host: remote-openwrt-mips } - { target: openwrt-mipsel, config: default, host: remote-openwrt-mipsel } + - { target: nbsd-arm64be, config: default, host: remote-nbsd-arm64be } steps: - name: shutdown VM if running if: env.VM == 'true' @@ -129,6 +129,9 @@ jobs: - name: make tests run: vmrun ./.github/run_test.sh ${{ matrix.config }} timeout-minutes: 600 + - name: show logs + if: failure() + run: vmrun 'for i in regress/failed*.log; do echo ====; echo logfile $i; echo =====; cat $i; done' - name: save logs if: failure() uses: actions/upload-artifact@main diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml index 615a7763fb9b..6cb08fd41032 100644 --- a/.github/workflows/upstream.yml +++ b/.github/workflows/upstream.yml @@ -1,4 +1,4 @@ -name: Upstream self-hosted +name: OpenBSD on: push: @@ -11,7 +11,6 @@ jobs: if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: ${{ matrix.host }} env: - DEBUG_ACTIONS: true EPHEMERAL: true HOST: ${{ matrix.host }} TARGET_HOST: ${{ matrix.target }} @@ -23,11 +22,11 @@ jobs: host: - libvirt target: [ obsdsnap, obsdsnap-i386 ] - config: [ default, without-openssl, ubsan ] + config: [ default, without-openssl ] # TODO: restore 'ubsan' once fixed include: - { host: libvirt-arm64, target: obsdsnap-arm64, config: default } - { host: libvirt-arm64, target: obsdsnap-arm64, config: without-openssl } - - { host: libvirt-arm64, target: obsdsnap-arm64, config: ubsan } + # - { host: libvirt-arm64, target: obsdsnap-arm64, config: ubsan } steps: - name: unmount stale workspace run: fusermount -u ${GITHUB_WORKSPACE} || true @@ -43,7 +42,9 @@ jobs: run: sshfs_mount working-directory: ${{ runner.temp }} - name: update source - run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" + run: vmrun "cd /usr/src && cvs -q up -dPA usr.bin/ssh regress/usr.bin/ssh usr.bin/nc" + - name: update netcat + run: vmrun "cd /usr/src/usr.bin/nc && make clean all && sudo make install" - name: make clean run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean && sudo chmod -R g-w /usr/src /usr/obj" - name: make diff --git a/.github/workflows/vm.yml b/.github/workflows/vm.yml new file mode 100644 index 000000000000..9dcf5fcca764 --- /dev/null +++ b/.github/workflows/vm.yml @@ -0,0 +1,371 @@ +# For testing, you can set variables in your repo (Repo -> Settings -> +# Security -> Actions -> Variables) to restrict the tests that are run +# The supported variables are: +# +# RUN_ONLY_TARGET_CONFIG: Run only the single matching target and config, +# separated by spaces, eg "ubuntu-latest default". All other tests will +# fail immediately. +# +# LTESTS: Override the set of tests run. + +name: CI VM +on: + push: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/vm.yml' ] + pull_request: + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/vm.yml' ] + +jobs: + dragonflybsd: + name: "dragonflybsd-${{ matrix.target }}" + if: github.repository != 'openssh/openssh-portable-selfhosted' + strategy: + fail-fast: false + matrix: + # First we test all OSes in the default configuration. + target: + - "6.4.2" + config: [default] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - name: autoreconf + run: sh -c autoreconf + + - name: start DragonFlyBSD ${{ matrix.target }} VM + uses: vmactions/dragonflybsd-vm@v1 + with: + release: ${{ matrix.target }} + usesh: true + prepare: | + pkg install -y sudo + pw useradd builder -m + echo "builder ALL=(ALL:ALL) NOPASSWD: ALL" >>/usr/local/etc/sudoers + mkdir -p /var/empty /usr/local/etc + cp $GITHUB_WORKSPACE/moduli /usr/local/etc/moduli + + - name: set file perms + shell: dragonflybsd {0} + run: cd $GITHUB_WORKSPACE && chown -R builder . + - name: configure + shell: dragonflybsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure --with-ssl-dir=/usr/local + - name: make clean + shell: dragonflybsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: make + shell: dragonflybsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make -j4 + - name: make tests + shell: dragonflybsd {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder env SUDO=sudo make tests + + - name: "PAM: configure" + shell: dragonflybsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure --with-ssl-dir=/usr/local --with-pam + - name: "PAM: make clean" + shell: dragonflybsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: "PAM: make" + shell: dragonflybsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make -j4 + - name: "PAM: make tests" + shell: dragonflybsd {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder env SUDO=sudo SSHD_CONFOPTS="UsePam yes" make tests + + freebsd: + name: "freebsd-${{ matrix.target }}" + if: github.repository != 'openssh/openssh-portable-selfhosted' + strategy: + fail-fast: false + matrix: + # First we test all OSes in the default configuration. + target: + - "13.5" + - "14.3" + # - "15.0" # "pkg" breaks with a libutil.so error... + config: [default] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - name: autoreconf + run: sh -c autoreconf + + - name: start FreeBSD ${{ matrix.target }} VM + uses: vmactions/freebsd-vm@v1 + with: + release: ${{ matrix.target }} + usesh: true + prepare: | + pkg install -y sudo + pw useradd builder -m + echo "builder ALL=(ALL:ALL) NOPASSWD: ALL" >>/usr/local/etc/sudoers + mkdir -p /var/empty /usr/local/etc + cp $GITHUB_WORKSPACE/moduli /usr/local/etc/moduli + + - name: set file perms + shell: freebsd {0} + run: cd $GITHUB_WORKSPACE && chown -R builder . + - name: configure + shell: freebsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure + - name: make clean + shell: freebsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: make + shell: freebsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make -j4 + - name: make tests + shell: freebsd {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder env SUDO=sudo make tests + + - name: "PAM: configure" + shell: freebsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure --with-pam + - name: "PAM: make clean" + shell: freebsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: "PAM: make" + shell: freebsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make -j4 + - name: "PAM: make tests" + shell: freebsd {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder env SUDO=sudo SSHD_CONFOPTS="UsePam yes" make tests + + + netbsd: + name: "netbsd-${{ matrix.target }}" + if: github.repository != 'openssh/openssh-portable-selfhosted' + strategy: + fail-fast: false + matrix: + # First we test all OSes in the default configuration. + target: + - "9.0" + - "9.4" + - "10.0" + - "10.1" + config: [default] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - name: autoreconf + run: sh -c autoreconf + + - name: start NetBSD ${{ matrix.target }} VM + uses: vmactions/netbsd-vm@v1 + with: + release: ${{ matrix.target }} + usesh: true + prepare: | + /usr/sbin/pkg_add sudo + /usr/sbin/useradd -m builder + echo "builder ALL=(ALL:ALL) NOPASSWD: ALL" >>/usr/pkg/etc/sudoers + mkdir -p /var/empty /usr/local/etc + cp $GITHUB_WORKSPACE/moduli /usr/local/etc/moduli + + - name: set file perms + shell: netbsd {0} + run: cd $GITHUB_WORKSPACE && /sbin/chown -R builder . + - name: configure + shell: netbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure + - name: make clean + shell: netbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: make + shell: netbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make -j4 + - name: make tests + shell: netbsd {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder env SUDO=sudo make tests + + - name: "PAM: configure" + shell: netbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure --with-pam + - name: "PAM: make clean" + shell: netbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: "PAM: make" + shell: netbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make -j4 + - name: "PAM: make tests" + shell: netbsd {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder env SUDO=sudo SSHD_CONFOPTS="UsePam yes" make tests + + + ominios: + name: "omnios-${{ matrix.target }}" + if: github.repository != 'openssh/openssh-portable-selfhosted' + strategy: + fail-fast: false + matrix: + # First we test all OSes in the default configuration. + target: + - "r151054" + config: [default] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - name: autoreconf + run: sh -c autoreconf + + - name: start OmniOS ${{ matrix.target }} VM + uses: vmactions/omnios-vm@v1 + with: + release: ${{ matrix.target }} + usesh: true + prepare: | + set -x + pfexec pkg refresh + pfexec pkg install build-essential + useradd -m builder + sed -e "s/^root.*ALL$/root ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers >>/tmp/sudoers + mv /tmp/sudoers /etc/sudoers + echo "builder ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers + mkdir -p /var/empty /usr/local/etc + cp $GITHUB_WORKSPACE/moduli /usr/local/etc/moduli + + - name: set file perms + shell: omnios {0} + run: cd $GITHUB_WORKSPACE && chown -R builder . + - name: configure + shell: omnios {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure + - name: make clean + shell: omnios {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: make + shell: omnios {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make + - name: make tests + shell: omnios {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder make tests + + + openbsd: + name: "openbsd-${{ matrix.target }}" + if: github.repository != 'openssh/openssh-portable-selfhosted' + strategy: + fail-fast: false + matrix: + # First we test all OSes in the default configuration. + target: + - "7.3" + - "7.5" + - "7.6" + - "7.7" + config: [default] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - name: autoreconf + run: sh -c autoreconf + + - name: start OpenBSD ${{ matrix.target }} VM + uses: vmactions/openbsd-vm@v1 + with: + release: ${{ matrix.target }} + usesh: true + prepare: | + env PKG_PATH=https://ftp.openbsd.org/pub/OpenBSD/${{matrix.target}}/packages/amd64 pkg_add sudo-- + useradd -m builder + echo "builder ALL=(ALL:ALL) NOPASSWD: ALL" >>/etc/sudoers + mkdir -p /var/empty /usr/local/etc + cp $GITHUB_WORKSPACE/moduli /usr/local/etc/moduli + + - name: set file perms + shell: openbsd {0} + run: cd $GITHUB_WORKSPACE && chown -R builder . + - name: configure + shell: openbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure + - name: make clean + shell: openbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: make + shell: openbsd {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make -j4 + - name: make tests + shell: openbsd {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder env SUDO=sudo make tests + + + solaris: + name: "solaris-${{ matrix.target }}" + if: github.repository != 'openssh/openssh-portable-selfhosted' + strategy: + fail-fast: false + matrix: + # First we test all OSes in the default configuration. + target: + - "11.4-gcc" + config: [default] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@main + - name: autoreconf + run: sh -c autoreconf + + - name: start Solaris ${{ matrix.target }} VM + uses: vmactions/solaris-vm@v1 + with: + release: ${{ matrix.target }} + usesh: true + prepare: | + set -x + useradd -m builder + sed -e "s/^root.*ALL$/root ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers >>/tmp/sudoers + mv /tmp/sudoers /etc/sudoers + echo "builder ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers + mkdir -p /var/empty /usr/local/etc + cp $GITHUB_WORKSPACE/moduli /usr/local/etc/moduli + + - name: set file perms + shell: solaris {0} + run: cd $GITHUB_WORKSPACE && chown -R builder . + - name: configure + shell: solaris {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure + - name: make clean + shell: solaris {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: make + shell: solaris {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make + - name: make tests + shell: solaris {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder make tests + + - name: "PAM: configure" + shell: solaris {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder ./configure --with-pam + - name: "PAM: make clean" + shell: solaris {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make clean + - name: "PAM: make" + shell: solaris {0} + run: cd $GITHUB_WORKSPACE && sudo -u builder make + - name: "PAM: make tests" + shell: solaris {0} + run: | + cd $GITHUB_WORKSPACE + sudo -u builder make tests |