1#!/bin/sh 2 3PACKAGES="" 4 5 . .github/configs $@ 6 7host=`./config.guess` 8echo "config.guess: $host" 9case "$host" in 10*cygwin) 11 PACKAGER=setup 12 echo Setting CYGWIN system environment variable. 13 setx CYGWIN "binmode" 14 echo Removing extended ACLs so umask works as expected. 15 setfacl -b . regress 16 PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" 17 PACKAGES="$PACKAGES,make,openssl,libssl-devel,zlib-devel" 18 ;; 19*-darwin*) 20 PACKAGER=brew 21 PACKAGES="automake" 22 ;; 23*) 24 PACKAGER=apt 25esac 26 27TARGETS=$@ 28 29INSTALL_FIDO_PPA="no" 30export DEBIAN_FRONTEND=noninteractive 31 32set -e 33 34if [ -x "`which lsb_release 2>&1`" ]; then 35 lsb_release -a 36fi 37 38if [ ! -z "$SUDO" ]; then 39 # Ubuntu 22.04 defaults to private home dirs which prevent the 40 # agent-getpeerid test from running ssh-add as nobody. See 41 # https://github.com/actions/runner-images/issues/6106 42 if ! "$SUDO" -u nobody test -x ~; then 43 echo ~ is not executable by nobody, adding perms. 44 chmod go+x ~ 45 fi 46 # Some of the Mac OS X runners don't have a nopasswd sudo rule. Regular 47 # sudo still works, but sudo -u doesn't. Restore the sudo rule. 48 if ! "$SUDO" grep -E 'runner.*NOPASSWD' /etc/passwd >/dev/null; then 49 echo "Restoring runner nopasswd rule to sudoers." 50 echo 'runner ALL=(ALL) NOPASSWD: ALL' |$SUDO tee -a /etc/sudoers 51 fi 52 if ! "$SUDO" -u nobody -S test -x ~ </dev/null; then 53 echo "Still can't sudo to nobody." 54 exit 1 55 fi 56fi 57 58if [ "${TARGETS}" = "kitchensink" ]; then 59 TARGETS="krb5 libedit pam sk selinux" 60fi 61 62for flag in $CONFIGFLAGS; do 63 case "$flag" in 64 --with-pam) TARGETS="${TARGETS} pam" ;; 65 --with-libedit) TARGETS="${TARGETS} libedit" ;; 66 esac 67done 68 69echo "Setting up for '$TARGETS'" 70for TARGET in $TARGETS; do 71 case $TARGET in 72 default|without-openssl|without-zlib|c89) 73 # nothing to do 74 ;; 75 clang-sanitize*) 76 PACKAGES="$PACKAGES clang-12" 77 ;; 78 cygwin-release) 79 PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel" 80 ;; 81 gcc-sanitize*) 82 ;; 83 clang-*|gcc-*) 84 compiler=$(echo $TARGET | sed 's/-Werror//') 85 PACKAGES="$PACKAGES $compiler" 86 ;; 87 krb5) 88 PACKAGES="$PACKAGES libkrb5-dev" 89 ;; 90 heimdal) 91 PACKAGES="$PACKAGES heimdal-dev" 92 ;; 93 libedit) 94 case "$PACKAGER" in 95 setup) PACKAGES="$PACKAGES libedit-devel" ;; 96 apt) PACKAGES="$PACKAGES libedit-dev" ;; 97 esac 98 ;; 99 *pam) 100 case "$PACKAGER" in 101 apt) PACKAGES="$PACKAGES libpam0g-dev" ;; 102 esac 103 ;; 104 sk) 105 INSTALL_FIDO_PPA="yes" 106 PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev" 107 ;; 108 selinux) 109 PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev" 110 ;; 111 hardenedmalloc) 112 INSTALL_HARDENED_MALLOC=yes 113 ;; 114 musl) 115 PACKAGES="$PACKAGES musl-tools" 116 ;; 117 tcmalloc) 118 PACKAGES="$PACKAGES libgoogle-perftools-dev" 119 ;; 120 openssl-noec) 121 INSTALL_OPENSSL=OpenSSL_1_1_1k 122 SSLCONFOPTS="no-ec" 123 ;; 124 openssl-*) 125 INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-) 126 case ${INSTALL_OPENSSL} in 127 1.1.1_stable) INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;; 128 1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;; 129 3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;; 130 esac 131 PACKAGES="${PACKAGES} putty-tools dropbear-bin" 132 ;; 133 libressl-*) 134 INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-) 135 case ${INSTALL_LIBRESSL} in 136 master) ;; 137 *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;; 138 esac 139 PACKAGES="${PACKAGES} putty-tools dropbear-bin" 140 ;; 141 boringssl) 142 INSTALL_BORINGSSL=1 143 PACKAGES="${PACKAGES} cmake ninja-build" 144 ;; 145 aws-lc) 146 INSTALL_AWSLC=1 147 PACKAGES="${PACKAGES} cmake ninja-build" 148 ;; 149 putty-*) 150 INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-) 151 PACKAGES="${PACKAGES} cmake" 152 ;; 153 valgrind*) 154 PACKAGES="$PACKAGES valgrind" 155 ;; 156 zlib-*) 157 ;; 158 *) echo "Invalid option '${TARGET}'" 159 exit 1 160 ;; 161 esac 162done 163 164if [ "yes" = "$INSTALL_FIDO_PPA" ]; then 165 sudo apt update -qq 166 sudo apt install -qy software-properties-common 167 sudo apt-add-repository -y ppa:yubico/stable 168fi 169 170tries=3 171while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do 172 case "$PACKAGER" in 173 apt) 174 sudo apt update -qq 175 if sudo apt install -qy $PACKAGES; then 176 PACKAGES="" 177 fi 178 ;; 179 brew) 180 if [ ! -z "PACKAGES" ]; then 181 if brew install $PACKAGES; then 182 PACKAGES="" 183 fi 184 fi 185 ;; 186 setup) 187 if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then 188 PACKAGES="" 189 fi 190 ;; 191 esac 192 if [ ! -z "$PACKAGES" ]; then 193 sleep 90 194 fi 195 tries=$(($tries - 1)) 196done 197if [ ! -z "$PACKAGES" ]; then 198 echo "Package installation failed." 199 exit 1 200fi 201 202if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then 203 (cd ${HOME} && 204 git clone https://github.com/GrapheneOS/hardened_malloc.git && 205 cd ${HOME}/hardened_malloc && 206 make && sudo cp out/libhardened_malloc.so /usr/lib/) 207fi 208 209if [ ! -z "${INSTALL_OPENSSL}" ]; then 210 (cd ${HOME} && 211 git clone https://github.com/openssl/openssl.git && 212 cd ${HOME}/openssl && 213 git checkout ${INSTALL_OPENSSL} && 214 ./config no-threads shared ${SSLCONFOPTS} \ 215 --prefix=/opt/openssl && 216 make && sudo make install_sw) 217fi 218 219if [ ! -z "${INSTALL_LIBRESSL}" ]; then 220 if [ "${INSTALL_LIBRESSL}" = "master" ]; then 221 (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl && 222 git clone https://github.com/libressl-portable/portable.git && 223 cd ${HOME}/libressl/portable && 224 git checkout ${INSTALL_LIBRESSL} && 225 sh update.sh && sh autogen.sh && 226 ./configure --prefix=/opt/libressl && 227 make && sudo make install) 228 else 229 LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL 230 (cd ${HOME} && 231 wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz && 232 tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz && 233 cd libressl-${INSTALL_LIBRESSL} && 234 ./configure --prefix=/opt/libressl && make && sudo make install) 235 fi 236fi 237 238if [ ! -z "${INSTALL_BORINGSSL}" ]; then 239 (cd ${HOME} && git clone https://boringssl.googlesource.com/boringssl && 240 cd ${HOME}/boringssl && mkdir build && cd build && 241 cmake -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja && 242 mkdir -p /opt/boringssl/lib && 243 cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib && 244 cp -r ${HOME}/boringssl/include /opt/boringssl) 245fi 246 247if [ ! -z "${INSTALL_AWSLC}" ]; then 248 (cd ${HOME} && git clone --depth 1 --branch v1.46.1 https://github.com/aws/aws-lc.git && 249 cd ${HOME}/aws-lc && mkdir build && cd build && 250 cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=OFF .. && ninja && 251 mkdir -p /opt/aws-lc/lib && 252 cp ${HOME}/aws-lc/build/crypto/libcrypto.a /opt/aws-lc/lib && 253 cp -r ${HOME}/aws-lc/include /opt/aws-lc) 254fi 255 256if [ ! -z "${INSTALL_ZLIB}" ]; then 257 (cd ${HOME} && git clone https://github.com/madler/zlib.git && 258 cd ${HOME}/zlib && ./configure && make && 259 sudo make install prefix=/opt/zlib) 260fi 261 262if [ ! -z "${INSTALL_PUTTY}" ]; then 263 ver="${INSTALL_PUTTY}" 264 case "${INSTALL_PUTTY}" in 265 snapshot) 266 tarball=putty.tar.gz 267 (cd /tmp && wget https://tartarus.org/~simon/putty-snapshots/${tarball}) 268 ;; 269 *) 270 tarball=putty-${ver}.tar.gz 271 (cd /tmp && wget https://the.earth.li/~sgtatham/putty/${ver}/${tarball}) 272 ;; 273 esac 274 (cd ${HOME} && tar xfz /tmp/${tarball} && cd putty-* 275 if [ -f CMakeLists.txt ]; then 276 cmake . && cmake --build . && sudo cmake --build . --target install 277 else 278 ./configure && make && sudo make install 279 fi 280 ) 281 /usr/local/bin/plink -V 282fi 283