xref: /freebsd/crypto/openssh/.github/configs (revision 1323ec571215a77ddd21294f0871979d5ad6b992)
1#!/bin/sh
2#
3# usage: configs vmname test_config (or '' for default)
4#
5# Sets the following variables:
6# CONFIGFLAGS           options to ./configure
7# SSHD_CONFOPTS         sshd_config options
8# TEST_TARGET           make target used when testing.  defaults to "tests".
9# LTESTS
10
11config=$1
12
13TEST_TARGET="tests"
14LTESTS=""
15SKIP_LTESTS=""
16SUDO=sudo	# run with sudo by default
17TEST_SSH_UNSAFE_PERMISSIONS=1
18# Stop on first test failure to minimize logs
19TEST_SSH_FAIL_FATAL=yes
20
21CONFIGFLAGS=""
22LIBCRYPTOFLAGS=""
23
24case "$config" in
25    default|sol64)
26	;;
27    c89)
28	CC="gcc"
29	CFLAGS="-Wall -std=c89 -pedantic -Werror=vla"
30	CONFIGFLAGS="--without-zlib"
31	LIBCRYPTOFLAGS="--without-openssl"
32	TEST_TARGET=t-exec
33	;;
34    cygwin-release)
35	CONFIGFLAGS="--with-libedit --with-xauth=/usr/bin/xauth --disable-strip --with-security-key-builtin"
36	;;
37   clang-12-Werror)
38	CC="clang-12"
39	# clang's implicit-fallthrough requires that the code be annotated with
40	# __attribute__((fallthrough)) and does not understand /* FALLTHROUGH */
41	CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough"
42	CONFIGFLAGS="--with-pam --with-Werror"
43	;;
44    gcc-11-Werror)
45	CC="gcc"
46	# -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled
47	CFLAGS="-Wall -Wextra -Wno-format-truncation -O2 -Wimplicit-fallthrough=4"
48	CONFIGFLAGS="--with-pam --with-Werror"
49	;;
50    clang*|gcc*)
51	CC="$config"
52	;;
53    kitchensink)
54	CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
55	CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
56	CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
57	;;
58    hardenedmalloc)
59	CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
60	;;
61    tcmalloc)
62	CONFIGFLAGS="--with-ldflags=-ltcmalloc"
63	;;
64    krb5|heimdal)
65	CONFIGFLAGS="--with-kerberos5"
66	;;
67    libedit)
68	CONFIGFLAGS="--with-libedit"
69	;;
70    musl)
71	CC="musl-gcc"
72	CONFIGFLAGS="--without-zlib"
73	LIBCRYPTOFLAGS="--without-openssl"
74	TEST_TARGET="t-exec"
75	;;
76    pam-krb5)
77	CONFIGFLAGS="--with-pam --with-kerberos5"
78	SSHD_CONFOPTS="UsePam yes"
79	;;
80    *pam)
81	CONFIGFLAGS="--with-pam"
82	SSHD_CONFOPTS="UsePam yes"
83	;;
84    libressl-*)
85	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
86	;;
87    openssl-*)
88	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
89	;;
90    selinux)
91	CONFIGFLAGS="--with-selinux"
92	;;
93    sk)
94	CONFIGFLAGS="--with-security-key-builtin"
95        ;;
96    without-openssl)
97	LIBCRYPTOFLAGS="--without-openssl"
98	TEST_TARGET=t-exec
99	;;
100    valgrind-[1-4]|valgrind-unit)
101	# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
102	CONFIGFLAGS="--without-sandbox --without-hardening"
103	CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
104	TEST_TARGET="t-exec USE_VALGRIND=1"
105	TEST_SSH_ELAPSED_TIMES=1
106	export TEST_SSH_ELAPSED_TIMES
107	# Valgrind slows things down enough that the agent timeout test
108	# won't reliably pass, and the unit tests run longer than allowed
109	# by github so split into three separate tests.
110	tests2="rekey integrity try-ciphers sftp"
111	tests3="krl forward-control sshsig agent-restrict kextype"
112	tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent"
113	case "$config" in
114	    valgrind-1)
115		# All tests except agent-timeout (which is flaky under valgrind)
116		#) and slow ones that run separately to increase parallelism.
117		SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}"
118		;;
119	    valgrind-2)
120		LTESTS="${tests2}"
121		;;
122	    valgrind-3)
123		LTESTS="${tests3}"
124		;;
125	    valgrind-4)
126		LTESTS="${tests4}"
127		;;
128	    valgrind-unit)
129		TEST_TARGET="unit USE_VALGRIND=1"
130		;;
131	esac
132	;;
133    *)
134	echo "Unknown configuration $config"
135	exit 1
136	;;
137esac
138
139# The Solaris 64bit targets are special since they need a non-flag arg.
140case "$config" in
141    sol64*)
142	CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
143	LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
144	;;
145esac
146
147case "${TARGET_HOST}" in
148    dfly58*|dfly60*)
149	# scp 3-way connection hangs on these so skip until sorted.
150	SKIP_LTESTS=scp3
151	;;
152    hurd)
153	SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
154	;;
155    minix3)
156	LIBCRYPTOFLAGS="--without-openssl --disable-security-key"
157	# Minix does not have a loopback interface so we have to skip any
158	# test that relies on one.
159	# Also, Minix seems to be very limited in the number of select()
160	# calls that can be operating concurrently, so prune additional tests for that.
161	T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse connect
162	    connect-uri exit-status forward-control forwarding hostkey-agent
163	    key-options keyscan knownhosts-command login-timeout multiplex
164	    reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds
165	    sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data
166	    transfer"
167	SKIP_LTESTS="$(echo $T)"
168	TEST_TARGET=t-exec
169	SUDO=""
170	;;
171    nbsd4)
172	# System compiler will ICE on some files with fstack-protector
173	# SHA256 functions in sha2.h conflict with OpenSSL's breaking sk-dummy
174	CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key"
175	;;
176    sol10|sol11)
177	# sol10 VM is 32bit and the unit tests are slow.
178	# sol11 has 4 test configs so skip unit tests to speed up.
179	TEST_TARGET="tests SKIP_UNIT=1"
180	;;
181    win10)
182	# No sudo on Windows.
183	SUDO=""
184	;;
185esac
186
187# Unless specified otherwise, build without OpenSSL on Mac OS since
188# modern versions don't ship with libcrypto.
189case "`./config.guess`" in
190*-darwin*)
191	LIBCRYPTOFLAGS="--without-openssl"
192	TEST_TARGET=t-exec
193	;;
194esac
195
196# If we have a local openssl/libressl, use that.
197if [ -z "${LIBCRYPTOFLAGS}" ]; then
198	# last-match
199	for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
200		if [ -x ${i}/bin/openssl ]; then
201			LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
202		fi
203	done
204fi
205
206CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
207
208if [ -x "$(which plink 2>/dev/null)" ]; then
209	REGRESS_INTEROP_PUTTY=yes
210	export REGRESS_INTEROP_PUTTY
211fi
212
213export CC CFLAGS LTESTS SUDO
214export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL
215