1#!/bin/sh 2# 3# usage: configs vmname test_config (or '' for default) 4# 5# Sets the following variables: 6# CONFIGFLAGS options to ./configure 7# SSHD_CONFOPTS sshd_config options 8# TEST_TARGET make target used when testing. defaults to "tests". 9# LTESTS 10 11config=$1 12 13TEST_TARGET="tests" 14LTESTS="" 15SKIP_LTESTS="" 16SUDO=sudo # run with sudo by default 17TEST_SSH_UNSAFE_PERMISSIONS=1 18# Stop on first test failure to minimize logs 19TEST_SSH_FAIL_FATAL=yes 20 21CONFIGFLAGS="" 22LIBCRYPTOFLAGS="" 23 24case "$config" in 25 default|sol64) 26 ;; 27 c89) 28 CC="gcc" 29 CFLAGS="-Wall -std=c89 -pedantic -Werror=vla" 30 CONFIGFLAGS="--without-zlib" 31 LIBCRYPTOFLAGS="--without-openssl" 32 TEST_TARGET=t-exec 33 ;; 34 cygwin-release) 35 CONFIGFLAGS="--with-libedit --with-xauth=/usr/bin/xauth --disable-strip --with-security-key-builtin" 36 ;; 37 clang-12-Werror) 38 CC="clang-12" 39 # clang's implicit-fallthrough requires that the code be annotated with 40 # __attribute__((fallthrough)) and does not understand /* FALLTHROUGH */ 41 CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough" 42 CONFIGFLAGS="--with-pam --with-Werror" 43 ;; 44 gcc-11-Werror) 45 CC="gcc" 46 # -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled 47 CFLAGS="-Wall -Wextra -Wno-format-truncation -O2 -Wimplicit-fallthrough=4" 48 CONFIGFLAGS="--with-pam --with-Werror" 49 ;; 50 clang*|gcc*) 51 CC="$config" 52 ;; 53 kitchensink) 54 CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam" 55 CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux" 56 CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG" 57 ;; 58 hardenedmalloc) 59 CONFIGFLAGS="--with-ldflags=-lhardened_malloc" 60 ;; 61 tcmalloc) 62 CONFIGFLAGS="--with-ldflags=-ltcmalloc" 63 ;; 64 krb5|heimdal) 65 CONFIGFLAGS="--with-kerberos5" 66 ;; 67 libedit) 68 CONFIGFLAGS="--with-libedit" 69 ;; 70 musl) 71 CC="musl-gcc" 72 CONFIGFLAGS="--without-zlib" 73 LIBCRYPTOFLAGS="--without-openssl" 74 TEST_TARGET="t-exec" 75 ;; 76 pam-krb5) 77 CONFIGFLAGS="--with-pam --with-kerberos5" 78 SSHD_CONFOPTS="UsePam yes" 79 ;; 80 *pam) 81 CONFIGFLAGS="--with-pam" 82 SSHD_CONFOPTS="UsePam yes" 83 ;; 84 libressl-*) 85 LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath," 86 ;; 87 openssl-*) 88 LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath," 89 ;; 90 selinux) 91 CONFIGFLAGS="--with-selinux" 92 ;; 93 sk) 94 CONFIGFLAGS="--with-security-key-builtin" 95 ;; 96 without-openssl) 97 LIBCRYPTOFLAGS="--without-openssl" 98 TEST_TARGET=t-exec 99 ;; 100 valgrind-[1-4]|valgrind-unit) 101 # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. 102 CONFIGFLAGS="--without-sandbox --without-hardening" 103 CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" 104 TEST_TARGET="t-exec USE_VALGRIND=1" 105 TEST_SSH_ELAPSED_TIMES=1 106 export TEST_SSH_ELAPSED_TIMES 107 # Valgrind slows things down enough that the agent timeout test 108 # won't reliably pass, and the unit tests run longer than allowed 109 # by github so split into three separate tests. 110 tests2="rekey integrity try-ciphers sftp" 111 tests3="krl forward-control sshsig agent-restrict kextype" 112 tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" 113 case "$config" in 114 valgrind-1) 115 # All tests except agent-timeout (which is flaky under valgrind) 116 #) and slow ones that run separately to increase parallelism. 117 SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}" 118 ;; 119 valgrind-2) 120 LTESTS="${tests2}" 121 ;; 122 valgrind-3) 123 LTESTS="${tests3}" 124 ;; 125 valgrind-4) 126 LTESTS="${tests4}" 127 ;; 128 valgrind-unit) 129 TEST_TARGET="unit USE_VALGRIND=1" 130 ;; 131 esac 132 ;; 133 *) 134 echo "Unknown configuration $config" 135 exit 1 136 ;; 137esac 138 139# The Solaris 64bit targets are special since they need a non-flag arg. 140case "$config" in 141 sol64*) 142 CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}" 143 LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64" 144 ;; 145esac 146 147case "${TARGET_HOST}" in 148 dfly58*|dfly60*) 149 # scp 3-way connection hangs on these so skip until sorted. 150 SKIP_LTESTS=scp3 151 ;; 152 hurd) 153 SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace" 154 ;; 155 minix3) 156 LIBCRYPTOFLAGS="--without-openssl --disable-security-key" 157 # Minix does not have a loopback interface so we have to skip any 158 # test that relies on one. 159 # Also, Minix seems to be very limited in the number of select() 160 # calls that can be operating concurrently, so prune additional tests for that. 161 T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse connect 162 connect-uri exit-status forward-control forwarding hostkey-agent 163 key-options keyscan knownhosts-command login-timeout multiplex 164 reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds 165 sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data 166 transfer" 167 SKIP_LTESTS="$(echo $T)" 168 TEST_TARGET=t-exec 169 SUDO="" 170 ;; 171 nbsd4) 172 # System compiler will ICE on some files with fstack-protector 173 # SHA256 functions in sha2.h conflict with OpenSSL's breaking sk-dummy 174 CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key" 175 ;; 176 sol10|sol11) 177 # sol10 VM is 32bit and the unit tests are slow. 178 # sol11 has 4 test configs so skip unit tests to speed up. 179 TEST_TARGET="tests SKIP_UNIT=1" 180 ;; 181 win10) 182 # No sudo on Windows. 183 SUDO="" 184 ;; 185esac 186 187# Unless specified otherwise, build without OpenSSL on Mac OS since 188# modern versions don't ship with libcrypto. 189case "`./config.guess`" in 190*-darwin*) 191 LIBCRYPTOFLAGS="--without-openssl" 192 TEST_TARGET=t-exec 193 ;; 194esac 195 196# If we have a local openssl/libressl, use that. 197if [ -z "${LIBCRYPTOFLAGS}" ]; then 198 # last-match 199 for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do 200 if [ -x ${i}/bin/openssl ]; then 201 LIBCRYPTOFLAGS="--with-ssl-dir=${i}" 202 fi 203 done 204fi 205 206CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}" 207 208if [ -x "$(which plink 2>/dev/null)" ]; then 209 REGRESS_INTEROP_PUTTY=yes 210 export REGRESS_INTEROP_PUTTY 211fi 212 213export CC CFLAGS LTESTS SUDO 214export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL 215