xref: /freebsd/crypto/openssh/.github/configs (revision 13ec1e3155c7e9bf037b12af186351b7fa9b9450)
1#!/bin/sh
2#
3# usage: configs vmname test_config (or '' for default)
4#
5# Sets the following variables:
6# CONFIGFLAGS           options to ./configure
7# SSHD_CONFOPTS         sshd_config options
8# TEST_TARGET           make target used when testing.  defaults to "tests".
9# LTESTS
10
11config=$1
12
13TEST_TARGET="tests"
14LTESTS=""
15SKIP_LTESTS=""
16SUDO=sudo	# run with sudo by default
17TEST_SSH_UNSAFE_PERMISSIONS=1
18
19CONFIGFLAGS=""
20LIBCRYPTOFLAGS=""
21
22case "$config" in
23    default|sol64)
24	;;
25    c89)
26	CC="gcc"
27	CFLAGS="-Wall -std=c89 -pedantic -Werror=vla"
28	CONFIGFLAGS="--without-openssl --without-zlib"
29	TEST_TARGET=t-exec
30	;;
31    kitchensink)
32	CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
33	CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
34	CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
35	;;
36    hardenedmalloc)
37	CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
38	;;
39    kerberos5)
40	CONFIGFLAGS="--with-kerberos5"
41	;;
42    libedit)
43	CONFIGFLAGS="--with-libedit"
44	;;
45    pam-krb5)
46	CONFIGFLAGS="--with-pam --with-kerberos5"
47	SSHD_CONFOPTS="UsePam yes"
48	;;
49    *pam)
50	CONFIGFLAGS="--with-pam"
51	SSHD_CONFOPTS="UsePam yes"
52	;;
53    libressl-*)
54	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
55	;;
56    openssl-*)
57	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
58	;;
59    selinux)
60	CONFIGFLAGS="--with-selinux"
61	;;
62    sk)
63	CONFIGFLAGS="--with-security-key-builtin"
64        ;;
65    without-openssl)
66	LIBCRYPTOFLAGS="--without-openssl"
67	TEST_TARGET=t-exec
68	;;
69    valgrind-[1-4]|valgrind-unit)
70	# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
71	CONFIGFLAGS="--without-sandbox --without-hardening"
72	CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
73	TEST_TARGET="t-exec USE_VALGRIND=1"
74	TEST_SSH_ELAPSED_TIMES=1
75	export TEST_SSH_ELAPSED_TIMES
76	# Valgrind slows things down enough that the agent timeout test
77	# won't reliably pass, and the unit tests run longer than allowed
78	# by github so split into three separate tests.
79	tests2="rekey integrity"
80	tests3="krl forward-control sshsig"
81	tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment"
82	case "$config" in
83	    valgrind-1)
84		# All tests except agent-timeout (which is flaky under valgrind)
85		#) and slow ones that run separately to increase parallelism.
86		SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}"
87		;;
88	    valgrind-2)
89		LTESTS="${tests2}"
90		;;
91	    valgrind-3)
92		LTESTS="${tests3}"
93		;;
94	    valgrind-4)
95		LTESTS="${tests4}"
96		;;
97	    valgrind-unit)
98		TEST_TARGET="unit USE_VALGRIND=1"
99		;;
100	esac
101	;;
102    *)
103	echo "Unknown configuration $config"
104	exit 1
105	;;
106esac
107
108# The Solaris 64bit targets are special since they need a non-flag arg.
109case "$config" in
110    sol64*)
111	CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
112	LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
113	;;
114esac
115
116case "${TARGET_HOST}" in
117    dfly58*|dfly60*)
118	# scp 3-way connection hangs on these so skip until sorted.
119	SKIP_LTESTS=scp3
120	;;
121    hurd)
122	SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
123	;;
124    minix3)
125	CC="clang"
126	LIBCRYPTOFLAGS="--without-openssl"
127	# Minix does not have a loopback interface so we have to skip any
128	# test that relies on it.
129	TEST_TARGET=t-exec
130	SKIP_LTESTS="addrmatch cfgparse key-options reexec agent connect"
131	SKIP_LTESTS="$SKIP_LTESTS keyscan rekey allow-deny-users connect-uri"
132	SKIP_LTESTS="$SKIP_LTESTS knownhosts-command sftp-uri brokenkeys"
133	SKIP_LTESTS="$SKIP_LTESTS exit-status login-timeout stderr-data"
134	SKIP_LTESTS="$SKIP_LTESTS cfgmatch forward-control multiplex transfer"
135	SKIP_LTESTS="$SKIP_LTESTS cfgmatchlisten forwarding reconfigure"
136	SUDO=""
137	;;
138    nbsd4)
139	# System compiler will ICE on some files with fstack-protector
140	CONFIGFLAGS="${CONFIGFLAGS} --without-hardening"
141	;;
142    sol10|sol11)
143	# sol10 VM is 32bit and the unit tests are slow.
144	# sol11 has 4 test configs so skip unit tests to speed up.
145	TEST_TARGET="tests SKIP_UNIT=1"
146	;;
147    win10)
148	# No sudo on Windows.
149	SUDO=""
150	;;
151esac
152
153# If we have a local openssl/libressl, use that.
154if [ -z "${LIBCRYPTOFLAGS}" ]; then
155	# last-match
156	for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
157		if [ -x ${i}/bin/openssl ]; then
158			LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
159		fi
160	done
161fi
162
163CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
164
165if [ -x "$(which plink 2>/dev/null)" ]; then
166	REGRESS_INTEROP_PUTTY=yes
167	export REGRESS_INTEROP_PUTTY
168fi
169
170export CC CFLAGS LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS
171