1#!/bin/sh 2# 3# usage: configs vmname test_config (or '' for default) 4# 5# Sets the following variables: 6# CONFIGFLAGS options to ./configure 7# SSHD_CONFOPTS sshd_config options 8# TEST_TARGET make target used when testing. defaults to "tests". 9# LTESTS 10 11config=$1 12 13TEST_TARGET="tests" 14LTESTS="" 15SKIP_LTESTS="" 16SUDO=sudo # run with sudo by default 17TEST_SSH_UNSAFE_PERMISSIONS=1 18# Stop on first test failure to minimize logs 19TEST_SSH_FAIL_FATAL=yes 20 21CONFIGFLAGS="" 22LIBCRYPTOFLAGS="" 23 24case "$config" in 25 default|sol64) 26 ;; 27 c89) 28 CC="gcc" 29 CFLAGS="-Wall -std=c89 -pedantic -Werror=vla" 30 CONFIGFLAGS="--without-zlib" 31 LIBCRYPTOFLAGS="--without-openssl" 32 TEST_TARGET=t-exec 33 ;; 34 cygwin-release) 35 CONFIGFLAGS="--with-libedit --with-xauth=/usr/bin/xauth --disable-strip --with-security-key-builtin" 36 ;; 37 clang-12-Werror) 38 CC="clang-12" 39 # clang's implicit-fallthrough requires that the code be annotated with 40 # __attribute__((fallthrough)) and does not understand /* FALLTHROUGH */ 41 CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough -Wno-error=unused-parameter" 42 CONFIGFLAGS="--with-pam --with-Werror" 43 ;; 44 gcc-11-Werror) 45 CC="gcc" 46 # -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled 47 CFLAGS="-Wall -Wextra -O2 -Wno-format-truncation -Wimplicit-fallthrough=4 -Wno-unused-parameter" 48 CONFIGFLAGS="--with-pam --with-Werror" 49 ;; 50 clang*|gcc*) 51 CC="$config" 52 ;; 53 kitchensink) 54 CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam" 55 CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux" 56 CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG" 57 ;; 58 hardenedmalloc) 59 CONFIGFLAGS="--with-ldflags=-lhardened_malloc" 60 ;; 61 tcmalloc) 62 CONFIGFLAGS="--with-ldflags=-ltcmalloc" 63 ;; 64 krb5|heimdal) 65 CONFIGFLAGS="--with-kerberos5" 66 ;; 67 libedit) 68 CONFIGFLAGS="--with-libedit" 69 ;; 70 musl) 71 CC="musl-gcc" 72 CONFIGFLAGS="--without-zlib" 73 LIBCRYPTOFLAGS="--without-openssl" 74 TEST_TARGET="t-exec" 75 ;; 76 pam-krb5) 77 CONFIGFLAGS="--with-pam --with-kerberos5" 78 SSHD_CONFOPTS="UsePam yes" 79 ;; 80 *pam) 81 CONFIGFLAGS="--with-pam" 82 SSHD_CONFOPTS="UsePam yes" 83 ;; 84 libressl-*) 85 LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath," 86 ;; 87 openssl-*) 88 LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath," 89 ;; 90 selinux) 91 CONFIGFLAGS="--with-selinux" 92 ;; 93 sk) 94 CONFIGFLAGS="--with-security-key-builtin" 95 ;; 96 without-openssl) 97 LIBCRYPTOFLAGS="--without-openssl" 98 TEST_TARGET=t-exec 99 ;; 100 valgrind-[1-4]|valgrind-unit) 101 # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. 102 CONFIGFLAGS="--without-sandbox --without-hardening" 103 CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" 104 TEST_TARGET="t-exec USE_VALGRIND=1" 105 TEST_SSH_ELAPSED_TIMES=1 106 export TEST_SSH_ELAPSED_TIMES 107 # Valgrind slows things down enough that the agent timeout test 108 # won't reliably pass, and the unit tests run longer than allowed 109 # by github so split into three separate tests. 110 tests2="rekey integrity try-ciphers sftp" 111 tests3="krl forward-control sshsig agent-restrict kextype" 112 tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" 113 case "$config" in 114 valgrind-1) 115 # All tests except agent-timeout (which is flaky under valgrind) 116 #) and slow ones that run separately to increase parallelism. 117 SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}" 118 ;; 119 valgrind-2) 120 LTESTS="${tests2}" 121 ;; 122 valgrind-3) 123 LTESTS="${tests3}" 124 ;; 125 valgrind-4) 126 LTESTS="${tests4}" 127 ;; 128 valgrind-unit) 129 TEST_TARGET="unit USE_VALGRIND=1" 130 ;; 131 esac 132 ;; 133 *) 134 echo "Unknown configuration $config" 135 exit 1 136 ;; 137esac 138 139# The Solaris 64bit targets are special since they need a non-flag arg. 140case "$config" in 141 sol64*) 142 CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}" 143 LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64" 144 ;; 145esac 146 147case "${TARGET_HOST}" in 148 aix*) 149 # These are slow real or virtual machines so skip the slowest tests 150 # (which tend to be thw ones that transfer lots of data) so that the 151 # test run does not time out. 152 # The agent-restrict test fails due to some quoting issue when run 153 # with sh or ksh so specify bash for now. 154 TEST_TARGET="t-exec TEST_SHELL=bash" 155 SKIP_LTESTS="rekey sftp" 156 ;; 157 dfly58*|dfly60*) 158 # scp 3-way connection hangs on these so skip until sorted. 159 SKIP_LTESTS=scp3 160 ;; 161 fbsd6) 162 # Native linker is not great with PIC so OpenSSL is built w/out. 163 CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" 164 ;; 165 hurd) 166 SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace" 167 ;; 168 minix3) 169 LIBCRYPTOFLAGS="--without-openssl --disable-security-key" 170 # Minix does not have a loopback interface so we have to skip any 171 # test that relies on one. 172 # Also, Minix seems to be very limited in the number of select() 173 # calls that can be operating concurrently, so prune additional tests for that. 174 T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse connect 175 connect-uri exit-status forward-control forwarding hostkey-agent 176 key-options keyscan knownhosts-command login-timeout multiplex 177 reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds 178 sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data 179 transfer" 180 SKIP_LTESTS="$(echo $T)" 181 TEST_TARGET=t-exec 182 SUDO="" 183 ;; 184 nbsd4) 185 # System compiler will ICE on some files with fstack-protector 186 # SHA256 functions in sha2.h conflict with OpenSSL's breaking sk-dummy 187 CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key" 188 ;; 189 openwrt-*) 190 CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib" 191 TEST_TARGET="t-exec" 192 ;; 193 sol10|sol11) 194 # sol10 VM is 32bit and the unit tests are slow. 195 # sol11 has 4 test configs so skip unit tests to speed up. 196 TEST_TARGET="tests SKIP_UNIT=1" 197 ;; 198 win10) 199 # No sudo on Windows. 200 SUDO="" 201 ;; 202esac 203 204# Unless specified otherwise, build without OpenSSL on Mac OS since 205# modern versions don't ship with libcrypto. 206case "`./config.guess`" in 207*-darwin*) 208 LIBCRYPTOFLAGS="--without-openssl" 209 TEST_TARGET=t-exec 210 ;; 211esac 212 213# If we have a local openssl/libressl, use that. 214if [ -z "${LIBCRYPTOFLAGS}" ]; then 215 # last-match 216 for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do 217 if [ -x ${i}/bin/openssl ]; then 218 LIBCRYPTOFLAGS="--with-ssl-dir=${i}" 219 fi 220 done 221fi 222 223CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}" 224 225if [ -x "$(which plink 2>/dev/null)" ]; then 226 REGRESS_INTEROP_PUTTY=yes 227 export REGRESS_INTEROP_PUTTY 228fi 229 230export CC CFLAGS LTESTS SUDO 231export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL 232