xref: /freebsd/crypto/openssh/.github/setup_ci.sh (revision 3d6a94db1010319dc65736100089d6dd5ff90e46)
1#!/bin/sh
2
3PACKAGES=""
4
5 . .github/configs $@
6
7case "`./config.guess`" in
8*cygwin)
9	PACKAGER=setup
10	echo Setting CYGWIN system environment variable.
11	setx CYGWIN "binmode"
12	echo Removing extended ACLs so umask works as expected.
13	setfacl -b . regress
14	PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
15	PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
16	;;
17*-darwin*)
18	PACKAGER=brew
19	brew install automake
20	exit 0
21	;;
22*)
23	PACKAGER=apt
24esac
25
26TARGETS=$@
27
28INSTALL_FIDO_PPA="no"
29export DEBIAN_FRONTEND=noninteractive
30
31#echo "Setting up for '$TARGETS'"
32
33set -ex
34
35if [ -x "`which lsb_release 2>&1`" ]; then
36	lsb_release -a
37fi
38
39# Ubuntu 22.04 defaults to private home dirs which prevent the
40# agent-getpeerid test from running ssh-add as nobody.  See
41# https://github.com/actions/runner-images/issues/6106
42if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then
43	echo ~ is not executable by nobody, adding perms.
44	chmod go+x ~
45fi
46
47if [ "${TARGETS}" = "kitchensink" ]; then
48	TARGETS="krb5 libedit pam sk selinux"
49fi
50
51for flag in $CONFIGFLAGS; do
52    case "$flag" in
53    --with-pam)		TARGETS="${TARGETS} pam" ;;
54    --with-libedit)	TARGETS="${TARGETS} libedit" ;;
55    esac
56done
57
58for TARGET in $TARGETS; do
59    case $TARGET in
60    default|without-openssl|without-zlib|c89)
61        # nothing to do
62        ;;
63    clang-sanitize*)
64        PACKAGES="$PACKAGES clang-12"
65        ;;
66    cygwin-release)
67        PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel"
68        ;;
69    gcc-sanitize*)
70        ;;
71    clang-*|gcc-*)
72        compiler=$(echo $TARGET | sed 's/-Werror//')
73        PACKAGES="$PACKAGES $compiler"
74        ;;
75    krb5)
76        PACKAGES="$PACKAGES libkrb5-dev"
77	;;
78    heimdal)
79        PACKAGES="$PACKAGES heimdal-dev"
80        ;;
81    libedit)
82	case "$PACKAGER" in
83	setup)	PACKAGES="$PACKAGES libedit-devel" ;;
84	apt)	PACKAGES="$PACKAGES libedit-dev" ;;
85	esac
86        ;;
87    *pam)
88        PACKAGES="$PACKAGES libpam0g-dev"
89        ;;
90    sk)
91        INSTALL_FIDO_PPA="yes"
92        PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev"
93        ;;
94    selinux)
95        PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
96        ;;
97    hardenedmalloc)
98        INSTALL_HARDENED_MALLOC=yes
99        ;;
100    musl)
101	PACKAGES="$PACKAGES musl-tools"
102	;;
103    tcmalloc)
104        PACKAGES="$PACKAGES libgoogle-perftools-dev"
105        ;;
106    openssl-noec)
107	INSTALL_OPENSSL=OpenSSL_1_1_1k
108	SSLCONFOPTS="no-ec"
109	;;
110    openssl-*)
111        INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-)
112        case ${INSTALL_OPENSSL} in
113          1.1.1_stable)	INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;;
114          1.*)	INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;;
115          3.*)	INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;;
116        esac
117        PACKAGES="${PACKAGES} putty-tools"
118       ;;
119    libressl-*)
120        INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
121        case ${INSTALL_LIBRESSL} in
122          master) ;;
123          *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;;
124        esac
125        PACKAGES="${PACKAGES} putty-tools"
126       ;;
127    valgrind*)
128       PACKAGES="$PACKAGES valgrind"
129       ;;
130    *) echo "Invalid option '${TARGET}'"
131        exit 1
132        ;;
133    esac
134done
135
136if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
137    sudo apt update -qq
138    sudo apt install -qy software-properties-common
139    sudo apt-add-repository -y ppa:yubico/stable
140fi
141
142tries=3
143while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do
144    case "$PACKAGER" in
145    apt)
146	sudo apt update -qq
147	if sudo apt install -qy $PACKAGES; then
148		PACKAGES=""
149	fi
150	;;
151    setup)
152	if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then
153		PACKAGES=""
154	fi
155	;;
156    esac
157    if [ ! -z "$PACKAGES" ]; then
158	sleep 90
159    fi
160    tries=$(($tries - 1))
161done
162if [ ! -z "$PACKAGES" ]; then
163	echo "Package installation failed."
164	exit 1
165fi
166
167if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
168    (cd ${HOME} &&
169     git clone https://github.com/GrapheneOS/hardened_malloc.git &&
170     cd ${HOME}/hardened_malloc &&
171     make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/)
172fi
173
174if [ ! -z "${INSTALL_OPENSSL}" ]; then
175    (cd ${HOME} &&
176     git clone https://github.com/openssl/openssl.git &&
177     cd ${HOME}/openssl &&
178     git checkout ${INSTALL_OPENSSL} &&
179     ./config no-threads shared ${SSLCONFOPTS} \
180         --prefix=/opt/openssl &&
181     make && sudo make install_sw)
182fi
183
184if [ ! -z "${INSTALL_LIBRESSL}" ]; then
185    if [ "${INSTALL_LIBRESSL}" = "master" ]; then
186        (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
187         git clone https://github.com/libressl-portable/portable.git &&
188         cd ${HOME}/libressl/portable &&
189         git checkout ${INSTALL_LIBRESSL} &&
190         sh update.sh && sh autogen.sh &&
191         ./configure --prefix=/opt/libressl &&
192         make -j2 && sudo make install)
193    else
194        LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL
195        (cd ${HOME} &&
196         wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz &&
197         tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz &&
198         cd libressl-${INSTALL_LIBRESSL} &&
199         ./configure --prefix=/opt/libressl && make -j2 && sudo make install)
200    fi
201fi
202