1#!/bin/sh 2 3PACKAGES="" 4 5 . .github/configs $@ 6 7host=`./config.guess` 8echo "config.guess: $host" 9case "$host" in 10*cygwin) 11 PACKAGER=setup 12 echo Setting CYGWIN system environment variable. 13 setx CYGWIN "binmode" 14 echo Removing extended ACLs so umask works as expected. 15 setfacl -b . regress 16 PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" 17 PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel" 18 ;; 19*-darwin*) 20 PACKAGER=brew 21 brew install automake 22 exit 0 23 ;; 24*) 25 PACKAGER=apt 26esac 27 28TARGETS=$@ 29 30INSTALL_FIDO_PPA="no" 31export DEBIAN_FRONTEND=noninteractive 32 33#echo "Setting up for '$TARGETS'" 34 35set -ex 36 37if [ -x "`which lsb_release 2>&1`" ]; then 38 lsb_release -a 39fi 40 41# Ubuntu 22.04 defaults to private home dirs which prevent the 42# agent-getpeerid test from running ssh-add as nobody. See 43# https://github.com/actions/runner-images/issues/6106 44if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then 45 echo ~ is not executable by nobody, adding perms. 46 chmod go+x ~ 47fi 48 49if [ "${TARGETS}" = "kitchensink" ]; then 50 TARGETS="krb5 libedit pam sk selinux" 51fi 52 53for flag in $CONFIGFLAGS; do 54 case "$flag" in 55 --with-pam) TARGETS="${TARGETS} pam" ;; 56 --with-libedit) TARGETS="${TARGETS} libedit" ;; 57 esac 58done 59 60for TARGET in $TARGETS; do 61 case $TARGET in 62 default|without-openssl|without-zlib|c89) 63 # nothing to do 64 ;; 65 clang-sanitize*) 66 PACKAGES="$PACKAGES clang-12" 67 ;; 68 cygwin-release) 69 PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel" 70 ;; 71 gcc-sanitize*) 72 ;; 73 clang-*|gcc-*) 74 compiler=$(echo $TARGET | sed 's/-Werror//') 75 PACKAGES="$PACKAGES $compiler" 76 ;; 77 krb5) 78 PACKAGES="$PACKAGES libkrb5-dev" 79 ;; 80 heimdal) 81 PACKAGES="$PACKAGES heimdal-dev" 82 ;; 83 libedit) 84 case "$PACKAGER" in 85 setup) PACKAGES="$PACKAGES libedit-devel" ;; 86 apt) PACKAGES="$PACKAGES libedit-dev" ;; 87 esac 88 ;; 89 *pam) 90 PACKAGES="$PACKAGES libpam0g-dev" 91 ;; 92 sk) 93 INSTALL_FIDO_PPA="yes" 94 PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev" 95 ;; 96 selinux) 97 PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev" 98 ;; 99 hardenedmalloc) 100 INSTALL_HARDENED_MALLOC=yes 101 ;; 102 musl) 103 PACKAGES="$PACKAGES musl-tools" 104 ;; 105 tcmalloc) 106 PACKAGES="$PACKAGES libgoogle-perftools-dev" 107 ;; 108 openssl-noec) 109 INSTALL_OPENSSL=OpenSSL_1_1_1k 110 SSLCONFOPTS="no-ec" 111 ;; 112 openssl-*) 113 INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-) 114 case ${INSTALL_OPENSSL} in 115 1.1.1_stable) INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;; 116 1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;; 117 3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;; 118 esac 119 PACKAGES="${PACKAGES} putty-tools" 120 ;; 121 libressl-*) 122 INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-) 123 case ${INSTALL_LIBRESSL} in 124 master) ;; 125 *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;; 126 esac 127 PACKAGES="${PACKAGES} putty-tools" 128 ;; 129 boringssl) 130 INSTALL_BORINGSSL=1 131 PACKAGES="${PACKAGES} cmake ninja-build" 132 ;; 133 valgrind*) 134 PACKAGES="$PACKAGES valgrind" 135 ;; 136 zlib-*) 137 ;; 138 *) echo "Invalid option '${TARGET}'" 139 exit 1 140 ;; 141 esac 142done 143 144if [ "yes" = "$INSTALL_FIDO_PPA" ]; then 145 sudo apt update -qq 146 sudo apt install -qy software-properties-common 147 sudo apt-add-repository -y ppa:yubico/stable 148fi 149 150tries=3 151while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do 152 case "$PACKAGER" in 153 apt) 154 sudo apt update -qq 155 if sudo apt install -qy $PACKAGES; then 156 PACKAGES="" 157 fi 158 ;; 159 setup) 160 if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then 161 PACKAGES="" 162 fi 163 ;; 164 esac 165 if [ ! -z "$PACKAGES" ]; then 166 sleep 90 167 fi 168 tries=$(($tries - 1)) 169done 170if [ ! -z "$PACKAGES" ]; then 171 echo "Package installation failed." 172 exit 1 173fi 174 175if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then 176 (cd ${HOME} && 177 git clone https://github.com/GrapheneOS/hardened_malloc.git && 178 cd ${HOME}/hardened_malloc && 179 make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/) 180fi 181 182if [ ! -z "${INSTALL_OPENSSL}" ]; then 183 (cd ${HOME} && 184 git clone https://github.com/openssl/openssl.git && 185 cd ${HOME}/openssl && 186 git checkout ${INSTALL_OPENSSL} && 187 ./config no-threads shared ${SSLCONFOPTS} \ 188 --prefix=/opt/openssl && 189 make && sudo make install_sw) 190fi 191 192if [ ! -z "${INSTALL_LIBRESSL}" ]; then 193 if [ "${INSTALL_LIBRESSL}" = "master" ]; then 194 (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl && 195 git clone https://github.com/libressl-portable/portable.git && 196 cd ${HOME}/libressl/portable && 197 git checkout ${INSTALL_LIBRESSL} && 198 sh update.sh && sh autogen.sh && 199 ./configure --prefix=/opt/libressl && 200 make -j2 && sudo make install) 201 else 202 LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL 203 (cd ${HOME} && 204 wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz && 205 tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz && 206 cd libressl-${INSTALL_LIBRESSL} && 207 ./configure --prefix=/opt/libressl && make -j2 && sudo make install) 208 fi 209fi 210 211if [ ! -z "${INSTALL_BORINGSSL}" ]; then 212 (cd ${HOME} && git clone https://boringssl.googlesource.com/boringssl && 213 cd ${HOME}/boringssl && mkdir build && cd build && 214 cmake -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja && 215 mkdir -p /opt/boringssl/lib && 216 cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib && 217 cp -r ${HOME}/boringssl/include /opt/boringssl) 218fi 219 220if [ ! -z "${INSTALL_ZLIB}" ]; then 221 (cd ${HOME} && git clone https://github.com/madler/zlib.git && 222 cd ${HOME}/zlib && ./configure && make && 223 sudo make install prefix=/opt/zlib) 224fi 225