1#!/bin/sh 2 3PACKAGES="" 4 5 . .github/configs $@ 6 7host=`./config.guess` 8echo "config.guess: $host" 9case "$host" in 10*cygwin) 11 PACKAGER=setup 12 echo Setting CYGWIN system environment variable. 13 setx CYGWIN "binmode" 14 echo Removing extended ACLs so umask works as expected. 15 setfacl -b . regress 16 PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" 17 PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel" 18 ;; 19*-darwin*) 20 PACKAGER=brew 21 brew install automake 22 exit 0 23 ;; 24*) 25 PACKAGER=apt 26esac 27 28TARGETS=$@ 29 30INSTALL_FIDO_PPA="no" 31export DEBIAN_FRONTEND=noninteractive 32 33#echo "Setting up for '$TARGETS'" 34 35set -ex 36 37if [ -x "`which lsb_release 2>&1`" ]; then 38 lsb_release -a 39fi 40 41# Ubuntu 22.04 defaults to private home dirs which prevent the 42# agent-getpeerid test from running ssh-add as nobody. See 43# https://github.com/actions/runner-images/issues/6106 44if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then 45 echo ~ is not executable by nobody, adding perms. 46 chmod go+x ~ 47fi 48 49if [ "${TARGETS}" = "kitchensink" ]; then 50 TARGETS="krb5 libedit pam sk selinux" 51fi 52 53for flag in $CONFIGFLAGS; do 54 case "$flag" in 55 --with-pam) TARGETS="${TARGETS} pam" ;; 56 --with-libedit) TARGETS="${TARGETS} libedit" ;; 57 esac 58done 59 60for TARGET in $TARGETS; do 61 case $TARGET in 62 default|without-openssl|without-zlib|c89) 63 # nothing to do 64 ;; 65 clang-sanitize*) 66 PACKAGES="$PACKAGES clang-12" 67 ;; 68 cygwin-release) 69 PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel" 70 ;; 71 gcc-sanitize*) 72 ;; 73 clang-*|gcc-*) 74 compiler=$(echo $TARGET | sed 's/-Werror//') 75 PACKAGES="$PACKAGES $compiler" 76 ;; 77 krb5) 78 PACKAGES="$PACKAGES libkrb5-dev" 79 ;; 80 heimdal) 81 PACKAGES="$PACKAGES heimdal-dev" 82 ;; 83 libedit) 84 case "$PACKAGER" in 85 setup) PACKAGES="$PACKAGES libedit-devel" ;; 86 apt) PACKAGES="$PACKAGES libedit-dev" ;; 87 esac 88 ;; 89 *pam) 90 PACKAGES="$PACKAGES libpam0g-dev" 91 ;; 92 sk) 93 INSTALL_FIDO_PPA="yes" 94 PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev" 95 ;; 96 selinux) 97 PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev" 98 ;; 99 hardenedmalloc) 100 INSTALL_HARDENED_MALLOC=yes 101 ;; 102 musl) 103 PACKAGES="$PACKAGES musl-tools" 104 ;; 105 tcmalloc) 106 PACKAGES="$PACKAGES libgoogle-perftools-dev" 107 ;; 108 openssl-noec) 109 INSTALL_OPENSSL=OpenSSL_1_1_1k 110 SSLCONFOPTS="no-ec" 111 ;; 112 openssl-*) 113 INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-) 114 case ${INSTALL_OPENSSL} in 115 1.1.1_stable) INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;; 116 1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;; 117 3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;; 118 esac 119 PACKAGES="${PACKAGES} putty-tools" 120 ;; 121 libressl-*) 122 INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-) 123 case ${INSTALL_LIBRESSL} in 124 master) ;; 125 *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;; 126 esac 127 PACKAGES="${PACKAGES} putty-tools" 128 ;; 129 boringssl) 130 INSTALL_BORINGSSL=1 131 PACKAGES="${PACKAGES} cmake ninja-build" 132 ;; 133 valgrind*) 134 PACKAGES="$PACKAGES valgrind" 135 ;; 136 *) echo "Invalid option '${TARGET}'" 137 exit 1 138 ;; 139 esac 140done 141 142if [ "yes" = "$INSTALL_FIDO_PPA" ]; then 143 sudo apt update -qq 144 sudo apt install -qy software-properties-common 145 sudo apt-add-repository -y ppa:yubico/stable 146fi 147 148tries=3 149while [ ! -z "$PACKAGES" ] && [ "$tries" -gt "0" ]; do 150 case "$PACKAGER" in 151 apt) 152 sudo apt update -qq 153 if sudo apt install -qy $PACKAGES; then 154 PACKAGES="" 155 fi 156 ;; 157 setup) 158 if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then 159 PACKAGES="" 160 fi 161 ;; 162 esac 163 if [ ! -z "$PACKAGES" ]; then 164 sleep 90 165 fi 166 tries=$(($tries - 1)) 167done 168if [ ! -z "$PACKAGES" ]; then 169 echo "Package installation failed." 170 exit 1 171fi 172 173if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then 174 (cd ${HOME} && 175 git clone https://github.com/GrapheneOS/hardened_malloc.git && 176 cd ${HOME}/hardened_malloc && 177 make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/) 178fi 179 180if [ ! -z "${INSTALL_OPENSSL}" ]; then 181 (cd ${HOME} && 182 git clone https://github.com/openssl/openssl.git && 183 cd ${HOME}/openssl && 184 git checkout ${INSTALL_OPENSSL} && 185 ./config no-threads shared ${SSLCONFOPTS} \ 186 --prefix=/opt/openssl && 187 make && sudo make install_sw) 188fi 189 190if [ ! -z "${INSTALL_LIBRESSL}" ]; then 191 if [ "${INSTALL_LIBRESSL}" = "master" ]; then 192 (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl && 193 git clone https://github.com/libressl-portable/portable.git && 194 cd ${HOME}/libressl/portable && 195 git checkout ${INSTALL_LIBRESSL} && 196 sh update.sh && sh autogen.sh && 197 ./configure --prefix=/opt/libressl && 198 make -j2 && sudo make install) 199 else 200 LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL 201 (cd ${HOME} && 202 wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz && 203 tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz && 204 cd libressl-${INSTALL_LIBRESSL} && 205 ./configure --prefix=/opt/libressl && make -j2 && sudo make install) 206 fi 207fi 208 209if [ ! -z "${INSTALL_BORINGSSL}" ]; then 210 (cd ${HOME} && git clone https://boringssl.googlesource.com/boringssl && 211 cd ${HOME}/boringssl && mkdir build && cd build && 212 cmake -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja && 213 mkdir -p /opt/boringssl/lib && 214 cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib && 215 cp -r ${HOME}/boringssl/include /opt/boringssl) 216fi 217