xref: /freebsd/crypto/openssh/.github/setup_ci.sh (revision d5b0e70f7e04d971691517ce1304d86a1e367e2e)
1#!/bin/sh
2
3PACKAGES=""
4
5 . .github/configs $@
6
7case "`./config.guess`" in
8*cygwin)
9	PACKAGER=setup
10	echo Setting CYGWIN sustem environment variable.
11	setx CYGWIN "binmode"
12	chmod -R go-rw /cygdrive/d/a
13	umask 077
14	PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core"
15	PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel"
16	;;
17*-darwin*)
18	PACKAGER=brew
19	brew install automake
20	exit 0
21	;;
22*)
23	PACKAGER=apt
24esac
25
26TARGETS=$@
27
28INSTALL_FIDO_PPA="no"
29export DEBIAN_FRONTEND=noninteractive
30
31#echo "Setting up for '$TARGETS'"
32
33set -ex
34
35if [ -x "`which lsb_release 2>&1`" ]; then
36	lsb_release -a
37fi
38
39# Ubuntu 22.04 defaults to private home dirs which prevent the
40# agent-getpeerid test from running ssh-add as nobody.  See
41# https://github.com/actions/runner-images/issues/6106
42if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then
43	echo ~ is not executable by nobody, adding perms.
44	chmod go+x ~
45fi
46
47if [ "${TARGETS}" = "kitchensink" ]; then
48	TARGETS="krb5 libedit pam sk selinux"
49fi
50
51for flag in $CONFIGFLAGS; do
52    case "$flag" in
53    --with-pam)		TARGETS="${TARGETS} pam" ;;
54    --with-libedit)	TARGETS="${TARGETS} libedit" ;;
55    esac
56done
57
58for TARGET in $TARGETS; do
59    case $TARGET in
60    default|without-openssl|without-zlib|c89)
61        # nothing to do
62        ;;
63    clang-sanitize*)
64        PACKAGES="$PACKAGES clang-12"
65        ;;
66    cygwin-release)
67        PACKAGES="$PACKAGES libcrypt-devel libfido2-devel libkrb5-devel"
68        ;;
69    gcc-sanitize*)
70        ;;
71    clang-*|gcc-*)
72        compiler=$(echo $TARGET | sed 's/-Werror//')
73        PACKAGES="$PACKAGES $compiler"
74        ;;
75    krb5)
76        PACKAGES="$PACKAGES libkrb5-dev"
77	;;
78    heimdal)
79        PACKAGES="$PACKAGES heimdal-dev"
80        ;;
81    libedit)
82	case "$PACKAGER" in
83	setup)	PACKAGES="$PACKAGES libedit-devel" ;;
84	apt)	PACKAGES="$PACKAGES libedit-dev" ;;
85	esac
86        ;;
87    *pam)
88        PACKAGES="$PACKAGES libpam0g-dev"
89        ;;
90    sk)
91        INSTALL_FIDO_PPA="yes"
92        PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev"
93        ;;
94    selinux)
95        PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
96        ;;
97    hardenedmalloc)
98        INSTALL_HARDENED_MALLOC=yes
99        ;;
100    musl)
101	PACKAGES="$PACKAGES musl-tools"
102	;;
103    tcmalloc)
104        PACKAGES="$PACKAGES libgoogle-perftools-dev"
105        ;;
106    openssl-noec)
107	INSTALL_OPENSSL=OpenSSL_1_1_1k
108	SSLCONFOPTS="no-ec"
109	;;
110    openssl-*)
111        INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-)
112        case ${INSTALL_OPENSSL} in
113          1.1.1_stable)	INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;;
114          1.*)	INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;;
115          3.*)	INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;;
116        esac
117        PACKAGES="${PACKAGES} putty-tools"
118       ;;
119    libressl-*)
120        INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
121        case ${INSTALL_LIBRESSL} in
122          master) ;;
123          *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;;
124        esac
125        PACKAGES="${PACKAGES} putty-tools"
126       ;;
127    valgrind*)
128       PACKAGES="$PACKAGES valgrind"
129       ;;
130    *) echo "Invalid option '${TARGET}'"
131        exit 1
132        ;;
133    esac
134done
135
136if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
137    sudo apt update -qq
138    sudo apt install -qy software-properties-common
139    sudo apt-add-repository -y ppa:yubico/stable
140fi
141
142if [ "x" != "x$PACKAGES" ]; then
143    case "$PACKAGER" in
144    apt)
145	sudo apt update -qq
146	sudo apt install -qy $PACKAGES
147	;;
148    setup)
149	/cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`
150	;;
151    esac
152fi
153
154if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
155    (cd ${HOME} &&
156     git clone https://github.com/GrapheneOS/hardened_malloc.git &&
157     cd ${HOME}/hardened_malloc &&
158     make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/)
159fi
160
161if [ ! -z "${INSTALL_OPENSSL}" ]; then
162    (cd ${HOME} &&
163     git clone https://github.com/openssl/openssl.git &&
164     cd ${HOME}/openssl &&
165     git checkout ${INSTALL_OPENSSL} &&
166     ./config no-threads shared ${SSLCONFOPTS} \
167         --prefix=/opt/openssl &&
168     make && sudo make install_sw)
169fi
170
171if [ ! -z "${INSTALL_LIBRESSL}" ]; then
172    if [ "${INSTALL_LIBRESSL}" = "master" ]; then
173        (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
174         git clone https://github.com/libressl-portable/portable.git &&
175         cd ${HOME}/libressl/portable &&
176         git checkout ${INSTALL_LIBRESSL} &&
177         sh update.sh && sh autogen.sh &&
178         ./configure --prefix=/opt/libressl &&
179         make -j2 && sudo make install)
180    else
181        LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL
182        (cd ${HOME} &&
183         wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz &&
184         tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz &&
185         cd libressl-${INSTALL_LIBRESSL} &&
186         ./configure --prefix=/opt/libressl && make -j2 && sudo make install)
187    fi
188fi
189