lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-07-20 18:02:59 +03:00
Code Activity

GHA: fix zizmor and shellcheck warnings, verify in CI

Browse Source 
Closes #1609
This commit is contained in:
Viktor Szakats
2025-06-06 10:54:35 +02:00
parent d8ae40bad0
commit d7cf63bb05
4 changed files with 282 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.github/workflows/appveyor_docker.yml vendored
View File

@ -52,6 +52,13 @@ jobs:
daemon: daemon:
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 60 timeout-minutes: 60
env:
SSH_HOST: '${{ github.event.inputs.ssh_host }}'
SSH_PORT: '${{ github.event.inputs.ssh_port }}'
SSH_USER: '${{ github.event.inputs.ssh_user }}'
SSH_FORWARD: '${{ github.event.inputs.ssh_forward }}'
SSH_HOSTKEY: '${{ github.event.inputs.ssh_hostkey }}'
SSH_PRIVKEY: '${{ github.event.inputs.ssh_privkey }}'
steps: steps:
- name: Setup SSH client configuration - name: Setup SSH client configuration
run: | run: |
@ -60,15 +67,17 @@ jobs:
install -m 0600 /dev/null .ssh/config install -m 0600 /dev/null .ssh/config
{ {
echo 'ServerAliveInterval 45' echo 'ServerAliveInterval 45'
echo 'Host ${{ github.event.inputs.ssh_host }}' echo "Host ${SSH_HOST}"
echo '${{ github.event.inputs.ssh_forward }}' | sed 's/,/\n/g' | sed 's/^/ RemoteForward /g' # shellcheck disable=SC2001
echo "${SSH_FORWARD}" | sed 's/,/\n/g' | sed 's/^/ RemoteForward /g'
} | tee -a .ssh/config } | tee -a .ssh/config
install -m 0600 /dev/null .ssh/known_hosts install -m 0600 /dev/null .ssh/known_hosts
echo '${{ github.event.inputs.ssh_host }} ${{ github.event.inputs.ssh_hostkey }}' | sed 's/,/\n${{ github.event.inputs.ssh_host }} /g' | tee -a .ssh/known_hosts echo "${SSH_HOST} ${SSH_HOSTKEY}" | sed "s/,/\n${SSH_HOST} /g" | tee -a .ssh/known_hosts
install -m 0600 /dev/null .ssh/id_rsa install -m 0600 /dev/null .ssh/id_rsa
echo '${{ github.event.inputs.ssh_privkey }}' | sed 's/,/\n/g' >> .ssh/id_rsa # shellcheck disable=SC2001
echo "${SSH_PRIVKEY}" | sed 's/,/\n/g' >> .ssh/id_rsa
# we sleep explicitly to allow the remote system to kill the sleep process # we sleep explicitly to allow the remote system to kill the sleep process
- name: Connect to AppVeyor and sleep - name: Connect to AppVeyor and sleep
run: | run: |
ssh -v -p ${{ github.event.inputs.ssh_port }} ${{ github.event.inputs.ssh_user }}@${{ github.event.inputs.ssh_host }} sleep 1h ssh -v -p "${SSH_PORT}" "${SSH_USER}@${SSH_HOST}" sleep 1h

468
.github/workflows/ci.yml vendored
View File

@ -28,16 +28,6 @@ jobs:
- name: 'checksrc' - name: 'checksrc'
run: ./ci/checksrc.sh run: ./ci/checksrc.sh
shellcheck:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'shellcheck'
run: ./ci/shellcheck.sh
spellcheck: spellcheck:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -49,6 +39,40 @@ jobs:
- name: 'spellcheck' - name: 'spellcheck'
run: ./ci/spellcheck.sh run: ./ci/spellcheck.sh
shellcheck:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'shellcheck'
run: ./ci/shellcheck.sh
cicheck:
runs-on: macos-latest
timeout-minutes: 1
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'install prereqs'
run: brew install shellcheck zizmor
- name: 'zizmor GHA'
run: zizmor --pedantic .github/workflows/*.yml
- name: 'shellcheck'
run: |
shellcheck --version
export SHELLCHECK_OPTS='--exclude=1090,1091,2086,2153 --enable=avoid-nullary-conditions,deprecate-which'
git ls-files '.github/workflows/*.yml' | while read -r f; do
echo "Verifying ${f}..."
{
echo '#!/usr/bin/env bash'
echo 'set -eu'
yq eval '.. | select(has("run") and (.run | type == "!!str")) | .run + "\ntrue\n"' "${f}"
} | sed -E 's|\$\{\{ .+ \}\}|GHA_EXPRESSION|g' | shellcheck -
done
build_integration: build_integration:
name: 'integration on ${{ matrix.image }}' name: 'integration on ${{ matrix.image }}'
runs-on: ${{ matrix.image }} runs-on: ${{ matrix.image }}
@ -58,7 +82,8 @@ jobs:
shell: ${{ contains(matrix.image, 'windows') && 'msys2 {0}' || 'bash' }} shell: ${{ contains(matrix.image, 'windows') && 'msys2 {0}' || 'bash' }}
env: env:
CC: ${{ !contains(matrix.image, 'windows') && 'clang' || '' }} CC: ${{ !contains(matrix.image, 'windows') && 'clang' || '' }}
old-cmake-version: 3.11.4 MATRIX_IMAGE: '${{ matrix.image }}'
OLD_CMAKE_VERSION: 3.11.4
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -77,26 +102,26 @@ jobs:
- name: 'install packages' - name: 'install packages'
run: | run: |
if [[ '${{ matrix.image }}' = *'windows'* ]]; then if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then
cd "${HOME}" || exit 1 cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location 'https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-win64-x64.zip' --output bin.zip --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-win64-x64.zip" --output bin.zip
unzip -q bin.zip unzip -q bin.zip
rm -f bin.zip rm -f bin.zip
printf '%s' "${HOME}/cmake-${{ env.old-cmake-version }}-win64-x64/bin/cmake.exe" > "${HOME}/old-cmake-path.txt" printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-win64-x64/bin/cmake.exe > ~/old-cmake-path.txt
elif [[ '${{ matrix.image }}' = *'ubuntu'* ]]; then elif [[ "${MATRIX_IMAGE}" = *'ubuntu'* ]]; then
sudo rm -f /var/lib/man-db/auto-update sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install libgcrypt-dev libssl-dev libmbedtls-dev libwolfssl-dev sudo apt-get -o Dpkg::Use-Pty=0 install libgcrypt-dev libssl-dev libmbedtls-dev libwolfssl-dev
cd "${HOME}" || exit 1 cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-Linux-x86_64.tar.gz | tar -xzf - --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Linux-x86_64.tar.gz" | tar -xz
printf '%s' "$PWD/cmake-${{ env.old-cmake-version }}-Linux-x86_64/bin/cmake" > "${HOME}/old-cmake-path.txt" printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Linux-x86_64/bin/cmake > ~/old-cmake-path.txt
else else
brew install libgcrypt openssl mbedtls wolfssl brew install libgcrypt openssl mbedtls wolfssl
cd "${HOME}" || exit 1 cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \
--location https://github.com/Kitware/CMake/releases/download/v${{ env.old-cmake-version }}/cmake-${{ env.old-cmake-version }}-Darwin-x86_64.tar.gz | tar -xzf - --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Darwin-x86_64.tar.gz" | tar -xz
printf '%s' "$PWD/cmake-${{ env.old-cmake-version }}-Darwin-x86_64/CMake.app/Contents/bin/cmake" > "${HOME}/old-cmake-path.txt" printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Darwin-x86_64/CMake.app/Contents/bin/cmake > ~/old-cmake-path.txt
fi fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
@ -121,23 +146,23 @@ jobs:
- name: 'via add_subdirectory OpenSSL (old cmake)' - name: 'via add_subdirectory OpenSSL (old cmake)'
run: | run: |
export TEST_CMAKE_CONSUMER="$(cat "${HOME}/old-cmake-path.txt")" export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)"
[[ '${{ matrix.image }}' = *'macos'* ]] && export CFLAGS='-arch arm64' [[ "${MATRIX_IMAGE}" = *'macos'* ]] && export CFLAGS='-arch arm64'
if [[ '${{ matrix.image }}' = *'windows'* ]]; then if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then
export TEST_CMAKE_GENERATOR='MSYS Makefiles' export TEST_CMAKE_GENERATOR='MSYS Makefiles'
export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64' export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64'
fi fi
./tests/cmake/test.sh add_subdirectory -DCRYPTO_BACKEND=OpenSSL ${options} ./tests/cmake/test.sh add_subdirectory -DCRYPTO_BACKEND=OpenSSL
- name: 'via find_package OpenSSL (old cmake)' - name: 'via find_package OpenSSL (old cmake)'
run: | run: |
export TEST_CMAKE_CONSUMER="$(cat "${HOME}/old-cmake-path.txt")" export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)"
[[ '${{ matrix.image }}' = *'macos'* ]] && export CFLAGS='-arch arm64' [[ "${MATRIX_IMAGE}" = *'macos'* ]] && export CFLAGS='-arch arm64'
if [[ '${{ matrix.image }}' = *'windows'* ]]; then if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then
export TEST_CMAKE_GENERATOR='MSYS Makefiles' export TEST_CMAKE_GENERATOR='MSYS Makefiles'
export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64' export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64'
fi fi
./tests/cmake/test.sh find_package -DCRYPTO_BACKEND=OpenSSL ${options} ./tests/cmake/test.sh find_package -DCRYPTO_BACKEND=OpenSSL
build_linux: build_linux:
name: 'linux' name: 'linux'
@ -234,34 +259,38 @@ jobs:
options: --disable-static options: --disable-static
env: env:
CC: ${{ matrix.compiler == 'clang-tidy' && 'clang' || matrix.compiler }} CC: ${{ matrix.compiler == 'clang-tidy' && 'clang' || matrix.compiler }}
mbedtls-version: 3.6.2 MATRIX_ARCH: '${{ matrix.arch }}'
wolfssl-version: 5.7.4 MATRIX_CRYPTO: '${{ matrix.crypto }}'
wolfssl-version-prev: 5.5.4 MATRIX_OPTIONS: '${{ matrix.options }}'
boringssl-version: 0.20250114.0 MATRIX_ZLIB: '${{ matrix.zlib }}'
awslc-version: 1.46.1 MBEDTLS_VERSION: 3.6.2
libressl-version: 4.0.0 WOLFSSL_VERSION: 5.7.4
openssl-version: 3.4.0 WOLFSSL_VERSION_PREV: 5.5.4
openssl111-version: 1.1.1w BORINGSSL_VERSION: 0.20250114.0
openssl110-version: 1.1.0l AWSLC_VERSION: 1.46.1
openssl102-version: 1.0.2u LIBRESSL_VERSION: 4.0.0
OPENSSL_VERSION: 3.4.0
OPENSSL111_VERSION: 1.1.1w
OPENSSL110_VERSION: 1.1.0l
OPENSSL102_VERSION: 1.0.2u
steps: steps:
- name: 'install architecture' - name: 'install architecture'
if: ${{ matrix.arch != 'amd64' }} if: ${{ matrix.arch != 'amd64' }}
run: | run: |
sudo dpkg --add-architecture '${{ matrix.arch }}' sudo dpkg --add-architecture "${MATRIX_ARCH}"
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get -o Dpkg::Use-Pty=0 update sudo apt-get -o Dpkg::Use-Pty=0 update
sudo rm -f /var/lib/man-db/auto-update sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install gcc-multilib build-essential zlib1g-dev:${{ matrix.arch }} sudo apt-get -o Dpkg::Use-Pty=0 install gcc-multilib build-essential zlib1g-dev:"${MATRIX_ARCH}"
- name: 'install packages' - name: 'install packages'
run: | run: |
[ '${{ matrix.crypto }}' = 'OpenSSL' ] && pkg='libssl-dev' [ "${MATRIX_CRYPTO}" = 'OpenSSL' ] && pkg='libssl-dev'
[ '${{ matrix.crypto }}' = 'Libgcrypt' ] && pkg='libgcrypt-dev' [ "${MATRIX_CRYPTO}" = 'Libgcrypt' ] && pkg='libgcrypt-dev'
[ '${{ matrix.crypto }}' = 'mbedTLS' ] && pkg='libmbedtls-dev' [ "${MATRIX_CRYPTO}" = 'mbedTLS' ] && pkg='libmbedtls-dev'
[ '${{ matrix.crypto }}' = 'wolfSSL' ] && pkg='libwolfssl-dev' [ "${MATRIX_CRYPTO}" = 'wolfSSL' ] && pkg='libwolfssl-dev'
if [ -n "${pkg}" ]; then if [ -n "${pkg}" ]; then
sudo apt-get -o Dpkg::Use-Pty=0 install "${pkg}:${{ matrix.arch }}" sudo apt-get -o Dpkg::Use-Pty=0 install "${pkg}:${MATRIX_ARCH}"
fi fi
- name: 'cache mbedTLS' - name: 'cache mbedTLS'
@ -270,40 +299,37 @@ jobs:
id: cache-mbedtls id: cache-mbedtls
with: with:
path: ~/usr path: ~/usr
key: ${{ runner.os }}-mbedtls-${{ env.mbedtls-version }}-${{ matrix.arch }} key: ${{ runner.os }}-mbedtls-${{ env.MBEDTLS_VERSION }}-${{ matrix.arch }}
- name: 'install mbedTLS from source' - name: 'install mbedTLS from source'
if: ${{ matrix.crypto == 'mbedTLS-from-source' }} if: ${{ matrix.crypto == 'mbedTLS-from-source' && !steps.cache-mbedtls.outputs.cache-hit }}
run: | run: |
if [ '${{ steps.cache-mbedtls.outputs.cache-hit }}' != 'true' ]; then curl -fsS -L "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" | tar -xj
curl -fsS -L https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${{ env.mbedtls-version }}/mbedtls-${{ env.mbedtls-version }}.tar.bz2 | tar -xjf - cd "mbedtls-${MBEDTLS_VERSION}"
cd mbedtls-${{ env.mbedtls-version }} if [ "${MATRIX_ARCH}" = 'i386' ]; then
if [ '${{ matrix.arch }}' = 'i386' ]; then crossoptions="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${MATRIX_ARCH}"
crossoptions='-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${{ matrix.arch }}' cflags='-m32 -mpclmul -msse2 -maes'
cflags='-m32 -mpclmul -msse2 -maes'
fi
cmake -B . -G Ninja ${crossoptions} \
-DCMAKE_C_FLAGS="${cflags}" \
-DENABLE_PROGRAMS=OFF \
-DENABLE_TESTING=OFF \
-DUSE_STATIC_MBEDTLS_LIBRARY=OFF \
-DUSE_SHARED_MBEDTLS_LIBRARY=ON \
-DCMAKE_INSTALL_PREFIX="$HOME/usr"
cmake --build . --parallel 5
cmake --install .
cd ..
fi fi
cmake -B . -G Ninja ${crossoptions} \
-DCMAKE_C_FLAGS="${cflags}" \
-DENABLE_PROGRAMS=OFF \
-DENABLE_TESTING=OFF \
-DUSE_STATIC_MBEDTLS_LIBRARY=OFF \
-DUSE_SHARED_MBEDTLS_LIBRARY=ON \
-DCMAKE_INSTALL_PREFIX="$HOME"/usr
cmake --build . --parallel 5
cmake --install .
- name: 'install wolfSSL from source' - name: 'install wolfSSL from source'
if: ${{ startsWith(matrix.crypto, 'wolfSSL-from-source') }} if: ${{ startsWith(matrix.crypto, 'wolfSSL-from-source') }}
run: | run: |
if [ '${{ matrix.crypto }}' = 'wolfSSL-from-source' ]; then if [ "${MATRIX_CRYPTO}" = 'wolfSSL-from-source' ]; then
WOLFSSLVER=${{ env.wolfssl-version }} WOLFSSLVER="${WOLFSSL_VERSION}"
else else
WOLFSSLVER=${{ env.wolfssl-version-prev }} WOLFSSLVER="${WOLFSSL_VERSION_PREV}"
options='-DWOLFSSL_OPENSSLEXTRA=ON' options='-DWOLFSSL_OPENSSLEXTRA=ON'
fi fi
curl -fsS -L https://github.com/wolfSSL/wolfssl/archive/refs/tags/v$WOLFSSLVER-stable.tar.gz | tar -xzf - curl -fsS -L https://github.com/wolfSSL/wolfssl/archive/refs/tags/v$WOLFSSLVER-stable.tar.gz | tar -xz
cd wolfssl-$WOLFSSLVER-stable cd wolfssl-$WOLFSSLVER-stable
cmake -B bld -G Ninja ${options} \ cmake -B bld -G Ninja ${options} \
-DWOLFSSL_LIBSSH2=ON \ -DWOLFSSL_LIBSSH2=ON \
@ -313,7 +339,7 @@ jobs:
-DWOLFSSL_CRYPT_TESTS=OFF \ -DWOLFSSL_CRYPT_TESTS=OFF \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \ -DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DCMAKE_C_FLAGS='-DWOLFSSL_AESGCM_STREAM' \ -DCMAKE_C_FLAGS='-DWOLFSSL_AESGCM_STREAM' \
-DCMAKE_INSTALL_PREFIX="$HOME/usr" -DCMAKE_INSTALL_PREFIX="$HOME"/usr
cmake --build bld --parallel 5 cmake --build bld --parallel 5
cmake --install bld cmake --install bld
cd .. cd ..
@ -324,25 +350,22 @@ jobs:
id: cache-boringssl id: cache-boringssl
with: with:
path: ~/usr path: ~/usr
key: ${{ runner.os }}-boringssl-${{ env.boringssl-version }}-${{ matrix.arch }} key: ${{ runner.os }}-boringssl-${{ env.BORINGSSL_VERSION }}-${{ matrix.arch }}
- name: 'install BoringSSL from source' - name: 'install BoringSSL from source'
if: ${{ matrix.crypto == 'BoringSSL' }} if: ${{ matrix.crypto == 'BoringSSL' && !steps.cache-boringssl.outputs.cache-hit }}
run: | run: |
if [ '${{ steps.cache-boringssl.outputs.cache-hit }}' != 'true' ]; then mkdir boringssl
mkdir boringssl cd boringssl
cd boringssl curl -fsS "https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" | tar -xz
curl -fsS https://boringssl.googlesource.com/boringssl/+archive/${{ env.boringssl-version }}.tar.gz | tar -xzf - # Skip tests to finish the build faster
# Skip tests to finish the build faster echo 'set_target_properties(decrepit bssl_shim test_fips boringssl_gtest test_support_lib urandom_test crypto_test ssl_test decrepit_test all_tests pki pki_test run_tests PROPERTIES EXCLUDE_FROM_ALL TRUE)' >> ./CMakeLists.txt
echo 'set_target_properties(decrepit bssl_shim test_fips boringssl_gtest test_support_lib urandom_test crypto_test ssl_test decrepit_test all_tests pki pki_test run_tests PROPERTIES EXCLUDE_FROM_ALL TRUE)' >> ./CMakeLists.txt cmake -B . -G Ninja \
cmake -B . -G Ninja \ -DOPENSSL_SMALL=ON \
-DOPENSSL_SMALL=ON \ -DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-DCMAKE_POSITION_INDEPENDENT_CODE=ON \ -DCMAKE_INSTALL_PREFIX="$HOME"/usr
-DCMAKE_INSTALL_PREFIX="$HOME/usr" cmake --build . --parallel 5
cmake --build . --parallel 5 cmake --install .
cmake --install .
cd ..
fi
- name: 'cache AWS-LC' - name: 'cache AWS-LC'
if: ${{ matrix.crypto == 'AWS-LC' }} if: ${{ matrix.crypto == 'AWS-LC' }}
@ -350,20 +373,17 @@ jobs:
id: cache-aws-lc id: cache-aws-lc
with: with:
path: ~/usr path: ~/usr
key: ${{ runner.os }}-aws-lc-${{ env.awslc-version }}-${{ matrix.arch }} key: ${{ runner.os }}-aws-lc-${{ env.AWSLC_VERSION }}-${{ matrix.arch }}
- name: 'install AWS-LC from source' - name: 'install AWS-LC from source'
if: ${{ matrix.crypto == 'AWS-LC' }} if: ${{ matrix.crypto == 'AWS-LC' && !steps.cache-aws-lc.outputs.cache-hit }}
run: | run: |
if [ '${{ steps.cache-aws-lc.outputs.cache-hit }}' != 'true' ]; then mkdir aws-lc
mkdir aws-lc cd aws-lc
cd aws-lc curl -fsS -L "https://github.com/aws/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" | tar -xz
curl -fsS -L https://github.com/aws/aws-lc/archive/refs/tags/v${{ env.awslc-version }}.tar.gz | tar -xzf - cmake "aws-lc-${AWSLC_VERSION}" -B . -DCMAKE_INSTALL_PREFIX="$HOME"/usr
cmake aws-lc-${{ env.awslc-version }} -B . -DCMAKE_INSTALL_PREFIX="$HOME/usr" cmake --build . --parallel 5
cmake --build . --parallel 5 cmake --install .
cmake --install .
cd ..
fi
- name: 'cache LibreSSL' - name: 'cache LibreSSL'
if: ${{ matrix.crypto == 'LibreSSL' }} if: ${{ matrix.crypto == 'LibreSSL' }}
@ -371,22 +391,19 @@ jobs:
id: cache-libressl id: cache-libressl
with: with:
path: ~/usr path: ~/usr
key: ${{ runner.os }}-libressl-${{ env.libressl-version }}-${{ matrix.arch }} key: ${{ runner.os }}-libressl-${{ env.LIBRESSL_VERSION }}-${{ matrix.arch }}
- name: 'install LibreSSL from source' - name: 'install LibreSSL from source'
if: ${{ matrix.crypto == 'LibreSSL' }} if: ${{ matrix.crypto == 'LibreSSL' && !steps.cache-libressl.outputs.cache-hit }}
run: | run: |
if [ '${{ steps.cache-libressl.outputs.cache-hit }}' != 'true' ]; then curl -fsS -L "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz
curl -fsS -L https://github.com/libressl/portable/releases/download/v${{ env.libressl-version }}/libressl-${{ env.libressl-version }}.tar.gz | tar -xzf - cd "libressl-${LIBRESSL_VERSION}"
cd libressl-${{ env.libressl-version }} cmake -B . -G Ninja \
cmake -B . -G Ninja \ -DLIBRESSL_APPS=OFF \
-DLIBRESSL_APPS=OFF \ -DLIBRESSL_TESTS=OFF \
-DLIBRESSL_TESTS=OFF \ -DCMAKE_INSTALL_PREFIX="$HOME"/usr
-DCMAKE_INSTALL_PREFIX="$HOME/usr" cmake --build . --parallel 5
cmake --build . --parallel 5 cmake --install .
cmake --install .
cd ..
fi
- name: 'cache OpenSSL' - name: 'cache OpenSSL'
if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' }} if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' }}
@ -394,20 +411,17 @@ jobs:
id: cache-openssl id: cache-openssl
with: with:
path: ~/usr path: ~/usr
key: ${{ runner.os }}-openssl-${{ env.openssl-version }}-${{ matrix.arch }} key: ${{ runner.os }}-openssl-${{ env.OPENSSL_VERSION }}-${{ matrix.arch }}
- name: 'install OpenSSL from source' - name: 'install OpenSSL from source'
if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' }} if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' && !steps.cache-openssl.outputs.cache-hit }}
run: | run: |
if [ '${{ steps.cache-openssl.outputs.cache-hit }}' != 'true' ]; then curl -fsS -L "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" | tar -xz
curl -fsS -L https://github.com/openssl/openssl/releases/download/openssl-${{ env.openssl-version }}/openssl-${{ env.openssl-version }}.tar.gz | tar -xzf - cd "openssl-${OPENSSL_VERSION}"
cd openssl-${{ env.openssl-version }} ./Configure no-deprecated \
./Configure no-deprecated \ no-apps no-docs no-tests no-makedepend \
no-apps no-docs no-tests no-makedepend \ no-comp no-quic no-legacy --prefix="$HOME"/usr
no-comp no-quic no-legacy --prefix="$HOME/usr" make -j5 install_sw
make -j5 install_sw
cd ..
fi
- name: 'cache OpenSSL 1.1.1' - name: 'cache OpenSSL 1.1.1'
if: ${{ matrix.crypto == 'OpenSSL-111-from-source' }} if: ${{ matrix.crypto == 'OpenSSL-111-from-source' }}
@ -415,19 +429,16 @@ jobs:
id: cache-openssl111 id: cache-openssl111
with: with:
path: ~/usr path: ~/usr
key: ${{ runner.os }}-openssl-${{ env.openssl111-version }}-${{ matrix.arch }} key: ${{ runner.os }}-openssl-${{ env.OPENSSL111_VERSION }}-${{ matrix.arch }}
- name: 'install OpenSSL 1.1.1 from source' - name: 'install OpenSSL 1.1.1 from source'
if: ${{ matrix.crypto == 'OpenSSL-111-from-source' }} if: ${{ matrix.crypto == 'OpenSSL-111-from-source' && !steps.cache-openssl111.outputs.cache-hit }}
run: | run: |
if [ '${{ steps.cache-openssl111.outputs.cache-hit }}' != 'true' ]; then curl -fsS -L "https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-${OPENSSL111_VERSION}.tar.gz" | tar -xz
curl -fsS -L https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-${{ env.openssl111-version }}.tar.gz | tar -xzf - cd "openssl-${OPENSSL111_VERSION}"
cd openssl-${{ env.openssl111-version }} ./config no-unit-test no-makedepend --prefix="$HOME"/usr no-tests
./config no-unit-test no-makedepend --prefix="$HOME/usr" no-tests make -j5
make -j5 make -j1 install_sw
make -j1 install_sw
cd ..
fi
- name: 'cache OpenSSL 1.1.0' - name: 'cache OpenSSL 1.1.0'
if: ${{ matrix.crypto == 'OpenSSL-110-from-source' }} if: ${{ matrix.crypto == 'OpenSSL-110-from-source' }}
@ -435,19 +446,16 @@ jobs:
id: cache-openssl110 id: cache-openssl110
with: with:
path: ~/usr path: ~/usr
key: ${{ runner.os }}-openssl-${{ env.openssl110-version }}-${{ matrix.arch }} key: ${{ runner.os }}-openssl-${{ env.OPENSSL110_VERSION }}-${{ matrix.arch }}
- name: 'install OpenSSL 1.1.0 from source' - name: 'install OpenSSL 1.1.0 from source'
if: ${{ matrix.crypto == 'OpenSSL-110-from-source' }} if: ${{ matrix.crypto == 'OpenSSL-110-from-source' && !steps.cache-openssl110.outputs.cache-hit }}
run: | run: |
if [ '${{ steps.cache-openssl110.outputs.cache-hit }}' != 'true' ]; then curl -fsS -L "https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_0l/openssl-${OPENSSL110_VERSION}.tar.gz" | tar -xz
curl -fsS -L https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_0l/openssl-${{ env.openssl110-version }}.tar.gz | tar -xzf - cd "openssl-${OPENSSL110_VERSION}"
cd openssl-${{ env.openssl110-version }} ./config no-unit-test no-makedepend --prefix="$HOME"/usr
./config no-unit-test no-makedepend --prefix="$HOME/usr" make -j5
make -j5 make -j1 install_sw
make -j1 install_sw
cd ..
fi
- name: 'cache OpenSSL 1.0.2' - name: 'cache OpenSSL 1.0.2'
if: ${{ matrix.crypto == 'OpenSSL-102-from-source' }} if: ${{ matrix.crypto == 'OpenSSL-102-from-source' }}
@ -455,19 +463,16 @@ jobs:
id: cache-openssl102 id: cache-openssl102
with: with:
path: ~/usr path: ~/usr
key: ${{ runner.os }}-openssl-${{ env.openssl102-version }}-${{ matrix.arch }} key: ${{ runner.os }}-openssl-${{ env.OPENSSL102_VERSION }}-${{ matrix.arch }}
- name: 'install OpenSSL 1.0.2 from source' - name: 'install OpenSSL 1.0.2 from source'
if: ${{ matrix.crypto == 'OpenSSL-102-from-source' }} if: ${{ matrix.crypto == 'OpenSSL-102-from-source' && !steps.cache-openssl102.outputs.cache-hit }}
run: | run: |
if [ '${{ steps.cache-openssl102.outputs.cache-hit }}' != 'true' ]; then curl -fsS -L "https://github.com/openssl/openssl/releases/download/OpenSSL_1_0_2u/openssl-${OPENSSL102_VERSION}.tar.gz" | tar -xz
curl -fsS -L https://github.com/openssl/openssl/releases/download/OpenSSL_1_0_2u/openssl-${{ env.openssl102-version }}.tar.gz | tar -xzf - cd "openssl-${OPENSSL102_VERSION}"
cd openssl-${{ env.openssl102-version }} ./config no-unit-test no-makedepend --prefix="$HOME"/usr -fPIC
./config no-unit-test no-makedepend --prefix="$HOME/usr" -fPIC make -j5
make -j5 make -j1 install_sw
make -j1 install_sw
cd ..
fi
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with: with:
@ -478,12 +483,13 @@ jobs:
- name: 'autotools configure' - name: 'autotools configure'
if: ${{ matrix.build == 'autotools' && matrix.target != 'maketgz' }} if: ${{ matrix.build == 'autotools' && matrix.target != 'maketgz' }}
run: | run: |
if [ '${{ matrix.arch }}' = 'i386' ]; then if [ "${MATRIX_ARCH}" = 'i386' ]; then
crossoptions='--host=i686-pc-linux-gnu' crossoptions='--host=i686-pc-linux-gnu'
export CFLAGS=-m32 export CFLAGS=-m32
fi fi
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ mkdir bld && cd bld
${crossoptions} ${{ matrix.options }} \ ../configure --enable-werror --enable-debug \
${crossoptions} ${MATRIX_OPTIONS} \
--disable-dependency-tracking || { tail -n 1000 config.log; false; } --disable-dependency-tracking || { tail -n 1000 config.log; false; }
- name: 'autotools build' - name: 'autotools build'
@ -503,7 +509,7 @@ jobs:
run: | run: |
export SOURCE_DATE_EPOCH=1711526400 export SOURCE_DATE_EPOCH=1711526400
./configure --enable-werror --disable-debug \ ./configure --enable-werror --disable-debug \
${{ matrix.options }} --disable-dependency-tracking ${MATRIX_OPTIONS} --disable-dependency-tracking
./maketgz 99.98.97 ./maketgz 99.98.97
# Test reproducibility # Test reproducibility
mkdir run1; mv ./libssh2-99.98.97.* run1/ mkdir run1; mv ./libssh2-99.98.97.* run1/
@ -514,38 +520,40 @@ jobs:
# Test build from tarball # Test build from tarball
tar -xvf libssh2-99.98.97.tar.gz tar -xvf libssh2-99.98.97.tar.gz
cd libssh2-99.98.97 cd libssh2-99.98.97
./configure --enable-werror --enable-debug --prefix="${HOME}/temp" \ ./configure --enable-werror --enable-debug --prefix="$HOME"/temp \
${{ matrix.options }} --disable-dependency-tracking ${MATRIX_OPTIONS} --disable-dependency-tracking
make -j5 install make -j5 install
cd .. cd ..
# Verify install # Verify install
diff -u <(find docs -name '*.3' -printf '%f\n' | grep -v template | sort) <(find "${HOME}/temp/share/man/man3" -name '*.3' -printf '%f\n' | sort) diff -u <(find docs -name '*.3' -printf '%f\n' | grep -v template | sort) <(find "$HOME"/temp/share/man/man3 -name '*.3' -printf '%f\n' | sort)
diff -u <(find include -name '*.h' -printf '%f\n' | sort) <(find "${HOME}/temp/include" -name '*.h' -printf '%f\n' | sort) diff -u <(find include -name '*.h' -printf '%f\n' | sort) <(find "$HOME"/temp/include -name '*.h' -printf '%f\n' | sort)
rm -rf libssh2-99.98.97 rm -rf libssh2-99.98.97
- name: 'cmake configure' - name: 'cmake configure'
if: ${{ matrix.build == 'cmake' }} if: ${{ matrix.build == 'cmake' }}
env:
MATRIX_COMPILER: '${{ matrix.compiler }}'
run: | run: |
if [ '${{ matrix.crypto }}' = 'BoringSSL' ] || \ if [ "${MATRIX_CRYPTO}" = 'BoringSSL' ] || \
[ '${{ matrix.crypto }}' = 'AWS-LC' ] || \ [ "${MATRIX_CRYPTO}" = 'AWS-LC' ] || \
[ '${{ matrix.crypto }}' = 'LibreSSL' ] || \ [ "${MATRIX_CRYPTO}" = 'LibreSSL' ] || \
[[ '${{ matrix.crypto }}' = 'OpenSSL-'* ]]; then [[ "${MATRIX_CRYPTO}" = 'OpenSSL-'* ]]; then
crypto='OpenSSL' crypto='OpenSSL'
elif [[ '${{ matrix.crypto }}' = 'mbedTLS-'* ]]; then elif [[ "${MATRIX_CRYPTO}" = 'mbedTLS-'* ]]; then
crypto='mbedTLS' crypto='mbedTLS'
elif [[ '${{ matrix.crypto }}' = 'wolfSSL-'* ]]; then elif [[ "${MATRIX_CRYPTO}" = 'wolfSSL-'* ]]; then
crypto='wolfSSL' crypto='wolfSSL'
else else
crypto='${{ matrix.crypto }}' crypto="${MATRIX_CRYPTO}"
fi fi
[ -d "$HOME/usr" ] && options+=" -DCMAKE_PREFIX_PATH=$HOME/usr" [ -d "$HOME"/usr ] && options+=" -DCMAKE_PREFIX_PATH=$HOME/usr"
[ '${{ matrix.arch }}' = 'i386' ] && options+=' -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${{ matrix.arch }} -DCMAKE_C_FLAGS=-m32' [ "${MATRIX_ARCH}" = 'i386' ] && options+=" -DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${MATRIX_ARCH} -DCMAKE_C_FLAGS=-m32"
[ "${MATRIX_COMPILER}" = 'clang-tidy' ] && options+=' -DLIBSSH2_CLANG_TIDY=ON'
cmake -B bld -G Ninja ${options} $TOOLCHAIN_OPTION \ cmake -B bld -G Ninja ${options} $TOOLCHAIN_OPTION \
-DCMAKE_UNITY_BUILD=ON \ -DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \ -DENABLE_WERROR=ON \
-DCRYPTO_BACKEND=${crypto} \ -DCRYPTO_BACKEND=${crypto} \
-DENABLE_ZLIB_COMPRESSION=${{ matrix.zlib }} \ -DENABLE_ZLIB_COMPRESSION="${MATRIX_ZLIB}" \
${{ matrix.compiler == 'clang-tidy' && '-DLIBSSH2_CLANG_TIDY=ON' || '' }} \
|| { cat bld/CMakeFiles/CMake*.yaml; false; } || { cat bld/CMakeFiles/CMake*.yaml; false; }
- name: 'cmake build' - name: 'cmake build'
@ -555,8 +563,8 @@ jobs:
if: ${{ matrix.build == 'cmake' }} if: ${{ matrix.build == 'cmake' }}
timeout-minutes: 10 timeout-minutes: 10
run: | run: |
export OPENSSH_SERVER_IMAGE=ghcr.io/libssh2/ci_tests_openssh_server:$(git rev-parse --short=20 HEAD:tests/openssh_server) export OPENSSH_SERVER_IMAGE; OPENSSH_SERVER_IMAGE=ghcr.io/libssh2/ci_tests_openssh_server:$(git rev-parse --short=20 HEAD:tests/openssh_server)
[ -d "$HOME/usr" ] && export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$HOME/usr/lib" [ -d "$HOME"/usr ] && export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$HOME/usr/lib"
cd bld && ctest -VV --output-on-failure cd bld && ctest -VV --output-on-failure
build_linux_cross_mingw64: build_linux_cross_mingw64:
@ -573,12 +581,15 @@ jobs:
env: env:
MAKEFLAGS: -j 5 MAKEFLAGS: -j 5
TRIPLET: 'x86_64-w64-mingw32' TRIPLET: 'x86_64-w64-mingw32'
MATRIX_BUILD: '${{ matrix.build }}'
steps: steps:
- name: 'install packages' - name: 'install packages'
env:
INSTALL_PACKAGES: ${{ matrix.compiler == 'clang-tidy' && 'clang' || '' }}
run: | run: |
sudo rm -f /var/lib/man-db/auto-update sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install mingw-w64 \ sudo apt-get -o Dpkg::Use-Pty=0 install mingw-w64 \
${{ matrix.compiler == 'clang-tidy' && 'clang' || '' }} ${INSTALL_PACKAGES}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with: with:
@ -589,9 +600,11 @@ jobs:
run: autoreconf -fi run: autoreconf -fi
- name: 'configure' - name: 'configure'
env:
MATRIX_COMPILER: '${{ matrix.compiler }}'
run: | run: |
if [ '${{ matrix.build }}' = 'cmake' ]; then if [ "${MATRIX_BUILD}" = 'cmake' ]; then
if [ '${{ matrix.compiler }}' = 'clang-tidy' ]; then if [ "${MATRIX_COMPILER}" = 'clang-tidy' ]; then
options+=' -DLIBSSH2_CLANG_TIDY=ON' options+=' -DLIBSSH2_CLANG_TIDY=ON'
options+=' -DCMAKE_C_COMPILER=clang' options+=' -DCMAKE_C_COMPILER=clang'
options+=" -DCMAKE_RC_COMPILER=llvm-windres-$(clang -dumpversion | cut -d '.' -f 1)" options+=" -DCMAKE_RC_COMPILER=llvm-windres-$(clang -dumpversion | cut -d '.' -f 1)"
@ -600,13 +613,14 @@ jobs:
fi fi
cmake -B bld -G Ninja \ cmake -B bld -G Ninja \
-DCMAKE_SYSTEM_NAME=Windows \ -DCMAKE_SYSTEM_NAME=Windows \
-DCMAKE_C_COMPILER_TARGET=${TRIPLET} \ -DCMAKE_C_COMPILER_TARGET="${TRIPLET}" \
-DCMAKE_UNITY_BUILD=ON \ -DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \ -DENABLE_WERROR=ON \
${options} \ ${options} \
|| { cat bld/CMakeFiles/CMake*.yaml; false; } || { cat bld/CMakeFiles/CMake*.yaml; false; }
else else
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--host="${TRIPLET}" \ --host="${TRIPLET}" \
--disable-dependency-tracking \ --disable-dependency-tracking \
|| { tail -n 1000 config.log; false; } || { tail -n 1000 config.log; false; }
@ -614,7 +628,7 @@ jobs:
- name: 'build' - name: 'build'
run: | run: |
if [ '${{ matrix.build }}' = 'cmake' ]; then if [ "${MATRIX_BUILD}" = 'cmake' ]; then
cmake --build bld cmake --build bld
else else
make -C bld make -C bld
@ -650,9 +664,10 @@ jobs:
timeout-minutes: 10 timeout-minutes: 10
shell: D:\cygwin\bin\bash.exe '{0}' shell: D:\cygwin\bin\bash.exe '{0}'
run: | run: |
export PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/System32" PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/System32"
autoreconf -fi autoreconf -fi
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--with-crypto=openssl \ --with-crypto=openssl \
--disable-docker-tests \ --disable-docker-tests \
--disable-dependency-tracking || { tail -n 1000 config.log; false; } --disable-dependency-tracking || { tail -n 1000 config.log; false; }
@ -664,7 +679,7 @@ jobs:
timeout-minutes: 10 timeout-minutes: 10
shell: D:\cygwin\bin\bash.exe '{0}' shell: D:\cygwin\bin\bash.exe '{0}'
run: | run: |
export PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/System32" PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/System32"
cmake -B bld -G Ninja \ cmake -B bld -G Ninja \
-DCMAKE_UNITY_BUILD=ON \ -DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \ -DENABLE_WERROR=ON \
@ -698,6 +713,9 @@ jobs:
- { build: 'cmake' , sys: clang64, crypto: OpenSSL, env: clang-x86_64 } - { build: 'cmake' , sys: clang64, crypto: OpenSSL, env: clang-x86_64 }
- { build: 'cmake' , sys: mingw64, crypto: OpenSSL, env: x86_64, test: 'uwp' } - { build: 'cmake' , sys: mingw64, crypto: OpenSSL, env: x86_64, test: 'uwp' }
- { build: 'cmake' , sys: mingw64, crypto: OpenSSL, env: x86_64, test: 'no-options' } - { build: 'cmake' , sys: mingw64, crypto: OpenSSL, env: x86_64, test: 'no-options' }
env:
MATRIX_CRYPTO: '${{ matrix.crypto }}'
MATRIX_ENV: '${{ matrix.env }}'
steps: steps:
- uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2 - uses: msys2/setup-msys2@d44ca8e88d8b43d56cf5670f91747359d5537f97 # v2
if: ${{ matrix.sys == 'msys' }} if: ${{ matrix.sys == 'msys' }}
@ -726,12 +744,13 @@ jobs:
SSHD: 'C:/Program Files/Git/usr/bin/sshd.exe' SSHD: 'C:/Program Files/Git/usr/bin/sshd.exe'
shell: msys2 {0} shell: msys2 {0}
run: | run: |
if [ '${{ matrix.crypto }}' = 'wincng' ] && [[ '${{ matrix.env }}' = 'clang'* ]]; then if [ "${MATRIX_CRYPTO}" = 'wincng' ] && [[ "${MATRIX_ENV}" = 'clang'* ]]; then
options='--enable-ecdsa-wincng' options='--enable-ecdsa-wincng'
fi fi
# sshd tests sometimes hang # sshd tests sometimes hang
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ mkdir bld && cd bld
--with-crypto=${{ matrix.crypto }} \ ../configure --enable-werror --enable-debug \
--with-crypto="${MATRIX_CRYPTO}" \
--disable-docker-tests \ --disable-docker-tests \
--disable-sshd-tests \ --disable-sshd-tests \
${options} \ ${options} \
@ -749,19 +768,21 @@ jobs:
- name: 'cmake configure' - name: 'cmake configure'
if: ${{ matrix.build == 'cmake' }} if: ${{ matrix.build == 'cmake' }}
shell: msys2 {0} shell: msys2 {0}
env:
MATRIX_TEST: '${{ matrix.test }}'
run: | run: |
if [[ '${{ matrix.env }}' = 'clang'* ]]; then if [[ "${MATRIX_ENV}" = 'clang'* ]]; then
options='-DCMAKE_C_COMPILER=clang' options='-DCMAKE_C_COMPILER=clang'
else else
options='-DCMAKE_C_COMPILER=gcc' options='-DCMAKE_C_COMPILER=gcc'
fi fi
if [ '${{ matrix.test }}' = 'uwp' ]; then if [ "${MATRIX_TEST}" = 'uwp' ]; then
options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0' options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0'
pacman --noconfirm --ask 20 --noprogressbar --sync --needed 'mingw-w64-${{ matrix.env }}-winstorecompat-git' pacman --noconfirm --ask 20 --noprogressbar --sync --needed "mingw-w64-${MATRIX_ENV}-winstorecompat-git"
specs="$(realpath gcc-specs-uwp)" specs="$(realpath gcc-specs-uwp)"
gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp -lwindowsappcompat/' -e 's/-lmsvcrt/-lmsvcr120_app/' > "${specs}" gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp -lwindowsappcompat/' -e 's/-lmsvcrt/-lmsvcr120_app/' > "${specs}"
cflags="-specs=$(cygpath -w "${specs}") -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP" cflags="-specs=$(cygpath -w "${specs}") -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP"
elif [ '${{ matrix.test }}' = 'no-options' ]; then elif [ "${MATRIX_TEST}" = 'no-options' ]; then
options+=' -DLIBSSH2_NO_DEPRECATED=ON' options+=' -DLIBSSH2_NO_DEPRECATED=ON'
cflags='-DLIBSSH2_NO_MD5 -DLIBSSH2_NO_MD5_PEM -DLIBSSH2_NO_HMAC_RIPEMD -DLIBSSH2_DSA_ENABLE -DLIBSSH2_NO_AES_CBC -DLIBSSH2_NO_AES_CTR -DLIBSSH2_NO_BLOWFISH -DLIBSSH2_NO_RC4 -DLIBSSH2_NO_CAST -DLIBSSH2_NO_3DES' cflags='-DLIBSSH2_NO_MD5 -DLIBSSH2_NO_MD5_PEM -DLIBSSH2_NO_HMAC_RIPEMD -DLIBSSH2_DSA_ENABLE -DLIBSSH2_NO_AES_CBC -DLIBSSH2_NO_AES_CTR -DLIBSSH2_NO_BLOWFISH -DLIBSSH2_NO_RC4 -DLIBSSH2_NO_CAST -DLIBSSH2_NO_3DES'
else else
@ -772,7 +793,7 @@ jobs:
-DCMAKE_UNITY_BUILD=ON \ -DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \ -DENABLE_WERROR=ON \
-DENABLE_DEBUG_LOGGING=ON \ -DENABLE_DEBUG_LOGGING=ON \
-DCRYPTO_BACKEND=${{ matrix.crypto }} \ -DCRYPTO_BACKEND="${MATRIX_CRYPTO}" \
-DENABLE_ZLIB_COMPRESSION=ON \ -DENABLE_ZLIB_COMPRESSION=ON \
-DRUN_DOCKER_TESTS=OFF \ -DRUN_DOCKER_TESTS=OFF \
-DRUN_SSHD_TESTS=OFF \ -DRUN_SSHD_TESTS=OFF \
@ -811,28 +832,37 @@ jobs:
persist-credentials: false persist-credentials: false
- name: 'cmake configure' - name: 'cmake configure'
shell: bash shell: bash
env:
MATRIX_ARCH: '${{ matrix.arch }}'
MATRIX_CRYPTO: '${{ matrix.crypto }}'
MATRIX_PLAT: '${{ matrix.plat }}'
MATRIX_WINCND_ECDSA: '${{ matrix.wincng_ecdsa }}'
MATRIX_LOG: '${{ matrix.log }}'
MATRIX_SHARED: '${{ matrix.shared }}'
MATRIX_ZLIB: '${{ matrix.zlib }}'
MATRIX_UNITY: '${{ matrix.unity }}'
run: | run: |
options='' options=''
archgen=${{ matrix.arch }}; [ "${archgen}" = 'x86' ] && archgen='Win32' archgen="${MATRIX_ARCH}"; [ "${archgen}" = 'x86' ] && archgen='Win32'
if [ '${{ matrix.plat }}' = 'uwp' ]; then if [ "${MATRIX_PLAT}" = 'uwp' ]; then
system='WindowsStore' system='WindowsStore'
options+=' -DCMAKE_SYSTEM_VERSION=10.0' options+=' -DCMAKE_SYSTEM_VERSION=10.0'
else else
system='Windows' system='Windows'
fi fi
[ '${{ matrix.crypto }}' = 'WinCNG' ] && options+=' -DENABLE_ECDSA_WINCNG=${{ matrix.wincng_ecdsa }}' [ "${MATRIX_CRYPTO}" = 'WinCNG' ] && options+=" -DENABLE_ECDSA_WINCNG=${MATRIX_WINCND_ECDSA}"
cmake -B bld ${options} \ cmake -B bld ${options} \
-DCMAKE_SYSTEM_NAME=${system} \ -DCMAKE_SYSTEM_NAME=${system} \
-DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake \ -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake \
-DCMAKE_GENERATOR_PLATFORM=${archgen} \ -DCMAKE_GENERATOR_PLATFORM=${archgen} \
-DVCPKG_TARGET_TRIPLET=${{ matrix.arch }}-${{ matrix.plat }} \ -DVCPKG_TARGET_TRIPLET="${MATRIX_ARCH}-${MATRIX_PLAT}" \
-DCMAKE_VS_GLOBALS=TrackFileAccess=false \ -DCMAKE_VS_GLOBALS=TrackFileAccess=false \
-DCMAKE_UNITY_BUILD=${{ matrix.unity }} \ -DCMAKE_UNITY_BUILD="${MATRIX_UNITY}" \
-DENABLE_WERROR=ON \ -DENABLE_WERROR=ON \
-DENABLE_DEBUG_LOGGING=${{ matrix.log }} \ -DENABLE_DEBUG_LOGGING="${MATRIX_LOG}" \
-DBUILD_SHARED_LIBS=${{ matrix.shared }} \ -DBUILD_SHARED_LIBS="${MATRIX_SHARED}" \
-DCRYPTO_BACKEND=${{ matrix.crypto }} \ -DCRYPTO_BACKEND="${MATRIX_CRYPTO}" \
-DENABLE_ZLIB_COMPRESSION=${{ matrix.zlib }} \ -DENABLE_ZLIB_COMPRESSION="${MATRIX_ZLIB}" \
-DRUN_DOCKER_TESTS=OFF \ -DRUN_DOCKER_TESTS=OFF \
-DRUN_SSHD_TESTS=OFF \ -DRUN_SSHD_TESTS=OFF \
|| { cat bld/CMakeFiles/CMake*.yaml; false; } || { cat bld/CMakeFiles/CMake*.yaml; false; }
@ -856,31 +886,34 @@ jobs:
crypto: crypto:
- name: 'OpenSSL 3' - name: 'OpenSSL 3'
install: openssl install: openssl
configure: --with-crypto=openssl --with-libssl-prefix="$(brew --prefix)/opt/openssl" configure: --with-crypto=openssl --with-libssl-prefix=/opt/homebrew/opt/openssl
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR="$(brew --prefix)/opt/openssl" cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
- name: 'OpenSSL 1.1' - name: 'OpenSSL 1.1'
install: openssl@1.1 install: openssl@1.1
configure: --with-crypto=openssl --with-libssl-prefix="$(brew --prefix)/opt/openssl@1.1" configure: --with-crypto=openssl --with-libssl-prefix=/opt/homebrew/opt/openssl@1.1
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR="$(brew --prefix)/opt/openssl@1.1" cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl@1.1
- name: 'LibreSSL' - name: 'LibreSSL'
install: libressl install: libressl
configure: --with-crypto=openssl --with-libssl-prefix="$(brew --prefix)/opt/libressl" configure: --with-crypto=openssl --with-libssl-prefix=/opt/homebrew/opt/libressl
cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR="$(brew --prefix)/opt/libressl" cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl
- name: 'Libgcrypt' - name: 'Libgcrypt'
install: libgcrypt install: libgcrypt
configure: --with-crypto=libgcrypt --with-libgcrypt-prefix="$(brew --prefix)" configure: --with-crypto=libgcrypt --with-libgcrypt-prefix=/opt/homebrew
cmake: -DCRYPTO_BACKEND=Libgcrypt cmake: -DCRYPTO_BACKEND=Libgcrypt
- name: 'mbedTLS' - name: 'mbedTLS'
install: mbedtls install: mbedtls
configure: --with-crypto=mbedtls --with-libmbedcrypto-prefix="$(brew --prefix)" configure: --with-crypto=mbedtls --with-libmbedcrypto-prefix=/opt/homebrew
cmake: -DCRYPTO_BACKEND=mbedTLS cmake: -DCRYPTO_BACKEND=mbedTLS
- name: 'wolfSSL' - name: 'wolfSSL'
install: wolfssl install: wolfssl
configure: --with-crypto=wolfssl --with-libwolfssl-prefix="$(brew --prefix)" configure: --with-crypto=wolfssl --with-libwolfssl-prefix=/opt/homebrew
cmake: -DCRYPTO_BACKEND=wolfSSL cmake: -DCRYPTO_BACKEND=wolfSSL
steps: steps:
- name: 'install packages' - name: 'install packages'
run: brew install ${{ matrix.build == 'autotools' && 'automake libtool' || '' }} ${{ matrix.crypto.install }} env:
INSTALL_PACKAGES: ${{ matrix.build == 'autotools' && 'automake libtool' || '' }}
MATRIX_INSTALL: '${{ matrix.crypto.install }}'
run: brew install ${INSTALL_PACKAGES} ${MATRIX_INSTALL}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with: with:
persist-credentials: false persist-credentials: false
@ -889,9 +922,12 @@ jobs:
run: autoreconf -fi run: autoreconf -fi
- name: 'autotools configure' - name: 'autotools configure'
if: ${{ matrix.build == 'autotools' }} if: ${{ matrix.build == 'autotools' }}
env:
MATRIX_CONFIGURE: '${{ matrix.crypto.configure }}'
run: | run: |
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ mkdir bld && cd bld
--with-libz ${{ matrix.crypto.configure }} \ ../configure --enable-werror --enable-debug \
--with-libz ${MATRIX_CONFIGURE} \
--disable-docker-tests \ --disable-docker-tests \
--disable-sshd-tests \ --disable-sshd-tests \
--disable-dependency-tracking || { tail -n 1000 config.log; false; } --disable-dependency-tracking || { tail -n 1000 config.log; false; }
@ -905,8 +941,10 @@ jobs:
run: make -C bld check V=1 || { cat bld/tests/*.log; false; } run: make -C bld check V=1 || { cat bld/tests/*.log; false; }
- name: 'cmake configure' - name: 'cmake configure'
if: ${{ matrix.build == 'cmake' }} if: ${{ matrix.build == 'cmake' }}
env:
MATRIX_GENERATE: '${{ matrix.crypto.cmake }}'
run: | run: |
cmake -B bld -G Ninja ${{ matrix.crypto.cmake }} \ cmake -B bld -G Ninja ${MATRIX_GENERATE} \
-DCMAKE_UNITY_BUILD=ON \ -DCMAKE_UNITY_BUILD=ON \
-DENABLE_WERROR=ON \ -DENABLE_WERROR=ON \
-DENABLE_DEBUG_LOGGING=ON \ -DENABLE_DEBUG_LOGGING=ON \
@ -1013,7 +1051,8 @@ jobs:
# https://ports.freebsd.org/ # https://ports.freebsd.org/
sudo pkg install -y autoconf automake libtool sudo pkg install -y autoconf automake libtool
autoreconf -fi autoreconf -fi
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--with-crypto=openssl \ --with-crypto=openssl \
--disable-docker-tests \ --disable-docker-tests \
--disable-dependency-tracking || { tail -n 1000 config.log; false; } --disable-dependency-tracking || { tail -n 1000 config.log; false; }
@ -1036,7 +1075,8 @@ jobs:
prepare: pkg install build-essential libtool prepare: pkg install build-essential libtool
run: | run: |
autoreconf -fi autoreconf -fi
mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ mkdir bld && cd bld
../configure --enable-werror --enable-debug \
--with-crypto=openssl \ --with-crypto=openssl \
--disable-docker-tests \ --disable-docker-tests \
--disable-dependency-tracking || { tail -n 1000 config.log; false; } --disable-dependency-tracking || { tail -n 1000 config.log; false; }

4
.github/workflows/cifuzz.yml vendored
View File

@ -18,13 +18,13 @@ jobs:
steps: steps:
- name: Build Fuzzers - name: Build Fuzzers
id: build id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # zizmor: ignore[unpinned-uses]
with: with:
oss-fuzz-project-name: 'libssh2' oss-fuzz-project-name: 'libssh2'
dry-run: false dry-run: false
language: c language: c
- name: Run Fuzzers - name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master # zizmor: ignore[unpinned-uses]
with: with:
oss-fuzz-project-name: 'libssh2' oss-fuzz-project-name: 'libssh2'
fuzz-seconds: 600 fuzz-seconds: 600

15
.github/workflows/openssh_server.yml vendored
View File

@ -24,15 +24,22 @@
# #
# SPDX-License-Identifier: BSD-3-Clause # SPDX-License-Identifier: BSD-3-Clause
# https://docs.github.com/actions/use-cases-and-examples/publishing-packages/publishing-docker-images
name: OpenSSH Server Docker Image name: OpenSSH Server Docker Image
on: on:
push: push:
branches: [ master ] branches: [ master ]
permissions: {}
jobs: jobs:
build-and-push: build-and-push:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps: steps:
- uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with: with:
@ -50,21 +57,23 @@ jobs:
- shell: bash - shell: bash
id: poll id: poll
run: docker manifest inspect ghcr.io/${{ github.repository_owner }}/ci_tests_openssh_server:${{ steps.hash.outputs.hash }}
continue-on-error: true continue-on-error: true
env:
HASH: '${{ steps.hash.outputs.hash }}'
run: docker manifest inspect "ghcr.io/${GITHUB_REPOSITORY_OWNER}/ci_tests_openssh_server:${HASH}"
- uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
if: ${{ steps.poll.outcome == 'failure' }}
id: meta id: meta
with: with:
images: ghcr.io/${{ github.repository_owner }}/ci_tests_openssh_server images: ghcr.io/${{ github.repository_owner }}/ci_tests_openssh_server
tags: | tags: |
type=raw,value=${{ steps.hash.outputs.hash }} type=raw,value=${{ steps.hash.outputs.hash }}
if: ${{ steps.poll.outcome == 'failure' }}
- uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
if: ${{ steps.poll.outcome == 'failure' }}
with: with:
context: ./tests/openssh_server context: ./tests/openssh_server
push: true push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
if: ${{ steps.poll.outcome == 'failure' }}