- bump cross-platform-actions to 0.23.0.
Ref: https://github.com/cross-platform-actions/action/releases/tag/v0.23.0
- switch to Linux runners (from macOS) for cross-platform-actions.
It's significantly faster.
- switch back FreeBSD 14 job to cross-platform-actions.
Also switch back to default shell.
- add FreeBSD 14 arm64 job.
Closes#1343
A while ago the `distcheck` CI job became flaky. This continued after
switching to Debian stable (from testing). Try stabilzing it by running
it single-threaded.
Closes#1339
- use the group expression from `reuse.yml` (via curl).
- add auto-cancel for `ci` and `cifuzz`.
- add auto-cancel to `appveyor_docker`. I'm just guessing here.
The hope is that it fixes AppVeyor CI runs when re-pushing a PR.
This frequently caused the freshly pushed session to fail waiting for
a connection.
- sync group expression in `appveyor_status` with `reuse`.
Closes#1292
- install bash to fix error when running tests:
```
ERROR: test_sshd.test - missing test plan
ERROR: test_sshd.test - exited with status 127 (command not found?)
=====================================
[...]
# TOTAL: 4
# PASS: 2
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
[...]
env: bash: No such file or directory
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998
- fix sshd issue when running tests:
```
# sshd log:
# Server listening on :: port 4711.
# Server listening on 0.0.0.0 port 4711.
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059
Cherry-picked from #1277Closes#1277
- use GNU Make, to avoid errors:
```
make: Fatal error in reader: Makefile, line 983: Badly formed macro assignment
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429838379#step:3:1956
Caused by `?=` in `Makefile.am`. Fix it just in case.
```
make: Fatal error in reader: Makefile, line 438: Unexpected end of line seen
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7135524843/job/19432451767#step:3:1966
It's around line 43 in `Makefile.am`, reason undiscovered.
- fix error:
```
../../src/hostkey.c:1227:44: error: pointer targets in passing argument 5 of '_libssh2_ed25519_sign' differ in signedness [-Werror=pointer-sign]
1227 | datavec[0].iov_base, datavec[0].iov_len);
| ~~~~~~~~~~^~~~~~~~~
| |
| caddr_t {aka char *}
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7135102832/job/19431233967#step:3:2225https://docs.oracle.com/cd/E36784_01/html/E36887/iovec-9s.html
- FIXME: new `-Wsign-conversion` warnings appeared in examples:
```
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
251 | FD_SET(forwardsock, &fds);
| ^~~~~~
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
259 | if(rc && FD_ISSET(forwardsock, &fds)) {
| ^~~~~~~~
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
[...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7136086865/job/19433997429#step:3:3450
Cherry-picked from #1277
Originally added to improve build performance by skipping building
tests. But, there seems to be no point in this, because autotools
doesn't build tests by default, unless explicitly invoking
`make check`.
Delete this option from Cygwin and FreeBSD CI tests, where it caused
`make check` to do nothing. Tests are built now, and runtime tests are
too, where supported.
Also disable Docker-based tests for these, and add a missing `make -j3`
for FreeBSD.
Reverts 7483edfada#715Closes#1271
The following APIs have been deprecated for over 10 years and
use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated:
libssh2_session_startup()
libssh2_banner_set()
libssh2_channel_receive_window_adjust()
libssh2_channel_handle_extended_data()
libssh2_scp_recv()
Add these options to disable them:
- autotools: `--disable-deprecated`
- cmake: `-DLIBSSH2_NO_DEPRECATED=ON`
- `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED`
Fixes#1259
Replaces #1260
Co-authored-by: Viktor Szakats
Closes#1267
- use OpenSSL 3 API when available for HMAC.
This fixes building with OpenSSL 3 `no-deprecated` builds.
- ensure we support pure OpenSSL 3 API by adding a CI job using
OpenSSL 3 custom-built with `no-deprecated`.
Follow-up to b0ab005fe7#1207Fixes#1235Closes#1243
- switch to an alternate GitHub action. This one seems (more) actively
maintained, and runs faster:
https://github.com/cross-platform-actions/action
- use clang instead of gcc. clang is already present in the base
install, saving install time and bandwidth.
- stop installing `openssl-quictls` and use the OpenSSL (v1.1) from
the base system.
(I'm suspecting that quictls before this patch wasn't detected by
the build.)
https://wiki.freebsd.org/OpenSSL
Cherry-picked from #1250
We haven't been using the FreeBSD version. Also it turns out,
the single version supported is 13.2 at the moment:
https://github.com/vmactions/freebsd-vm/tree/main/conf
Stop trying to set the version and instead rely on the action
providing the latest supported one automatically.
Follow-up to a7d2a573be
Also:
- add more details to the FreeBSD job description.
- bump mbedtls version while here.
Closes#1217
We recommend using CMake instead. Especially in unity mode, it's faster
and probably more familiar for most. It's also easily portable.
(`Makefile.mk` was also portable, but in practice only usable for
Windows. Other platforms required a manual config header.)
Also:
- migrate `LIBSSH2_NO_*` option CI tests to CMake.
- make MSYS2 CMake builds verbose to show compilation options.
Closes#1204
- lowercase, underscored local variables.
- fix `find_library()` to use the multiple names passed.
- rely more on `find_package_handle_standard_args()`.
Logic based on our `Findwolfssl.cmake`.
- delete ignored/unused `MBEDTLS_LIBRARY_DIR`.
- revert CI configuration to use `MBEDCRTYPO_LIBRARY`.
- clarify inputs/outputs in comment header.
- use variable for regex.
- formatting.
Follow-up to 4159467507#1192Closes#1196
- libssh2 needs the crypto lib only, stop dealing with the rest.
- simplify logic.
- drop hard-wired toolchain specific options that broke with e.g. MSVC.
Reported by: AR Visions
Fixes#1191
- add mbedTLS version detection for recent releases.
- merge custom detection results display into a single line.
- shorten mbedTLS configuration in macOS CI job.
Used the curl mbedTLS detection logic for ideas:
a8c773845f/CMake/FindMbedTLS.cmakeCloses#1192
- Fix explicitly selecting WinCNG in autotools cross-builds by moving
`windows.h` header check before the WinCNG availability check.
Follow-up to d43b8d9b0b
Reported-by: Jack L
Fixes#1186
- Add Linux -> mingw-w64 cross-builds for autotools and CMake. This
doesn't detect #1186, because that happened when explicitly specifying
WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG
by default.
- autotools: fix to strip suffix from gcc version
Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
may return `n-win32` (also with `-dumpfullversion`). Causing these
errors and failing to enable picky warnings:
```
../configure: line 23845: test: : integer expression expected
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143
Fix that by stripping any dash-suffix.
gcc version detection is still half broken because we translate '10'
to '10.10' because `cut -d. -f2` returns the first word if the
delimiter missing.
More possible `-dumpversion` output: `10-posix`, `10-win32`,
`9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
Ref: https://github.com/mamedev/mame/pull/9767Closes#1187
Before this patch, this happened at runtime when using an old (pre-3.0),
FIPS-enabled OpenSSL backend.
This patch makes it possible to disable this via the build-time option
`LIBSSH2_NO_MD5_PEM`.
Also:
- make sure to exclude all MD5 internal APIs when both the above and
`LIBSSH2_NO_MD5` are enabled.
- fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM`
and `LIBSSH2_NO_3DES`.
- add FIXME to apply this change to `os400qc3.*`.
Old-style encrypted private keys require MD5 and they look like this:
```
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<MD5-hex>
<base64>
-----END RSA PRIVATE KEY-----
```
E.g.: `tests/key_rsa_encrypted`
Ref: https://github.com/libssh2/www/issues/20Closes#1181
- Dockerfile: use standard sep with `sed`
- Dockerfile: use single quotes in shell command
- appveyor.yml: use long-form option with `choco`
- tests/cmake: add language to test project
- reuse.yml: fix indentation
```
$ yamllint reuse.yml
reuse.yml
[...]
11:5 error wrong indentation: expected 6 but found 4 (indentation)
15:5 error wrong indentation: expected 6 but found 4 (indentation)
[...]
27:5 error wrong indentation: expected 6 but found 4 (indentation)
```
Cherry-picked from #1175
Use existing MSYS2 section and extend it with builds for the MSYS
environment with both autotools and cmake.
MSYS builds resemble Cygwin ones: The env is Unixy, where Windows
headers are all available but we don't use them.
Also:
- extend existing autotools logic for Cygwin to skip detecting
`windows.h` for MSYS targets too.
- require `windows.h` for the WinCNG backend in autotools. Before this
patch, autotools allowed selecting WinCNG on the Cygwin and MSYS
platforms, but the builds then fell apart due to the resulting mixed
Unixy + Windowsy environment. The general expectation for Cygwin/MSYS
builds is not to use the Windows API directly in them.
- stop manually selecting the `MSYS Makefiles` CMake generator for
MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but
it broke MSYS build which use `Unix Makefiles`. Deleting this setting
fixes all build flavours.
Closes#1162
To avoid builds picking up non-Cygwin components coming by default with
the CI machine, I used the solution recommended by Cygwin [1] and set
`PATH` manually. To avoid repeating this for each step, I merged steps
into a single one. Let us know if there is a more elegant way.
Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS.
autotools build seemed to take slightly longer than other jobs. To save
turnaround time I disabled building tests.
Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi
[1] https://github.com/cygwin/cygwin-install-action/tree/v4#pathCloses#1161
Without curly braces it was less obvious which string is a GHA expression.
Also fix an `if` expression that always missed its curly braces.
Reverts cab3db5887Closes#1145
- All files have prominent copyright and SPDX identifier
- If not embedded in the file, in the .reuse/dep5 file
- All used licenses are in LICENSES/ (not shipped in tarballs)
- A new REUSE CI job verify that all files are OK
Assisted-by: Viktor Szakats
Closes#1084
Also:
- uppercase `(C)`.
- add missing 'All rights reserved.' lines.
- drop duplicate 'Author' lines.
- add copyright headers where missing.
- enable copyright header check in checksrc.
Reasons for deleting years (copied as-is from curl):
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
Closes#1082
Add a non-static autotools build to GitHub Actions. Make this build
target i386 and libgcrypt, to test a new build combination if we are at
it.
Also:
- GHA: add necessary generic bits for i386 autotools builds.
- AppVeyor CI: teach it to ignore commits updating our GHA config.
Follow-up to 572c57c9d8#1072Closes#1074
Also:
- reorder Linux build matrix to make build tool more visible.
- hide apt-get progress bar.
- prepare package install step for i386 builds.
Detects bug #1053Closes#1057
