- drop redundant `--parallel` cmake option for Ninja builds.
- use Ninja for aws-lc, also simplify the script.
- use global default `MAKEFLAGS`. This also makes certain
steps faster due to missing parallelism before this patch.
- enable `-DBUILD_OSSFUZZ=ON` in a cmake job.
- split Cygwin job into steps. To sync with others.
- sync Cygwin build type name with other jobs.
Closes#1684
To avoid littering the Actions cache.
Another, libssh2-specific issue is that the cache is bound to codeql
version, master commit hash and platform. But in libssh2 we buidl 4
different configurations on Linux, which caused these caching failures:
```
C (OpenSSL) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
C (wolfSSL) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
C (mbedTLS) Failed to save: Unable to reserve cache with key codeql-trap-1-2.23.0-cpp-5bd1baed82ada192a2ae7e9801882813853e4d87, another job may be creating this cache.
```
Ref: https://github.com/libssh2/libssh2/actions/runs/17744827522
It's probably something to fix, because it suggests that it's unexpected
to build multiple configs in a matrix. Perhaps it's better to build them
after each other in the build step. Though it's not yet clear how
the CodeQL engine is considering coverage for different build
configurations of the same codebase.
Ref: https://github.com/curl/curl/pull/18613
Ref: 9618c337d1
actions/upload-artifact from 4.6.1 to 4.6.2
cygwin/cygwin-install-action from 5 to 6
msys2/setup-msys2 from 2.26.0 to 2.29.0
Closes#1649Closes#1650Closes#1651
By micromanaging the project dependency and its inclusion into the test
project. It feels like an awkward construct, but perhaps better than
nothing.
It's also fragile because it's a static build with no assistance from
the external project (curl in this case). Mitigated in test by disabling
all dependencies and some features.
Since there is no special core cmake logic to be tested here, in CI
the test is tested really. To keep CI jobs at minimum, only add 3 of
them, taking 26s in total. (All 6 would take 203s.)
Follow-up to 77df767784#1589Closes#1637
Also:
- merge CI check and shellcheck jobs into a single one.
To share the same shellcheck version and less overhead.
- use `set -eu` in more scripts.
- make sure CI scripts run from any cwd.
To make it easy to run them on local machine.
- minor tidy-ups.
Closes#1618
Also:
- fix old yamllint warnings.
- make quoting more consistent.
- drop stray step name: "checkout".
- merge REUSE workflow into main CI one.
Closes#1614
It was an exercise to run old cmake versions in CI and in the test suite.
It also revealed that 3.7.2 2017-01-13 is too old to consume libssh2 via
`find_package()` due to:
```
CMake Error at bld-libssh2/_pkg/lib/cmake/libssh2/libssh2-config.cmake:35 (add_library):
add_library cannot create ALIAS target "libssh2::libssh2" because target
"libssh2::libssh2_shared" is IMPORTED.
Call Stack (most recent call first):
CMakeLists.txt:27 (find_package)
```
The mitigation for this issue requires 3.11.
Also:
- rename a few existing envs to use the `TEST_` prefix.
- make the `find_package` test provider stage verbose.
Closes#1591
- ci/GHA: add cmake integration tests for Windows.
- ci/GHA: test `add_subdirectory` with Libgcrypt.
- make them run faster with prefill, unity, Ninja, omitting curl tool.
- add support for any build configuration.
- add old-cmake support with auto-detection.
- auto-detect Ninja.
- run consumer test apps to see if they work.
Also show the cryptography backend.
- add support for Windows.
- make it more verbose.
- re-add `ExternalProject` cmake consumer test. It's broken.
- tidy up terminology.
Cherry-picked from #1581Closes#1589
- move dependency properties (libs, libdirs, C flags, header dirs,
pkg-config module names) from global lists to imported target
`INTERFACE` properties. Rework FInd modules to return their results
like this and update the libssh2 build process to use it. It makes
Find modules re-usable from the cmake-config script by libssh2
consumers, to integrate with libssh2 dependencies.
- define libssh2 dependencies as "imported targets" by the name:
`libssh2::<depname>`, e.g. `libssh2::libgcrypt`.
- cmake-config: add fall-back logic for CMake without
CMP0099 (v3.17 2020-03-20) to set lib directories.
- generate `libssh2.pc` based on imported target properties (instead of
global lists).
- add target property dump debug function.
- ci/GHA: also test cmake integration on macOS.
Follow-up to 96d7f404e7#1534Closes#1535
* Adds AWS-LC (cmake, gcc, amd64) to the GitHub CI tests.
* Adds note on how to build w/ BoringSSL or AWS-LC in `INSTALL_CMAKE.md`
AWS-LC recently added CI integration tests for Libssh2 to the AWS-LC
GitHub repo to ensure that we maintain our compatibility with libssh2:
https://github.com/aws/aws-lc/pull/2222
I've verified this change by running the CI job on my fork, which
completed successfully:
https://github.com/justsmth/libssh2/actions/runs/13547314774/job/37862097664Closes#1557
CMake:
- Find*: set `<modulename>_FOUND` for compatibility when found via
`pkg-config`. E.g. `MbedTLS_FOUND`.
`find_package_handle_standard_args()` sets both `<MODULENAME>_FOUND`
and `<Modulename>_FOUND` when detecting the dependency. Some CMake
code relies on this and 3rd-party code may rely on it too. Make sure
to set the latter variant when detecting the dependency via
`pkg-config`, where we don't call
`find_package_handle_standard_args()`.
CMake sets these variable to `TRUE` (not `ON` or `1`). Replicate this
for compatibility.
- libssh2-config.cmake: inherit default `LIBSSH2_USE_PKGCONFIG`.
Follow-up to a3aa6b4ca8#1525
- document variables consumed by `libssh2-config.cmake.in`.
- `libssh2-config.cmake`: fix to link to non-OpenSSL crypto backends.
This is most likely not how this is supposed to be done, but better
than failing.
What's the canonical way to do this, and how OpenSSL and zlib does it
is yet to be figured out.
- use `ZLIB::ZLIB` to reference zlib.
- use `IN ITEMS` where missed.
- harmonize variable dump output formats.
CMake `find_package` integration tests:
- extend to all crypto backends (was: OpenSSL).
- show libssh2 variables set by `find_package()`.
- stop building examples and tests for the consumed package.
For performance.
- enable zlib, for coverage.
- be verbose when building the test targets.
ci/GHA:
- add packaged mbedTLS (2.x) build to Linux matrix.
- alphasort some tests.
Follow-up to d9c2e550ca#1460
Follow-up to 82b09f9b3a#1322Closes#1534
Also replace manual `-fPIC` C flag with
`-DCMAKE_POSITION_INDEPENDENT_CODE=ON`. It makes it pass it to C++,
which is necessary for BoringSSL after this bump.
Fixes:
```
/usr/bin/ld: /home/runner/usr/lib/libcrypto.a(crypto.cc.o): warning: relocation against `stderr@@GLIBC_2.2.5' in read-only section `.text'
/usr/bin/ld: /home/runner/usr/lib/libcrypto.a(urandom.cc.o): relocation R_X86_64_PC32 against symbol `stderr@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: bad value
```
https://github.com/libssh2/libssh2/actions/runs/13065421829/job/36456862458#step:27:23Closes#1530
- add Linux jobs with old OpenSSL versions: 1.1.1, 1.1.0, 1.0.2, with
tests.
(Meaning we test these again after losing them in AppVeyor CI)
- add LibreSSL Linux job with tests.
- cache most dependency packages built from source.
(exception: wolfSSL, which would have added too much complexity
due to the multiple versions, and it's fast to build anyway.)
- change source tarball sources to GitHub for better stability and
performance.
- move dependency versions to the env.
- set `persist-credentials: false` for checkout steps for security.
- pin actions to hash for security.
- checkout repo later, right before use.
- skip building BoringSSL tests to finish quicker.
- set `fail-fast: false` in the BSD build matrix.
- cmake: move UWP workaround from GHA to `CMakeLists.txt`, making it
available for everyone.
- list installed packages in OpenBSD job.
- bump BoringSSL, mbedTLS, wolfSSL, OpenSSL.
- bump cross-platform-actions to v0.26.
- bump docker/build-push-action to v6.
- bump actions/upload-artifact to v4.
- bump NetBSD to 10.1.
- drop `--quiet 2` `apt-get` option to keep useful output.
- drop `--no-install-suggests --no-install-recommends` `apt-get`
options. They are the defaults with the `ubuntu-24.04` image.
- tidy up quotes.
Cherry-picked from #1484Closes#1528
- cmake: add support to build ossfuzz.
Enable with `-DBUILD_OSSFUZZ=ON`.
Also supports `-DLIB_FUZZING_ENGINE=` like autotools does.
- check for `__clang__` when suppressing warnings in source. Necessary
for clang-cl, which set `__clang__`, but doesn't set `__GNU__`.
- cmake: optimize out 4 picky warning option detections with gcc.
- cmake: bring `-pedantic-error`, `-Wall` use closer to curl's.
- cmake: set `-Wno-language-extension-token` for clang-cl.
- cmake: escape only the necessary `-W` options for clang-cl.
- cmake: apply picky warnings to C++.
- cmake: replace `unset(VAR)` with `set(VAR "")` for init.
- cmake: prefer dash-style MSVC options.
- cmake: simplify `MATCHES` expression.
- cmake: formatting/whitespace.
- ci/GHA: bump `actions/upload-artifact` to v4
Closes#1524
- always pass `--no-install-suggests --no-install-recommends`
to `apt-get` to avoid spending time to install packages we don't need.
(notably in the i386 Linux job.)
- drop an `apt-get` hack that's no longer necessary.
Closes#1476
- sync code between Find modules.
- wolfssl: replace `pkg-config` hints with native detection.
- libgcrypt, mbedtls: add `pkg-config`-based native detection.
- libgcrypt: add version detection.
- limit `pkg-config` use for `UNIX`, vcpkg, and non-cross MinGW builds,
and builds with no manual customization via `*_INCLUDE_DIR` or
`*_LIBRARY`.
- replace and sync Find module header comments.
- ci: delete manual mbedTLS config that's now redundant.
Based on similar work done in curl.
Second attempt at #1420Closes#1445
Also:
- add `LIBSSH2_DSA_ENABLE` to enable it explicitly.
- test the above option in CI.
- say 'deprecated' in docs and public header.
- disable DSA in the CI server config.
(OpenSSH 9.8 no longer builds with it by default)
https://www.openssh.com/txt/release-9.8
Patch-by: Jose Quaresma
- disable more DSA code when not enabled.
Fixes#1433Closes#1435
