To run test program via `wine`:
```shell
export LIBSSH2_TEST_EXE_RUNNER=wine
```
It prefixes commands with the specified runner. For systems where this
isn't automatic or supported, e.g. macOS.
Closes#1562
- move dependency properties (libs, libdirs, C flags, header dirs,
pkg-config module names) from global lists to imported target
`INTERFACE` properties. Rework FInd modules to return their results
like this and update the libssh2 build process to use it. It makes
Find modules re-usable from the cmake-config script by libssh2
consumers, to integrate with libssh2 dependencies.
- define libssh2 dependencies as "imported targets" by the name:
`libssh2::<depname>`, e.g. `libssh2::libgcrypt`.
- cmake-config: add fall-back logic for CMake without
CMP0099 (v3.17 2020-03-20) to set lib directories.
- generate `libssh2.pc` based on imported target properties (instead of
global lists).
- add target property dump debug function.
- ci/GHA: also test cmake integration on macOS.
Follow-up to 96d7f404e7#1534Closes#1535
CMake:
- Find*: set `<modulename>_FOUND` for compatibility when found via
`pkg-config`. E.g. `MbedTLS_FOUND`.
`find_package_handle_standard_args()` sets both `<MODULENAME>_FOUND`
and `<Modulename>_FOUND` when detecting the dependency. Some CMake
code relies on this and 3rd-party code may rely on it too. Make sure
to set the latter variant when detecting the dependency via
`pkg-config`, where we don't call
`find_package_handle_standard_args()`.
CMake sets these variable to `TRUE` (not `ON` or `1`). Replicate this
for compatibility.
- libssh2-config.cmake: inherit default `LIBSSH2_USE_PKGCONFIG`.
Follow-up to a3aa6b4ca8#1525
- document variables consumed by `libssh2-config.cmake.in`.
- `libssh2-config.cmake`: fix to link to non-OpenSSL crypto backends.
This is most likely not how this is supposed to be done, but better
than failing.
What's the canonical way to do this, and how OpenSSL and zlib does it
is yet to be figured out.
- use `ZLIB::ZLIB` to reference zlib.
- use `IN ITEMS` where missed.
- harmonize variable dump output formats.
CMake `find_package` integration tests:
- extend to all crypto backends (was: OpenSSL).
- show libssh2 variables set by `find_package()`.
- stop building examples and tests for the consumed package.
For performance.
- enable zlib, for coverage.
- be verbose when building the test targets.
ci/GHA:
- add packaged mbedTLS (2.x) build to Linux matrix.
- alphasort some tests.
Follow-up to d9c2e550ca#1460
Follow-up to 82b09f9b3a#1322Closes#1534
- show platform flags (via curl).
- add `LIBSSH2_USE_PKGCONFIG` option to control whether to use
`pkg-config` to find dependencies.
- set `.pc` names withing the Find modules.
- add `mbedcrypto` to `libssh2.pc` only when detected via `pkg-config`.
Workaround for older mbedtls versions and non-CMake mbedTLS builds
(as of mbedTLS 3.6.2) that don't emit an `mbedcrypto.pc` file.
- set header paths relative to the project root (tidy-up).
- use `-isystem` for crypto backend and zlib header paths.
To match autotools.
- sync header path order with autotools.
- rename local variables to underscore-lowercase.
- minor tidy-ups.
Cherry-picked from #1484Closes#1525
- cmake: add support to build ossfuzz.
Enable with `-DBUILD_OSSFUZZ=ON`.
Also supports `-DLIB_FUZZING_ENGINE=` like autotools does.
- check for `__clang__` when suppressing warnings in source. Necessary
for clang-cl, which set `__clang__`, but doesn't set `__GNU__`.
- cmake: optimize out 4 picky warning option detections with gcc.
- cmake: bring `-pedantic-error`, `-Wall` use closer to curl's.
- cmake: set `-Wno-language-extension-token` for clang-cl.
- cmake: escape only the necessary `-W` options for clang-cl.
- cmake: apply picky warnings to C++.
- cmake: replace `unset(VAR)` with `set(VAR "")` for init.
- cmake: prefer dash-style MSVC options.
- cmake: simplify `MATCHES` expression.
- cmake: formatting/whitespace.
- ci/GHA: bump `actions/upload-artifact` to v4
Closes#1524
For no reason it broke when trying to silence a CMake deprecation
warning in #1510. Then when tested locally, it did not work either with
or without the patch in #1510.
I'm not sure, but existing implementation may have worked by accident
by re-using leftovers from the preceding two integration tests.
After spending a days trying to fix this, I declare defeat. If such
amount of time of testing, reading documentation, blog posts, variable
traces, logs, bug reports is not enough to make this work, or even
to understand how this should work, this seems like a lost cause.
CMake makes it impossible to cleanly query the properties of a target,
which would be essential for debugging. There are rough workarounds
with years of iteration, and those still don't work to this day:
https://stackoverflow.com/questions/32183975/how-to-print-all-the-properties-of-a-target-in-cmake
Copy-pasting an incantation from a blog post that made this work:
https://inhzus.io/posts/2023-12-01-cmake-external-project/
almost made it work, except that it had a workaround for a 10-year old
pending bug, another workaround for Ninja which required CMake 3.29,
with settings hard-wired, and explicitly configured in weird ways. But,
it still missed to pass the libssh2 library to the test target and
failed to link.
Then tried to pass the libssh2 lib the "usual" way via:
```
target_link_libraries(test PRIVATE libssh2)
```
That also did not work because CMake decided that the external libssh2
target is of "UTILITY" type, and errored with:
```
CMake Error at CMakeLists.txt:39 (target_link_libraries):
Target "libssh2" of type UTILITY may not be linked into another target.
One may link only to INTERFACE, OBJECT, STATIC or SHARED libraries, or to
executables with the ENABLE_EXPORTS property set.
```
This type property is read-only, and documentation has no mention of it,
or how to set it whatsoever:
https://cmake.org/cmake/help/latest/module/ExternalProject.html
libssh2's `docs/INSTALL_CMAKE.md` mentions ExternalProject as a way to
use libssh2. Added there with the initial CMake commit. We should
probably delete it from there.
This consumption method has a single mention in public issues:
https://github.com/libssh2/libssh2/issues/1116Closes#1522
Building 3 tests require static libssh2 lib. Some may prefer not to
create the static lib, yet prefer to build all tests, including those
3 that require it.
Detect such intent by looking for an explicit `BUILD_TESTING=ON` and
`BUILD_STATIC_LIBS=OFF`, then build the static lib anyway but without
installing it.
Reported-by: Eli Schwartz
Fixes#1450Closes#1469
Also:
- add `LIBSSH2_DSA_ENABLE` to enable it explicitly.
- test the above option in CI.
- say 'deprecated' in docs and public header.
- disable DSA in the CI server config.
(OpenSSH 9.8 no longer builds with it by default)
https://www.openssh.com/txt/release-9.8
Patch-by: Jose Quaresma
- disable more DSA code when not enabled.
Fixes#1433Closes#1435
Replace hard-coded crypto backends and rely on `LIBSSH2_GCM` macro
to decide whether to run AES-GCM tests.
Without this, build attempted to run AES-GCM tests (and failed)
for crypto backends that have conditional support for this feature, e.g.
wolfSSL without the necessary features built-in
(as in before Homewbrew wolfssl 5.7.0_1, or OpenSSL v1.1.0 and older).
This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.
Cherry-picked from #1407Closes#1410
Use `AM_CFLAGS` to pass custom, per-target C flags. This replaces using
`CFLAGS` which triggered this warning when running `autoreconf -fi`:
```
tests/Makefile.am:8: warning: 'CFLAGS' is a user variable, you should not override it;
tests/Makefile.am:8: use 'AM_CFLAGS' instead
```
(Only for `tests`, even though `example` and `src` also used this
method. The warning is also missing from curl, that also uses
`CFLAGS`.)
Follow-up to 3ec53f3ea2#1286Closes#1378
Replicating OpenSSH's behavior to handle RSA certificate authentication
differently based on the remote server version.
1. For OpenSSH versions >= 7.8, ascertain server's support for RSA Cert
types by checking if the certificate's signature type is present in
the `server-sig-algs`.
2. For OpenSSH versions < 7.8, Set the "SSH_BUG_SIGTYPE" flag when the
RSA key in question is a certificate to ignore `server-sig-algs` and
only offer ssh-rsa signature algorithm for RSA certs.
This arises from the fact that OpenSSH versions up to 7.7 accept
RSA-SHA2 keys but not RSA-SHA2 certificate types. Although OpenSSH <=7.7
includes RSA-SHA2 keys in the `server-sig-algs`, versions <=7.7 do not
actually support RSA certs. Therefore, server sending RSA-SHA2 keys in
`server-sig-algs` should not be interpreted as indicating support for
RSA-SHA2 certs. So, `server-sig-algs` are ignored when the RSA key in
question is a cert, and the remote server version is 7.7 or below.
Relevant sections of the OpenSSH source code:
<https://github.com/openssh/openssh-portable/blob/V_8_9_P1/sshconnect2.c#L1191-L1197>
<https://github.com/openssh/openssh-portable/blob/master/compat.c#L43>
Assisted-by: Will Cosgrove
Reviewed-by: Viktor Szakats
Also markup a vararg function as such.
In functions marked up as vararg functions, there is no need to suppress
`-Wformat-nonliteral` warnings. It's done automatically by the compiler.
Closes#1342
* Use the imported target of FindOpenSSL module
* Build libssh2 before test runner
* Use find_package() in the CMake config file
* Use find_dependency() rather than find_package()
* Install CMake module files and use them in the config file
* Use elseif() to choose the crypto backend
This fixes flakiness experienced recently with two OpenSSL jobs and one
libgcrypt job, and/or intermittently causing all Docker-based tests to
fail.
Reported-by: András Fekete
Fixes#1328Fixes#1329Closes#1338
- install bash to fix error when running tests:
```
ERROR: test_sshd.test - missing test plan
ERROR: test_sshd.test - exited with status 127 (command not found?)
=====================================
[...]
# TOTAL: 4
# PASS: 2
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
[...]
env: bash: No such file or directory
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998
- fix sshd issue when running tests:
```
# sshd log:
# Server listening on :: port 4711.
# Server listening on 0.0.0.0 port 4711.
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059
Cherry-picked from #1277Closes#1277
Cast large integer types to avoid dealing with printf masks for
`size_t` and other C99 types. Some of existing code used `int`
for this, bump them to `long`.
Ref: afa6b86560#1257Closes#1264
Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)
Enable new warnings:
- replace `-Wno-sign-conversion` with `-Wsign-conversion`.
Fix them in example, tests and wincng. There remain about 360 of these
warnings in `src`. Add a TODO item for those and disable `-Werror` for
this particular warning.
- enable `-Wformat=2` for clang (in both cmake and autotools).
- enable `__attribute__((format))` for `_libssh2_debug()`,
`_libssh2_snprintf()` and in tests for `run_command()`.
`LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
Fix them:
- src: replace obsolete fall-through-comments with
`__attribute__((fallthrough))`.
- wincng: fix `-Wsign-conversion` warnings.
- tests: fix `-Wsign-conversion` warnings.
- example: fix `-Wsign-conversion` warnings.
- src: fix `-Wformat` issues in trace calls.
Also, where necessary fix `int` and `unsigned char` casts to
`unsigned int` and adjust printf format strings. These were not
causing compiler warnings.
Cast large types to `long` to avoid dealing with printf masks for
`size_t` and other C99 types. Existing code often used `int` for this.
I'll update them to `long` in an upcoming commit.
- tests: fix `-Wformat` warning.
- silence `-Wformat-nonliteral` warnings.
- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
in external header.
Closes#1257
Then sync this warning option with curl.
Seems like a false positive and/or couldn't figure how to fix it, so silence:
```
example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~
example/ssh2.c:227:34: note: assuming directive output of 1 byte
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~
example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~
example/ssh2.c:228:34: note: assuming directive output of 1 byte
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~
example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98
Fix:
```
tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=]
tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51
Tested via #1257
If the `$USER` variable is empty, fall back to using `$LOGNAME` to
retrieve the logged-in username.
In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and
on some systems it may not be set. Without this value, tests were unable
to provide the correct username when logging into the SSH server running
under the active user's session.
Reported-by: Nicolas Mora
Suggested-by: Nicolas Mora
Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348Fixes#1240Closes#1241
Also extend our integration test double inclusion. It will still not
catch this case, because that requires
`cmake_minimum_required(VERSION 3.18)` or higher.
Fixes:
```
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library):
add_library cannot create ALIAS target "libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library):
add_library cannot create ALIAS target "Libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
```
Test to reproduce:
```cmake
cmake_minimum_required(VERSION 3.18) # must be 3.18 or higher
project(test)
find_package(libssh2 CONFIG)
find_package(libssh2 CONFIG) # fails
add_executable(test main.c)
target_link_libraries(test libssh2::libssh2)
```
Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes
Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html
Assisted-by: Kai Pastor
Assisted-by: Harry Mallon
Ref: https://github.com/curl/curl/pull/11913Closes#1216
```
PendingDeprecationWarning:
Copyright and licensing information for 'tests/openssh_server/Dockerfile'
has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5
file located at '.reuse/dep5'. The information for these two sources has
been aggregated. In the future this behaviour will change, and you will
need to explicitly enable aggregation. [...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4
