forked from aws/s2n-tls
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.travis.yml
104 lines (95 loc) · 5.52 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
sudo: required
dist: trusty
language: c
cache:
directories:
# Cache test dependencies that would normally be re-compiled for every build.
# This directory is unique for each entry of the build matrix per:
# https://docs.travis-ci.com/user/caching/#Caches-and-build-matrices
- test-deps
addons:
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- indent
- kwstyle
osx_image: xcode8
os:
- linux
matrix:
include:
- os : linux
env : TESTS=sawHMAC SAW_HMAC_TEST=md5 SAW=true GCC6_REQUIRED=false
addons: &sawaddons
apt:
packages:
- clang-3.8
- llvm-3.8
- os : linux
env : TESTS=tls SAW=true GCC6_REQUIRED=false
addons : *sawaddons
- os : linux
env : TESTS=sawHMACFailure SAW=true
addons : *sawaddons
before_install:
# Setup the cache directory paths. Openssl 1.1.x-master is skipped because we want to build against the latest
# revision.
- if [[ ! -d test-deps ]]; then mkdir test-deps ; fi
- export BASE_S2N_DIR=`pwd`
- export PYTHON_INSTALL_DIR=`pwd`/test-deps/python
- export GNUTLS_INSTALL_DIR=`pwd`/test-deps/gnutls
- export PRLIMIT_INSTALL_DIR=`pwd`/test-deps/prlimit
- export SAW_INSTALL_DIR=`pwd`/test-deps/saw
- export Z3_INSTALL_DIR=`pwd`/test-deps/z3
- export LIBFUZZER_INSTALL_DIR=`pwd`/test-deps/libfuzzer
- export LATEST_CLANG_INSTALL_DIR=`pwd`/test-deps/clang
- export SCAN_BUILD_INSTALL_DIR=`pwd`/test-deps/scan-build
- export OPENSSL_1_1_0_INSTALL_DIR=`pwd`/test-deps/openssl-1.1.0
- export OPENSSL_1_0_2_INSTALL_DIR=`pwd`/test-deps/openssl-1.0.2
- export OPENSSL_1_0_2_FIPS_INSTALL_DIR=`pwd`/test-deps/openssl-1.0.2-fips
- export LIBRESSL_INSTALL_DIR=`pwd`/test-deps/libressl
- export CPPCHECK_INSTALL_DIR=`pwd`/test-deps/cppcheck
- export CTVERIF_INSTALL_DIR=`pwd`/test-deps/ctverif
# Keep this out of test-deps so that we always build the latest master
- export OPENSSL_1_1_X_MASTER_INSTALL_DIR=`mktemp -d`
# Install missing test dependencies. If the install directory already exists, cached artifacts will be used
# for that dependency.
install:
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then .travis/install_ubuntu_dependencies.sh ; fi
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then .travis/install_osx_dependencies.sh ; fi
- .travis/install_default_dependencies.sh
# Set GCC 6 as Default on both Ubuntu and OSX
- if [[ "$GCC6_REQUIRED" == "true" ]]; then alias gcc=$(which gcc-6) ; fi
before_script:
# Add all of our test dependencies to the PATH. Use Openssl 1.1.0 so the latest openssl is used for s_client
# integration tests.
- export PATH=$PYTHON_INSTALL_DIR/bin:$OPENSSL_1_1_0_INSTALL_DIR/bin:$GNUTLS_INSTALL_DIR/bin:$SAW_INSTALL_DIR/bin:$Z3_INSTALL_DIR/bin:$SCAN_BUILD_INSTALL_DIR/bin:$PATH
- export LD_LIBRARY_PATH=$OPENSSL_1_1_0_INSTALL_DIR/lib:$LD_LIBRARY_PATH; export DYLD_LIBRARY_PATH=$OPENSSL_1_1_0_INSTALL_DIR/lib:$LD_LIBRARY_PATH;
# Select the libcrypto to build s2n against. If this is unset, default to the latest stable version(Openssl 1.1.0)
- if [[ -z $S2N_LIBCRYPTO ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_0_INSTALL_DIR ; fi
- if [[ "$S2N_LIBCRYPTO" == "openssl-1.1.0" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_0_INSTALL_DIR ; fi
- if [[ "$S2N_LIBCRYPTO" == "openssl-1.1.x-master" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_X_MASTER_INSTALL_DIR ; fi
- if [[ "$S2N_LIBCRYPTO" == "openssl-1.0.2" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_0_2_INSTALL_DIR ; fi
- if [[ "$S2N_LIBCRYPTO" == "openssl-1.0.2-fips" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_0_2_FIPS_INSTALL_DIR ; export S2N_TEST_IN_FIPS_MODE=1 ; fi
- if [[ "$S2N_LIBCRYPTO" == "libressl" ]]; then export LIBCRYPTO_ROOT=$LIBRESSL_INSTALL_DIR ; fi
# Set the libfuzzer to use for fuzz tests
- export LIBFUZZER_ROOT=$LIBFUZZER_INSTALL_DIR
# Create a link to the selected libcrypto. This shouldn't be needed when LIBCRYPTO_ROOT is set, but some tests
# have the "libcrypto-root" directory path hardcoded.
- rm -rf libcrypto-root && ln -s $LIBCRYPTO_ROOT libcrypto-root
# Use prlimit to set the memlock limit to unlimited for linux. OSX is unlimited by default
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo -E $PRLIMIT_INSTALL_DIR/bin/prlimit --pid "$$" --memlock=unlimited:unlimited ; fi
script:
- if [[ "$BUILD_S2N" == "true" ]]; then .travis/run_cppcheck.sh $CPPCHECK_INSTALL_DIR; fi
- if [[ "$BUILD_S2N" == "true" && "$TRAVIS_OS_NAME" == "linux" ]]; then .travis/run_kwstyle.sh ; fi
- if [[ "$TRAVIS_OS_NAME" == "linux" && "$TESTS" == "integration" ]]; then make -j 8 ; fi
# Build and run unit tests with scan-build for osx. scan-build bundle isn't available for linux
- if [[ "$TRAVIS_OS_NAME" == "osx" && "$TESTS" == "integration" ]]; then scan-build --status-bugs -o /tmp/scan-build make -j8; STATUS=$?; test $STATUS -ne 0 && cat /tmp/scan-build/*/* ; [ "$STATUS" -eq "0" ] ; fi
- if [[ "$TESTS" == "integration" ]]; then make clean; make integration ; fi
- if [[ "$TESTS" == "fuzz" ]]; then export PATH=$LATEST_CLANG_INSTALL_DIR/bin:$PATH && make clean && make fuzz ; fi
- if [[ "$TRAVIS_OS_NAME" == "linux" && "$TESTS" == "sawHMAC" ]]; then make -C tests/saw/ tmp/verify_s2n_hmac_$SAW_HMAC_TEST.log ; fi
- if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/spec/DRBG/DRBG.log ; fi
- if [[ "$TESTS" == "tls" ]]; then make -C tests/saw tmp/handshake.log && make -C tests/saw tmp/cork-uncork.log ; fi
- if [[ "$TESTS" == "sawHMACFailure" ]]; then make -C tests/saw failure-tests ; fi
- if [[ "$TESTS" == "ctverif" ]]; then .travis/run_ctverif.sh $CTVERIF_INSTALL_DIR ; fi