From 50a6fec8015ee0f8afbd2f1c78f1ac3fccc3fc48 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 16 Dec 2022 19:23:07 +1100 Subject: Backport test workflow config changes. The self-hosted runner setup has been changed recently and the configs in the V_9_1 branch no longer work with the current runners. Backport the changes from master so that the tests on this branch work again. --- .github/configs | 16 ++++- .github/workflows/c-cpp.yml | 144 +++++++++++++++++++-------------------- .github/workflows/selfhosted.yml | 82 +++++++++++----------- .github/workflows/upstream.yml | 17 +++-- 4 files changed, 140 insertions(+), 119 deletions(-) diff --git a/.github/configs b/.github/configs index b54ed3a9..49b53d43 100755 --- a/.github/configs +++ b/.github/configs @@ -9,10 +9,13 @@ # LTESTS config=$1 +if [ "$config" = "" ]; then + config="default" +fi unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO -TEST_TARGET="tests" +TEST_TARGET="tests compat-tests" LTESTS="" SKIP_LTESTS="" SUDO=sudo # run with sudo by default @@ -108,7 +111,7 @@ case "$config" in kitchensink) CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam" CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux" - CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG" + CFLAGS="-DSK_DEBUG -DSANDBOX_SECCOMP_FILTER_DEBUG" ;; hardenedmalloc) CONFIGFLAGS="--with-ldflags=-lhardened_malloc" @@ -141,6 +144,11 @@ case "$config" in ;; openssl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath," + # OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec + # fallback. See https://bugzilla.mindrot.org/show_bug.cgi?id=3483 + if [ "$config" = "openssl-1.1.1" ]; then + SKIP_LTESTS="reexec" + fi ;; selinux) CONFIGFLAGS="--with-selinux" @@ -214,6 +222,10 @@ case "${TARGET_HOST}" in TEST_TARGET="t-exec TEST_SHELL=bash" SKIP_LTESTS="rekey sftp" ;; + debian-riscv64) + # This machine is fairly slow, so skip the unit tests. + TEST_TARGET="t-exec" + ;; dfly58*|dfly60*) # scp 3-way connection hangs on these so skip until sorted. SKIP_LTESTS=scp3 diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index e1fbcdb8..a12f61e2 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -13,99 +13,99 @@ jobs: fail-fast: false matrix: # First we test all OSes in the default configuration. - os: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022] - configs: [default] + target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022] + config: [default] # Then we include any extra configs we want to test for specific VMs. # Valgrind slows things down quite a bit, so start them first. include: - - { os: windows-2019, configs: cygwin-release } - - { os: windows-2022, configs: cygwin-release } - - { os: ubuntu-20.04, configs: valgrind-1 } - - { os: ubuntu-20.04, configs: valgrind-2 } - - { os: ubuntu-20.04, configs: valgrind-3 } - - { os: ubuntu-20.04, configs: valgrind-4 } - - { os: ubuntu-20.04, configs: valgrind-5 } - - { os: ubuntu-20.04, configs: valgrind-unit } - - { os: ubuntu-20.04, configs: c89 } - - { os: ubuntu-20.04, configs: clang-6.0 } - - { os: ubuntu-20.04, configs: clang-8 } - - { os: ubuntu-20.04, configs: clang-9 } - - { os: ubuntu-20.04, configs: clang-10 } - - { os: ubuntu-20.04, configs: clang-11 } - - { os: ubuntu-20.04, configs: clang-12-Werror } - - { os: ubuntu-20.04, configs: clang-sanitize-address } - - { os: ubuntu-20.04, configs: clang-sanitize-undefined } - - { os: ubuntu-20.04, configs: gcc-sanitize-address } - - { os: ubuntu-20.04, configs: gcc-sanitize-undefined } - - { os: ubuntu-20.04, configs: gcc-7 } - - { os: ubuntu-20.04, configs: gcc-8 } - - { os: ubuntu-20.04, configs: gcc-10 } - - { os: ubuntu-20.04, configs: gcc-11-Werror } - - { os: ubuntu-20.04, configs: pam } - - { os: ubuntu-20.04, configs: kitchensink } - - { os: ubuntu-20.04, configs: hardenedmalloc } - - { os: ubuntu-20.04, configs: tcmalloc } - - { os: ubuntu-20.04, configs: musl } - - { os: ubuntu-latest, configs: libressl-master } - - { os: ubuntu-latest, configs: libressl-2.2.9 } - - { os: ubuntu-latest, configs: libressl-2.8.3 } - - { os: ubuntu-latest, configs: libressl-3.0.2 } - - { os: ubuntu-latest, configs: libressl-3.2.6 } - - { os: ubuntu-latest, configs: libressl-3.3.6 } - - { os: ubuntu-latest, configs: libressl-3.4.3 } - - { os: ubuntu-latest, configs: libressl-3.5.3 } - - { os: ubuntu-latest, configs: libressl-3.6.1 } - - { os: ubuntu-latest, configs: openssl-master } - - { os: ubuntu-latest, configs: openssl-noec } - - { os: ubuntu-latest, configs: openssl-1.0.1 } - - { os: ubuntu-latest, configs: openssl-1.0.1u } - - { os: ubuntu-latest, configs: openssl-1.0.2u } - - { os: ubuntu-latest, configs: openssl-1.1.0h } - - { os: ubuntu-latest, configs: openssl-1.1.1 } - - { os: ubuntu-latest, configs: openssl-1.1.1k } - - { os: ubuntu-latest, configs: openssl-1.1.1n } - - { os: ubuntu-latest, configs: openssl-1.1.1q } - - { os: ubuntu-latest, configs: openssl-3.0.0 } - - { os: ubuntu-latest, configs: openssl-3.0.5 } - - { os: ubuntu-latest, configs: openssl-3.0.7 } - - { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch - - { os: ubuntu-latest, configs: openssl-3.0 } # stable branch - - { os: ubuntu-22.04, configs: pam } - - { os: ubuntu-22.04, configs: krb5 } - - { os: ubuntu-22.04, configs: heimdal } - - { os: ubuntu-22.04, configs: libedit } - - { os: ubuntu-22.04, configs: sk } - - { os: ubuntu-22.04, configs: selinux } - - { os: ubuntu-22.04, configs: kitchensink } - - { os: ubuntu-22.04, configs: without-openssl } - - { os: macos-11, configs: pam } - - { os: macos-12, configs: pam } - runs-on: ${{ matrix.os }} + - { target: windows-2019, config: cygwin-release } + - { target: windows-2022, config: cygwin-release } + - { target: ubuntu-20.04, config: valgrind-1 } + - { target: ubuntu-20.04, config: valgrind-2 } + - { target: ubuntu-20.04, config: valgrind-3 } + - { target: ubuntu-20.04, config: valgrind-4 } + - { target: ubuntu-20.04, config: valgrind-5 } + - { target: ubuntu-20.04, config: valgrind-unit } + - { target: ubuntu-20.04, config: c89 } + - { target: ubuntu-20.04, config: clang-6.0 } + - { target: ubuntu-20.04, config: clang-8 } + - { target: ubuntu-20.04, config: clang-9 } + - { target: ubuntu-20.04, config: clang-10 } + - { target: ubuntu-20.04, config: clang-11 } + - { target: ubuntu-20.04, config: clang-12-Werror } + - { target: ubuntu-20.04, config: clang-sanitize-address } + - { target: ubuntu-20.04, config: clang-sanitize-undefined } + - { target: ubuntu-20.04, config: gcc-sanitize-address } + - { target: ubuntu-20.04, config: gcc-sanitize-undefined } + - { target: ubuntu-20.04, config: gcc-7 } + - { target: ubuntu-20.04, config: gcc-8 } + - { target: ubuntu-20.04, config: gcc-10 } + - { target: ubuntu-20.04, config: gcc-11-Werror } + - { target: ubuntu-20.04, config: pam } + - { target: ubuntu-20.04, config: kitchensink } + - { target: ubuntu-20.04, config: hardenedmalloc } + - { target: ubuntu-20.04, config: tcmalloc } + - { target: ubuntu-20.04, config: musl } + - { target: ubuntu-latest, config: libressl-master } + - { target: ubuntu-latest, config: libressl-2.2.9 } + - { target: ubuntu-latest, config: libressl-2.8.3 } + - { target: ubuntu-latest, config: libressl-3.0.2 } + - { target: ubuntu-latest, config: libressl-3.2.6 } + - { target: ubuntu-latest, config: libressl-3.3.6 } + - { target: ubuntu-latest, config: libressl-3.4.3 } + - { target: ubuntu-latest, config: libressl-3.5.3 } + - { target: ubuntu-latest, config: libressl-3.6.1 } + - { target: ubuntu-latest, config: openssl-master } + - { target: ubuntu-latest, config: openssl-noec } + - { target: ubuntu-latest, config: openssl-1.0.1 } + - { target: ubuntu-latest, config: openssl-1.0.1u } + - { target: ubuntu-latest, config: openssl-1.0.2u } + - { target: ubuntu-latest, config: openssl-1.1.0h } + - { target: ubuntu-latest, config: openssl-1.1.1 } + - { target: ubuntu-latest, config: openssl-1.1.1k } + - { target: ubuntu-latest, config: openssl-1.1.1n } + - { target: ubuntu-latest, config: openssl-1.1.1q } + - { target: ubuntu-latest, config: openssl-3.0.0 } + - { target: ubuntu-latest, config: openssl-3.0.5 } + - { target: ubuntu-latest, config: openssl-3.0.7 } + - { target: ubuntu-latest, config: openssl-1.1.1_stable } + - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-22.04, config: pam } + - { target: ubuntu-22.04, config: krb5 } + - { target: ubuntu-22.04, config: heimdal } + - { target: ubuntu-22.04, config: libedit } + - { target: ubuntu-22.04, config: sk } + - { target: ubuntu-22.04, config: selinux } + - { target: ubuntu-22.04, config: kitchensink } + - { target: ubuntu-22.04, config: without-openssl } + - { target: macos-11, config: pam } + - { target: macos-12, config: pam } + runs-on: ${{ matrix.target }} steps: - name: set cygwin git params - if: ${{ startsWith(matrix.os, 'windows') }} + if: ${{ startsWith(matrix.target, 'windows') }} run: git config --global core.autocrlf input - name: install cygwin - if: ${{ startsWith(matrix.os, 'windows') }} + if: ${{ startsWith(matrix.target, 'windows') }} uses: cygwin/cygwin-install-action@master - uses: actions/checkout@main - name: setup CI system - run: sh ./.github/setup_ci.sh ${{ matrix.configs }} + run: sh ./.github/setup_ci.sh ${{ matrix.config }} - name: autoreconf run: sh -c autoreconf - name: configure - run: sh ./.github/configure.sh ${{ matrix.configs }} + run: sh ./.github/configure.sh ${{ matrix.config }} - name: save config uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-config + name: ${{ matrix.target }}-${{ matrix.config }}-config path: config.h - name: make clean run: make clean - name: make run: make -j2 - name: make tests - run: sh ./.github/run_test.sh ${{ matrix.configs }} + run: sh ./.github/run_test.sh ${{ matrix.config }} env: TEST_SSH_UNSAFE_PERMISSIONS: 1 TEST_SSH_HOSTBASED_AUTH: yes @@ -113,7 +113,7 @@ jobs: if: failure() uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | config.h config.log diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml index 8044a2fb..50bc9fff 100644 --- a/.github/workflows/selfhosted.yml +++ b/.github/workflows/selfhosted.yml @@ -7,32 +7,30 @@ on: jobs: selfhosted: if: github.repository == 'openssh/openssh-portable-selfhosted' - runs-on: ${{ matrix.os }} + runs-on: ${{ matrix.host }} timeout-minutes: 600 env: - TARGET_HOST: ${{ matrix.os }} + HOST: ${{ matrix.host }} + TARGET_HOST: ${{ matrix.target }} + TARGET_CONFIG: ${{ matrix.config }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the - # default config. "os" corresponds to a label associated with the worker. + # default config. "target" corresponds to a label associated with the + # worker. The default is an ephemeral VM running under libvirt. matrix: - os: - - aix51 - - ARM - - ARM64 + target: - alpine - debian-i386 - - debian-riscv64 - dfly30 - dfly48 - dfly58 - dfly60 + - dfly62 - fbsd10 - fbsd12 - fbsd13 - # - hurd - minix3 - # - nbsd2 - nbsd3 - nbsd4 - nbsd8 @@ -42,35 +40,42 @@ jobs: - obsd69 - obsd70 - obsdsnap + - obsdsnap-i386 - openindiana - - openwrt-mips - - openwrt-mipsel - # - rocky84 - sol10 - sol11 - - win10 - configs: + config: - default - # Then we include any extra configs we want to test for specific VMs. + host: + - libvirt include: - - { os: ARM64, configs: pam } - - { os: debian-i386, configs: pam } - - { os: dfly30, configs: without-openssl} - - { os: dfly48, configs: pam } - - { os: dfly58, configs: pam } - - { os: dfly60, configs: pam } - - { os: fbsd10, configs: pam } - - { os: fbsd12, configs: pam } - - { os: fbsd13, configs: pam } - - { os: nbsd8, configs: pam } - - { os: nbsd9, configs: pam } - - { os: openindiana, configs: pam } - # - { os: rocky84, configs: pam } - - { os: sol10, configs: pam } - - { os: sol11, configs: pam-krb5 } - - { os: sol11, configs: sol64 } - # - { os: sol11, configs: sol64-pam } - - { os: win10, configs: cygwin-release } + # Then we include extra libvirt test configs. + - { target: aix51, config: default, host: libvirt } + - { target: debian-i386, config: pam, host: libvirt } + - { target: dfly30, config: without-openssl, host: libvirt} + - { target: dfly48, config: pam ,host: libvirt } + - { target: dfly58, config: pam, host: libvirt } + - { target: dfly60, config: pam, host: libvirt } + - { target: dfly62, config: pam, host: libvirt } + - { target: fbsd10, config: pam, host: libvirt } + - { target: fbsd12, config: pam, host: libvirt } + - { target: fbsd13, config: pam, host: libvirt } + - { target: nbsd8, config: pam, host: libvirt } + - { target: nbsd9, config: pam, host: libvirt } + - { target: openindiana, config: pam, host: libvirt } + - { target: sol10, config: pam, host: libvirt } + - { target: sol11, config: pam-krb5, host: libvirt } + - { target: sol11, config: sol64, host: libvirt } + # VMs with persistent disks that have their own runner. + - { target: win10, config: default, host: win10 } + - { target: win10, config: cygwin-release, host: win10 } + # Physical hosts, with either native runners or remote via ssh. + - { target: ARM, config: default, host: ARM } + - { target: ARM64, config: default, host: ARM64 } + - { target: ARM64, config: pam, host: ARM64 } + - { target: debian-riscv64, config: default, host: debian-riscv64 } + - { target: openwrt-mips, config: default, host: openwrt-mips } + - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } steps: - name: shutdown VM if running run: vmshutdown @@ -80,25 +85,26 @@ jobs: run: autoreconf - name: startup VM run: vmstartup + working-directory: ${{ runner.temp }} - name: configure - run: vmrun ./.github/configure.sh ${{ matrix.configs }} + run: vmrun ./.github/configure.sh ${{ matrix.config }} - name: save config uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-config + name: ${{ matrix.target }}-${{ matrix.config }}-config path: config.h - name: make clean run: vmrun make clean - name: make run: vmrun make - name: make tests - run: vmrun ./.github/run_test.sh ${{ matrix.configs }} + run: vmrun ./.github/run_test.sh ${{ matrix.config }} timeout-minutes: 600 - name: save logs if: failure() uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | config.h config.log diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml index 26233e43..bc53206a 100644 --- a/.github/workflows/upstream.yml +++ b/.github/workflows/upstream.yml @@ -8,14 +8,16 @@ on: jobs: selfhosted: if: github.repository == 'openssh/openssh-portable-selfhosted' - runs-on: ${{ matrix.os }} + runs-on: 'libvirt' env: - TARGET_HOST: ${{ matrix.os }} + HOST: 'libvirt' + TARGET_HOST: ${{ matrix.target }} + TARGET_CONFIG: ${{ matrix.config }} strategy: fail-fast: false matrix: - os: [ obsdsnap, obsdsnap-i386 ] - configs: [ default, without-openssl, ubsan ] + target: [ obsdsnap, obsdsnap-i386 ] + config: [ default, without-openssl, ubsan ] steps: - name: shutdown VM if running run: vmshutdown @@ -23,16 +25,17 @@ jobs: - uses: actions/checkout@main - name: startup VM run: vmstartup + working-directory: ${{ runner.temp }} - name: update source run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" - name: make clean run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean" - name: make - run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.configs }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" + run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" - name: make install run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" - name: make tests` - run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.configs }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" + run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" env: SUDO: sudo timeout-minutes: 300 @@ -40,7 +43,7 @@ jobs: if: failure() uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | /usr/obj/regress/usr.bin/ssh/*.log - name: shutdown VM -- cgit v1.2.3