From 6c78911350fc2bbee4e2e03053a4bf0404e81ebf Mon Sep 17 00:00:00 2001 From: Petr Vorel Date: Thu, 13 Aug 2020 20:25:32 +0200 Subject: [PATCH] travis: Switch to docker based builds This requires to have distro specific install scripts and build.sh script. For now ibmswtpm2 is compiled just for native builds (depends on gcc, compiled natively). libtmps/swtpm could be used. Signed-off-by: Petr Vorel Reviewed-by: Bruno Meneguele (Fedora,CentOS 8(RHEL actually)) [zohar@linux.ibm.com: removed debugging in travis/fedora.sh] Signed-off-by: Mimi Zohar --- .travis.yml | 106 +++++++++++++++++++++++---------- build.sh | 97 ++++++++++++++++++++++++++++++ travis/alpine.sh | 50 ++++++++++++++++ travis/centos.sh | 1 + travis/debian.cross-compile.sh | 23 +++++++ travis/debian.i386.sh | 11 ++++ travis/debian.sh | 54 +++++++++++++++++ travis/fedora.sh | 43 +++++++++++++ travis/opensuse.sh | 1 + travis/tumbleweed.sh | 45 ++++++++++++++ travis/ubuntu.sh | 1 + 11 files changed, 399 insertions(+), 33 deletions(-) create mode 100755 build.sh create mode 100755 travis/alpine.sh create mode 120000 travis/centos.sh create mode 100755 travis/debian.cross-compile.sh create mode 100755 travis/debian.i386.sh create mode 100755 travis/debian.sh create mode 100755 travis/fedora.sh create mode 120000 travis/opensuse.sh create mode 100755 travis/tumbleweed.sh create mode 120000 travis/ubuntu.sh diff --git a/.travis.yml b/.travis.yml index cdfba49..849fcb6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,38 +1,78 @@ dist: bionic language: C -addons: - apt: - packages: - - libkeyutils-dev - - libattr1-dev - - attr - - openssl - - libssl-dev - - asciidoc - - xsltproc - - docbook-xsl - - docbook-xml +services: + - docker + matrix: - include: - - env: TSS=ibmtss - - env: TSS=tpm2-tss -install: - - if [ "${TSS}" = "tpm2-tss" ]; then - sudo apt-get install lcov pandoc autoconf-archive liburiparser-dev; - sudo apt-get install libdbus-1-dev libglib2.0-dev dbus-x11 libgcrypt-dev; - sudo apt-get install libssl-dev doxygen libjson-c-dev; - sudo apt-get install libini-config-dev libltdl-dev; - sudo apt-get install uuid-dev libcurl4-openssl-dev; - ./tests/install-tpm2-tss.sh; - fi - - ./tests/install-swtpm.sh - - ./tests/install-tss.sh + include: + # 32 bit build + - os: linux + env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss + compiler: gcc + + # cross compilation builds + - os: linux + env: DISTRO=debian:stable VARIANT=cross-compile ARCH=ppc64el TSS=ibmtss + compiler: powerpc64le-linux-gnu-gcc + + - os: linux + env: DISTRO=debian:stable VARIANT=cross-compile ARCH=arm64 TSS=tpm2-tss + compiler: aarch64-linux-gnu-gcc + + - os: linux + env: DISTRO=debian:stable VARIANT=cross-compile ARCH=s390x TSS=ibmtss + compiler: s390x-linux-gnu-gcc + + # musl + - os: linux + env: DISTRO=alpine:latest TSS=tpm2-tss + compiler: gcc + + # glibc (gcc/clang) + - os: linux + env: DISTRO=opensuse/tumbleweed TSS=ibmtss + compiler: clang + + - os: linux + env: DISTRO=opensuse/leap TSS=tpm2-tss + compiler: gcc + + - os: linux + env: DISTRO=ubuntu:eoan TSS=ibmtss + compiler: gcc + + - os: linux + env: DISTRO=ubuntu:xenial TSS=tpm2-tss + compiler: clang + + - os: linux + env: DISTRO=fedora:latest TSS=ibmtss + compiler: clang + + - os: linux + env: DISTRO=centos:7 TSS=tpm2-tss + compiler: gcc + + - os: linux + env: DISTRO=centos:latest TSS=tpm2-tss + compiler: clang + + - os: linux + env: DISTRO=debian:testing TSS=tpm2-tss + compiler: clang + + - os: linux + env: DISTRO=debian:stable TSS=ibmtss + compiler: gcc + +before_install: + - df -hT + - DIR="/usr/src/ima-evm-utils" + - printf "FROM $DISTRO\nRUN mkdir -p $DIR\nWORKDIR $DIR\nCOPY . $DIR\n" > Dockerfile + - cat Dockerfile + - docker build -t ima-evm-utils . script: - - export LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib; - - export PATH=$PATH:/usr/local/bin; - - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check; - - - tail -3 tests/ima_hash.log; - - tail -3 tests/sign_verify.log; - - tail -20 tests/boot_aggregate.log; + - INSTALL="${DISTRO%%:*}" + - INSTALL="${INSTALL%%/*}" + - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..b922fa6 --- /dev/null +++ b/build.sh @@ -0,0 +1,97 @@ +#!/bin/sh +# Copyright (c) 2020 Petr Vorel + +set -e + +CC="${CC:-gcc}" +CFLAGS="${CFLAGS:--Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=return-type -fno-common}" +PREFIX="${PREFIX:-$HOME/ima-evm-utils-install}" + +export LD_LIBRARY_PATH="$PREFIX/lib64:$PREFIX/lib:/usr/local/lib64:/usr/local/lib" +export PATH="$PREFIX/bin:/usr/local/bin:$PATH" + +title() +{ + echo "===== $1 =====" +} + +log_exit() +{ + local ret="${3:-$?}" + local log="$1" + local msg="$2" + local prefix + + echo "=== $log ===" + [ $ret -eq 0 ] || prefix="FAIL: " + cat $log + echo + echo "$prefix$msg, see output of $log above" + exit $ret +} + +cd `dirname $0` + +case "$VARIANT" in + i386) + echo "32-bit compilation" + export CFLAGS="-m32 $CFLAGS" LDFLAGS="-m32 $LDFLAGS" + export PKG_CONFIG_LIBDIR=/usr/lib/i386-linux-gnu/pkgconfig + ;; + cross-compile) + host="${CC%-gcc}" + export CROSS_COMPILE="${host}-" + host="--host=$host" + echo "cross compilation: $host" + echo "CROSS_COMPILE: '$CROSS_COMPILE'" + ;; + *) + if [ "$VARIANT" ]; then + echo "Wrong VARIANT: '$VARIANT'" >&2 + exit 1 + fi + echo "native build" + ;; +esac + +title "compiler version" +$CC --version +echo "CFLAGS: '$CFLAGS'" +echo "LDFLAGS: '$LDFLAGS'" +echo "PREFIX: '$PREFIX'" + +title "configure" +./autogen.sh +./configure --prefix=$PREFIX $host || log_exit config.log "configure failed" + +title "make" +make -j$(nproc) +make install + +title "test" +if [ "$VARIANT" = "cross-compile" ]; then + echo "skip make check on cross compilation" + exit 0 +fi + +ret=0 +VERBOSE=1 make check || ret=$? + +title "logs" +if [ $ret -eq 0 ]; then + tail -3 tests/ima_hash.log + tail -3 tests/sign_verify.log + tail -20 tests/boot_aggregate.log + exit 0 +fi + +cat tests/test-suite.log + +if [ $ret -eq 77 ]; then + msg="WARN: some tests skipped" + ret=0 +else + msg="FAIL: tests exited: $ret" +fi + +log_exit tests/test-suite.log "$msg" $ret diff --git a/travis/alpine.sh b/travis/alpine.sh new file mode 100755 index 0000000..63d7954 --- /dev/null +++ b/travis/alpine.sh @@ -0,0 +1,50 @@ +#!/bin/sh +# Copyright (c) 2020 Petr Vorel +set -ex + +if [ -z "$CC" ]; then + echo "missing \$CC!" >&2 + exit 1 +fi + +case "$TSS" in +ibmtss) echo "No IBM TSS package, will be installed from git" >&2; TSS=;; +tpm2-tss) TSS="tpm2-tss-dev";; +'') echo "Missing TSS!" >&2; exit 1;; +*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;; +esac + +# ibmswtpm2 requires gcc +[ "$CC" = "gcc" ] || CC="gcc $CC" + +apk update + +apk add \ + $CC $TSS \ + asciidoc \ + attr \ + attr-dev \ + autoconf \ + automake \ + diffutils \ + docbook-xml \ + docbook-xsl \ + keyutils-dev \ + libtool \ + libxslt \ + linux-headers \ + make \ + musl-dev \ + openssl \ + openssl-dev \ + pkgconfig \ + procps \ + sudo \ + wget \ + which \ + xxd + +if [ ! "$TSS" ]; then + apk add git + ../tests/install-tss.sh +fi diff --git a/travis/centos.sh b/travis/centos.sh new file mode 120000 index 0000000..1479a43 --- /dev/null +++ b/travis/centos.sh @@ -0,0 +1 @@ +fedora.sh \ No newline at end of file diff --git a/travis/debian.cross-compile.sh b/travis/debian.cross-compile.sh new file mode 100755 index 0000000..5456d12 --- /dev/null +++ b/travis/debian.cross-compile.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# Copyright (c) 2020 Petr Vorel +set -ex + +if [ -z "$ARCH" ]; then + echo "missing \$ARCH!" >&2 + exit 1 +fi + +case "$ARCH" in +arm64) gcc_arch="aarch64";; +ppc64el) gcc_arch="powerpc64le";; +s390x) gcc_arch="$ARCH";; +*) echo "unsupported arch: '$ARCH'!" >&2; exit 1;; +esac + +dpkg --add-architecture $ARCH +apt update + +apt install -y --no-install-recommends \ + dpkg-dev \ + gcc-${gcc_arch}-linux-gnu \ + libc6-dev-${ARCH}-cross diff --git a/travis/debian.i386.sh b/travis/debian.i386.sh new file mode 100755 index 0000000..1cad06e --- /dev/null +++ b/travis/debian.i386.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# Copyright (c) 2020 Petr Vorel +set -ex + +dpkg --add-architecture i386 +apt update + +apt install -y --no-install-recommends \ + linux-libc-dev:i386 \ + gcc-multilib \ + pkg-config:i386 diff --git a/travis/debian.sh b/travis/debian.sh new file mode 100755 index 0000000..ad7d2c0 --- /dev/null +++ b/travis/debian.sh @@ -0,0 +1,54 @@ +#!/bin/sh +# Copyright (c) 2020 Petr Vorel +set -ex + +if [ -z "$CC" ]; then + echo "missing \$CC!" >&2 + exit 1 +fi + +# debian.*.sh must be run first +if [ "$ARCH" ]; then + ARCH=":$ARCH" + unset CC +else + apt update +fi + +# ibmswtpm2 requires gcc +[ "$CC" = "gcc" ] || CC="gcc $CC" + +case "$TSS" in +ibmtss) TSS="libtss-dev";; +tpm2-tss) TSS="libtss2-dev";; +'') echo "Missing TSS!" >&2; exit 1;; +*) [ "$TSS" ] && echo "Unsupported TSS: '$TSS'!" >&2; exit 1;; +esac + +apt="apt install -y --no-install-recommends" + +$apt \ + $CC $TSS \ + asciidoc \ + attr \ + autoconf \ + automake \ + diffutils \ + debianutils \ + docbook-xml \ + docbook-xsl \ + gzip \ + libattr1-dev$ARCH \ + libkeyutils-dev$ARCH \ + libssl-dev$ARCH \ + libtool \ + make \ + openssl \ + pkg-config \ + procps \ + sudo \ + wget \ + xsltproc \ + +$apt xxd || $apt vim-common +$apt libengine-gost-openssl1.1$ARCH || true diff --git a/travis/fedora.sh b/travis/fedora.sh new file mode 100755 index 0000000..058e172 --- /dev/null +++ b/travis/fedora.sh @@ -0,0 +1,43 @@ +#!/bin/sh +# Copyright (c) 2020 Petr Vorel +set -e + +if [ -z "$CC" ]; then + echo "missing \$CC!" >&2 + exit 1 +fi + +case "$TSS" in +ibmtss) TSS="tss2-devel";; +tpm2-tss) TSS="tpm2-tss-devel";; +'') echo "Missing TSS!" >&2; exit 1;; +*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;; +esac + +# ibmswtpm2 requires gcc +[ "$CC" = "gcc" ] || CC="gcc $CC" + +yum -y install \ + $CC $TSS \ + asciidoc \ + attr \ + autoconf \ + automake \ + diffutils \ + docbook-xsl \ + gzip \ + keyutils-libs-devel \ + libattr-devel \ + libtool \ + libxslt \ + make \ + openssl \ + openssl-devel \ + pkg-config \ + procps \ + sudo \ + vim-common \ + wget \ + which + +yum -y install docbook5-style-xsl || true diff --git a/travis/opensuse.sh b/travis/opensuse.sh new file mode 120000 index 0000000..11c5f4b --- /dev/null +++ b/travis/opensuse.sh @@ -0,0 +1 @@ +tumbleweed.sh \ No newline at end of file diff --git a/travis/tumbleweed.sh b/travis/tumbleweed.sh new file mode 100755 index 0000000..ec4dc43 --- /dev/null +++ b/travis/tumbleweed.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# Copyright (c) 2020 Petr Vorel +set -ex + +if [ -z "$CC" ]; then + echo "missing \$CC!" >&2 + exit 1 +fi + +case "$TSS" in +ibmtss) TSS="ibmtss-devel";; +tpm2-tss) TSS="tpm2-0-tss-devel";; +'') echo "Missing TSS!" >&2; exit 1;; +*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;; +esac + +# clang has some gcc dependency +[ "$CC" = "gcc" ] || CC="gcc $CC" + +zypper --non-interactive install --force-resolution --no-recommends \ + $CC $TSS \ + asciidoc \ + attr \ + autoconf \ + automake \ + diffutils \ + docbook_5 \ + docbook5-xsl-stylesheets \ + gzip \ + ibmswtpm2 \ + keyutils-devel \ + libattr-devel \ + libopenssl-devel \ + libtool \ + make \ + openssl \ + pkg-config \ + procps \ + sudo \ + vim \ + wget \ + which \ + xsltproc + +[ -f /usr/lib/ibmtss/tpm_server ] && ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin diff --git a/travis/ubuntu.sh b/travis/ubuntu.sh new file mode 120000 index 0000000..0edcb8b --- /dev/null +++ b/travis/ubuntu.sh @@ -0,0 +1 @@ +debian.sh \ No newline at end of file