travis: Switch to docker based builds

This requires to have distro specific install scripts and build.sh
script.

For now ibmswtpm2 is compiled just for native builds (depends on gcc,
compiled natively). libtmps/swtpm could be used.

Signed-off-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Bruno Meneguele <bmeneg@redhat.com>(Fedora,CentOS 8(RHEL actually))
[zohar@linux.ibm.com: removed debugging in travis/fedora.sh]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

.travis.yml

@@ -1,38 +1,78 @@
 dist: bionic
 language: C
-addons:
+services:
- apt:
+    - docker
-  packages:
+
-   - libkeyutils-dev
-   - libattr1-dev
-   - attr
-   - openssl
-   - libssl-dev
-   - asciidoc
-   - xsltproc
-   - docbook-xsl
-   - docbook-xml
 matrix:
-   include:
+    include:
-     - env: TSS=ibmtss
+        # 32 bit build
-     - env: TSS=tpm2-tss
+        - os: linux
-install:
+          env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss
-   - if [ "${TSS}" = "tpm2-tss" ]; then
+          compiler: gcc
-           sudo apt-get install lcov pandoc autoconf-archive liburiparser-dev;
+
-           sudo apt-get install libdbus-1-dev libglib2.0-dev dbus-x11 libgcrypt-dev;
+        # cross compilation builds
-           sudo apt-get install libssl-dev doxygen libjson-c-dev;
+        - os: linux
-           sudo apt-get install libini-config-dev libltdl-dev;
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=ppc64el TSS=ibmtss
-           sudo apt-get install uuid-dev libcurl4-openssl-dev;
+          compiler: powerpc64le-linux-gnu-gcc
-          ./tests/install-tpm2-tss.sh;
+
-     fi
+        - os: linux
-   - ./tests/install-swtpm.sh
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=arm64 TSS=tpm2-tss
-   - ./tests/install-tss.sh
+          compiler: aarch64-linux-gnu-gcc
+
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=s390x TSS=ibmtss
+          compiler: s390x-linux-gnu-gcc
+
+        # musl
+        - os: linux
+          env: DISTRO=alpine:latest TSS=tpm2-tss
+          compiler: gcc
+
+        # glibc (gcc/clang)
+        - os: linux
+          env: DISTRO=opensuse/tumbleweed TSS=ibmtss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=opensuse/leap TSS=tpm2-tss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=ubuntu:eoan TSS=ibmtss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=ubuntu:xenial TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=fedora:latest TSS=ibmtss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=centos:7 TSS=tpm2-tss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=centos:latest TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=debian:testing TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=debian:stable TSS=ibmtss
+          compiler: gcc
+
+before_install:
+    - df -hT
+    - DIR="/usr/src/ima-evm-utils"
+    - printf "FROM $DISTRO\nRUN mkdir -p $DIR\nWORKDIR $DIR\nCOPY . $DIR\n" > Dockerfile
+    - cat Dockerfile
+    - docker build -t ima-evm-utils .
 
 script:
-   - export LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib;
+    - INSTALL="${DISTRO%%:*}"
-   - export PATH=$PATH:/usr/local/bin;
+    - INSTALL="${INSTALL%%/*}"
-   - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check;
+    - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh"
-
-   - tail -3 tests/ima_hash.log;
-   - tail -3 tests/sign_verify.log;
-   - tail -20 tests/boot_aggregate.log;

build.sh

@@ -0,0 +1,97 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+
+set -e
+
+CC="${CC:-gcc}"
+CFLAGS="${CFLAGS:--Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=return-type -fno-common}"
+PREFIX="${PREFIX:-$HOME/ima-evm-utils-install}"
+
+export LD_LIBRARY_PATH="$PREFIX/lib64:$PREFIX/lib:/usr/local/lib64:/usr/local/lib"
+export PATH="$PREFIX/bin:/usr/local/bin:$PATH"
+
+title()
+{
+	echo "===== $1 ====="
+}
+
+log_exit()
+{
+	local ret="${3:-$?}"
+	local log="$1"
+	local msg="$2"
+	local prefix
+
+	echo "=== $log ==="
+	[ $ret -eq 0 ] || prefix="FAIL: "
+	cat $log
+	echo
+	echo "$prefix$msg, see output of $log above"
+	exit $ret
+}
+
+cd `dirname $0`
+
+case "$VARIANT" in
+	i386)
+		echo "32-bit compilation"
+		export CFLAGS="-m32 $CFLAGS" LDFLAGS="-m32 $LDFLAGS"
+		export PKG_CONFIG_LIBDIR=/usr/lib/i386-linux-gnu/pkgconfig
+		;;
+	cross-compile)
+		host="${CC%-gcc}"
+		export CROSS_COMPILE="${host}-"
+		host="--host=$host"
+		echo "cross compilation: $host"
+		echo "CROSS_COMPILE: '$CROSS_COMPILE'"
+		;;
+	*)
+		if [ "$VARIANT" ]; then
+			echo "Wrong VARIANT: '$VARIANT'" >&2
+			exit 1
+		fi
+		echo "native build"
+		;;
+esac
+
+title "compiler version"
+$CC --version
+echo "CFLAGS: '$CFLAGS'"
+echo "LDFLAGS: '$LDFLAGS'"
+echo "PREFIX: '$PREFIX'"
+
+title "configure"
+./autogen.sh
+./configure --prefix=$PREFIX $host || log_exit config.log "configure failed"
+
+title "make"
+make -j$(nproc)
+make install
+
+title "test"
+if [ "$VARIANT" = "cross-compile" ]; then
+	echo "skip make check on cross compilation"
+	exit 0
+fi
+
+ret=0
+VERBOSE=1 make check || ret=$?
+
+title "logs"
+if [ $ret -eq 0 ]; then
+	tail -3 tests/ima_hash.log
+	tail -3 tests/sign_verify.log
+	tail -20 tests/boot_aggregate.log
+	exit 0
+fi
+
+cat tests/test-suite.log
+
+if [ $ret -eq 77 ]; then
+	msg="WARN: some tests skipped"
+	ret=0
+else
+	msg="FAIL: tests exited: $ret"
+fi
+
+log_exit tests/test-suite.log "$msg" $ret

travis/alpine.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) echo "No IBM TSS package, will be installed from git" >&2; TSS=;;
+tpm2-tss) TSS="tpm2-tss-dev";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+apk update
+
+apk add \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	attr-dev \
+	autoconf \
+	automake \
+	diffutils \
+	docbook-xml \
+	docbook-xsl \
+	keyutils-dev \
+	libtool \
+	libxslt \
+	linux-headers \
+	make \
+	musl-dev \
+	openssl \
+	openssl-dev \
+	pkgconfig \
+	procps \
+	sudo \
+	wget \
+	which \
+	xxd
+
+if [ ! "$TSS" ]; then
+	apk add git
+	../tests/install-tss.sh
+fi

travis/centos.sh

@@ -0,0 +1 @@
+fedora.sh

travis/debian.cross-compile.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$ARCH" ]; then
+	echo "missing \$ARCH!" >&2
+	exit 1
+fi
+
+case "$ARCH" in
+arm64) gcc_arch="aarch64";;
+ppc64el) gcc_arch="powerpc64le";;
+s390x) gcc_arch="$ARCH";;
+*) echo "unsupported arch: '$ARCH'!" >&2; exit 1;;
+esac
+
+dpkg --add-architecture $ARCH
+apt update
+
+apt install -y --no-install-recommends \
+	dpkg-dev \
+	gcc-${gcc_arch}-linux-gnu \
+	libc6-dev-${ARCH}-cross

travis/debian.i386.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+dpkg --add-architecture i386
+apt update
+
+apt install -y --no-install-recommends \
+	linux-libc-dev:i386 \
+	gcc-multilib \
+	pkg-config:i386

travis/debian.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+# debian.*.sh must be run first
+if [ "$ARCH" ]; then
+	ARCH=":$ARCH"
+	unset CC
+else
+	apt update
+fi
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+case "$TSS" in
+ibmtss) TSS="libtss-dev";;
+tpm2-tss) TSS="libtss2-dev";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) [ "$TSS" ] && echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+apt="apt install -y --no-install-recommends"
+
+$apt \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	debianutils \
+	docbook-xml \
+	docbook-xsl \
+	gzip \
+	libattr1-dev$ARCH \
+	libkeyutils-dev$ARCH \
+	libssl-dev$ARCH \
+	libtool \
+	make \
+	openssl \
+	pkg-config \
+	procps \
+	sudo \
+	wget \
+	xsltproc \
+
+$apt xxd || $apt vim-common
+$apt libengine-gost-openssl1.1$ARCH || true

travis/fedora.sh

@@ -0,0 +1,43 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -e
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) TSS="tss2-devel";;
+tpm2-tss) TSS="tpm2-tss-devel";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+yum -y install \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	docbook-xsl \
+	gzip \
+	keyutils-libs-devel \
+	libattr-devel \
+	libtool \
+	libxslt \
+	make \
+	openssl \
+	openssl-devel \
+	pkg-config \
+	procps \
+	sudo \
+	vim-common \
+	wget \
+	which
+
+yum -y install docbook5-style-xsl || true

travis/opensuse.sh

@@ -0,0 +1 @@
+tumbleweed.sh

travis/tumbleweed.sh

@@ -0,0 +1,45 @@
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) TSS="ibmtss-devel";;
+tpm2-tss) TSS="tpm2-0-tss-devel";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# clang has some gcc dependency
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+zypper --non-interactive install --force-resolution --no-recommends \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	docbook_5 \
+	docbook5-xsl-stylesheets \
+	gzip \
+	ibmswtpm2 \
+	keyutils-devel \
+	libattr-devel \
+	libopenssl-devel \
+	libtool \
+	make \
+	openssl \
+	pkg-config \
+	procps \
+	sudo \
+	vim \
+	wget \
+	which \
+	xsltproc
+
+[ -f /usr/lib/ibmtss/tpm_server ] && ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin

travis/ubuntu.sh

@@ -0,0 +1 @@
+debian.sh