| #!/bin/sh |
| # |
| # usage: configs vmname test_config (or '' for default) |
| # |
| # Sets the following variables: |
| # CONFIGFLAGS options to ./configure |
| # SSHD_CONFOPTS sshd_config options |
| # TEST_TARGET make target used when testing. defaults to "tests". |
| # LTESTS |
| |
| config=$1 |
| |
| TEST_TARGET="tests" |
| LTESTS="" |
| SKIP_LTESTS="" |
| SUDO=sudo # run with sudo by default |
| TEST_SSH_UNSAFE_PERMISSIONS=1 |
| |
| CONFIGFLAGS="" |
| LIBCRYPTOFLAGS="" |
| |
| case "$config" in |
| default|sol64) |
| ;; |
| kitchensink) |
| CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam" |
| CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux" |
| CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG" |
| ;; |
| hardenedmalloc) |
| CONFIGFLAGS="--with-ldflags=-lhardened_malloc" |
| ;; |
| kerberos5) |
| CONFIGFLAGS="--with-kerberos5" |
| ;; |
| libedit) |
| CONFIGFLAGS="--with-libedit" |
| ;; |
| *pam) |
| CONFIGFLAGS="--with-pam" |
| SSHD_CONFOPTS="UsePam yes" |
| ;; |
| libressl-head) |
| LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath," |
| ;; |
| openssl-head) |
| LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath," |
| ;; |
| selinux) |
| CONFIGFLAGS="--with-selinux" |
| ;; |
| sk) |
| CONFIGFLAGS="--with-security-key-builtin" |
| ;; |
| without-openssl) |
| LIBCRYPTOFLAGS="--without-openssl" |
| TEST_TARGET=t-exec |
| ;; |
| valgrind-[1-4]|valgrind-unit) |
| # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. |
| CONFIGFLAGS="--without-sandbox --without-hardening" |
| CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" |
| TEST_TARGET="t-exec USE_VALGRIND=1" |
| TEST_SSH_ELAPSED_TIMES=1 |
| export TEST_SSH_ELAPSED_TIMES |
| # Valgrind slows things down enough that the agent timeout test |
| # won't reliably pass, and the unit tests run longer than allowed |
| # by github so split into three separate tests. |
| tests2="rekey integrity" |
| tests3="krl forward-control sshsig" |
| tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment" |
| case "$config" in |
| valgrind-1) |
| # All tests except agent-timeout (which is flaky under valgrind) |
| #) and slow ones that run separately to increase parallelism. |
| SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}" |
| ;; |
| valgrind-2) |
| LTESTS="${tests2}" |
| ;; |
| valgrind-3) |
| LTESTS="${tests3}" |
| ;; |
| valgrind-4) |
| LTESTS="${tests4}" |
| ;; |
| valgrind-unit) |
| TEST_TARGET="unit USE_VALGRIND=1" |
| ;; |
| esac |
| ;; |
| *) |
| echo "Unknown configuration $config" |
| exit 1 |
| ;; |
| esac |
| |
| # The Solaris 64bit targets are special since they need a non-flag arg. |
| case "$config" in |
| sol64*) |
| CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}" |
| LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64" |
| ;; |
| esac |
| |
| case "${TARGET_HOST}" in |
| sol10|sol11) |
| # sol10 VM is 32bit and the unit tests are slow. |
| # sol11 has 4 test configs so skip unit tests to speed up. |
| TEST_TARGET="tests SKIP_UNIT=1" |
| ;; |
| esac |
| |
| # If we have a local openssl/libressl, use that. |
| if [ -z "${LIBCRYPTOFLAGS}" ]; then |
| # last-match |
| for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do |
| if [ -x ${i}/bin/openssl ]; then |
| LIBCRYPTOFLAGS="--with-ssl-dir=${i}" |
| fi |
| done |
| fi |
| |
| CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}" |
| |
| export LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS |