Hi,
please ignore this patch - it was sent by accident.
Regards,
On 19/05/2022 11:31, Antonio Quartulli wrote:
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
---
.gitlab-ci.yml | 182 +++++++++++++++++++++++++++++++++++++++++
.gitlab/build-check.sh | 23 ++++++
.gitlab/build-deps.sh | 157 +++++++++++++++++++++++++++++++++++
3 files changed, 362 insertions(+)
create mode 100644 .gitlab-ci.yml
create mode 100755 .gitlab/build-check.sh
create mode 100755 .gitlab/build-deps.sh
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 00000000..fe25eb48
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,182 @@
+stages:
+ - test
+
+variables:
+ JOBS: 3
+ PREFIX: ${CI_PROJECT_DIR}/builds
+ TAP_WINDOWS_VERSION: 9.24.6
+ LZO_VERSION: "2.10"
+ PKCS11_HELPER_VERSION: "1.22"
+ MBEDTLS_VERSION: "2.26.0"
+ MBEDTLS_CFLAGS: -I${CI_PROJECT_DIR}/builds/include
+ MBEDTLS_LIBS: -L${CI_PROJECT_DIR}/builds/lib -lmbedtls -lmbedx509
-lmbedcrypto
+ OPENSSL_VERSION: 1.1.1m
+ OPENSSL_CFLAGS: -I${CI_PROJECT_DIR}/builds/include
+ OPENSSL_LIBS: -L${CI_PROJECT_DIR}/builds/lib -lssl -lcrypto
+ SSLLIB: "openssl"
+
+default:
+ image: gcc:latest
+
+ before_script:
+ - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev
liblz4-dev linux-libc-dev man2html build-essential python
+ - .gitlab/build-deps.sh
+
+ cache:
+ key: ${CI_JOB_NAME}
+ paths:
+ - download-cache/
+ - ${PREFIX}/
+
+dco:
+ variables:
+ EXTRA_CONFIG: "--enable-dco"
+ before_script:
+ - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev
liblz4-dev linux-libc-dev man2html build-essential python libnl-genl-3-dev
+ - .gitlab/build-deps.sh
+ script:
+ - .gitlab/build-check.sh
+
+mtls-latest:
+ variables:
+ SSLLIB: "mbedtls"
+ script:
+ - .gitlab/build-check.sh
+
+mtls-2_16_11:
+ variables:
+ MBEDTLS_VERSION: "2.16.11"
+ SSLLIB: "mbedtls"
+ script:
+ - .gitlab/build-check.sh
+
+mtls-2_7_19:
+ variables:
+ MBEDTLS_VERSION: "2.7.19"
+ SSLLIB: "mbedtls"
+ script:
+ - .gitlab/build-check.sh
+
+ossl:
+ variables:
+ SSLLIB: "openssl"
+ EXTRA_SCRIPT: "make distcheck"
+ artifacts:
+ paths:
+ - src/openvpn/openvpn
+ before_script:
+ - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev
liblz4-dev build-essential unzip python3-docutils libssl-dev
+ script:
+ - .gitlab/build-check.sh
+
+ossl-gcc9:
+ image: gcc:9
+ script:
+ - .gitlab/build-check.sh
+
+ossl-fedora-latest:
+ image: fedora:latest
+ before_script:
+ - yum -y install libtool openssl-devel lzo-devel pam-devel lz4-devel
man2html python gcc make autoconf automake wget
+ script:
+ - .gitlab/build-check.sh
+
+ossl-rockylinux-latest:
+ image: rockylinux:latest
+ before_script:
+ - yum -y install epel-release
+ - yum -y install libtool openssl-devel lzo-devel pam-devel lz4-devel
man2html python39 gcc make autoconf automake wget
+ script:
+ - .gitlab/build-check.sh
+
+ossl-1_1_0:
+ variables:
+ OPENSSL_VERSION: "1.1.0l"
+ script:
+ - .gitlab/build-check.sh
+
+ossl-1_0_2:
+ variables:
+ OPENSSL_VERSION: "1.0.2u"
+ script:
+ - .gitlab/build-check.sh
+
+
+#ossl-sanitizeaddr:
+# variables:
+# CFLAGS: "-fsanitize=address"
+# script:
+# - .gitlab/build-check.sh
+
+ossl-sanitizeleak:
+ variables:
+ CFLAGS: "-fsanitize=leak"
+ script:
+ - .gitlab/build-check.sh
+
+ossl-sanitizeundef:
+ variables:
+ CFLAGS: "-fsanitize=undefined"
+ script:
+ - .gitlab/build-check.sh
+
+ossl-win64:
+ variables:
+ CHOST: "x86_64-w64-mingw32"
+ EXTRA_CONFIG: "--disable-lz4"
+ artifacts:
+ paths:
+ - src/openvpn/openvpn.exe
+ name: "openvpn_win64-${CI_COMMIT_REF_SLUG}"
+ before_script:
+ - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev
build-essential mingw-w64 unzip man2html
+ - .gitlab/build-deps.sh
+ script:
+ - .gitlab/build-check.sh
+
+ossl-win32:
+ variables:
+ CHOST: "i686-w64-mingw32"
+ EXTRA_CONFIG: "--disable-lz4"
+ before_script:
+ - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev
build-essential mingw-w64 unzip man2html
+ - .gitlab/build-deps.sh
+ script:
+ - .gitlab/build-check.sh
+
+mtls-iproute2:
+ variables:
+ SSLLIB: "mbedtls"
+ EXTRA_CONFIG: "--enable-iproute2"
+ before_script:
+ - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev
liblz4-dev linux-libc-dev man2html build-essential iproute2 python
+ - .gitlab/build-deps.sh
+ script:
+ - .gitlab/build-check.sh
+
+ossl-nolzo:
+ before_script:
+ - apt-get update -qq && apt-get install -y -qq libpam0g-dev liblz4-dev
build-essential unzip
+ - .gitlab/build-deps.sh
+ variables:
+ EXTRA_CONFIG: "--disable-lzo"
+ script:
+ - .gitlab/build-check.sh
+
+ossl-small:
+ variables:
+ EXTRA_CONFIG: "--enable-small"
+ script:
+ - .gitlab/build-check.sh
+
+ossl-asyncpush:
+ variables:
+ EXTRA_CONFIG: "--enable-async-push"
+ script:
+ - .gitlab/build-check.sh
+
+ossl-no-mgmt:
+ variables:
+ EXTRA_CONFIG: "--disable-management"
+ script:
+ - .gitlab/build-check.sh
diff --git a/.gitlab/build-check.sh b/.gitlab/build-check.sh
new file mode 100755
index 00000000..7ecb4255
--- /dev/null
+++ b/.gitlab/build-check.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+set -eux
+
+export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH:-}"
+
+autoreconf -vi
+
+if [ -z ${CHOST+x} ]; then
+ ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG:-} || (cat
config.log && exit 1)
+ make -j$JOBS
+ src/openvpn/openvpn --version || true
+ ldd src/openvpn/openvpn
+ make check
+ ${EXTRA_SCRIPT:-}
+else
+ export TAP_CFLAGS="-I${PWD}/tap-windows-${TAP_WINDOWS_VERSION}/include"
+ export LZO_CFLAGS="-I${PREFIX}/include"
+ export LZO_LIBS="-L${PREFIX}/lib -llzo2"
+ export PKCS11_HELPER_LIBS="-L${PREFIX}/lib -lpkcs11-helper"
+ export PKCS11_HELPER_CFLAGS="-I${PREFIX}/include"
+ ./configure --with-crypto-library="${SSLLIB}" --host=${CHOST}
--build=x86_64-pc-linux-gnu --enable-pkcs11 --disable-plugins ${EXTRA_CONFIG:-} || (cat
config.log && exit 1)
+ make -j${JOBS}
+fi
diff --git a/.gitlab/build-deps.sh b/.gitlab/build-deps.sh
new file mode 100755
index 00000000..d92158be
--- /dev/null
+++ b/.gitlab/build-deps.sh
@@ -0,0 +1,157 @@
+#!/bin/sh
+set -eux
+
+# Set defaults
+PREFIX="${PREFIX:-${HOME}/opt}"
+
+download_tap_windows () {
+ if [ ! -f "download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip" ]; then
+ wget -P download-cache/ \
+
"http://build.openvpn.net/downloads/releases/tap-windows-${TAP_WINDOWS_VERSION}.zip";
+ fi
+}
+
+download_lzo () {
+ if [ ! -f "download-cache/lzo-${LZO_VERSION}.tar.gz" ]; then
+ wget -P download-cache/ \
+
"http://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz";
+ fi
+}
+
+build_lzo () {
+ if [ "$(cat ${PREFIX}/.lzo-version)" != "${LZO_VERSION}" ]; then
+ tar zxf download-cache/lzo-${LZO_VERSION}.tar.gz
+ (
+ cd "lzo-${LZO_VERSION}"
+
+ ./configure --host=${CHOST} --program-prefix='' \
+ --libdir=${PREFIX}/lib --prefix=${PREFIX}
--build=x86_64-pc-linux-gnu
+ make all install
+ )
+ echo "${LZO_VERSION}" > "${PREFIX}/.lzo-version"
+ fi
+}
+
+download_pkcs11_helper () {
+ if [ ! -f "pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" ]; then
+ wget -P download-cache/ \
+
"https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2";
+ fi
+}
+
+build_pkcs11_helper () {
+ if [ "$(cat ${PREFIX}/.pkcs11_helper-version)" !=
"${PKCS11_HELPER_VERSION}" ]; then
+ tar jxf download-cache/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2
+ (
+ cd "pkcs11-helper-${PKCS11_HELPER_VERSION}"
+
+ ./configure --host=${CHOST} --program-prefix=''
--libdir=${PREFIX}/lib \
+ --prefix=${PREFIX} --build=x86_64-pc-linux-gnu \
+ --disable-crypto-engine-gnutls \
+ --disable-crypto-engine-nss \
+ --disable-crypto-engine-polarssl \
+ --disable-crypto-engine-mbedtls
+ make all install
+ )
+ echo "${PKCS11_HELPER_VERSION}" > "${PREFIX}/.pkcs11_helper-version"
+ fi
+}
+
+download_mbedtls () {
+ if [ ! -f "download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz" ]; then
+ wget
"https://github.com/ARMmbed/mbedtls/archive/refs/tags/v${MBEDTLS_VERSION}.tar.gz";
\
+ -O download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+ fi
+}
+
+build_mbedtls () {
+ if [ "$(cat ${PREFIX}/.mbedtls-version)" != "${MBEDTLS_VERSION}" ]; then
+ tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+ (
+ cd "mbedtls-${MBEDTLS_VERSION}"
+ make
+ make install DESTDIR="${PREFIX}"
+ )
+ echo "${MBEDTLS_VERSION}" > "${PREFIX}/.mbedtls-version"
+ fi
+}
+
+download_openssl () {
+ if [ ! -f "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" ]; then
+ wget -P download-cache/ \
+ "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz";
+ fi
+}
+
+build_openssl_linux () {
+ (
+ cd "openssl-${OPENSSL_VERSION}/"
+ ./config shared --prefix="${PREFIX}" --openssldir="${PREFIX}" -DPURIFY
+ make all install_sw
+ )
+}
+
+build_openssl_osx () {
+ (
+ cd "openssl-${OPENSSL_VERSION}/"
+ ./Configure darwin64-x86_64-cc shared \
+ --prefix="${PREFIX}" --openssldir="${PREFIX}" -DPURIFY
+ make depend all install_sw
+ )
+}
+
+build_openssl_mingw () {
+ (
+ cd "openssl-${OPENSSL_VERSION}/"
+
+ if [ "${CHOST}" = "i686-w64-mingw32" ]; then
+ export TARGET=mingw
+ elif [ "${CHOST}" = "x86_64-w64-mingw32" ]; then
+ export TARGET=mingw64
+ fi
+
+ ./Configure --cross-compile-prefix=${CHOST}- shared \
+ ${TARGET} no-capieng --prefix="${PREFIX}" --openssldir="${PREFIX}"
-static-libgcc
+ make install
+ )
+}
+
+build_openssl () {
+ if [ "$(cat ${PREFIX}/.openssl-version)" != "${OPENSSL_VERSION}" ]; then
+ tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz"
+ if [ ! -z ${CHOST+x} ]; then
+ build_openssl_mingw
+ else
+ build_openssl_linux
+ fi
+ echo "${OPENSSL_VERSION}" > "${PREFIX}/.openssl-version"
+ fi
+}
+
+mkdir -p ${PREFIX}
+mkdir -p download-cache
+
+# Download and build crypto lib
+if [ "${SSLLIB}" = "openssl" ]; then
+ download_openssl
+ build_openssl
+elif [ "${SSLLIB}" = "mbedtls" ]; then
+ download_mbedtls
+ build_mbedtls
+else
+ echo "Invalid crypto lib: ${SSLLIB}"
+ exit 1
+fi
+
+# Download and build dependencies for mingw cross build
+# dependencies are the same as in regular windows installer build
+if [ ! -z ${CHOST+x} ]; then
+ download_tap_windows
+ unzip download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip
+
+ download_lzo
+ build_lzo
+
+ download_pkcs11_helper
+ build_pkcs11_helper
+fi
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
