diff options
Diffstat (limited to '.gitlab-ci.yml')
| -rw-r--r-- | .gitlab-ci.yml | 62 |
1 files changed, 46 insertions, 16 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f09ebbf075..f000f82944 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ stages: # name to allow expiration of old caches. cache: - key: "$CI_JOB_NAME-ver17" + key: "$CI_JOB_NAME-ver18" paths: - cache/ @@ -35,13 +35,13 @@ after_script: variables: BUILD_IMAGES_PROJECT: gnutls/build-images - DEBIAN_BUILD: buildenv-debian - DEBIAN_CROSS_BUILD: buildenv-debian-cross + DEBIAN_BUILD: buildenv-debian-testing + DEBIAN_CROSS_BUILD: buildenv-debian-cross-testing DEBIAN_X86_CROSS_BUILD: buildenv-debian-x86-cross FEDORA28_BUILD: buildenv-f28 - FEDORA_BUILD: buildenv-fedora32 - MINGW_BUILD: buildenv-mingw - ALPINE_BASE_BUILD: buildenv-alpine-base + FEDORA_BUILD: buildenv-fedora33 + MINGW_BUILD: buildenv-mingw-fedora33 + ALPINE_BASE_BUILD: buildenv-alpine-base-nettle36 CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'" GET_SOURCES_ATTEMPTS: "3" @@ -175,8 +175,9 @@ minimal.Fedora.x86_64: # with openssl 1.1.0, which include legacy algorithms like DSA. SSL-3.0.Fedora.x86_64: stage: stage1-testing - image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA28_BUILD + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: + - update-crypto-policies --set LEGACY - ./bootstrap - mkdir -p build - cd build @@ -211,7 +212,10 @@ FIPS140-2.Fedora.x86_64: - make -j$BUILDJOBS - make -j$CHECKJOBS check - mkdir -p lib/.libs/fipscheck - - fipshmac -d lib/.libs/fipscheck/ -s .hmac lib/.libs/libgnutls.so* + - | + for i in lib/.libs/libgnutls.so*; do + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP -hex $i | cut -f 2 -d ' ' > lib/.libs/fipscheck/$(basename $i).hmac + done - GNUTLS_FORCE_FIPS_MODE=1 make -j$CHECKJOBS check - cd .. tags: @@ -316,6 +320,9 @@ MinGW32.DLLs: - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" + - export CFLAGS="-fstack-protector" + - export CXXFLAGS="-fstack-protector" + - export LDFLAGS="-fstack-protector" - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-nls --disable-guile --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw32-make -j$BUILDJOBS @@ -357,6 +364,9 @@ MinGW64.DLLs: - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" + - export CFLAGS="-fstack-protector" + - export CXXFLAGS="-fstack-protector" + - export LDFLAGS="-fstack-protector" - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw64-make -j$BUILDJOBS @@ -398,6 +408,9 @@ MinGW64.DLLs.Vista+: - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" + - export CFLAGS="-fstack-protector" + - export CXXFLAGS="-fstack-protector" + - export LDFLAGS="-fstack-protector" # Target Vista instead of XP, currently the default in mingw - export CPPFLAGS="-D_WIN32_WINNT=0x600" - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin @@ -439,6 +452,9 @@ MinGW64.Vista+: script: - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" + - export CFLAGS="-fstack-protector" + - export CXXFLAGS="-fstack-protector" + - export LDFLAGS="-fstack-protector" # Target Vista instead of XP, currently the default in mingw - export CPPFLAGS="-D_WIN32_WINNT=0x600" - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin @@ -475,6 +491,9 @@ MinGW64: script: - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" + - export CFLAGS="-fstack-protector" + - export CXXFLAGS="-fstack-protector" + - export LDFLAGS="-fstack-protector" - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register @@ -509,6 +528,9 @@ MinGW32: script: - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" + - export CFLAGS="-fstack-protector" + - export CXXFLAGS="-fstack-protector" + - export LDFLAGS="-fstack-protector" - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register @@ -540,12 +562,22 @@ FreeBSD.x86_64: image: script: - export CC="ccache clang" + - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git + - export NETTLE_DIR=${PWD}/nettle + - cd nettle-git + - ./.bootstrap + - ./configure --enable-mini-gmp --disable-documentation --disable-openssl --prefix=$NETTLE_DIR + - gmake + - gmake install + - cd - - ./bootstrap - - export LDFLAGS="-L/usr/local/lib" - - ./configure --disable-full-test-suite - --cache-file cache/config.cache --disable-gcc-warnings --disable-guile --disable-doc - - gmake -j$(sysctl hw.ncpu | awk '{print $2}') - - gmake check -j$(sysctl hw.ncpu | awk '{print $2}') + - export LDFLAGS="-Wl,-rpath,$NETTLE_DIR/lib -L$NETTLE_DIR/lib -L/usr/local/lib" + - export PKG_CONFIG_PATH=$NETTLE_DIR/lib/pkgconfig + - export CPPFLAGS=`pkg-config hogweed --cflags-only-I` + - export LD_LIBRARY_PATH=$NETTLE_DIR/lib + - ./configure --disable-full-test-suite --cache-file cache/config.cache --disable-gcc-warnings --disable-guile --disable-doc --with-nettle-mini + - gmake V=1 2>&1 | tee make.log + - gmake check tags: - freebsd only: @@ -718,11 +750,9 @@ Debian.cross.i686-linux-gnu: Debian.cross.arm-linux-gnueabihf: <<: *Debian_cross_template -Debian.cross.mips-linux-gnu: - <<: *Debian_cross_template - Debian.cross.aarch64-linux-gnu: <<: *Debian_cross_template + allow_failure: true nettle-master.Fedora: stage: stage1-testing |