stages: - stage1-testing # we utilize the images generated by the build-images project, to # speed up CI runs. We also use ccache and store config.cache # to speed up compilation. We include a version number in cache # name to allow expiration of old caches. cache: key: "$CI_JOB_NAME-ver17" paths: - cache/ before_script: # CCache Config - mkdir -p cache - export CCACHE_BASEDIR=${PWD} - export CCACHE_DIR=${PWD}/cache - export CC="ccache gcc" # With just one virtual core, parallel builds only make sense when # I/O wait is involved. If too many parallel builds are used, the overall # time even increases (e.g. due to more cache misses). # $BUILDJOBS seems to be best with $(nproc)+1, while $CHECKJOBS can be much # higher because several tests have a large I/O waiting time. # The numbers are hard-coded since FreeBSD doesn't know the nproc command. - export BUILDJOBS=2 - export CHECKJOBS=16 after_script: # somehow after_script looses environment - export CCACHE_BASEDIR=${PWD} - export CCACHE_DIR=${PWD}/cache - ccache -s variables: BUILD_IMAGES_PROJECT: gnutls/build-images DEBIAN_BUILD: buildenv-debian DEBIAN_CROSS_BUILD: buildenv-debian-cross DEBIAN_X86_CROSS_BUILD: buildenv-debian-x86-cross FEDORA28_BUILD: buildenv-f28 FEDORA_BUILD: buildenv-fedora32 MINGW_BUILD: buildenv-mingw ALPINE_BASE_BUILD: buildenv-alpine-base CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'" GET_SOURCES_ATTEMPTS: "3" ################################################## # Stage 1, documentation, and advanced checks ################################################## commit-check: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BASE_BUILD before_script: - /bin/true after_script: - /bin/true except: - master@gnutls/gnutls cache: # do not load cache files key: none policy: pull script: # we want $ALPINE_BASE_BUILD without git, so add it here - apk add git bash - devel/check_if_signed retry: 0 doc-dist.Fedora: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - SUBMODULE_NOFETCH=1 ./bootstrap - GUILE=/usr/bin/guile2.2 - GUILD=/usr/bin/guild2.2 - guile_snarf=/usr/bin/guile-snarf2.2 - export GUILE GUILD guile_snarf - CFLAGS="-std=c99 -O2 -g" dash ./configure --disable-gcc-warnings --cache-file cache/config.cache --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode - make -j$BUILDJOBS -C doc stamp-vti - make -j$BUILDJOBS -C doc stamp-1 - make -j$BUILDJOBS -C doc stamp_enums - make -j$BUILDJOBS - make -j$BUILDJOBS -C doc gnutls.html - make -j$BUILDJOBS -C doc/latex gnutls.pdf - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print)) - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub # check whether distribution with or without included libopts is ok - make -j$CHECKJOBS distcheck DISTCHECK_CONFIGURE_FLAGS="--enable-local-libopts --disable-tests" - make -j$CHECKJOBS distcheck tags: - shared - linux except: - tags retry: 1 abi/coverage: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - SUBMODULE_NOFETCH=1 ./bootstrap - GUILE=/usr/bin/guile2.2 - GUILD=/usr/bin/guild2.2 - guile_snarf=/usr/bin/guile-snarf2.2 - export GUILE GUILD guile_snarf - CFLAGS="-g -Og" dash ./configure --disable-gcc-warnings --cache-file cache/config.cache --prefix=/usr --libdir=/usr/lib64 --enable-code-coverage --disable-maintainer-mode --disable-doc - make -j$BUILDJOBS - make abi-check - make pic-check - make -j$CHECKJOBS check - make local-code-coverage-output || true - if objdump -R lib/.libs/libgnutls.so | grep INTERNAL ; then false ; fi tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.xml - ./gnutls-prev-abi.tmp/ - compat_reports/ - ./*.log - tests/*.log - tests/*/*.log - tests/suite/*/*.log - guile/tests/*.log retry: 1 minimal.Fedora.x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - echo "No tools build" - ./bootstrap - dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-full-test-suite --disable-doc --disable-guile --disable-tools --enable-tests - make -j$BUILDJOBS - make -j$CHECKJOBS check - echo "Minimal build" - dnf remove -y libunistring-devel libtasn1-devel libidn-devel - dash ./configure --cache-file cache/config.cache --with-included-libtasn1 --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-tests --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-ocsp --disable-non-suiteb-curves --with-included-unistring --disable-nls --disable-libdane --without-p11-kit --without-tpm --disable-ssl3-support --disable-ssl2-support --disable-doc --enable-openssl-compatibility --disable-gcc-warnings --with-system-priority-file="" --disable-gost --disable-guile - make clean - make -j$BUILDJOBS - make -j$CHECKJOBS check tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - fuzz/*.log - tests/*.log - tests/*/*.log - tests/suite/*/*.log retry: 1 # This enables SSL3.0 and SHA-1 support, and runs interop tests # with openssl 1.1.0, which include legacy algorithms like DSA. SSL-3.0.Fedora.x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA28_BUILD script: - ./bootstrap - mkdir -p build - cd build - dash ../configure --disable-tls13-interop --disable-gcc-warnings --cache-file ../cache/config.cache --enable-sha1-support --enable-ssl3-support --enable-seccomp-tests --disable-doc --disable-guile --disable-strict-der-time - make -j$BUILDJOBS - make -j$CHECKJOBS check - cd .. tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - build/guile/tests/*.log - build/tests/*.log - build/*.log - build/tests/*/*.log - build/tests/suite/*/*.log retry: 1 FIPS140-2.Fedora.x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./bootstrap - mkdir -p build - cd build - dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --disable-non-suiteb-curves --enable-fips140-mode --disable-doc --disable-full-test-suite --disable-guile - make -j$BUILDJOBS - make -j$CHECKJOBS check - mkdir -p lib/.libs/fipscheck - fipshmac -d lib/.libs/fipscheck/ -s .hmac lib/.libs/libgnutls.so* - GNUTLS_FORCE_FIPS_MODE=1 make -j$CHECKJOBS check - cd .. tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - build/guile/tests/*.log - build/tests/*.log - build/tests/*/*.log retry: 1 valgrind.Fedora.x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./bootstrap # gcc in fedora31 inlines strcmp in a way that causes valgrind errors - CFLAGS="-O2 -g -fno-builtin-strcmp" ./configure --disable-gcc-warnings --disable-doc --cache-file cache/config.cache --disable-guile --disable-full-test-suite --enable-valgrind-tests - make -j$BUILDJOBS - make -j$CHECKJOBS check tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log - tests/*/*.log retry: 1 threadsan.Fedora.x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./bootstrap - CFLAGS="-fsanitize=thread -g -O2" CXXFLAGS=$CFLAGS dash ./configure --disable-gcc-warnings --disable-doc --cache-file cache/config.cache --disable-non-suiteb-curves --disable-guile --enable-fips140-mode --disable-full-test-suite - make -j$BUILDJOBS - make -j$CHECKJOBS -C tests check SUBDIRS=. TESTS="tls-pthread dtls-pthread fips-mode-pthread rng-pthread" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1 tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - fuzz/*.log - tests/*.log - tests/*/*.log - tests/suite/*/*.log retry: 1 static-analyzers.Fedora.x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD before_script: - /bin/true script: - ./bootstrap - scan-build ./configure --cache-file cache/config.cache --disable-doc --disable-guile --enable-fips140-mode - make -j$BUILDJOBS syntax-check gnulib_dir=$GNULIB_SRCDIR - make -j$BUILDJOBS -C gl - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C lib - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C libdane - make -j$BUILDJOBS -C src/gl - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C src - cppcheck --force -q -Ilib/include -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring -i lib/minitasn1 -i lib/nettle/backport -i lib/nettle/ecc -j2 $CPPCHECK_OPTIONS - cppcheck --force -q -Ilib/include -Igl/ -Ilibdane/ -I. --error-exitcode=1 libdane/ -j2 $CPPCHECK_OPTIONS after_script: - /bin/true tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - scan-build-lib/* - scan-build-libdane/* retry: 1 MinGW32.DLLs: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD script: - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-nls --disable-guile --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw32-make -j$BUILDJOBS - mingw32-make -j$BUILDJOBS -C tests check # Combine generated apps and DLLs. #libwinpthread is required by libgcc #libffi is required by libp11-kit - mkdir -p win32-build/bin win32-build/lib/includes - cp lib/.libs/*.dll src/.libs/*.exe win32-build/bin - i686-w64-mingw32-strip --strip-unneeded win32-build/bin/*.dll - i686-w64-mingw32-strip win32-build/bin/*.exe - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win32-build/bin - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win32-build/bin - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win32-build/bin - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win32-build/bin - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win32-build/bin - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win32-build/bin - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win32-build/bin - cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win32-build/bin - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win32-build/lib - cp lib/includes/gnutls/*.h win32-build/lib/includes tags: - shared - docker - linux only: - tags artifacts: name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" paths: - win32-build/ retry: 1 MinGW64.DLLs: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD script: - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw64-make -j$BUILDJOBS - mingw64-make -j$BUILDJOBS -C tests check # Combine generated apps and DLLs. #libwinpthread is required by libgcc #libffi is required by libp11-kit - mkdir -p win64-build/bin win64-build/lib/includes - cp lib/.libs/*.dll src/.libs/*.exe win64-build/bin - x86_64-w64-mingw32-strip --strip-unneeded win64-build/bin/*.dll - x86_64-w64-mingw32-strip win64-build/bin/*.exe - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win64-build/bin - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win64-build/lib - cp lib/includes/gnutls/*.h win64-build/lib/includes tags: - shared - docker - linux only: - tags artifacts: name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" paths: - win64-build/ retry: 1 MinGW64.DLLs.Vista+: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD script: - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" # Target Vista instead of XP, currently the default in mingw - export CPPFLAGS="-D_WIN32_WINNT=0x600" - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw64-make -j$BUILDJOBS - mingw64-make -j$BUILDJOBS -C tests check # Combine generated apps and DLLs. #libwinpthread is required by libgcc #libffi is required by libp11-kit - mkdir -p win64-build/bin win64-build/lib/includes - cp lib/.libs/*.dll src/.libs/*.exe win64-build/bin - x86_64-w64-mingw32-strip --strip-unneeded win64-build/bin/*.dll - x86_64-w64-mingw32-strip win64-build/bin/*.exe - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win64-build/bin - cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win64-build/bin - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win64-build/lib - cp lib/includes/gnutls/*.h win64-build/lib/includes tags: - shared - docker - linux only: - tags artifacts: name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" paths: - win64-build/ retry: 1 MinGW64.Vista+: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD script: - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" # Target Vista instead of XP, currently the default in mingw - export CPPFLAGS="-D_WIN32_WINNT=0x600" - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register - mkdir -p build - cd build - dash ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc # generate the certtool autogen file to check whether later compilation will modify it - mingw64-make -j$BUILDJOBS -C src certtool-args.c.bak - mingw64-make -j$BUILDJOBS - mingw64-make -j$CHECKJOBS -C tests check - cd .. # since we use --enable-local-libopts the generated files must equal the .bak - cmp build/src/certtool-args.c build/src/certtool-args.c.bak || false tags: - shared - docker - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - build/*.log - build/tests/*.log - build/tests/*/*.log retry: 1 MinGW64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD script: - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register - mkdir -p build - cd build - dash ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc # generate the certtool autogen file to check whether later compilation will modify it - mingw64-make -j$BUILDJOBS -C src certtool-args.c.bak - mingw64-make -j$BUILDJOBS - mingw64-make -j$CHECKJOBS -C tests check - cd .. # since we use --enable-local-libopts the generated files must equal the .bak - cmp build/src/certtool-args.c build/src/certtool-args.c.bak || false tags: - shared - docker - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - build/*.log - build/tests/*.log - build/tests/*/*.log retry: 1 MinGW32: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD script: - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - mkdir -p build - cd build - dash ../configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc - mingw32-make -j$BUILDJOBS - mingw32-make -j$CHECKJOBS -C tests check - cd .. tags: - shared - docker - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - build/*.log - build/tests/*.log - build/tests/*/*.log retry: 1 # That is a specific runner that we cannot enable universally. # We restrict it to builds under the $BUILD_IMAGES_PROJECT project. FreeBSD.x86_64: stage: stage1-testing image: script: - export CC="ccache clang" - ./bootstrap - export LDFLAGS="-L/usr/local/lib" - ./configure --disable-full-test-suite --cache-file cache/config.cache --disable-gcc-warnings --disable-guile --disable-doc - gmake -j$(sysctl hw.ncpu | awk '{print $2}') - gmake check -j$(sysctl hw.ncpu | awk '{print $2}') tags: - freebsd only: - branches@gnutls/gnutls except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log - tests/*/*.log retry: 1 # Two runs, one with normal backend and another with pkcs11 trust store UB+ASAN-Werror.Fedora.x86_64.gcc: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./bootstrap - export UBSAN_OPTIONS=print_stacktrace=1 - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope" - export CXXFLAGS="$CFLAGS" - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile - make -j$BUILDJOBS # Use $BUILDJOBS since the fuzzers should use mainly CPU (no blocking I/O) - make -j$BUILDJOBS check -C fuzz - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x1 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x2 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x4 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x8 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x20 - make -j$CHECKJOBS check -C tests - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration --with-default-trust-store-pkcs11="pkcs11:" --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM - make clean - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile - make -j$BUILDJOBS # Use $BUILDJOBS since most of the job is building all tests, then just running 4 tests - make -j$BUILDJOBS check -C tests TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=. tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - guile/tests/*.log - ./*.log - fuzz/*.log - tests/*.log - tests/*/*.log - tests/suite/*/*.log retry: 1 # This includes interoperability testing with gnutls 2.12.x Debian.x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD script: - ./bootstrap - mkdir -p build - cd build - dash ../configure --enable-oldgnutls-interop --disable-gcc-warnings --cache-file ../cache/config.cache --disable-doc --disable-guile LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' - make -j$BUILDJOBS - make -j$CHECKJOBS check - cd .. tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - build/guile/tests/*.log - build/*.log - build/tests/*.log - build/tests/*/*.log - build/tests/suite/*/*.log retry: 1 Debian.cross.i686-linux-gnu: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_X86_CROSS_BUILD script: - build=$(dpkg-architecture -qDEB_HOST_GNU_TYPE) - host=i686-linux-gnu # not setting CC_FOR_BUILD paired with qemu-user/binfmt somehow causes # config.guess to detect the target as the build platform and not activate # cross-compile mode even though --build is given - export CC_FOR_BUILD="ccache gcc" - export CC="ccache $host-gcc" - ./bootstrap - mkdir -p build - cd build # Debian's softhsm package is not multiarch yet. Missing softhsm libraries # for the target will cause the test suite to fail when p11-kit is enabled. - dash ../configure --build=$build --host=$host --disable-gcc-warnings --cache-file ../cache/config.cache --disable-doc --disable-guile --without-p11-kit --disable-full-test-suite - make -j$BUILDJOBS - make pic-check # Parallel tests cause random failures, likely timing errors - make -j1 check - cd .. tags: - shared - docker - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - build/guile/tests/*.log - build/*.log - build/tests/*.log - build/tests/*/*.log - build/tests/suite/*/*.log retry: 1 .Debian.cross.template: &Debian_cross_template stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_CROSS_BUILD script: - build=$(dpkg-architecture -qDEB_HOST_GNU_TYPE) - host="${CI_JOB_NAME#*.cross.}" # not setting CC_FOR_BUILD paired with qemu-user/binfmt somehow causes # config.guess to detect the target as the build platform and not activate # cross-compile mode even though --build is given - export CC_FOR_BUILD="ccache gcc" - export CC="ccache $host-gcc" - ./bootstrap - sed -i '/errno.==.EINVAL/d' gl/tests/test-strerror.c - mkdir -p build - cd build # Debian's softhsm package is not multiarch yet. Missing softhsm libraries # for the target will cause the test suite to fail when p11-kit is enabled. - dash ../configure --build=$build --host=$host --disable-gcc-warnings --cache-file ../cache/config.cache --disable-doc --disable-guile --without-p11-kit --disable-full-test-suite - make -j$BUILDJOBS # Parallel tests cause random failures, likely timing errors - make -j1 check - cd .. tags: - shared - docker - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - build/guile/tests/*.log - build/*.log - build/tests/*.log - build/tests/*/*.log - build/tests/suite/*/*.log retry: 1 Debian.cross.arm-linux-gnueabihf: <<: *Debian_cross_template Debian.cross.mips-linux-gnu: <<: *Debian_cross_template Debian.cross.aarch64-linux-gnu: <<: *Debian_cross_template nettle-master.Fedora: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git - export NETTLE_DIR=${PWD}/nettle - pushd nettle-git - ./.bootstrap - ./configure --disable-documentation --prefix=$NETTLE_DIR - make -j$BUILDJOBS - make -j$BUILDJOBS install - popd - SUBMODULE_NOFETCH=1 ./bootstrap - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-doc --disable-guile - make -j$BUILDJOBS - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$CHECKJOBS check tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - fuzz/*.log - tests/*.log - tests/*/*.log - tests/suite/*/*.log retry: 1 nettle-master-minigmp.Fedora: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git - export NETTLE_DIR=${PWD}/nettle - pushd nettle-git - ./.bootstrap - ./configure --disable-documentation --enable-mini-gmp --prefix=$NETTLE_DIR - make -j$BUILDJOBS - make -j$BUILDJOBS install - popd - SUBMODULE_NOFETCH=1 ./bootstrap - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-doc --disable-guile --disable-full-test-suite - make -j$BUILDJOBS - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$CHECKJOBS check tags: - shared - linux except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - fuzz/*.log - tests/*.log - tests/*/*.log - tests/suite/*/*.log retry: 1