Bug 1488148 - Rework CI images, r=jcj

This does some fairly major restructuring of the docker images we use for CI.
The genesis of the change is that we were pulling a version of clang that didn't
work for fuzzing tests.  It turns out that is a use case that is not
well-supported anyway, and we have open bugs on it, but this installs
workarounds for all the problems I found.

Firstly, our images were bloated.  This slims down most of the images.  The
biggest gains are in the clang-format image (down to around a fifth of its
previous size).  The main linux image we use for building and running tests is
also less than half its original size.

To achieve that, I had to make two new images.  One for all the esoteric builds
we run (we compile with multiple gcc and clang versions, and I've added some
more to that list).  That's a fairly sizeable image.  The other is for the
interop and bogo suites, where we rely on having Rust and go available.  go adds
a tidy 250Mb to an image, and Rust adds 750Mb.  Using an image with both of
those for regular builds can't be good for performance.  I didn't expect to see
real performance gains here, but the Linux build (32-bit, default config) went
from 4:18 down to 2:42 (roughly).  The bulk of that time is accounted for by
downloading the docker image, so it's clear that an optimization worth spending
the time on.

Secondly, we had a lot of custom configuration stuff in the builds.  This
removes most of that in favour of using stock Ubuntu packages from 18.04.

The one exception here is - I hope - temporary.  As noted in the bug comments,
the current release of LLVM 6 has a bug where you can't run address sanitizer on
a 32-bit machine if it has glibc 2.27 (which Ubuntu 18.04 does).  That's fairly
crippling because we need a newer version of LLVM than runs by default on Ubuntu
16.04, so we're stuck with installing a non-stock version for 32-bit runs.  I've
opted to (temporarily) run 16.04 with an LLVM from the LLVM project.

The final change, which is minor, but a little odd and worth noting: the images
now rely on "localhost.localdomain" being aliased to the local machine.  This is
something :wcosta has done for us (thanks!).  Thus, we no longer have to run as
root so that we can tweak /etc/hosts before we run.  There is a little cleanup
related to this, but nothing significant.  (The scripts still include the `su
worker` tweak for aarch64, but I've added a guard and we can remove that with
bug 1488325.)

There is still more work to be done for the HACL* and SAW builds, which use some
very strange configurations.  Also, all of the aarch64 images aren't built
automatically, so we use images from Franziskus' dockerhub account.  This is not
good.  After digging around a little, there's probably something to be done with
QEMU, but I decided that was a project for another time.

2 files changed, 25 insertions, 31 deletions

diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh
index 4c3fa57a0..62d961a29 100755
--- a/tests/chains/chains.sh
+++ b/tests/chains/chains.sh
@@ -51,13 +51,13 @@ is_httpserv_alive()
 wait_for_httpserv()
 {
   echo "trying to connect to httpserv at `date`"
-  echo "tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
-  ${BINDIR}/tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
+  echo "tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
+  ${BINDIR}/tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
   if [ $? -ne 0 ]; then
       sleep 5
       echo "retrying to connect to httpserv at `date`"
-      echo "tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
-      ${BINDIR}/tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
+      echo "tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
+      ${BINDIR}/tstclnt -4 -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
       if [ $? -ne 0 ]; then
           html_failed "Waiting for Server"
       fi
@@ -974,8 +974,8 @@ check_ocsp()
     OCSP_HOST=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
     OCSP_PORT=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/^.*:.*:\/\/.*:\([0-9]*\).*$/\1/")
 
-    echo "tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20"
-    tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20
+    echo "tstclnt -4 -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20"
+    tstclnt -4 -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20
     return $?
 }
 
diff --git a/tests/common/init.sh b/tests/common/init.sh
index 6aa22af8d..2896f1321 100644
--- a/tests/common/init.sh
+++ b/tests/common/init.sh
@@ -356,40 +356,34 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
 
 #HOST and DOMSUF are needed for the server cert
 
-    DOMAINNAME=`which domainname`
-    if [ -z "${DOMSUF}" -a $? -eq 0 -a -n "${DOMAINNAME}" ]; then
+    if [ -z "$DOMSUF" ] && hash domainname 2>/dev/null; then
         DOMSUF=`domainname`
     fi
+    # hostname -d and domainname both return (none) if hostname doesn't
+    # include a dot.  Pretend we didn't get an answer.
+    if [ "$DOMSUF" = "(none)" ]; then
+        DOMSUF=
+    fi
 
-    case $HOST in
+    if [ -z "$HOST" ]; then
+        HOST=`uname -n`
+    fi
+    case "$HOST" in
         *\.*)
-            if [ -z "${DOMSUF}" ]; then
-                DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
+            if [ -z "$DOMSUF" ]; then
+                DOMSUF="${HOST#*.}"
             fi
-            HOST=`echo $HOST | sed -e "s/\..*//"`
+            HOST="${HOST%%.*}"
             ;;
         ?*)
             ;;
         *)
-            HOST=`uname -n`
-            case $HOST in
-                *\.*)
-                    if [ -z "${DOMSUF}" ]; then
-                        DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
-                    fi
-                    HOST=`echo $HOST | sed -e "s/\..*//"`
-                    ;;
-                ?*)
-                    ;;
-                *)
-                    echo "$SCRIPTNAME: Fatal HOST environment variable is not defined."
-                    exit 1 #does not need to be Exit, very early in script
-                    ;;
-            esac
+            echo "$SCRIPTNAME: Fatal HOST environment variable is not defined."
+            exit 1 #does not need to be Exit, very early in script
             ;;
     esac
 
-    if [ -z "${DOMSUF}" -a "${OS_ARCH}" != "Android" ]; then
+    if [ -z "$DOMSUF" -a "$OS_ARCH" != "Android" ]; then
         echo "$SCRIPTNAME: Fatal DOMSUF env. variable is not defined."
         exit 1 #does not need to be Exit, very early in script
     fi
@@ -397,8 +391,8 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
 #HOSTADDR was a workaround for the dist. stress test, and is probably
 #not needed anymore (purpose: be able to use IP address for the server
 #cert instead of PC name which was not in the DNS because of dyn IP address
-    if [ -z "$USE_IP" -o "$USE_IP" != "TRUE" ] ; then
-        if [ -z "${DOMSUF}" ]; then
+    if [ "$USE_IP" != "TRUE" ] ; then
+        if [ -z "$DOMSUF" ]; then
             HOSTADDR=${HOST}
         else
             HOSTADDR=${HOST}.${DOMSUF}
@@ -595,7 +589,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
         P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
         P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
         P_R_IMPLICIT_INIT_DIR="multiaccess:${D_IMPLICIT_INIT}"
-	P_R_RSAPSSDIR="multiaccess:${D_RSAPSS}"
+        P_R_RSAPSSDIR="multiaccess:${D_RSAPSS}"
     fi
 
     R_PWFILE=../tests.pw