From patchwork Wed May 18 23:31:53 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 2479
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.27.255.58])
	by backend41.mail.ord1d.rsapps.net with LMTP
	id IBe8OcsOhmIhYgAAqwncew
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 19 May 2022 05:32:59 -0400
Received: from proxy18.mail.iad3a.rsapps.net ([172.27.255.58])
	by director12.mail.ord1d.rsapps.net with LMTP
	id +PktEswOhmJVegAAIasKDg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 19 May 2022 05:33:00 -0400
Received: from smtp13.gate.iad3a ([172.27.255.58])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy18.mail.iad3a.rsapps.net with LMTPS
	id 0ADOC8wOhmIvLQAAon3hFg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Thu, 19 May 2022 05:33:00 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp13.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Suspicious-Flag: YES
X-Classification-ID: ab954580-d756-11ec-aa06-5254004b83b1-1-1
Received: from [216.105.38.7] ([216.105.38.7:40026]
 helo=lists.sourceforge.net)
	by smtp13.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id BD/E6-16634-BCE06826; Thu, 19 May 2022 05:32:59 -0400
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1nrcVq-00073K-CA; Thu, 19 May 2022 09:32:05 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
 (envelope-from <a@unstable.cc>) id 1nrcVp-000739-7K
 for openvpn-devel@lists.sourceforge.net; Thu, 19 May 2022 09:32:04 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=uw4aijOdz7DLqYr3RUF4PT5qBbK4+yOPaqxEFEGjAxo=; b=lVtjgMxK5VsJYKRIAZXU6JvpXc
 jD5kCdB8UEuq94Ba/v9k6Hv/2w+4fU1mE9rKl+xyP/+XBkVMBz+oDPoJVDe9FbImJw+LA+n9Q/IiI
 8VENrWWXkhEo/5rtv+ePD1+5voQXpWozRop0ZI13vGFKsCkj46MM6dw0RUcKi8ILijMU=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=uw4aijOdz7DLqYr3RUF4PT5qBbK4+yOPaqxEFEGjAxo=; b=YM2rjere1XyP8zHB7c7FOmeoD3
 m1ZqkeeEOqI3NM/MhARnkMwG35GkSuyRcVpc3Ju7QUsXf83UcJsMJi12+soWVvDaTmXh8JQkOlpsD
 AmethTiPl2dtacGXr7edlIQZAba8KUvil0I0GMw8CB8ev0KEYH4aW6atdptWPfzHkvFU=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2)
 id 1nrcVm-008khG-TM
 for openvpn-devel@lists.sourceforge.net; Thu, 19 May 2022 09:32:04 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Thu, 19 May 2022 11:31:53 +0200
Message-Id: <20220519093153.18944-5-a@unstable.cc>
In-Reply-To: <20220519093153.18944-1-a@unstable.cc>
References: <20220519093153.18944-1-a@unstable.cc>
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Signed-off-by: Antonio Quartulli <a@unstable.cc> ---
 .gitlab-ci.yml
 | 182 +++++++++++++++++++++++++++++++++++++++++ .gitlab/build-check.sh |
 23 ++++++ .gitlab/build-deps.sh | 157 +++++++++++++++++++++ [...]
 Content analysis details:   (0.1 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS
 blocklist [URIs: build.openvpn.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-Headers-End: 1nrcVm-008khG-TM
Subject: [Openvpn-devel] [PATCH v3 5/5] Add support for GitLab CI
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
 .gitlab-ci.yml         | 182 +++++++++++++++++++++++++++++++++++++++++
 .gitlab/build-check.sh |  23 ++++++
 .gitlab/build-deps.sh  | 157 +++++++++++++++++++++++++++++++++++
 3 files changed, 362 insertions(+)
 create mode 100644 .gitlab-ci.yml
 create mode 100755 .gitlab/build-check.sh
 create mode 100755 .gitlab/build-deps.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 00000000..fe25eb48
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,182 @@
+stages:
+  - test
+
+variables:
+  JOBS: 3
+  PREFIX: ${CI_PROJECT_DIR}/builds
+  TAP_WINDOWS_VERSION: 9.24.6
+  LZO_VERSION: "2.10"
+  PKCS11_HELPER_VERSION: "1.22"
+  MBEDTLS_VERSION: "2.26.0"
+  MBEDTLS_CFLAGS: -I${CI_PROJECT_DIR}/builds/include
+  MBEDTLS_LIBS: -L${CI_PROJECT_DIR}/builds/lib -lmbedtls -lmbedx509 -lmbedcrypto
+  OPENSSL_VERSION: 1.1.1m
+  OPENSSL_CFLAGS: -I${CI_PROJECT_DIR}/builds/include
+  OPENSSL_LIBS: -L${CI_PROJECT_DIR}/builds/lib -lssl -lcrypto
+  SSLLIB: "openssl"
+
+default:
+  image: gcc:latest
+
+  before_script:
+    - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html build-essential python
+    - .gitlab/build-deps.sh
+
+  cache:
+    key: ${CI_JOB_NAME}
+    paths:
+      - download-cache/
+      - ${PREFIX}/
+
+dco:
+  variables:
+    EXTRA_CONFIG: "--enable-dco"
+  before_script:
+    - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html build-essential python libnl-genl-3-dev
+    - .gitlab/build-deps.sh
+  script:
+    - .gitlab/build-check.sh
+
+mtls-latest:
+  variables:
+    SSLLIB: "mbedtls"
+  script:
+    - .gitlab/build-check.sh
+
+mtls-2_16_11:
+  variables:
+    MBEDTLS_VERSION: "2.16.11"
+    SSLLIB: "mbedtls"
+  script:
+    - .gitlab/build-check.sh
+
+mtls-2_7_19:
+  variables:
+    MBEDTLS_VERSION: "2.7.19"
+    SSLLIB: "mbedtls"
+  script:
+    - .gitlab/build-check.sh
+
+ossl:
+  variables:
+    SSLLIB: "openssl"
+    EXTRA_SCRIPT: "make distcheck"
+  artifacts:
+    paths:
+      - src/openvpn/openvpn
+  before_script:
+    - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev liblz4-dev build-essential unzip python3-docutils libssl-dev
+  script:
+    - .gitlab/build-check.sh
+
+ossl-gcc9:
+  image: gcc:9
+  script:
+    - .gitlab/build-check.sh
+
+ossl-fedora-latest:
+  image: fedora:latest
+  before_script:
+    - yum -y install libtool openssl-devel lzo-devel pam-devel lz4-devel man2html python gcc make autoconf automake wget
+  script:
+    - .gitlab/build-check.sh
+
+ossl-rockylinux-latest:
+  image: rockylinux:latest
+  before_script:
+    - yum -y install epel-release
+    - yum -y install libtool openssl-devel lzo-devel pam-devel lz4-devel man2html python39 gcc make autoconf automake wget
+  script:
+    - .gitlab/build-check.sh
+
+ossl-1_1_0:
+  variables:
+    OPENSSL_VERSION: "1.1.0l"
+  script:
+    - .gitlab/build-check.sh
+
+ossl-1_0_2:
+  variables:
+    OPENSSL_VERSION: "1.0.2u"
+  script:
+    - .gitlab/build-check.sh
+
+
+#ossl-sanitizeaddr:
+#  variables:
+#    CFLAGS: "-fsanitize=address"
+#  script:
+#    - .gitlab/build-check.sh
+
+ossl-sanitizeleak:
+  variables:
+    CFLAGS: "-fsanitize=leak"
+  script:
+    - .gitlab/build-check.sh
+
+ossl-sanitizeundef:
+  variables:
+    CFLAGS: "-fsanitize=undefined"
+  script:
+    - .gitlab/build-check.sh
+
+ossl-win64:
+  variables:
+    CHOST: "x86_64-w64-mingw32"
+    EXTRA_CONFIG: "--disable-lz4"
+  artifacts:
+    paths:
+      - src/openvpn/openvpn.exe
+    name: "openvpn_win64-${CI_COMMIT_REF_SLUG}"
+  before_script:
+    - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev build-essential mingw-w64 unzip man2html
+    - .gitlab/build-deps.sh
+  script:
+    - .gitlab/build-check.sh
+
+ossl-win32:
+  variables:
+    CHOST: "i686-w64-mingw32"
+    EXTRA_CONFIG: "--disable-lz4"
+  before_script:
+    - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev build-essential mingw-w64 unzip man2html
+    - .gitlab/build-deps.sh
+  script:
+    - .gitlab/build-check.sh
+
+mtls-iproute2:
+  variables:
+    SSLLIB: "mbedtls"
+    EXTRA_CONFIG: "--enable-iproute2"
+  before_script:
+    - apt-get update -qq && apt-get install -y -qq liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html build-essential iproute2 python
+    - .gitlab/build-deps.sh
+  script:
+    - .gitlab/build-check.sh
+
+ossl-nolzo:
+  before_script:
+    - apt-get update -qq && apt-get install -y -qq libpam0g-dev liblz4-dev build-essential unzip
+    - .gitlab/build-deps.sh
+  variables:
+    EXTRA_CONFIG: "--disable-lzo"
+  script:
+    - .gitlab/build-check.sh
+
+ossl-small:
+  variables:
+    EXTRA_CONFIG: "--enable-small"
+  script:
+    - .gitlab/build-check.sh
+
+ossl-asyncpush:
+  variables:
+    EXTRA_CONFIG: "--enable-async-push"
+  script:
+    - .gitlab/build-check.sh
+
+ossl-no-mgmt:
+  variables:
+    EXTRA_CONFIG: "--disable-management"
+  script:
+    - .gitlab/build-check.sh
diff --git a/.gitlab/build-check.sh b/.gitlab/build-check.sh
new file mode 100755
index 00000000..7ecb4255
--- /dev/null
+++ b/.gitlab/build-check.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+set -eux
+
+export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH:-}"
+
+autoreconf -vi
+
+if [ -z ${CHOST+x} ]; then
+	./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG:-} || (cat config.log && exit 1)
+	make -j$JOBS
+	src/openvpn/openvpn --version || true
+	ldd src/openvpn/openvpn
+	make check
+	${EXTRA_SCRIPT:-}
+else
+	export TAP_CFLAGS="-I${PWD}/tap-windows-${TAP_WINDOWS_VERSION}/include"
+	export LZO_CFLAGS="-I${PREFIX}/include"
+	export LZO_LIBS="-L${PREFIX}/lib -llzo2"
+	export PKCS11_HELPER_LIBS="-L${PREFIX}/lib -lpkcs11-helper"
+	export PKCS11_HELPER_CFLAGS="-I${PREFIX}/include"
+	./configure --with-crypto-library="${SSLLIB}" --host=${CHOST} --build=x86_64-pc-linux-gnu --enable-pkcs11 --disable-plugins ${EXTRA_CONFIG:-} || (cat config.log && exit 1)
+	make -j${JOBS}
+fi
diff --git a/.gitlab/build-deps.sh b/.gitlab/build-deps.sh
new file mode 100755
index 00000000..d92158be
--- /dev/null
+++ b/.gitlab/build-deps.sh
@@ -0,0 +1,157 @@
+#!/bin/sh
+set -eux
+
+# Set defaults
+PREFIX="${PREFIX:-${HOME}/opt}"
+
+download_tap_windows () {
+    if [ ! -f "download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip" ]; then
+       wget -P download-cache/ \
+           "http://build.openvpn.net/downloads/releases/tap-windows-${TAP_WINDOWS_VERSION}.zip"
+    fi
+}
+
+download_lzo () {
+    if [ ! -f "download-cache/lzo-${LZO_VERSION}.tar.gz" ]; then
+        wget -P download-cache/ \
+            "http://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz"
+    fi
+}
+
+build_lzo () {
+    if [ "$(cat ${PREFIX}/.lzo-version)" != "${LZO_VERSION}" ]; then
+        tar zxf download-cache/lzo-${LZO_VERSION}.tar.gz
+        (
+            cd "lzo-${LZO_VERSION}"
+
+            ./configure --host=${CHOST} --program-prefix='' \
+                --libdir=${PREFIX}/lib --prefix=${PREFIX} --build=x86_64-pc-linux-gnu
+            make all install
+        )
+        echo "${LZO_VERSION}" > "${PREFIX}/.lzo-version"
+    fi
+}
+
+download_pkcs11_helper () {
+    if [ ! -f "pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" ]; then
+        wget -P download-cache/ \
+            "https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2"
+    fi
+}
+
+build_pkcs11_helper () {
+    if [ "$(cat ${PREFIX}/.pkcs11_helper-version)" != "${PKCS11_HELPER_VERSION}" ]; then
+        tar jxf download-cache/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2
+        (
+            cd "pkcs11-helper-${PKCS11_HELPER_VERSION}"
+
+            ./configure --host=${CHOST} --program-prefix='' --libdir=${PREFIX}/lib \
+                 --prefix=${PREFIX} --build=x86_64-pc-linux-gnu \
+                 --disable-crypto-engine-gnutls \
+                 --disable-crypto-engine-nss \
+                 --disable-crypto-engine-polarssl \
+                 --disable-crypto-engine-mbedtls
+            make all install
+         )
+         echo "${PKCS11_HELPER_VERSION}" > "${PREFIX}/.pkcs11_helper-version"
+    fi
+}
+
+download_mbedtls () {
+    if [ ! -f "download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz" ]; then
+	    wget "https://github.com/ARMmbed/mbedtls/archive/refs/tags/v${MBEDTLS_VERSION}.tar.gz" \
+	    -O download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+    fi
+}
+
+build_mbedtls () {
+    if [ "$(cat ${PREFIX}/.mbedtls-version)" != "${MBEDTLS_VERSION}" ]; then
+        tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+        (
+            cd "mbedtls-${MBEDTLS_VERSION}"
+            make
+            make install DESTDIR="${PREFIX}"
+        )
+	echo "${MBEDTLS_VERSION}" > "${PREFIX}/.mbedtls-version"
+    fi
+}
+
+download_openssl () {
+    if [ ! -f "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" ]; then
+        wget -P download-cache/ \
+            "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz"
+    fi
+}
+
+build_openssl_linux () {
+    (
+        cd "openssl-${OPENSSL_VERSION}/"
+        ./config shared --prefix="${PREFIX}" --openssldir="${PREFIX}" -DPURIFY
+        make all install_sw
+    )
+}
+
+build_openssl_osx () {
+    (
+        cd "openssl-${OPENSSL_VERSION}/"
+        ./Configure darwin64-x86_64-cc shared \
+            --prefix="${PREFIX}" --openssldir="${PREFIX}" -DPURIFY
+        make depend all install_sw
+    )
+}
+
+build_openssl_mingw () {
+    (
+        cd "openssl-${OPENSSL_VERSION}/"
+
+        if [ "${CHOST}" = "i686-w64-mingw32" ]; then
+            export TARGET=mingw
+        elif [ "${CHOST}" = "x86_64-w64-mingw32" ]; then
+            export TARGET=mingw64
+        fi
+
+        ./Configure --cross-compile-prefix=${CHOST}- shared \
+           ${TARGET} no-capieng --prefix="${PREFIX}" --openssldir="${PREFIX}" -static-libgcc
+        make install
+    )
+}
+
+build_openssl () {
+    if [ "$(cat ${PREFIX}/.openssl-version)" != "${OPENSSL_VERSION}" ]; then
+        tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz"
+        if [ ! -z ${CHOST+x} ]; then
+            build_openssl_mingw
+        else
+            build_openssl_linux
+        fi
+        echo "${OPENSSL_VERSION}" > "${PREFIX}/.openssl-version"
+    fi
+}
+
+mkdir -p ${PREFIX}
+mkdir -p download-cache
+
+# Download and build crypto lib
+if [ "${SSLLIB}" = "openssl" ]; then
+    download_openssl
+    build_openssl
+elif [ "${SSLLIB}" = "mbedtls" ]; then
+    download_mbedtls
+    build_mbedtls
+else
+    echo "Invalid crypto lib: ${SSLLIB}"
+    exit 1
+fi
+
+# Download and build dependencies for mingw cross build
+# dependencies are the same as in regular windows installer build
+if [ ! -z ${CHOST+x} ]; then
+      download_tap_windows
+      unzip download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip
+
+      download_lzo
+      build_lzo
+
+      download_pkcs11_helper
+      build_pkcs11_helper
+fi