代码拉取完成,页面将自动刷新
stages:
- bootstrap
- build
- test
- archive
variables:
GIT_SUBMODULE_STRATEGY: recursive
# we utilize the images generated by the build-images project, to
# speed up CI runs. We also use ccache and store config.cache
# to speed up compilation. We include a version number in cache
# name to allow expiration of old caches.
BUILD_IMAGES_PROJECT: gnutls/build-images
DEBIAN_BUILD: buildenv-debian-testing
FEDORA_BUILD: buildenv-fedora38
FEDORA_CROSS_BUILD: buildenv-cross-fedora38
MINGW_BUILD: buildenv-mingw-fedora38
ALPINE_BASE_BUILD: buildenv-alpine-base
COMPILER: gcc
CPPCHECK_OPTIONS: "--enable=warning --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'"
GET_SOURCES_ATTEMPTS: "3"
# With just one virtual core, parallel builds only make sense when
# I/O wait is involved. If too many parallel builds are used, the overall
# time even increases (e.g. due to more cache misses).
# $BUILDJOBS seems to be best with $(nproc)+1, while $CHECKJOBS can be much
# higher because several tests have a large I/O waiting time.
# The numbers are hard-coded for the platforms without the nproc command.
BUILDJOBS: 2
CHECKJOBS: 16
cache:
key: "$CI_JOB_NAME-ver32"
paths:
- cache/
.prepare-ccache: &prepare-ccache
# CCache Config
- mkdir -p cache
- export CCACHE_BASEDIR=${PWD}
- export CCACHE_DIR=${PWD}/cache
- export CCACHE_FILE=${CCACHE_DIR}/config.cache
- export CC="ccache $COMPILER"
default:
before_script:
- *prepare-ccache
- |
if test -e stamp.pre-bootstrap; then
devel/preserve-timestamp --restore stamp.pre-bootstrap
fi
after_script:
# after_script is executed in separate shell
- *prepare-ccache
- ccache -s
interruptible: true
.bootstrap:
stage: bootstrap
tags:
- shared
- linux
script:
- devel/preserve-timestamp stamp.pre-bootstrap
- SUBMODULE_NOFETCH=1 ./bootstrap --copy --skip-po
artifacts:
expire_in: 1 day
untracked: true
.build:
stage: build
tags:
- shared
- linux
except:
- tags # TODO
artifacts:
expire_in: 1 day
untracked: true
.test:
stage: test
script:
- make -j$CHECKJOBS check
tags:
- shared
- linux
except:
- tags # TODO
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./**/*.log
.fedora:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
.fedora-cross:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_CROSS_BUILD
.fedora-nettle:
extends:
- .fedora
variables:
COMPILER: clang
NETTLE_DIR: nettle
.debian:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD
.mingw:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD
variables:
COMPILER: "${arch_name}-w64-mingw32-gcc"
CFLAGS: "-fstack-protector"
CXXFLAGS: "-fstack-protector"
LDFLAGS: "-fstack-protector"
WINEPATH: "/usr/${arch_name}-w64-mingw32/sys-root/mingw/bin"
before_script:
- *prepare-ccache
- |
if test -e stamp.pre-bootstrap; then
devel/preserve-timestamp --restore stamp.pre-bootstrap
fi
- mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
- echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
.mingw-vista:
variables:
# Target Vista instead of XP, currently the default in mingw
CPPFLAGS: "-D_WIN32_WINNT=0x600"
.mingw32:
extends:
- .mingw
variables:
arch_bits: 32
arch_name: i686
.mingw64:
extends:
- .mingw
variables:
arch_bits: 64
arch_name: x86_64
##############################################################################
############# Standalone checks without dependencies #########################
##############################################################################
commit-check:
stage: .pre
variables:
GIT_SUBMODULE_STRATEGY: none
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BASE_BUILD
before_script: []
after_script: []
except:
- master@gnutls/gnutls
cache: {}
script:
# we want $ALPINE_BASE_BUILD without git, so we are adding it here
- apk add git bash grep clang16-extra-tools
- devel/check_if_signed
- PATH=/usr/lib/llvm16/bin:$PATH devel/indent-gnutls
- devel/check-headers.sh
- git diff --exit-code # nothing should change version controlled files
retry: 0
doc-dist.Fedora:
extends:
- .test
- .fedora
needs:
- fedora/bootstrap
script:
- CFLAGS="-std=c99 -O2 -g" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS -C doc stamp-vti
- make -j$BUILDJOBS -C doc stamp_enums
- make -j$BUILDJOBS
- make -j$BUILDJOBS -C doc gnutls.html
- texconfig rehash
- make -j$BUILDJOBS -C doc/latex gnutls.pdf
- DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print))
- PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub
- make -j$CHECKJOBS distcheck
# Two runs, one with normal backend and another with pkcs11 trust store
UB+ASAN-Werror.Fedora.x86_64.gcc:
extends:
- .test
- .fedora
needs:
- fedora/bootstrap
script:
- export UBSAN_OPTIONS=print_stacktrace=1
- export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
- export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope"
- export CXXFLAGS="$CFLAGS"
- dash ./configure --cache-file $CCACHE_FILE --disable-doc --with-pkcs12-iter-count=10000
- sed -i 's/-fanalyzer//g' lib/Makefile
- sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
- make -j$BUILDJOBS
# Use $BUILDJOBS since the fuzzers should use mainly CPU (no blocking I/O)
- make -j$BUILDJOBS check -C fuzz
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x1
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x2
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x4
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x8
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x20
- make -j$CHECKJOBS check -C tests
- dash ./configure --cache-file $CCACHE_FILE --disable-doc --with-pkcs12-iter-count=10000 --with-default-trust-store-pkcs11="pkcs11:" --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM
- make clean
- sed -i 's/-fanalyzer//g' lib/Makefile
- sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
- make -j$BUILDJOBS
# Use $BUILDJOBS since most of the job is building all tests, then just running 4 tests
- make -j$BUILDJOBS check -C tests TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=.
tags:
- shared
- linux
except:
- tags
# Same as UB+ASAN-Werror.Fedora.x86_64.gcc, except -DAGGRESSIVE_REALLOC is set
UB+ASAN-Werror-aggressive.Fedora.x86_64.gcc:
extends:
- .test
- .fedora
needs:
- fedora/bootstrap
script:
- export UBSAN_OPTIONS=print_stacktrace=1
- export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
- export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope -DAGGRESSIVE_REALLOC"
- export CXXFLAGS="$CFLAGS"
- dash ./configure --cache-file $CCACHE_FILE --disable-doc --with-pkcs12-iter-count=10000
- sed -i 's/-fanalyzer//g' lib/Makefile
- sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
- make -j$BUILDJOBS
# Use $BUILDJOBS since the fuzzers should use mainly CPU (no blocking I/O)
- make -j$BUILDJOBS check -C fuzz
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x1
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x2
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x4
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x8
- make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x20
- make -j$CHECKJOBS check -C tests
- dash ./configure --cache-file $CCACHE_FILE --disable-doc --with-pkcs12-iter-count=10000 --with-default-trust-store-pkcs11="pkcs11:" --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM
- make clean
- sed -i 's/-fanalyzer//g' lib/Makefile
- sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
- make -j$BUILDJOBS
# Use $BUILDJOBS since most of the job is building all tests, then just running 4 tests
- make -j$BUILDJOBS check -C tests TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=.
tags:
- shared
- linux
except:
- tags
##############################################################################
########################### Fedora pipelines #################################
##############################################################################
fedora/bootstrap:
extends:
- .bootstrap
- .fedora
fedora-notools/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
script:
- dash ./configure --cache-file $CCACHE_FILE --disable-gcc-warnings --disable-full-test-suite --disable-doc --disable-tools --enable-tests --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS
# build tests, but don't execute them
- make -j$BUILDJOBS check TESTS=""
fedora-notools/test:
extends:
- .test
- .fedora
dependencies:
- fedora-notools/build
needs:
- fedora-notools/build
fedora-minimal/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
script:
- dnf remove -y libunistring-devel libtasn1-devel libidn-devel
- dnf install -y libtasn1-tools
- dash ./configure --cache-file $CCACHE_FILE --with-included-libtasn1
--disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-tests
--disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication
--disable-anon-authentication --disable-dhe --disable-ecdhe
--disable-ocsp --disable-non-suiteb-curves --with-included-unistring
--disable-nls --disable-libdane --without-p11-kit --without-tpm --without-tpm2
--disable-ssl3-support --disable-ssl2-support --disable-doc --enable-openssl-compatibility
--disable-gcc-warnings --with-system-priority-file=""
--disable-gost
--with-pkcs12-iter-count=10000
- make -j$BUILDJOBS
# build tests, but don't execute them
- make -j$BUILDJOBS check TESTS=""
fedora-minimal/test:
extends:
- .test
- .fedora
dependencies:
- fedora-minimal/build
needs:
- fedora-minimal/build
# using same configure arguments as in Fedora RPM build
fedora/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
script:
- dnf install -y libunistring-devel libtasn1-devel libidn-devel
- ./configure --cache-file $CCACHE_FILE --disable-doc
--program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr
--bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec
--localstatedir=/var --runstatedir=/run --sharedstatedir=/var/lib
--mandir=/usr/share/man --infodir=/usr/share/info
--enable-fips140-mode
--with-fips140-module-name='Fedora Linux 39 gnutls'
--with-fips140-module-version=$(git describe)
--enable-gost --enable-sha1-support --disable-static --disable-openssl-compatibility
--disable-non-suiteb-curves
--with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config
--with-default-trust-store-pkcs11='pkcs11:'
--without-tpm --with-tpm2 --enable-ktls
--htmldir=/usr/share/doc/manual
--with-unbound-root-key-file=/var/lib/unbound/root.key
--enable-libdane --without-zlib --without-brotli --without-zstd --disable-rpath
--with-default-priority-string=@SYSTEM
- make -j$BUILDJOBS
# build tests, but don't execute them
- make -j$BUILDJOBS check TESTS=""
fedora/test:
extends:
- .test
- .fedora
dependencies:
- fedora/build
needs:
- fedora/build
script:
- |
cat > /etc/crypto-policies/local.d/gnutls-ktls.config <<EOF
[global]
ktls = true
EOF
update-crypto-policies
echo "SYSTEM=NORMAL" >> tests/system.prio
- make -j$CHECKJOBS check
fedora-interop/test:
extends:
- .test
- .fedora
dependencies:
- fedora/build
needs:
- fedora/build
parallel:
matrix:
- COMPONENT: openssl
TYPE: [2way, 3way, basic, other]
SLICEID: 0
SLICES: 1
- COMPONENT: nss # a duplicate component to prevent slicing of incompatible tests
TYPE: other
SLICEID: 0
SLICES: 1
- COMPONENT: nss
TYPE: 2way
SLICEID: [0, 1]
SLICES: 2
timeout: 45 minutes
allow_failure: true
script:
- export PATH=$CI_PROJECT_DIR/src:$PATH
- echo "PATH=$PATH"
- which gnutls-cli gnutls-serv
- cd tests/suite/tls-interoperability/
- echo "Tests to run:"
- tmt run plans -n interop tests -f "tag:interop-gnutls" -f "tag:interop-$TYPE" -f "tag:interop-$COMPONENT" discover -v
- echo "Slicing SLICE_TOTAL=$SLICES SLICE_ID=$SLICEID"
- echo "Run the tests:"
- tmt run -a -e "SLICE_TOTAL=$SLICES" -e "SLICE_ID=$SLICEID" plans -n interop tests -f "tag:interop-gnutls" -f "tag:interop-$TYPE" -f "tag:interop-$COMPONENT" provision -h local execute -h tmt --interactive
- if [[ $PATH != $CI_PROJECT_DIR/src:* ]]; then echo "Wrong PATH=$PATH"; false; fi
fedora-SSL-3.0/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
script:
- update-crypto-policies --set LEGACY
- dash ./configure --disable-tls13-interop --disable-gcc-warnings --cache-file $CCACHE_FILE --enable-sha1-support --enable-ssl3-support --enable-seccomp-tests --disable-doc --disable-strict-der-time --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS
# build tests, but don't execute them
- make -j$BUILDJOBS check TESTS=""
fedora-SSL-3.0/test:
extends:
- .test
- .fedora
dependencies:
- fedora-SSL-3.0/build
needs:
- fedora-SSL-3.0/build
fedora-FIPS140-2/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
script:
- dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --disable-non-suiteb-curves --enable-fips140-mode --disable-doc --disable-full-test-suite --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS
# build tests, but don't execute them
- GNUTLS_FORCE_FIPS_MODE=1 make -j$BUILDJOBS check TESTS=""
fedora-FIPS140-2/test:
extends:
- .test
- .fedora
dependencies:
- fedora-FIPS140-2/build
needs:
- fedora-FIPS140-2/build
script:
- GNUTLS_FORCE_FIPS_MODE=1 make -j$CHECKJOBS check
.fedora-nettle/build:
extends:
- .build
- .fedora-nettle
needs:
- fedora/bootstrap
script:
- git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git
- pushd nettle-git
- rm -rf .git # for artifacts:untracked to work
- ./.bootstrap
- ./configure --disable-documentation --prefix=${PWD}/$NETTLE_DIR $NETTLE_CONFIGURE_ARGS
- make -j$BUILDJOBS
- make -j$BUILDJOBS install
- popd
- PKG_CONFIG_PATH=${PWD}/nettle-git/$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-full-test-suite --disable-doc --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS
- make -j$BUILDJOBS check TESTS=""
.fedora-nettle/test:
extends:
- .test
- .fedora-nettle
fedora-nettle/build:
extends:
- .fedora-nettle/build
variables:
NETTLE_CONFIGURE_ARGS: ""
fedora-nettle/test:
extends:
- .fedora-nettle/test
dependencies:
- fedora-nettle/build
needs:
- fedora-nettle/build
script:
- PKG_CONFIG_PATH=${PWD}/nettle-git/$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=${PWD}/nettle-git/$NETTLE_DIR/lib64 make -j$CHECKJOBS check
fedora-nettle-minigmp/build:
extends:
- .fedora-nettle/build
variables:
NETTLE_CONFIGURE_ARGS: "--enable-mini-gmp"
fedora-nettle-minigmp/test:
extends:
- .fedora-nettle/test
dependencies:
- fedora-nettle-minigmp/build
needs:
- fedora-nettle-minigmp/build
script:
# prolong timeout a bit as minigmp build is slow
- PKG_CONFIG_PATH=${PWD}/nettle-git/$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=${PWD}/nettle-git/$NETTLE_DIR/lib64 GNUTLS_TEST_TIMEOUT=600000 make -j$CHECKJOBS check
timeout: 3h
fedora-threadsan/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
script:
- CFLAGS="-fsanitize=thread -g -O2" CXXFLAGS=$CFLAGS
dash ./configure --disable-gcc-warnings --disable-doc --cache-file $CCACHE_FILE --disable-non-suiteb-curves --enable-fips140-mode --disable-full-test-suite --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS
- make -j$BUILDJOBS -C tests check SUBDIRS=. TESTS="" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1
fedora-threadsan/test:
extends:
- .test
- .fedora
dependencies:
- fedora-threadsan/build
needs:
- fedora-threadsan/build
script:
- make -j$CHECKJOBS -C tests check SUBDIRS=. TESTS="tls-pthread dtls-pthread fips-mode-pthread rng-pthread" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1
fedora-static-analyzers/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
#TODO originally, before_script was set to "/bin/true".. is there a reason not to create the cache?
script:
- scan-build ./configure --cache-file $CCACHE_FILE --disable-doc --enable-fips140-mode --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS syntax-check gnulib_dir=$GNULIB_SRCDIR
- make -j$BUILDJOBS -C gl
- scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C lib
- scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C libdane
- make -j$BUILDJOBS -C src/gl
- scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C src
#TODO originally, after_script was set to "/bin/true".. is there a reason not to create the cache?
# FIXME: we disable this, as cppcheck currently hangs at the usage of
# Gnulib's <intprops.h>: <https://trac.cppcheck.net/ticket/10192>.
#
# fedora-static-analyzers/test:
# extends:
# - .test
# - .fedora
# dependencies:
# - fedora-static-analyzers/build
# needs:
# - fedora-static-analyzers/build
# cache:
# paths:
# - cache/cppcheck
# script:
# - mkdir -p cache/cppcheck
# - cppcheck --cppcheck-build-dir=cache/cppcheck --force -q -Ilib/includes -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring -i lib/minitasn1 -i lib/nettle/backport -i lib/nettle/ecc -j2 $CPPCHECK_OPTIONS
# - cppcheck --cppcheck-build-dir=cache/cppcheck --force -q -Ilib/includes -Igl/ -Ilibdane/ -I. --error-exitcode=1 libdane/ -j2 $CPPCHECK_OPTIONS
# timeout: 3h
# TODO this does not work, so we keep using old job doc-dist.Fedora
# Keeping it here until I figure it out.
#fedora-docdist/build:
# extends:
# - .build
# - .fedora
# script:
# - SUBMODULE_NOFETCH=1 ./bootstrap
# - CFLAGS="-std=c99 -O2 -g" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode
# - make -j$BUILDJOBS -C doc stamp-vti
# - make -j$BUILDJOBS -C doc stamp_enums
# - make -j$BUILDJOBS
# - make -j$BUILDJOBS -C doc gnutls.html
# - make -j$BUILDJOBS -C doc/latex gnutls.pdf
# - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print))
# - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub
# # we don't throw away intermediate compilation results as /test job does some compiling, too
# artifacts:
# expire_in: 1 day
# paths:
# - ./
# exclude:
# - .git/ # passing forward .git causes warnings and possibly problems
# - ./**/.git/ # passing forward .git causes warnings and possibly problems
#
#fedora-docdist/test:
# extends:
# - .test
# - .fedora
# dependencies:
# - fedora-docdist/build
# needs:
# - fedora-docdist/build
# script: # shall we separate it to two jobs?
# - export CFLAGS="-std=c99 -O2 -g"
# - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print))
# - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub
# - make -j$CHECKJOBS distcheck
fedora-abicoverage/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
script:
- CFLAGS="-g -Og" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --enable-code-coverage --disable-maintainer-mode --disable-doc --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS
- make -j$BUILDJOBS check TESTS=""
tags:
- shared
- linux
except:
- tags
fedora-abicoverage/test:
extends:
- .test
- .fedora
dependencies:
- fedora-abicoverage/build
needs:
- fedora-abicoverage/build
script:
- make abi-check
- make pic-check
- make -j$CHECKJOBS check
- gcovr --xml-pretty --exclude-unreachable-branches --print-summary -o coverage.xml --root ${CI_PROJECT_DIR}
- if objdump -R lib/.libs/libgnutls.so | grep INTERNAL ; then false ; fi
coverage: /^\s*lines:\s*\d+.\d+\%/
artifacts:
expire_in: 1 week
reports:
coverage_report:
coverage_format: cobertura
path: coverage.xml
when: on_failure
paths:
- ./*.xml
- ./*.log
- ./**/*.log
- gnutls-prev-abi.tmp/
- compat_reports/
fedora-cross/bootstrap:
extends:
- .bootstrap
- .fedora-cross
.fedora-cross/build:
extends:
- .build
script:
- build=$(build-aux/config.guess)
- host=$(echo $CI_JOB_NAME |cut -d/ -f2)
- echo "host is $host"
- export PKG_CONFIG_PATH=/usr/$host/sys-root/lib64/pkgconfig:/usr/$host/sys-root/lib/pkgconfig
- export PKG_CONFIG_SYSROOT_DIR=/usr/$host/sys-root
- export CC="ccache $host-gcc"
- ./configure --host=$host --build=$build --disable-gcc-warnings
--cache-file $CCACHE_FILE --disable-doc --disable-cxx
--disable-full-test-suite --with-pkcs12-iter-count=10000
- make -j$BUILDJOBS
# build tests, but don't execute them
- make -j$BUILDJOBS -C tests check TESTS=""
tags:
- shared
- docker
- linux
.fedora-cross/test:
extends:
- .test
script:
- host=$(echo $CI_JOB_NAME |cut -d/ -f2)
- arch=$(echo $host |cut -d- -f1)
- mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
- echo -1 > /proc/sys/fs/binfmt_misc/qemu-$arch
- cat /usr/lib/binfmt.d/qemu-$arch-static.conf > /proc/sys/fs/binfmt_misc/register
- make pic-check
- make -j$BUILDJOBS -C tests check
tags:
- shared
- docker
- linux
fedora-cross/aarch64-linux-gnu/build: # name is important, see .fedora-cross/build
extends:
- .fedora-cross/build
- .fedora-cross
needs:
- fedora-cross/bootstrap
fedora-cross/aarch64-linux-gnu/test:
extends:
- .fedora-cross/test
- .fedora-cross
dependencies:
- fedora-cross/aarch64-linux-gnu/build
needs:
- fedora-cross/aarch64-linux-gnu/build
timeout: 2h
allow_failure: true
fedora-cross/ppc64le-linux-gnu/build: # name is important, see .fedora-cross/build
extends:
- .fedora-cross/build
- .fedora-cross
needs:
- fedora-cross/bootstrap
fedora-cross/ppc64le-linux-gnu/test:
extends:
- .fedora-cross/test
- .fedora-cross
dependencies:
- fedora-cross/ppc64le-linux-gnu/build
needs:
- fedora-cross/ppc64le-linux-gnu/build
timeout: 2h
allow_failure: true
fedora-cross/s390x-linux-gnu/build: # name is important, see .fedora-cross/build
extends:
- .fedora-cross/build
- .fedora-cross
needs:
- fedora-cross/bootstrap
fedora-cross/s390x-linux-gnu/test:
extends:
- .fedora-cross/test
- .fedora-cross
dependencies:
- fedora-cross/s390x-linux-gnu/build
needs:
- fedora-cross/s390x-linux-gnu/build
timeout: 2h
allow_failure: true
fedora-cross/i686-linux-gnu/build:
extends:
- .build
- .fedora
needs:
- fedora/bootstrap
script:
# Fedora's softhsm package is not multiarch yet. Missing softhsm libraries
# for the target will cause the test suite to fail when p11-kit is enabled.
- setarch i686 -- ./configure --disable-gcc-warnings
--cache-file $CCACHE_FILE --disable-doc --disable-cxx
--without-p11-kit --disable-full-test-suite
--with-pkcs12-iter-count=10000 CFLAGS="-m32 -march=i686"
- setarch i686 -- make -j$BUILDJOBS
# build tests, but don't execute them
- setarch i686 -- make -j$BUILDJOBS -C tests check TESTS=""
fedora-cross/i686-linux-gnu/test:
extends:
- .test
- .fedora
dependencies:
- fedora-cross/i686-linux-gnu/build
needs:
- fedora-cross/i686-linux-gnu/build
script:
- setarch i686 -- make -j$CHECKJOBS check
##############################################################################
########################### Debian pipelines #################################
##############################################################################
debian/bootstrap:
extends:
- .bootstrap
- .debian
debian/build:
extends:
- .build
- .debian
needs:
- debian/bootstrap
script:
- dash ./configure --enable-oldgnutls-interop --disable-gcc-warnings --cache-file $CCACHE_FILE --disable-doc --with-pkcs12-iter-count=10000 LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now'
- make -j$BUILDJOBS
- make -j$BUILDJOBS check TESTS=""
debian/test:
extends:
- .test
- .debian
dependencies:
- debian/build
needs:
- debian/build
##############################################################################
########################### MinGW pipelines ##################################
##############################################################################
.mingw/build:
extends:
- .build
script:
# - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
# - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
- dash ./configure --disable-gcc-warnings --host=${arch_name}-w64-mingw32 --target=${arch_name}-w64-mingw32 --cache-file $CCACHE_FILE --with-included-libtasn1 --disable-nls --with-included-unistring --without-p11-kit --disable-non-suiteb-curves --disable-full-test-suite --disable-doc --with-pkcs12-iter-count=10000
- mingw${arch_bits}-make -j$BUILDJOBS
# https://bugzilla.redhat.com/show_bug.cgi?id=2049401
- mingw${arch_bits}-make -j$BUILDJOBS -C $PWD/tests check TESTS=""
.mingw/test:
extends:
- .test
script:
# https://bugzilla.redhat.com/show_bug.cgi?id=2049401
- mingw${arch_bits}-make -j$CHECKJOBS -C $PWD/tests check
timeout: 3h
.mingw/archive:
stage: archive
# TODO this should be here, but I want to see if it works without tagging
# only:
# - tags
script:
# Combine generated apps and DLLs.
#libwinpthread is required by libgcc
#libffi is required by libp11-kit
- mkdir -p win${arch_bits}-build/bin win${arch_bits}-build/lib/includes
- cp lib/.libs/*.dll src/.libs/*.exe win${arch_bits}-build/bin
- ${arch_name}-w64-mingw32-strip --strip-unneeded win${arch_bits}-build/bin/*.dll
- ${arch_name}-w64-mingw32-strip win${arch_bits}-build/bin/*.exe
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libssp*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libbrotlicommon.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libbrotlienc.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libbrotlidec.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/zlib1.dll win${arch_bits}-build/bin
- cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libzstd.dll win${arch_bits}-build/bin
- cp lib/.libs/*.a lib/*.def lib/gnutls.pc win${arch_bits}-build/lib
- cp lib/includes/gnutls/*.h win${arch_bits}-build/lib/includes
artifacts:
name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
paths:
- win${arch_bits}-build/
mingw/bootstrap:
extends:
- .bootstrap
- .mingw
mingw64/build:
extends:
- .mingw/build
- .mingw64
needs:
- mingw/bootstrap
mingw64/test:
extends:
- .mingw/test
- .mingw64
dependencies:
- mingw64/build
needs:
- mingw64/build
mingw64/archive:
extends:
- .mingw/archive
- .mingw64
dependencies:
- mingw64/build
needs: # archive only if tests successful
- mingw64/build
- mingw64/test
mingw64-vista/build:
extends:
- .mingw/build
- .mingw64
- .mingw-vista
needs:
- mingw/bootstrap
mingw64-vista/test:
extends:
- .mingw/test
- .mingw64
- .mingw-vista
dependencies:
- mingw64-vista/build
needs:
- mingw64-vista/build
mingw64-vista/archive:
extends:
- .mingw/archive
- .mingw64
- .mingw-vista
dependencies:
- mingw64-vista/build
needs: # archive only if tests successful
- mingw64-vista/build
- mingw64-vista/test
mingw32/build:
extends:
- .mingw/build
- .mingw32
needs:
- mingw/bootstrap
mingw32/test:
extends:
- .mingw/test
- .mingw32
dependencies:
- mingw32/build
needs:
- mingw32/build
mingw32/archive:
extends:
- .mingw/archive
- .mingw32
dependencies:
- mingw32/build
needs: # archive only if tests successful
- mingw32/build
- mingw32/test
mingw32-vista/build:
extends:
- .mingw/build
- .mingw32
- .mingw-vista
needs:
- mingw/bootstrap
mingw32-vista/test:
extends:
- .mingw/test
- .mingw32
- .mingw-vista
dependencies:
- mingw32-vista/build
needs:
- mingw32-vista/build
mingw32-vista/archive:
extends:
- .mingw/archive
- .mingw32
- .mingw-vista
dependencies:
- mingw32-vista/build
needs: # archive only if tests successful
- mingw32-vista/build
- mingw32-vista/test
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手