xref: /openssh-portable/.github/configs (revision 2c805f16)
1#!/bin/sh
2#
3# usage: configs vmname test_config (or '' for default)
4#
5# Sets the following variables:
6# CONFIGFLAGS           options to ./configure
7# SSHD_CONFOPTS         sshd_config options
8# TEST_TARGET           make target used when testing.  defaults to "tests".
9# LTESTS
10
11config=$1
12
13TEST_TARGET="tests"
14LTESTS=""
15SKIP_LTESTS=""
16SUDO=sudo	# run with sudo by default
17TEST_SSH_UNSAFE_PERMISSIONS=1
18
19CONFIGFLAGS=""
20LIBCRYPTOFLAGS=""
21
22case "$config" in
23    default|sol64)
24	;;
25    kitchensink)
26	CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
27	CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
28	CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
29	;;
30    hardenedmalloc)
31	CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
32	;;
33    kerberos5)
34	CONFIGFLAGS="--with-kerberos5"
35	;;
36    libedit)
37	CONFIGFLAGS="--with-libedit"
38	;;
39    pam-krb5)
40	CONFIGFLAGS="--with-pam --with-kerberos5"
41	SSHD_CONFOPTS="UsePam yes"
42	;;
43    *pam)
44	CONFIGFLAGS="--with-pam"
45	SSHD_CONFOPTS="UsePam yes"
46	;;
47    libressl-head)
48	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl/head --with-rpath=-Wl,-rpath,"
49	;;
50    openssl-head)
51	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl/head --with-rpath=-Wl,-rpath,"
52	;;
53    selinux)
54	CONFIGFLAGS="--with-selinux"
55	;;
56    sk)
57	CONFIGFLAGS="--with-security-key-builtin"
58        ;;
59    without-openssl)
60	LIBCRYPTOFLAGS="--without-openssl"
61	TEST_TARGET=t-exec
62	;;
63    valgrind-[1-4]|valgrind-unit)
64	# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
65	CONFIGFLAGS="--without-sandbox --without-hardening"
66	CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
67	TEST_TARGET="t-exec USE_VALGRIND=1"
68	TEST_SSH_ELAPSED_TIMES=1
69	export TEST_SSH_ELAPSED_TIMES
70	# Valgrind slows things down enough that the agent timeout test
71	# won't reliably pass, and the unit tests run longer than allowed
72	# by github so split into three separate tests.
73	tests2="rekey integrity"
74	tests3="krl forward-control sshsig"
75	tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment"
76	case "$config" in
77	    valgrind-1)
78		# All tests except agent-timeout (which is flaky under valgrind)
79		#) and slow ones that run separately to increase parallelism.
80		SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}"
81		;;
82	    valgrind-2)
83		LTESTS="${tests2}"
84		;;
85	    valgrind-3)
86		LTESTS="${tests3}"
87		;;
88	    valgrind-4)
89		LTESTS="${tests4}"
90		;;
91	    valgrind-unit)
92		TEST_TARGET="unit USE_VALGRIND=1"
93		;;
94	esac
95	;;
96    *)
97	echo "Unknown configuration $config"
98	exit 1
99	;;
100esac
101
102# The Solaris 64bit targets are special since they need a non-flag arg.
103case "$config" in
104    sol64*)
105	CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
106	LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
107	;;
108esac
109
110case "${TARGET_HOST}" in
111    nbsd4)
112	# System compiler will ICE on some files with fstack-protector
113	CONFIGFLAGS="${CONFIGFLAGS} --without-hardening"
114	;;
115    sol10|sol11)
116	# sol10 VM is 32bit and the unit tests are slow.
117	# sol11 has 4 test configs so skip unit tests to speed up.
118	TEST_TARGET="tests SKIP_UNIT=1"
119	;;
120    win10)
121	# No sudo on Windows.
122	SUDO=""
123	;;
124esac
125
126# If we have a local openssl/libressl, use that.
127if [ -z "${LIBCRYPTOFLAGS}" ]; then
128	# last-match
129	for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
130		if [ -x ${i}/bin/openssl ]; then
131			LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
132		fi
133	done
134fi
135
136CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
137
138export LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS
139