mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
81e6c53a3e
Right now we're having trouble getting Rust builds to succeed if fragile hardening is enabled. Add new mandatory jobs to make sure at least some Rust testing happens in Travis. Fixes bug 26449; bug not in any released tor.
176 lines
7.3 KiB
YAML
176 lines
7.3 KiB
YAML
language: c
|
|
|
|
## Comment out the compiler list for now to allow an explicit build
|
|
## matrix.
|
|
# compiler:
|
|
# - gcc
|
|
# - clang
|
|
|
|
notifications:
|
|
irc:
|
|
channels:
|
|
- "irc.oftc.net#tor-ci"
|
|
template:
|
|
- "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
|
|
- "Build #%{build_number} %{result}. Details: %{build_url}"
|
|
on_success: change
|
|
on_failure: change
|
|
email:
|
|
on_success: never
|
|
on_failure: change
|
|
|
|
os:
|
|
- linux
|
|
## Uncomment the following line to also run the entire build matrix on OSX.
|
|
## This will make your CI builds take roughly ten times longer to finish.
|
|
# - osx
|
|
|
|
## Use the Ubuntu Trusty images.
|
|
dist: trusty
|
|
|
|
## We don't need sudo. (The "apt:" stanza after this allows us to not need sudo;
|
|
## otherwise, we would need it for getting dependencies.)
|
|
##
|
|
## We override this in the explicit build matrix to work around a
|
|
## Travis CI environment regression
|
|
## https://github.com/travis-ci/travis-ci/issues/9033
|
|
sudo: false
|
|
|
|
## (Linux only) Download our dependencies
|
|
addons:
|
|
apt:
|
|
packages:
|
|
## Required dependencies
|
|
- libevent-dev
|
|
- libseccomp2
|
|
- zlib1g-dev
|
|
## Optional dependencies
|
|
- liblzma-dev
|
|
- libscrypt-dev
|
|
## zstd doesn't exist in Ubuntu Trusty
|
|
#- libzstd
|
|
|
|
## The build matrix in the following two stanzas expands into four builds (per OS):
|
|
##
|
|
## * with GCC, with Rust
|
|
## * with GCC, without Rust
|
|
## * with Clang, with Rust
|
|
## * with Clang, without Rust
|
|
env:
|
|
global:
|
|
## The Travis CI environment allows us two cores, so let's use both.
|
|
- MAKEFLAGS="-j 2"
|
|
- HARDENING_OPTIONS="--enable-fragile-hardening"
|
|
matrix:
|
|
## Leave at least one entry here or Travis seems to generate a
|
|
## matrix entry with empty matrix environment variables. Leaving
|
|
## more than one entry causes unwanted matrix entries with
|
|
## unspecified compilers.
|
|
- RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
|
|
# - RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
|
|
# - RUST_OPTIONS=""
|
|
|
|
matrix:
|
|
## Uncomment to allow the build to report success (with non-required
|
|
## sub-builds continuing to run) if all required sub-builds have
|
|
## succeeded. This is somewhat buggy currently: it can cause
|
|
## duplicate notifications and prematurely report success if a
|
|
## single sub-build has succeeded. See
|
|
## https://github.com/travis-ci/travis-ci/issues/1696
|
|
# fast_finish: true
|
|
|
|
## Uncomment the appropriate lines below to allow the build to
|
|
## report success even if some less-critical sub-builds fail and it
|
|
## seems likely to take a while for someone to fix it. Currently
|
|
## Travis CI doesn't distinguish "all builds succeeded" from "some
|
|
## non-required sub-builds failed" except on the individual build's
|
|
## page, which makes it somewhat annoying to detect from the
|
|
## branches and build history pages. See
|
|
## https://github.com/travis-ci/travis-ci/issues/8716
|
|
allow_failures:
|
|
- env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
|
|
- env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
|
|
- env: DISTCHECK="yes" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
|
|
# - compiler: clang
|
|
|
|
## Create explicit matrix entries to work around a Travis CI
|
|
## environment issue. Missing keys inherit from the first list
|
|
## entry under that key outside the "include" clause.
|
|
include:
|
|
- compiler: gcc
|
|
- compiler: gcc
|
|
env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
|
|
- compiler: gcc
|
|
env: RUST_OPTIONS=""
|
|
- compiler: gcc
|
|
env: COVERAGE_OPTIONS="--enable-coverage"
|
|
- compiler: gcc
|
|
env: DISTCHECK="yes" RUST_OPTIONS=""
|
|
- compiler: gcc
|
|
env: DISTCHECK="yes" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
|
|
- compiler: gcc
|
|
env: MODULES_OPTIONS="--disable-module-dirauth"
|
|
- compiler: gcc
|
|
env: HARDENING_OPTIONS="" RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
|
|
- compiler: gcc
|
|
env: DISTCHECK="yes" HARDENING_OPTIONS="" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
|
|
## The "sudo: required" forces non-containerized builds, working
|
|
## around a Travis CI environment issue: clang LeakAnalyzer fails
|
|
## because it requires ptrace and the containerized environment no
|
|
## longer allows ptrace.
|
|
- compiler: clang
|
|
sudo: required
|
|
- compiler: clang
|
|
sudo: required
|
|
env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
|
|
- compiler: clang
|
|
sudo: required
|
|
env: RUST_OPTIONS=""
|
|
- compiler: clang
|
|
sudo: required
|
|
env: MODULES_OPTIONS="--disable-module-dirauth"
|
|
|
|
before_install:
|
|
## If we're on OSX, homebrew usually needs to updated first
|
|
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
|
|
## Download rustup
|
|
- if [[ "$RUST_OPTIONS" != "" ]]; then curl -Ssf -o rustup.sh https://sh.rustup.rs; fi
|
|
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
|
|
|
|
install:
|
|
## If we're on OSX use brew to install required dependencies (for Linux, see the "apt:" section above)
|
|
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated openssl || brew upgrade openssl; }; fi
|
|
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated libevent || brew upgrade libevent; }; fi
|
|
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated pkg-config || brew upgrade pkg-config; }; fi
|
|
## If we're on OSX also install the optional dependencies
|
|
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated xz || brew upgrade xz; }; fi
|
|
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated libscrypt || brew upgrade libscrypt; }; fi
|
|
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated zstd || brew upgrade zstd; }; fi
|
|
## Install the stable channels of rustc and cargo and setup our toolchain environment
|
|
- if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain stable; fi
|
|
- if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi
|
|
## Get some info about rustc and cargo
|
|
- if [[ "$RUST_OPTIONS" != "" ]]; then which rustc; fi
|
|
- if [[ "$RUST_OPTIONS" != "" ]]; then which cargo; fi
|
|
- if [[ "$RUST_OPTIONS" != "" ]]; then rustc --version; fi
|
|
- if [[ "$RUST_OPTIONS" != "" ]]; then cargo --version; fi
|
|
## If we're testing rust builds in offline-mode, then set up our vendored dependencies
|
|
- if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi
|
|
|
|
script:
|
|
- ./autogen.sh
|
|
- ./configure $RUST_OPTIONS $COVERAGE_OPTIONS $MODULES_OPTIONS --disable-asciidoc --enable-fatal-warnings --disable-silent-rules $HARDENING_OPTIONS
|
|
## We run `make check` because that's what https://jenkins.torproject.org does.
|
|
- if [[ "$DISTCHECK" == "" ]]; then make check; fi
|
|
- if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$RUST_OPTIONS $COVERAGE_OPTIONS --disable-asciidoc --enable-fatal-warnings --disable-silent-rules $HARDENING_OPTIONS"; fi
|
|
|
|
after_failure:
|
|
## `make check` will leave a log file with more details of test failures.
|
|
- if [[ "$DISTCHECK" == "" ]]; then cat test-suite.log; fi
|
|
## `make distcheck` puts it somewhere different.
|
|
- if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog; fi
|
|
|
|
after_success:
|
|
## If this build was one that produced coverage, upload it.
|
|
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p'; fi
|