forked from osmocom/wireshark
524 lines
22 KiB
YAML
524 lines
22 KiB
YAML
# In the interest of reliability and performance, please avoid installing
|
|
# external dependencies here, e.g. via tools/*-setup.sh, apt, dnf, or yum.
|
|
# Do so in the appropriate Dockerfile at
|
|
# https://gitlab.com/wireshark/wireshark-containers/ instead.
|
|
# The resulting images can be found at
|
|
# https://hub.docker.com/r/wireshark/wireshark-centos-7-dev
|
|
# https://hub.docker.com/r/wireshark/wireshark-debian-stable-dev
|
|
# https://hub.docker.com/r/wireshark/wireshark-fedora-dev
|
|
# https://hub.docker.com/r/wireshark/wireshark-opensuse-15.1-dev
|
|
# https://hub.docker.com/r/wireshark/wireshark-ubuntu-dev
|
|
|
|
stages:
|
|
- build
|
|
- test
|
|
- fuzz-asan
|
|
- fuzz-randpkt
|
|
- fuzz-valgrind
|
|
|
|
variables:
|
|
# Ensure that checkouts are a) fast and b) have a reachable tag. In a
|
|
# brighter, more glorious future we might be able to use --shallow-since:
|
|
# https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3460
|
|
# In the mean time, fetching the last 2000 commits does the job.
|
|
GIT_DEPTH: "1"
|
|
GIT_FETCH_EXTRA_FLAGS: "--depth=2000"
|
|
CCACHE_DIR: "${CI_PROJECT_DIR}/ccache"
|
|
CLANG_VERSION: 10
|
|
|
|
# Common rule stanzas
|
|
# These must currently be including using "!reference tags". "extends:" and
|
|
# YAML anchors won't work:
|
|
# https://gitlab.com/gitlab-org/gitlab/-/issues/322992
|
|
#
|
|
# Commits that have been approved and merged. Run automatically in the main
|
|
# repo and allow manual runs in the web UI and in forks.
|
|
.if-merged:
|
|
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
|
|
when: always
|
|
- if: '$CI_PIPELINE_SOURCE == "web"'
|
|
when: always
|
|
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL !~ /.*gitlab.com\/wireshark\/wireshark/'
|
|
when: manual
|
|
# Incoming merge requests.
|
|
.if-merge-request:
|
|
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
|
when: always
|
|
# Incoming non-detached merge requests. Must be used for runners which are only
|
|
# available in wireshark/wireshark, e.g. wireshark-windows-*
|
|
.if-attached-merge-request:
|
|
- if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
|
|
when: always
|
|
# Fuzz jobs. Care should be taken when changing this since the scheduler
|
|
# often doesn't report errors.
|
|
.if-fuzz-schedule:
|
|
- if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "fuzz"'
|
|
when: always
|
|
|
|
.build:
|
|
stage: build
|
|
after_script:
|
|
- for builddir in build/packaging/rpm/BUILD/wireshark-*/build build/packaging/rpm/BUILD/wireshark-* build obj-*; do [ ! -d "$builddir/run" ] || break; done
|
|
- if [[ "$CI_JOB_NAME" == "build:rpm-opensuse-"* ]]; then export LD_LIBRARY_PATH=$builddir/run; fi
|
|
- if [ -f $builddir/run/tshark ]; then $builddir/run/tshark --version; fi
|
|
|
|
.build-ubuntu:
|
|
extends: .build
|
|
image: wireshark/wireshark-ubuntu-dev
|
|
retry: 1
|
|
# https://gould.cx/ted/blog/2017/06/10/ccache-for-Gitlab-CI/
|
|
cache:
|
|
# XXX Use ${CI_JOB_NAME}-${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} instead?
|
|
key: ${CI_JOB_NAME}-release-3.4
|
|
paths:
|
|
- ccache/
|
|
before_script:
|
|
- useradd user
|
|
- locale-gen en_US.UTF-8
|
|
- export LANG=en_US.UTF-8
|
|
- export PYTEST_ADDOPTS=--skip-missing-programs=dumpcap,rawshark
|
|
- mkdir -p ccache
|
|
- export CCACHE_BASEDIR=${PWD}
|
|
- ccache --show-stats
|
|
- export DEB_BUILD_OPTIONS=nocheck
|
|
- export DH_QUIET=1
|
|
- export MAKEFLAGS=--silent
|
|
- mkdir build
|
|
- cd build
|
|
script:
|
|
# setcap restricts our library paths
|
|
- CFLAGS=-Wl,-rpath=$(pwd)/run CXXFLAGS=-Wl,-rpath=$(pwd)/run cmake -GNinja -DENABLE_CCACHE=ON ..
|
|
- ninja
|
|
- ninja test-programs
|
|
- chown -R user .
|
|
- if [ -f run/dumpcap ]; then setcap cap_net_raw,cap_net_admin+eip run/dumpcap; fi
|
|
- if [ -f run/dumpcap ]; then su user -c "run/dumpcap -D" ; fi
|
|
- su user -c pytest-3
|
|
|
|
.build-rpm:
|
|
extends: .build
|
|
rules: !reference [.if-merged]
|
|
artifacts:
|
|
paths:
|
|
- build/packaging/rpm/RPMS
|
|
expire_in: 3 days
|
|
|
|
.test-rpm:
|
|
rules: !reference [.if-merged]
|
|
stage: test
|
|
variables:
|
|
GIT_STRATEGY: none
|
|
|
|
# Rely on fedora:latest and debian-stable jobs for testing a recent GCC version.
|
|
Clang 10:
|
|
extends: .build-ubuntu
|
|
rules: !reference [.if-merged]
|
|
variables:
|
|
CC: "clang-$CLANG_VERSION"
|
|
CXX: "clang++-$CLANG_VERSION"
|
|
|
|
Source Package:
|
|
extends: .build-ubuntu
|
|
rules: !reference [.if-merged]
|
|
script:
|
|
- perl ../tools/make-version.pl --set-release || ../perl make-version.pl --set-release
|
|
- cmake -G Ninja $CMAKE_ARGS -DENABLE_CCACHE=ON ..
|
|
- cd $CI_PROJECT_DIR
|
|
- build/packaging/source/git-export-release.sh -d .
|
|
after_script:
|
|
# - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
|
|
- for digest in sha256 rmd160 sha1 ; do openssl $digest wireshark-*.tar.* ; done
|
|
# This will break if we produce multiple tarballs, which is arguably a good thing.
|
|
- if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_DIST" ] ; then aws s3 cp wireshark-*.tar.* "$S3_DESTINATION_DIST/" ; fi
|
|
artifacts:
|
|
paths:
|
|
- wireshark-*.tar.*
|
|
|
|
CentOS 7 RPM Package:
|
|
extends: .build-rpm
|
|
image: wireshark/wireshark-centos-7-dev
|
|
script:
|
|
- mkdir build
|
|
- cd build
|
|
- cmake3 -GNinja ..
|
|
- ninja-build rpm-package
|
|
CentOS 7 RPM Test:
|
|
extends: .test-rpm
|
|
image: wireshark/wireshark-centos-7-dev
|
|
script:
|
|
- yum --nogpgcheck localinstall -y build/packaging/rpm/RPMS/x86_64/*.rpm
|
|
- tshark --version
|
|
dependencies: [ 'CentOS 7 RPM Package' ]
|
|
|
|
openSUSE 15.1 RPM Package:
|
|
extends: .build-rpm
|
|
image: wireshark/wireshark-opensuse-15.1-dev
|
|
script:
|
|
- mkdir build
|
|
- cd build
|
|
- cmake -GNinja ..
|
|
- ninja rpm-package
|
|
openSUSE 15.1 RPM Test:
|
|
extends: .test-rpm
|
|
image: wireshark/wireshark-opensuse-15.1-dev
|
|
script:
|
|
- zypper --no-gpg-checks install -y build/packaging/rpm/RPMS/x86_64/*.rpm
|
|
- tshark --version
|
|
dependencies: [ 'openSUSE 15.1 RPM Package' ]
|
|
|
|
# Disabled for now due to issues with Fedora 33.
|
|
.Fedora RPM Package:
|
|
extends: .build-rpm
|
|
image: wireshark/wireshark-fedora-dev
|
|
script:
|
|
- mkdir build
|
|
- cd build
|
|
- cmake3 -GNinja ..
|
|
- ninja-build rpm-package
|
|
|
|
# .Fedora RPM Test:
|
|
# extends: .test-rpm
|
|
# image: fedora
|
|
# script:
|
|
# - dnf install -y build/packaging/rpm/RPMS/x86_64/*.rpm
|
|
# - tshark --version
|
|
# dependencies: [ 'Fedora RPM Package' ]
|
|
|
|
# Job to generate packages for Debian stable
|
|
Debian Stable APT Package:
|
|
extends: .build
|
|
rules: !reference [.if-merged]
|
|
image: wireshark/wireshark-debian-stable-dev
|
|
script:
|
|
# Shared GitLab runners limit the log size to 4M, so reduce verbosity. See
|
|
# https://gitlab.com/gitlab-com/support-forum/issues/2790
|
|
- export DH_QUIET=1
|
|
- export MAKEFLAGS=--silent
|
|
- dpkg-buildpackage -b --no-sign -jauto
|
|
- mkdir debian-packages
|
|
- mv ../*.deb debian-packages/
|
|
artifacts:
|
|
paths:
|
|
- debian-packages/*.deb
|
|
expire_in: 3 days
|
|
Debian Stable APT Test:
|
|
rules: !reference [.if-merged]
|
|
image: wireshark/wireshark-debian-stable-dev
|
|
stage: test
|
|
script:
|
|
- DEBIAN_FRONTEND=noninteractive apt-get install ./debian-packages/*.deb -y
|
|
- tshark --version
|
|
after_script:
|
|
# Used for https://www.wireshark.org/docs/dfref/
|
|
- TSHARK_VERSION=$( tshark --version | head -n 1 | sed -e 's/.*(v//' -e 's/)$//' )
|
|
- tshark -G fields > dfilter-list-${TSHARK_VERSION}.txt
|
|
artifacts:
|
|
paths:
|
|
- dfilter-list-*.txt
|
|
variables:
|
|
GIT_STRATEGY: none
|
|
dependencies: [ 'Debian Stable APT Package' ]
|
|
|
|
Win64 Package:
|
|
stage: build
|
|
rules: !reference [.if-merged]
|
|
tags:
|
|
- wireshark-win64-package
|
|
before_script:
|
|
- $env:WIRESHARK_BASE_DIR = "C:\Development"
|
|
- $env:Configuration = "RelWithDebInfo"
|
|
- $env:Path += ";C:\Program Files\CMake\bin"
|
|
- $env:Path += ";C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin"
|
|
- $env:Path += ";C:\qt\5.15.2\msvc2019_64\bin"
|
|
- $env:Path += ";C:\Program Files (x86)\NSIS"
|
|
- $env:Path += ";C:\Program Files (x86)\WiX Toolset v3.11\bin"
|
|
- $env:Path += ";C:\Program Files\Amazon\AWSCLIV2"
|
|
# https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
|
|
- cmd.exe /c "call `"C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Auxiliary\Build\vcvars64.bat`" && set > %temp%\vcvars.txt"
|
|
- Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
|
|
- mkdir build
|
|
- cd build
|
|
script:
|
|
- perl ../tools/make-version.pl --set-release
|
|
- cmake -G "Visual Studio 16 2019" -A x64 -DDISABLE_WERROR=OFF -DTEST_EXTRA_ARGS=--enable-release -DENABLE_LTO=off ..
|
|
- msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
|
|
- msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj
|
|
- msbuild /verbosity:minimal /maxcpucount nsis_package_prep.vcxproj
|
|
- msbuild /verbosity:minimal /maxcpucount wix_package_prep.vcxproj
|
|
- C:\gitlab-builds\bin\sign-files.ps1 -Recurse -Path run\RelWithDebInfo
|
|
- msbuild /verbosity:minimal nsis_package.vcxproj
|
|
- C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\nsis
|
|
- msbuild /verbosity:minimal wix_package.vcxproj
|
|
- C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\wix
|
|
- $plugins = Get-ChildItem run\RelWithDebInfo\plugins\*\*.dll ; signtool verify /v /pa /all run\RelWithDebInfo\*.exe run\RelWithDebInfo\extcap\*.exe $plugins run\RelWithDebInfo\libwireshark.dll run\RelWithDebInfo\libwiretap.dll run\RelWithDebInfo\libwsutil.dll packaging\nsis\Wireshark-win??-*.exe packaging\wix\Wireshark-win??-*.msi
|
|
- msbuild /verbosity:minimal pdb_zip_package.vcxproj
|
|
- C:\gitlab-builds\bin\mse-scan.ps1
|
|
- $packages = Get-ChildItem "packaging\nsis\Wireshark-win??-*.exe", "packaging\wix\Wireshark-win??-*.msi"
|
|
- foreach ($package in $packages) { certutil -hashfile $package SHA256 }
|
|
- |
|
|
if ((Test-Path env:AWS_ACCESS_KEY_ID) -and (Test-Path env:AWS_SECRET_ACCESS_KEY) -and (Test-Path env:S3_DESTINATION_WIN64)) {
|
|
foreach ($package in $packages) {
|
|
aws s3 cp "$package" "$env:S3_DESTINATION_WIN64/"
|
|
}
|
|
}
|
|
- ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose
|
|
|
|
Win32 Package:
|
|
stage: build
|
|
rules: !reference [.if-merged]
|
|
tags:
|
|
- wireshark-win32-package
|
|
before_script:
|
|
- $env:WIRESHARK_BASE_DIR = "C:\Development"
|
|
- $env:Configuration = "RelWithDebInfo"
|
|
- $env:Path += ";C:\Program Files\CMake\bin"
|
|
- $env:Path += ";C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin"
|
|
- $env:Path += ";C:\qt\5.15.2\msvc2019\bin"
|
|
- $env:Path += ";C:\Program Files (x86)\NSIS"
|
|
- $env:Path += ";C:\Program Files (x86)\WiX Toolset v3.11\bin"
|
|
- $env:Path += ";C:\Program Files\Amazon\AWSCLIV2"
|
|
# https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
|
|
- cmd.exe /c "call `"C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Auxiliary\Build\vcvarsamd64_x86.bat`" && set > %temp%\vcvars.txt"
|
|
- Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
|
|
- $env:Platform = "Win32"
|
|
- mkdir build
|
|
- cd build
|
|
script:
|
|
- perl ../tools/make-version.pl --set-release
|
|
- cmake -G "Visual Studio 16 2019" -A Win32 -DDISABLE_WERROR=OFF -DTEST_EXTRA_ARGS=--enable-release -DENABLE_LTO=off ..
|
|
- msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
|
|
- msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj
|
|
- msbuild /verbosity:minimal /maxcpucount nsis_package_prep.vcxproj
|
|
- msbuild /verbosity:minimal /maxcpucount wix_package_prep.vcxproj
|
|
- C:\gitlab-builds\bin\sign-files.ps1 -Recurse -Path run\RelWithDebInfo
|
|
- msbuild /verbosity:minimal nsis_package.vcxproj
|
|
- C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\nsis
|
|
- msbuild /verbosity:minimal wix_package.vcxproj
|
|
- C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\wix
|
|
- msbuild /verbosity:minimal portableapps_package.vcxproj
|
|
- C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\portableapps
|
|
- $plugins = Get-ChildItem run\RelWithDebInfo\plugins\*\*.dll ; signtool verify /v /pa /all run\RelWithDebInfo\*.exe run\RelWithDebInfo\extcap\*.exe $plugins run\RelWithDebInfo\libwireshark.dll run\RelWithDebInfo\libwiretap.dll run\RelWithDebInfo\libwsutil.dll packaging\nsis\Wireshark-win??-*.exe packaging\wix\Wireshark-win??-*.msi packaging\portableapps\WiresharkPortable_*.paf.exe
|
|
- msbuild /verbosity:minimal pdb_zip_package.vcxproj
|
|
- C:\gitlab-builds\bin\mse-scan.ps1
|
|
- $packages = Get-ChildItem "packaging\nsis\Wireshark-win??-*.exe", "packaging\wix\Wireshark-win??-*.msi", "packaging\portableapps\WiresharkPortable_*.paf.exe"
|
|
- foreach ($package in $packages) { certutil -hashfile $package SHA256 }
|
|
- |
|
|
if ((Test-Path env:AWS_ACCESS_KEY_ID) -and (Test-Path env:AWS_SECRET_ACCESS_KEY) -and (Test-Path env:S3_DESTINATION_WIN32)) {
|
|
foreach ($package in $packages) {
|
|
aws s3 cp "$package" "$env:S3_DESTINATION_WIN32/"
|
|
}
|
|
}
|
|
- ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose
|
|
|
|
# Build Wireshark manuals
|
|
# Note: Need ubuntu:focal with `ruby-coderay` and `ruby-asciidoctor-pdf` packages to build PDF docs
|
|
Documentation:
|
|
stage: build
|
|
image: wireshark/wireshark-ubuntu-dev
|
|
rules:
|
|
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
|
|
changes:
|
|
- "docbook/**"
|
|
- "epan/wslua/**"
|
|
when: always
|
|
script:
|
|
# XXX We might want to move this to wireshark-ubuntu-dev or debian-setup.sh.
|
|
- DEBIAN_FRONTEND=noninteractive apt-get update
|
|
- DEBIAN_FRONTEND=noninteractive apt-get --yes install ruby-coderay ruby-asciidoctor-pdf
|
|
- mkdir build
|
|
- cd build
|
|
- cmake -GNinja ..
|
|
- ninja all_guides
|
|
after_script:
|
|
- mv build/docbook/wsug_html/ .
|
|
- mv build/docbook/wsug_html_chunked/ .
|
|
- mv build/docbook/wsdg_html/ .
|
|
- mv build/docbook/wsdg_html_chunked/ .
|
|
artifacts:
|
|
paths:
|
|
- wsug_html/
|
|
- wsug_html_chunked/
|
|
- wsdg_html/
|
|
- wsdg_html_chunked/
|
|
|
|
# https://docs.gitlab.com/ee/user/gitlab_com/index.html#linux-shared-runners
|
|
|
|
Commit Checks:
|
|
extends: .build-ubuntu
|
|
rules: !reference [.if-merge-request]
|
|
tags:
|
|
- docker
|
|
script:
|
|
# build-ubuntu puts us in `build`.
|
|
- cd ..
|
|
- bash ./tools/pre-commit 'HEAD^1'
|
|
- tools/validate-commit.py
|
|
|
|
Ubuntu .dpkg:
|
|
extends: .build-ubuntu
|
|
rules: !reference [.if-merge-request]
|
|
tags:
|
|
- docker
|
|
script:
|
|
# build-ubuntu puts us in `build`.
|
|
- cd ..
|
|
- CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ dpkg-buildpackage -us -uc -rfakeroot -jauto -Zgzip -zfast
|
|
- lintian --suppress-tags library-not-linked-against-libc,copyright-excludes-files-in-native-package --display-experimental --display-info --pedantic --profile debian
|
|
|
|
GCC Warnings:
|
|
extends: .build-ubuntu
|
|
rules: !reference [.if-merge-request]
|
|
tags:
|
|
- docker
|
|
script:
|
|
# build-ubuntu puts us in `build`.
|
|
- perl ../tools/make-version.pl --set-release || ../perl make-version.pl --set-release
|
|
- CC=gcc CXX=g++ cmake -DENABLE_EXTRA_COMPILER_WARNINGS=on -DCMAKE_EXPORT_COMPILE_COMMANDS=on -DENABLE_CCACHE=ON -G Ninja ..
|
|
- ninja
|
|
- ninja test-programs
|
|
- chown -R user .
|
|
- su user -c "ctest --parallel 3 --force-new-ctest-process --verbose"
|
|
|
|
Code Checks + Clang Warnings:
|
|
extends: .build-ubuntu
|
|
rules: !reference [.if-merge-request]
|
|
tags:
|
|
- docker
|
|
variables:
|
|
CC: clang-$CLANG_VERSION
|
|
CXX: clang++-$CLANG_VERSION
|
|
script:
|
|
# build-ubuntu puts us in `build`.
|
|
- cd ..
|
|
- python3 tools/checklicenses.py
|
|
- ./tools/cppcheck/cppcheck.sh -l 1 -x | tee cppcheck_report.xml
|
|
- if [[ -s "cppcheck_report.xml" ]]; then cppcheck-htmlreport --file cppcheck_report.xml --report-dir . ; fi
|
|
- cd build
|
|
- cmake -DENABLE_EXTRA_COMPILER_WARNINGS=on -DENABLE_CHECKHF_CONFLICT=on -DCMAKE_EXPORT_COMPILE_COMMANDS=on -DENABLE_CCACHE=ON -G Ninja ..
|
|
- ninja
|
|
- ./run/tshark -v
|
|
- sh -c '[ ! -e ../tools/validate-clang-check.sh ] || ../tools/validate-clang-check.sh'
|
|
- ninja checkAPI
|
|
artifacts:
|
|
paths:
|
|
- cppcheck_report.xml
|
|
- cppcheck_report.html
|
|
|
|
# XXX This is still beta:
|
|
# https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta
|
|
# Dockerfile at https://github.com/wireshark/wireshark-windows-dev-docker.
|
|
# XXX We currently depend on Qt being installed in C:\Qt on the host. We should
|
|
# find a more independent way of installing Qt, e.g. via a download+cache.
|
|
Windows Build:
|
|
rules: !reference [.if-attached-merge-request]
|
|
tags:
|
|
- wireshark-windows-merge-req
|
|
stage: build
|
|
before_script:
|
|
# XXX Find a better location.
|
|
- mkdir c:\Development
|
|
- $env:WIRESHARK_BASE_DIR = "C:\Development"
|
|
- $env:Configuration = "RelWithDebInfo"
|
|
- $env:Path += ";C:\Program Files\CMake\bin"
|
|
- $env:Path += ";C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin"
|
|
- $env:Path += ";C:\qt\5.15.2\msvc2019_64\bin"
|
|
# https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
|
|
- cmd.exe /c "call `"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat`" && set > %temp%\vcvars.txt"
|
|
- Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
|
|
# Testing / debugging only.
|
|
#- dir c:\
|
|
#- dir c:\qt
|
|
#- $env:path.split(";")
|
|
#- cmd.exe /c "set"
|
|
#- Get-Location
|
|
script:
|
|
- perl tools/make-version.pl --set-release
|
|
- mkdir build
|
|
- cd build
|
|
- cmake -G "Visual Studio 16 2019" -A x64 ..
|
|
- msbuild "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
|
|
- msbuild "/consoleloggerparameters:PerformanceSummary;NoSummary" test-programs.vcxproj
|
|
- ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose
|
|
|
|
# Fuzz TShark using ASAN and valgrind.
|
|
.fuzz-ubuntu:
|
|
extends: .build-ubuntu
|
|
rules: !reference [.if-fuzz-schedule]
|
|
tags:
|
|
- wireshark-ubuntu-fuzz
|
|
resource_group: fuzz-release-3.4
|
|
variables:
|
|
CC: "clang-$CLANG_VERSION"
|
|
CXX: "clang++-$CLANG_VERSION"
|
|
INSTALL_PREFIX: "$CI_PROJECT_DIR/_install"
|
|
MIN_PLUGINS: 10
|
|
MAX_PASSES: 15
|
|
before_script:
|
|
- mkdir -p ccache
|
|
# Signal after_script, which runs in its own shell.
|
|
- echo "export FUZZ_PASSED=true" > /tmp/fuzz_result.sh
|
|
- mkdir /tmp/fuzz
|
|
- mkdir build
|
|
- cd build
|
|
after_script:
|
|
- . /tmp/fuzz_result.sh
|
|
- if $FUZZ_PASSED ; then exit 0 ; fi
|
|
- echo Fuzzing failed. Generating report.
|
|
- FUZZ_CAPTURE=$( ls /tmp/fuzz/fuzz-*.pcap | head -n 1 )
|
|
- FUZZ_ERRORS="/tmp/fuzz/$( basename "$FUZZ_CAPTURE" .pcap ).err"
|
|
- printf "\nfuzz-test.sh stderr:\n" >> "$FUZZ_ERRORS"
|
|
- cat fuzz-test.err >> "$FUZZ_ERRORS"
|
|
- |
|
|
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_FUZZ" ] ; then
|
|
aws s3 cp "$FUZZ_CAPTURE" "$S3_DESTINATION_FUZZ/"
|
|
aws s3 cp "$FUZZ_ERRORS" "$S3_DESTINATION_FUZZ/"
|
|
fi
|
|
# The cache should be large enough to be useful but it shouldn't take
|
|
# too long to restore+save each run.
|
|
- ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
|
|
|
|
ASan Menagerie Fuzz:
|
|
extends: .fuzz-ubuntu
|
|
stage: fuzz-asan
|
|
script:
|
|
- MAX_SECONDS=$(( 4 * 60 * 60 ))
|
|
- printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
|
|
- cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON ..
|
|
- printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
|
|
- ninja
|
|
- ninja install
|
|
- cd ..
|
|
# /var/menagerie contains captures harvested from wireshark.org's mailing list, wiki, issues, etc.
|
|
# We have more captures than we can fuzz in $MAX_SECONDS, so we shuffle them each run.
|
|
- ./tools/fuzz-test.sh -a -2 -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh
|
|
|
|
ASan randpkt Fuzz:
|
|
extends: .fuzz-ubuntu
|
|
stage: fuzz-randpkt
|
|
script:
|
|
# XXX Reuse fuzz-asan?
|
|
- printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
|
|
- cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON ..
|
|
- printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
|
|
- ninja
|
|
- ninja install
|
|
- cd ..
|
|
- ./tools/randpkt-test.sh -a -b $INSTALL_PREFIX/bin -d /tmp/fuzz -p $MAX_PASSES 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh
|
|
needs: [ 'ASan Menagerie Fuzz' ]
|
|
|
|
Valgrind Menagerie Fuzz:
|
|
extends: .fuzz-ubuntu
|
|
stage: fuzz-valgrind
|
|
script:
|
|
- DEBIAN_FRONTEND=noninteractive apt-get update
|
|
- DEBIAN_FRONTEND=noninteractive apt-get --yes install valgrind
|
|
- MAX_SECONDS=$(( 3 * 60 * 60 ))
|
|
- printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
|
|
- cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=OFF -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON ..
|
|
- printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
|
|
- ninja
|
|
- ninja install
|
|
- cd ..
|
|
- ./tools/fuzz-test.sh -g -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh
|
|
needs: [ 'ASan randpkt Fuzz' ]
|