and rely on new fd_config.c behavior #3575
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI macOS | |
on: | |
push: | |
branches-ignore: | |
- coverity_scan | |
- run-fuzzer** | |
- debug-fuzzer-** | |
pull_request: | |
env: | |
ASAN_OPTIONS: symbolize=1 detect_leaks=1 detect_stack_use_after_return=1 | |
LSAN_OPTIONS: fast_unwind_on_malloc=0:malloc_context_size=50 | |
UBSAN_OPTIONS: print_stacktrace=1 | |
M_PERTURB: "0x42" | |
PANIC_ACTION: "gdb -batch -x raddb/panic.gdb %e %p 1>&0 2>&0" | |
ANALYZE_C_DUMP: 1 | |
FR_GLOBAL_POOL: 4M | |
TEST_CERTS: yes | |
NO_PERFORMANCE_TESTS: yes | |
DO_BUILD: yes | |
HOSTAPD_BUILD_DIR: eapol_test.ci | |
HOSTAPD_GIT_TAG: hostap_2_11 | |
DEBIAN_FRONTEND: noninteractive | |
CI: 1 | |
GH_ACTIONS: 1 | |
jobs: | |
pre-ci: | |
runs-on: ubuntu-latest | |
# Map a step output to a job output | |
outputs: | |
should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
steps: | |
- id: skip_check | |
uses: fkirc/skip-duplicate-actions@master | |
ci: | |
timeout-minutes: 90 | |
needs: pre-ci | |
if: ${{ needs.pre-ci.outputs.should_skip != 'true' }} | |
runs-on: ${{ matrix.env.OS }} | |
strategy: | |
fail-fast: false | |
matrix: | |
env: | |
- { CC: clang, BUILD_CFLAGS: "-DWITH_EVAL_DEBUG", LIBS_OPTIONAL: yes, LIBS_ALT: no, TEST_TYPE: macos, OS: macos-14, NAME: macos-clang } | |
env: ${{ matrix.env }} | |
# If branch protection is in place with status checks enabled, ensure | |
# names are updated if new matrix entries are added or the name format | |
# changes. | |
name: "master-${{ matrix.env.NAME }}" | |
steps: | |
# Checkout, but defer pulling LFS objects until we've restored the cache | |
- uses: actions/checkout@v4 | |
with: | |
lfs: false | |
- name: Create LFS file list as cache key | |
run: git lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id | |
- name: Restore LFS cache | |
uses: actions/cache@v4 | |
id: lfs-cache | |
with: | |
path: .git/lfs | |
key: ${{ runner.os }}-lfs-${{ hashFiles('.lfs-assets-id') }}-v1 | |
# Now the LFS pull will be local if we hit the cache, or remote otherwise | |
- name: Git LFS pull | |
run: git lfs pull | |
- name: Restore eapol_test build directory from cache | |
uses: actions/cache@v4 | |
id: hostapd-cache | |
with: | |
path: ${{ env.HOSTAPD_BUILD_DIR }} | |
key: hostapd-${{ runner.os }}-${{ env.HOSTAPD_GIT_TAG }}-v4 | |
- name: Install dependencies (macOS) | |
run: | | |
brew install \ | |
cassandra-cpp-driver \ | |
gperftools \ | |
hiredis \ | |
json-c \ | |
libidn \ | |
libmemcached \ | |
libyubikey \ | |
llvm@14 \ | |
luajit \ | |
mariadb \ | |
make \ | |
mruby \ | |
openssl \ | |
[email protected] \ | |
talloc | |
ln -s `brew --prefix`/opt/make/bin/gmake /usr/local/bin/make | |
echo "#! /bin/sh" >> /usr/local/bin/nproc | |
echo "sysctl -n hw.physicalcpu" >> /usr/local/bin/nproc | |
chmod +x /usr/local/bin/nproc | |
env: | |
HOMEBREW_NO_AUTO_UPDATE: 1 | |
HOMEBREW_NO_INSTALL_CLEANUP: 1 | |
HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS: 3650 | |
- name: Install tacacs_plus | |
run: | | |
PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install tacacs_plus | |
# | |
# Ensure the homebrew version of clang is run rather than the Apple compiler. | |
# | |
- name: Set path for clang | |
run: | | |
echo "PATH=`brew --prefix`/opt/llvm@14/bin/:$PATH" >> $GITHUB_ENV | |
# | |
# Ensure Python 3.10 is used | |
# | |
- name: Set path for Python 3.10 | |
run: | | |
echo "PATH=`brew --prefix [email protected]`/bin/:$PATH" >> $GITHUB_ENV | |
# | |
# Build using some alternative libraries | |
# | |
# PCRE 2 -> PCRE 1 | |
# MIT Kerberos -> HEIMDAL Kerberos | |
# OpenSSL 1.0 -> OpenSSL 3.0 | |
# | |
- name: 'Fetch OpenSSL 3.0 SHA' | |
id: opensslshasum | |
if: ${{ matrix.env.LIBS_ALT == 'yes' }} | |
run: | | |
wget -qO- http://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz.sha256 | sed -ne 's/^\s\+/shasum=/p' >> $GITHUB_OUTPUT | |
- name: 'Restore OpenSSL 3.0 from the cache' | |
if: ${{ matrix.env.LIBS_ALT == 'yes' }} | |
uses: actions/cache@v4 | |
id: openssl-cache | |
with: | |
path: /opt/openssl/ | |
key: openssl3-${{ steps.opensslshasum.outputs.shasum }} | |
- name: 'Build OpenSSL 3.0 (if cache stale)' | |
if: ${{ matrix.env.LIBS_ALT == 'yes' && steps.openssl-cache.outputs.cache-hit != 'true' }} | |
run: | | |
cd ~ | |
wget https://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz | |
tar xzf openssl-$ALT_OPENSSL.tar.gz | |
cd openssl-$ALT_OPENSSL | |
./Configure --prefix=/opt/openssl --openssldir=. --debug | |
make -j `nproc` | |
make install_sw | |
- name: Use alternative libraries | |
if: ${{ matrix.env.LIBS_ALT == 'yes' }} | |
run: | | |
echo /opt/openssl/lib64 | sudo tee /etc/ld.so.conf.d/openssl3.conf >/dev/null | |
sudo ldconfig | |
sudo apt-get install -y --no-install-recommends libpcre3-dev # "PCRE 1" | |
sudo apt-get purge -y libpcre2-dev # Remove default PCRE 2, leaving only PCRE 1 | |
sudo apt-get install -y --no-install-recommends heimdal-dev | |
- name: Show versions | |
run: | | |
$CC --version | |
make --version | |
krb5-config --all || : | |
pcre-config --libs-posix --version 2>/dev/null || : | |
pcre2-config --libs-posix --version 2>/dev/null || : | |
[ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH | |
openssl version | |
- name: Configure | |
run: | | |
if $CC -v 2>&1 | grep clang > /dev/null; then | |
echo "Enabling sanitizers" | |
enable_sanitizers="--enable-address-sanitizer --enable-undefined-behaviour-sanitizer" | |
if [ "`uname`" != "Darwin" ]; then | |
enable_sanitizers="$enable_sanitizers --enable-leak-sanitizer" | |
fi | |
else | |
enable_sanitizers="" | |
fi | |
build_paths="" | |
if [ "`uname`" = "Darwin" ]; then | |
build_paths="--with-libfreeradius-ldap-lib-dir=`brew --prefix`/opt/openldap/lib --with-libfreeradius-ldap-include-dir=`brew --prefix`/opt/openldap/include --with-openssl-lib-dir=`brew --prefix`/opt/openssl/lib --with-openssl-include-dir=`brew --prefix`/opt/openssl/include --with-unixodbc-lib-dir=`brew --prefix`/opt/unixodbc/lib --with-unixodbc-include-dir=`brew --prefix`/opt/unixodbc/include --with-rlm-python-config-bin=`brew --prefix [email protected]`/bin/python3.10-config" | |
elif [ -d /opt/openssl ]; then | |
export PATH=/opt/openssl/bin:$PATH | |
build_paths="--with-openssl-lib-dir=/opt/openssl/lib64 --with-openssl-include-dir=/opt/openssl/include" | |
fi | |
CFLAGS="${BUILD_CFLAGS}" ./configure -C \ | |
--enable-developer \ | |
--enable-werror \ | |
$enable_sanitizers \ | |
$build_paths \ | |
--prefix=$HOME/freeradius \ | |
--with-threads=$LIBS_OPTIONAL \ | |
--with-udpfromto=$LIBS_OPTIONAL \ | |
--with-openssl=$LIBS_OPTIONAL \ | |
--with-pcre=$LIBS_OPTIONAL | |
echo "config.log" | |
cat config.log | |
echo "Contents of src/include/autoconf.h" | |
cat "./src/include/autoconf.h" | |
- name: Make | |
run: | | |
[ -d /opt/openssl ] && export PATH=/opt/openssl/bin:$PATH | |
make -j `nproc` | |
- name: "Clang Static Analyzer: Store assets on failure" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: clang-scan.tgz | |
path: build/plist/**/*.html | |
retention-days: 30 | |
if: ${{ matrix.env.CC == 'clang' && failure() }} | |
# No detect_leaks support for ASAN on macOS | |
- name: Run basic tests (macOS) | |
run: | | |
make -j `nproc` test.keywords test.unit test.modules test.auth test.digest | |
make test | |
env: | |
ASAN_OPTIONS: symbolize=1 detect_stack_use_after_return=1 | |
# | |
# If the CI has failed and the branch is ci-debug then we start a tmate | |
# session to provide interactive shell access to the session. | |
# | |
# The SSH rendezvous point will be emited continuously in the job output, | |
# which will look something like: | |
# | |
# SSH: ssh [email protected] | |
# | |
# For example: | |
# | |
# git push origin ci-debug --force | |
# | |
# Look at the job output in: https://github.com/FreeRADIUS/freeradius-server/actions | |
# | |
# ssh [email protected] | |
# | |
# Access requires that you have the private key corresponding to the | |
# public key of the GitHub user that initiated the job. | |
# | |
- name: "Debug: Start tmate" | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} |