diff mbox series

[ima-evm-utils,9/9] travis: Switch to docker based builds

Message ID 20200813182532.6931-10-pvorel@suse.cz (mailing list archive)
State New, archived
Headers show
Series Docker based Travis CI builds | expand

Commit Message

Petr Vorel Aug. 13, 2020, 6:25 p.m. UTC 
This requires to have distro specific install scripts and build.sh
script.

For now ibmswtpm2 is compiled just for native builds (depends on gcc,
compiled natively). libtmps/swtpm could be used.

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 .travis.yml                    | 106 +++++++++++++++++++++++----------
 build.sh                       |  97 ++++++++++++++++++++++++++++++
 travis/alpine.sh               |  50 ++++++++++++++++
 travis/centos.sh               |   1 +
 travis/debian.cross-compile.sh |  23 +++++++
 travis/debian.i386.sh          |  11 ++++
 travis/debian.sh               |  54 +++++++++++++++++
 travis/fedora.sh               |  49 +++++++++++++++
 travis/opensuse.sh             |   1 +
 travis/tumbleweed.sh           |  45 ++++++++++++++
 travis/ubuntu.sh               |   1 +
 11 files changed, 405 insertions(+), 33 deletions(-)
 create mode 100755 build.sh
 create mode 100755 travis/alpine.sh
 create mode 120000 travis/centos.sh
 create mode 100755 travis/debian.cross-compile.sh
 create mode 100755 travis/debian.i386.sh
 create mode 100755 travis/debian.sh
 create mode 100755 travis/fedora.sh
 create mode 120000 travis/opensuse.sh
 create mode 100755 travis/tumbleweed.sh
 create mode 120000 travis/ubuntu.sh

Comments

Mimi Zohar Aug. 16, 2020, 6:52 p.m. UTC | #1 
On Thu, 2020-08-13 at 20:25 +0200, Petr Vorel wrote:
> This requires to have distro specific install scripts and build.sh
> script.
> 
> For now ibmswtpm2 is compiled just for native builds (depends on gcc,
> compiled natively). libtmps/swtpm could be used.

Note:  in addition to installing a software TPM, the software TPM PCRs
needs to be initialized based on the TPM event log.  For now there is a
dependency on "tsseventextend" to walk the TPM event log extending the
software TPM PCRs in order to validate the "boot_aggregate".   Without
either a software TPM or "tsseventextend" installed, the
"boot_aggregate.test" will be skipped.

Mimi
Petr Vorel Aug. 17, 2020, 8:04 a.m. UTC | #2 
Hi Mimi,

I'm sorry I left debugging code in travis/fedora.sh.

> --- /dev/null
> +++ b/travis/fedora.sh
> @@ -0,0 +1,49 @@
> +#!/bin/sh
> +# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
> +set -e
> +
> +if [ -z "$CC" ]; then
> +	echo "missing \$CC!" >&2
> +	exit 1
> +fi
> +
> +case "$TSS" in
> +ibmtss) TSS="tss2-devel";;
> +tpm2-tss) TSS="tpm2-tss-devel";;
> +'') echo "Missing TSS!" >&2; exit 1;;
> +*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
> +esac
> +
> +# ibmswtpm2 requires gcc
> +[ "$CC" = "gcc" ] || CC="gcc $CC"
> +
> +yum -y install \
> +	$CC $TSS \
> +	asciidoc \
> +	attr \
> +	autoconf \
> +	automake \
> +	diffutils \
> +	docbook-xsl \
> +	gzip \
> +	keyutils-libs-devel \
> +	libattr-devel \
> +	libtool \
> +	libxslt \
> +	make \
> +	openssl \
> +	openssl-devel \
> +	pkg-config \
> +	procps \
> +	sudo \
> +	vim-common \
> +	wget \
> +	which
> +
> +yum -y install docbook5-style-xsl || true

These lines below needs to be removed.
> +
> +# FIXME: debug
> +echo "find /tss2_esys.h"
> +find /usr/ 2>/dev/null |grep /tss2_esys.h || true
> +echo "cat /usr/include/tss2/tss2_esys.h"
> +cat /usr/include/tss2/tss2_esys.h || true

Kind regards,
Petr
Bruno Meneguele Aug. 17, 2020, 6:38 p.m. UTC | #3 
On Mon, Aug 17, 2020 at 10:04:51AM +0200, Petr Vorel wrote:
> Hi Mimi,
> 
> I'm sorry I left debugging code in travis/fedora.sh.
> 
> > --- /dev/null
> > +++ b/travis/fedora.sh
> > @@ -0,0 +1,49 @@
> > +#!/bin/sh
> > +# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
> > +set -e
> > +
> > +if [ -z "$CC" ]; then
> > +	echo "missing \$CC!" >&2
> > +	exit 1
> > +fi
> > +
> > +case "$TSS" in
> > +ibmtss) TSS="tss2-devel";;

Unfortunately tss2 is only shipped for ppc64 today on CentOS. But there
are plans to enable it to all other supported arches soon.

> > +tpm2-tss) TSS="tpm2-tss-devel";;
> > +'') echo "Missing TSS!" >&2; exit 1;;
> > +*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
> > +esac
> > +
> > +# ibmswtpm2 requires gcc
> > +[ "$CC" = "gcc" ] || CC="gcc $CC"
> > +
> > +yum -y install \
> > +	$CC $TSS \
> > +	asciidoc \
> > +	attr \
> > +	autoconf \
> > +	automake \
> > +	diffutils \
> > +	docbook-xsl \
> > +	gzip \
> > +	keyutils-libs-devel \
> > +	libattr-devel \
> > +	libtool \
> > +	libxslt \
> > +	make \
> > +	openssl \
> > +	openssl-devel \
> > +	pkg-config \
> > +	procps \
> > +	sudo \
> > +	vim-common \
> > +	wget \
> > +	which
> > +
> > +yum -y install docbook5-style-xsl || true
> 
> These lines below needs to be removed.

+1

> > +
> > +# FIXME: debug
> > +echo "find /tss2_esys.h"
> > +find /usr/ 2>/dev/null |grep /tss2_esys.h || true
> > +echo "cat /usr/include/tss2/tss2_esys.h"
> > +cat /usr/include/tss2/tss2_esys.h || true
> 
> Kind regards,
> Petr
>
Petr Vorel Aug. 17, 2020, 7:56 p.m. UTC | #4 
Hi Bruno,

> On Mon, Aug 17, 2020 at 10:04:51AM +0200, Petr Vorel wrote:
> > Hi Mimi,

> > I'm sorry I left debugging code in travis/fedora.sh.

> > > --- /dev/null
> > > +++ b/travis/fedora.sh
> > > @@ -0,0 +1,49 @@
> > > +#!/bin/sh
> > > +# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
> > > +set -e
> > > +
> > > +if [ -z "$CC" ]; then
> > > +	echo "missing \$CC!" >&2
> > > +	exit 1
> > > +fi
> > > +
> > > +case "$TSS" in
> > > +ibmtss) TSS="tss2-devel";;

> Unfortunately tss2 is only shipped for ppc64 today on CentOS. But there
> are plans to enable it to all other supported arches soon.

I'm sorry I haven't noticed that they're not installed on intel.
Hope they'll fix it soon.

Thanks for testing!

Kind regards,
Petr

> > > +tpm2-tss) TSS="tpm2-tss-devel";;
> > > +'') echo "Missing TSS!" >&2; exit 1;;
> > > +*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
> > > +esac
...
diff mbox series

Patch

diff --git a/.travis.yml b/.travis.yml
index cdfba49..849fcb6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,38 +1,78 @@ 
 dist: bionic
 language: C
-addons:
- apt:
-  packages:
-   - libkeyutils-dev
-   - libattr1-dev
-   - attr
-   - openssl
-   - libssl-dev
-   - asciidoc
-   - xsltproc
-   - docbook-xsl
-   - docbook-xml
+services:
+    - docker
+
 matrix:
-   include:
-     - env: TSS=ibmtss
-     - env: TSS=tpm2-tss
-install:
-   - if [ "${TSS}" = "tpm2-tss" ]; then
-           sudo apt-get install lcov pandoc autoconf-archive liburiparser-dev;
-           sudo apt-get install libdbus-1-dev libglib2.0-dev dbus-x11 libgcrypt-dev;
-           sudo apt-get install libssl-dev doxygen libjson-c-dev;
-           sudo apt-get install libini-config-dev libltdl-dev;
-           sudo apt-get install uuid-dev libcurl4-openssl-dev;
-          ./tests/install-tpm2-tss.sh;
-     fi
-   - ./tests/install-swtpm.sh
-   - ./tests/install-tss.sh
+    include:
+        # 32 bit build
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=i386 ARCH=i386 TSS=tpm2-tss
+          compiler: gcc
 
-script:
-   - export LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib;
-   - export PATH=$PATH:/usr/local/bin;
-   - autoreconf -i && ./configure && make -j$(nproc) && sudo make install && VERBOSE=1 make check;
+        # cross compilation builds
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=ppc64el TSS=ibmtss
+          compiler: powerpc64le-linux-gnu-gcc
+
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=arm64 TSS=tpm2-tss
+          compiler: aarch64-linux-gnu-gcc
+
+        - os: linux
+          env: DISTRO=debian:stable VARIANT=cross-compile ARCH=s390x TSS=ibmtss
+          compiler: s390x-linux-gnu-gcc
+
+        # musl
+        - os: linux
+          env: DISTRO=alpine:latest TSS=tpm2-tss
+          compiler: gcc
+
+        # glibc (gcc/clang)
+        - os: linux
+          env: DISTRO=opensuse/tumbleweed TSS=ibmtss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=opensuse/leap TSS=tpm2-tss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=ubuntu:eoan TSS=ibmtss
+          compiler: gcc
 
-   - tail -3 tests/ima_hash.log;
-   - tail -3 tests/sign_verify.log;
-   - tail -20 tests/boot_aggregate.log;
+        - os: linux
+          env: DISTRO=ubuntu:xenial TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=fedora:latest TSS=ibmtss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=centos:7 TSS=tpm2-tss
+          compiler: gcc
+
+        - os: linux
+          env: DISTRO=centos:latest TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=debian:testing TSS=tpm2-tss
+          compiler: clang
+
+        - os: linux
+          env: DISTRO=debian:stable TSS=ibmtss
+          compiler: gcc
+
+before_install:
+    - df -hT
+    - DIR="/usr/src/ima-evm-utils"
+    - printf "FROM $DISTRO\nRUN mkdir -p $DIR\nWORKDIR $DIR\nCOPY . $DIR\n" > Dockerfile
+    - cat Dockerfile
+    - docker build -t ima-evm-utils .
+
+script:
+    - INSTALL="${DISTRO%%:*}"
+    - INSTALL="${INSTALL%%/*}"
+    - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh"
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..b922fa6
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,97 @@ 
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+
+set -e
+
+CC="${CC:-gcc}"
+CFLAGS="${CFLAGS:--Wformat -Werror=format-security -Werror=implicit-function-declaration -Werror=return-type -fno-common}"
+PREFIX="${PREFIX:-$HOME/ima-evm-utils-install}"
+
+export LD_LIBRARY_PATH="$PREFIX/lib64:$PREFIX/lib:/usr/local/lib64:/usr/local/lib"
+export PATH="$PREFIX/bin:/usr/local/bin:$PATH"
+
+title()
+{
+	echo "===== $1 ====="
+}
+
+log_exit()
+{
+	local ret="${3:-$?}"
+	local log="$1"
+	local msg="$2"
+	local prefix
+
+	echo "=== $log ==="
+	[ $ret -eq 0 ] || prefix="FAIL: "
+	cat $log
+	echo
+	echo "$prefix$msg, see output of $log above"
+	exit $ret
+}
+
+cd `dirname $0`
+
+case "$VARIANT" in
+	i386)
+		echo "32-bit compilation"
+		export CFLAGS="-m32 $CFLAGS" LDFLAGS="-m32 $LDFLAGS"
+		export PKG_CONFIG_LIBDIR=/usr/lib/i386-linux-gnu/pkgconfig
+		;;
+	cross-compile)
+		host="${CC%-gcc}"
+		export CROSS_COMPILE="${host}-"
+		host="--host=$host"
+		echo "cross compilation: $host"
+		echo "CROSS_COMPILE: '$CROSS_COMPILE'"
+		;;
+	*)
+		if [ "$VARIANT" ]; then
+			echo "Wrong VARIANT: '$VARIANT'" >&2
+			exit 1
+		fi
+		echo "native build"
+		;;
+esac
+
+title "compiler version"
+$CC --version
+echo "CFLAGS: '$CFLAGS'"
+echo "LDFLAGS: '$LDFLAGS'"
+echo "PREFIX: '$PREFIX'"
+
+title "configure"
+./autogen.sh
+./configure --prefix=$PREFIX $host || log_exit config.log "configure failed"
+
+title "make"
+make -j$(nproc)
+make install
+
+title "test"
+if [ "$VARIANT" = "cross-compile" ]; then
+	echo "skip make check on cross compilation"
+	exit 0
+fi
+
+ret=0
+VERBOSE=1 make check || ret=$?
+
+title "logs"
+if [ $ret -eq 0 ]; then
+	tail -3 tests/ima_hash.log
+	tail -3 tests/sign_verify.log
+	tail -20 tests/boot_aggregate.log
+	exit 0
+fi
+
+cat tests/test-suite.log
+
+if [ $ret -eq 77 ]; then
+	msg="WARN: some tests skipped"
+	ret=0
+else
+	msg="FAIL: tests exited: $ret"
+fi
+
+log_exit tests/test-suite.log "$msg" $ret
diff --git a/travis/alpine.sh b/travis/alpine.sh
new file mode 100755
index 0000000..63d7954
--- /dev/null
+++ b/travis/alpine.sh
@@ -0,0 +1,50 @@ 
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) echo "No IBM TSS package, will be installed from git" >&2; TSS=;;
+tpm2-tss) TSS="tpm2-tss-dev";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+apk update
+
+apk add \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	attr-dev \
+	autoconf \
+	automake \
+	diffutils \
+	docbook-xml \
+	docbook-xsl \
+	keyutils-dev \
+	libtool \
+	libxslt \
+	linux-headers \
+	make \
+	musl-dev \
+	openssl \
+	openssl-dev \
+	pkgconfig \
+	procps \
+	sudo \
+	wget \
+	which \
+	xxd
+
+if [ ! "$TSS" ]; then
+	apk add git
+	../tests/install-tss.sh
+fi
diff --git a/travis/centos.sh b/travis/centos.sh
new file mode 120000
index 0000000..1479a43
--- /dev/null
+++ b/travis/centos.sh
@@ -0,0 +1 @@ 
+fedora.sh
\ No newline at end of file
diff --git a/travis/debian.cross-compile.sh b/travis/debian.cross-compile.sh
new file mode 100755
index 0000000..5456d12
--- /dev/null
+++ b/travis/debian.cross-compile.sh
@@ -0,0 +1,23 @@ 
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$ARCH" ]; then
+	echo "missing \$ARCH!" >&2
+	exit 1
+fi
+
+case "$ARCH" in
+arm64) gcc_arch="aarch64";;
+ppc64el) gcc_arch="powerpc64le";;
+s390x) gcc_arch="$ARCH";;
+*) echo "unsupported arch: '$ARCH'!" >&2; exit 1;;
+esac
+
+dpkg --add-architecture $ARCH
+apt update
+
+apt install -y --no-install-recommends \
+	dpkg-dev \
+	gcc-${gcc_arch}-linux-gnu \
+	libc6-dev-${ARCH}-cross
diff --git a/travis/debian.i386.sh b/travis/debian.i386.sh
new file mode 100755
index 0000000..1cad06e
--- /dev/null
+++ b/travis/debian.i386.sh
@@ -0,0 +1,11 @@ 
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+dpkg --add-architecture i386
+apt update
+
+apt install -y --no-install-recommends \
+	linux-libc-dev:i386 \
+	gcc-multilib \
+	pkg-config:i386
diff --git a/travis/debian.sh b/travis/debian.sh
new file mode 100755
index 0000000..ad7d2c0
--- /dev/null
+++ b/travis/debian.sh
@@ -0,0 +1,54 @@ 
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+# debian.*.sh must be run first
+if [ "$ARCH" ]; then
+	ARCH=":$ARCH"
+	unset CC
+else
+	apt update
+fi
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+case "$TSS" in
+ibmtss) TSS="libtss-dev";;
+tpm2-tss) TSS="libtss2-dev";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) [ "$TSS" ] && echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+apt="apt install -y --no-install-recommends"
+
+$apt \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	debianutils \
+	docbook-xml \
+	docbook-xsl \
+	gzip \
+	libattr1-dev$ARCH \
+	libkeyutils-dev$ARCH \
+	libssl-dev$ARCH \
+	libtool \
+	make \
+	openssl \
+	pkg-config \
+	procps \
+	sudo \
+	wget \
+	xsltproc \
+
+$apt xxd || $apt vim-common
+$apt libengine-gost-openssl1.1$ARCH || true
diff --git a/travis/fedora.sh b/travis/fedora.sh
new file mode 100755
index 0000000..d3459e4
--- /dev/null
+++ b/travis/fedora.sh
@@ -0,0 +1,49 @@ 
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -e
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) TSS="tss2-devel";;
+tpm2-tss) TSS="tpm2-tss-devel";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# ibmswtpm2 requires gcc
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+yum -y install \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	docbook-xsl \
+	gzip \
+	keyutils-libs-devel \
+	libattr-devel \
+	libtool \
+	libxslt \
+	make \
+	openssl \
+	openssl-devel \
+	pkg-config \
+	procps \
+	sudo \
+	vim-common \
+	wget \
+	which
+
+yum -y install docbook5-style-xsl || true
+
+# FIXME: debug
+echo "find /tss2_esys.h"
+find /usr/ 2>/dev/null |grep /tss2_esys.h || true
+echo "cat /usr/include/tss2/tss2_esys.h"
+cat /usr/include/tss2/tss2_esys.h || true
diff --git a/travis/opensuse.sh b/travis/opensuse.sh
new file mode 120000
index 0000000..11c5f4b
--- /dev/null
+++ b/travis/opensuse.sh
@@ -0,0 +1 @@ 
+tumbleweed.sh
\ No newline at end of file
diff --git a/travis/tumbleweed.sh b/travis/tumbleweed.sh
new file mode 100755
index 0000000..ec4dc43
--- /dev/null
+++ b/travis/tumbleweed.sh
@@ -0,0 +1,45 @@ 
+#!/bin/sh
+# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+set -ex
+
+if [ -z "$CC" ]; then
+	echo "missing \$CC!" >&2
+	exit 1
+fi
+
+case "$TSS" in
+ibmtss) TSS="ibmtss-devel";;
+tpm2-tss) TSS="tpm2-0-tss-devel";;
+'') echo "Missing TSS!" >&2; exit 1;;
+*) echo "Unsupported TSS: '$TSS'!" >&2; exit 1;;
+esac
+
+# clang has some gcc dependency
+[ "$CC" = "gcc" ] || CC="gcc $CC"
+
+zypper --non-interactive install --force-resolution --no-recommends \
+	$CC $TSS \
+	asciidoc \
+	attr \
+	autoconf \
+	automake \
+	diffutils \
+	docbook_5 \
+	docbook5-xsl-stylesheets \
+	gzip \
+	ibmswtpm2 \
+	keyutils-devel \
+	libattr-devel \
+	libopenssl-devel \
+	libtool \
+	make \
+	openssl \
+	pkg-config \
+	procps \
+	sudo \
+	vim \
+	wget \
+	which \
+	xsltproc
+
+[ -f /usr/lib/ibmtss/tpm_server ] && ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin
diff --git a/travis/ubuntu.sh b/travis/ubuntu.sh
new file mode 120000
index 0000000..0edcb8b
--- /dev/null
+++ b/travis/ubuntu.sh
@@ -0,0 +1 @@ 
+debian.sh
\ No newline at end of file