tor

.travis.yml (10566B)

---

language: c

cache:
 ccache: true

compiler:
 - gcc

os:
 - linux

## We don't use the build matrix cross-product, because it makes too many jobs
## Instead, we list each job under matrix: include:
env:
 global:
   ## The Travis CI environment allows us two cores, so let's use both.  Also,
   ## let's use the "-k" flag so that we get all of the compilation failures,
   ## not just the first one.
   - MAKEFLAGS="-k -j 2"
   ## We turn on hardening by default
   ## Also known as --enable-fragile-hardening in 0.3.0.3-alpha and later
   - HARDENING_OPTIONS="--enable-all-bugs-are-fatal --enable-expensive-hardening"
   ## We turn off asciidoc by default, because it's slow
   - ASCIIDOC_OPTIONS="--disable-asciidoc"
   ## Turn off tor's sandbox in chutney, until we fix sandbox errors that are
   ## triggered by Ubuntu Xenial and Bionic. See #32722.
   - CHUTNEY_TOR_SANDBOX="0"
   ## The default target for chutney jobs
   - CHUTNEY_MAKE="test-network-all"
 matrix:
   ## This matrix entry is required, but it doesn't actually create any jobs
   -

matrix:
 ## include creates builds with gcc, linux, unless we override those defaults
 include:
   ## We run chutney on macOS, because macOS Travis has IPv6
   ## But we only run the IPv6 chutney tests, to speed up the job
   - env: CHUTNEY_MAKE="test-network-ipv6" CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
     os: osx

   ## We also run basic tests on macOS
   - compiler: clang
     os: osx
     ## Turn off some newer features, turn on clang's -Wtypedef-redefinition
     ## Also, disable ALL_BUGS_ARE_FATAL macro.
     env: C_DIALECT_OPTIONS="-std=gnu99" HARDENING_OPTIONS="--enable-expensive-hardening"

   ## We run chutney on Linux, because it's faster than chutney on macOS
   ## Chutney is a fast job, clang is slower on Linux, so we do Chutney clang
   - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
     compiler: clang

   ## We check asciidoc with distcheck, to make sure we remove doc products
   - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes"

   ## We check disable module relay
   - env: MODULES_OPTIONS="--disable-module-relay" HARDENING_OPTIONS="--enable-expensive-hardening"
   ## We check disable module dirauth
   - env: MODULES_OPTIONS="--disable-module-dirauth" HARDENING_OPTIONS="--enable-expensive-hardening"

   ## We check NSS
   ## Use -std=gnu99 to turn off some newer features, and maybe turn on some
   ## extra gcc warnings?
   - env: NSS_OPTIONS="--enable-nss" C_DIALECT_OPTIONS="-std=gnu99" HARDENING_OPTIONS="--enable-expensive-hardening"

   ## We include a single coverage build with the best options for coverage
   - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" TOR_TEST_RNG_SEED="636f766572616765"

   ## We clone our stem repo and run `make test-stem`
   - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"

   ## We run `make doxygen` without `make check`.
   - env: SKIP_MAKE_CHECK="yes" DOXYGEN="yes"

 ## Allow the build to report success (with non-required sub-builds
 ## continuing to run) if all required sub-builds have succeeded.
 fast_finish: true

 ## Careful! We use global envs, which makes it hard to allow failures by env:
 ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
 allow_failures:
   ## Since we're actively developing IPv6, we want to require the IPv6
   ## chutney tests
   #- env: CHUTNEY_MAKE="test-network-ipv6" CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
   #  os: osx

## (Linux only) Use a recent Linux image (Ubuntu Bionic)
dist: bionic

## Download our dependencies
addons:
 ## (Linux only)
 apt:
   packages:
     ## Required dependencies
     - libevent-dev
     ## Ubuntu comes with OpenSSL by default
     #- libssl-dev
     - zlib1g-dev
     ## Optional dependencies
     - libcap-dev
     - liblzma-dev
     - libnss3-dev
     - libscrypt-dev
     - libseccomp-dev
     - libzstd-dev
     ## Optional build dependencies
     - coccinelle
     - shellcheck
     ## Conditional build dependencies
     ## Always installed, so we don't need sudo
     - asciidoc
     - docbook-xsl
     - docbook-xml
     - xmlto
     - doxygen
     ## Utilities
     ## preventing or diagnosing hangs
     - timelimit
 ## (OSX only)
 homebrew:
   packages:
     ## Required dependencies
     - libevent
     ## The OSX version of OpenSSL is way too old
     - openssl
     ## OSX comes with zlib by default
     ## to use a newer zlib, pass the keg path to configure (like OpenSSL)
     #- zlib
     ## Optional dependencies
     - libscrypt
     - xz
     - zstd
     ## Required build dependencies
     ## Tor needs pkg-config to find some dependencies at build time
     - pkg-config
     ## Optional build dependencies
     - ccache
     - coccinelle
     - shellcheck
     ## Conditional build dependencies
     ## Always installed, because manual brew installs are hard to get right
     - asciidoc
     - xmlto
     ## Utilities
     ## preventing or diagnosing hangs
     - timelimit

## (OSX only) Use a recent macOS image
## See https://docs.travis-ci.com/user/reference/osx#os-x-version
## Default is Xcode 9.4 on macOS 10.13 as of October 2019
## Recent is Xcode 11.2 on macOS 10.14 as of October 2019
osx_image: xcode11.2

before_install:
 ## Set pipefail: we use pipes
 - set -o pipefail || echo "pipefail failed"

install:
 ## If we're on OSX, configure ccache (ccache is automatically installed and configured on Linux)
 - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export PATH="/usr/local/opt/ccache/libexec:$PATH"; fi
 ## If we're on OSX, OpenSSL is keg-only, so tor 0.2.9 and later need to be configured --with-openssl-dir= to build
 - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then OPENSSL_OPTIONS=--with-openssl-dir=`brew --prefix openssl`; fi
 ## Install conditional features
 ## Install coveralls
 - if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
 ## If we're on OSX, and using asciidoc, configure asciidoc
 - if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
 ## If we're running chutney, install it.
 - if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
 ## If we're running stem, install it.
 - if [[ "$TEST_STEM" != "" ]]; then git clone --depth 1 https://github.com/torproject/stem.git ; export STEM_SOURCE_DIR=`pwd`/stem; fi
 ##
 ## Finally, list installed package versions
 - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi
 - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew list --versions; fi
 ## Get python version
 - python --version
 ## If we're running chutney, show the chutney commit
 - if [[ "$CHUTNEY" != "" ]]; then pushd "$CHUTNEY_PATH"; git log -1 ; popd ; fi
 ## If we're running stem, show the stem version and commit
 - if [[ "$TEST_STEM" != "" ]]; then pushd stem; python -c "from stem import stem; print(stem.__version__);"; git log -1; popd; fi
 ## Get the coccinelle version
 ## Installs are unreliable on macOS, so we just rely on brew list --versions
 - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then spatch --version; fi
 ## We don't want Tor tests to depend on default configuration file at
 ## ~/.torrc. So we put some random bytes in there, to make sure we get build
 ## failures in case Tor is reading it during CI jobs.
 - dd ibs=1 count=1024 if=/dev/urandom > ~/.torrc

script:
 # Skip test_rebind and test_include on macOS
 - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export TOR_SKIP_TEST_REBIND=true; export TOR_SKIP_TEST_INCLUDE=true; fi
 - ./autogen.sh
 - CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $MODULES_OPTIONS $NSS_OPTIONS $OPENSSL_OPTIONS --enable-fatal-warnings --disable-silent-rules"
 - echo "Configure flags are $CONFIGURE_FLAGS CC=\"$CC $C_DIALECT_OPTIONS\""
 - ./configure $CONFIGURE_FLAGS CC="$CC $C_DIALECT_OPTIONS";
 ## We run `make check` because that's what https://jenkins.torproject.org does.
 - if [[ "$SKIP_MAKE_CHECK" == "" ]]; then make check; fi
 - if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
 - if [[ "$CHUTNEY" != "" ]]; then make "$CHUTNEY_MAKE"; fi
 ## Diagnostic for bug 29437: kill stem if it hangs for 9.5 minutes
 ## Travis will kill the job after 10 minutes with no output
 - if [[ "$TEST_STEM" != "" ]]; then make src/app/tor; timelimit -p -t 540 -s USR1 -T 30 -S ABRT python3 "$STEM_SOURCE_DIR"/run_tests.py --tor src/app/tor --integ --test control.controller --test control.base_controller --test process --log TRACE --log-file stem.log; fi
 - if [[ "$DOXYGEN" != "" ]]; then make doxygen; fi
 ## If this build was one that produced coverage, upload it.
 - if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p' || echo "Coverage failed"; fi

after_failure:
 ## configure will leave a log file with more details of config failures.
 ## But the log is too long for travis' rendered view, so tail it.
 - tail -1000 config.log || echo "tail failed"
 ## `make check` will leave a log file with more details of test failures.
 - if [[ "$SKIP_MAKE_CHECK" == "" ]]; then cat test-suite.log || echo "cat failed"; fi
 ## `make distcheck` puts it somewhere different.
 - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog || echo "make failed"; fi
 - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-core || echo "make failed"; fi
 - if [[ "$CHUTNEY" != "" ]]; then "$CHUTNEY_PATH/tools/diagnostics.sh" || echo "diagnostics failed"; ls test_network_log || echo "ls failed"; cat test_network_log/* || echo "cat failed"; fi
 - if [[ "$TEST_STEM" != "" ]]; then tail -1000 "$STEM_SOURCE_DIR"/test/data/tor_log || echo "tail failed"; fi
 - if [[ "$TEST_STEM" != "" ]]; then grep -v "SocketClosed" stem.log | tail -1000 || echo "grep | tail failed"; fi

before_cache:
 ## Delete all gcov files.
 - if [[ "$COVERAGE_OPTIONS" != "" ]]; then make reset-gcov; fi

notifications:
 irc:
   channels:
     - "irc.oftc.net#tor-ci"
   template:
     - "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
     - "Build #%{build_number} %{result}. Details: %{build_url}"
   on_success: change
   on_failure: change
 email:
   on_success: never
   on_failure: change