[Git][NTPsec/ntpsec][20L-Dec24-unholy] Deleted 2 commits: wafhelpers: (ab)Use new openssl checks.
James Browning
gitlab at mg.gitlab.com
Fri Dec 25 19:37:01 UTC 2020
James Browning pushed to branch 20L-Dec24-unholy at NTPsec / ntpsec
WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below.
Deleted commits:
eaa44c4f by James Browning at 2020-12-24T14:04:54-08:00
wafhelpers: (ab)Use new openssl checks.
- - - - -
38c5cf97 by James Browning at 2020-12-25T11:30:53-08:00
CI: r3 dump some information I should remember.
- - - - -
7 changed files:
- .gitlab-ci.yml
- tests/option-tester.sh
- tests/python2-tester.sh
- tests/python3-tester.sh
- wafhelpers/openssl.py
- − wafhelpers/tlscheck.py
- wscript
Changes:
=====================================
.gitlab-ci.yml
=====================================
@@ -1,30 +1,3 @@
-pages:
- stage: build
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine-pages
- rules:
- - if: '$CI_PIPELINE_SOURCE == "schedule"'
- script:
- - python3 ./waf configure --prefix=/tmp/docbot-local --htmldir=`pwd`/public/latest/ --enable-doc --disable-manpage build install
- - cp www/favicon.ico public
- - cp docs/top.html.in public/index.html
- - cp docs/top-asciidoc.css public/asciidoc.css
- - mv public/latest/404.html public/404.html
- - sed -i -E -e 's!\./(asciidoc\.(js|css))!\./latest/\1!g' public/404.html
- - find public -type f -iregex '.*\.\(htm\|html\|txt\|text\|js\|css\)$' -execdir gzip -f --keep {} \;
- allow_failure: true
- artifacts:
- paths:
- - public
- tags:
- - gitlab-org
-
-include:
- - template: Code-Quality.gitlab-ci.yml
- - template: SAST.gitlab-ci.yml
- - template: License-Scanning.gitlab-ci.yml
- - local: '.gitlab-opttest-ci.yml'
- - local: '.gitlab-ci-docker-images.yml'
-
.job_template: &job_definition
stage: build
rules:
@@ -32,422 +5,13 @@ include:
tags:
- gitlab-org
-.job_template_allow_failure: &job_definition_allow_failure
- <<: *job_definition
- allow_failure: true
-
-alpine-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-alpine-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-alpine-edge-basic:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine-edge
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-alpine-edge-refclocks:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine-edge
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-AsciiDoc-3-Fedora:
- <<: *job_definition_allow_failure
- image: fedora
- script:
- - yum -y install bison gcc openssl-devel libcap-devel pps-tools-devel python3-devel wget unzip libxslt docbook-style-xsl
- - wget https://asciidoc3.org/asciidoc3-3.2.0.zip
- - unzip asciidoc3-3.2.0.zip -d asciidoc3
- - ln -sv a2x3.py asciidoc3/a2x3
- - ln -sv asciidoc3.py asciidoc3/asciidoc3
- - asciidoc3/asciidoc3 --version || echo -n
- - PATH="$PWD/asciidoc3:$PATH" python3 ./waf configure --enable-doc --enable-manpage build
-
-AsciiDoc-classic2-Alpine:
- <<: *job_definition
- image: alpine
- script:
- - apk update && apk add gcc bison musl-dev openssl-dev libcap-dev python2-dev asciidoc
- - python ./waf configure --enable-doc --enable-manpage build
-
-AsciiDoc-classic3-Alpine:
- <<: *job_definition
- image: alpine
- script:
- - apk update && apk add gcc bison musl-dev openssl-dev libcap-dev python3-dev asciidoc
- - python3 ./waf configure --enable-doc --enable-manpage build
-
-AsciiDoc-no:
- <<: *job_definition
- image: alpine
- script:
- - apk update && apk add gcc bison musl-dev openssl-dev libcap-dev python2-dev
- - python ./waf configure --disable-doc --disable-manpage build
-
-AsciiDoc-py3-Ubuntu:
- <<: *job_definition
- image: ubuntu:devel
- script:
- - apt-get update
- - DEBIAN_FRONTEND="noninteractive" apt-get install -y netbase bison gcc libssl-dev libcap-dev pps-tools python3-dev asciidoc-base
- - python3 ./waf configure --enable-doc --enable-manpage build
-
-debian-oldstable-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-oldstable
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --disable-nts build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-debian-oldstable-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-oldstable
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --disable-nts --refclock=all build
-
-debian-stable-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-stable
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-debian-stable-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-stable
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-debian-testing-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-testing
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-debian-testing-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-testing
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-debian-unstable-basic:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-unstable
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-debian-unstable-refclocks:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-unstable
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-ubuntu-latest-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/ubuntu-latest
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-ubuntu-latest-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/ubuntu-latest
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-ubuntu-rolling-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/ubuntu-rolling
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-ubuntu-rolling-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/ubuntu-rolling
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-ubuntu-devel-basic:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/ubuntu-devel
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-ubuntu-devel-refclocks:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/ubuntu-devel
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-freebsd-11-basic:
- <<: *job_definition
- script:
- - python ./waf configure --disable-doc --disable-manpage --disable-nts build
- - DESTDIR=build/prison python ./waf install
- - DESTDIR=./prison python ./waf install
- - DESTDIR=../prison python ./waf install
- - rm -rvf build/prison ./prison ../prison
- tags:
- - freebsd-11
- rules:
- - if: '$CI_COMMIT_BRANCH && $CI_PROJECT_PATH == "NTPsec/ntpsec"'
- when: never
- - when: never
-
-freebsd-11-refclocks:
- <<: *job_definition
- script:
- - python ./waf configure --disable-doc --disable-manpage --disable-nts --refclock=all build
- tags:
- - freebsd-11
- rules:
- - if: '$CI_COMMIT_BRANCH && $CI_PROJECT_PATH == "NTPsec/ntpsec"'
- when: never
- - when: never
-
-freebsd-12-basic:
- <<: *job_definition
- script:
- - python ./waf configure --disable-doc --disable-manpage build
- - DESTDIR=build/prison python ./waf install
- - DESTDIR=./prison python ./waf install
- - DESTDIR=../prison python ./waf install
- - rm -rvf build/prison ./prison ../prison
- tags:
- - freebsd-12
- rules:
- - if: '$CI_COMMIT_BRANCH && $CI_PROJECT_PATH == "NTPsec/ntpsec"'
- when: never
- - when: never
-
-freebsd-12-refclocks:
- <<: *job_definition
- script:
- - python ./waf configure --disable-doc --disable-manpage --refclock=all build
- tags:
- - freebsd-12
- rules:
- - if: '$CI_COMMIT_BRANCH && $CI_PROJECT_PATH == "NTPsec/ntpsec"'
- when: never
- - when: never
-
-centos-latest-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/centos-latest
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-centos-latest-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/centos-latest
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-fedora-latest-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/fedora-latest
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-fedora-latest-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/fedora-latest
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-fedora-rawhide-basic:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/fedora-rawhide
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-fedora-rawhide-refclocks:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/fedora-rawhide
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-fedora-rawhide-refclocks-gpsd:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/fedora-rawhide-gpsd
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-python3-rc:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/python3-rc
- script:
- - python ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-python-coverage:
- <<: *job_definition
- script:
- - apt-get update -qq && apt-get install -y -qq netbase bison python-dev python-coverage
- - python ./waf configure --disable-doc --disable-manpage build
- - for i in build/main/tests/pylib/test_*; do python-coverage run -a --source build/main/pylib "$i"; done
- - python-coverage report
-
-clang-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/clang
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --check-c-compiler=clang build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-clang-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/clang
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --check-c-compiler=clang --refclock=all build
-
-openSUSE-leap-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/opensuse-leap
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --disable-nts build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-openSUSE-leap-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/opensuse-leap
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --disable-nts --refclock=all build
-
-openSUSE-tumbleweed-basic:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/opensuse-tumbleweed
- script:
- - python3 ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
- - python3 ./waf install
- - python3 ./waf uninstall
-
-openSUSE-tumbleweed-refclocks:
- <<: *job_definition_allow_failure
- image: $CI_REGISTRY/ntpsec/ntpsec/opensuse-tumbleweed
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-debian-stable-basic-32bit:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-stable-i386
- script:
- - python ./waf configure --disable-doc --disable-manpage build
-
-debian-stable-refclocks-32bit:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-stable-i386
- script:
- - python ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-debian-stable-mDNS-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-stable-mdns
- script:
- - python ./waf configure --disable-doc --disable-manpage build
-
-debian-stable-mDNS-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/debian-stable-mdns
- script:
- - python ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-cross-build:
- <<: *job_definition_allow_failure
- script:
- - PYTHON_VERSION=2.7 PYTAG=cpython27 pyext_PATTERN="%s.so" PYTHON_LDFLAGS='-lpthread -ldl' ./waf configure --disable-doc --disable-manpage --disable-nts --cross-compiler=arm-linux-gnueabihf-gcc-5 --cross-cflags '-I/srv/arm-local/include -I/srv/arm-local/include/python2.7' --cross-ldflags '-L/srv/arm-local/lib' --pythondir=/srv/arm-local/lib/python2.7/dist-packages --pythonarchdir=/srv/arm-local/lib/python2.7/dist-packages build
- tags:
- - ubuntu-1604-lts
- rules:
- - if: '$CI_COMMIT_BRANCH && $CI_PROJECT_PATH == "NTPsec/ntpsec"'
- when: never
- - when: never
-
-gentoo-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/gentoo
- script:
- - python ./waf configure --disable-doc --disable-manpage build
- - DESTDIR=build/prison python ./waf install
- - DESTDIR=./prison python ./waf install
- - DESTDIR=../prison python ./waf install
- - python ./waf install
- - python ./waf uninstall
- - rm -rvf build/prison ./prison ../prison
-
-gentoo-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/gentoo
- script:
- - python ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-gentoo-hardened-basic:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/gentoo-hardened
- script:
- - python ./waf configure --disable-doc --disable-manpage build
- - DESTDIR=build/prison python ./waf install
- - DESTDIR=./prison python ./waf install
- - DESTDIR=../prison python ./waf install
- - python ./waf install
- - python ./waf uninstall
- - rm -rvf build/prison ./prison ../prison
-
-gentoo-hardened-refclocks:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/gentoo-hardened
- script:
- - python ./waf configure --disable-doc --disable-manpage --refclock=all build
-
-coverity-scan:
- image: $CI_REGISTRY/ntpsec/ntpsec/coverity
- script:
- - curl -o /tmp/cov-analysis-linux64.tgz --form project=ntpsec --form token="${COVERITY_TOKEN}" https://scan.coverity.com/download/linux64
- - tar zxf /tmp/cov-analysis-linux64.tgz
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all
- - cov-analysis-linux64-*/bin/cov-build --dir cov-int python3 ./waf build
- - tar czf ntpsec_coverity.tgz cov-int
- - curl --form token="${COVERITY_TOKEN}" --form email=security at ntpsec.org --form file=@ntpsec_coverity.tgz --form version="$(git rev-parse --short HEAD)" --form description="Automatic submission by gitlab-ci" https://scan.coverity.com/builds?project=ntpsec
- tags:
- - gitlab-org
- rules:
- - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH && $CI_PROJECT_PATH == "NTPsec/ntpsec"'
-
-macos-basic:
+macos-uniblob:
<<: *job_definition
script:
- - PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig python ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3"
+ - openssl version || echo $?
+ - python wafhelpers/openssl.py || echo $?
+ - PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig pkg-config --cflags-only-I openssl || echo $?
+ - PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig python ./waf configure --disable-doc --disable-manpage build --pyshebang "/usr/bin/env python3" --refclock=all
- DESTDIR=build/prison python ./waf install
- DESTDIR=./prison python ./waf install
- DESTDIR=../prison python ./waf install
@@ -458,66 +22,3 @@ macos-basic:
- macos
rules:
- if: '$CI_COMMIT_BRANCH && $CI_PROJECT_PATH == "NTPsec/ntpsec"'
-
-macos-refclocks:
- <<: *job_definition
- script:
- - PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig python ./waf configure --disable-doc --disable-manpage --refclock=all build
- tags:
- - macos
- rules:
- - if: '$CI_COMMIT_BRANCH && $CI_PROJECT_PATH == "NTPsec/ntpsec"'
-
-feature-classic-mode:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --enable-classic-mode build
-
-feature-seccomp:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine-seccomp
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --enable-seccomp build
-
-feature-debug:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --enable-debug build
-
-feature-debug-gdb:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --enable-debug-gdb build
-
-feature-debug-timing:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --enable-debug-timing build
-
-feature-disable-droproot:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --disable-droproot build
-
-feature-early-droproot:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --enable-early-droproot build
-
-feature-leap-smear:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --enable-leap-smear build
-
-feature-mssntp:
- <<: *job_definition
- image: $CI_REGISTRY/ntpsec/ntpsec/alpine
- script:
- - python3 ./waf configure --disable-doc --disable-manpage --refclock=all --enable-mssntp build
=====================================
tests/option-tester.sh
=====================================
@@ -38,7 +38,7 @@ then
DISABLE_NTS="--disable-nts"
fi
else
- if ! $PYTHON ../wafhelpers/tlscheck.py
+ if ! $PYTHON ../wafhelpers/openssl.py
then
DISABLE_NTS="--disable-nts"
fi
=====================================
tests/python2-tester.sh
=====================================
@@ -18,12 +18,26 @@ then
set -o pipefail
fi
+DISABLE_NTS=""
+if pkg-config --version 2>/dev/null 1>/dev/null
+then
+ if ! pkg-config openssl --atleast-version=1.1.1
+ then
+ DISABLE_NTS="--disable-nts"
+ fi
+else
+ if ! $PYTHON ../wafhelpers/openssl.py
+ then
+ DISABLE_NTS="--disable-nts"
+ fi
+fi
+
doit ()
{
DIR=test-$1
[ ! -d $DIR ] && mkdir $DIR
rm -rf $DIR/*
- python2 ./waf configure --out=$DIR $2 2>&1 | tee $DIR/test.log
+ python2 ./waf configure $DISABLE_NTS --out=$DIR $2 2>&1 | tee $DIR/test.log
WAF1=$?
WAF2=0
WAF3=0
=====================================
tests/python3-tester.sh
=====================================
@@ -18,12 +18,26 @@ then
set -o pipefail
fi
+DISABLE_NTS=""
+if pkg-config --version 2>/dev/null 1>/dev/null
+then
+ if ! pkg-config openssl --atleast-version=1.1.1
+ then
+ DISABLE_NTS="--disable-nts"
+ fi
+else
+ if ! $PYTHON ../wafhelpers/openssl.py
+ then
+ DISABLE_NTS="--disable-nts"
+ fi
+fi
+
doit ()
{
DIR=test-$1
[ ! -d $DIR ] && mkdir $DIR
rm -rf $DIR/*
- python3 ./waf configure --out=$DIR $2 2>&1 | tee $DIR/test.log
+ python3 ./waf configure $DISABLE_NTS --out=$DIR $2 2>&1 | tee $DIR/test.log
WAF1=$?
WAF2=0
WAF3=0
=====================================
wafhelpers/openssl.py
=====================================
@@ -1,3 +1,35 @@
+#! /usr/bin/env python
+
+"""openssl - Helper for checking SSL library bits."""
+import ctypes
+import ctypes.util
+import sys
+ver, vers = 0, []
+try:
+ sys.stderr.write('Loading ')
+ sys.stderr.flush()
+ were = ctypes.util.find_library('ssl')
+ sys.stderr.write(were)
+ sys.stderr.flush()
+ tls = ctypes.CDLL(were)
+ sys.stderr.write('...\n')
+ sys.stderr.flush()
+except OSError:
+ sys.stderr.write('\rCould not find SSL library.\n')
+ sys.exit(1)
+
+tls.OpenSSL_version_num.restype = ctypes.c_ulong
+tls.OpenSSL_version.argtypes = [ctypes.c_int]
+tls.OpenSSL_version.restype = ctypes.c_char_p
+
+ver = tls.OpenSSL_version_num() # unsigned long OpenSSL_version_num();
+
+_ = '%08x' % ver
+# OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+# MNNFFPPS: major minor fix patch status
+for a, b in ((0, 1), (1, 3), (3, 5), (5, 7), (7, 8)):
+ vers.append(int(_[a:b], 16))
+
SNIP_LIBSSL_TLS13_CHECK = """
#include <openssl/tls1.h>
@@ -10,31 +42,112 @@ int main(void) {
}
"""
+if str is bytes:
+ polystr = str
+else:
+ def polystr(string):
+ """Convert bytes into a string."""
+ return str(string, encoding='latin-1')
+
+
+def yesno(it):
+ """Return a string depending on a (maybe) boolean."""
+ if not it:
+ return 'not found'
+ if it is True:
+ return 'yes'
+ return it
+
def check_libssl_tls13(ctx):
+ """Check if the OpenSSL define for TLS1.3 exists.."""
ctx.check_cc(
- fragment=SNIP_LIBSSL_TLS13_CHECK,
- use="SSL CRYPTO",
- msg="Checking for OpenSSL with TLSv1.3 support",
+ fragment=SNIP_LIBSSL_TLS13_CHECK,
+ use="SSL CRYPTO",
+ msg="Checking for OpenSSL with TLSv1.3 support",
)
-SNIP_OPENSSL_BAD_VERSION_CHECK = """
-#include <openssl/opensslv.h>
+def configure(cfg):
+ """Pull in modules checks."""
+ # check_libssl_tls13(cfg)
+ eventual = bool(ver > 0x1010101f)
+ checks = [['Checking for OpenSSL > 1.1.1a',
+ polystr(tls.OpenSSL_version(0)).split()[1]]]
+ funcs = [
+ 'SSL_CTX_set_alpn_protos',
+ 'SSL_CTX_set_alpn_select_cb',
+ 'SSL_export_keying_material',
+ 'SSL_get0_alpn_selected',
+ ]
+ interim = None
+ for func in funcs:
+ interim = hasattr(tls, func)
+ # eventual &= interim
+ checks.append(['Checking ssl for %s' % func, yesno(interim)])
+ for check in checks:
+ cfg.msg(*check)
+ if not eventual:
+ print(vars(tls))
+ cfg.fatal('missing NTS critical functionality')
-#if OPENSSL_VERSION_NUMBER == 0x1010101fL
-#error OpenSSL version must not be 1.1.1a
-#endif
-int main(void) {
- return 0;
-}
-"""
+if __name__ == '__main__':
+ # import os
+ import subprocess
+ import tempfile
+ class fake_context():
+ """Fake having a waf install so all this can run inside waf or out."""
+ right_shift = 0
-def check_openssl_bad_version(ctx):
- ctx.check_cc(
- fragment=SNIP_OPENSSL_BAD_VERSION_CHECK,
- use="SSL CRYPTO",
- msg="Checking for OpenSSL != 1.1.1a",
- )
+ def msg(self, left, right):
+ """Print out useful text messages."""
+ dent = len(left)
+ if dent > self.right_shift:
+ self.right_shift = dent
+ print('{1:{0}s} : {2:s}'.format(self.right_shift, left, right))
+
+ def fatal(self, error):
+ """Die in a fire."""
+ print(error)
+ sys.exit(1)
+
+ def check_cc(self, fragment=None, use=None, msg=None):
+ """compiler C code fragment with uses libraries printing msg.."""
+ # if not (fragment and use and message):
+ # self.fatal('Too dumb to live.')
+ dent = len(msg)
+ if dent > self.right_shift:
+ self.right_shift = dent
+ sys.stdout.write('{1:{0}s} : '.format(self.right_shift, msg))
+ Popen = subprocess.Popen
+ cflags = []
+ for lib in use:
+ p = Popen(['pkg-config', '--cflags-only-I', lib],
+ universal_newlines=True,
+ env=os.environ,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ if p.returncode:
+ print('no pkg-config %s\n' % lib)
+ sys.exit(1)
+ stdout, _ = p.communicate()
+ cflags.append(stdout.strip())
+ with tempfile.NamedTemporaryFile() as fp:
+ fp.write(bytes(fragment, encoding='latin-1'))
+ p = Popen(['cc', '-c'] + cflags + [fp.name],
+ universal_newlines=True,
+ env=os.environ,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ if p.returncode:
+ print('no compile %d\n' % p.returncode)
+ sys.exit(1)
+ print('yes')
+ return 0
+
+ context = fake_context()
+ configure(context)
=====================================
wafhelpers/tlscheck.py deleted
=====================================
@@ -1,53 +0,0 @@
-#! /usr/bin/env python
-
-"""tlscheck - Helper for checking SSL library bits."""
-import ctypes
-import ctypes.util
-import sys
-ver, vers = 0, []
-try:
- tls = ctypes.CDLL(ctypes.util.find_library('ssl'))
-except OSError:
- sys.stderr.write('Could not find SSL library.\n')
- sys.exit(1)
-
-tls.OpenSSL_version_num.restype = ctypes.c_ulong
-tls.OpenSSL_version.argtypes = [ctypes.c_int]
-tls.OpenSSL_version.restype = ctypes.c_char_p
-
-ver = tls.OpenSSL_version_num() # unsigned long OpenSSL_version_num();
-
-_ = '%08x' % ver
-# OPENSSL_VERSION_NUMBER is a numeric release version identifier:
-# MNNFFPPS: major minor fix patch status
-for a, b in ((0, 1), (1, 3), (3, 5), (5, 7), (7, 8)):
- vers.append(int(_[a:b], 16))
-
-polystr = str
-if str is not bytes:
- def polystr(string):
- """Convert bytes into a string."""
- return str(string, encoding='latin-1')
-
-
-def ver_to_int(*va):
- """Split the version number into parts."""
- return int('%x%02x%02x%02x%x' % va, 16)
-
-
-def verstr():
- """Return SSL library version string."""
- return polystr(tls.OpenSSL_version(0))
-
-
-if __name__ == '__main__':
- if vers[0] > 2: # If notionally OpenSSL 3
- sys.exit(0)
- elif vers[0] == 2: # If notionally OpenSSL 2
- sys.exit(1)
- # OPENSSL_VERSION_NUMBER is a numeric release version identifier:
- # major minor fix patch status
- # Check if version is earlier than 1.1.1b
- if ver <= ver_to_int(1, 1, 1, 2, 15):
- sys.exit(1)
- sys.exit(0)
=====================================
wscript
=====================================
@@ -599,6 +599,7 @@ int main(int argc, char **argv) {
check_sizeof(ctx, header, sizeof)
if not ctx.options.disable_nts:
+ ctx.load('openssl', tooldir='wafhelpers/')
# Check via pkg-config first, then fall back to a direct search
if not ctx.check_cfg(
package='libssl', uselib_store='SSL',
@@ -842,12 +843,6 @@ int main(int argc, char **argv) {
msg("WARNING: This system has a 32-bit time_t.")
msg("WARNING: Your ntpd will fail on 2038-01-19T03:14:07Z.")
- if not ctx.env.DISABLE_NTS:
- from wafhelpers.openssl import check_libssl_tls13
- from wafhelpers.openssl import check_openssl_bad_version
- check_libssl_tls13(ctx)
- check_openssl_bad_version(ctx)
-
# before write_config()
if ctx.is_defined("HAVE_LINUX_CAPABILITY"):
droproot_type = "Linux"
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/f66e3fb5d245f696ed5a80c76bc1e6b4970fd1b0...38c5cf97c87e27d60fda0a3507be59a4fc3cbe8e
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/f66e3fb5d245f696ed5a80c76bc1e6b4970fd1b0...38c5cf97c87e27d60fda0a3507be59a4fc3cbe8e
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20201225/a56c15ab/attachment-0001.htm>
More information about the vc
mailing list