AWS-LC is an OpenSSL derivative which can be used with the openssl plugin.
This adds a CI job that resembles the openssl-3 test case. It downloads
the source tarball for an AWS-LC release, builds that source using
CMake/Ninja, and then builds/tests strongSwan using the same technique
used by openssl-3.
References strongswan/strongswan#1907Closesstrongswan/strongswan#2151
Also fix the path to the sdkmanager (the old one was removed in the latest
images and the incorrect path caused a weird sudo error) and install
Java 17 as that's necessary for newer versions of the Gradle plugin.
This was removed with 0fea6a7f8e7e ("github: Adapt to switch to Ubuntu
22.04 for ubuntu-latest") as it didn't seem necessary anymore. But
recently there have been such random crashes again with the 20.04 image.
The Ubuntu 18.04 image is deprecated and builds will start to fail
temporarily during four 24 hour periods from now until the final
deprecation on April 1st. So better remove these runs now.
The Python versions installed in the system image in
`/Library/Frameworks/Python.framework/` have symlinks in `/usr/local/bin/`
that conflict with symlinks that `brew` tries to create, which causes
errors like these:
==> Pouring python@3.11--3.11.1.monterey.bottle.tar.gz
Error: The `brew link` step did not complete successfully
The formula built, but is not symlinked into /usr/local
Could not symlink bin/2to3-3.11
Target /usr/local/bin/2to3-3.11
already exists. You may want to remove it:
rm '/usr/local/bin/2to3-3.11'
To force the link and overwrite all conflicting files:
brew link --overwrite python@3.11
To list all files that would be deleted:
brew link --overwrite --dry-run python@3.11
Possible conflicting files are:
/usr/local/bin/2to3-3.11 -> /Library/Frameworks/Python.framework/Versions/3.11/bin/2to3-3.11
/usr/local/bin/idle3.11 -> /Library/Frameworks/Python.framework/Versions/3.11/bin/idle3.11
/usr/local/bin/pydoc3.11 -> /Library/Frameworks/Python.framework/Versions/3.11/bin/pydoc3.11
/usr/local/bin/python3.11 -> /Library/Frameworks/Python.framework/Versions/3.11/bin/python3.11
/usr/local/bin/python3.11-config -> /Library/Frameworks/Python.framework/Versions/3.11/bin/python3.11-config
Ubuntu 22.04 ships OpenSSL 3, which requires debug symbols so we can
whitelist leaks because we don't deinitialize the library. And because
the shipped library is not built with `-fno-omit-frame-pointer`, the
build with AddressSanitizer can't use its fast stack unwind method.
However, the previous workaround for DTLS handling with glibc apparently
isn't necessary anymore.
In the custom OpenSSL build we drop no-stdio as that lets the configure
check for libldns fail because ERR_print_errors_fp@OPENSSL_3.0.0 is not
found.
For ccache, the default path to the cache directory has changed.
Also simplified the NM tests as there is only one build since
085daf474330 ("nm: Remove old libnm-glib compat stuff").
There are spurious crashes after test runs (during the reporting phase
of LeakSanitizer) that are triggered by seemingly unrelated code changes.
It seems to be related to how glibc handles dynamic TLS allocations.
The external-id parameter takes an int32 and the generated run_id was
apparently not valid lately, resulting in undocumented 404 errors when
submitting patches (the API endpoint probably doesn't like negative numbers
because the last accepted id was 2059658094, rejected ids were e.g.
2167472705 or 2168792083).
Use a Debian-based Docker container to run the unit tests for charon-tkm,
once without and once with TKM running. The container can also be used
locally to run the tests (see comments in the Dockerfile).
According to the documentation for actions/cache, the lookup is already
scoped to the current branch (with fallback to any base branch including
the default branch).
The nm test can only be done on Ubuntu 18.04 as the required libraries
are not available on newer systems.
Switch to pip3 to install tox (the only Python dependency we use).
Closesstrongswan/strongswan#327.
On travis-ci.com (travis-ci.org will be discontinued by the end of the
year) we are now charged for each minute. We only got 10000 credits in
a trial plan, which we used up with a few builds. Minutes also cost a
different amount of credits on different platforms: 10 on Linux,
but 50 on macOS (installing the dependencies on macOS alone took 12-15
minutes on Travis for some reason, takes about half on Github's runners).
No native Windows build yet as we have the same issue as on AppVeyor where
threading/streaming tests might get stuck. And there is also only a
single Windows platform to test on. Plus building/testing on Windows is
very slow (and getting ccache to work seems tricky).
The 'sw_collector' test case had to be disabled because we can't access
/usr/local/share on the Github build hosts (the process is just blocked
in readdir() and eventually times out).
Unfortunately, we can't test on different architectures anymore (in
particular ARM and the big-endian IBM Z/x390x).
