addons:
apt:
packages:
- - pep8
- automake
- autoconf
- libtool
- sed
- bash
- dh-exec
- - python-twisted
+ - python3-pip
- libfuse-dev
- libglib2.0-dev
+ - libjson-glib-dev
- libgmp-dev
- expect
- libtasn1-dev
- socat
- findutils
- - tpm-tools
- gnutls-dev
- gnutls-bin
- libasan2
+ - softhsm2
+ - libseccomp-dev
coverity_scan:
project:
name: swtpm
description: Build submitted via Travis CI
notification_email: stefanb@linux.vnet.ibm.com
- build_command_prepend: "./autogen.sh --with-openssl; make clean"
- build_command: make -j4
+ build_command_prepend: "git clone https://github.com/stefanberger/libtpms && cd libtpms && ./autogen.sh --with-openssl --prefix=/usr --with-tpm2 && make -j$(${NPROC:-nproc}) && sudo make install && cd .. && ./autogen.sh --with-openssl"
+ build_command: make -j$(${NPROC:-nproc})
branch_pattern: coverity_scan
+before_install:
+ - test $TRAVIS_BRANCH != coverity_scan -o ${TRAVIS_JOB_NUMBER##*.} = 1 || exit 0
+ - | # We need trousers only for the tss user
+ if [ "$(uname -s)" = "Linux" ]; then
+ sudo rm -rf /dev/tpm* # This is a work-around for Bionic where trousers otherwise fails to install
+ sudo apt-get -y install trousers
+ fi
script:
- - git clone https://github.com/stefanberger/libtpms
+ - sudo pip3 install --upgrade pip==20.3.3
+ - if [ ! -d libtpms ]; then git clone https://github.com/stefanberger/libtpms; fi
- cd libtpms
- - "./bootstrap.sh && ./configure --with-openssl --prefix=/usr --with-tpm2 && make -j$(nproc) &&
- sudo make install"
+ - if [ -n "${LIBTPMS_GIT_CHECKOUT}" ]; then
+ git checkout "${LIBTPMS_GIT_CHECKOUT}" -b testing;
+ fi
+ - CFLAGS="${LIBTPMS_CFLAGS:--g -O2}" LDFLAGS="${LIBTPMS_LDFLAGS}"
+ ./autogen.sh --with-openssl --prefix=${LIBTPMS_PREFIX:-/usr} --with-tpm2 ${LIBTPMS_CONFIG}
+ && make -j$(${NPROC:-nproc})
+ && sudo make install
- cd ..
- ./autogen.sh ${CONFIG}
- - ${SUDO} make clean && export SWTPM_TEST_EXPENSIVE=1 && ${SUDO} make -j$(nproc) ${CHECK}
+ && ${SUDO} make clean
+ && export SWTPM_TEST_EXPENSIVE=${SWTPM_TEST_EXPENSIVE:-1}
+ && export SWTPM_TEST_IBMTSS2=${SWTPM_TEST_IBMTSS2:-0}
+ && export SWTPM_TEST_STORE_VOLATILE=${SWTPM_TEST_STORE_VOLATILE:-0}
+ && ${SUDO} make -j$(${NPROC:-nproc}) ${CHECK} VERBOSE=1
+ - if [ -n "${RUN_TEST}" ]; then
+ sudo make install
+ && sudo ${PREFIX}/bin/swtpm_setup
+ --tpmstate /tmp --create-ek-cert --create-platform-cert --tpm2
+ || { exit 1; };
+ fi
after_failure:
- for f in tests/*.log; do echo ">>>>>>> $f <<<<<<<"; cat $f; done
matrix:
include:
- - env: CONFIG="--with-openssl --prefix=/usr"
+ - env: PREFIX="/usr"
+ CONFIG="--with-openssl --prefix=${PREFIX}"
CHECK="distcheck"
- before_script:
- - pep8 $(find . -type f | grep -E "\.py$")
- - env: CONFIG="--with-openssl --prefix=/usr --enable-test-coverage"
+ RUN_TEST="1"
+ - dist: bionic
+ env: PREFIX="/usr"
+ CONFIG="--with-openssl --prefix=/usr --enable-test-coverage"
SUDO="sudo"
CHECK="check"
+ SWTPM_TEST_IBMTSS2="1"
+ SWTPM_TEST_STORE_VOLATILE="1"
before_script:
+ - sudo apt-get -y install tss2
- sudo pip install cpp-coveralls
+ - p=$PWD; while [ "$PWD" != "/" ]; do chmod o+x . &>/dev/null ; cd .. ; done; cd $p
+ && sudo mkdir src/swtpm/.libs
+ && sudo chown nobody src/swtpm src/swtpm/.libs
after_success:
- - sudo coveralls --gcov-options '\-lp'
- - env: CFLAGS="-fsanitize=address -g -fno-omit-frame-pointer"
+ - uidgid="$(id -nu):$(id -ng)" &&
+ sudo chown -R ${uidgid} ./ &&
+ cpp-coveralls --gcov-options '\-lp' -e libtpms
+ - env: CFLAGS="-fsanitize=address -g -fno-omit-frame-pointer -fno-sanitize-recover"
+ LIBTPMS_CFLAGS="-fsanitize=address -g -fno-omit-frame-pointer -fno-sanitize-recover"
LIBS="-lasan"
- CONFIG="--with-openssl --prefix=/usr"
+ ASAN_OPTIONS="halt_on_error=1"
+ PREFIX="/usr"
+ CONFIG="--with-openssl --prefix=${PREFIX} --without-seccomp"
+ SUDO="sudo"
+ CHECK="check"
+ - env: CFLAGS="-fsanitize=address -g -fno-omit-frame-pointer -fno-sanitize-recover"
+ LIBTPMS_CFLAGS="-fsanitize=address -g -fno-omit-frame-pointer -fno-sanitize-recover"
+ LIBTPMS_CONFIG="--disable-use-openssl-functions"
+ LIBS="-lasan"
+ ASAN_OPTIONS="halt_on_error=1"
+ PREFIX="/usr"
+ CONFIG="--with-openssl --prefix=${PREFIX} --without-seccomp"
+ SUDO="sudo"
+ CHECK="check"
+ - env: CFLAGS="-fsanitize=undefined -g -fno-omit-frame-pointer -fno-sanitize-recover"
+ LIBTPMS_CFLAGS="-fsanitize=undefined -g -fno-omit-frame-pointer -fno-sanitize-recover"
+ LIBS="-lubsan"
+ UBSAN_OPTIONS="halt_on_error=1"
+ PREFIX="/usr"
+ CONFIG="--with-openssl --prefix=${PREFIX}"
SUDO="sudo"
CHECK="check"
- before_script:
- # Tspi_NV_WriteValue has an I/O error when using asan
- - echo -e '#!/usr/bin/env bash\nexit 0' > tests/test_parameters