|
|
@@ -1,67 +1,45 @@
|
|
|
language: c
|
|
|
|
|
|
-## Comment out the compiler list for now to allow an explicit build
|
|
|
-## matrix.
|
|
|
-# compiler:
|
|
|
-# - gcc
|
|
|
-# - clang
|
|
|
+cache:
|
|
|
+ ccache: true
|
|
|
|
|
|
-notifications:
|
|
|
- irc:
|
|
|
- channels:
|
|
|
- - "irc.oftc.net#tor-ci"
|
|
|
- template:
|
|
|
- - "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
|
|
|
- - "Build #%{build_number} %{result}. Details: %{build_url}"
|
|
|
- on_success: change
|
|
|
- on_failure: change
|
|
|
- email:
|
|
|
- on_success: never
|
|
|
- on_failure: change
|
|
|
+compiler:
|
|
|
+ - gcc
|
|
|
+ - clang
|
|
|
|
|
|
os:
|
|
|
- linux
|
|
|
- ## Uncomment the following line to also run the entire build matrix on OSX.
|
|
|
- ## This will make your CI builds take roughly ten times longer to finish.
|
|
|
- # - osx
|
|
|
-
|
|
|
-## Use the Ubuntu Trusty images.
|
|
|
-dist: trusty
|
|
|
-
|
|
|
-## We don't need sudo. (The "apt:" stanza after this allows us to not need sudo;
|
|
|
-## otherwise, we would need it for getting dependencies.)
|
|
|
-##
|
|
|
-## We override this in the explicit build matrix to work around a
|
|
|
-## Travis CI environment regression
|
|
|
-## https://github.com/travis-ci/travis-ci/issues/9033
|
|
|
-sudo: false
|
|
|
+ - osx
|
|
|
|
|
|
-## (Linux only) Download our dependencies
|
|
|
-addons:
|
|
|
- apt:
|
|
|
- packages:
|
|
|
- ## Required dependencies
|
|
|
- - libevent-dev
|
|
|
- - libseccomp2
|
|
|
- - zlib1g-dev
|
|
|
- ## Optional dependencies
|
|
|
- - liblzma-dev
|
|
|
- - libscrypt-dev
|
|
|
- ## zstd doesn't exist in Ubuntu Trusty
|
|
|
- #- libzstd
|
|
|
-
|
|
|
-## The build matrix in the following two stanzas expands into four builds (per OS):
|
|
|
-##
|
|
|
-## * with GCC, with Rust
|
|
|
-## * with GCC, without Rust
|
|
|
-## * with Clang, with Rust
|
|
|
-## * with Clang, without Rust
|
|
|
+## The build matrix in the following stanza expands into builds for each
|
|
|
+## OS and compiler.
|
|
|
env:
|
|
|
global:
|
|
|
## The Travis CI environment allows us two cores, so let's use both.
|
|
|
- MAKEFLAGS="-j 2"
|
|
|
+ ## We turn on hardening by default
|
|
|
+ ## Also known as --enable-fragile-hardening in 0.3.0.3-alpha and later
|
|
|
+ - HARDENING_OPTIONS="--enable-expensive-hardening"
|
|
|
+ ## We turn off asciidoc by default, because it's slow
|
|
|
+ - ASCIIDOC_OPTIONS="--disable-asciidoc"
|
|
|
+ matrix:
|
|
|
+ ## We want to use each build option at least once
|
|
|
+ ##
|
|
|
+ ## We don't list default variable values, because we set the defaults
|
|
|
+ ## in global (or the default is unset)
|
|
|
+ -
|
|
|
|
|
|
matrix:
|
|
|
+ ## include creates builds with gcc, linux, sudo: false
|
|
|
+ include:
|
|
|
+ ## We include a single coverage build with the best options for coverage
|
|
|
+ - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS=""
|
|
|
+ ## We only want to check these build option combinations once
|
|
|
+ ## (they shouldn't vary by compiler or OS)
|
|
|
+ - env: HARDENING_OPTIONS=""
|
|
|
+ ## We check asciidoc with distcheck, to make sure we remove doc products
|
|
|
+ - env: DISTCHECK="yes" ASCIIDOC_OPTIONS=""
|
|
|
+
|
|
|
## Uncomment to allow the build to report success (with non-required
|
|
|
## sub-builds continuing to run) if all required sub-builds have
|
|
|
## succeeded. This is somewhat buggy currently: it can cause
|
|
|
@@ -70,60 +48,102 @@ matrix:
|
|
|
## https://github.com/travis-ci/travis-ci/issues/1696
|
|
|
# fast_finish: true
|
|
|
|
|
|
- ## Uncomment the appropriate lines below to allow the build to
|
|
|
- ## report success even if some less-critical sub-builds fail and it
|
|
|
- ## seems likely to take a while for someone to fix it. Currently
|
|
|
- ## Travis CI doesn't distinguish "all builds succeeded" from "some
|
|
|
- ## non-required sub-builds failed" except on the individual build's
|
|
|
- ## page, which makes it somewhat annoying to detect from the
|
|
|
- ## branches and build history pages. See
|
|
|
- ## https://github.com/travis-ci/travis-ci/issues/8716
|
|
|
- allow_failures:
|
|
|
- # - env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
|
|
|
- # - env: RUST_OPTIONS="--enable-rust --enable-cargo-online-mode
|
|
|
- # - compiler: clang
|
|
|
-
|
|
|
- ## Create explicit matrix entries to work around a Travis CI
|
|
|
- ## environment issue. Missing keys inherit from the first list
|
|
|
- ## entry under that key outside the "include" clause.
|
|
|
- include:
|
|
|
- - compiler: gcc
|
|
|
- - compiler: gcc
|
|
|
- env: COVERAGE_OPTIONS="--enable-coverage"
|
|
|
- - compiler: gcc
|
|
|
- env: DISTCHECK="yes"
|
|
|
- ## The "sudo: required" forces non-containerized builds, working
|
|
|
- ## around a Travis CI environment issue: clang LeakAnalyzer fails
|
|
|
- ## because it requires ptrace and the containerized environment no
|
|
|
- ## longer allows ptrace.
|
|
|
+ ## Careful! We use global envs, which makes it hard to exclude or
|
|
|
+ ## allow failures by env:
|
|
|
+ ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
|
|
|
+ exclude:
|
|
|
+ ## Clang doesn't work in containerized builds, see below.
|
|
|
- compiler: clang
|
|
|
+ sudo: false
|
|
|
+ ## We also exclude non-containerized gcc, because they're slow and redundant.
|
|
|
+ - compiler: gcc
|
|
|
sudo: required
|
|
|
|
|
|
+## We don't need sudo. (The "apt:" stanza after this allows us to not need
|
|
|
+## sudo; otherwise, we would need it for getting dependencies.)
|
|
|
+##
|
|
|
+## But we use "sudo: required" to force non-containerized builds, working
|
|
|
+## around a Travis CI environment issue: clang LeakAnalyzer fails
|
|
|
+## because it requires ptrace and the containerized environment no
|
|
|
+## longer allows ptrace.
|
|
|
+## https://github.com/travis-ci/travis-ci/issues/9033
|
|
|
+##
|
|
|
+## In the matrix above, we exclude redundant combinations.
|
|
|
+sudo:
|
|
|
+ - false
|
|
|
+ - required
|
|
|
+
|
|
|
+## (Linux only) Use the latest Linux image (Ubuntu Trusty)
|
|
|
+dist: trusty
|
|
|
+
|
|
|
+## (Linux only) Download our dependencies
|
|
|
+addons:
|
|
|
+ apt:
|
|
|
+ packages:
|
|
|
+ ## Required dependencies
|
|
|
+ - libevent-dev
|
|
|
+ - zlib1g-dev
|
|
|
+ ## Optional dependencies
|
|
|
+ - libcap-dev
|
|
|
+ - libscrypt-dev
|
|
|
+ - libseccomp-dev
|
|
|
+ ## Conditional dependencies
|
|
|
+ ## Always installed, so we don't need sudo
|
|
|
+ - asciidoc
|
|
|
+ - docbook-xsl
|
|
|
+ - docbook-xml
|
|
|
+ - xmlto
|
|
|
+
|
|
|
+## (OSX only) Use the default OSX image
|
|
|
+## See https://docs.travis-ci.com/user/reference/osx#os-x-version
|
|
|
+## Default is Xcode 9.4 on macOS 10.13 as of August 2018
|
|
|
+#osx_image: xcode9.4
|
|
|
+
|
|
|
before_install:
|
|
|
- ## If we're on OSX, homebrew usually needs to updated first
|
|
|
- - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
|
|
|
- ## Download rustup
|
|
|
- - curl -Ssf -o rustup.sh https://sh.rustup.rs
|
|
|
- - if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
|
|
|
+ ## If we're on OSX, homebrew usually needs to be updated first
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update; fi
|
|
|
+ ## We might be upgrading some useless packages, but that's better than missing an upgrade
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew upgrade; fi
|
|
|
|
|
|
install:
|
|
|
+ ## If we're on OSX use brew to install ccache (ccache is automatically installed on Linux)
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install ccache; fi
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export PATH="/usr/local/opt/ccache/libexec:$PATH"; fi
|
|
|
## If we're on OSX use brew to install required dependencies (for Linux, see the "apt:" section above)
|
|
|
- - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated openssl || brew upgrade openssl; }; fi
|
|
|
- - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated libevent || brew upgrade libevent; }; fi
|
|
|
- - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated pkg-config || brew upgrade pkg-config; }; fi
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install libevent; fi
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install openssl; fi
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install pkg-config; fi
|
|
|
+ ## macOS comes with zlib by default, so the homebrew install is keg-only
|
|
|
+ # - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install zlib; fi
|
|
|
## If we're on OSX also install the optional dependencies
|
|
|
- - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated xz || brew upgrade xz; }; fi
|
|
|
- - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated libscrypt || brew upgrade libscrypt; }; fi
|
|
|
- - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then { brew outdated zstd || brew upgrade zstd; }; fi
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install libscrypt; fi
|
|
|
+ ## If we're on OSX, OpenSSL is keg-only, so tor 0.2.9 and later need to be configured --with-openssl-dir= to build
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then OPENSSL_OPTIONS=--with-openssl-dir=`brew --prefix openssl`; fi
|
|
|
+ ## Install conditional features
|
|
|
+ ## Install coveralls
|
|
|
+ - if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
|
|
|
+ ## If we're on OSX, and using asciidoc, install asciidoc
|
|
|
+ - if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install asciidoc; fi
|
|
|
+ - if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install xmlto; fi
|
|
|
+ - if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
|
|
|
+ ##
|
|
|
+ ## Finally, list installed package versions
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi
|
|
|
+ - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew list --versions; fi
|
|
|
|
|
|
script:
|
|
|
- ./autogen.sh
|
|
|
- - ./configure $RUST_OPTIONS $COVERAGE_OPTIONS --disable-asciidoc --enable-fatal-warnings --disable-silent-rules --enable-fragile-hardening
|
|
|
+ - CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $OPENSSL_OPTIONS --enable-fatal-warnings --disable-silent-rules"
|
|
|
+ - echo $CONFIGURE_FLAGS
|
|
|
+ - ./configure $CONFIGURE_FLAGS
|
|
|
## We run `make check` because that's what https://jenkins.torproject.org does.
|
|
|
- if [[ "$DISTCHECK" == "" ]]; then make check; fi
|
|
|
- - if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$RUST_OPTIONS $COVERAGE_OPTIONS --disable-asciidoc --enable-fatal-warnings --disable-silent-rules --enable-fragile-hardening"; fi
|
|
|
+ - if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
|
|
|
|
|
|
after_failure:
|
|
|
+ ## configure will leave a log file with more details of config failures.
|
|
|
+ ## But the log is too long for travis' rendered view, so tail it.
|
|
|
+ - tail -1000 config.log
|
|
|
## `make check` will leave a log file with more details of test failures.
|
|
|
- if [[ "$DISTCHECK" == "" ]]; then cat test-suite.log; fi
|
|
|
## `make distcheck` puts it somewhere different.
|
|
|
@@ -132,3 +152,16 @@ after_failure:
|
|
|
after_success:
|
|
|
## If this build was one that produced coverage, upload it.
|
|
|
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p'; fi
|
|
|
+
|
|
|
+notifications:
|
|
|
+ irc:
|
|
|
+ channels:
|
|
|
+ - "irc.oftc.net#tor-ci"
|
|
|
+ template:
|
|
|
+ - "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
|
|
|
+ - "Build #%{build_number} %{result}. Details: %{build_url}"
|
|
|
+ on_success: change
|
|
|
+ on_failure: change
|
|
|
+ email:
|
|
|
+ on_success: never
|
|
|
+ on_failure: change
|
Nick Mathewson