From 0adcc4e3cc37dfa0be4b8e6cd3ebf1fb5366a73b Mon Sep 17 00:00:00 2001 From: Michael <57787676+baentsch@users.noreply.github.com> Date: Tue, 25 May 2021 10:00:06 +0200 Subject: [PATCH 1/7] initial appveyor CI --- appveyor.yml | 35 +++++++++++++++++++++++++++++++++++ appveyor_build.bat | 5 +++++ regress/Makefile | 8 +++++++- regress/putty-transfer.sh | 11 +++++++++++ 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 appveyor.yml create mode 100644 appveyor_build.bat diff --git a/appveyor.yml b/appveyor.yml new file mode 100644 index 000000000000..f573c0585b71 --- /dev/null +++ b/appveyor.yml @@ -0,0 +1,35 @@ +version: 1.0.{build} + +# TODO: Add MSVC support +image: Visual Studio 2019 + +platform: x64 + +environment: + matrix: + - BUILD_SHARED: OFF + COMPILER: cygwin + +for: + - matrix: + only: + - OQS_USE_OPENSSL: OFF + before_build: + - cmd: |- + choco install openssl + choco install -y strawberryperl + SET "OPENSSL_ROOT_DIR=C:\OpenSSL-Win64" + +build_script: + - cmd: '%APPVEYOR_BUILD_FOLDER%\appveyor_build.bat' + +before_test: + - cmd: |- + SET "PATH=C:\Python37;C:\Python37\Scripts;%PATH%" + pip.exe install pytest pytest-xdist psutil + +test_script: + - cmd: |- + cd %APPVEYOR_BUILD_FOLDER% + set PATH=%cd%;%PATH% && python oqs-test/try_connection.py + diff --git a/appveyor_build.bat b/appveyor_build.bat new file mode 100644 index 000000000000..be245230ae73 --- /dev/null +++ b/appveyor_build.bat @@ -0,0 +1,5 @@ +IF %COMPILER%==cygwin ( + @echo on + SET "PATH=C:\cywin64\bin;c:\cygwin64;%PATH%" + c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P zlib -P zlib-devel -P ninja -P cmake -P gcc -P make -P autoconf && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && cd liboqs && mkdir build && cd build && cmake .. -GNinja -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=${APPVEYOR_BUILD_FOLDER}/oqs -DOQS_BUILD_ONLY_LIB=ON && ninja -v && ninja install && cd ${APPVEYOR_BUILD_FOLDER} && pwd && ls && mkdir -p -m 0755 /var/empty && export LIBOQS_INSTALL=`pwd`/oqs && autoreconf && ./configure --with-liboqs-dir=`pwd`/oqs --with-libs=-lm && make && make install && TEST_SSH_UNSAFE_PERMISSIONS=1 make tests LTESTS=\"\" && python3 oqs-test/try_connection.py" +) diff --git a/regress/Makefile b/regress/Makefile index 8b4ed9de398a..6d6473ef6d2f 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -229,7 +229,13 @@ t-exec-interop: ${INTEROP_TESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ for TEST in ""$?; do \ echo "run test $${TEST}" ... 1>&2; \ - (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ + chmod go-rwx .; \ + ls -la 1>&2 ; \ + pwd 1>&2 ; \ + echo "executing: TEST_ENV=${TEST_ENV} ${TEST_SHELL} -x ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}"; \ + (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} -x ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ + echo "test $${TEST} done" 1>&2; \ + ls -l 1>&2; \ done t-extra: ${EXTRA_TESTS:=.sh} diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index 14b41022f8a6..242309c62fe1 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh @@ -8,11 +8,20 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then exit 0 fi +echo "Putty Interop testing commencing" 1>&2 +pwd 1>&2 +ls -l 1>&2 +chmod go-rwx ssh-* 1>&2 +chmod go-rwx regress/*ssh-* 1>&2 +echo "Putty interop setup done" 1>&2 +echo "Putty interop setup done (2)" 2>&1 + if [ "`${SSH} -Q compression`" = "none" ]; then comp="0" else comp="0 1" fi +echo "ssh startup done" 1>&2 for c in $comp; do verbose "$tid: compression $c" @@ -42,3 +51,5 @@ for c in $comp; do done rm -f ${COPY} +echo "Putty Interop testing done" 1>&2 + From e862dd3b4e6362795e440c375da6a1505785bfd1 Mon Sep 17 00:00:00 2001 From: Michael <57787676+baentsch@users.noreply.github.com> Date: Fri, 28 May 2021 08:03:24 +0200 Subject: [PATCH 2/7] fix up file permissions --- regress/test-exec.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 5dc975d07d65..5f17a3fe3977 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -575,6 +575,9 @@ for t in ${SSH_HOSTKEY_TYPES}; do # use key as host key, too $SUDO cp $OBJ/$t $OBJ/host.$t + # ensure proper file access permissions even in cygwin: + $SUDO chmod 600 $OBJ/$t $OBJ/host.$t + echo HostKey $OBJ/host.$t >> $OBJ/sshd_config # don't use SUDO for proxy connect From 63d8618cfebbcada84f610eeb7ce5e6967d10563 Mon Sep 17 00:00:00 2001 From: Michael <57787676+baentsch@users.noreply.github.com> Date: Fri, 28 May 2021 08:44:44 +0200 Subject: [PATCH 3/7] adding cygwin64 to path for test --- appveyor.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/appveyor.yml b/appveyor.yml index f573c0585b71..ee638a39a4b2 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -31,5 +31,6 @@ before_test: test_script: - cmd: |- cd %APPVEYOR_BUILD_FOLDER% - set PATH=%cd%;%PATH% && python oqs-test/try_connection.py + echo "%PATH%" + set PATH=%cd%;c:\cygwin64\bin;%PATH% && echo %PATH% && python oqs-test/try_connection.py From e4ce4ab301d31ec9b8b135e7c3976b43b1d15438 Mon Sep 17 00:00:00 2001 From: Michael <57787676+baentsch@users.noreply.github.com> Date: Fri, 28 May 2021 10:14:34 +0200 Subject: [PATCH 4/7] cleanup --- appveyor_build.bat | 2 +- regress/Makefile | 7 +------ regress/putty-transfer.sh | 11 ----------- 3 files changed, 2 insertions(+), 18 deletions(-) diff --git a/appveyor_build.bat b/appveyor_build.bat index be245230ae73..6289793e1b34 100644 --- a/appveyor_build.bat +++ b/appveyor_build.bat @@ -1,5 +1,5 @@ IF %COMPILER%==cygwin ( @echo on SET "PATH=C:\cywin64\bin;c:\cygwin64;%PATH%" - c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P zlib -P zlib-devel -P ninja -P cmake -P gcc -P make -P autoconf && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && cd liboqs && mkdir build && cd build && cmake .. -GNinja -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=${APPVEYOR_BUILD_FOLDER}/oqs -DOQS_BUILD_ONLY_LIB=ON && ninja -v && ninja install && cd ${APPVEYOR_BUILD_FOLDER} && pwd && ls && mkdir -p -m 0755 /var/empty && export LIBOQS_INSTALL=`pwd`/oqs && autoreconf && ./configure --with-liboqs-dir=`pwd`/oqs --with-libs=-lm && make && make install && TEST_SSH_UNSAFE_PERMISSIONS=1 make tests LTESTS=\"\" && python3 oqs-test/try_connection.py" + c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P zlib -P zlib-devel -P ninja -P cmake -P gcc -P make -P autoconf && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && cd liboqs && mkdir build && cd build && cmake .. -GNinja -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=${APPVEYOR_BUILD_FOLDER}/oqs -DOQS_BUILD_ONLY_LIB=ON && ninja -v && ninja install && cd ${APPVEYOR_BUILD_FOLDER} && mkdir -p -m 0755 /var/empty && export LIBOQS_INSTALL=`pwd`/oqs && autoreconf && ./configure --with-liboqs-dir=`pwd`/oqs --with-libs=-lm && make && make install && TEST_SSH_UNSAFE_PERMISSIONS=1 make tests LTESTS=\"\" " ) diff --git a/regress/Makefile b/regress/Makefile index 6d6473ef6d2f..1bfd61864c44 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -230,12 +230,7 @@ t-exec-interop: ${INTEROP_TESTS:=.sh} for TEST in ""$?; do \ echo "run test $${TEST}" ... 1>&2; \ chmod go-rwx .; \ - ls -la 1>&2 ; \ - pwd 1>&2 ; \ - echo "executing: TEST_ENV=${TEST_ENV} ${TEST_SHELL} -x ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}"; \ - (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} -x ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ - echo "test $${TEST} done" 1>&2; \ - ls -l 1>&2; \ + (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ done t-extra: ${EXTRA_TESTS:=.sh} diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index 242309c62fe1..14b41022f8a6 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh @@ -8,20 +8,11 @@ if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then exit 0 fi -echo "Putty Interop testing commencing" 1>&2 -pwd 1>&2 -ls -l 1>&2 -chmod go-rwx ssh-* 1>&2 -chmod go-rwx regress/*ssh-* 1>&2 -echo "Putty interop setup done" 1>&2 -echo "Putty interop setup done (2)" 2>&1 - if [ "`${SSH} -Q compression`" = "none" ]; then comp="0" else comp="0 1" fi -echo "ssh startup done" 1>&2 for c in $comp; do verbose "$tid: compression $c" @@ -51,5 +42,3 @@ for c in $comp; do done rm -f ${COPY} -echo "Putty Interop testing done" 1>&2 - From 689d0e5686829ab7753e2f7d04bfcd8d5b025eec Mon Sep 17 00:00:00 2001 From: Michael <57787676+baentsch@users.noreply.github.com> Date: Fri, 28 May 2021 13:02:31 +0200 Subject: [PATCH 5/7] test all algs --- appveyor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appveyor.yml b/appveyor.yml index ee638a39a4b2..337fe0b24db4 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -32,5 +32,5 @@ test_script: - cmd: |- cd %APPVEYOR_BUILD_FOLDER% echo "%PATH%" - set PATH=%cd%;c:\cygwin64\bin;%PATH% && echo %PATH% && python oqs-test/try_connection.py + set PATH=%cd%;c:\cygwin64\bin;%PATH% && echo %PATH% && python oqs-test/try_connection.py doone From 706e6592b0c6e1df5e3d1f430453e5c04548bf9c Mon Sep 17 00:00:00 2001 From: Michael <57787676+baentsch@users.noreply.github.com> Date: Sat, 29 May 2021 08:36:51 +0200 Subject: [PATCH 6/7] increase stack for McEliece --- appveyor_build.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/appveyor_build.bat b/appveyor_build.bat index 6289793e1b34..06e3a20fd4ff 100644 --- a/appveyor_build.bat +++ b/appveyor_build.bat @@ -1,5 +1,5 @@ IF %COMPILER%==cygwin ( @echo on SET "PATH=C:\cywin64\bin;c:\cygwin64;%PATH%" - c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P zlib -P zlib-devel -P ninja -P cmake -P gcc -P make -P autoconf && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && cd liboqs && mkdir build && cd build && cmake .. -GNinja -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=${APPVEYOR_BUILD_FOLDER}/oqs -DOQS_BUILD_ONLY_LIB=ON && ninja -v && ninja install && cd ${APPVEYOR_BUILD_FOLDER} && mkdir -p -m 0755 /var/empty && export LIBOQS_INSTALL=`pwd`/oqs && autoreconf && ./configure --with-liboqs-dir=`pwd`/oqs --with-libs=-lm && make && make install && TEST_SSH_UNSAFE_PERMISSIONS=1 make tests LTESTS=\"\" " + c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P zlib -P zlib-devel -P ninja -P cmake -P gcc -P make -P autoconf && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git && cd liboqs && mkdir build && cd build && cmake .. -GNinja -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=${APPVEYOR_BUILD_FOLDER}/oqs -DOQS_BUILD_ONLY_LIB=ON && ninja -v && ninja install && cd ${APPVEYOR_BUILD_FOLDER} && mkdir -p -m 0755 /var/empty && export LIBOQS_INSTALL=`pwd`/oqs && autoreconf && LDFLAGS=\"-Wl,--stack,20000000\" ./configure --with-liboqs-dir=`pwd`/oqs --with-libs=-lm && make && make install && TEST_SSH_UNSAFE_PERMISSIONS=1 make tests LTESTS=\"\" " ) From 4be629bf8138914736d851ea6b31bb56ac1f1dc1 Mon Sep 17 00:00:00 2001 From: Michael <57787676+baentsch@users.noreply.github.com> Date: Sat, 29 May 2021 09:19:28 +0200 Subject: [PATCH 7/7] add stack-size build instructions/warnings --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ed681a257d2a..0b852579435f 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ For each `` listed above, the following hybrid algorithms are made availabl - If `` has L3 security, the method `ecdh-nistp384-` is available, which combines `` with ECDH using NIST's P384 curve - If `` has L5 security, the method `ecdh-nistp521-` is available, which combines `` with ECDH using NIST's P521 curve -Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments. +Note that algorithms marked with a dagger (†) have large stack usage and may cause failures when run on threads or in constrained environments. For example, McEliece require building `oqs-openssh` with a large(r) stack provision than is default: Adding `LDFLAGS="-Wl,--stack,20000000"` to [the `./configure` command below](#step-2-build-the-fork) is required to allow cygwin-based testing to pass. #### Digital Signature