#!/usr/bin/env python """ CI build script (C) 2017,2020 Jack Lloyd Botan is released under the Simplified BSD License (see license.txt) """ import os import platform import subprocess import sys import time import tempfile import optparse # pylint: disable=deprecated-module def get_concurrency(): def_concurrency = 2 try: import multiprocessing return multiprocessing.cpu_count() except ImportError: return def_concurrency def build_targets(target, target_os): if target in ['shared', 'minimized', 'bsi', 'nist']: yield 'shared' elif target in ['static', 'fuzzers', 'baremetal']: yield 'static' elif target_os in ['windows']: yield 'shared' elif target_os in ['ios', 'mingw']: yield 'static' else: yield 'shared' yield 'static' yield 'cli' yield 'tests' if target in ['coverage']: yield 'bogo_shim' def determine_flags(target, target_os, target_cpu, target_cc, cc_bin, ccache, root_dir, pkcs11_lib, use_gdb, disable_werror, extra_cxxflags, disabled_tests): # pylint: disable=too-many-branches,too-many-statements,too-many-arguments,too-many-locals """ Return the configure.py flags as well as make/test running prefixes """ is_cross_target = target.startswith('cross-') if target_os not in ['linux', 'osx', 'windows', 'freebsd']: print('Error unknown OS %s' % (target_os)) return (None, None, None) if is_cross_target: if target_os == 'osx': target_os = 'ios' elif target == 'cross-win64': target_os = 'mingw' elif target in ['cross-android-arm32', 'cross-android-arm64']: target_os = 'android' if target_os == 'windows' and target_cc == 'gcc': target_os = 'mingw' if target == 'baremetal': target_os = 'none' make_prefix = [] test_prefix = [] test_cmd = [os.path.join(root_dir, 'botan-test')] install_prefix = tempfile.mkdtemp(prefix='botan-install-') flags = ['--prefix=%s' % (install_prefix), '--cc=%s' % (target_cc), '--os=%s' % (target_os), '--build-targets=%s' % ','.join(build_targets(target, target_os))] if ccache is not None: flags += ['--no-store-vc-rev', '--compiler-cache=%s' % (ccache)] if target_os != 'osx' and not disable_werror: flags += ['--werror-mode'] if target_cpu is not None: flags += ['--cpu=%s' % (target_cpu)] for flag in extra_cxxflags: flags += ['--extra-cxxflags=%s' % (flag)] if target in ['minimized']: flags += ['--minimized-build', '--enable-modules=system_rng,sha2_32,sha2_64,aes'] if target in ['bsi', 'nist']: # tls is optional for bsi/nist but add it so verify tests work with these minimized configs flags += ['--module-policy=%s' % (target), '--enable-modules=tls'] if target == 'docs': flags += ['--with-doxygen', '--with-sphinx', '--with-rst2man'] test_cmd = None if target == 'cross-win64': # this test compiles under MinGW but fails when run under Wine disabled_tests.append('certstor_system') if target == 'coverage': flags += ['--with-coverage-info', '--with-debug-info', '--test-mode'] if target == 'valgrind': flags += ['--with-valgrind'] test_prefix = ['valgrind', '--error-exitcode=9', '-v', '--leak-check=full', '--show-reachable=yes'] # valgrind is single threaded anyway test_cmd += ['--test-threads=1'] # valgrind is slow slow_tests = [ 'cryptobox', 'dh_invalid', 'dh_kat', 'dh_keygen', 'dl_group_gen', 'dlies', 'dsa_param', 'ecc_basemul', 'ecdsa_verify_wycheproof', 'mce_keygen', 'passhash9', 'rsa_encrypt', 'rsa_pss', 'rsa_pss_raw', 'scrypt', 'srp6_kat', 'x509_path_bsi', 'xmss_keygen', 'xmss_sign', 'pbkdf', 'argon2', 'bcrypt', 'bcrypt_pbkdf', 'compression', 'ed25519_sign', 'elgamal_keygen', 'x509_path_rsa_pss'] disabled_tests += slow_tests if target == 'fuzzers': flags += ['--unsafe-fuzzer-mode'] if target in ['fuzzers', 'coverage']: flags += ['--build-fuzzers=test'] if target in ['fuzzers', 'sanitizer']: flags += ['--with-debug-asserts'] if target_cc in ['clang', 'gcc']: flags += ['--enable-sanitizers=address,undefined'] else: flags += ['--with-sanitizers'] if target in ['valgrind', 'sanitizer', 'fuzzers']: flags += ['--disable-modules=locking_allocator'] if target == 'baremetal': cc_bin = 'arm-none-eabi-c++' flags += ['--cpu=arm32', '--disable-neon', '--without-stack-protector', '--ldflags=-specs=nosys.specs'] test_cmd = None if is_cross_target: if target_os == 'ios': make_prefix = ['xcrun', '--sdk', 'iphoneos'] test_cmd = None if target == 'cross-ios-arm64': flags += ['--cpu=arm64', '--cc-abi-flags=-arch arm64 -stdlib=libc++'] else: raise Exception("Unknown cross target '%s' for iOS" % (target)) elif target_os == 'android': ndk = os.getenv('ANDROID_NDK') if ndk is None: raise Exception('Android CI build requires ANDROID_NDK env variable be set') api_lvl = int(os.getenv('ANDROID_API_LEVEL', '0')) if api_lvl == 0: # If not set arbitrarily choose API 16 (Android 4.1) for ARMv7 and 28 (Android 9) for AArch64 api_lvl = 16 if target == 'cross-android-arm32' else 28 toolchain_dir = os.path.join(ndk, 'toolchains/llvm/prebuilt/linux-x86_64/bin') test_cmd = None if target == 'cross-android-arm32': cc_bin = os.path.join(toolchain_dir, 'armv7a-linux-androideabi%d-clang++' % (api_lvl)) flags += ['--cpu=armv7', '--ar-command=%s' % (os.path.join(toolchain_dir, 'arm-linux-androideabi-ar'))] elif target == 'cross-android-arm64': cc_bin = os.path.join(toolchain_dir, 'aarch64-linux-android%d-clang++' % (api_lvl)) flags += ['--cpu=arm64', '--ar-command=%s' % (os.path.join(toolchain_dir, 'aarch64-linux-android-ar'))] if api_lvl < 18: flags += ['--without-os-features=getauxval'] if api_lvl >= 28: flags += ['--with-os-features=getentropy'] elif target == 'cross-i386': flags += ['--cpu=x86_32'] elif target == 'cross-win64': # MinGW in 16.04 is lacking std::mutex for unknown reason cc_bin = 'x86_64-w64-mingw32-g++' flags += ['--cpu=x86_64', '--cc-abi-flags=-static', '--ar-command=x86_64-w64-mingw32-ar', '--without-os-feature=threads'] test_cmd = [os.path.join(root_dir, 'botan-test.exe')] + test_cmd[1:] test_prefix = ['wine'] else: if target == 'cross-arm32': flags += ['--cpu=armv7'] cc_bin = 'arm-linux-gnueabihf-g++' # Currently arm32 CI only runs on native AArch64 #test_prefix = ['qemu-arm', '-L', '/usr/arm-linux-gnueabihf/'] elif target == 'cross-arm64': flags += ['--cpu=aarch64'] cc_bin = 'aarch64-linux-gnu-g++' test_prefix = ['qemu-aarch64', '-L', '/usr/aarch64-linux-gnu/'] elif target == 'cross-ppc32': flags += ['--cpu=ppc32'] cc_bin = 'powerpc-linux-gnu-g++' test_prefix = ['qemu-ppc', '-L', '/usr/powerpc-linux-gnu/'] elif target == 'cross-ppc64': flags += ['--cpu=ppc64', '--with-endian=little'] cc_bin = 'powerpc64le-linux-gnu-g++' test_prefix = ['qemu-ppc64le', '-cpu', 'POWER8', '-L', '/usr/powerpc64le-linux-gnu/'] elif target == 'cross-mips64': flags += ['--cpu=mips64', '--with-endian=big'] cc_bin = 'mips64-linux-gnuabi64-g++' test_prefix = ['qemu-mips64', '-L', '/usr/mips64-linux-gnuabi64/'] test_cmd.remove('simd_32') # no SIMD on MIPS else: raise Exception("Unknown cross target '%s' for Linux" % (target)) else: # Flags specific to native targets if target_os in ['osx', 'linux']: flags += ['--with-bzip2', '--with-sqlite', '--with-zlib'] if target_os in ['osx', 'ios']: flags += ['--with-commoncrypto'] if target == 'coverage': flags += ['--with-boost'] if target_os == 'windows' and target in ['shared', 'static']: # ./configure.py needs extra hand-holding for boost on windows boost_root = os.environ.get('BOOST_ROOT') boost_libs = os.environ.get('BOOST_LIBRARYDIR') boost_system = os.environ.get('BOOST_SYSTEM_LIBRARY') if boost_root and boost_libs and boost_system: flags += ['--with-boost', '--with-external-includedir', boost_root, '--with-external-libdir', boost_libs, '--boost-library-name', boost_system] if target_os == 'linux': flags += ['--with-lzma'] if target_os == 'linux': if target not in ['sanitizer', 'valgrind', 'minimized']: # Avoid OpenSSL when using dynamic checkers, or on OS X where it sporadically # is not installed on the CI image flags += ['--with-openssl'] if target in ['coverage']: flags += ['--with-tpm'] test_cmd += ['--run-online-tests'] if pkcs11_lib and os.access(pkcs11_lib, os.R_OK): test_cmd += ['--pkcs11-lib=%s' % (pkcs11_lib)] if target in ['coverage', 'sanitizer']: test_cmd += ['--run-long-tests'] flags += ['--cc-bin=%s' % (cc_bin)] if test_cmd is None: run_test_command = None else: if use_gdb: disabled_tests.append("os_utils") # render 'disabled_tests' array into test_cmd if disabled_tests: test_cmd += ['--skip-tests=%s' % (','.join(disabled_tests))] if use_gdb: (cmd, args) = test_cmd[0], test_cmd[1:] run_test_command = test_prefix + ['gdb', cmd, '-ex', 'run %s' % (' '.join(args)), '-ex', 'bt', '-ex', 'quit'] else: run_test_command = test_prefix + test_cmd return flags, run_test_command, make_prefix def run_cmd(cmd, root_dir): """ Execute a command, die if it failed """ print("Running '%s' ..." % (' '.join(cmd))) sys.stdout.flush() start = time.time() cmd = [os.path.expandvars(elem) for elem in cmd] sub_env = os.environ.copy() sub_env['LD_LIBRARY_PATH'] = os.path.abspath(root_dir) sub_env['DYLD_LIBRARY_PATH'] = os.path.abspath(root_dir) sub_env['PYTHONPATH'] = os.path.abspath(os.path.join(root_dir, 'src/python')) cwd = None redirect_stdout = None if len(cmd) >= 3 and cmd[-2] == '>': redirect_stdout = open(cmd[-1], 'w') cmd = cmd[:-2] if len(cmd) > 1 and cmd[0].startswith('indir:'): cwd = cmd[0][6:] cmd = cmd[1:] while len(cmd) > 1 and cmd[0].startswith('env:') and cmd[0].find('=') > 0: env_key, env_val = cmd[0][4:].split('=') sub_env[env_key] = env_val cmd = cmd[1:] proc = subprocess.Popen(cmd, cwd=cwd, close_fds=True, env=sub_env, stdout=redirect_stdout) proc.communicate() time_taken = int(time.time() - start) if time_taken > 10: print("Ran for %d seconds" % (time_taken)) if proc.returncode != 0: print("Command '%s' failed with error code %d" % (' '.join(cmd), proc.returncode)) if cmd[0] not in ['lcov']: sys.exit(proc.returncode) def default_os(): platform_os = platform.system().lower() if platform_os == 'darwin': return 'osx' return platform_os def parse_args(args): """ Parse arguments """ parser = optparse.OptionParser() parser.add_option('--os', default=default_os(), help='Set the target os (default %default)') parser.add_option('--cc', default='gcc', help='Set the target compiler type (default %default)') parser.add_option('--cc-bin', default=None, help='Set path to compiler') parser.add_option('--root-dir', metavar='D', default='.', help='Set directory to execute from (default %default)') parser.add_option('--make-tool', metavar='TOOL', default='make', help='Specify tool to run to build source (default %default)') parser.add_option('--extra-cxxflags', metavar='FLAGS', default=[], action='append', help='Specify extra build flags') parser.add_option('--cpu', default=None, help='Specify a target CPU platform') parser.add_option('--with-debug', action='store_true', default=False, help='Include debug information') parser.add_option('--amalgamation', action='store_true', default=False, help='Build via amalgamation') parser.add_option('--disable-shared', action='store_true', default=False, help='Disable building shared libraries') parser.add_option('--disabled-tests', metavar='DISABLED_TESTS', default=[], action='append', help='Comma separated list of tests that should not be run') parser.add_option('--branch', metavar='B', default=None, help='Specify branch being built') parser.add_option('--dry-run', action='store_true', default=False, help='Just show commands to be executed') parser.add_option('--build-jobs', metavar='J', default=get_concurrency(), help='Set number of jobs to run in parallel (default %default)') parser.add_option('--compiler-cache', default=None, metavar='CC', help='Set a compiler cache to use (ccache, sccache)') parser.add_option('--pkcs11-lib', default=os.getenv('PKCS11_LIB'), metavar='LIB', help='Set PKCS11 lib to use for testing') parser.add_option('--with-python3', dest='use_python3', action='store_true', default=None, help='Enable using python3') parser.add_option('--without-python3', dest='use_python3', action='store_false', help='Disable using python3') parser.add_option('--with-pylint3', dest='use_pylint3', action='store_true', default=True, help='Enable using python3 pylint') parser.add_option('--without-pylint3', dest='use_pylint3', action='store_false', help='Disable using python3 pylint') parser.add_option('--disable-werror', action='store_true', default=False, help='Allow warnings to compile') parser.add_option('--run-under-gdb', dest='use_gdb', action='store_true', default=False, help='Run test suite under gdb and capture backtrace') return parser.parse_args(args) def have_prog(prog): """ Check if some named program exists in the path """ for path in os.environ['PATH'].split(os.pathsep): exe_file = os.path.join(path, prog) if os.path.exists(exe_file) and os.access(exe_file, os.X_OK): return True return False def main(args=None): # pylint: disable=too-many-branches,too-many-statements,too-many-locals,too-many-return-statements,too-many-locals """ Parse options, do the things """ if os.getenv('COVERITY_SCAN_BRANCH') == '1': print('Skipping build COVERITY_SCAN_BRANCH set in environment') return 0 if args is None: args = sys.argv print("Invoked as '%s'" % (' '.join(args))) (options, args) = parse_args(args) if len(args) != 2: print('Usage: %s [options] target' % (args[0])) return 1 target = args[1] if options.use_python3 is None: use_python3 = have_prog('python3') else: use_python3 = options.use_python3 py_interp = 'python' if use_python3: py_interp = 'python3' if options.cc_bin is None: if options.cc == 'gcc': options.cc_bin = 'g++' elif options.cc == 'clang': options.cc_bin = 'clang++' elif options.cc == 'msvc': options.cc_bin = 'cl' else: print('Error unknown compiler %s' % (options.cc)) return 1 if options.compiler_cache is None and options.cc != 'msvc': # Autodetect ccache if have_prog('ccache'): options.compiler_cache = 'ccache' if options.compiler_cache not in [None, 'ccache', 'sccache']: raise Exception("Don't know about %s as a compiler cache" % (options.compiler_cache)) root_dir = options.root_dir if not os.access(root_dir, os.R_OK): raise Exception('Bad root dir setting, dir %s not readable' % (root_dir)) cmds = [] if target == 'lint': pylint_rc = '--rcfile=%s' % (os.path.join(root_dir, 'src/configs/pylint.rc')) pylint_flags = [pylint_rc, '--reports=no'] # Some disabled rules specific to Python3 # useless-object-inheritance: complains about code still useful in Python2 py3_flags = '--disable=useless-object-inheritance' py_scripts = [ 'configure.py', 'src/python/botan2.py', 'src/scripts/ci_build.py', 'src/scripts/install.py', 'src/scripts/ci_check_install.py', 'src/scripts/dist.py', 'src/scripts/cleanup.py', 'src/scripts/check.py', 'src/scripts/build_docs.py', 'src/scripts/website.py', 'src/scripts/bench.py', 'src/scripts/test_python.py', 'src/scripts/test_fuzzers.py', 'src/scripts/test_cli.py', 'src/scripts/python_unittests.py', 'src/scripts/python_unittests_unix.py'] full_paths = [os.path.join(root_dir, s) for s in py_scripts] if use_python3 and options.use_pylint3: cmds.append(['python3', '-m', 'pylint'] + pylint_flags + [py3_flags] + full_paths) else: config_flags, run_test_command, make_prefix = determine_flags( target, options.os, options.cpu, options.cc, options.cc_bin, options.compiler_cache, root_dir, options.pkcs11_lib, options.use_gdb, options.disable_werror, options.extra_cxxflags, options.disabled_tests) cmds.append([py_interp, os.path.join(root_dir, 'configure.py')] + config_flags) make_cmd = [options.make_tool] if root_dir != '.': make_cmd += ['-C', root_dir] if options.build_jobs > 1 and options.make_tool != 'nmake': make_cmd += ['-j%d' % (options.build_jobs)] make_cmd += ['-k'] if target == 'docs': cmds.append(make_cmd + ['docs']) else: if options.compiler_cache is not None: cmds.append([options.compiler_cache, '--show-stats']) make_targets = ['libs', 'tests', 'cli'] if target in ['coverage', 'fuzzers']: make_targets += ['fuzzer_corpus_zip', 'fuzzers'] if target in ['coverage']: make_targets += ['bogo_shim'] cmds.append(make_prefix + make_cmd + make_targets) if options.compiler_cache is not None: cmds.append([options.compiler_cache, '--show-stats']) if run_test_command is not None: cmds.append(run_test_command) if target == 'coverage': runner_dir = os.path.abspath(os.path.join(root_dir, 'boringssl', 'ssl', 'test', 'runner')) cmds.append(['indir:%s' % (runner_dir), 'go', 'test', '-pipe', '-num-workers', str(4*get_concurrency()), '-shim-path', os.path.abspath(os.path.join(root_dir, 'botan_bogo_shim')), '-shim-config', os.path.abspath(os.path.join(root_dir, 'src', 'bogo_shim', 'config.json'))]) if target in ['coverage', 'fuzzers']: cmds.append([py_interp, os.path.join(root_dir, 'src/scripts/test_fuzzers.py'), os.path.join(root_dir, 'fuzzer_corpus'), os.path.join(root_dir, 'build/fuzzer')]) if target in ['shared', 'coverage'] and options.os != 'windows': botan_exe = os.path.join(root_dir, 'botan-cli.exe' if options.os == 'windows' else 'botan') args = ['--threads=%d' % (options.build_jobs)] test_scripts = ['test_cli.py', 'test_cli_crypt.py'] for script in test_scripts: cmds.append([py_interp, os.path.join(root_dir, 'src/scripts', script)] + args + [botan_exe]) python_tests = os.path.join(root_dir, 'src/scripts/test_python.py') if target in ['shared', 'coverage']: if options.os == 'windows': if options.cpu == 'x86': # Python on AppVeyor is a 32-bit binary so only test for 32-bit cmds.append([py_interp, '-b', python_tests]) else: if use_python3: cmds.append(['python3', '-b', python_tests]) if target in ['shared', 'static', 'bsi', 'nist']: cmds.append(make_cmd + ['install']) build_config = os.path.join(root_dir, 'build', 'build_config.json') cmds.append([py_interp, os.path.join(root_dir, 'src/scripts/ci_check_install.py'), build_config]) if target in ['coverage']: if not have_prog('lcov'): print('Error: lcov not found in PATH (%s)' % (os.getenv('PATH'))) return 1 if not have_prog('gcov'): print('Error: gcov not found in PATH (%s)' % (os.getenv('PATH'))) return 1 cov_file = 'coverage.info' raw_cov_file = 'coverage.info.raw' cmds.append(['lcov', '--capture', '--directory', options.root_dir, '--output-file', raw_cov_file]) cmds.append(['lcov', '--remove', raw_cov_file, '/usr/*', '--output-file', cov_file]) cmds.append(['lcov', '--list', cov_file]) if have_prog('coverage'): cmds.append(['coverage', 'run', '--branch', '--rcfile', os.path.join(root_dir, 'src/configs/coverage.rc'), python_tests]) if have_prog('codecov'): # If codecov exists assume we are in CI and report to codecov.io cmds.append(['codecov', '>', 'codecov_stdout.log']) else: # Otherwise generate a local HTML report cmds.append(['genhtml', cov_file, '--output-directory', 'lcov-out']) cmds.append(make_cmd + ['clean']) cmds.append(make_cmd + ['distclean']) for cmd in cmds: if options.dry_run: print('$ ' + ' '.join(cmd)) else: run_cmd(cmd, root_dir) return 0 if __name__ == '__main__': sys.exit(main())