1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
|
language: c
cache:
ccache: true
## cargo: true
directories:
- $HOME/.cargo
## caching CARGO_TARGET_DIR actually slows down the build over time,
## because old build products are never deleted.
## where we point CARGO_TARGET_DIR in all our cargo invocations
#- $TRAVIS_BUILD_DIR/src/rust/target
compiler:
- gcc
os:
- linux
## We don't use the build matrix cross-product, because it makes too many jobs
## Instead, we list each job under matrix: include:
env:
global:
## The Travis CI environment allows us two cores, so let's use both. Also,
## let's use the "-k" flag so that we get all of the compilation failures,
## not just the first one.
- MAKEFLAGS="-k -j 2"
## We turn on hardening by default
## Also known as --enable-fragile-hardening in 0.3.0.3-alpha and later
- HARDENING_OPTIONS="--enable-all-bugs-are-fatal --enable-expensive-hardening"
## We turn off asciidoc by default, because it's slow
- ASCIIDOC_OPTIONS="--disable-asciidoc"
## Our default rust version is the minimum supported version
- RUST_VERSION="1.31.0"
## Turn off tor's sandbox in chutney, until we fix sandbox errors that are
## triggered by Ubuntu Xenial and Bionic. See #32722.
- CHUTNEY_TOR_SANDBOX="0"
## The default target for chutney jobs
- CHUTNEY_MAKE="test-network-all"
matrix:
## This matrix entry is required, but it doesn't actually create any jobs
-
matrix:
## include creates builds with gcc, linux, unless we override those defaults
include:
## We run chutney on macOS, because macOS Travis has IPv6
## But we only run the IPv6 chutney tests, to speed up the job
- env: CHUTNEY_MAKE="test-network-ipv6" CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
os: osx
## We also run basic tests on macOS
- compiler: clang
os: osx
## Turn off some newer features, turn on clang's -Wtypedef-redefinition
## Also, disable ALL_BUGS_ARE_FATAL macro.
env: C_DIALECT_OPTIONS="-std=gnu99" HARDENING_OPTIONS="--enable-expensive-hardening"
## We run chutney on Linux, because it's faster than chutney on macOS
## Chutney is a fast job, clang is slower on Linux, so we do Chutney clang
- env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
compiler: clang
## We check asciidoc with distcheck, to make sure we remove doc products
- env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes"
## We check disable module relay
- env: MODULES_OPTIONS="--disable-module-relay" HARDENING_OPTIONS="--enable-expensive-hardening"
## We check disable module dirauth
- env: MODULES_OPTIONS="--disable-module-dirauth" HARDENING_OPTIONS="--enable-expensive-hardening"
## We run rust on Linux, because it's faster than rust on macOS
## We check rust offline
- env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
## We check NSS
## Use -std=gnu99 to turn off some newer features, and maybe turn on some
## extra gcc warnings?
- env: NSS_OPTIONS="--enable-nss" C_DIALECT_OPTIONS="-std=gnu99" HARDENING_OPTIONS="--enable-expensive-hardening"
## We include a single coverage build with the best options for coverage
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" TOR_TEST_RNG_SEED="636f766572616765"
## We clone our stem repo and run `make test-stem`
- env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
## We run `make doxygen` without `make check`.
- env: SKIP_MAKE_CHECK="yes" DOXYGEN="yes"
## macOS builds are very slow, and we have a limited number of
## concurrent macOS jobs. We're not actively developing Rust, so it is
## the lowest priority.
## We run rust on macOS, because we have seen macOS rust failures before
#- env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
# compiler: clang
# os: osx
## Allow the build to report success (with non-required sub-builds
## continuing to run) if all required sub-builds have succeeded.
fast_finish: true
## Careful! We use global envs, which makes it hard to allow failures by env:
## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
allow_failures:
## macOS rust and chutney are very slow, so we let the build finish before
## they are done. We'd like to fast finish, but still eventually show
## any failures in the build status. But Travis doesn't have that ability.
## Since this job is disabled, there's not much point having an exception
## for it
#- env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
# compiler: clang
# os: osx
## Since we're actively developing IPv6, we want to require the IPv6
## chutney tests
#- env: CHUTNEY_MAKE="test-network-ipv6" CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
# os: osx
## (Linux only) Use a recent Linux image (Ubuntu Bionic)
dist: bionic
## Download our dependencies
addons:
## (Linux only)
apt:
packages:
## Required dependencies
- libevent-dev
## Ubuntu comes with OpenSSL by default
#- libssl-dev
- zlib1g-dev
## Optional dependencies
- libcap-dev
- liblzma-dev
- libnss3-dev
- libscrypt-dev
- libseccomp-dev
- libzstd-dev
## Optional build dependencies
- coccinelle
- shellcheck
## Conditional build dependencies
## Always installed, so we don't need sudo
- asciidoc
- docbook-xsl
- docbook-xml
- xmlto
- doxygen
## Utilities
## preventing or diagnosing hangs
- timelimit
## (OSX only)
homebrew:
packages:
## Required dependencies
- libevent
## The OSX version of OpenSSL is way too old
- openssl
## OSX comes with zlib by default
## to use a newer zlib, pass the keg path to configure (like OpenSSL)
#- zlib
## Optional dependencies
- libscrypt
- xz
- zstd
## Required build dependencies
## Tor needs pkg-config to find some dependencies at build time
- pkg-config
## Optional build dependencies
- ccache
- coccinelle
- shellcheck
## Conditional build dependencies
## Always installed, because manual brew installs are hard to get right
- asciidoc
- xmlto
## Utilities
## preventing or diagnosing hangs
- timelimit
## (OSX only) Use a recent macOS image
## See https://docs.travis-ci.com/user/reference/osx#os-x-version
## Default is Xcode 9.4 on macOS 10.13 as of October 2019
## Recent is Xcode 11.2 on macOS 10.14 as of October 2019
osx_image: xcode11.2
before_install:
## Set pipefail: we use pipes
- set -o pipefail || echo "pipefail failed"
## Create empty rust directories for non-Rust builds, so caching succeeds
- if [[ "$RUST_OPTIONS" == "" ]]; then mkdir -p $HOME/.cargo $TRAVIS_BUILD_DIR/src/rust/target; fi
install:
## If we're on OSX, configure ccache (ccache is automatically installed and configured on Linux)
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export PATH="/usr/local/opt/ccache/libexec:$PATH"; fi
## If we're on OSX, OpenSSL is keg-only, so tor 0.2.9 and later need to be configured --with-openssl-dir= to build
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then OPENSSL_OPTIONS=--with-openssl-dir=`brew --prefix openssl`; fi
## Install conditional features
## Install coveralls
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
## If we're on OSX, and using asciidoc, configure asciidoc
- if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
## If we're using Rust, download rustup
- if [[ "$RUST_OPTIONS" != "" ]]; then curl -Ssf -o rustup.sh https://sh.rustup.rs; fi
## Install the stable channels of rustc and cargo and setup our toolchain environment
- if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain $RUST_VERSION; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi
## If we're testing rust builds in offline-mode, then set up our vendored dependencies
- if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi
## If we're running chutney, install it.
- if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
## If we're running stem, install it.
- if [[ "$TEST_STEM" != "" ]]; then git clone --depth 1 https://github.com/torproject/stem.git ; export STEM_SOURCE_DIR=`pwd`/stem; fi
##
## Finally, list installed package versions
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew list --versions; fi
## Get some info about rustup, rustc and cargo
- if [[ "$RUST_OPTIONS" != "" ]]; then which rustup; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then which rustc; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then which cargo; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then rustup --version; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then rustc --version; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then cargo --version; fi
## Get python version
- python --version
## If we're running chutney, show the chutney commit
- if [[ "$CHUTNEY" != "" ]]; then pushd "$CHUTNEY_PATH"; git log -1 ; popd ; fi
## If we're running stem, show the stem version and commit
- if [[ "$TEST_STEM" != "" ]]; then pushd stem; python -c "from stem import stem; print(stem.__version__);"; git log -1; popd; fi
## Get the coccinelle version
## Installs are unreliable on macOS, so we just rely on brew list --versions
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then spatch --version; fi
## We don't want Tor tests to depend on default configuration file at
## ~/.torrc. So we put some random bytes in there, to make sure we get build
## failures in case Tor is reading it during CI jobs.
- dd ibs=1 count=1024 if=/dev/urandom > ~/.torrc
script:
# Skip test_rebind and test_include on macOS
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export TOR_SKIP_TEST_REBIND=true; export TOR_SKIP_TEST_INCLUDE=true; fi
- ./autogen.sh
- CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $MODULES_OPTIONS $NSS_OPTIONS $OPENSSL_OPTIONS $RUST_OPTIONS --enable-fatal-warnings --disable-silent-rules"
- echo "Configure flags are $CONFIGURE_FLAGS CC=\"$CC $C_DIALECT_OPTIONS\""
- ./configure $CONFIGURE_FLAGS CC="$CC $C_DIALECT_OPTIONS";
## We run `make check` because that's what https://jenkins.torproject.org does.
- if [[ "$SKIP_MAKE_CHECK" == "" ]]; then make check; fi
- if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
- if [[ "$CHUTNEY" != "" ]]; then make "$CHUTNEY_MAKE"; fi
## Diagnostic for bug 29437: kill stem if it hangs for 9.5 minutes
## Travis will kill the job after 10 minutes with no output
- if [[ "$TEST_STEM" != "" ]]; then make src/app/tor; timelimit -p -t 540 -s USR1 -T 30 -S ABRT python3 "$STEM_SOURCE_DIR"/run_tests.py --tor src/app/tor --integ --test control.controller --test control.base_controller --test process --log TRACE --log-file stem.log; fi
- if [[ "$DOXYGEN" != "" ]]; then make doxygen; fi
## If this build was one that produced coverage, upload it.
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p' || echo "Coverage failed"; fi
after_failure:
## configure will leave a log file with more details of config failures.
## But the log is too long for travis' rendered view, so tail it.
- tail -1000 config.log || echo "tail failed"
## `make check` will leave a log file with more details of test failures.
- if [[ "$SKIP_MAKE_CHECK" == "" ]]; then cat test-suite.log || echo "cat failed"; fi
## `make distcheck` puts it somewhere different.
- if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog || echo "make failed"; fi
- if [[ "$DISTCHECK" != "" ]]; then make show-distdir-core || echo "make failed"; fi
- if [[ "$CHUTNEY" != "" ]]; then "$CHUTNEY_PATH/tools/diagnostics.sh" || echo "diagnostics failed"; ls test_network_log || echo "ls failed"; cat test_network_log/* || echo "cat failed"; fi
- if [[ "$TEST_STEM" != "" ]]; then tail -1000 "$STEM_SOURCE_DIR"/test/data/tor_log || echo "tail failed"; fi
- if [[ "$TEST_STEM" != "" ]]; then grep -v "SocketClosed" stem.log | tail -1000 || echo "grep | tail failed"; fi
before_cache:
## Delete all gcov files.
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then make reset-gcov; fi
## Delete the cargo registry before caching .cargo, because it's cheaper to
## download the registry and throw it away, rather than caching it
- rm -rf $HOME/.cargo/registry
notifications:
irc:
channels:
- "irc.oftc.net#tor-ci"
template:
- "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
- "Build #%{build_number} %{result}. Details: %{build_url}"
on_success: change
on_failure: change
email:
on_success: never
on_failure: change
|
