Commit Graph

54 Commits

Author SHA1 Message Date
Sam James 77cab41f32
CI: update FreeBSD, NetBSD, OpenBSD, Solaris actions
Checked the changes and they're all innocuous. This should hopefully
fix the "externally managed" pip error in these jobs that started
recently.

(cherry picked from commit dbca3d078e)
2024-12-18 19:21:59 +02:00
Sam James c9bd00327f
CI: Speed up Valgrind job by using --trace-children-skip-by-arg=...
This addresses the issue I mentioned in
6c095a98fb and speeds up the Valgrind
job a bit, because non-xz tools aren't run unnecessarily with
Valgrind by the script tests.

(cherry picked from commit 7e99856f66)
2024-09-06 19:26:09 +03:00
Lasse Collin 810f1a8aee
CI: Use CC="gcc -m32" to get i386 compiler on x86-64
The old method put it in CFLAGS which is a wrong place because
config.guess doesn't read CFLAGS.

(cherry picked from commit dbcdabf68f)
2024-09-06 19:15:14 +03:00
Lasse Collin 0c089a33a5
CI: Don't require po4a on Solaris
(cherry picked from commit a61c9ab475)
2024-09-06 18:51:58 +03:00
Lasse Collin 83d3792711
CI: Use set -e on Solaris too
(cherry picked from commit 5229bdf533)
2024-09-06 18:51:58 +03:00
Sam James 42754176bd
ci: don't pin official GH actions via commit, just tag
There's no real value in doing it via commit for official GH actions. We
can keep using pinned commits for unofficial actions. It's hassle for no
gain.

Maybe going forward we can limit this further by only being paranoid
for the jobs with any access to tokens.

(cherry picked from commit 35f8649f08)
2024-09-06 18:51:57 +03:00
Christoph Junghans 9a5fee7022
ci: set -e on openbsd
Closes: https://github.com/tukaani-project/xz/pull/116
(cherry picked from commit e885dae37f)
2024-09-06 18:51:57 +03:00
Christoph Junghans a2d66de54f
ci: set -e on netbsd
(cherry picked from commit 21b02dd128)
2024-09-06 18:51:57 +03:00
Christoph Junghans 1bdc70176b
ci: actually fail on FreeBSD
Without "set -e" the job will always be successful.

See vmactions/freebsd-vm#72

(cherry picked from commit 8641f0c24c)
2024-09-06 18:51:57 +03:00
Andrew Murray 4132277103
Updated actions
Closes: https://github.com/tukaani-project/xz/pull/115
(cherry picked from commit ef616683ef)
2024-09-06 18:51:57 +03:00
Sam James 1575414636
ci: add po4a
(cherry picked from commit 57b440d316)
2024-09-06 18:51:57 +03:00
Sam James c3e293037e
ci: add Solaris
Inspired by 3f2a38b011.

It runs on Solaris 5.11 via a VirtualBox VM.

(cherry picked from commit 08cdf4be9a)
2024-09-06 18:51:56 +03:00
Sam James cb0e847fe0 ci: add SPDX headers
I've checked over each of these and they're straightforward applications
of the relevant Github Actions.

(cherry picked from commit 9a6761aa35)
2024-05-23 00:13:43 +03:00
Sam James 59055d70cd ci: add NetBSD
(cherry picked from commit a607e2b40d)
2024-05-22 14:32:36 +03:00
Sam James 812c1f95f3 ci: add FreeBSD
(cherry picked from commit 72c210336d)
2024-05-22 14:32:36 +03:00
Sam James d2a4f963c2 ci: add OpenBSD
(cherry picked from commit b526ec2dbf)
2024-05-22 14:32:36 +03:00
Sam James 1e63f7d536 ci: rename ci_build.sh -> ci_build.bash
We discussed the name and it's less cognitive load to just call it '.bash'
so you don't have an immediate question about if bashisms are OK.

(cherry picked from commit 73f629e321)
2024-05-22 14:26:59 +03:00
Sam James cc21af1715 ci: make UBSAN abort on errors
Unfortunately, UBSAN doesn't do this by default. See also the change
I made in Meson for this in October [0].

[0] 7b7d2e060b

(cherry picked from commit b5e3470442)
2024-05-22 14:26:59 +03:00
Sam James 2d2d5f14b3 ci: test Valgrind
Using `--trace-children=yes` has a trade-off here, as it makes
`test_scripts.sh` pretty slow when calling various non-xz utilities.

But I also feel like it's not useless to have Valgrind used there and it's
not easy to exclude Valgrind just for that one test...

I did consider using AX_VALGRIND_CHECK [0][1] but I couldn't get it working
immediately with some conditionally-built tests and I wondered if it was
worth spending time on at least while we're debating xz's future build
system situation.

[0] https://www.gnu.org/software/autoconf-archive/ax_valgrind_check.html
[1] https://tecnocode.co.uk/2014/12/23/automatically-valgrinding-code-with-ax_valgrind_check/

(cherry picked from commit 6c095a98fb)
2024-05-22 14:26:59 +03:00
Lasse Collin 38a3ec5a7e CI: Remove ifunc support.
(cherry picked from commit 986865ea2f)
2024-05-22 14:12:43 +03:00
Lasse Collin 5f178c364c Delete SECURITY.md from v5.6
It's too easily out of date in the stable branches.
It's not included in the release packages anyway.
2024-05-22 14:08:33 +03:00
Lasse Collin 22af94128b Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
Lasse Collin 689e0228ba Change most public domain parts to 0BSD.
Translations and doc/xz-file-format.txt and doc/lzma-file-format.txt
were not touched.

COPYING.0BSD was added.
2024-02-14 18:31:12 +02:00
Jia Tan fce4758018 Docs: Update website URLs. 2024-01-19 23:08:14 +08:00
Jia Tan f9b82bc64a CI: Update Upload Artifact Action. 2023-12-15 16:56:31 +08:00
Jia Tan fd170e8557 CI: Test musl libc builds on Ubuntu runner. 2023-11-30 20:09:46 +08:00
Jia Tan 5e3d890f88 CI: Disable sandboxing in fsanitize=address,undefined job.
The sandboxing on Linux now supports Landlock, which restricts all
supported filesystem actions after xz opens the files it needs. The
sandbox is only enabled when one file is input and we are writing to
standard out. With fsanitize=address,undefined, the instrumentation
needs to read additional files after the sandbox is in place. This
forces all xz based test to fail, so the sandbox must instead be
disabled.
2023-10-24 00:50:08 +08:00
Gabriela Gutierrez 37947d4a75 CI: Bump and ref actions by commit SHA in windows-ci.yml
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch.

It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/msys2/setup-msys2/releases/tag/v2.20.1
27b3aa77f6

https://github.com/actions/checkout/releases/tag/v4.1.0
8ade135a41

https://github.com/actions/upload-artifact/releases/tag/v3.1.3
a8a3f3ad30

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-10-13 20:03:13 +08:00
Gabriela Gutierrez f28cc9bd48 CI: Bump and ref actions by commit SHA in ci.yml
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch.

It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v4.1.0
8ade135a41

https://github.com/actions/upload-artifact/releases/tag/v3.1.3
a8a3f3ad30

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-10-13 20:03:13 +08:00
Jia Tan 01e34aa117 CI: Disable CLANG64 MSYS2 environment until bug is resolved.
lld 17.0.1 searches for libraries to link first in the toolchain
directories before the local directory when building. The is a problem
for us because liblzma.a is installed in MSYS2 CLANG64 by default and
xz.exe will thus use the installed library instead of the one being
built.

This causes tests to fail when they are expecting features to be
disabled. More importantly, it will compile xz.exe with an incorrect
liblzma and could cause unexpected behavior by being unable to update
liblzma code in static builds. The CLANG64 environment can be tested
again once this is fixed.

Link to bug: https://github.com/llvm/llvm-project/issues/67779.
2023-09-29 22:11:54 +08:00
Jia Tan 953e775941 CI: Enable CLMUL in address sanitization test.
The crc64_clmul() function should be ignored by the address sanitizer
now so these builds should still pass.
2023-09-14 21:43:34 +08:00
Jia Tan 7190f4cc7c CI: Fix windows-ci dependency installation.
All of the MSYS2 environments need make, and it does not come with the
toolchain package. The toolchain package will install the needed
compiler toolchains since without this package CMake cannot properly
generate the Makefiles.
2023-07-28 21:56:48 +08:00
Jia Tan 7870396a0c CI: Test CMake builds and test framework with MSYS2. 2023-07-25 20:17:23 +08:00
Jia Tan 6497d1f887 CI: Windows CI rename system matrix variable -> msys2_env.
Calling the MSYS2 environment "system" was a bit vague and should be
more specific.
2023-07-25 20:14:53 +08:00
Jia Tan 785e4121d9 CI: Add Clang64 MSYS2 environment to Windows CI. 2023-07-24 23:11:45 +08:00
Jia Tan f3a055f762 CI: Add Windows runner for Autotools builds with MSYS2.
Only a subset of the tests run by the Linux and MacOS Autotools builds
are run. The most interesting tests are the ones that disable threads,
encoders, and decoders.

The Windows runner will only be run manually since these tests will
likely take much longer than the Linux and MacOS runners. This runner
should be used before merging any large features and before releases.

Currently the clang64 environment fails to due to a warning and
-Werror is enabled for the CI tests. This is still an early version
since the CMake build can be done for MSVC and optionally each of the
MSYS2 environments. GitHub does not allow manually running the CI tests
unless the workflow is checked on the default branch so checking in a
minimum version is a good idea.

Thanks to Arthur S for the original proposing the original patch.

Closes: https://github.com/tukaani-project/xz/pull/34
2023-07-22 18:31:02 +08:00
Jia Tan 45e250a9e9 CI: Add test with -fsanitize=address,undefined.
ci_build.sh was updated to accept disabling of __attribute__ ifunc
and CLMUL. This will allow -fsanitize=address to pass because ifunc
is incompatible with -fsanitize=address. The CLMUL implementation has
optimizations that potentially read past the buffer and mask out the
unwanted bytes.

This test will only run on Autotools Linux.
2023-06-28 23:59:47 +08:00
Jia Tan 596ee722cd CI: Upgrade checkout action from v2 to v3. 2023-06-28 20:48:49 +08:00
Jia Tan dbb3a536ed CI: Add apt update command before installing dependencies.
Without the extra command, all of the CI tests were automatically
failing because the Ubuntu servers could not be reached properly.
2023-06-07 00:23:02 +08:00
Jia Tan 2cf5ae5b5b CI: Adds a build and test for small configuration. 2023-04-25 22:14:28 +08:00
Jia Tan 0fbb2b87a7 Docs: Add missing word to SECURITY.md. 2023-04-07 20:46:41 +08:00
Jia Tan 537c6cd8a9 Docs: Minor edits to SECURITY.md. 2023-04-07 20:43:56 +08:00
Gabriela Gutierrez 6549df8dd5 Docs: Create SECURITY.md
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-04-07 20:43:49 +08:00
Jia Tan d0faa85df5 CI: Tests for disabling threading on CMake builds. 2023-03-29 23:46:43 +08:00
Jia Tan 20cd905d89 CI: Runs CMake feature tests.
Now, CMake will run similar feature disable tests that the Autotools
version did before. In order to do this without repeating lines in
ci.yml, it now makes sense to use the GitHub Workflow matrix to create
a loop.
2023-03-24 23:41:06 +08:00
Jia Tan 4f50763b98 CI: Add doxygen as a dependency.
Autogen now requires --no-doxygen or having doxygen installed to run
without errors.
2023-03-17 01:42:28 +08:00
Jia Tan 3a401b0e0c CI: Upload test logs as artifacts if a test fails. 2023-02-01 21:47:35 +08:00
Jia Tan b2ba1a489d CI: Reorder 32-bit build first for Linux autotool builds.
The 32-bit build needs to be first so the configure cache only needs to
be reset one time. The 32-bit build sets the CFLAGS env variable, so any
build using that flag after will fail unless the cache is reset.
2023-01-18 22:11:05 +08:00
Jia Tan 81cb02e2c2 CI: Disable shared and nls from various jobs in autotool runners.
Disabling shared library generation and linking should help speed up the
runners. The shared library is still being tested in the 32 bit build
and the full feature.

Disabling nls is to check for any unexpected warnings or errors.
2023-01-12 23:43:06 +08:00
Jia Tan 58a052198a CI: Reorder the 32-bit job in the Ubuntu runner.
Run the 32 bit job sooner since this is a more interesting test than
some of the later jobs.
2023-01-12 23:39:19 +08:00