|
|
|
@ -645,6 +645,193 @@ jobs:
|
|
|
|
|
fail_ci_if_error: false
|
|
|
|
|
flags: suricata-verify
|
|
|
|
|
|
|
|
|
|
# Fedora 38 build using Clang.
|
|
|
|
|
fedora-38-clang:
|
|
|
|
|
name: Fedora 38 (clang, debug, asan, wshadow, rust-strict, systemd)
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
container: fedora:38
|
|
|
|
|
needs: [prepare-deps]
|
|
|
|
|
steps:
|
|
|
|
|
|
|
|
|
|
# Cache Rust stuff.
|
|
|
|
|
- name: Cache cargo registry
|
|
|
|
|
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
|
|
|
|
|
with:
|
|
|
|
|
path: ~/.cargo
|
|
|
|
|
key: ${{ github.job }}-cargo
|
|
|
|
|
|
|
|
|
|
- name: Cache RPMs
|
|
|
|
|
uses: actions/cache@v3
|
|
|
|
|
with:
|
|
|
|
|
path: /var/cache/dnf
|
|
|
|
|
key: ${{ github.job }}-dnf
|
|
|
|
|
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
|
|
|
|
|
|
|
|
|
|
- run: |
|
|
|
|
|
dnf -y install \
|
|
|
|
|
autoconf \
|
|
|
|
|
automake \
|
|
|
|
|
cargo \
|
|
|
|
|
cbindgen \
|
|
|
|
|
ccache \
|
|
|
|
|
clang \
|
|
|
|
|
diffutils \
|
|
|
|
|
file-devel \
|
|
|
|
|
gcc \
|
|
|
|
|
gcc-c++ \
|
|
|
|
|
git \
|
|
|
|
|
hiredis-devel \
|
|
|
|
|
jansson-devel \
|
|
|
|
|
jq \
|
|
|
|
|
lua-devel \
|
|
|
|
|
libasan \
|
|
|
|
|
libtool \
|
|
|
|
|
libyaml-devel \
|
|
|
|
|
libnfnetlink-devel \
|
|
|
|
|
libnetfilter_queue-devel \
|
|
|
|
|
libnet-devel \
|
|
|
|
|
libcap-ng-devel \
|
|
|
|
|
libevent-devel \
|
|
|
|
|
libmaxminddb-devel \
|
|
|
|
|
libpcap-devel \
|
|
|
|
|
libxdp-devel \
|
|
|
|
|
libbpf-devel \
|
|
|
|
|
libtool \
|
|
|
|
|
lz4-devel \
|
|
|
|
|
make \
|
|
|
|
|
nss-softokn-devel \
|
|
|
|
|
pcre2-devel \
|
|
|
|
|
pkgconfig \
|
|
|
|
|
python3-yaml \
|
|
|
|
|
sudo \
|
|
|
|
|
systemd-devel \
|
|
|
|
|
which \
|
|
|
|
|
zlib-devel
|
|
|
|
|
- uses: actions/checkout@v3.3.0
|
|
|
|
|
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
|
|
|
|
|
with:
|
|
|
|
|
name: prep
|
|
|
|
|
path: prep
|
|
|
|
|
- run: tar xf prep/libhtp.tar.gz
|
|
|
|
|
- run: tar xf prep/suricata-update.tar.gz
|
|
|
|
|
- run: ./autogen.sh
|
|
|
|
|
- run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua
|
|
|
|
|
env:
|
|
|
|
|
LDFLAGS: "-fsanitize=address"
|
|
|
|
|
ac_cv_func_realloc_0_nonnull: "yes"
|
|
|
|
|
ac_cv_func_malloc_0_nonnull: "yes"
|
|
|
|
|
- run: make -j2
|
|
|
|
|
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
|
|
|
|
|
- name: Extracting suricata-verify
|
|
|
|
|
run: tar xf prep/suricata-verify.tar.gz
|
|
|
|
|
- name: Running suricata-verify
|
|
|
|
|
run: python3 ./suricata-verify/run.py -q
|
|
|
|
|
# Now install and make sure headers and libraries aren't
|
|
|
|
|
# installed until requested.
|
|
|
|
|
- run: make install
|
|
|
|
|
- run: test ! -e /usr/local/lib/libsuricata_c.a
|
|
|
|
|
- run: test ! -e /usr/local/include/suricata
|
|
|
|
|
- run: make install-headers
|
|
|
|
|
- run: test -e /usr/local/include/suricata/suricata.h
|
|
|
|
|
- run: make install-library
|
|
|
|
|
- run: test -e /usr/local/lib/libsuricata_c.a
|
|
|
|
|
- run: test -e /usr/local/lib/libsuricata_rust.a
|
|
|
|
|
- run: test -e /usr/local/bin/libsuricata-config
|
|
|
|
|
- run: test ! -e /usr/local/lib/libsuricata.so
|
|
|
|
|
- run: make install
|
|
|
|
|
- run: suricata-update -V
|
|
|
|
|
- run: suricatasc -h
|
|
|
|
|
# Check compilation against systemd
|
|
|
|
|
- run: ldd src/suricata | grep libsystemd &> /dev/null
|
|
|
|
|
|
|
|
|
|
# Fedora 38 build using GCC.
|
|
|
|
|
fedora-38-gcc:
|
|
|
|
|
name: Fedora 38 (gcc, debug, asan, wshadow, rust-strict)
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
container: fedora:38
|
|
|
|
|
needs: [prepare-deps]
|
|
|
|
|
steps:
|
|
|
|
|
|
|
|
|
|
# Cache Rust stuff.
|
|
|
|
|
- name: Cache cargo registry
|
|
|
|
|
uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
|
|
|
|
|
with:
|
|
|
|
|
path: ~/.cargo/registry
|
|
|
|
|
key: cargo-registry
|
|
|
|
|
|
|
|
|
|
- run: |
|
|
|
|
|
dnf -y install \
|
|
|
|
|
autoconf \
|
|
|
|
|
automake \
|
|
|
|
|
cargo \
|
|
|
|
|
cbindgen \
|
|
|
|
|
ccache \
|
|
|
|
|
diffutils \
|
|
|
|
|
file-devel \
|
|
|
|
|
gcc \
|
|
|
|
|
gcc-c++ \
|
|
|
|
|
git \
|
|
|
|
|
hiredis-devel \
|
|
|
|
|
jansson-devel \
|
|
|
|
|
jq \
|
|
|
|
|
lua-devel \
|
|
|
|
|
libasan \
|
|
|
|
|
libtool \
|
|
|
|
|
libyaml-devel \
|
|
|
|
|
libnfnetlink-devel \
|
|
|
|
|
libnetfilter_queue-devel \
|
|
|
|
|
libnet-devel \
|
|
|
|
|
libcap-ng-devel \
|
|
|
|
|
libevent-devel \
|
|
|
|
|
libmaxminddb-devel \
|
|
|
|
|
libpcap-devel \
|
|
|
|
|
libtool \
|
|
|
|
|
lz4-devel \
|
|
|
|
|
make \
|
|
|
|
|
nss-softokn-devel \
|
|
|
|
|
pcre2-devel \
|
|
|
|
|
pkgconfig \
|
|
|
|
|
python3-yaml \
|
|
|
|
|
sudo \
|
|
|
|
|
which \
|
|
|
|
|
zlib-devel
|
|
|
|
|
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
|
|
|
|
|
- uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
|
|
|
|
|
with:
|
|
|
|
|
name: prep
|
|
|
|
|
path: prep
|
|
|
|
|
- run: tar xf prep/libhtp.tar.gz
|
|
|
|
|
- run: tar xf prep/suricata-update.tar.gz
|
|
|
|
|
- run: ./autogen.sh
|
|
|
|
|
- run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue
|
|
|
|
|
env:
|
|
|
|
|
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer"
|
|
|
|
|
LDFLAGS: "-fsanitize=address"
|
|
|
|
|
ac_cv_func_realloc_0_nonnull: "yes"
|
|
|
|
|
ac_cv_func_malloc_0_nonnull: "yes"
|
|
|
|
|
- run: make -j2
|
|
|
|
|
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
|
|
|
|
|
- name: Extracting suricata-verify
|
|
|
|
|
run: tar xf prep/suricata-verify.tar.gz
|
|
|
|
|
- name: Running suricata-verify
|
|
|
|
|
run: python3 ./suricata-verify/run.py -q
|
|
|
|
|
# Now install and make sure headers and libraries aren't
|
|
|
|
|
# installed until requested.
|
|
|
|
|
- run: make install
|
|
|
|
|
- run: test ! -e /usr/local/lib/libsuricata_c.a
|
|
|
|
|
- run: test ! -e /usr/local/include/suricata
|
|
|
|
|
- run: make install-headers
|
|
|
|
|
- run: test -e /usr/local/include/suricata/suricata.h
|
|
|
|
|
- run: make install-library
|
|
|
|
|
- run: test -e /usr/local/lib/libsuricata_c.a
|
|
|
|
|
- run: test -e /usr/local/lib/libsuricata_rust.a
|
|
|
|
|
- run: test -e /usr/local/bin/libsuricata-config
|
|
|
|
|
- run: test ! -e /usr/local/lib/libsuricata.so
|
|
|
|
|
- run: make install
|
|
|
|
|
- run: suricata-update -V
|
|
|
|
|
- run: suricatasc -h
|
|
|
|
|
|
|
|
|
|
# Fedora 37 build using Clang.
|
|
|
|
|
fedora-37-clang:
|
|
|
|
|
name: Fedora 37 (clang, debug, asan, wshadow, rust-strict, systemd)
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
@ -748,6 +935,7 @@ jobs:
|
|
|
|
|
# Check compilation against systemd
|
|
|
|
|
- run: ldd src/suricata | grep libsystemd &> /dev/null
|
|
|
|
|
|
|
|
|
|
# Fedora 37 build using GCC.
|
|
|
|
|
fedora-37-gcc:
|
|
|
|
|
name: Fedora 37 (gcc, debug, asan, wshadow, rust-strict)
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|