diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 14b1a8b313..004b408c57 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -645,6 +645,193 @@ jobs: fail_ci_if_error: false flags: suricata-verify + # Fedora 38 build using Clang. + fedora-38-clang: + name: Fedora 38 (clang, debug, asan, wshadow, rust-strict, systemd) + runs-on: ubuntu-latest + container: fedora:38 + needs: [prepare-deps] + steps: + + # Cache Rust stuff. + - name: Cache cargo registry + uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 + with: + path: ~/.cargo + key: ${{ github.job }}-cargo + + - name: Cache RPMs + uses: actions/cache@v3 + with: + path: /var/cache/dnf + key: ${{ github.job }}-dnf + - run: echo "keepcache=1" >> /etc/dnf/dnf.conf + + - run: | + dnf -y install \ + autoconf \ + automake \ + cargo \ + cbindgen \ + ccache \ + clang \ + diffutils \ + file-devel \ + gcc \ + gcc-c++ \ + git \ + hiredis-devel \ + jansson-devel \ + jq \ + lua-devel \ + libasan \ + libtool \ + libyaml-devel \ + libnfnetlink-devel \ + libnetfilter_queue-devel \ + libnet-devel \ + libcap-ng-devel \ + libevent-devel \ + libmaxminddb-devel \ + libpcap-devel \ + libxdp-devel \ + libbpf-devel \ + libtool \ + lz4-devel \ + make \ + nss-softokn-devel \ + pcre2-devel \ + pkgconfig \ + python3-yaml \ + sudo \ + systemd-devel \ + which \ + zlib-devel + - uses: actions/checkout@v3.3.0 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + with: + name: prep + path: prep + - run: tar xf prep/libhtp.tar.gz + - run: tar xf prep/suricata-update.tar.gz + - run: ./autogen.sh + - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua + env: + LDFLAGS: "-fsanitize=address" + ac_cv_func_realloc_0_nonnull: "yes" + ac_cv_func_malloc_0_nonnull: "yes" + - run: make -j2 + - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . + - name: Extracting suricata-verify + run: tar xf prep/suricata-verify.tar.gz + - name: Running suricata-verify + run: python3 ./suricata-verify/run.py -q + # Now install and make sure headers and libraries aren't + # installed until requested. + - run: make install + - run: test ! -e /usr/local/lib/libsuricata_c.a + - run: test ! -e /usr/local/include/suricata + - run: make install-headers + - run: test -e /usr/local/include/suricata/suricata.h + - run: make install-library + - run: test -e /usr/local/lib/libsuricata_c.a + - run: test -e /usr/local/lib/libsuricata_rust.a + - run: test -e /usr/local/bin/libsuricata-config + - run: test ! -e /usr/local/lib/libsuricata.so + - run: make install + - run: suricata-update -V + - run: suricatasc -h + # Check compilation against systemd + - run: ldd src/suricata | grep libsystemd &> /dev/null + + # Fedora 38 build using GCC. + fedora-38-gcc: + name: Fedora 38 (gcc, debug, asan, wshadow, rust-strict) + runs-on: ubuntu-latest + container: fedora:38 + needs: [prepare-deps] + steps: + + # Cache Rust stuff. + - name: Cache cargo registry + uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 + with: + path: ~/.cargo/registry + key: cargo-registry + + - run: | + dnf -y install \ + autoconf \ + automake \ + cargo \ + cbindgen \ + ccache \ + diffutils \ + file-devel \ + gcc \ + gcc-c++ \ + git \ + hiredis-devel \ + jansson-devel \ + jq \ + lua-devel \ + libasan \ + libtool \ + libyaml-devel \ + libnfnetlink-devel \ + libnetfilter_queue-devel \ + libnet-devel \ + libcap-ng-devel \ + libevent-devel \ + libmaxminddb-devel \ + libpcap-devel \ + libtool \ + lz4-devel \ + make \ + nss-softokn-devel \ + pcre2-devel \ + pkgconfig \ + python3-yaml \ + sudo \ + which \ + zlib-devel + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 + with: + name: prep + path: prep + - run: tar xf prep/libhtp.tar.gz + - run: tar xf prep/suricata-update.tar.gz + - run: ./autogen.sh + - run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue + env: + CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" + LDFLAGS: "-fsanitize=address" + ac_cv_func_realloc_0_nonnull: "yes" + ac_cv_func_malloc_0_nonnull: "yes" + - run: make -j2 + - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . + - name: Extracting suricata-verify + run: tar xf prep/suricata-verify.tar.gz + - name: Running suricata-verify + run: python3 ./suricata-verify/run.py -q + # Now install and make sure headers and libraries aren't + # installed until requested. + - run: make install + - run: test ! -e /usr/local/lib/libsuricata_c.a + - run: test ! -e /usr/local/include/suricata + - run: make install-headers + - run: test -e /usr/local/include/suricata/suricata.h + - run: make install-library + - run: test -e /usr/local/lib/libsuricata_c.a + - run: test -e /usr/local/lib/libsuricata_rust.a + - run: test -e /usr/local/bin/libsuricata-config + - run: test ! -e /usr/local/lib/libsuricata.so + - run: make install + - run: suricata-update -V + - run: suricatasc -h + + # Fedora 37 build using Clang. fedora-37-clang: name: Fedora 37 (clang, debug, asan, wshadow, rust-strict, systemd) runs-on: ubuntu-latest @@ -748,6 +935,7 @@ jobs: # Check compilation against systemd - run: ldd src/suricata | grep libsystemd &> /dev/null + # Fedora 37 build using GCC. fedora-37-gcc: name: Fedora 37 (gcc, debug, asan, wshadow, rust-strict) runs-on: ubuntu-latest