|
11a62973
|
2020-08-03T10:01:26
|
|
Merge pull request #5569 from lhchavez/ci-sanitizers
Add CI support for Memory and UndefinedBehavior Sanitizers
|
|
19eb1e4b
|
2020-06-05T10:07:33
|
|
cmake: specify project version
We currently do not set up a project version within CMake, meaning that
it can't be use by other projects including libgit2 as a sub-project and
also not by other tools like IDEs.
This commit changes this to always set up a project version, but instead
of extracting it from the "version.h" header we now set it up directly.
This is mostly to avoid mis-use of the previous `LIBGIT2_VERSION`
variables, as we should now always use the `libgit2_VERSION` ones that
are set up by CMake if one provides the "VERSION" keyword to the
`project()` call. While this is one more moving target we need to adjust
on releases, this commit also adjusts our release script to verify that
the project version was incremented as expected.
|
|
6a917c04
|
2020-06-28T15:51:43
|
|
Add CI support for Memory and UndefinedBehavior Sanitizers
This change adds two new build targets: MSan and UBSan. This is because
even though OSS-Fuzz is great and adds a lot of coverage, it only does
that for the fuzz targets, so the rest of the codebase is not
necessarily run with the Sanitizers ever :( So this change makes sure
that MSan/UBSan warnings don't make it into the codebase.
As part of this change, the Ubuntu focal container is introduced. It
builds mbedTLS and libssh2 as debug libraries into /usr/local and as
MSan-enabled libraries into /usr/local/msan. This latter part is needed
because MSan requires the binary and all its dependent libraries to be
built with MSan support so that memory allocations and deallocations are
tracked correctly to avoid false positives.
|
|
b79f7d38
|
2020-06-04T09:49:38
|
|
release script: fix typo
|
|
f1c1458c
|
2020-05-12T10:55:14
|
|
feat: Check the version in package.json
|
|
2ae45bc3
|
2020-01-30T11:40:13
|
|
scripts: add script to create releases
The current release process is not documented in any way. As a result,
it's not obvious how releases should be done at all, like e.g. which
locations need adjusting.
To fix this, let's introduce a new script that shall from now on be used
to do all releases. As input it gets the tree that shall be released,
the repository in which to do the release, credentials to
authenticate against GitHub and the new version. E.g. executing the
following will create a new release v0.32:
$ ./script/release.py 0.32.0 --user pks-t --password ****
While the password may currently be your usual GitLab password, it's
recommended to use a personal access token intead.
The script will then perform the following steps:
1. Verify that "include/git2/version.h" matches the new version.
2. Verify that "docs/changelog.md" has a section for that new
version.
3. Extract the changelog entries for the current release from
"docs/changelog.md".
4. Generate two archives in "tar.gz" and "zip" format via "git
archive" from the tree passed by the user. If no tree was passed,
we will use "HEAD".
5. Create the GitHub release using the extracted changelog entries
as well as tag and name information derived from the version
passed by the used.
6. Upload both code archives to that release.
This should cover all steps required for a new release and thus ensures
that nothing is missing that shouldn't be.
|
|
2ad3eb3e
|
2019-11-24T15:59:26
|
|
valgrind: add suppressions for undefined use
valgrind will warn that OpenSSL will use undefined data in connect/read
when talking to certain other TLS stacks. Thankfully, this only seems
to occur when gcc is the compiler, so hopefully valgrind is just
misunderstanding an optimization. Regardless, suppress this warning.
|
|
6df3ec4a
|
2019-11-23T21:14:32
|
|
valgrind: suppress libssh2_rsa_sha1_sign leaks
|
|
7adc32d5
|
2019-11-23T13:02:29
|
|
valgrind: suppress kexinit leaks
|
|
5dc1be8d
|
2019-11-23T11:25:56
|
|
valgrind: suppress uninitialized reads in libcrypto
libcrypto will read uninitialized memory as entropy. Suppress warnings
from this behavior.
|
|
56d5b443
|
2019-09-21T17:55:54
|
|
valgrind: suppress memory leaks in libssh2_session_handshake
On Ubuntu, the combination of libgcrypt and libssh2 is quite old and
known to contain memory leaks. We thus have several functions listed in
our suppressions file that are known to leak. Due to a recent update of
libssh2 or libgcrypt, there now are new memory leaks caused by
libssh2_session_handshake and libssh2_init that cause the CI to fail.
Add a new suppression to fix the issue.
|
|
d827b11b
|
2019-06-28T13:20:54
|
|
tests: execute leak checker via CTest directly
Right now, we have an awful hack in our test CI setup that extracts the
test command from CTest's output and then prepends the leak checker.
This is dependent on non-machine-parseable output from CMake and also
breaks on various ocassions, like for example when we have spaces in the
current path or when the path contains backslashes. Both conditions may
easily be triggered on Win32 systems, and in fact they do break our
Azure Pipelines builds.
Remove the awful hack in favour of a new CMake build option
"USE_LEAK_CHECKER". If specifying e.g. "-DUSE_LEAK_CHECKER=valgrind",
then we will set up all tests to be run under valgrind. Like this, we
can again simply execute ctest without needing to rely on evil sourcery.
|
|
00c66dfd
|
2019-01-10T22:43:59
|
|
errors: update static analysis tools for giterr
Update GITERR and giterr usages in the static code analysis tools to use
the new names.
|
|
a74f4fb9
|
2019-01-04T14:04:48
|
|
coverity: attempt to model clar's assertions
Coverity considers that anything that looks like assert() behaves like
it (ie. side-effects would be skipped on a NDEBUG build). As we have a
bunch of those in the test suite (128), this would ensure Coverity isn't
confused.
|
|
24d17562
|
2018-07-27T16:40:44
|
|
ci: remove unused old ci scripts
|
|
24b8dd82
|
2018-07-27T12:31:32
|
|
ci: move travis to the new scripts
|
|
465f8b51
|
2018-07-26T15:14:37
|
|
ci: move appveyor to new scripts
|
|
b00672b9
|
2018-07-20T19:47:40
|
|
ci: enable leak checking on osx
|
|
ce798b25
|
2018-07-04T10:56:56
|
|
tests: simplify cmake test configuration
Simplify the names for the tests, removing the unnecessary
"libgit2-clar" prefix. Make "all" the new default test run, and include
the online tests by default (since HTTPS should always be enabled).
For the CI tests, create an offline-only test, then the various online
tests.
|
|
61eaaadf
|
2018-04-20T23:11:30
|
|
travis: enable -Werror in the script instead of using the matrix
|
|
149790b9
|
2018-04-20T23:11:28
|
|
scripts: remove extraneous semicolons
|
|
4c969618
|
2018-04-20T23:11:27
|
|
scripts: use leaks on macOS
|
|
0fb8c1d0
|
2018-04-20T23:11:25
|
|
valgrind: bump num-callers to 50 for fuller stack traces
|
|
1f4ada2a
|
2018-04-20T23:11:23
|
|
travis: let cmake perform the build & install step
The goal is to let cmake manage the parallelism
|
|
573c4089
|
2018-04-20T23:11:19
|
|
valgrind: skip buf::oom test
|
|
74b0a432
|
2018-04-20T23:11:16
|
|
travis: split valgrind check in its own script
|
|
2f4e7cb0
|
2018-04-20T23:11:14
|
|
travis: split testing from building
|
|
86353a72
|
2018-04-22T14:57:02
|
|
Merge pull request #4173 from tiennou/mbedtls
mbedTLS support
|
|
d906a879
|
2018-04-17T23:39:54
|
|
Merge pull request #4476 from pks-t/pks/backport-script
scripts: add backporting script
|
|
cb2da47e
|
2018-03-29T22:14:17
|
|
travis: pass -fPIC when configuring mbedtls
|
|
10aff3d5
|
2018-03-29T22:14:15
|
|
travis: just grab what we need from mbedtls
|
|
262dfcf0
|
2018-03-29T22:14:05
|
|
mbedtls: enable Travis CI tests
|
|
0b3d8592
|
2018-01-12T11:02:19
|
|
scripts: add backporting script
This adds a simple script for backporting pull requests to older
branches. It accepts as parameters a list of pull request numbers which
whose commits are to be cherry-picked. The identification of PRs
currently happens by using the commit message of the merge of the PR,
which should conform to the message "Merge pull request #<PR>".
While the heuristic works in practice, we could instead also use the
direct references from GitHub via "pull/#<PR>/head". This requires the
user to have all these references fetched, though, so we can just use
the current heuristic until we experience any issues with that.
|
|
5874e151
|
2017-11-20T13:26:33
|
|
tests: create new test target for all SSH-based tests
Some tests shall be run against our own SSH server we spin up in Travis.
As those need to be run separate from our previous tests which run
against git-daemon, we have to do this in a separate step. Instead of
bundling all that knowledge in the CI script, move it into the test
build instructions by creating a new test target.
|
|
54a1bf05
|
2017-06-07T13:06:53
|
|
tests: online::clone: inline creds-test with nonexistent URL
Right now, we test our credential callback code twice, once via SSH on
localhost and once via a non-existent GitHub repository. While the first
URL makes sense to be configurable, it does not make sense to hard-code
the non-existing repository, which requires us to call tests multiple
times. Instead, we can just inline the URL into another set of tests.
|
|
fea60920
|
2017-06-07T12:48:48
|
|
tests: online::clone: construct credential-URL from environment
We support two types of passing credentials to the proxy, either via the
URL or explicitly by specifying user and password. We test these types
by modifying the proxy URL and executing the tests twice, which is
in fact unnecessary and requires us to maintain the list of environment
variables and test executions across multiple CI infrastructures.
To fix the situation, we can just always pass the host, port, user and
password to the tests. The tests can then assemble the complete URL
either with or without included credentials, allowing us to test both
cases in-process.
|
|
28c89507
|
2017-11-06T11:49:46
|
|
Merge pull request #4394 from libgit2/cmn/macos-ramdisk
travis: put clar's sandbox in a ramdisk on macOS
|
|
0b98a66b
|
2017-11-06T11:16:02
|
|
appveyor: build examples
By default, CMake will not build our examples directory. As we do not
instruct either the MinGW or MSVC builds on AppVeyor to enable building
these examples, we cannot verify that those examples at least build on
Windows systems.
Fix that by passing `-DBUILD_EXAMPLES=ON` to AppVeyor's CMake
invocation.
|
|
71ba4644
|
2017-10-31T14:43:28
|
|
travis: let's try a 5GB ramdisk
|
|
37bb1512
|
2017-10-31T10:40:24
|
|
travis: put clar's sandbox in a ramdisk on macOS
The macOS tests are by far the slowest right now. This attempts to remedy the
situation somewhat by asking clar to put its test data on a ramdisk.
|
|
9dc21efd
|
2017-10-07T00:10:06
|
|
travis: add custom apt sources
Move back to Travis's VM infrastructure for efficiency.
|
|
366f4136
|
2017-09-28T17:19:56
|
|
travis: keep installing our custom libcurl build
The block in the script installs the packages if we're _not_ on Precise. This
was dropped in c17c3f8a ("travis: drop support for Ubuntu Precise") in error.
|
|
c17c3f8a
|
2017-09-06T08:04:19
|
|
travis: drop support for Ubuntu Precise
Ubuntu Precise is end of life since April 2017. At that point in time,
Precise was still the main distro on which Travis CI built upon, with
the Trusty-based images still being in a beta state. But since June
21st, Trusty has officially moved out of beta and is now the default
image for all new builds. Right now, we build on both old and new images
to assure we support both.
Unfortunately, this leaves us with the highest minimum version for CMake
being 2.8.7, as Precise has no greater version in its repositories. And
because of this limitation, we cannot actually use object libraries in
our build instructions. But considering Precise is end of life and
Trusty is now the new default for Travis, we can and should drop support
for this old and unmaintained distribution. And so we do.
|
|
c582fa4e
|
2017-07-24T17:53:32
|
|
travis: only install custom libcurl on trusty
|
|
697583ea
|
2017-07-24T16:48:04
|
|
travis: only kill our own sshd
|
|
f031e20b
|
2017-07-23T03:41:52
|
|
travis: build with patched libcurl
Ubuntu trusty has a bug in curl when using NTLM credentials in a proxy,
dereferencing a null pointer and causing segmentation faults. Use a
custom-patched version of libcurl that avoids this issue.
|
|
06619904
|
2017-04-26T13:04:23
|
|
travis: cibuild: set up our own sshd server
Some tests of ours require to be running against an SSH server.
Currently, we simply run against the SSH server provided and started by
Travis itself. As our Linux tests run in a sudo-less environment, we
have no control over its configuration and startup/shutdown procedure.
While this has been no problem until now, it will become a problem as
soon as we migrate over to newer Precise images, as the SSH server does
not have any host keys set up. Luckily, we can simply set up our own
unpriviledged SSH server. This has the benefit of us being able to
modify its configuration even in a sudo-less environment.
This commit sets up the unpriviledged SSH server on port 2222.
|
|
96d02989
|
2017-06-13T08:09:38
|
|
travis: replace use of deprecated homebrew/dupes tap
The formulae provided by the homebrew/dupes tap are deprecated since at
least April 4, 2017, with formulae having been migrated to
homebrew/core.
Replace the deprecated reference to "homebrew/dupes/zlib" with only
"zlib".
|
|
844e85f2
|
2017-06-12T20:00:21
|
|
travis: install openssl explicitly
|
|
408a7b77
|
2017-02-24T17:37:00
|
|
appveyor: don't rewrite system mingw
Download mingw-w64 into our build directory and execute it there, don't
try to overwrite the system's mingw.
|
|
18c18e3d
|
2016-10-31T15:55:46
|
|
coverity: check for Coverity token only if necessary
When running a Coverity build, we have to provide an
authentication token in order to proof that we are actually
allowed to run analysis in the name of a certain project. As this
token should be secret, it is only set on the main repository, so
when we were requested to run the Coverity script on another
repository we do error out. But in fact we do also error out if
the Coverity analysis should _not_ be run if there is no
authentication token provided.
Fix the issue by only checking for the authentication token after
determining if analysis is indeed requested.
|
|
561276ee
|
2016-10-28T14:48:30
|
|
coverity: only analyze the master branch of the main repository
We used to only execute Coverity analysis on the 'development'
branch before commit 998f001 (Refine build limitation,
2014-01-15), which refined Coverity build limitations. While we
do not really use the 'development' branch anymore, it does
still make sense to only analyze a single branch, as otherwise
Coverity might get confused.
Re-establish the restriction such that we only analyze libgit2's
'master' branch. Also fix the message announcing why we do not
actually analyze a certain build.
|
|
6c4d2d3e
|
2016-10-28T14:45:55
|
|
coverity: fix download URL
|
|
ec3f5a9c
|
2016-08-16T11:02:47
|
|
script: cibuild: build examples
|
|
db357667
|
2016-10-05T20:17:06
|
|
travis: take the newer ssh-keygen format into account
The Mac machines have updated their SSH version and so the ssh-keygen
format has changed. Ask it for MD5, which is the one that is output as
hex.
|
|
94d565b9
|
2016-10-05T18:52:43
|
|
cibuild: set -x
This lets us see the details of what we're doing instead of just seeing the
output of unknown commands in the build output.
|
|
a37624ec
|
2016-07-24T16:05:17
|
|
Merge pull request #3815 from pks-t/pks/coverity-model
Coverity user model
|
|
0239eff3
|
2016-07-24T14:51:28
|
|
ci: install homebrew's curl on mac
|
|
08556e6d
|
2016-07-22T17:45:03
|
|
ci: install homebrew's zlib on mac
|
|
4d8fe1cd
|
2016-06-07T09:20:35
|
|
coverity: model functions printing into git_buf
The `git_buf` structure seems to be too complicated to correctly
grasp for Coverity. As such, add simpler models trying to guide
Coverity and remove false positives related to these functions.
|
|
956f1e23
|
2016-06-07T09:17:52
|
|
coverity: add user model
The static analysis engine coverity allows for user models
overriding how it treats functions when analyzing code. Like
this, one can greatly reduce the rate of false positives and thus
make it easier to spot actual errors.
Add a user model that overrides function models for `git_buf_len`
and `git_vector_insert`, which together amount for a majority of
false positives.
|
|
db01724f
|
2016-03-14T13:42:10
|
|
CI: start the proxy before the build so it's ready
It takes a bit for the propxy to get ready to accept connections, so
start it before the build so we can be reasonably sure that it's going
to be ready in time.
|
|
2f3f1ee0
|
2015-09-21T21:40:37
|
|
proxy: test proxy support on Travis
|
|
4848dd32
|
2016-03-14T17:45:15
|
|
Merge pull request #3647 from pks-t/pks/coverity-fixes-round6
Coverity fixes round 6
|
|
b1093e62
|
2016-03-09T19:01:33
|
|
Remove CI support for mingw32
The tests have never run successfully and we do have successful builds
of mingw-w64, so remove these CI builds which do not add value.
|
|
2615d0d6
|
2016-03-02T01:50:34
|
|
coverity: report errors when uploading tarball
Curl by default does not report errors by setting the error code.
As the upload can fail through several conditions (e.g. the rate
limit, leading to unauthorized access) we should indicate this
information in Travis CI.
To improve upon the behavior, use `--write-out=%{http_code}` to
write out the HTTP code in addition to the received body and
return an error if the code does not equal 201.
|
|
ba9bb664
|
2016-03-03T19:21:07
|
|
tests: create a ctest target for cred_callback
|
|
25205737
|
2016-03-03T10:08:00
|
|
test: make sure we retry the auth callback on all platforms
We were missing this test on Windows, which meant we didn't notice that
we never fixed the single authentication attempt it tries, nor its wrong
return code.
Enable this for the unix platforms as well over HTTP. We previously were
doing it locally but disabled it on OS X due to issues with its sshd not
accepting password authentication.
|
|
859ed5dd
|
2016-02-23T09:54:26
|
|
common: introduce GITERR_CHECK_ALLOC_BUF
We commonly have to check if a git_buf has been allocated
correctly or if we ran out of memory. Introduce a new macro
similar to `GITERR_CHECK_ALLOC` which checks if we ran OOM and if
so returns an error. Provide a `#nodef` for Coverity to mark the
error case as an abort path.
|
|
f2a554b4
|
2016-02-22T14:43:28
|
|
coverity: hint git_vector_foreach does not deref NULL contents
Coverity does not comprehend the connection between a vector's
size and the contents pointer, that is that the vector's pointer
is non-NULL when its size is positive. As the vector code should
be reasonably well tested and users are expected to not manually
modify a vector's contents it seems save to assume that the
macros will never dereference a NULL pointer.
Fix Coverity warnings by overriding the foreach macros with
macros that explicitly aborting when (v)->contents is NULL.
|
|
40f6f225
|
2016-02-15T10:58:52
|
|
coverity: hint that string length is at least 2
When checking if a string is prefixed by a drive letter (e.g.
"C:") we verify this by inspecting the first and second character
of the string. Coverity thinks this is a defect as we do not
check the string's length first, but in fact we only check the
second character if the first character is part of the alphabet,
that is it cannot be '\0'.
Fix this by overriding the macro and explicitly checking the
string's length.
|
|
5981ab1d
|
2016-02-15T09:41:08
|
|
coverity: add nodefs for abort macros
Add nodefs for macros that abort the current flow due to errors.
This includes macros that trigger on integer overflows and for
the version check macro. This aids Coverity as we point out that
these paths will cause a fatal error.
|
|
50174ab4
|
2016-02-10T11:06:23
|
|
coverity: use https URL for posting build
When posting our instrumented build results to Coverity we have
to include sensitive information, in particular our authorization
token. Currently we use an unencrypted channel to post this
information, leading to the token being transferred in plain.
Fix this by using a secured connection instead.
|
|
8dddea42
|
2016-02-10T10:59:14
|
|
coverity: provide nodef for GITERR_CHECK_ALLOC
Coverity currently lists a lot of errors with regard to
GITERR_CHECK_ALLOC causing resource leaks. We know this macro is
only invoked when we want to abort because we are out of memory.
Coverity allows for overriding the default model where we know
that certain functions guarantee a desired behavior. The
user_nodefs.h is used to override the behavior of macros.
Re-define GITERR_CHECK_ALLOC inside of it to specify its abort
nature.
|
|
a0bdfe32
|
2015-07-06T18:42:39
|
|
travis: don't install CMake on OS X
Homebrew will error out because it's already installed.
|
|
d41b8ed0
|
2015-07-06T18:32:31
|
|
travis: update the homebrew db
We need to make sure we are asking for the current version of packages,
or we might get 404s from the download service.
|
|
32f538ae
|
2015-06-27T15:02:53
|
|
Remove dependency installation file for travis builds.
We're installing dependencies via the APT addon now.
|
|
51f87999
|
2015-06-26T18:05:17
|
|
Don't try to start ssh.
|
|
6042a050
|
2015-06-12T12:17:03
|
|
travis: fail if we fail the push tests
These tests were not being taken into consideration for the failure of
the test. They've been failing for a while now, but we hadn't noticed as
Travis was reporting the builds successful.
|
|
7aa96593
|
2015-03-17T12:05:07
|
|
set PKG_CONFIG_LIBDIR in toolchain-mingw32.cmake
|
|
8f426d7d
|
2014-06-09T11:43:25
|
|
Win32: Enable WinHTTP for MinGW
|
|
3e329861
|
2015-03-10T16:08:34
|
|
Revert "Implement fail-fast for Travis as well"
This reverts commit ba6c53b91b1d9c9dc49b7c0d8e8efbd9842c31dc.
|
|
4c88fd7c
|
2015-03-04T11:31:24
|
|
Add MinGW-w64 to matrix
cache mingw-w64 downloads
quiet curl and 7zip
run appveyor steps in cmd for mingw
|
|
ba6c53b9
|
2015-03-03T21:07:12
|
|
Implement fail-fast for Travis as well
|
|
ac5fad27
|
2015-03-03T10:53:26
|
|
add mingw to appveyor matrix
use MSYS makefiles generator
add bash script for running mingw on appveyor
add --login and fix run paths
use msys style path to appveyor-mingw.sh
add mingw path to /etc/fstab
|
|
6f446176
|
2014-11-21T10:59:20
|
|
Merge pull request #2710 from Therzok/shellcheckScripts
Run shell scripts through shellcheck
|
|
a4fccbbf
|
2014-11-17T07:01:40
|
|
Run shell scripts through shellcheck
|
|
aa5a06c3
|
2014-11-20T00:52:52
|
|
travis: disable the cert callback on OSX
The sshd on OSX has stopped responding to the setting which this test
assumes is there, so let's disable it until we can figure out what's
happening.
|
|
ebda0970
|
2014-09-16T02:07:39
|
|
script: use a parallel build on Travis
|
|
0fef3899
|
2014-09-16T01:25:53
|
|
Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
|
|
bf8756d6
|
2014-09-15T21:51:42
|
|
ssh: add test for host key
Test that the certificate check callback gets the right fingerprint from
the host we're connecting to.
|
|
26bf3a53
|
2014-08-10T17:13:00
|
|
travis: no need to clean out the test repository
This was added to avoid the remote's default branch to be considered to
the be notes one which the first network test leaves behind.
|
|
6a0d2b43
|
2014-08-27T15:09:07
|
|
Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
|
|
d4256ed5
|
2014-07-04T10:00:39
|
|
ssh: provide a factory function for setting ssh paths
git allows you to set which paths to use for the git server programs
when connecting over ssh; and we want to provide something similar.
We do this by providing a factory function which can be set as the
remote's transport callback which will set the given paths upon
creation.
|
|
87339935
|
2014-06-26T22:38:54
|
|
travis: enable password authentication on OSX
Our ssh tests assume that the server supports password authentication
in a few places. This is convenient as we're not testing authentication
methods, but what happens around them.
Tell sshd on OSX to accept this form of authentication.
|
|
d7f962f4
|
2014-06-16T19:30:06
|
|
ssh: request credentials again on authentication failure
Instead of completely giving up on the first failure, ask for
credentials as long as we fail to authenticate.
|
|
72303307
|
2014-05-21T12:45:22
|
|
travis: build on osx too
|
|
039e354b
|
2014-04-30T11:57:54
|
|
ciscript: don't use an empty string as a number
An empty string is not a valid number, and some shells complain.
Check instead if $COVERITY is non-empty, which is a common convention
and what we're doing anyway.
|
|
5dae3ffe
|
2014-02-05T19:27:27
|
|
Only run clone-failure test on private repo
|
|
998f0016
|
2014-01-15T12:32:12
|
|
Refine build limitation
|