|
|
|
@ -1242,200 +1242,6 @@ jobs:
|
|
|
|
|
- run: suricata-update -V
|
|
|
|
|
- run: suricatasc -h
|
|
|
|
|
|
|
|
|
|
fedora-36-clang:
|
|
|
|
|
name: Fedora 36 (clang, debug, asan, wshadow, rust-strict, systemd)
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
container: fedora:36
|
|
|
|
|
needs: [prepare-deps, prepare-cbindgen]
|
|
|
|
|
steps:
|
|
|
|
|
|
|
|
|
|
# Cache Rust stuff.
|
|
|
|
|
- name: Cache cargo registry
|
|
|
|
|
uses: actions/cache@v3.3.1
|
|
|
|
|
with:
|
|
|
|
|
path: ~/.cargo
|
|
|
|
|
key: ${{ github.job }}-cargo
|
|
|
|
|
|
|
|
|
|
- name: Cache RPMs
|
|
|
|
|
uses: actions/cache@v3.3.1
|
|
|
|
|
with:
|
|
|
|
|
path: /var/cache/dnf
|
|
|
|
|
key: ${{ github.job }}-dnf
|
|
|
|
|
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
|
|
|
|
|
|
|
|
|
|
- run: |
|
|
|
|
|
dnf -y install \
|
|
|
|
|
autoconf \
|
|
|
|
|
automake \
|
|
|
|
|
cargo \
|
|
|
|
|
ccache \
|
|
|
|
|
clang \
|
|
|
|
|
diffutils \
|
|
|
|
|
file-devel \
|
|
|
|
|
gcc \
|
|
|
|
|
gcc-c++ \
|
|
|
|
|
git \
|
|
|
|
|
hiredis-devel \
|
|
|
|
|
jansson-devel \
|
|
|
|
|
jq \
|
|
|
|
|
lua-devel \
|
|
|
|
|
libasan \
|
|
|
|
|
libtool \
|
|
|
|
|
libyaml-devel \
|
|
|
|
|
libnfnetlink-devel \
|
|
|
|
|
libnetfilter_queue-devel \
|
|
|
|
|
libnet-devel \
|
|
|
|
|
libcap-ng-devel \
|
|
|
|
|
libevent-devel \
|
|
|
|
|
libmaxminddb-devel \
|
|
|
|
|
libpcap-devel \
|
|
|
|
|
libxdp-devel \
|
|
|
|
|
libbpf-devel \
|
|
|
|
|
libtool \
|
|
|
|
|
lz4-devel \
|
|
|
|
|
make \
|
|
|
|
|
nss-softokn-devel \
|
|
|
|
|
pcre2-devel \
|
|
|
|
|
pkgconfig \
|
|
|
|
|
python3-yaml \
|
|
|
|
|
sudo \
|
|
|
|
|
systemd-devel \
|
|
|
|
|
which \
|
|
|
|
|
zlib-devel
|
|
|
|
|
- uses: actions/checkout@v3.5.3
|
|
|
|
|
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
|
|
|
|
|
with:
|
|
|
|
|
name: prep
|
|
|
|
|
path: prep
|
|
|
|
|
- run: tar xf prep/libhtp.tar.gz
|
|
|
|
|
- run: tar xf prep/suricata-update.tar.gz
|
|
|
|
|
- name: Setup cbindgen
|
|
|
|
|
run: |
|
|
|
|
|
mkdir -p $HOME/.cargo/bin
|
|
|
|
|
cp prep/cbindgen $HOME/.cargo/bin
|
|
|
|
|
chmod 755 $HOME/.cargo/bin/cbindgen
|
|
|
|
|
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
|
|
|
|
|
- run: ./autogen.sh
|
|
|
|
|
- run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua
|
|
|
|
|
env:
|
|
|
|
|
LDFLAGS: "-fsanitize=address"
|
|
|
|
|
ac_cv_func_realloc_0_nonnull: "yes"
|
|
|
|
|
ac_cv_func_malloc_0_nonnull: "yes"
|
|
|
|
|
- run: make -j2
|
|
|
|
|
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
|
|
|
|
|
- name: Extracting suricata-verify
|
|
|
|
|
run: tar xf prep/suricata-verify.tar.gz
|
|
|
|
|
- name: Running suricata-verify
|
|
|
|
|
run: python3 ./suricata-verify/run.py -q
|
|
|
|
|
# Now install and make sure headers and libraries aren't install
|
|
|
|
|
# until requested.
|
|
|
|
|
- run: make install
|
|
|
|
|
- run: test ! -e /usr/local/lib/libsuricata_c.a
|
|
|
|
|
- run: test ! -e /usr/local/include/suricata
|
|
|
|
|
- run: make install-headers
|
|
|
|
|
- run: test -e /usr/local/include/suricata/suricata.h
|
|
|
|
|
- run: make install-library
|
|
|
|
|
- run: test -e /usr/local/lib/libsuricata_c.a
|
|
|
|
|
- run: test -e /usr/local/lib/libsuricata_rust.a
|
|
|
|
|
- run: test -e /usr/local/bin/libsuricata-config
|
|
|
|
|
- run: test ! -e /usr/local/lib/libsuricata.so
|
|
|
|
|
- run: make install
|
|
|
|
|
- run: suricata-update -V
|
|
|
|
|
- run: suricatasc -h
|
|
|
|
|
# Check compilation against systemd
|
|
|
|
|
- run: ldd src/suricata | grep libsystemd &> /dev/null
|
|
|
|
|
|
|
|
|
|
fedora-36-gcc:
|
|
|
|
|
name: Fedora 36 (gcc, debug, asan, wshadow, rust-strict)
|
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
container: fedora:36
|
|
|
|
|
needs: [prepare-deps, prepare-cbindgen]
|
|
|
|
|
steps:
|
|
|
|
|
|
|
|
|
|
# Cache Rust stuff.
|
|
|
|
|
- name: Cache cargo registry
|
|
|
|
|
uses: actions/cache@v3.3.1
|
|
|
|
|
with:
|
|
|
|
|
path: ~/.cargo/registry
|
|
|
|
|
key: cargo-registry
|
|
|
|
|
|
|
|
|
|
- run: |
|
|
|
|
|
dnf -y install \
|
|
|
|
|
autoconf \
|
|
|
|
|
automake \
|
|
|
|
|
cargo \
|
|
|
|
|
ccache \
|
|
|
|
|
diffutils \
|
|
|
|
|
file-devel \
|
|
|
|
|
gcc \
|
|
|
|
|
gcc-c++ \
|
|
|
|
|
git \
|
|
|
|
|
hiredis-devel \
|
|
|
|
|
jansson-devel \
|
|
|
|
|
jq \
|
|
|
|
|
lua-devel \
|
|
|
|
|
libasan \
|
|
|
|
|
libtool \
|
|
|
|
|
libyaml-devel \
|
|
|
|
|
libnfnetlink-devel \
|
|
|
|
|
libnetfilter_queue-devel \
|
|
|
|
|
libnet-devel \
|
|
|
|
|
libcap-ng-devel \
|
|
|
|
|
libevent-devel \
|
|
|
|
|
libmaxminddb-devel \
|
|
|
|
|
libpcap-devel \
|
|
|
|
|
libtool \
|
|
|
|
|
lz4-devel \
|
|
|
|
|
make \
|
|
|
|
|
nss-softokn-devel \
|
|
|
|
|
pcre2-devel \
|
|
|
|
|
pkgconfig \
|
|
|
|
|
python3-yaml \
|
|
|
|
|
sudo \
|
|
|
|
|
which \
|
|
|
|
|
zlib-devel
|
|
|
|
|
- uses: actions/checkout@v3.5.3
|
|
|
|
|
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
|
|
|
|
|
with:
|
|
|
|
|
name: prep
|
|
|
|
|
path: prep
|
|
|
|
|
- run: tar xf prep/libhtp.tar.gz
|
|
|
|
|
- run: tar xf prep/suricata-update.tar.gz
|
|
|
|
|
- name: Setup cbindgen
|
|
|
|
|
run: |
|
|
|
|
|
mkdir -p $HOME/.cargo/bin
|
|
|
|
|
cp prep/cbindgen $HOME/.cargo/bin
|
|
|
|
|
chmod 755 $HOME/.cargo/bin/cbindgen
|
|
|
|
|
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
|
|
|
|
|
- run: ./autogen.sh
|
|
|
|
|
- run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue
|
|
|
|
|
env:
|
|
|
|
|
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer"
|
|
|
|
|
LDFLAGS: "-fsanitize=address"
|
|
|
|
|
ac_cv_func_realloc_0_nonnull: "yes"
|
|
|
|
|
ac_cv_func_malloc_0_nonnull: "yes"
|
|
|
|
|
- run: make -j2
|
|
|
|
|
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
|
|
|
|
|
- name: Extracting suricata-verify
|
|
|
|
|
run: tar xf prep/suricata-verify.tar.gz
|
|
|
|
|
- name: Running suricata-verify
|
|
|
|
|
run: python3 ./suricata-verify/run.py -q
|
|
|
|
|
# Now install and make sure headers and libraries aren't install
|
|
|
|
|
# until requested.
|
|
|
|
|
- run: make install
|
|
|
|
|
- run: test ! -e /usr/local/lib/libsuricata_c.a
|
|
|
|
|
- run: test ! -e /usr/local/include/suricata
|
|
|
|
|
- run: make install-headers
|
|
|
|
|
- run: test -e /usr/local/include/suricata/suricata.h
|
|
|
|
|
- run: make install-library
|
|
|
|
|
- run: test -e /usr/local/lib/libsuricata_c.a
|
|
|
|
|
- run: test -e /usr/local/lib/libsuricata_rust.a
|
|
|
|
|
- run: test -e /usr/local/bin/libsuricata-config
|
|
|
|
|
- run: test ! -e /usr/local/lib/libsuricata.so
|
|
|
|
|
- run: make install
|
|
|
|
|
- run: suricata-update -V
|
|
|
|
|
- run: suricatasc -h
|
|
|
|
|
|
|
|
|
|
# This job builds and tests Suricata as a non-root user as some
|
|
|
|
|
# issues only show up when not running as root, and by default all
|
|
|
|
|
# jobs in GitHub actions are run as root inside the container.
|
|
|
|
|