forked from francoismichel/ssh3
-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (132 loc) · 5.63 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Go
on:
pull_request:
paths-ignore:
- '**/README.md'
workflow_dispatch:
jobs:
build-linux:
strategy:
matrix:
go-version: [ '1.21.x', '1.22.0-rc.1' ]
goos: [linux]
ecdsatestuser: [ssh3-ecdsa-testuser]
testuser: [ssh3-testuser]
testpasswd: [ssh3-testpasswd]
ecdsatestpasswd: [ssh3-testpasswd]
testuserhome: [/home/ssh3-testuser]
ecdsatestuserhome: [/home/ssh3-ecdsatestuser]
archparams: [{goarch: amd64, cc: gcc}] #,{goarch: arm64, cc: aarch64-linux-gnu-gcc}]
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '${{matrix.go-version}}'
- name: Install dependencies to generate ssh keys and certificates
run: sudo apt -y update && sudo apt -y install openssh-client openssl
- name: Generate server cert
run: pushd / && sudo sh ${{ github.workspace }}/generate_openssl_selfsigned_certificate.sh && popd
- name: Generate testuser's SSH key
run: sudo ssh-keygen -b 4096 -t rsa -f /testuser_id_rsa -q -N ""
- name: Generate testuser's ed25519 SSH key
run: sudo ssh-keygen -t ed25519 -f /testuser_id_ed25519 -q -N ""
- name: Generate testuser's ecdsa SSH key
run: sudo ssh-keygen -t ecdsa -f /testuser_id_ecdsa -q -N ""
- name: Generate attacker's SSH key
run: sudo ssh-keygen -b 4096 -t rsa -f /attacker_id_rsa -q -N ""
- name: Install
run: make install
- name: Add test user
run: sudo useradd -m -d ${{matrix.testuserhome}} -s /bin/bash ${{matrix.testuser}} && echo "${{matrix.testuser}}:${{matrix.testpasswd}}" | sudo chpasswd
- name: Add ecdsa test user (should be removed in the future when support for 0.1.5 is removed)
run: sudo useradd -m -d ${{matrix.ecdsatestuserhome}} -s /bin/bash ${{matrix.ecdsatestuser}} && echo "${{matrix.ecdsatestuser}}:${{matrix.ecdsatestpasswd}}" | sudo chpasswd
- name: Create .ssh3 directory
run: sudo su ${{matrix.testuser}} -c 'mkdir -p ${{matrix.testuserhome}}/.ssh ${{matrix.testuserhome}}/.ssh3'
- name: Create .ssh3 directory for ecdsatestuser
run: sudo su ${{matrix.ecdsatestuser}} -c 'mkdir -p ${{matrix.ecdsatestuserhome}}/.ssh ${{matrix.ecdsatestuserhome}}/.ssh3'
- name: Ensure there are no existing .profile or similar files for testuser
run: sudo rm -f ${{matrix.testuserhome}}/.profile ${{matrix.testuserhome}}/.bash_profile ${{matrix.testuserhome}}/.bash_login
- name: add the attacker's key as commented in testuser's authorzed identities
run: echo "#" $(cat attacker_id_rsa.pub) | sudo tee -a ${{matrix.testuserhome}}/.ssh3/authorized_identities
- name: Put test public keys in testuser's authorized_identities
run: cat /testuser_id_rsa.pub /testuser_id_ed25519.pub | sudo tee -a ${{matrix.testuserhome}}/.ssh3/authorized_identities
- name: Put ecdsa public key in ecdsatestuser's authorized_identities (currently needed for retrocompatibility integration tests, ecdsatestuser should be removed in the future)
run: cat /testuser_id_ecdsa.pub | sudo tee -a ${{matrix.ecdsatestuserhome}}/.ssh3/authorized_identities
- name: log authorized_identities
run: cat ${{matrix.testuserhome}}/.ssh3/authorized_identities
- name: Integration tests
run: sudo -E PATH=$PATH make -e integration-tests
env:
CERT_PEM: /cert.pem
CERT_PRIV_KEY: /priv.key
ATTACKER_PRIVKEY: /attacker_id_rsa
TESTUSER_PRIVKEY: /testuser_id_rsa
TESTUSER_ED25519_PRIVKEY: /testuser_id_ed25519
TESTUSER_ECDSA_PRIVKEY: /testuser_id_ecdsa
TESTUSER_USERNAME: ${{matrix.testuser}}
ECDSATESTUSER_USERNAME: ${{matrix.ecdsatestuser}}
CC: ${{matrix.archparams.cc}}
CGO_ENABLED: "1"
GOOS: ${{matrix.goos}}
GOARCH: ${{matrix.archparams.goarch}}
SSH3_INTEGRATION_TESTS_WITH_SERVER_ENABLED: "1"
build-macos:
strategy:
matrix:
go-version: [ '1.21.x', '1.22.0-rc.1' ]
goos: [darwin]
goarch: [amd64,arm64]
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '${{matrix.go-version}}'
- name: Install dependencies
run: go get ./...
- name: Build Binaries
run:
make -e client && make -e server
env:
GOOS: ${{matrix.goos}}
GOARCH: ${{matrix.goarch}}
- name: Classical unit tests
if: ${{ matrix.goarch == 'amd64' }} # only actually run the test suite with the architecture of the host
run: make -e test
env:
GOOS: ${{matrix.goos}}
GOARCH: ${{matrix.goarch}}
build-other-unix:
strategy:
matrix:
go-version: [ '1.21.x', '1.22.0-rc.1' ]
goos: [openbsd,freebsd,linux]
goarch: [amd64,"386",arm64,arm]
exclude:
- goos: linux
goarch: amd64
- goos: linux
goarch: arm64
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '${{matrix.go-version}}'
- name: Install dependencies
run: go get ./...
- name: Fmt code
run: |
go fmt ./...
git diff --exit-code
- name: Build Binaries
run:
make -e client && make -e server
env:
GOOS: ${{matrix.goos}}
GOARCH: ${{matrix.goarch}}
GO_TAGS: disable_password_auth