Github only hosts a limited number of platforms, and the runner code
is only supported on slightly wider range of platforms. To increase
our test coverage beyond that, we run the runner natively on a VM host,
where it runs a jobs that boot VMs of other platforms, waits for them
to come up then runs the build and test by ssh'ing into the guest.
This means that the minimum dependencies for the guests are quite low
(basically just sshd, a compiler and make).
The interface to the VM host is fairly simple (basically 3 scripts:
vmstartup, vmrun and vmshutdown), but those are specific to the VM host
so are not in the public repo. We also mount the working directory on the
host via sshfs, so things like artifact upload by the runner also work.
As part of this we are moving the per-test-target configs into a single
place (.github/configs) where there will be referenced by a single short
"config" key. I plan to make the github-hosted runners use this too.
The self-hosted runners are run off a private repo on github since that
prevents third parties from accessing them[0], and since runner quota is
limited on private repos, we avoid running the tests we run on the public
repo.
[0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
Some systems don't have a hostname command (it's not required by POSIX).
The do have uname -n (which is), but as found by tim@ some others (eg
UnixWare) do not report the FQDN from uname -n.
out uname -n doesn't do what we need for some platforms in portable, so we'll
fix the original problem (that some other platforms don't have hostname at
all) by providing wrapper function to implement it.
OpenBSD-Regress-ID: 827a707d6201d5a8e196a8c28aec1d2c76c52341
works on OpenBSD it can cause problems on other platforms. From kircherlike
at outlook.com via bz#3259, ok djm@
OpenBSD-Commit-ID: 3e241d7ac1ee77e3de3651780b5dc47b283a7668
consistency between redundant fields in private key certificate and private
key body; ok markus@
OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240
types once they are received. Fixes memleak caused by duplicate
SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via
oss-fuzz #30078).
ok markus@
OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def
NULLing the returned string. OpenBSD's getline handles this just fine, but
some implementations used by -portable do not. ok djm@
OpenBSD-Commit-ID: 4d7bd5169d3397654247db9655cc69a9908d165c
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
accurately reflects its effect. This matches a previous change to
PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
djm@
OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
The sntrup761 code sourced from supercop uses variable length
arrays. Although widely supported, they are not part of the ANSI
C89 spec so if the compiler does not support VLAs, disable the
sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
functions with no-op ones similar to what we do in kexecdh.c.
This should allow OpenSSH to build with a plain C89 compiler again.
Spotted by tim@, ok djm@.
Key constraints parsing code previously existed in both the "add regular
key" and "add smartcard key" path. This unifies them but also introduces
more consistency checking: duplicated constraints and constraints that
are nonsensical for a particular situation (e.g. FIDO provider for a
smartcard key) are now banned.
ok markus@
OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c
Allow confirm_key() to accept an additional reason suffix
Factor publickey userauth parsing out into its own function and allow
it to optionally return things it parsed out of the message to its
caller.
feedback/ok markus@
OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e
