Commit Graph

11951 Commits

Author SHA1 Message Date
Darren Tucker
5796bf8ca9
Restore ssh-agent permissions on exit.
...enough that subsequent builds can overwrite ssh-agent if necessary.
2022-12-02 11:55:08 +11:00
dtucker@openbsd.org
ccf5a13868
upstream: Clean up ssh-add and ssh-agent logs.
OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c
2022-12-02 11:51:18 +11:00
dtucker@openbsd.org
7a8b40cf6a
upstream: Log output of ssh-agent and ssh-add
This should  make debugging easier.

OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8
2022-12-02 11:51:02 +11:00
dtucker@openbsd.org
4a1805d532
upstream: Add void to client_repledge args to fix compiler warning. ok djm@
OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866
2022-11-30 12:16:14 +11:00
djm@openbsd.org
815c470493
upstream: tighten pledge(2) after session establishment
feedback, ok & testing in snaps deraadt@

OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58
2022-11-30 12:16:10 +11:00
djm@openbsd.org
f7cebbbf40
upstream: New EnableEscapeCommandline ssh_config(5) option
This option (default "no") controls whether the ~C escape is available.
Turning it off by default means we will soon be able to use a stricter
default pledge(2) in the client.

feedback deraadt@ dtucker@; tested in snaps for a while

OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a
2022-11-30 12:16:08 +11:00
mbuhl@openbsd.org
d323f7ecf5
upstream: In channel_request_remote_forwarding the parameters for
permission_set_add are leaked as they are also duplicated in the call. Found
by CodeChecker. ok djm

OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e
2022-11-30 12:13:55 +11:00
Darren Tucker
62cc33e6ee
Use -fzero-call-used-regs=used on clang 15.
clang 15 seems to have a problem with -fzero-call-used-reg=all which
causes spurious "incorrect signature" failures with ED25519.  On those
versions, use -fzero-call-used-regs=used instead.  (We may add exceptions
later if specific versions prove to be OK).  Also move the GCC version
check to match.

Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround
suggested by Bill Wendling (morbo at google com).  bz#3475, ok djm@
2022-11-30 11:45:07 +11:00
Darren Tucker
f84b9cffd5
Skip unit tests on slow riscv64 hardware. 2022-11-28 22:39:25 +11:00
Darren Tucker
9f2747e0be
Rework how selfhosted tests interact with runners.
Previously there was one runner per test target (mostly VMs).  This had
a few limitations:
 - multiple tests that ran on the same target (eg multiple build
   configs) were serialized on availability or that runner.
 - it needed manual balancing of VMs over host machines.

To address this, make VMs that use ephemeral disks (ie most of them)
all use a pool of runners with the "libvirt" label.  This requires that
we distinguish between "host" and "target" for those.  Native runners
and VMs with persistent disks (eg the constantly-updated snapshot ones)
specify the same host and target.

This should improve test throughput.
2022-11-28 22:39:08 +11:00
Darren Tucker
d664ddaec8
Run vmstartup from temp dir.
This will allow us to create ephemeral disk images per-runner.
2022-11-27 12:19:37 +11:00
Darren Tucker
0fa16e952b
Make "config" in matrix singular and pass in env.
This will allow the startup scripts to adapt their behaviour based on
the type and config.
2022-11-27 12:14:00 +11:00
Darren Tucker
e8857043af
Add "libvirt" label to dfly30. 2022-11-27 11:45:43 +11:00
Darren Tucker
9775473d84
Rename "os" in matrix to "target".
This is in preparation to distinguish this from the host that the runner
runs on in case where they are separate (eg VMs).
2022-11-27 11:20:35 +11:00
Darren Tucker
04fd00ceff
Remove unused self-hosted test targets. 2022-11-27 09:23:04 +11:00
Darren Tucker
c9d9fcad2a
Remove explicit "default" test config argument.
Not specifying the test config implicitly selects default args.
2022-11-27 09:16:15 +11:00
Darren Tucker
15a01cf15f
Add fallback for old platforms w/out MAP_ANON. 2022-11-23 13:24:53 +11:00
Darren Tucker
6b9bbbfe8b
If we haven't found it yet, recheck for sys/stat.h.
On some very old platforms, sys/stat.h needs sys/types.h, however
autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the
opposite order, which in combination with modern autoconf's
"present but cannot be compiled" behaviour causes it to not be
detected.
2022-11-23 13:24:50 +11:00
Darren Tucker
8926956f22
Add dfly62 test target. 2022-11-11 11:25:37 +11:00
dtucker@openbsd.org
650de7ecd3
upstream: Handle dynamic remote port forwarding in escape commandline's
-R processing. bz#3499, ok djm@

OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208
2022-11-11 11:24:46 +11:00
Darren Tucker
5372db7e79
Remove seed passing over reexec.
This was added for the benefit of platforms using ssh-rand-helper to
prevent a delay on each connection as sshd reseeded itself.

ssh-random-helper is long gone, and since the re-exec happens before the
chroot the re-execed sshd can reseed itself normally. ok djm@
2022-11-10 12:44:51 +11:00
Darren Tucker
ca98d3f8c6
Skip reexec test on OpenSSL 1.1.1 specifically.
OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip
that test.  See bz#3483 for details.
2022-11-09 20:59:20 +11:00
dtucker@openbsd.org
5ec4ebc254
upstream: Fix typo in fatal error message.
Patch from vapier at chromium.org.

OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf
2022-11-09 20:43:58 +11:00
dtucker@openbsd.org
e6abafe9a6
upstream: Remove errant colon and simplify format
string in error messages. Patch from vapier at chromium.org.

OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3
2022-11-09 20:43:35 +11:00
djm@openbsd.org
db2027a687
upstream: rename client_global_hostkeys_private_confirm() to
client_global_hostkeys_prove_confirm(), as it handles the
"hostkeys-prove00@openssh.com" message; no functional change

OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d
2022-11-09 20:43:16 +11:00
djm@openbsd.org
1c2be7c200
upstream: typo in comment
OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a
2022-11-09 20:41:32 +11:00
Darren Tucker
cf1a9852d7
Defer seed_rng until after closefrom call.
seed_rng will initialize OpenSSL, and some engine providers (eg Intel's
QAT) will open descriptors for their own use.  bz#3483, patch from
joel.d.schuetze at intel.com, ok djm@
2022-11-09 09:23:47 +11:00
Darren Tucker
dffa644801
Fix comment text. From emaste at freebsd.org. 2022-11-09 08:27:47 +11:00
Pierre Ossman
d9df5689c2
Avoid assuming layout of fd_set
POSIX doesn't specify the internal layout of the fd_set object, so let's
not assume it is just a bit mask. This increases compatibility with
systems that have a different layout.

The assumption is also worthless as we already refuse to use file
descriptors over FD_SETSIZE anyway. Meaning that the default size of
fd_set is quite sufficient.
2022-11-08 19:33:47 +11:00
Darren Tucker
419aa8a312
Shutdown any VM before trying to check out repo.
In the case where the previous run did not clean up, the checkout will
fail as it'll leave a stale mount.
2022-11-08 12:42:52 +11:00
Darren Tucker
a32c07cbb7
Run vm startup and shutdown from runner temp dir.
Should work even if the github workspace dir is on a stale sshfs mount.
2022-11-08 12:01:33 +11:00
Darren Tucker
2b40a7dfcd
Add valrind-5 test here too. 2022-11-08 11:03:31 +11:00
Darren Tucker
2ea03d1f6d
Update checkout and upload actions.
Update actions/checkout and actions/upload-artifact to main branch for
compatibility with node.js v16.
2022-11-08 10:29:32 +11:00
Darren Tucker
4e316ff0f1
Split out rekey test since it runs the longest. 2022-11-08 10:29:32 +11:00
dtucker@openbsd.org
21625a6424
upstream: The IdentityFile option in ssh_config can also be used to
specify a public key file, as documented in ssh.1 for the -i option. Document
this also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@

OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b
2022-11-07 22:22:18 +11:00
dtucker@openbsd.org
747691604d
upstream: Remove some set but otherwise unused variables, spotted
in -portable by clang 16's -Wunused-but-set-variable.  ok djm@

OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982
2022-11-07 22:22:15 +11:00
dtucker@openbsd.org
1d78d25653
upstream: Check for and disallow MaxStartups values less than or
equal to zero during config parsing, rather than faling later at runtime.
bz#3489, ok djm@

OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b
2022-11-07 22:22:06 +11:00
djm@openbsd.org
a00f59a645
upstream: fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.

from Ed Maste

OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739
2022-11-07 15:43:13 +11:00
Darren Tucker
f58acaf8c7
Fix merge conflict. 2022-11-07 15:10:59 +11:00
Darren Tucker
162e574102
Branch-specific links for master status badges. 2022-11-07 15:07:33 +11:00
Darren Tucker
e4b7c12ab2
Add CIFuzz status badge. 2022-11-07 14:46:38 +11:00
Darren Tucker
b496b9f831
Do not run CIFuzz on selfhosted tree.
We already run it on the regular tree, no need to double up.
2022-11-07 14:45:37 +11:00
Darren Tucker
2138b1c4dd
Whitespace change to trigger CIFuzz workflow. 2022-11-07 14:41:58 +11:00
Darren Tucker
4670b97ef8
Run cifuzz workflow on the actions as regular CI. 2022-11-07 14:34:04 +11:00
David Korczynski
79391e66ce
Add CIFuzz integration 2022-11-07 14:31:45 +11:00
dtucker@openbsd.org
c1893364a0
upstream: Import regenerated moduli.
OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f
2022-11-07 14:00:57 +11:00
dtucker@openbsd.org
5c3f18fb99
upstream: Fix typo. From pablomh via -portable github PR#344.
OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827
2022-11-07 14:00:23 +11:00
Darren Tucker
e1c6fcc142
Link to branch-specific queries for V_9_1 status. 2022-11-07 12:46:58 +11:00
Darren Tucker
4f4a5fad6d
Use "prohibit-password" in -portable comments.
"without-password" is the deprecated alias for "prohibit-password",
so we should reference the latter. From emaste at freebsd.org.
2022-11-07 10:54:29 +11:00
Darren Tucker
0f7e1eba55
Fix tracing disable on FreeBSD.
Some versions of FreeBSD do not support using id 0 to refer to the
current pid for procctl, so pass getpid() explicitly.  From
emaste at freebsd.org.
2022-11-07 10:54:29 +11:00