curl/.cirrus.yml
Daniel Stenberg 265b14d6b3
metalink: remove
Warning: this will make existing curl command lines that use metalink to
stop working.

Reasons for removal:

1. We've found several security problems and issues involving the
   metalink support in curl. The issues are not detailed here. When
   working on those, it become apparent to the team that several of the
   problems are due to the system design, metalink library API and what
   the metalink RFC says. They are very hard to fix on the curl side
   only.

2. The metalink usage with curl was only very briefly documented and was
   not following the "normal" curl usage pattern in several ways, making
   it surprising and non-intuitive which could lead to further security
   issues.

3. The metalink library was last updated 6 years ago and wasn't so
   active the years before that either. An unmaintained library means
   there's a security problem waiting to happen. This is probably reason
   enough.

4. Metalink requires an XML parsing library, which is complex code (even
   the smaller alternatives) and to this day often gets security
   updates.

5. Metalink is not a widely used curl feature. In the 2020 curl user
   survey, only 1.4% of the responders said that they'd are using it. In
   2021 that number was 1.2%. Searching the web also show very few
   traces of it being used, even with other tools.

6. The torrent format and associated technology clearly won for
   downloading large files from multiple sources in parallel.

Cloes #7176
2021-06-07 08:14:25 +02:00

130 lines
6.4 KiB
YAML

#***************************************************************************
# _ _ ____ _
# Project ___| | | | _ \| |
# / __| | | | |_) | |
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is
# furnished to do so, under the terms of the COPYING file.
#
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
###########################################################################
# Cirrus CI configuration
# https://cirrus-ci.com/github/curl/curl
freebsd_task:
name: FreeBSD
matrix:
# A stable 13.0 image likely won't be available before early 2021
# image_family: freebsd-13-0-snap
- name: FreeBSD 12.2
freebsd_instance:
image_family: freebsd-12-2
- name: FreeBSD 11.4
freebsd_instance:
image_family: freebsd-11-4
env:
CIRRUS_CLONE_DEPTH: 10
MAKE_FLAGS: -j 2
pkginstall_script:
- pkg update -f
- pkg install -y autoconf automake libtool pkgconf brotli openldap-client heimdal libpsl libssh2 openssh-portable libidn2 librtmp libnghttp2 nghttp2 stunnel
- case `python -V` in
Python?3.7*) pkg install -y py37-impacket ;;
Python?2.7*) pkg install -y py27-impacket ;;
esac
- pkg delete -y curl
configure_script:
- ./buildconf
- case `uname -r` in
12.1*)
export CC=clang;
export CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g";
export CXXFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g";
export LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer" ;;
esac
- ./configure --prefix="${HOME}"/install --enable-debug --with-openssl --with-libssh2 --with-brotli --with-gssapi --with-libidn2 --enable-manual --enable-ldap --enable-ldaps --with-librtmp --with-libpsl --with-nghttp2 || { tail -300 config.log; false; }
compile_script:
- make V=1 && cd tests && make V=1
test_script:
# blackhole?
- sysctl net.inet.tcp.blackhole
# make sure we don't run blackhole != 0
- sudo sysctl net.inet.tcp.blackhole=0
# Some tests won't run if run as root so run them as another user.
# Make directories world writable so the test step can write wherever it needs.
- find . -type d -exec chmod 777 {} \;
# The OpenSSH server instance for the testsuite cannot be started on FreeBSD,
# therefore the SFTP and SCP tests are disabled right away from the beginning.
- sudo -u nobody make V=1 TFLAGS="-n -a -p !flaky !SFTP !SCP" test-nonflaky
install_script:
- make V=1 install
windows_task:
name: Windows
timeout_in: 90m
windows_container:
image: ${container_img}
matrix:
- name: Windows 32-bit shared/release Schannel/SSPI/WinIDN/libssh2
env:
container_img: mback2k/curl-docker-winbuildenv-msys2-mingw32:ltsc2019
container_cmd: C:\msys64\usr\bin\sh
prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2
configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2
tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP
- name: Windows 32-bit static/release Schannel/SSPI/WinIDN/libssh2
env:
container_img: mback2k/curl-docker-winbuildenv-msys2-mingw32:ltsc2019
container_cmd: C:\msys64\usr\bin\sh
prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2
configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --disable-shared --enable-static
tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP
curl_LDFLAGS: -all-static
PKG_CONFIG: pkg-config --static
- name: Windows 64-bit shared/release Schannel/SSPI/WinIDN/libssh2
env:
container_img: mback2k/curl-docker-winbuildenv-msys2-mingw64:ltsc2019
container_cmd: C:\msys64\usr\bin\sh
prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2
configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2
tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP
- name: Windows 64-bit static/release Schannel/SSPI/WinIDN/libssh2
env:
container_img: mback2k/curl-docker-winbuildenv-msys2-mingw64:ltsc2019
container_cmd: C:\msys64\usr\bin\sh
prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2
configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --disable-shared --enable-static
tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP
curl_LDFLAGS: -all-static
PKG_CONFIG: pkg-config --static
env:
CIRRUS_CLONE_DEPTH: 10
MSYS2_PATH_TYPE: inherit
prepare_script: |
%container_cmd% -l -c "cd $(echo '%cd%') && %prepare%"
configure_script: |
%container_cmd% -l -c "cd $(echo '%cd%') && ./buildconf && ./configure %configure%"
compile_script: |
%container_cmd% -l -c "cd $(echo '%cd%') && make V=1 && cd tests && make V=1"
install_script: |
%container_cmd% -l -c "cd $(echo '%cd%') && make V=1 install && PATH=/usr/bin:/bin find . -type f -path '*/.libs/*.exe' -print -execdir mv -t .. {} \;"
test_script: |
%container_cmd% -l -c "cd $(echo '%cd%') && make V=1 TFLAGS='-r -rm %tests%' test-nonflaky"