diff --git a/.cirrus.yml b/.cirrus.yml new file mode 100644 index 0000000000000..f4386a3d7e5a2 --- /dev/null +++ b/.cirrus.yml @@ -0,0 +1,171 @@ +env: + WIDEMUL: auto + BIGNUM: auto + STATICPRECOMPUTATION: yes + ECMULTGENPRECISION: auto + ASM: no + BUILD: check + WITH_VALGRIND: yes + RUN_VALGRIND: no + EXTRAFLAGS: + HOST: + ECDH: no + RECOVERY: no + SCHNORRSIG: no + EXPERIMENTAL: no + CTIMETEST: yes + BENCH: yes + ITERS: 2 + # We only need the top commit + CIRRUS_CLONE_DEPTH: 1 + +cat_logs_snippet: &CAT_LOGS + always: + test_logs_script: + - cat tests.log || true + - cat exhaustive_tests.log || true + - cat valgrind_ctime_test.log || true + - cat bench.log || true + on_failure: + debug_output_script: + - cat config.log || true + - cat test_env.log || true + - env + +task: + name: "x86_64: Linux (Alpine Linux, Nix Shell)" + container: + dockerfile: ci/linux-nixos.Dockerfile + # Reduce number of CPUs to be able to do more builds in parallel. + cpu: 1 + # More than enough for our scripts. + memory: 1G + matrix: &ENV_MATRIX + - env: {WIDEMUL: int64, RECOVERY: yes} + - env: {WIDEMUL: int64, ECDH: yes, EXPERIMENTAL: yes, SCHNORRSIG: yes} + - env: {WIDEMUL: int128} + - env: {WIDEMUL: int128, RECOVERY: yes, EXPERIMENTAL: yes, SCHNORRSIG: yes} + - env: {WIDEMUL: int128, ECDH: yes, EXPERIMENTAL: yes, SCHNORRSIG: yes} + - env: {WIDEMUL: int128, ASM: x86_64} + - env: {BIGNUM: no} + - env: {BIGNUM: no, RECOVERY: yes, EXPERIMENTAL: yes, SCHNORRSIG: yes} + - env: {BIGNUM: no, STATICPRECOMPUTATION: no} + - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETEST: no, BENCH: no} + - env: {CPPFLAGS: -DDETERMINISTIC} + - env: {CFLAGS: -O0, CTIMETEST: no} + - env: + CFLAGS: "-fsanitize=undefined -fno-omit-frame-pointer" + LDFLAGS: "-fsanitize=undefined -fno-omit-frame-pointer" + UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1" + BIGNUM: no + ASM: x86_64 + ECDH: yes + RECOVERY: yes + EXPERIMENTAL: yes + SCHNORRSIG: yes + CTIMETEST: no + - env: { ECMULTGENPRECISION: 2 } + - env: { ECMULTGENPRECISION: 8 } + - env: + RUN_VALGRIND: yes + BIGNUM: no + ASM: x86_64 + ECDH: yes + RECOVERY: yes + EXPERIMENTAL: yes + SCHNORRSIG: yes + EXTRAFLAGS: "--disable-openssl-tests" + BUILD: + matrix: + - env: + CC: gcc + - env: + CC: clang + test_script: + - nix-shell ci/shell.nix --run ./ci/cirrus.sh + << : *CAT_LOGS + +task: + name: "i686: Linux (Alpine Linux, Nix Shell)" + container: + dockerfile: ci/linux-nixos.Dockerfile + cpu: 1 + memory: 1G + env: + HOST: i686-linux-gnu + ECDH: yes + RECOVERY: yes + EXPERIMENTAL: yes + SCHNORRSIG: yes + matrix: + - env: + CC: gcc + - env: + CC: clang + matrix: + - env: + BIGNUM: gmp + - env: + BIGNUM: no + test_script: + - nix-shell ci/shell-i686.nix --run ./ci/cirrus.sh + << : *CAT_LOGS + +task: + name: "x86_64: macOS Catalina" + macos_instance: + image: catalina-base + matrix: + << : *ENV_MATRIX + matrix: + - env: + CC: gcc-9 + - env: + CC: clang + # Update Command Line Tools + # Uncomment this if the Command Line Tools on the CirrusCI macOS image are too old to brew valgrind. + # See https://apple.stackexchange.com/a/195963 for the implementation. + ## update_clt_script: + ## - system_profiler SPSoftwareDataType + ## - touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress + ## - |- + ## PROD=$(softwareupdate -l | grep "*.*Command Line" | tail -n 1 | awk -F"*" '{print $2}' | sed -e 's/^ *//' | sed 's/Label: //g' | tr -d '\n') + ## # For debugging + ## - softwareupdate -l && echo "PROD: $PROD" + ## - softwareupdate -i "$PROD" --verbose + ## - rm /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress + ## + brew_script: + # TODO cache the binaries + - export HOMEBREW_NO_AUTO_UPDATE=1 + - export HOMEBREW_NO_INSTALL_CLEANUP=1 + - brew config + - brew tap --shallow LouisBrunner/valgrind + - brew install --HEAD LouisBrunner/valgrind/valgrind + - brew install automake libtool gmp gcc@9 + test_script: + - ./ci/cirrus.sh + << : *CAT_LOGS + +task: + name: "s390x (big-endian): Linux (Debian QEMU)" + container: + dockerfile: ci/linux-debian-s390-qemu.Dockerfile + cpu: 1 + memory: 1G + env: + QEMU_CMD: qemu-s390x + HOST: s390x-linux-gnu + BUILD: + WITH_VALGRIND: no + BIGNUM: no + ECDH: yes + RECOVERY: yes + EXPERIMENTAL: yes + SCHNORRSIG: yes + CTIMETEST: no + test_script: + # https://sourceware.org/bugzilla/show_bug.cgi?id=27008 + - rm /etc/ld.so.cache + - ./ci/cirrus.sh + << : *CAT_LOGS diff --git a/.travis.yml b/.travis.yml index 91f1d41a2a38b..0699aa0caccf7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -97,7 +97,7 @@ before_script: ./autogen.sh script: - function keep_alive() { while true; do echo -en "\a"; sleep 60; done } - keep_alive & - - ./contrib/travis.sh + - ./ci/travis.sh - kill %keep_alive after_script: diff --git a/README.md b/README.md index e070937235c36..b34102145e04e 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ libsecp256k1 ============ [![Build Status](https://travis-ci.org/bitcoin-core/secp256k1.svg?branch=master)](https://travis-ci.org/bitcoin-core/secp256k1) +[![Build Status](https://api.cirrus-ci.com/github/bitcoin-core/secp256k1.svg?branch=master)](https://cirrus-ci.com/github/bitcoin-core/secp256k1) Optimized C library for ECDSA signatures and secret/public key operations on curve secp256k1. diff --git a/ci/cirrus.sh b/ci/cirrus.sh new file mode 100755 index 0000000000000..e10037a468474 --- /dev/null +++ b/ci/cirrus.sh @@ -0,0 +1,84 @@ +#!/bin/sh + +set -e +set -x + +export LC_ALL=C + +env >> test_env.log + +$CC -v || true +valgrind --version || true + +./autogen.sh + +# Nix doesn't store GNU file in /usr/bin, see https://lists.gnu.org/archive/html/bug-libtool/2015-09/msg00000.html . +# The -i'' is necessary for macOS portability, see https://stackoverflow.com/a/4247319 . +sed -i'' -e 's@/usr/bin/file@$(which file)@g' configure + +./configure \ + --enable-experimental="$EXPERIMENTAL" \ + --with-test-override-wide-multiply="$WIDEMUL" --with-bignum="$BIGNUM" --with-asm="$ASM" \ + --enable-ecmult-static-precomputation="$STATICPRECOMPUTATION" --with-ecmult-gen-precision="$ECMULTGENPRECISION" \ + --enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" \ + --enable-module-schnorrsig="$SCHNORRSIG" \ + --with-valgrind="$WITH_VALGRIND" \ + --host="$HOST" $EXTRAFLAGS + +if [ -n "$BUILD" ] +then + make -j2 "$BUILD" +fi + +if [ "$RUN_VALGRIND" = "yes" ] +then + make -j2 + # the `--error-exitcode` is required to make the test fail if valgrind found errors, otherwise it'll return 0 (https://www.valgrind.org/docs/manual/manual-core.html) + valgrind --error-exitcode=42 ./tests 16 + valgrind --error-exitcode=42 ./exhaustive_tests +fi + +if [ -n "$QEMU_CMD" ] +then + make -j2 + $QEMU_CMD ./tests 16 + $QEMU_CMD ./exhaustive_tests +fi + +if [ "$BENCH" = "yes" ] +then + # Using the local `libtool` because on macOS the system's libtool has nothing to do with GNU libtool + EXEC='./libtool --mode=execute' + if [ -n "$QEMU_CMD" ] + then + EXEC="$EXEC $QEMU_CMD" + fi + if [ "$RUN_VALGRIND" = "yes" ] + then + EXEC="$EXEC valgrind --error-exitcode=42" + fi + # This limits the iterations in the benchmarks below to ITER iterations. + export SECP256K1_BENCH_ITERS="$ITERS" + { + $EXEC ./bench_ecmult + $EXEC ./bench_internal + $EXEC ./bench_sign + $EXEC ./bench_verify + } >> bench.log 2>&1 + if [ "$RECOVERY" = "yes" ] + then + $EXEC ./bench_recover >> bench.log 2>&1 + fi + if [ "$ECDH" = "yes" ] + then + $EXEC ./bench_ecdh >> bench.log 2>&1 + fi + if [ "$SCHNORRSIG" = "yes" ] + then + $EXEC ./bench_schnorrsig >> bench.log 2>&1 + fi +fi +if [ "$CTIMETEST" = "yes" ] +then + ./libtool --mode=execute valgrind --error-exitcode=42 ./valgrind_ctime_test > valgrind_ctime_test.log 2>&1 +fi diff --git a/ci/linux-debian-s390-qemu.Dockerfile b/ci/linux-debian-s390-qemu.Dockerfile new file mode 100644 index 0000000000000..d527be55cb23f --- /dev/null +++ b/ci/linux-debian-s390-qemu.Dockerfile @@ -0,0 +1,6 @@ +FROM debian + +RUN dpkg --add-architecture s390x +RUN apt-get update +RUN apt-get install --no-install-recommends --no-upgrade -y make automake libtool +RUN apt-get install --no-install-recommends --no-upgrade -y gcc-s390x-linux-gnu libc6-dev-s390x-cross qemu-user libc6:s390x diff --git a/ci/linux-nixos.Dockerfile b/ci/linux-nixos.Dockerfile new file mode 100644 index 0000000000000..0017073c9dc3d --- /dev/null +++ b/ci/linux-nixos.Dockerfile @@ -0,0 +1,12 @@ +FROM nixos/nix + +COPY ci/shell.nix /tmp +COPY ci/shell-i686.nix /tmp + +RUN nix-channel --remove nixpkgs +RUN nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs +RUN nix-channel --update + +# Run dummy command "true" in the nix-shell just to get the packages prepared. +RUN nix-shell /tmp/shell.nix --command true +RUN nix-shell /tmp/shell-i686.nix --command true diff --git a/ci/shell-i686.nix b/ci/shell-i686.nix new file mode 100644 index 0000000000000..6ab4f121bd35a --- /dev/null +++ b/ci/shell-i686.nix @@ -0,0 +1,9 @@ +with (import {}).pkgsi686Linux; +mkShell { + buildInputs = [ + bash file pkgconfig autoconf automake libtool gmp valgrind clang gcc + ]; + shellHook = '' + echo Running nix-shell with nixpkgs version: $(nix eval --raw nixpkgs.lib.version) + ''; +} diff --git a/ci/shell.nix b/ci/shell.nix new file mode 100644 index 0000000000000..2ce852515b4d4 --- /dev/null +++ b/ci/shell.nix @@ -0,0 +1,9 @@ +with (import {}); +mkShell { + buildInputs = [ + bash file pkgconfig autoconf automake libtool gmp valgrind clang gcc + ]; + shellHook = '' + echo Running nix-shell with nixpkgs version: $(nix eval --raw nixpkgs.lib.version) + ''; +} diff --git a/contrib/travis.sh b/ci/travis.sh similarity index 100% rename from contrib/travis.sh rename to ci/travis.sh