Add Kerberos V build and test to CI.

2025-08-22 01:49:11 +00:00 · 2023-10-31 09:54:57 -06:00 · 2023-10-31 09:54:57 -06:00 · 7ed7b4536f
commit 7ed7b4536f
parent 145faa3fe9
8 changed files with 37 additions and 18 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -4,6 +4,10 @@ jobs:
  build_linux:
    description: Configure, build and package sudo (Linux)
    parameters:
      krb5:
        description: if true, build sudo's Kerberos V support
        default: false
        type: boolean
      ldap:
        description: if true, build sudo's LDAP support
        default: false
@ -31,7 +35,7 @@ jobs:
      - checkout
      - run:
          name: "Building and packaging sudo (Linux)"
-          command: ./scripts/mkpkg <<# parameters.ldap >>--flavor=ldap --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu <</ parameters.ldap >><<# parameters.wolfssl >>--enable-wolfssl <</ parameters.wolfssl >><<^ parameters.logsrvd >>--disable-log-server --disable-log-client <</ parameters.logsrvd >><<^ parameters.intercept >>--disable-intercept <</ parameters.intercept >><<# parameters.static_sudoers >>--enable-static-sudoers <</ parameters.static_sudoers >>--enable-warnings --enable-werror --enable-sanitizer
+          command: ./scripts/mkpkg <<# parameters.krb5 >>--with-kerb5 <</ parameters.krb5 >><<# parameters.ldap >>--flavor=ldap --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu <</ parameters.ldap >><<# parameters.wolfssl >>--enable-wolfssl <</ parameters.wolfssl >><<^ parameters.logsrvd >>--disable-log-server --disable-log-client <</ parameters.logsrvd >><<^ parameters.intercept >>--disable-intercept <</ parameters.intercept >><<# parameters.static_sudoers >>--enable-static-sudoers <</ parameters.static_sudoers >>--enable-warnings --enable-werror --enable-sanitizer
      # Save workspace for subsequent jobs (i.e. test)
      - persist_to_workspace:
          root: .
@ -84,6 +88,12 @@ workflows:
  version: 2
  build_and_test:
    jobs:
      - build_linux:
          name: build-linux-krb5
          krb5: true
          filters:
            branches:
              only: main
      - build_linux:
          name: build-linux-ldap
          ldap: true
@ -119,6 +129,10 @@ workflows:
          filters:
            branches:
              only: main
      - test_linux:
          name: test-linux-krb5
          requires:
            - build-linux-krb5
      - test_linux:
          name: test-linux-ldap
          requires:
--- a/docker/debian/latest/Dockerfile
+++ b/docker/debian/latest/Dockerfile
@ -3,7 +3,8 @@ FROM docker.io/library/debian:latest
 RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
 	build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
-	libaudit-dev libldap2-dev libpam0g-dev libpython3-dev libsasl2-dev \
+	libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
-	libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev lsb-release \
+	libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
-	ncurses-term openssh-client pkg-config procps python3-dev ssh zlib1g-dev
+	lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
 	ssh zlib1g-dev
 RUN useradd -ms /bin/bash build
--- a/docker/debian/testing/Dockerfile
+++ b/docker/debian/testing/Dockerfile
@ -3,7 +3,8 @@ FROM docker.io/library/debian:testing
 RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
 	build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
-	libaudit-dev libldap2-dev libpam0g-dev libpython3-dev libsasl2-dev \
+	libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
-	libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev lsb-release \
+	libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
-	ncurses-term openssh-client pkg-config procps python3-dev ssh zlib1g-dev
+	lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
 	ssh zlib1g-dev
 RUN useradd -ms /bin/bash build
--- a/docker/fedora/latest/Dockerfile
+++ b/docker/fedora/latest/Dockerfile
@ -1,7 +1,7 @@
 FROM docker.io/library/fedora:latest
 ENV TZ=America/Denver
-RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
+RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel krb5-devel \
    libasan libubsan libselinux-devel libsepol-devel make openldap-devel \
    openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \
    ed gcc gdb git openssh pkg-config procps which
--- a/docker/fedora/rawhide/Dockerfile
+++ b/docker/fedora/rawhide/Dockerfile
@ -1,7 +1,7 @@
 FROM docker.io/library/fedora:rawhide
 ENV TZ=America/Denver
-RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel \
+RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel krb5-devel \
    libasan libubsan libselinux-devel libsepol-devel make openldap-devel \
    openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \
    ed gcc gdb git openssh pkg-config procps which
--- a/docker/ubuntu/devel/Dockerfile
+++ b/docker/ubuntu/devel/Dockerfile
@ -3,7 +3,8 @@ FROM docker.io/library/ubuntu:devel
 RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
        build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
-	libaudit-dev libldap2-dev libpam0g-dev libpython3-dev libsasl2-dev \
+	libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
-	libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev lsb-release \
+	libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
-	ncurses-term openssh-client pkg-config procps python3-dev ssh zlib1g-dev
+	lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
 	ssh zlib1g-dev
 RUN useradd -ms /bin/bash build
--- a/docker/ubuntu/latest/Dockerfile
+++ b/docker/ubuntu/latest/Dockerfile
@ -3,7 +3,8 @@ FROM docker.io/library/ubuntu:latest
 RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
        build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
-	libaudit-dev libldap2-dev libpam0g-dev libpython3-dev libsasl2-dev \
+	libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
-	libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev lsb-release \
+	libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
-	ncurses-term openssh-client pkg-config procps python3-dev ssh zlib1g-dev
+	lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
 	ssh zlib1g-dev
 RUN useradd -ms /bin/bash build
--- a/docker/ubuntu/rolling/Dockerfile
+++ b/docker/ubuntu/rolling/Dockerfile
@ -3,7 +3,8 @@ FROM docker.io/library/ubuntu:rolling
 RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \
    DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \
        build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \
-	libaudit-dev libldap2-dev libpam0g-dev libpython3-dev libsasl2-dev \
+	libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \
-	libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev lsb-release \
+	libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \
-	ncurses-term openssh-client pkg-config procps python3-dev ssh zlib1g-dev
+	lsb-release ncurses-term openssh-client pkg-config procps python3-dev \
 	ssh zlib1g-dev
 RUN useradd -ms /bin/bash build