dilim/openssh-portable
1
0
Fork 0
mirror of https://github.com/openssh/openssh-portable.git synced 2026-06-24 08:48:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,712 Commits 73 Branches 163 Tags
master
Commit Graph

469 Commits

Author SHA1 Message Date
Darren Tucker
5dac5a9252 Set build options in /etc/mk.conf once at startup. 2026-06-24 13:55:17 +10:00
Darren Tucker
10715f25c4 Output Actions allowlist for uploading to Github. 2026-06-22 21:30:41 +10:00
Darren Tucker
01404fa5da Add script to lookup and pin Actions to hashes. 
Update recently changed Cygwin Actions and pin remaining unpinned ones.
 2026-06-22 19:32:25 +10:00
El Mehdi Abenhazou
faa646a9bf ci: pin upstream.yml actions to full commit SHAs 
Signed-off-by: El Mehdi Abenhazou <mehdiananas007@gmail.com>
 2026-06-22 18:55:25 +10:00
El Mehdi Abenhazou
983096a7b2 ci: pin GitHub Actions to full commit SHAs 
Pinning actions/checkout, actions/upload-artifact, and
cygwin/cygwin-install-action to their full commit SHA instead of
mutable branch/tag references (main, master).

Using mutable refs means a compromised or malicious update to the
action repository could silently alter the workflow behavior.
Pinning to SHA makes the exact version immutable and auditable.

Signed-off-by: El Mehdi Abenhazou <mehdiananas007@gmail.com>
 2026-06-22 18:54:58 +10:00
Darren Tucker
c9ebebb22f Reformat setup_ci command line. 
This prevents setup_ci from running twice on Cygwin due to different
parsing of the command line since on Windows it's run via Powershell.
 2026-06-02 23:28:52 +10:00
Darren Tucker
7e5590cf8f Replace shell-level timeout with dedicated command. 
It turns out the systems we run this workflow on all have timeout(1),
 2026-06-02 18:57:23 +10:00
Darren Tucker
41bb8c1823 Add a single retry to VM package install steps. 
These are potentially flaky due to network issues, so hopefully this
will reduce the number of manual retries needed.
 2026-06-02 18:11:42 +10:00
Darren Tucker
e8c12cc085 setup_ci.sh: add timeout and allow one retry 2026-06-01 22:31:28 +10:00
Darren Tucker
7b776066bc Update LibreSSL test 4.3.1->4.3.2. 2026-06-01 17:39:40 +10:00
Darren Tucker
0a561f9067 Run hardenedmalloc test on ubuntu-latest. 
Needed for newer clang that supports -std=c23.
 2026-05-26 10:48:19 +10:00
Darren Tucker
3468ac7296 Hardenedmalloc needs -std=c23 so build with clang. 2026-05-26 09:35:42 +10:00
Darren Tucker
66847768ff Add OpenBSD 7.9 test VM. 2026-05-21 18:39:54 +10:00
Darren Tucker
d0d7981cf5 Another shell portability fix for Solaris. 2026-05-21 18:39:28 +10:00
Darren Tucker
498372545f Use backticks for shell portability w/ Solaris. 2026-05-21 18:25:50 +10:00
Darren Tucker
18b9db789e Add interop tests against Dropbear >= 2020.79 2026-05-21 18:01:01 +10:00
Darren Tucker
55df196e39 Retire OmniOS r151046 & r151054 test configs. 
They require packages from an external mirror which has been unreliable
lately, so stop relying on it.
 2026-05-12 19:53:54 +10:00
Darren Tucker
6d9116d4df Handle missing packages for FreeBSD 12.4. 
(Most) FreeBSD mirrors no longer have packages for 12.x, so install the
only thing we need (sudo) from source on.
 2026-05-12 19:47:13 +10:00
Darren Tucker
99f1e0c2f9 OmniOS: check for gcc before installing. 2026-05-12 18:50:20 +10:00
Darren Tucker
ded80eb0ff Add VM test versions for : OmniOS and FreeBSD. 
Add OmniOS r151056 and r151058 (with build-essentials, so hopefully
faster and lower dependency) and FreeBSD 12.4 for better coverage.
 2026-05-12 18:07:45 +10:00
Darafei Praliaskouski
56e73cd804 ci: avoid rsync dependency in NetBSD VM jobs 2026-05-11 18:16:59 +10:00
Darren Tucker
4ea08a0353 Improve NetBSD PAM tests. 
- Set random password and use for password auth test.
 - When testing PAM builds, test with and without UsePAM.
 2026-05-05 00:09:12 +10:00
Darren Tucker
504d01d81f Improve FreeBSD PAM tests. 
- Set random password and use for password auth test.
 - When testing PAM builds, test with and without UsePAM.
 2026-05-05 00:09:11 +10:00
Darren Tucker
a05de3f67f Update to FreeBSD 14.4, add 15.0. 2026-05-05 00:09:11 +10:00
Darren Tucker
6296749fe1 Improve Solaris PAM tests. 
- Set up and run tests with SUDO.
 - Set random password to use for password & kbdint auth tests.
 - Only run t-exec when re-testing with PAM, don't rerun unit tests.
 - When testing PAM builds, test with and without UsePAM.
 2026-05-05 00:09:07 +10:00
Darren Tucker
f9d62eaa53 Only run t-exec when re-testing with PAM. 
There's no point rerunning unit tests.
 2026-05-05 00:09:06 +10:00
Darren Tucker
05af6553e9 Add Solaris 11.4-clang-19 test. 2026-05-05 00:09:05 +10:00
Darren Tucker
cb654c2ce7 Add RUN_ONLY_PLATFORM to run a subset of tests. 2026-05-05 00:09:05 +10:00
Darren Tucker
5fa60ae0d2 Remove 9.9 and 10.0 branches from build status page. 2026-05-01 09:19:56 +10:00
Renaud Allard
7ab5e4073a vm.yml: fix solaris PAM tests 
Add missing SSHD_CONFOPTS="UsePam yes" to the solaris PAM test
step so it actually tests PAM functionality instead of re-running
the default tests with a PAM-enabled binary.
 2026-04-30 09:28:17 +10:00
Darren Tucker
b9ccca0edf Add tracking for 10.3 branch. 2026-04-29 09:14:31 +10:00
Darren Tucker
6185d1e6f7 Rename obsd arm64 snapshot VM for consistency. 2026-04-28 09:10:44 +10:00
Darren Tucker
2be9cec2fc Update OpenSSL tested versions. 2026-04-27 21:53:36 +10:00
Darren Tucker
b41203e500 Comment out new PAM valgrind test until debugged. 2026-04-27 21:47:55 +10:00
Darren Tucker
4e0d1aea89 Simplify Cygwin permissions setting. 2026-04-27 21:47:50 +10:00
Darren Tucker
6c5235cb66 Reorder steps to change perms before displaying. 2026-04-27 21:47:49 +10:00
Darren Tucker
ba110a56a7 Allow setting TEST_SSH_TRACE via Github. 2026-04-27 21:47:48 +10:00
Darren Tucker
8751cd9c5c Add tests for libressl-4.3.1. 2026-04-27 21:47:47 +10:00
Darren Tucker
1afbd7bd1f Re-enable SHA1 sigs in OpenSSL on Cygwin for tests. 
Recently Cygwin imported changes from Fedora which disable SHA1
signatures by default.  This breaks the unit tests (and a couple of
regression tests), so set rh-allow-sha1-signatures=yes in the OpenSSL
config to re-enable them.
 2026-04-27 21:47:46 +10:00
Bob Beck
eb34f95206 Make ci work for OpenSSL 4 variants 2026-04-17 17:44:06 +10:00
Darren Tucker
713ec5c5ae Test against OpenSSL 3.6.2, 4.0.0 and 4.0-stable. 2026-04-16 20:55:23 +10:00
Dmitry Misharov
b6d46558db account newer openssl versions in .github/setup_ci.sh 2026-04-16 19:35:04 +10:00
Darren Tucker
f2da6737e2 Match case with other messages. 2026-04-16 19:32:34 +10:00
Darren Tucker
d3efbba14f Add a VM-based test for OpenBSD-current. 2026-03-26 18:56:18 +11:00
Darren Tucker
4bb4f1601e Add a Valgrind test of the PAM config. 2026-03-26 18:56:15 +11:00
Darren Tucker
12da685dfc Upstream tests don't use the config file. 2026-03-26 18:56:14 +11:00
Darren Tucker
c26d90e5ad Remove BoringSSL rpath as it's statically linked. 2026-03-01 09:41:39 +11:00
Darren Tucker
c940e709ae Check regress passwd is set before enabling kbdint. 2026-02-23 20:54:55 -05:00
Darren Tucker
a07a53b00e Activate kbdint test on PAM configs. 2026-02-23 20:21:14 -05:00
Darren Tucker
5f98660c51 Install libaudit-dev for --with-audit=linux test. 2026-02-18 12:39:31 -05:00