romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-23 04:55:38 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/.github/workflows/windows.yml
Viktor Szakats 22652a5a4c
curl: add options for safe/no CA bundle search (Windows) 
Add `CURL_CA_SEARCH_SAFE` build-time option to enable CA bundle search
in the `curl` tool directory. The lookup method was already used to find
`.curlrc` and `_curlrc` (on Windows). On Windows it overrides the unsafe
default `SearchPath()` method.

Enable with:
- cmake: `-DCURL_CA_SEARCH_SAFE=ON`
- autotools: `--enable-ca-search-safe`
- raw: `CPPFLAGS=-DCURL_CA_SEARCH_SAFE`

On Windows, before this patch the whole `PATH` was searched for
a CA bundle. `PATH` may contain unwanted or world-writable locations,
including the current directory. Searching them all is convenient to
pick up any CA bundle, but not secure.

The Muldersoft curl distro implements such CA search via a custom
patch for Windows:
cd652d4792/patch/curl_tool_doswin.diff (L50)

MSYS2/mingw-w64 distro has also been rolling a patch solving this:
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/0001-Make-cURL-relocatable.patch
https://github.com/msys2/MINGW-packages/blob/master/mingw-w64-curl/pathtools.c

Also add option to fully disable Windows CA search:
- cmake: `-DCURL_DISABLE_CA_SEARCH=ON`
- autotools: `--disable-ca-search`
- raw: `CPPFLAGS=-DCURL_DISABLE_CA_SEARCH`.

Both options are considered EXPERIMENTAL, with possible incompatible
changes or even (partial) removal in the future, depending on feedback.

An alternative, secure option is to embed the CA bundle into the binary.

Safe search can be extended to other platforms if necessary or useful,
by using `_NSGetExecutablePath()` (macOS),
`/proc/self/exe` (Linux/Cygwin), or `argv[0]`.

Closes #14582
2024-09-22 18:17:25 +02:00

633 lines
29 KiB
YAML
Raw Blame History

# Copyright (C) Viktor Szakats
#
# SPDX-License-Identifier: curl
name: Windows
'on':
push:
branches:
- master
- '*/ci'
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
pull_request:
branches:
- master
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
permissions: {}
jobs:
msys2: # both msys and mingw-w64
name: "${{ matrix.sys == 'msys' && 'msys2' || 'mingw' }}, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.env }} ${{ matrix.name }} ${{ matrix.test }}"
runs-on: windows-latest
timeout-minutes: 45
defaults:
run:
shell: msys2 {0}
strategy:
matrix:
include:
- { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '!19 !1233', config: '--enable-debug --disable-threaded-resolver --disable-proxy', name: '!proxy' }
- { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '!19 !504 !704 !705 !1233', config: '--enable-debug --disable-threaded-resolver', name: 'default' }
- { build: 'cmake' , sys: 'msys' , env: 'x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF', name: 'default' }
- { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '!19 !504 !704 !705 !1233', config: '', name: 'default R' }
- { build: 'autotools', sys: 'mingw64', env: 'x86_64' , tflags: 'skiprun' , config: '--enable-debug --disable-threaded-resolver --disable-curldebug --enable-static=no --without-zlib', name: 'default' }
- { build: 'autotools', sys: 'mingw64', env: 'x86_64' , tflags: '~472 ~1299 ~1613' , config: '--enable-debug --enable-windows-unicode --enable-ares', name: 'c-ares U' }
# FIXME: WebSockets test results ignored due to frequent failures on native Windows:
- { build: 'cmake' , sys: 'mingw64', env: 'x86_64' , tflags: '~2301 ~2302' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', type: 'Debug', name: 'schannel c-ares U' }
- { build: 'cmake' , sys: 'ucrt64' , env: 'ucrt-x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_CURLDEBUG=ON', type: 'Release', name: 'schannel R TrackMemory' }
- { build: 'cmake' , sys: 'clang64', env: 'clang-x86_64', tflags: 'skiprun' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_OPENSSL=ON -DENABLE_UNICODE=OFF', type: 'Release', name: 'openssl' }
- { build: 'cmake' , sys: 'mingw64', env: 'x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON', type: 'Release', test: 'uwp', name: 'schannel R' }
- { build: 'cmake' , sys: 'mingw32', env: 'i686' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON', type: 'Release', name: 'schannel R' }
fail-fast: false
steps:
- run: git config --global core.autocrlf input
shell: pwsh
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- uses: msys2/setup-msys2@ddf331adaebd714795f1042345e6ca57bd66cea8 # v2
if: ${{ matrix.sys == 'msys' }}
with:
msystem: ${{ matrix.sys }}
# https://packages.msys2.org/search
install: >-
gcc
${{ matrix.build }} ${{ matrix.build == 'autotools' && 'make' || 'ninja' }}
openssh
openssl-devel
zlib-devel
brotli-devel
libnghttp2-devel
libpsl-devel
libssh2-devel
- uses: msys2/setup-msys2@ddf331adaebd714795f1042345e6ca57bd66cea8 # v2
if: ${{ matrix.sys != 'msys' }}
with:
msystem: ${{ matrix.sys }}
install: >-
mingw-w64-${{ matrix.env }}-cc
mingw-w64-${{ matrix.env }}-${{ matrix.build }} ${{ matrix.build == 'autotools' && 'make' || '' }}
openssh
mingw-w64-${{ matrix.env }}-openssl
mingw-w64-${{ matrix.env }}-libssh2
mingw-w64-${{ matrix.env }}-libpsl
mingw-w64-${{ matrix.env }}-c-ares
- name: 'autotools autoreconf'
if: ${{ matrix.build == 'autotools' }}
timeout-minutes: 2
run: autoreconf -fi
- name: 'autotools configure'
if: ${{ matrix.build == 'autotools' }}
timeout-minutes: 5
run: |
mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \
--prefix="${HOME}"/install \
--enable-websockets \
--with-openssl \
--with-libssh2 \
--disable-dependency-tracking \
${{ matrix.config }}
- name: 'autotools configure log'
if: ${{ matrix.build == 'autotools' && !cancelled() }}
run: cat bld/config.log 2>/dev/null || true
- name: 'curl_config.h'
if: ${{ matrix.build == 'autotools' }}
run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true
- name: 'curl_config.h (full)'
if: ${{ matrix.build == 'autotools' }}
run: cat bld/lib/curl_config.h || true
- name: 'autotools build'
if: ${{ matrix.build == 'autotools' }}
timeout-minutes: 10
run: make -C bld -j5 V=1 install
- name: 'curl version'
if: ${{ matrix.build == 'autotools' }}
timeout-minutes: 1
run: |
find . -name '*.exe' -o -name '*.dll'
bld/src/curl.exe --disable --version
- name: 'autotools build tests'
if: ${{ matrix.build == 'autotools' && matrix.tflags != 'skipall' }}
timeout-minutes: 10
run: make -C bld -j5 V=1 -C tests
- name: 'install test tools'
if: ${{ matrix.build == 'autotools' && matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }}
timeout-minutes: 5
run: |
/c/ProgramData/chocolatey/choco.exe install --yes --no-progress --limit-output --timeout 180 --force stunnel || true
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 https://live.sysinternals.com/handle64.exe --output /bin/handle64.exe
- name: 'autotools run tests'
if: ${{ matrix.build == 'autotools' && matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }}
timeout-minutes: 14
run: |
export TFLAGS='-j14 ${{ matrix.tflags }} ~SCP'
if [ '${{ matrix.sys }}' != 'msys' ]; then
TFLAGS+=' ~TFTP ~MQTT ~WebSockets ~SMTP ~FTP'
TFLAGS+=' ~612 ~613 ~616 ~618' # SFTP
else
TFLAGS+=' ~SFTP'
fi
if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then
TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")"
fi
PATH="$PATH:/c/Program Files (x86)/stunnel/bin"
make -C bld -j5 V=1 test-ci
- name: 'autotools build examples'
if: ${{ matrix.build == 'autotools' }}
timeout-minutes: 5
run: make -C bld -j5 V=1 examples
- name: 'cmake configure'
if: ${{ matrix.build == 'cmake' }}
timeout-minutes: 5
run: |
if [[ '${{ matrix.env }}' = 'clang'* ]]; then
options='-DCMAKE_C_COMPILER=clang'
else
options='-DCMAKE_C_COMPILER=gcc'
fi
if [ '${{ matrix.test }}' = 'uwp' ]; then
options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0'
pacman --noconfirm --ask 20 --noprogressbar --sync --needed 'mingw-w64-${{ matrix.env }}-winstorecompat-git'
specs="$(realpath gcc-specs-uwp)"
gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp -lwindowsappcompat/' -e 's/-lmsvcrt/-lmsvcr120_app/' > "${specs}"
cflags="-specs=$(cygpath -w "${specs}") -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP"
# CMake (as of v3.26.4) gets confused and applies the MSVC rc.exe command-line
# template to windres. Reset it to the windres template manually:
rcopts='<CMAKE_RC_COMPILER> -O coff <DEFINES> <INCLUDES> <FLAGS> <SOURCE> <OBJECT>'
else
rcopts=''
fi
[ '${{ matrix.type }}' = 'Debug' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG='
[ '${{ matrix.type }}' = 'Release' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE='
cmake -B bld -G Ninja ${options} \
"-DCMAKE_C_FLAGS=${cflags}" \
"-DCMAKE_RC_COMPILE_OBJECT=${rcopts}" \
'-DCMAKE_BUILD_TYPE=${{ matrix.type }}' \
-DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \
-DCURL_WERROR=ON \
-DENABLE_WEBSOCKETS=ON \
-DCURL_BROTLI=ON \
${{ matrix.config }}
- name: 'cmake configure log'
if: ${{ matrix.build == 'cmake' && !cancelled() }}
run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true
- name: 'curl_config.h'
if: ${{ matrix.build == 'cmake' }}
run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true
- name: 'curl_config.h (full)'
if: ${{ matrix.build == 'cmake' }}
run: cat bld/lib/curl_config.h || true
- name: 'cmake build'
if: ${{ matrix.build == 'cmake' }}
timeout-minutes: 10
run: cmake --build bld --config '${{ matrix.type }}' --parallel 5
- name: 'curl version'
if: ${{ matrix.build == 'cmake' }}
timeout-minutes: 1
run: |
find . -name '*.exe' -o -name '*.dll'
if [ '${{ matrix.test }}' != 'uwp' ]; then # UWP missing 'msvcr120_app.dll', fails with exit code 0xc0000135
PATH="$PWD/bld/lib:$PATH"
bld/src/curl.exe --disable --version
fi
- name: 'cmake build tests'
if: ${{ matrix.build == 'cmake' && matrix.tflags != 'skipall' }}
timeout-minutes: 10
run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target testdeps
- name: 'install test tools'
if: ${{ matrix.build == 'cmake' && matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }}
timeout-minutes: 5
run: |
/c/ProgramData/chocolatey/choco.exe install --yes --no-progress --limit-output --timeout 180 --force stunnel || true
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 https://live.sysinternals.com/handle64.exe --output /bin/handle64.exe
- name: 'cmake run tests'
if: ${{ matrix.build == 'cmake' && matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }}
timeout-minutes: 14
run: |
export TFLAGS='-j14 ${{ matrix.tflags }} ~SCP'
if [ '${{ matrix.sys }}' != 'msys' ]; then
TFLAGS+=' ~TFTP ~MQTT ~WebSockets ~SMTP ~FTP'
TFLAGS+=' ~612 ~613 ~616 ~618' # SFTP
else
TFLAGS+=' ~SFTP'
fi
if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then
TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")"
fi
PATH="$PWD/bld/lib:$PATH:/c/Program Files (x86)/stunnel/bin"
cmake --build bld --config '${{ matrix.type }}' --target test-ci
- name: 'cmake build examples'
if: ${{ matrix.build == 'cmake' }}
timeout-minutes: 5
run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target curl-examples
old-mingw-w64:
name: 'old-mingw, CM ${{ matrix.env }} ${{ matrix.name }}'
runs-on: windows-latest
timeout-minutes: 45
defaults:
run:
shell: C:\msys64\usr\bin\bash.exe {0}
strategy:
matrix:
include:
- name: 'schannel'
env: '9.5.0-x86_64'
dir: 'mingw64'
url: 'https://github.com/brechtsanders/winlibs_mingw/releases/download/9.5.0-10.0.0-msvcrt-r1/winlibs-x86_64-posix-seh-gcc-9.5.0-mingw-w64msvcrt-10.0.0-r1.7z'
config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF'
type: 'Release'
tflags: '~2301 ~2302 ~3027'
- name: 'schannel U'
env: '7.3.0-x86_64'
dir: 'mingw64'
url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win64/Personal%20Builds/mingw-builds/7.3.0/threads-win32/seh/x86_64-7.3.0-release-win32-seh-rt_v5-rev0.7z'
config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON'
type: 'Release'
tflags: '~2301 ~2302 ~3027 ~1451'
- name: 'schannel !unity'
env: '6.4.0-i686'
dir: 'mingw32'
url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/6.4.0/threads-win32/dwarf/i686-6.4.0-release-win32-dwarf-rt_v5-rev0.7z'
config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF -DCMAKE_UNITY_BUILD=OFF'
type: 'Debug'
tflags: 'skiprun'
fail-fast: false
steps:
- name: 'cache compiler (gcc ${{ matrix.env }})'
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
id: cache-compiler
with:
path: ~\my-cache
key: ${{ runner.os }}-mingw-w64-${{ matrix.env }}
- name: 'install compiler (gcc ${{ matrix.env }})'
if: ${{ steps.cache-compiler.outputs.cache-hit != 'true' }}
timeout-minutes: 5
run: |
cd "${USERPROFILE}" || exit 1
mkdir my-cache
cd my-cache || exit 1
curl --fail --silent --show-error --retry 3 --retry-connrefused --output pack.bin --location --proto-redir =https '${{ matrix.url }}'
pwd
7z x -y pack.bin >/dev/null
rm -r -f pack.bin
ls -l
- run: git config --global core.autocrlf input
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: 'cmake configure'
timeout-minutes: 5
run: |
PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH"
[ '${{ matrix.type }}' = 'Debug' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG='
[ '${{ matrix.type }}' = 'Release' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE='
cmake -B bld -G 'MSYS Makefiles' ${options} \
-DCMAKE_C_COMPILER=gcc \
'-DCMAKE_BUILD_TYPE=${{ matrix.type }}' \
-DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \
-DCURL_WERROR=ON \
-DENABLE_WEBSOCKETS=ON \
-DCURL_USE_LIBPSL=OFF \
${{ matrix.config }}
- name: 'cmake configure log'
if: ${{ !cancelled() }}
run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true
- name: 'curl_config.h'
run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true
- name: 'curl_config.h (full)'
run: cat bld/lib/curl_config.h || true
- name: 'cmake build'
timeout-minutes: 5
run: |
PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH"
cmake --build bld --config '${{ matrix.type }}' --parallel 5
- name: 'curl version'
timeout-minutes: 1
run: |
find . -name '*.exe' -o -name '*.dll'
PATH="$PWD/bld/lib:$PATH"
bld/src/curl.exe --disable --version
- name: 'cmake build tests'
if: ${{ matrix.tflags != 'skipall' }}
timeout-minutes: 10
run: |
PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH"
cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target testdeps
- name: 'install test tools'
if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }}
timeout-minutes: 5
run: |
/c/ProgramData/chocolatey/choco.exe install --yes --no-progress --limit-output --timeout 180 --force stunnel || true
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 https://live.sysinternals.com/handle64.exe --output /bin/handle64.exe
python3 -m pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary impacket
- name: 'cmake run tests'
if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }}
timeout-minutes: 14
run: |
PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH"
export TFLAGS='-j14 ~TFTP ~MQTT ~WebSockets ~FTP ${{ matrix.tflags }}'
if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then
TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")"
fi
PATH="$PWD/bld/lib:$PATH:/c/Program Files (x86)/stunnel/bin"
cmake --build bld --config '${{ matrix.type }}' --target test-ci
- name: 'cmake build examples'
timeout-minutes: 5
run: |
PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH"
cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target curl-examples
linux-cross-mingw-w64:
name: "linux-mingw, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }}"
runs-on: ubuntu-latest
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
build: [autotools, cmake]
compiler: [gcc]
env:
TRIPLET: 'x86_64-w64-mingw32'
steps:
- name: 'install packages'
run: sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 install mingw-w64 ${{ matrix.build == 'cmake' && 'ninja-build' || '' }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: 'autotools autoreconf'
if: ${{ matrix.build == 'autotools' }}
run: autoreconf -fi
- name: 'autotools configure'
if: ${{ matrix.build == 'autotools' }}
run: |
mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \
--host=${TRIPLET} \
--with-schannel --with-winidn \
--without-libpsl \
--disable-dependency-tracking
- name: 'autotools configure log'
if: ${{ matrix.build == 'autotools' && !cancelled() }}
run: cat bld/config.log 2>/dev/null || true
- name: 'autotools build'
if: ${{ matrix.build == 'autotools' }}
run: make -C bld -j5
- name: 'autotools build examples'
if: ${{ matrix.build == 'autotools' }}
run: make -C bld -j5 examples
- name: 'cmake configure'
if: ${{ matrix.build == 'cmake' }}
run: |
cmake -B bld -G Ninja \
-DCMAKE_SYSTEM_NAME=Windows \
-DCMAKE_C_COMPILER_TARGET=${TRIPLET} \
-DCMAKE_C_COMPILER=${TRIPLET}-gcc \
-DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \
-DCURL_WERROR=ON \
-DCURL_USE_SCHANNEL=ON -DUSE_WIN32_IDN=ON \
-DCURL_USE_LIBPSL=OFF
- name: 'cmake configure log'
if: ${{ matrix.build == 'cmake' && !cancelled() }}
run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true
- name: 'cmake build'
if: ${{ matrix.build == 'cmake' }}
run: cmake --build bld --parallel 5
- name: 'cmake build tests'
if: ${{ matrix.build == 'cmake' }}
run: cmake --build bld --parallel 5 --target testdeps
- name: 'cmake build examples'
if: ${{ matrix.build == 'cmake' }}
run: cmake --build bld --parallel 5 --target curl-examples
msvc:
name: 'msvc, CM ${{ matrix.arch }}-${{ matrix.plat }} ${{ matrix.name }}'
runs-on: windows-latest
timeout-minutes: 55
defaults:
run:
shell: bash
env:
VCPKG_BINARY_SOURCES: 'clear;x-gha,readwrite'
VCPKG_DISABLE_METRICS: '1'
strategy:
matrix:
include:
- name: 'schannel MultiSSL U'
install: 'brotli zlib zstd libpsl nghttp2 libssh2[core,zlib] pkgconf gsasl openssl mbedtls shiftmedia-libgnutls'
arch: 'x64'
plat: 'windows'
type: 'Debug'
tflags: '~1516 ~2301 ~2302 ~2303 ~2307'
config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=ON -DCURL_USE_SCHANNEL=ON -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_GNUTLS=ON -DCURL_DEFAULT_SSL_BACKEND=schannel -DCURL_USE_GSASL=ON -DUSE_WIN32_IDN=ON'
- name: 'openssl'
install: 'brotli zlib zstd libpsl nghttp2 nghttp3 openssl libssh2 pkgconf gsasl c-ares libuv'
arch: 'x64'
plat: 'windows'
type: 'Debug'
tflags: '~1516 ~2301 ~2302 ~2303 ~2307'
config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DUSE_OPENSSL_QUIC=ON -DCURL_USE_GSASL=ON -DENABLE_ARES=ON -DCURL_USE_LIBUV=ON'
- name: 'openssl'
install: 'brotli zlib zstd nghttp2 nghttp3 openssl libssh2'
arch: 'x64'
plat: 'uwp'
type: 'Debug'
tflags: 'skiprun'
config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DUSE_OPENSSL_QUIC=ON -DCURL_USE_LIBPSL=OFF'
- name: 'libressl'
install: 'brotli zlib zstd libpsl nghttp2 libressl libssh2[core,zlib]'
arch: 'x64'
plat: 'windows'
type: 'Debug'
tflags: '~1516 ~2301 ~2302 ~2303 ~2307'
config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DCURL_CA_SEARCH_SAFE=ON'
- name: 'boringssl-ECH'
install: 'brotli zlib zstd libpsl nghttp2 boringssl libssh2[core,zlib]'
arch: 'x64'
plat: 'windows'
type: 'Debug'
tflags: '~1516 ~2301 ~2302 ~2303 ~2307'
config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DUSE_HTTPSRR=ON -DUSE_ECH=ON'
- name: 'wolfssl'
install: 'brotli zlib zstd libpsl nghttp2 wolfssl libssh2 pkgconf gsasl ngtcp2[wolfssl] nghttp3'
arch: 'x64'
plat: 'windows'
type: 'Debug'
tflags: '~1516'
config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON -DCURL_USE_GSASL=ON'
- name: 'gnutls'
install: 'brotli zlib zstd libpsl nghttp2 shiftmedia-libgnutls libssh pkgconf gsasl ngtcp2[gnutls] nghttp3'
arch: 'x64'
plat: 'windows'
type: 'Debug'
tflags: '~1516'
# WARNING: libssh uses hard-coded world-writable paths (/etc/..., ~/.ssh/) to
# read its configuration from, making it vulnerable to attacks on
# Windows. Do not use this component till there is a fix for these.
# https://github.com/curl/curl-for-win/blob/3951808deb04df9489ee17430f236ed54436f81a/libssh.sh#L6-L8
config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_GSASL=ON -DUSE_NGTCP2=ON'
- name: 'msh3'
install: 'brotli zlib zstd libpsl nghttp2 msh3 libssh2 pkgconf gsasl'
arch: 'x64'
plat: 'windows'
type: 'Debug'
tflags: '~1516'
config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DUSE_MSH3=ON -DCURL_USE_GSASL=ON'
fail-fast: false
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: 'vcpkg cache setup'
uses: actions/github-script@v7
with:
script: |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
- name: 'vcpkg versions'
timeout-minutes: 1
run: |
git -C "$VCPKG_INSTALLATION_ROOT" show --no-patch --format='%H %ai'
vcpkg version
- name: 'vcpkg build'
timeout-minutes: 35
run: vcpkg x-set-installed ${{ matrix.install }} '--triplet=${{ matrix.arch }}-${{ matrix.plat }}'
- name: 'cmake configure'
timeout-minutes: 5
run: |
if [[ '${{ matrix.install }}' = *'libressl'* ]]; then
# without this, CMake gets confused by the non-vcpkg OpenSSL
# installed on the runner and fails when linking.
options+=" -DOPENSSL_ROOT_DIR=$VCPKG_INSTALLATION_ROOT/installed/${{ matrix.arch }}-${{ matrix.plat }}"
fi
cmake -B bld ${options} \
"-DCMAKE_TOOLCHAIN_FILE=$VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" \
"-DVCPKG_INSTALLED_DIR=$VCPKG_INSTALLATION_ROOT/installed" \
'-DVCPKG_TARGET_TRIPLET=${{ matrix.arch }}-${{ matrix.plat }}' \
-DCMAKE_VS_GLOBALS=TrackFileAccess=false \
'-DCMAKE_BUILD_TYPE=${{ matrix.type }}' \
-DCMAKE_UNITY_BUILD=ON -DCURL_TEST_BUNDLES=ON \
-DCURL_WERROR=ON \
-DENABLE_WEBSOCKETS=ON \
-DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG= \
-DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE= \
${{ matrix.config }}
- name: 'cmake configure log'
if: ${{ !cancelled() }}
run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true
- name: 'curl_config.h'
run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true
- name: 'curl_config.h (full)'
run: cat bld/lib/curl_config.h || true
- name: 'cmake build'
timeout-minutes: 5
run: cmake --build bld --config '${{ matrix.type }}' --parallel 5
- name: 'curl version'
timeout-minutes: 1
run: |
find . -name '*.exe' -o -name '*.dll'
if [ '${{ matrix.plat }}' != 'uwp' ]; then
PATH="$PWD/bld/lib:$PATH"
bld/src/curl.exe --disable --version
fi
- name: 'cmake build tests'
if: ${{ matrix.tflags != 'skipall' }}
timeout-minutes: 10
run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target testdeps
- name: 'install test tools'
if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }}
timeout-minutes: 5
run: |
# GnuTLS is not fully functional on Windows, so skip the tests
# https://github.com/ShiftMediaProject/gnutls/issues/23
if [[ '${{ matrix.name }}' != *'gnutls'* ]]; then
/c/ProgramData/chocolatey/choco.exe install --yes --no-progress --limit-output --timeout 180 --force stunnel openssh || true
fi
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 https://live.sysinternals.com/handle64.exe --output /bin/handle64.exe
python3 -m pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary impacket
- name: 'cmake run tests'
if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }}
timeout-minutes: 16
run: |
export TFLAGS='-j14 ~TFTP ~MQTT ~WebSockets ~SMTP ~FTP ~SCP ~612 ${{ matrix.tflags }}'
if [[ '${{ matrix.install }}' = *'libssh2[core,zlib]'* ]]; then
TFLAGS+=' ~SFTP'
elif [[ '${{ matrix.install }}' = *'libssh '* ]]; then
TFLAGS+=' ~614' # 'SFTP pre-quote chmod' SFTP, pre-quote, directory
fi
PATH="$PWD/bld/lib:$PATH:/c/Program Files (x86)/stunnel/bin:/c/Program Files/OpenSSH-Win64"
cmake --build bld --config '${{ matrix.type }}' --target test-ci
- name: 'cmake build examples'
timeout-minutes: 5
run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target curl-examples
Reference in a new issue View git blame Copy permalink