From 35e58d8e2abf9796dcb94dccdf5d6ac2f89e7441 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 23 Nov 2022 14:30:00 +0100
Subject: [PATCH] Update the Travis "full" build to use modern Clang

Don't use an all.sh component because there isn't one that does what we
want (modern Clang with ASan, and test everything).

* We need to set CC explicitly or tweak PATH, because clang in $PATH on
  Travis focal instances is Clang 7 which is too old (we want Clang 10).
* Travis lacks the array of versions of openssl and gnutls that we normally
  use for testing, so we need to exclude some tests (or build our
  own multiple versions of openssl and gnutls).

The SSL test exclusions are ad hoc and based on what currently works.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .travis.yml | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 2b41c28f1..0e3f9b0e7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,8 +27,42 @@ jobs:
         - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
 
     - name: full configuration
+      os: linux
+      dist: focal
+      addons:
+        apt:
+          packages:
+          - clang-10
+          - gnutls-bin
       script:
-        - tests/scripts/all.sh -k test_full_cmake_gcc_asan
+        # Do a manual build+test sequence rather than using all.sh,
+        # because there's no all.sh component that does what we want,
+        # which is a build with Clang >= 10 and ASan, running all the SSL
+        # testing.
+        #   - The clang executable in the default PATH is Clang 7 on
+        #     Travis's focal instances, but we want Clang >= 10.
+        #   - Running all the SSL testing requires a specific set of
+        #     OpenSSL and GnuTLS versions and we don't want to bother
+        #     with those on Travis.
+        # So we explicitly select clang-10 as the compiler, and we
+        # have ad hoc restrictions on SSL testing based on what is
+        # passing at the time of writing. We will remove these limitations
+        # gradually.
+        - make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
+        - make test
+        - programs/test/selftest
+        - tests/scripts/test_psa_constant_names.py
+        - tests/ssl-opt.sh
+        # Modern OpenSSL does not support fixed ECDH, null or ancient ciphers.
+        - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-\|DES\|RC4'
+        - tests/scripts/travis-log-failure.sh
+        # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
+        # Modern GnuTLS does not support DES.
+        # One NULL cipher suite is strangely missing in pre-1.2 protocol
+        # versions (it works with (D)TLS1.2, but don't bother).
+        - tests/compat.sh -p GnuTLS -e 'CAMELLIA\|DES\|TLS-RSA-WITH-NULL-SHA256'
+        - tests/scripts/travis-log-failure.sh
+        - tests/context-info.sh
 
     - name: Windows
       os: windows