Fix ssh_compat_SUITE

Author: Mikaka27

lib/ssh/test/ssh_compat_SUITE.erl

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # %CopyrightBegin%
 #
 # SPDX-License-Identifier: Apache-2.0
@@ -17,19 +17,22 @@
 # limitations under the License.
 #
 # %CopyrightEnd%
+#
+# ./create-base-image
 
-UBUNTU_VER=${1:-16.04}
+UBUNTU_VER=${1:-18.04}
 
 USER=sshtester
 PWD=foobar
 
 docker build \
-    -t ssh_compat_suite-ubuntu \
+    -t ssh_compat_suite_img-ubuntu:$UBUNTU_VER \
     --build-arg https_proxy=$HTTPS_PROXY \
     --build-arg http_proxy=$HTTP_PROXY \
     - <<EOF
 
     FROM ubuntu:$UBUNTU_VER
+    ARG DEBIAN_FRONTEND=noninteractive
     WORKDIR /buildroot
 
     # Prepare for installing OpenSSH

lib/ssh/test/ssh_compat_SUITE_data/build_scripts/create-base-image

@@ -0,0 +1,113 @@
+#!/bin/bash
+# %CopyrightBegin%
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# %CopyrightEnd%
+
+# ./create-dropbear-image dropbear 2025.88 [in-file]
+
+case $1 in
+    dropbear)
+        FAMssh=dropbear
+        VERssh=$2
+        LINK=https://matt.ucc.asn.au/dropbear/releases/dropbear-${VERssh}.tar.bz2
+        TMP=tmp.tar.bz2
+        ;;
+    *)
+        echo "Unsupported: $1"
+        exit 1
+esac
+
+BASE_VER=$3
+INPUT_FILE=$4
+
+VER=${FAMssh}${VERssh}-${BASE_VER}
+
+BASE_IMG=ssh_compat_suite_img-ubuntu:$BASE_VER
+
+if [[ $(docker images -q $BASE_IMG 2> /dev/null) == "" ]] ; then
+    echo "Building $BASE_IMG..."
+    if ! ./create-base-image $BASE_VER; then
+        echo "Create base failed." >&2
+        exit 1
+    fi
+fi
+
+# This way of fetching the tar-file separate from the docker commands makes
+# http-proxy handling way easier. The wget command handles the $https_proxy
+# variable while the docker command must have /etc/docker/something changed
+# and the docker server restarted. That is not possible without root access.
+
+# Make a Dockerfile. This method simplifies env variable handling considerably:
+cat - > TempDockerFile <<EOF
+
+    FROM $BASE_IMG
+    ARG  DEBIAN_FRONTEND=noninteractive
+
+    LABEL ${FAMssh}-version=${VER}
+
+    WORKDIR /buildroot
+
+    COPY ${TMP} .
+    RUN  tar xf ${TMP}
+
+    # Build and install
+
+    WORKDIR ${FAMssh}-${VERssh}
+
+    RUN apt-get update
+    RUN apt-get -y install openssh-sftp-server
+
+    # Probably VERY dropbear dependent...:
+    RUN ./configure --without-pie \
+                    --prefix=/buildroot/ssh \
+                    --enable-pam \
+                    LDFLAGS=-Wl,-R/buildroot/ssl/lib
+    RUN  make
+    RUN  make install
+    RUN  mkdir -p /etc/dropbear
+    RUN  mkdir -p /usr/libexec
+    RUN  ln -s /usr/lib/sftp-server /usr/libexec/sftp-server
+
+    RUN echo Built ${VER}
+
+    # Start the daemon, but keep it in foreground to avoid killing the container
+    CMD ["/buildroot/ssh/sbin/dropbear", "-R", "-F", "-E", "-p", "1234"]
+
+EOF
+
+# Fetch the tar file. This could be done in an "ADD ..." in the Dockerfile,
+# but then we hit the proxy problem...
+
+if [[ "x$INPUT_FILE" = "x" ]]
+then
+    wget -O $TMP $LINK
+
+elif [[ "x$INPUT_FILE" != "x$TMP" ]]
+then
+    echo "Use $INPUT_FILE for input"
+    cp $INPUT_FILE $TMP
+fi
+
+# Build the image:
+docker build -t ssh_compat_suite_img-ssh:$VER -f ./TempDockerFile .
+CODE=$?
+
+# Cleaning
+rm -fr ./TempDockerFile $TMP
+
+exit $CODE

lib/ssh/test/ssh_compat_SUITE_data/build_scripts/create-dropbear-image

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # %CopyrightBegin%
 #
 # SPDX-License-Identifier: Apache-2.0
@@ -18,27 +18,36 @@
 #
 # %CopyrightEnd%
 
-# ./create-image openssh 7.3p1 openssl 1.0.2m [in-file]
+# ./create-ssh-image openssh 7.3p1 openssl 1.0.2m [in-file]
 
 case $1 in
     openssh)
-	FAMssh=openssh
-	VERssh=$2
-	PFX=https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-
-	SFX=.tar.gz
-	TMP=tmp.tar.gz
-	;;
+        FAMssh=openssh
+        VERssh=$2
+        LINK=https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${VERssh}.tar.gz
+        TMP=tmp.tar.gz
+    ;;
     *)
-	echo "Unsupported: $1"
-	exit
+        echo "Unsupported: $1"
+        exit 2
 esac
 
 FAMssl=$3
 VERssl=$4
+BASE_VER=$5
 
-INPUT_FILE=$5
+INPUT_FILE=$6
 
-VER=${FAMssh}${VERssh}-${FAMssl}${VERssl}
+VER=${FAMssh}${VERssh}-${FAMssl}${VERssl}-${BASE_VER}
+
+case $FAMssl$VERssl in
+    openssl3*)
+        LIB_DIR="lib64"
+    ;;
+    *)
+        LIB_DIR="lib"
+    ;;
+esac
 
 # This way of fetching the tar-file separate from the docker commands makes
 # http-proxy handling way easier. The wget command handles the $https_proxy
@@ -48,7 +57,8 @@ VER=${FAMssh}${VERssh}-${FAMssl}${VERssl}
 # Make a Dockerfile. This method simplifies env variable handling considerably:
 cat - > TempDockerFile <<EOF
 
-    FROM  ssh_compat_suite-${FAMssl}:${VERssl}
+    FROM ssh_compat_suite_img-${FAMssl}:${VERssl}-${BASE_VER}
+    ARG  DEBIAN_FRONTEND=noninteractive
 
     LABEL openssh-version=${VER}
 
@@ -66,34 +76,36 @@ cat - > TempDockerFile <<EOF
                     --prefix=/buildroot/ssh \
                     --with-ssl-dir=/buildroot/ssl \
                     --with-pam \
-                    LDFLAGS=-Wl,-R/buildroot/ssl/lib
+                    LDFLAGS=-Wl,-R/buildroot/ssl/${LIB_DIR}
     RUN  make
     RUN  make install
     RUN  echo UsePAM yes >> /buildroot/ssh/etc/sshd_config
 
     RUN echo Built ${VER}
 
     # Start the daemon, but keep it in foreground to avoid killing the container
-    CMD /buildroot/ssh/sbin/sshd -D -p 1234
+    CMD ["/buildroot/ssh/sbin/sshd", "-D", "-e", "-p", "1234"]
 
 EOF
 
 # Fetch the tar file. This could be done in an "ADD ..." in the Dockerfile,
 # but then we hit the proxy problem...
 
-if [ "x$INPUT_FILE" = "x" ]
+if [[ "x$INPUT_FILE" == "x" ]]
 then
-    wget -O $TMP $PFX$VERssh$SFX
+    wget -O $TMP $LINK
 
-elif [ "x$INPUT_FILE" != "x$TMP" ]
+elif [[ "x$INPUT_FILE" != "x$TMP" ]]
 then
     echo "Use $INPUT_FILE for input"
     cp $INPUT_FILE $TMP
 fi
 
 # Build the image:
-docker build -t  ssh_compat_suite-ssh:$VER -f ./TempDockerFile .
+docker build -t ssh_compat_suite_img-ssh:$VER -f ./TempDockerFile .
+CODE=$?
 
 # Cleaning
 rm -fr ./TempDockerFile $TMP
 
+exit $CODE

lib/ssh/test/ssh_compat_SUITE_data/build_scripts/create-ssh-image

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # %CopyrightBegin%
 #
 # SPDX-License-Identifier: Apache-2.0
@@ -19,41 +19,62 @@
 # %CopyrightEnd%
 
 
-# ./create-image openssl 1.0.2m [in-file] 
-
-case "$1" in
-    "openssl")
-	FAM=openssl
-	VER=$2
-	PFX=https://www.openssl.org/source/openssl-
-	SFX=.tar.gz
-	TMP=tmp.tar.gz
-	;;
-    "libressl")
-	FAM=libressl
-	VER=$2
-	PFX=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-
-	SFX=.tar.gz
-	TMP=tmp.tar.gz
-	;;
+# ./create-ssl-image openssl 1.0.2m [in-file]
+
+case $1$2 in
+    openssl[0-1]*)
+        FAM=openssl
+        VER=$2
+        DASH_VER=$(echo -n $VER | sed 's/\./_/g')
+        LINK=https://github.com/openssl/openssl/releases/download/OpenSSL_${DASH_VER}/openssl-${VER}.tar.gz
+        TMP=tmp.tar.gz
+    ;;
+    openssl3*)
+        FAM=openssl
+        VER=$2
+        LINK=https://github.com/openssl/openssl/releases/download/openssl-${VER}/openssl-${VER}.tar.gz
+        TMP=tmp.tar.gz
+    ;;
+    libressl[2-3].[0-7]*)
+        FAM=libressl
+        VER=$2
+        LINK=https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${VER}.tar.gz
+        TMP=tmp.tar.gz
+    ;;
+    libressl[3-4]*)
+        FAM=libressl
+        VER=$2
+        LINK=https://github.com/libressl/portable/releases/download/v${VER}/libressl-${VER}.tar.gz
+        TMP=tmp.tar.gz
+    ;;
     *)
-	echo No lib type
-	exit
-	;;
+        echo No lib type
+        exit 1
+    ;;
 esac
 
-INPUT_FILE=$3
+BASE_VER=$3
+INPUT_FILE=$4
 
-case $1$2 in
+BASE_IMG=ssh_compat_suite_img-ubuntu:$BASE_VER
+
+if [[ $(docker images -q $BASE_IMG 2> /dev/null) == "" ]] ; then
+    echo "Building $BASE_IMG..."
+    if ! ./create-base-image $BASE_VER; then
+        echo "Create base failed." >&2
+        exit 1
+    fi
+fi
+
+case $FAM$VER in
     openssl0.9.8[a-l])
         CONFIG_FLAGS=no-asm
-	;;
+    ;;
     *)
-	CONFIG_FLAGS=
-	;;
+        CONFIG_FLAGS=
+    ;;
 esac
 
-
 # This way of fetching the tar-file separate from the docker commands makes
 # http-proxy handling way easier. The wget command handles the $https_proxy
 # variable while the docker command must have /etc/docker/something changed
@@ -62,7 +83,8 @@ esac
 # Make a Dockerfile. This method simplifies env variable handling considerably:
 cat - > TempDockerFile <<EOF
 
-    FROM ssh_compat_suite-ubuntu:latest
+    FROM $BASE_IMG
+    ARG  DEBIAN_FRONTEND=noninteractive
 
     LABEL version=$FAM-$VER
 
@@ -84,18 +106,21 @@ EOF
 # Fetch the tar file. This could be done in an "ADD ..." in the Dockerfile,
 # but then we hit the proxy problem...
 
-if [ "x$INPUT_FILE" = "x" ]
+if [[ "x$INPUT_FILE" == "x" ]]
 then
-    wget -O $TMP $PFX$VER$SFX
+    wget -O $TMP $LINK
 
-elif [ "x$INPUT_FILE" != "x$TMP" ]
+elif [[ "x$INPUT_FILE" != "x$TMP" ]]
 then
-     echo "Use $INPUT_FILE for input"
+    echo "Use $INPUT_FILE for input"
     cp $INPUT_FILE $TMP
 fi
 
 # Build the image:
-docker build -t ssh_compat_suite-$FAM:$VER -f ./TempDockerFile .
+docker build -t ssh_compat_suite_img-$FAM:$VER-$BASE_VER -f ./TempDockerFile .
+CODE=$?
 
 # Cleaning
 rm -fr ./TempDockerFile $TMP
+
+exit $CODE