@@ -307,6 +307,108 @@ jobs:
307307 doas -u builder env SUDO=doas make tests
308308
309309
310+ openbsd-current-upstream :
311+ # This job is special, and tests OpenBSD -current, both the underlying
312+ # plaform (the latest snapshot) and most recent upstream code (or at least
313+ # the most recent code in the github mirror) instead of OpenSSH Portable.
314+ name : " openbsd-current-upstream"
315+ if : github.repository != 'openssh/openssh-portable-selfhosted'
316+ strategy :
317+ fail-fast : false
318+ runs-on : ubuntu-latest
319+ steps :
320+ - name : start OpenBSD VM
321+ uses : vmactions/openbsd-vm@v1
322+ with :
323+ copyback : false
324+ nat : |
325+ "20022": "22"
326+ usesh : true
327+ prepare : |
328+ # should be able to delete the following two lines soon.
329+ touch /etc/ssh/ssh_known_hosts
330+ hostname >/etc/shosts.equiv
331+ useradd -g wobj -m builder
332+ echo "permit nopass keepenv root" >/etc/doas.conf
333+ echo "permit nopass keepenv builder" >>/etc/doas.conf
334+ ls -l /etc/doas.conf
335+ chown root:wheel /etc/doas.conf
336+ chmod 644 /etc/doas.conf
337+ touch /etc/ssh/ssh_known_hosts
338+ pkg_add git
339+
340+ name : Fetch sysupgrade version
341+ run : |
342+ ver=$(curl -s https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/BUILDINFO)
343+ echo "SNAPSHOT_VERSION=${ver}" >> $GITHUB_ENV
344+ name : check for cached sysupgrade
345+ id : cache-sysupgrade
346+ uses : actions/cache@v4
347+ with :
348+ key : openbsd-sysupgrade ${{ env.SNAPSHOT_VERSION }}
349+ path : /tmp/_sysupgrade/
350+ - name : push sysupgrade from cache to VM
351+ if : steps.cache-sysupgrade.outputs.cache-hit == 'true'
352+ run : rsync -av /tmp/_sysupgrade/ openbsd:/home/_sysupgrade/
353+ - name : upgrade to latest snapshot
354+ run : ssh -q openbsd sysupgrade -s -k || true
355+ - name : wait for upgrade
356+ run : |
357+ SECONDS=0; sleep 10; while ! ssh -q -oConnectTimeout=1 openbsd true; do sleep 10; echo waited ${SECONDS}s; done
358+ ssh -q openbsd uname -a
359+ name : retrieve sysupgrade from VM to cache
360+ if : steps.cache-sysupgrade.outputs.cache-hit != 'true'
361+ run : |
362+ mkdir -p /tmp/_sysupgrade/
363+ rsync -av openbsd:/home/_sysupgrade/ /tmp/_sysupgrade/
364+ name : save sysupgrade to cache
365+ if : steps.cache-sysupgrade.outputs.cache-hit != 'true'
366+ uses : actions/cache/save@v4
367+ with :
368+ key : openbsd-sysupgrade ${{ env.SNAPSHOT_VERSION }}
369+ path : /tmp/_sysupgrade/
370+
371+ - name : checkout upstream source
372+ shell : openbsd {0}
373+ run : |
374+ umask 022
375+ cd /usr
376+ rm -rf src/*
377+ git clone --no-checkout --depth=1 --filter=tree:0 https://github.com/openbsd/src.git
378+ cd /usr/src
379+ git sparse-checkout set --no-cone Makefile usr.bin/Makefile usr.bin/Makefile.inc usr.bin/ssh usr.bin/nc regress/usr.bin/ssh
380+ git checkout
381+ git log -n1
382+ chown -R builder /usr/src
383+ chmod -R go-w /usr/src/ /usr/obj/
384+ name : make ssh
385+ shell : openbsd {0}
386+ run : |
387+ cd /usr/src/usr.bin/ssh && make -j4 || make
388+ make install
389+ /etc/rc.d/sshd restart
390+ name : make nc
391+ shell : openbsd {0}
392+ run : cd /usr/src/usr.bin/nc && make && make install
393+ - name : make tests
394+ shell : openbsd {0}
395+ run : |
396+ cd /usr/src/regress/usr.bin/ssh
397+ make obj
398+ doas -u builder env SUDO=doas TEST_SSH_UNSAFE_PERMISSIONS=yes TEST_SSH_FAIL_FATAL=yes TEST_SSH_HOSTBASED_AUTH=setupandrun make
399+ name : retrieve logs
400+ if : failure()
401+ run : |
402+ rsync -a openbsd:/usr/obj/regress/usr.bin/ssh/ regress-logs/
403+ for i in regress-logs/failed*.log; do echo ===; echo LOGFILE: $i; echo ===; cat $i; echo; done
404+ name : save logs
405+ if : failure()
406+ uses : actions/upload-artifact@main
407+ with :
408+ name : openbsd-current-upstream-logs
409+ path : regress-logs/*.log
410+
411+
310412 solaris :
311413 name : " solaris-${{ matrix.target }}"
312414 if : github.repository != 'daztucker/openssh-portable'
@@ -368,3 +470,4 @@ jobs:
368470 run : |
369471 cd $GITHUB_WORKSPACE
370472 sudo -u builder make tests
473+
0 commit comments