diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 4633faf965de..7f8f8b593041 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -26,10 +26,10 @@ env: # A recent version of stable Rust that is known to pass build, test and other # verification steps in this workflow. This was added because using "stable" # could cause some steps to fail. - RUST_VERSION_KNOWN: "1.62.0" + RUST_VERSION_KNOWN: "1.70.0" # The minimum version of Rust supported. - RUST_VERSION_MIN: "1.58.1" + RUST_VERSION_MIN: "1.63.0" jobs: @@ -1242,200 +1242,6 @@ jobs: - run: suricata-update -V - run: suricatasc -h - fedora-36-clang: - name: Fedora 36 (clang, debug, asan, wshadow, rust-strict, systemd) - runs-on: ubuntu-latest - container: fedora:36 - needs: [prepare-deps, prepare-cbindgen] - steps: - - # Cache Rust stuff. - - name: Cache cargo registry - uses: actions/cache@v3.3.1 - with: - path: ~/.cargo - key: ${{ github.job }}-cargo - - - name: Cache RPMs - uses: actions/cache@v3.3.1 - with: - path: /var/cache/dnf - key: ${{ github.job }}-dnf - - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - - - run: | - dnf -y install \ - autoconf \ - automake \ - cargo \ - ccache \ - clang \ - diffutils \ - file-devel \ - gcc \ - gcc-c++ \ - git \ - hiredis-devel \ - jansson-devel \ - jq \ - lua-devel \ - libasan \ - libtool \ - libyaml-devel \ - libnfnetlink-devel \ - libnetfilter_queue-devel \ - libnet-devel \ - libcap-ng-devel \ - libevent-devel \ - libmaxminddb-devel \ - libpcap-devel \ - libxdp-devel \ - libbpf-devel \ - libtool \ - lz4-devel \ - make \ - nss-softokn-devel \ - pcre2-devel \ - pkgconfig \ - python3-yaml \ - sudo \ - systemd-devel \ - which \ - zlib-devel - - uses: actions/checkout@v3.5.3 - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - with: - name: prep - path: prep - - run: tar xf prep/libhtp.tar.gz - - run: tar xf prep/suricata-update.tar.gz - - name: Setup cbindgen - run: | - mkdir -p $HOME/.cargo/bin - cp prep/cbindgen $HOME/.cargo/bin - chmod 755 $HOME/.cargo/bin/cbindgen - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - run: ./autogen.sh - - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua - env: - LDFLAGS: "-fsanitize=address" - ac_cv_func_realloc_0_nonnull: "yes" - ac_cv_func_malloc_0_nonnull: "yes" - - run: make -j2 - - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - - name: Extracting suricata-verify - run: tar xf prep/suricata-verify.tar.gz - - name: Running suricata-verify - run: python3 ./suricata-verify/run.py -q - # Now install and make sure headers and libraries aren't install - # until requested. - - run: make install - - run: test ! -e /usr/local/lib/libsuricata_c.a - - run: test ! -e /usr/local/include/suricata - - run: make install-headers - - run: test -e /usr/local/include/suricata/suricata.h - - run: make install-library - - run: test -e /usr/local/lib/libsuricata_c.a - - run: test -e /usr/local/lib/libsuricata_rust.a - - run: test -e /usr/local/bin/libsuricata-config - - run: test ! -e /usr/local/lib/libsuricata.so - - run: make install - - run: suricata-update -V - - run: suricatasc -h - # Check compilation against systemd - - run: ldd src/suricata | grep libsystemd &> /dev/null - - fedora-36-gcc: - name: Fedora 36 (gcc, debug, asan, wshadow, rust-strict) - runs-on: ubuntu-latest - container: fedora:36 - needs: [prepare-deps, prepare-cbindgen] - steps: - - # Cache Rust stuff. - - name: Cache cargo registry - uses: actions/cache@v3.3.1 - with: - path: ~/.cargo/registry - key: cargo-registry - - - run: | - dnf -y install \ - autoconf \ - automake \ - cargo \ - ccache \ - diffutils \ - file-devel \ - gcc \ - gcc-c++ \ - git \ - hiredis-devel \ - jansson-devel \ - jq \ - lua-devel \ - libasan \ - libtool \ - libyaml-devel \ - libnfnetlink-devel \ - libnetfilter_queue-devel \ - libnet-devel \ - libcap-ng-devel \ - libevent-devel \ - libmaxminddb-devel \ - libpcap-devel \ - libtool \ - lz4-devel \ - make \ - nss-softokn-devel \ - pcre2-devel \ - pkgconfig \ - python3-yaml \ - sudo \ - which \ - zlib-devel - - uses: actions/checkout@v3.5.3 - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - with: - name: prep - path: prep - - run: tar xf prep/libhtp.tar.gz - - run: tar xf prep/suricata-update.tar.gz - - name: Setup cbindgen - run: | - mkdir -p $HOME/.cargo/bin - cp prep/cbindgen $HOME/.cargo/bin - chmod 755 $HOME/.cargo/bin/cbindgen - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - run: ./autogen.sh - - run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue - env: - CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" - LDFLAGS: "-fsanitize=address" - ac_cv_func_realloc_0_nonnull: "yes" - ac_cv_func_malloc_0_nonnull: "yes" - - run: make -j2 - - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - - name: Extracting suricata-verify - run: tar xf prep/suricata-verify.tar.gz - - name: Running suricata-verify - run: python3 ./suricata-verify/run.py -q - # Now install and make sure headers and libraries aren't install - # until requested. - - run: make install - - run: test ! -e /usr/local/lib/libsuricata_c.a - - run: test ! -e /usr/local/include/suricata - - run: make install-headers - - run: test -e /usr/local/include/suricata/suricata.h - - run: make install-library - - run: test -e /usr/local/lib/libsuricata_c.a - - run: test -e /usr/local/lib/libsuricata_rust.a - - run: test -e /usr/local/bin/libsuricata-config - - run: test ! -e /usr/local/lib/libsuricata.so - - run: make install - - run: suricata-update -V - - run: suricatasc -h - # This job builds and tests Suricata as a non-root user as some # issues only show up when not running as root, and by default all # jobs in GitHub actions are run as root inside the container. @@ -1896,7 +1702,7 @@ jobs: name: Ubuntu 20.04 (unsupported rust) runs-on: ubuntu-latest container: ubuntu:20.04 - needs: almalinux-8 + needs: debian-12-dist steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 @@ -1935,7 +1741,7 @@ jobs: zlib1g \ zlib1g-dev \ dpdk-dev - - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.33.0 -y + - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.62.0 -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Download suricata.tar.gz uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a @@ -2538,6 +2344,93 @@ jobs: name: dist path: dist + debian-12-msrv: + name: Debian 12 MSRV + runs-on: ubuntu-latest + container: debian:12 + needs: [prepare-deps, prepare-cbindgen] + steps: + # Cache Rust stuff. + - name: Cache cargo registry + uses: actions/cache@v3.3.1 + with: + path: ~/.cargo + key: ${{ github.job }}-cargo + + - run: apt update + - run: | + apt -y install \ + autoconf \ + automake \ + build-essential \ + cmake \ + curl \ + dpdk-dev \ + git \ + jq \ + make \ + libpcre3 \ + libpcre3-dbg \ + libpcre3-dev \ + libpcre2-dev \ + libtool \ + libpcap-dev \ + libnet1-dev \ + libyaml-0-2 \ + libyaml-dev \ + libcap-ng-dev \ + libcap-ng0 \ + libmagic-dev \ + libmaxminddb-dev \ + libjansson-dev \ + libjansson4 \ + liblua5.1-dev \ + libnss3-dev \ + libnspr4-dev \ + libnuma-dev \ + liblz4-dev \ + libssl-dev \ + liblzma-dev \ + pkg-config \ + python3 \ + python3-yaml \ + sphinx-doc \ + sphinx-common \ + texlive-latex-base \ + texlive-fonts-recommended \ + texlive-fonts-extra \ + texlive-latex-extra \ + zlib1g \ + zlib1g-dev + - name: Install Rust + run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain ${RUST_VERSION_MIN} -y + - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH + - uses: actions/checkout@v3.5.3 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + with: + name: prep + path: prep + - name: Setup cbindgen + run: | + mkdir -p $HOME/.cargo/bin + cp prep/cbindgen $HOME/.cargo/bin + chmod 755 $HOME/.cargo/bin/cbindgen + - run: tar xf prep/libhtp.tar.gz + - run: tar xf prep/suricata-update.tar.gz + - run: tar xf prep/suricata-verify.tar.gz + - run: ./autogen.sh + - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk + - run: make -j2 + - run: make check + - name: Building Rust documentation + run: make doc + working-directory: rust + - name: Running suricata-verify + run: python3 ./suricata-verify/run.py -q + - run: make install + - run: suricata-update -V + - run: suricatasc -h + debian-11: name: Debian 11 (xdp) runs-on: ubuntu-latest diff --git a/configure.ac b/configure.ac index 85ef19221b6a..1ff2f39df796 100644 --- a/configure.ac +++ b/configure.ac @@ -2277,7 +2277,7 @@ fi cargo_version_output=$($CARGO --version) cargo_version=$(echo "$cargo_version_output" | sed 's/^.*[[^0-9]]\([[0-9]]*\.[[0-9]]*\.[[0-9]]*\).*$/\1/') - MIN_RUSTC_VERSION="1.58.1" # MSRV + MIN_RUSTC_VERSION="1.63.0" # MSRV AC_MSG_CHECKING(for Rust version $MIN_RUSTC_VERSION or newer) AS_VERSION_COMPARE([$rustc_version], [$MIN_RUSTC_VERSION], [