[openssh-commits] [openssh] 03/03: Add a VM-based test for OpenBSD-current.

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Mar 26 20:20:04 AEDT 2026 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit d3efbba14fda78ed7b15fbc34cf34c1cf27d1716
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Thu Mar 19 17:57:26 2026 +1100

    Add a VM-based test for OpenBSD-current.
---
 .github/workflows/vm.yml | 100 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)

diff --git a/.github/workflows/vm.yml b/.github/workflows/vm.yml
index 4e0dd4539..dbfd6c186 100644
--- a/.github/workflows/vm.yml
+++ b/.github/workflows/vm.yml
@@ -307,6 +307,105 @@ jobs:
         doas -u builder env SUDO=doas make tests
 
 
+  openbsd-current-upstream:
+    # This job is special, and tests OpenBSD -current, both the underlying
+    # plaform (the latest snapshot) and most recent upstream code (or at least
+    # the most recent code in the github mirror) instead of OpenSSH Portable.
+    name: "openbsd-current-upstream"
+    if: github.repository != 'openssh/openssh-portable-selfhosted'
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    steps:
+    - name: start OpenBSD VM
+      uses: vmactions/openbsd-vm at v1
+      with:
+        copyback: false
+        nat: |
+          "20022": "22"
+        usesh: true
+        prepare: |
+          useradd -g wobj -m builder
+          echo "permit nopass keepenv root" >/etc/doas.conf
+          echo "permit nopass keepenv builder" >>/etc/doas.conf
+          ls -l /etc/doas.conf
+          chown root:wheel /etc/doas.conf
+          chmod 644 /etc/doas.conf
+          touch /etc/ssh/ssh_known_hosts
+          pkg_add git
+
+    - name: Fetch sysupgrade version
+      run: |
+        ver=$(curl -s https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/BUILDINFO)
+        echo "SNAPSHOT_VERSION=${ver}" >> $GITHUB_ENV
+    - name: check for cached sysupgrade
+      id: cache-sysupgrade
+      uses: actions/cache at v4
+      with:
+        key: openbsd-sysupgrade ${{ env.SNAPSHOT_VERSION }}
+        path: /tmp/_sysupgrade/
+    - name: push sysupgrade from cache to VM
+      if: steps.cache-sysupgrade.outputs.cache-hit == 'true'
+      run: rsync -av /tmp/_sysupgrade/ openbsd:/home/_sysupgrade/
+    - name: upgrade to latest snapshot
+      run: ssh -q openbsd sysupgrade -s -k || true
+    - name: wait for upgrade
+      run: |
+        SECONDS=0; sleep 10; while ! ssh -q -oConnectTimeout=1 openbsd true; do sleep 10; echo waited ${SECONDS}s; done
+        ssh -q openbsd uname -a
+    - name: retrieve sysupgrade from VM to cache
+      if: steps.cache-sysupgrade.outputs.cache-hit != 'true'
+      run: |
+        mkdir -p /tmp/_sysupgrade/
+        rsync -av openbsd:/home/_sysupgrade/ /tmp/_sysupgrade/
+    - name: save sysupgrade to cache
+      if: steps.cache-sysupgrade.outputs.cache-hit != 'true'
+      uses: actions/cache/save at v4
+      with:
+        key: openbsd-sysupgrade ${{ env.SNAPSHOT_VERSION }}
+        path: /tmp/_sysupgrade/
+
+    - name: checkout upstream source
+      shell: openbsd {0}
+      run: |
+        umask 022
+        cd /usr
+        rm -rf src/*
+        git clone --no-checkout --depth=1 --filter=tree:0 https://github.com/openbsd/src.git
+        cd /usr/src
+        git sparse-checkout set --no-cone Makefile usr.bin/Makefile usr.bin/Makefile.inc usr.bin/ssh usr.bin/nc regress/usr.bin/ssh
+        git checkout
+        git log -n1
+        chown -R builder /usr/src
+        chmod -R go-w /usr/src/ /usr/obj/
+    - name: make ssh
+      shell: openbsd {0}
+      run: |
+        cd /usr/src/usr.bin/ssh && make -j4 || make
+        make install
+        /etc/rc.d/sshd restart
+    - name: make nc
+      shell: openbsd {0}
+      run: cd /usr/src/usr.bin/nc && make && make install
+    - name: make tests
+      shell: openbsd {0}
+      run: |
+        cd /usr/src/regress/usr.bin/ssh
+        make obj
+        doas -u builder env SUDO=doas TEST_SSH_UNSAFE_PERMISSIONS=yes TEST_SSH_FAIL_FATAL=yes TEST_SSH_HOSTBASED_AUTH=setupandrun make
+    - name: retrieve logs
+      if: failure()
+      run: |
+        rsync -a openbsd:/usr/obj/regress/usr.bin/ssh/ regress-logs/
+        for i in regress-logs/failed*.log; do echo ===; echo LOGFILE: $i; echo ===; cat $i; echo; done
+    - name: save logs
+      if: failure()
+      uses: actions/upload-artifact at main
+      with:
+        name: openbsd-current-upstream-logs
+        path: regress-logs/*.log
+
+
   solaris:
     name: "solaris-${{ matrix.target }}"
     if: github.repository != 'openssh/openssh-portable-selfhosted'
@@ -368,3 +467,4 @@ jobs:
       run: |
         cd $GITHUB_WORKSPACE
         sudo -u builder make tests
+

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list