Add a build using Ubuntu 14.04 (Trusty).

This is to validate that our build scripts work with our documented
minimum version of Perl (5.14).  This is the newest version of Ubuntu
on which Travis supports use of perl this old.

Contra the documentation, Trusty-based build workers’ default perl is
5.18, not 5.14.  Travis doesn’t support use of the `perl: VERSION`
build matrix parameter in a `language:c` build, and it doesn’t support
use of the `compiler:` parameter in a `language:perl` build.
The least terrible kludge I can come up with is to continue using
`language:c`, manually download and install the precompiled perl 5.14
binaries that Travis _would_ use for `perl:5.14`, and then manually
activate the appropriate perlbrew environment.  (We can’t use
$PERLBREW_ROOT/etc/bashrc because it’s, well, a bash script,
and our build scripts are _sh_ scripts.)

There is a pretty strong argument that no one should be using
perl < 5.18 anymore: 5.18 is the oldest version with randomized
hashes, which are a critical security fix for anyone processing
untrusted input with Perl.  But the input to all our Perl scripts
is our own source or object code, so that’s not an issue for us.
In fact, we could go even earlier, since we’re not actually _using_
the Unicode support that motivated my selection of 5.14 as the
minimum.  Opinions solicited.

Since this means we have to have an install script again, also use it
to install perltidy and perlcritic when DISTCHECK=1, add configuration
files for both tools, and run perlcritic from the distcheck-hook.
(This doesn’t *do* anything yet, of course, since there aren’t any
Perl scripts yet.)  Quibbles with my formatting and linting choices
are also solicited.

8 files changed, 198 insertions, 0 deletions

diff --git a/.perlcriticrc b/.perlcriticrc
new file mode 100644
index 0000000..c21b487
--- /dev/null
+++ b/.perlcriticrc
@@ -0,0 +1,99 @@
+
+# Perl::Critic configuration.  -*- conf-mode -*-
+
+# we turn on all of the policies at theme level, and then
+# we turn off one-by-one the ones I don't like below.
+severity = 1
+theme =
+
+# compilation-mode--compatible diagnostic formatting
+verbose = %f:%l:%c: warning: %m (%p; %e)\n
+
+### Tuning
+
+[CodeLayout::RequireTidyCode]
+perltidyrc = .perltidyrc
+
+[InputOutput::RequireCheckedSyscalls]
+# check everything except print
+functions = :builtins
+exclude_functions = print
+
+[Subroutines::RequireFinalReturn]
+terminal_funcs = fail skip error invocation_error subprocess_error
+
+[TestingAndDebugging::ProhibitNoWarnings]
+allow = experimental::smartmatch experimental::re_strict
+
+### Disabled policies
+
+# Version strings were only problematic in versions of Perl older than
+# our minimum.
+[-ValuesAndExpressions::ProhibitVersionStrings]
+
+# The rationale for prohibiting boolean 'grep' is sensible
+# (it doesn't short-circuit, which could be a huge waste of time)
+# but the recommended alternative is 'any' from List::MoreUtils,
+# which would be the only CPAN dependency we had.
+[-BuiltinFunctions::ProhibitBooleanGrep]
+
+# The "complex" subroutines and regexes are not that bad and splitting
+# them up would only obscure the logic.
+[-Subroutines::ProhibitExcessComplexity]
+[-RegularExpressions::ProhibitComplexRegexes]
+
+# I can't find any explanation of what qualifies as "brief" and the
+# diagnostic triggers on perfectly sensible code.
+[-InputOutput::RequireBriefOpen]
+
+# I'd *like* to disable this *only* for $_, where the whole point is
+# that it gets written to (and read from) implicitly, but that's not
+# possible.
+[-Variables::RequireInitializationForLocalVars]
+
+# These rules only make sense for large libraries with lots
+# of consumers.
+[-ErrorHandling::RequireCarping]
+[-Modules::RequireVersionVar]
+
+# We intentionally 'use utf8' in every file, regardless of whether it
+# currently has non-ASCII characters in it.
+[-TooMuchCode::ProhibitUnnecessaryUTF8Pragma]
+
+# Doesn't understand the unusual, but unavoidable, uses of -f in this code
+# (to identify executables without actually running them).
+[-ValuesAndExpressions::ProhibitFiletest_f]
+
+# FindBin works fine for our purposes, and we can't use CPAN modules.
+# There is no option to ignore use of just one module.
+[-Freenode::DiscouragedModules]
+
+# Style rules I don't agree with.
+[-ControlStructures::ProhibitPostfixControls]
+[-Freenode::Each]
+[-Freenode::Wantarray]
+[-Freenode::WhileDiamondDefaultAssignment]
+[-NamingConventions::Capitalization]
+[-RegularExpressions::ProhibitEnumeratedClasses]
+[-RegularExpressions::ProhibitEscapedMetacharacters]
+[-RegularExpressions::RequireDotMatchAnything]
+[-RegularExpressions::RequireExtendedFormatting]
+[-RegularExpressions::RequireLineBoundaryMatching]
+[-TooMuchCode::ProhibitDuplicateLiteral]
+[-ValuesAndExpressions::ProhibitMagicNumbers]
+[-ValuesAndExpressions::ProhibitNoisyQuotes]
+[-Variables::ProhibitPunctuationVars]
+
+# Freenode:: modules that duplicate core and pulp perlcritic modules.
+[-Freenode::AmpersandSubCalls]
+[-Freenode::ArrayAssignAref]
+[-Freenode::BarewordFilehandles]
+[-Freenode::ConditionalDeclarations]
+[-Freenode::IndirectObjectNotation]
+[-Freenode::LexicalForeachIterator]
+[-Freenode::LoopOnHash]
+[-Freenode::OpenArgs]
+[-Freenode::PackageMatchesFilename]
+[-Freenode::POSIXImports]
+[-Freenode::Prototypes]
+[-Freenode::StrictWarnings]
diff --git a/.perltidyrc b/.perltidyrc
new file mode 100644
index 0000000..d0e095b
--- /dev/null
+++ b/.perltidyrc
@@ -0,0 +1,15 @@
+# perltidy configuration
+
+--standard-error-output
+--warning-output
+--character-encoding=utf8
+--converge
+
+--continuation-indentation=4
+
+--cuddled-else
+--noblanks-before-comments
+--noblanks-before-blocks
+--paren-tightness=2            # no spaces inside parens
+--brace-tightness=2            # no spaces inside braces
+--square-bracket-tightness=2   # no spaces inside brackets
diff --git a/.travis.yml b/.travis.yml
index 26a5104..4c663af 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,6 +22,9 @@ notifications:
       - "ircs://chat.freenode.net:6697/#libxcrypt"
     skip_join: true
 
+install:
+  - build-aux/travis-install
+
 before_script:
   - build-aux/travis-before
 
@@ -125,6 +128,13 @@ jobs:
         - CONF="--enable-obsolete-api --enable-hashes=all"
         - SANITIZER=1
 
+    - name: "Linux, GCC, all hashes, obsolete API, Perl 5.14"
+      <<: *linux_gcc
+      dist: trusty
+      env:
+        - CONF="--enable-obsolete-api --enable-hashes=all"
+        - OLDEST_SUPPORTED_PERL=1
+
     - name: "Linux, GCC, all hashes, static lib"
       <<: *linux_gcc
       env: CONF="--disable-shared --disable-obsolete-api --enable-hashes=all"
diff --git a/Makefile.am b/Makefile.am
index f0f92c3..6504755 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -536,6 +536,10 @@ test_getrandom_fallbacks_LDFLAGS = \
   $(AM_LDFLAGS)
 endif
 
+# Additional checks to run in `make distcheck'.
+distcheck-hook:
+	cd $(top_srcdir) && perlcritic ./
+
 # Every object file depends on crypt-symbol-vers.h and crypt-hashes.h,
 # which are generated files, so automatic dependency generation is not
 # sufficient.
diff --git a/build-aux/travis-after-success b/build-aux/travis-after-success
index 149119c..efb0ab3 100755
--- a/build-aux/travis-after-success
+++ b/build-aux/travis-after-success
@@ -5,6 +5,17 @@ if [ "$PERFORM_COVERITY_SCAN" = 1 ] || [ "$DISTCHECK" = 1 ]; then
   exit 0
 fi
 
+# All travis-* scripts must begin by initializing perlbrew if
+# possible; travis does not do this for us.  Unfortunately, the
+# code in $PERLBREW_ROOT/etc/bashrc is crawling with bashisms,
+# and the only alternatives offered are for fish and csh, not
+# portable sh.  Fortunately, what we need to do is simple
+# enough to open-code.
+if [ -f "$PERLBREW_HOME/init" ]; then
+    . "$PERLBREW_HOME/init"
+    PATH="$(echo $PATH | sed "s%:$PERLBREW_ROOT/bin:%:$PERLBREW_PATH:%")"
+fi
+
 GCOV=gcov
 
 if [ "$TRAVIS_OS_NAME" = osx ]; then
diff --git a/build-aux/travis-before b/build-aux/travis-before
index abe48e5..13584f7 100755
--- a/build-aux/travis-before
+++ b/build-aux/travis-before
@@ -1,9 +1,21 @@
 #! /bin/sh
 set -e
 
+# All travis-* scripts must begin by initializing perlbrew if
+# possible; travis does not do this for us.  Unfortunately, the
+# code in $PERLBREW_ROOT/etc/bashrc is crawling with bashisms,
+# and the only alternatives offered are for fish and csh, not
+# portable sh.  Fortunately, what we need to do is simple
+# enough to open-code.
+if [ -f "$PERLBREW_HOME/init" ]; then
+    . "$PERLBREW_HOME/init"
+    PATH="$(echo $PATH | sed "s%:$PERLBREW_ROOT/bin:%:$PERLBREW_PATH:%")"
+fi
+
 # Log the identities and versions of the build tools.
 for tool in \
     "${CC-cc}" \
+    "${NM-nm}" \
     "${AUTOCONF-autoconf}" \
     "${AUTOMAKE-automake}" \
     "${LIBTOOLIZE-libtoolize}" \
diff --git a/build-aux/travis-build b/build-aux/travis-build
index e735511..9d80aab 100755
--- a/build-aux/travis-build
+++ b/build-aux/travis-build
@@ -78,6 +78,17 @@ travis_wait () {
     return "$result"
 }
 
+# All travis-* scripts must begin by initializing perlbrew if
+# possible; travis does not do this for us.  Unfortunately, the
+# code in $PERLBREW_ROOT/etc/bashrc is crawling with bashisms,
+# and the only alternatives offered are for fish and csh, not
+# portable sh.  Fortunately, what we need to do is simple
+# enough to open-code.
+if [ -f "$PERLBREW_HOME/init" ]; then
+    . "$PERLBREW_HOME/init"
+    PATH="$(echo $PATH | sed "s%:$PERLBREW_ROOT/bin:%:$PERLBREW_PATH:%")"
+fi
+
 
 export NPROCS="$((`nproc --all 2>/dev/null || sysctl -n hw.ncpu` * 2))"
 echo paralleism is $NPROCS
diff --git a/build-aux/travis-install b/build-aux/travis-install
new file mode 100755
index 0000000..d818ab2
--- /dev/null
+++ b/build-aux/travis-install
@@ -0,0 +1,36 @@
+#! /bin/sh
+
+set -e
+
+if [ "$OLDEST_SUPPORTED_PERL" = 1 ]; then
+    command -V perlbrew
+    command -V lsb_release
+
+    PERLV=5.14
+    URL=https://storage.googleapis.com/travis-ci-language-archives/perl/binaries
+    URL="$URL/$(lsb_release -is | tr A-Z a-z)/$(lsb_release -rs)/$(uname -m)"
+    URL="$URL/perl-${PERLV}.tar.bz2"
+    set -x
+    wget -nv $URL
+    sudo tar xjf perl-${PERLV}.tar.bz2 --directory /
+    rm perl-${PERLV}.tar.bz2
+    perlbrew list
+    perlbrew switch ${PERLV}
+    [ -f "$PERLBREW_HOME/init" ] || { ls -l "$PERLBREW_HOME"; exit 1; }
+
+    . "$PERLBREW_HOME/init"
+    PATH="$(echo $PATH | sed "s%:$PERLBREW_ROOT/bin:%:$PERLBREW_PATH:%")"
+    command -v perl
+fi
+
+if [ "$DISTCHECK" = 1 ]; then
+    set -x
+    cpanm -S -i \
+          Perl::Critic \
+          Perl::Critic::Freenode \
+          Perl::Critic::Pulp \
+          Perl::Critic::TooMuchCode \
+          Perl::Tidy
+    perltidy --version
+    perlcritic --version
+fi