diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c9a04d22..3fc2a024 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,39 +9,67 @@ env: version: 0.4.13_git jobs: - unix: + build: strategy: fail-fast: false matrix: include: - - os: 'ubuntu-22.04' - - os: 'ubuntu-20.04' - - os: 'macOS-latest' + - id: ubuntu-24.04 + triplet: x64-linux + compiler: gcc + os: ubuntu-24.04 + generator: Unix Makefiles + - id: ubuntu-22.04 + triplet: x64-linux + compiler: gcc + os: ubuntu-22.04 + generator: Unix Makefiles + - id: ubuntu-20.04 + triplet: x64-linux + compiler: gcc + os: ubuntu-20.04 + generator: Unix Makefiles + - id: macOS-3 openssl: 'openssl@3' - - os: 'macOS-latest' + triplet: x64-osx + compiler: clang + os: macOS-latest + generator: Unix Makefiles + - id: macOS-1.1 openssl: 'openssl@1.1' + triplet: x64-osx + compiler: clang + os: macOS-latest + generator: Unix Makefiles runs-on: ${{matrix.os}} - env: - PKG_CONFIG_PATH: /usr/local/opt/${{matrix.openssl}}/lib/pkgconfig - steps: - uses: actions/checkout@v4 - name: Install apt dependencies (Linux) if: runner.os == 'Linux' - run: sudo apt-get install -y libssl-dev opensc softhsm + run: | + sudo apt-get update + sudo apt-get install -y libssl-dev opensc softhsm2 - name: Install brew dependencies (macOS) if: runner.os == 'macOS' run: | - brew install libtool automake ${{matrix.openssl}} softhsm - brew install --cask opensc - echo "/usr/local/opt/${{matrix.openssl}}/bin" >> $GITHUB_PATH + brew install libtool automake opensc softhsm + + - name: Set environment variables (macOS) + if: runner.os == 'macOS' + run: | + echo "/opt/homebrew/bin" >> $GITHUB_PATH + echo "/opt/homebrew/opt/${{matrix.openssl}}/bin" >> $GITHUB_PATH + echo "PKG_CONFIG_PATH=/opt/homebrew/opt/${{matrix.openssl}}/lib/pkgconfig" >> $GITHUB_ENV - name: System information run: | + which pkcs11-tool + which softhsm2-util + which openssl openssl version -a echo "PATH=$PATH" @@ -58,19 +86,30 @@ jobs: timeout-minutes: 5 run: make check - - name: Results of failed tests - if: failure() - run: cat tests/test-suite.log || true + - name: Results of tests + run: cat ${{github.workspace}}/tests/test-suite.log || true windows: strategy: fail-fast: false matrix: include: - - arch: 'x86' + - id: windows-x86-vs + triplet: x86-windows build_for: 'WIN32' - - arch: 'x64' + compiler: vs + arch: x86 + os: windows-latest + generator: Ninja + vcpkg_root: C:/vcpkg + - id: windows-x64-vs + triplet: x64-windows build_for: 'WIN64' + compiler: vs + arch: x64 + os: windows-latest + generator: Ninja + vcpkg_root: C:/vcpkg runs-on: windows-latest @@ -81,7 +120,10 @@ jobs: uses: actions/cache@v4 with: path: C:/Users/runneradmin/AppData/Local/vcpkg/archives - key: ${{matrix.arch}} + key: ${{matrix.id}}-${{hashFiles('vcpkg.json')}} + restore-keys: | + ${{matrix.id}}-${{hashFiles('vcpkg.json')}} + ${{matrix.id}}- - name: Configure Visual Studio uses: ilammy/msvc-dev-cmd@v1 @@ -90,8 +132,8 @@ jobs: - name: Install OpenSSL with VCPKG run: | - vcpkg install --triplet=${{matrix.arch}}-windows openssl - echo "C:\vcpkg\packages\openssl_${{matrix.arch}}-windows\tools\openssl" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append + vcpkg install --triplet=${{matrix.triplet}} openssl[tools] + echo "C:\vcpkg\packages\openssl_${{matrix.triplet}}\tools\openssl" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append - name: System information run: openssl version -a @@ -99,7 +141,7 @@ jobs: - name: Build run: nmake -f Makefile.mak BUILD_FOR=${{matrix.build_for}} - OPENSSL_DIR="C:\vcpkg\packages\openssl_${{matrix.arch}}-windows" + OPENSSL_DIR="C:\vcpkg\packages\openssl_${{matrix.triplet}}" - name: Upload the DLLs uses: actions/upload-artifact@v4 diff --git a/tests/common.sh b/tests/common.sh index 892ae645..df07a011 100755 --- a/tests/common.sh +++ b/tests/common.sh @@ -28,20 +28,45 @@ echo "Output directory: ${outdir}" mkdir -p ${outdir} -for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 \ - /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do - if [[ -f "$i/libsofthsm2.so" ]]; then - MODULE="$i/libsofthsm2.so" - break - else - if [[ -f "$i/libsofthsm.so" ]]; then - MODULE="$i/libsofthsm.so" - break - fi - fi -done +# List of directories to search +SOFTHSM_SEARCH_PATHS=( + "/opt/homebrew" + "/usr/local/lib/softhsm" + "/opt/local/lib/softhsm" + "/usr/lib64/pkcs11" + "/usr/lib64/softhsm" + "/usr/lib/x86_64-linux-gnu/softhsm" + "/usr/lib/softhsm" + "/usr/lib" +) + +PKCS11_TOOL_SEARCH_PATHS=( + "/opt/homebrew/Cellar" + "/opt/homebrew/bin" + "/usr/local/bin" + "/usr/bin" +) + +# Locate the SoftHSM library +MODULE=$(find "${SOFTHSM_SEARCH_PATHS[@]}" -type f -name "libsofthsm2.so" \ + -print -quit 2>/dev/null) + +# Output the result +if [[ -n "${MODULE}" ]]; then + echo "SoftHSM library found: ${MODULE}" +else + echo "Skipping test: SoftHSM library not found. Please install SoftHSM to proceed." + exit 77 +fi + +# Locate the pkcs11-tool +PKCS11_TOOL=$(find "${PKCS11_TOOL_SEARCH_PATHS[@]}" -type f -name "pkcs11-tool" \ + -print -quit 2>/dev/null) -if [[ ! -x /usr/bin/pkcs11-tool && ! -x /usr/local/bin/pkcs11-tool ]]; then +# Output the result +if [[ -n "${PKCS11_TOOL}" ]]; then + echo "pkcs11-tool found: ${PKCS11_TOOL}" +else echo "Skipping test: 'pkcs11-tool' not found. Please install the tool to proceed." exit 77 fi @@ -58,14 +83,16 @@ export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} # Check for ldd command if command -v ldd >/dev/null 2>&1; then LIBCRYPTO_VER=$(ldd "${MODULE}" | grep 'libcrypto' | awk '{print $1}') +elif command -v otool >/dev/null 2>&1; then + LIBCRYPTO_VER=$(otool -L "${MODULE}" | grep 'libcrypto' | awk '{print $1}') else - echo "Warning: ldd command not found. Skipping library version detection." + echo "Warning: Neither ldd nor otool command found. Skipping library version detection." LIBCRYPTO_VER="unknown" fi # Check OpenSSL version and library compatibility -if [[ "$OPENSSL_VERSION" =~ ^0.* || "$OPENSSL_VERSION" =~ ^1\.0.* ]]; then - if [[ "$LIBCRYPTO_VER" == "libcrypto.so.3" ]]; then +if [[ "${OPENSSL_VERSION}" =~ ^0.* || "${OPENSSL_VERSION}" =~ ^1\.0.* ]]; then + if [[ "${LIBCRYPTO_VER}" == "libcrypto.so.3" ]]; then echo -n "Skipping test: Module '${MODULE}' built with '${LIBCRYPTO_VER}'" echo "is incompatible with OpenSSL version '${OPENSSL_VERSION}'." exit 77 @@ -97,47 +124,53 @@ PUK=1234 ID=01020304 # Initialize the SoftHSM DB -init_db () { - if [[ -x "/usr/bin/softhsm" ]]; then - export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - SLOT="--slot 0" - fi - - if [[ -x "/usr/local/bin/softhsm2-util" ]]; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/local/bin/softhsm2-util" - SLOT="--free " - fi - - if [[ -x "/opt/local/bin/softhsm2-util" ]]; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/opt/local/bin/softhsm2-util" - SLOT="--free " - fi - - if [[ -x "/usr/bin/softhsm2-util" ]]; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - SLOT="--free " - fi +init_db() { + # Define potential paths for SoftHSM tools + local SOFTHSM_TOOL_SEARCH_PATHS=( + "/usr/bin/softhsm" + "/usr/local/bin/softhsm2-util" + "/opt/local/bin/softhsm2-util" + "/usr/bin/softhsm2-util" + "/opt/homebrew/bin/softhsm2-util" + ) + + # Detect available SoftHSM tool and configure paths + for tool in "${SOFTHSM_TOOL_SEARCH_PATHS[@]}"; do + if [[ -x "$tool" ]]; then + SOFTHSM_TOOL="$tool" + if [[ "$tool" == *softhsm2-util ]]; then + export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" + SLOT="--free" + else + export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" + SLOT="--slot 0" + fi + break + fi + done - if [[ -z ${SOFTHSM_TOOL} ]]; then - echo "Could not find softhsm(2) tool" + # Exit if no tool was found + if [[ -z "${SOFTHSM_TOOL}" ]]; then + echo "Skipping test: No softhsm or softhsm2-util tool found in expected locations." exit 77 fi - if [[ -n ${SOFTHSM2_CONF} ]]; then - rm -rf $outdir/softhsm-testpkcs11.db - mkdir -p $outdir/softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> \ - ${SOFTHSM2_CONF} + # Initialize SoftHSM configuration and database + local db_dir="$outdir/softhsm-testpkcs11.db" + rm -rf "$db_dir" + mkdir -p "$db_dir" + + if [[ -n "${SOFTHSM2_CONF}" ]]; then + cat < "${SOFTHSM2_CONF}" +objectstore.backend = file +directories.tokendir = $db_dir +EOF else - rm -rf $outdir/softhsm-testpkcs11.db - echo "0:$outdir/softhsm-testpkcs11.db" > ${SOFTHSM_CONF} + echo "0:$db_dir" > "${SOFTHSM_CONF}" fi - echo "SOFTHSM2_CONF=${SOFTHSM2_CONF}" + + echo "SoftHSM tool: ${SOFTHSM_TOOL}" + echo "Configuration: ${SOFTHSM2_CONF:-$SOFTHSM_CONF}" } # Initialize a token in the first available slot @@ -226,7 +259,7 @@ import_objects () { echo -n "* Importing the ${key_type} ${param} object id=${obj_id}" echo -n " into the token ${token_label} ... " pkcs11-tool --login --pin ${PIN} --module ${MODULE} \ - --token-label "${token_label}"\ + --token-label "${token_label}" \ --write-object "${srcdir}/${key_type}-${param}.der" \ --type ${param} \ --id ${obj_id} --label "${obj_label}" >/dev/null