-
Notifications
You must be signed in to change notification settings - Fork 68
141 lines (121 loc) · 4.21 KB
/
openssl.yml
File metadata and controls
141 lines (121 loc) · 4.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---
name: OpenSSL master
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
env:
OPENSSL_WITH_27483_FIX: 1
jobs:
setup:
name: Build OpenSSL from master branch
runs-on: ubuntu-22.04
container: quay.io/fedora/fedora:rawhide
steps:
- name: Get Date for DNF cache entry
id: get-date-dnf
run: |
echo "date=$(/bin/date -u "+%Y%V")" >> $GITHUB_OUTPUT
shell: bash
- name: DNF cache
uses: actions/cache@v4
with:
path: |
/var/cache/libdnf5
key: ${{ runner.os }}-dnf-openssl-${{ steps.get-date-dnf.outputs.date }}
- name: Install Dependencies
run: |
dnf -y install perl-FindBin perl-IPC-Cmd perl-File-Compare \
perl-File-Copy perl-Pod-Html perl-Time-Piece git clang
- name: Checkout Repository
uses: actions/checkout@v4
- name: Get Date for /opt cache entry
id: get-date-opt
run: |
echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
shell: bash
- name: /opt cache
id: cache-opt
uses: actions/cache@v4
with:
path: /opt
key: ${{ runner.os }}-opt-${{ steps.get-date-opt.outputs.date }}
- name: Get OpenSSL
if: steps.cache-opt.outputs.cache-hit != 'true'
run: |
git clone https://github.com/openssl/openssl.git
- name: Config, build and install OpenSSL
if: steps.cache-opt.outputs.cache-hit != 'true'
run: |
cd openssl
./config --prefix=/opt && make && make install_sw
build:
name: Build and test pkcs11-provider
needs: setup
runs-on: ubuntu-22.04
container: quay.io/fedora/fedora:rawhide
steps:
- name: Get Date for DNF cache entry
id: get-date-dnf
run: |
echo "date=$(/bin/date -u "+%Y%V")" >> $GITHUB_OUTPUT
shell: bash
- name: DNF cache
uses: actions/cache@v4
with:
path: |
/var/cache/libdnf5
key: ${{ runner.os }}-dnf-openssl-${{ steps.get-date-dnf.outputs.date }}
- name: Install Dependencies
run: |
dnf -y install clang meson cargo expect pkgconf-pkg-config opensc \
p11-kit-devel gcc g++ sqlite-devel python3-six which cmake \
nss-softokn nss-tools nss-softokn-devel nss-devel softhsm \
kryoptic
- name: Checkout Repository
uses: actions/checkout@v4
- name: Get Date for /opt cache entry
id: get-date-opt
run: |
echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
shell: bash
- name: Fetch built openssl from cache
id: cache-opt
uses: actions/cache@v4
with:
path: /opt
key: ${{ runner.os }}-opt-${{ steps.get-date-opt.outputs.date }}
fail-on-cache-miss: true
- name: Setup and build pkcs11-provider
run: |
export LD_LIBRARY_PATH="/opt/lib64/:$LD_LIBRARY_PATH"
export PATH="/opt/bin:$PATH"
export PKG_CONFIG_PATH="/opt/lib64/pkgconfig"
meson setup builddir
meson compile -C builddir
- name: Test
run: |
export LD_LIBRARY_PATH="/opt/lib64/:$LD_LIBRARY_PATH"
export PATH="/opt/bin:$PATH"
# FIXME: Temporarily disable Montgomery curves in groups until we
# we find out the underlying failure or kryoptic is built with a
# newer version that does not fail
export NO_ECX_IN_TLS=1
meson test --num-processes 1 -C builddir
- name: Test (with Montgomery curves, expecting failure)
run: |
export LD_LIBRARY_PATH="/opt/lib64/:$LD_LIBRARY_PATH"
export PATH="/opt/bin:$PATH"
# Re-run and expect an error, so we can catch when we can re-add
# Montgomery curve groups in the above test. If this test passes,
# the workflow will fail to indicate that the workaround can be
# removed.
! meson test --num-processes 1 -C builddir
- uses: actions/upload-artifact@v4
if: failure()
with:
name: Test logs
path: |
builddir/meson-logs/
builddir/tests/*.log