1+ name : wolfPKCS11 NSS gtests
2+
3+ on :
4+ push :
5+ branches : [ main, master, nss ]
6+ pull_request :
7+ branches : [ main, master, nss ]
8+ workflow_dispatch :
9+
10+ env :
11+ NSPR_VERSION : NSPR_4_36_BRANCH
12+ WOLFSSL_VERSION : v5.8.0-stable
13+ # NSS_DEBUG_PKCS11_MODULE: wolfPKCS11
14+ # NSPR_LOG_MODULES: all:5
15+ # NSPR_LOG_FILE: /logs/nss.log
16+ # NSS_OUTPUT_FILE: /logs/stats.log
17+ # NSS_STRICT_NOFORK: 1
18+ # NSS_DEBUG: all
19+ HOST : localhost
20+ DOMSUF : localdomain
21+ NSS_TESTS : ssl_gtests
22+
23+ jobs :
24+ nss-cmsutil-test :
25+ runs-on : ubuntu-24.04
26+ if : github.repository_owner == 'wolfssl'
27+ steps :
28+ - name : Checkout repository
29+ uses : actions/checkout@v4
30+
31+ - name : Install system dependencies
32+ run : |
33+ sudo apt-get update
34+ sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \
35+ mercurial \
36+ python3 \
37+ python-is-python3 \
38+ python3-pip \
39+ gyp \
40+ ninja-build \
41+ build-essential \
42+ automake \
43+ libtool \
44+ git \
45+ pkg-config \
46+ poppler-utils \
47+ wget \
48+ enscript \
49+ ghostscript \
50+ gdb \
51+ vim \
52+ hexedit \
53+ openssl \
54+ ca-certificates
55+
56+ name : Cache NSPR
57+ id : cache-nspr
58+ uses : actions/cache@v4
59+ with :
60+ path : nspr
61+ key : nspr-${{ env.NSPR_VERSION }}
62+
63+ - name : Clone NSPR
64+ if : steps.cache-nspr.outputs.cache-hit != 'true'
65+ run : hg clone https://hg.mozilla.org/projects/nspr -r ${{ env.NSPR_VERSION }}
66+
67+ - name : Cache NSS source
68+ id : cache-nss-source
69+ uses : actions/cache@v4
70+ with :
71+ path : nss
72+ key : nss-source-fork
73+
74+ - name : Clone NSS
75+ if : steps.cache-nss-source.outputs.cache-hit != 'true'
76+ uses : actions/checkout@v4
77+ with :
78+ repository : LinuxJedi/nss
79+ path : nss
80+
81+ - name : Cache NSS build
82+ id : cache-nss-build
83+ uses : actions/cache@v4
84+ with :
85+ path : dist
86+ key : nss-build-fork
87+
88+ - name : Build NSS
89+ if : steps.cache-nss-build.outputs.cache-hit != 'true'
90+ working-directory : nss
91+ # Build NSS in release mode enabled (omit --opt to build in debug mode)
92+ run : ./build.sh -v --opt
93+
94+ - name : Restore wolfSSL
95+ id : cache-wolfssl
96+ uses : actions/cache/restore@v4
97+ with :
98+ path : build-dir
99+ key : wolfssl-${{ env.WOLFSSL_VERSION }}
100+
101+ - name : Clone and Build wolfSSL
102+ uses : wolfSSL/actions-build-autotools-project@v1
103+ if : steps.cache-wolfssl.outputs.cache-hit != 'true'
104+ with :
105+ repository : wolfssl/wolfssl
106+ ref : ${{ env.WOLFSSL_VERSION }}
107+ path : wolfssl
108+ configure : >-
109+ --enable-all --enable-aescfb --enable-cryptocb --enable-rsapss
110+ --enable-keygen --enable-pwdbased --enable-scrypt --with-eccminsz=192
111+ --with-max-rsa-bits=8192 --enable-rsapss
112+ CFLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DRSA_MIN_SIZE=1024 -DWOLFSSL_PSS_LONG_SALT"
113+ install : true
114+
115+ - name : Cache wolfSSL
116+ uses : actions/cache/save@v4
117+ if : steps.cache-wolfssl.outputs.cache-hit != 'true'
118+ with :
119+ path : build-dir
120+ key : wolfssl-${{ env.WOLFSSL_VERSION }}
121+
122+ - name : Build wolfPKCS11
123+ uses : wolfSSL/actions-build-autotools-project@v1
124+ with :
125+ path : wolfpkcs11
126+ configure : >-
127+ --enable-nss --enable-rsa --enable-rsaoaep --enable-rsapss
128+ --enable-keygen --enable-ecc --enable-dh --enable-aes
129+ --enable-aeskeywrap --enable-aescbc --enable-aesgcm --enable-aesctr
130+ --enable-aesccm --enable-aesecb --enable-aescmac --enable-hmac
131+ --enable-md5 --enable-sha --enable-sha1 --enable-sha224 --enable-sha256
132+ --enable-sha384 --enable-sha512
133+ CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -L$GITHUB_WORKSPACE/build-dir/lib"
134+ install : true
135+
136+ - name : Run NSS tests
137+ working-directory : nss/tests
138+ run : LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib ./all.sh
139+
0 commit comments