Skip to content

Run the FIPS CAST tests under lock during wolfprovider init #1148

Run the FIPS CAST tests under lock during wolfprovider init

Run the FIPS CAST tests under lock during wolfprovider init #1148

Workflow file for this run

name: tcpdump Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build_wolfprovider:
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
fips: [ false ]
test_tcpdump:
runs-on: ubuntu-22.04
container:
image: debian:bookworm
env:
DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
timeout-minutes: 15
strategy:
matrix:
tcpdump_ref: [ 'tcpdump-4.99.3' ]
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
${{ env.WOLFSSL_PACKAGES_PATH }}
${{ env.OPENSSL_PACKAGES_PATH }}
${{ env.WOLFPROV_PACKAGES_PATH }}
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
printf "Installing OpenSSL/wolfProvider packages:\n"
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
- name: Install test dependencies
run: |
apt-get update
apt-get install -y build-essential flex bison autoconf libtool\
libpcap-dev
- name: Checkout libpcap
uses: actions/checkout@v4
with:
repository: the-tcpdump-group/libpcap
path: libpcap_repo
# Compiling tcpdump from source explicitly requires a built libpcap installation
- name: Build and install libpcap
working-directory: libpcap_repo
run: |
./autogen.sh
./configure --prefix=$GITHUB_WORKSPACE/libpcap-install
make -j$(nproc)
make install
- name: Checkout tcpdump
uses: actions/checkout@v4
with:
repository: the-tcpdump-group/tcpdump
path: tcpdump_repo
ref: ${{ matrix.tcpdump_ref }}
- name: Build and install tcpdump
working-directory: tcpdump_repo
run: |
if [ -f ./autogen.sh ]; then
./autogen.sh
elif [ ! -f ./configure ]; then
autoreconf -fiv
fi
export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/libpcap-install/lib/pkgconfig:$PKG_CONFIG_CONFIG:$PKG_CONFIG_PATH
./configure --prefix=$GITHUB_WORKSPACE/tcpdump-install --with-pcap=$GITHUB_WORKSPACE/libpcap-install
make -j$(nproc)
make install
- name: Run tcpdump tests
working-directory: tcpdump_repo
shell: bash
run: |
set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
# Run tests
make check 2>&1 | tee tcpdump-test.log
# Capture the test result using PIPESTATUS (Bash only)
TEST_RESULT=${PIPESTATUS[0]}
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tcpdump