Run the FIPS CAST tests under lock during wolfprovider init #1148
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tcpdump Tests | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build_wolfprovider: | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.2-stable' ] | |
| openssl_ref: [ 'openssl-3.5.2' ] | |
| replace_default: [ true ] | |
| fips: [ false ] | |
| test_tcpdump: | |
| runs-on: ubuntu-22.04 | |
| container: | |
| image: debian:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| needs: build_wolfprovider | |
| timeout-minutes: 15 | |
| strategy: | |
| matrix: | |
| tcpdump_ref: [ 'tcpdump-4.99.3' ] | |
| wolfssl_ref: [ 'v5.8.2-stable' ] | |
| openssl_ref: [ 'openssl-3.5.2' ] | |
| force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] | |
| replace_default: [ true ] | |
| fips: [ false ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Checking OpenSSL/wolfProvider packages in cache | |
| uses: actions/cache/restore@v4 | |
| id: wolfprov-cache | |
| with: | |
| path: | | |
| ${{ env.WOLFSSL_PACKAGES_PATH }} | |
| ${{ env.OPENSSL_PACKAGES_PATH }} | |
| ${{ env.WOLFPROV_PACKAGES_PATH }} | |
| key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} | |
| fail-on-cache-miss: true | |
| - name: Install wolfSSL/OpenSSL/wolfprov packages | |
| run: | | |
| printf "Installing OpenSSL/wolfProvider packages:\n" | |
| ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} | |
| ls -la ${{ env.OPENSSL_PACKAGES_PATH }} | |
| ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} | |
| - name: Install test dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y build-essential flex bison autoconf libtool\ | |
| libpcap-dev | |
| - name: Checkout libpcap | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: the-tcpdump-group/libpcap | |
| path: libpcap_repo | |
| # Compiling tcpdump from source explicitly requires a built libpcap installation | |
| - name: Build and install libpcap | |
| working-directory: libpcap_repo | |
| run: | | |
| ./autogen.sh | |
| ./configure --prefix=$GITHUB_WORKSPACE/libpcap-install | |
| make -j$(nproc) | |
| make install | |
| - name: Checkout tcpdump | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: the-tcpdump-group/tcpdump | |
| path: tcpdump_repo | |
| ref: ${{ matrix.tcpdump_ref }} | |
| - name: Build and install tcpdump | |
| working-directory: tcpdump_repo | |
| run: | | |
| if [ -f ./autogen.sh ]; then | |
| ./autogen.sh | |
| elif [ ! -f ./configure ]; then | |
| autoreconf -fiv | |
| fi | |
| export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/libpcap-install/lib/pkgconfig:$PKG_CONFIG_CONFIG:$PKG_CONFIG_PATH | |
| ./configure --prefix=$GITHUB_WORKSPACE/tcpdump-install --with-pcap=$GITHUB_WORKSPACE/libpcap-install | |
| make -j$(nproc) | |
| make install | |
| - name: Run tcpdump tests | |
| working-directory: tcpdump_repo | |
| shell: bash | |
| run: | | |
| set +o pipefail # ignore errors from make check | |
| export ${{ matrix.force_fail }} | |
| # Run tests | |
| make check 2>&1 | tee tcpdump-test.log | |
| # Capture the test result using PIPESTATUS (Bash only) | |
| TEST_RESULT=${PIPESTATUS[0]} | |
| $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tcpdump | |