Skip to content
xmlsec Tests

Run the FIPS CAST tests under lock during wolfprovider init #703

Sign in to view logs

Run the FIPS CAST tests under lock during wolfprovider init

Run the FIPS CAST tests under lock during wolfprovider init #703

Workflow file for this run

.github/workflows/xmlsec.yml at a640fb3
name: xmlsec Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfprovider:
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
fips: [ false ]
test_xmlsec:
runs-on: ubuntu-22.04
needs: build_wolfprovider
# Run inside Debian Bookworm to match packaging environment
container:
image: debian:bookworm
env:
DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
xmlsec_ref: [ 'xmlsec-1_2_37' ]
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
${{ env.WOLFSSL_PACKAGES_PATH }}
${{ env.OPENSSL_PACKAGES_PATH }}
${{ env.WOLFPROV_PACKAGES_PATH }}
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
printf "Installing OpenSSL/wolfProvider packages:\n"
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
- name: Install xmlsec dependencies
run: |
apt-get update
apt-get install -y automake autoconf libtool libtool-bin \
libltdl-dev libltdl7 libxml2-dev patch build-essential \
pkg-config libxml2-dev
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfSSL/osp
path: osp
fetch-depth: 1
- name: Download xmlsec
uses: actions/checkout@v4
with:
repository: lsh123/xmlsec
ref: ${{ matrix.xmlsec_ref }}
path: xmlsec
fetch-depth: 1
- name: Build xmlsec
working-directory: xmlsec
env:
XMLSEC_REF: ${{ matrix.xmlsec_ref }}
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/xmlsec/xmlsec-${{ matrix.xmlsec_ref }}-wolfprov.patch
./autogen.sh --disable-openssl3-engines --disable-dsa --without-nss \
--without-gnutls --without-gcrypt --disable-xmldsig \
--disable-crypto-dl --disable-apps-crypto-dl \
--disable-concatkdf --disable-tmpl-tests
make -j$(nproc)
# Remove the bundled openssl3.cnf since we use the default
rm -f tests/openssl3.cnf
- name: Run xmlsec tests
working-directory: xmlsec
shell: bash
run: |
set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
make check-keys | tee xmlsec-keys.log
make check-enc | tee xmlsec-enc.log
if grep -q "TOTAL FAILED: 0" xmlsec-enc.log && grep -q "TOTAL FAILED: 0" xmlsec-keys.log; then
TEST_RESULT=0
else
TEST_RESULT=1
fi
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} xmlsec