Store computed CKA_PUBLIC_KEY_INFO on keys #1460
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build | |
| on: | |
| pull_request: | |
| branches: ["main"] | |
| push: | |
| branches: ["main"] | |
| env: | |
| OPENSSL_BRANCH: kryoptic_ossl35 | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| name: [standard, i686, minimal, pqc, no_sha1] | |
| linking: [dynamic, static, fips] | |
| build: [debug, release] | |
| db: [sqlitedb, nssdb] # FIXME: Add "memorydb" when it will be persistent | |
| exclude: | |
| - name: no_sha1 # nssdb doesn't work with no_sha1 | |
| db: nssdb | |
| - name: minimal | |
| linking: fips | |
| - name: pqc # only works with openssl 3.5.0 so exclude dynamic | |
| linking: dynamic | |
| - name: pqc # already part of normal fips tests | |
| linking: fips | |
| - name: no_sha1 # already tested in fips and dynamic build | |
| linking: static | |
| - name: no_sha1 | |
| linking: fips | |
| container: quay.io/fedora/fedora:latest | |
| steps: | |
| - name: Get Date for DNF cache entry | |
| id: get-date | |
| run: | | |
| echo "date=$(/bin/date -u "+%Y%V")" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Restore DNF cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| /var/cache/libdnf5 | |
| key: ${{ runner.os }}-dnf-${{ steps.get-date.outputs.date }} | |
| - name: Install Dependencies | |
| run: | | |
| dnf -y install git cargo clang-devel openssl-devel \ | |
| 'perl(FindBin)' 'perl(lib)' 'perl(File::Compare)' \ | |
| 'perl(File::Copy)' 'perl(bigint)' 'perl(Time::HiRes)' \ | |
| 'perl(IPC::Cmd)' 'perl(Pod::Html)' 'perl(Digest::SHA)' \ | |
| 'perl(Module::Load::Conditional)' 'perl(File::Temp)' \ | |
| 'perl(Test::Harness)' 'perl(Test::More)' 'perl(Math::BigInt)' \ | |
| 'perl(Time::Piece)' zlib-devel sed sqlite-devel | |
| if [ "${{ matrix.name }}" = "i686" ]; then | |
| dnf -y install rust-std-static.i686 openssl-devel.i686 \ | |
| sqlite-devel.i686 | |
| if [ "${{ matrix.linking }}" != "dynamic" ]; then | |
| dnf -y install libatomic.i686 | |
| fi | |
| fi | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Setup OpenSSL | |
| if: ${{ matrix.linking == 'fips' || matrix.linking == 'static' }} | |
| id: ossl-setup | |
| run: | | |
| git config --global --add safe.directory /__w/kryoptic | |
| cd .. | |
| git clone https://github.com/simo5/openssl.git \ | |
| --single-branch --branch $OPENSSL_BRANCH openssl | |
| cd openssl | |
| echo "KRYOPTIC_OPENSSL_SOURCES=$PWD" >> "$GITHUB_ENV" | |
| OS=${{ runner.os }} | |
| if [ "${{ matrix.name }}" = "i686" ]; then | |
| OS="${OS}-i686" | |
| fi | |
| echo "cacheid=${OS}-ossl-$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" | |
| - name: Restore OpenSSL build | |
| if: ${{ matrix.linking == 'fips' || matrix.linking == 'static' }} | |
| uses: actions/cache/restore@v4 | |
| id: cache | |
| with: | |
| path: ${{ env.KRYOPTIC_OPENSSL_SOURCES }} | |
| key: ${{ steps.ossl-setup.outputs.cacheid }} | |
| - name: Generate lock file | |
| run: cargo generate-lockfile | |
| - name: Cache Rust dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Build & test | |
| run: | | |
| export KRYOPTIC_TESTS_DEFAULT_DB="${{ matrix.db }}" | |
| FEATURES="${{ matrix.db }}" | |
| OPTS="--no-default-features" | |
| FEATURE_SET="standard" | |
| export CC=clang | |
| if [ "${{ matrix.name }}" = "i686" ]; then | |
| OPTS="${OPTS} --target i686-unknown-linux-gnu" | |
| elif [ "${{ matrix.name }}" = "minimal" ]; then | |
| FEATURE_SET="minimal" | |
| elif [ "${{ matrix.name }}" = "pqc" ]; then | |
| FEATURES="${FEATURES},pqc,slow" | |
| elif [ "${{ matrix.name }}" = "no_sha1" ]; then | |
| FEATURES="${FEATURES},no_sha1" | |
| fi | |
| if [ "${{ matrix.linking }}" = "dynamic" ]; then | |
| FEATURES="${FEATURES},${FEATURE_SET},dynamic" | |
| elif [ "${{ matrix.linking }}" = "static" ]; then | |
| FEATURES="${FEATURES},${FEATURE_SET}" | |
| elif [ "${{ matrix.linking }}" = "fips" ]; then | |
| FEATURES="${FEATURES},fips" | |
| fi | |
| if [ "${{ matrix.build }}" = "release" ]; then | |
| OPTS="${OPTS} --release" | |
| fi | |
| # create a bugus configuration file to make sure it is not used during tests | |
| mkdir -p ~/.config/kryoptic/ | |
| cp testdata/test.conf ~/.config/kryoptic/token.conf | |
| cargo build -vv $OPTS --features "$FEATURES" | |
| cargo test -vv $OPTS --features "$FEATURES" | |
| - uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: Build logs ${{ matrix.name }}-${{ matrix.linking }}-${{ matrix.build }}-${{ matrix.db }} | |
| path: | | |
| target/debug/build/*/output | |
| - name: Show Build configs and logs on error | |
| if: failure() | |
| run: | | |
| cd ../openssl | |
| perl configdata.pm --dump | |
| - if: ${{ matrix.linking == 'fips' && steps.cache.outputs.cache-hit != 'true' }} | |
| name: Cache OpenSSL FIPS build (usable also for default, not vice versa) | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: ${{ env.KRYOPTIC_OPENSSL_SOURCES }} | |
| key: ${{ steps.ossl-setup.outputs.cacheid }} | |
| - if: ${{ matrix.name == 'i686' && steps.cache.outputs.cache-hit != 'true' }} | |
| name: Store DNF cache -- the i686 has the most dependencies | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: | | |
| /var/cache/libdnf5 | |
| key: ${{ runner.os }}-dnf-${{ steps.get-date.outputs.date }} |