From 2f7d86328ea9678f6c8a7da6e716ba4d6fc42071 Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 4 Dec 2024 13:38:10 +0100 Subject: [PATCH] Improved CI workflow --- .github/workflows/ci.yml | 57 ++++++++++---- tests/common.sh | 155 ++++++++++++++++++++++++--------------- 2 files changed, 137 insertions(+), 75 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c9a04d22..68a7d5cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,39 +9,67 @@ env: version: 0.4.13_git jobs: - unix: + build: strategy: fail-fast: false matrix: include: - - os: 'ubuntu-22.04' - - os: 'ubuntu-20.04' - - os: 'macOS-latest' + - id: ubuntu-24.04 + triplet: x64-linux + compiler: gcc + os: ubuntu-24.04 + generator: Unix Makefiles + - id: ubuntu-22.04 + triplet: x64-linux + compiler: gcc + os: ubuntu-22.04 + generator: Unix Makefiles + - id: ubuntu-20.04 + triplet: x64-linux + compiler: gcc + os: ubuntu-20.04 + generator: Unix Makefiles + - id: macOS-3 openssl: 'openssl@3' - - os: 'macOS-latest' + triplet: x64-osx + compiler: clang + os: macOS-latest + generator: Unix Makefiles + - id: macOS-1.1 openssl: 'openssl@1.1' + triplet: x64-osx + compiler: clang + os: macOS-latest + generator: Unix Makefiles runs-on: ${{matrix.os}} - env: - PKG_CONFIG_PATH: /usr/local/opt/${{matrix.openssl}}/lib/pkgconfig - steps: - uses: actions/checkout@v4 - name: Install apt dependencies (Linux) if: runner.os == 'Linux' - run: sudo apt-get install -y libssl-dev opensc softhsm + run: | + sudo apt-get update + sudo apt-get install -y libssl-dev opensc softhsm2 - name: Install brew dependencies (macOS) if: runner.os == 'macOS' run: | - brew install libtool automake ${{matrix.openssl}} softhsm - brew install --cask opensc - echo "/usr/local/opt/${{matrix.openssl}}/bin" >> $GITHUB_PATH + brew install libtool automake opensc softhsm + + - name: Set environment variables (macOS) + if: runner.os == 'macOS' + run: | + echo "/opt/homebrew/bin" >> $GITHUB_PATH + echo "/opt/homebrew/opt/${{matrix.openssl}}/bin" >> $GITHUB_PATH + echo "PKG_CONFIG_PATH=/opt/homebrew/opt/${{matrix.openssl}}/lib/pkgconfig" >> $GITHUB_ENV - name: System information run: | + which pkcs11-tool + which softhsm2-util + which openssl openssl version -a echo "PATH=$PATH" @@ -58,9 +86,8 @@ jobs: timeout-minutes: 5 run: make check - - name: Results of failed tests - if: failure() - run: cat tests/test-suite.log || true + - name: Results of tests + run: cat ${{github.workspace}}/tests/test-suite.log || true windows: strategy: diff --git a/tests/common.sh b/tests/common.sh index 892ae645..b2494c05 100755 --- a/tests/common.sh +++ b/tests/common.sh @@ -28,22 +28,49 @@ echo "Output directory: ${outdir}" mkdir -p ${outdir} -for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 \ - /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do - if [[ -f "$i/libsofthsm2.so" ]]; then - MODULE="$i/libsofthsm2.so" - break - else - if [[ -f "$i/libsofthsm.so" ]]; then - MODULE="$i/libsofthsm.so" - break - fi - fi -done +#!/bin/bash -if [[ ! -x /usr/bin/pkcs11-tool && ! -x /usr/local/bin/pkcs11-tool ]]; then - echo "Skipping test: 'pkcs11-tool' not found. Please install the tool to proceed." - exit 77 +# List of directories to search +SOFTHSM_SEARCH_PATHS=( + "/opt/homebrew" + "/usr/local/lib/softhsm" + "/opt/local/lib/softhsm" + "/usr/lib64/pkcs11" + "/usr/lib64/softhsm" + "/usr/lib/x86_64-linux-gnu/softhsm" + "/usr/lib/softhsm" + "/usr/lib" +) + +PKCS11_TOOL_SEARCH_PATHS=( + "/opt/homebrew/Cellar" + "/opt/homebrew/bin" + "/usr/local/bin" + "/usr/bin" +) + +# Locate the SoftHSM library +MODULE=$(find "${SOFTHSM_SEARCH_PATHS[@]}" -type f -name "libsofthsm2.so" \ + -print -quit 2>/dev/null) + +# Output the result +if [[ -n "${MODULE}" ]]; then + echo "SoftHSM library found: ${MODULE}" +else + echo "Skipping test: SoftHSM library not found. Please install SoftHSM to proceed." + exit 77 +fi + +# Locate the pkcs11-tool +PKCS11_TOOL=$(find "${PKCS11_TOOL_SEARCH_PATHS[@]}" -type f -name "pkcs11-tool" \ + -print -quit 2>/dev/null) + +# Output the result +if [[ -n "${PKCS11_TOOL}" ]]; then + echo "pkcs11-tool found: ${PKCS11_TOOL}" +else + echo "Skipping test: 'pkcs11-tool' not found. Please install the tool to proceed." + exit 77 fi # Load openssl settings @@ -58,14 +85,16 @@ export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} # Check for ldd command if command -v ldd >/dev/null 2>&1; then LIBCRYPTO_VER=$(ldd "${MODULE}" | grep 'libcrypto' | awk '{print $1}') +elif command -v otool >/dev/null 2>&1; then + LIBCRYPTO_VER=$(otool -L "${MODULE}" | grep 'libcrypto' | awk '{print $1}') else - echo "Warning: ldd command not found. Skipping library version detection." + echo "Warning: Neither ldd nor otool command found. Skipping library version detection." LIBCRYPTO_VER="unknown" fi # Check OpenSSL version and library compatibility -if [[ "$OPENSSL_VERSION" =~ ^0.* || "$OPENSSL_VERSION" =~ ^1\.0.* ]]; then - if [[ "$LIBCRYPTO_VER" == "libcrypto.so.3" ]]; then +if [[ "${OPENSSL_VERSION}" =~ ^0.* || "${OPENSSL_VERSION}" =~ ^1\.0.* ]]; then + if [[ "${LIBCRYPTO_VER}" == "libcrypto.so.3" ]]; then echo -n "Skipping test: Module '${MODULE}' built with '${LIBCRYPTO_VER}'" echo "is incompatible with OpenSSL version '${OPENSSL_VERSION}'." exit 77 @@ -97,47 +126,53 @@ PUK=1234 ID=01020304 # Initialize the SoftHSM DB -init_db () { - if [[ -x "/usr/bin/softhsm" ]]; then - export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - SLOT="--slot 0" - fi - - if [[ -x "/usr/local/bin/softhsm2-util" ]]; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/local/bin/softhsm2-util" - SLOT="--free " - fi - - if [[ -x "/opt/local/bin/softhsm2-util" ]]; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/opt/local/bin/softhsm2-util" - SLOT="--free " - fi - - if [[ -x "/usr/bin/softhsm2-util" ]]; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - SLOT="--free " - fi - - if [[ -z ${SOFTHSM_TOOL} ]]; then - echo "Could not find softhsm(2) tool" - exit 77 - fi - - if [[ -n ${SOFTHSM2_CONF} ]]; then - rm -rf $outdir/softhsm-testpkcs11.db - mkdir -p $outdir/softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> \ - ${SOFTHSM2_CONF} - else - rm -rf $outdir/softhsm-testpkcs11.db - echo "0:$outdir/softhsm-testpkcs11.db" > ${SOFTHSM_CONF} - fi - echo "SOFTHSM2_CONF=${SOFTHSM2_CONF}" +init_db() { + # Define potential paths for SoftHSM tools + local SOFTHSM_TOOL_SEARCH_PATHS=( + "/usr/bin/softhsm" + "/usr/local/bin/softhsm2-util" + "/opt/local/bin/softhsm2-util" + "/usr/bin/softhsm2-util" + "/opt/homebrew/bin/softhsm2-util" + ) + + # Detect available SoftHSM tool and configure paths + for tool in "${SOFTHSM_TOOL_SEARCH_PATHS[@]}"; do + if [[ -x "$tool" ]]; then + SOFTHSM_TOOL="$tool" + if [[ "$tool" == *softhsm2-util ]]; then + export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" + SLOT="--free" + else + export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" + SLOT="--slot 0" + fi + break + fi + done + + # Exit if no tool was found + if [[ -z "${SOFTHSM_TOOL}" ]]; then + echo "Error: No softhsm or softhsm2-util tool found in expected locations." + exit 77 + fi + + # Initialize SoftHSM configuration and database + local db_dir="$outdir/softhsm-testpkcs11.db" + rm -rf "$db_dir" + mkdir -p "$db_dir" + + if [[ -n "${SOFTHSM2_CONF}" ]]; then + cat < "${SOFTHSM2_CONF}" +objectstore.backend = file +directories.tokendir = $db_dir +EOF + else + echo "0:$db_dir" > "${SOFTHSM_CONF}" + fi + + echo "SoftHSM tool: ${SOFTHSM_TOOL}" + echo "Configuration: ${SOFTHSM2_CONF:-$SOFTHSM_CONF}" } # Initialize a token in the first available slot @@ -226,7 +261,7 @@ import_objects () { echo -n "* Importing the ${key_type} ${param} object id=${obj_id}" echo -n " into the token ${token_label} ... " pkcs11-tool --login --pin ${PIN} --module ${MODULE} \ - --token-label "${token_label}"\ + --token-label "${token_label}" \ --write-object "${srcdir}/${key_type}-${param}.der" \ --type ${param} \ --id ${obj_id} --label "${obj_label}" >/dev/null