-
Notifications
You must be signed in to change notification settings - Fork 9
/
build-template.yml
96 lines (88 loc) · 3.51 KB
/
build-template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
parameters:
- name: pool
type: object
default:
vmImage: ubuntu-20.04
- name: arch
type: string
default: amd64
jobs:
- job:
displayName: Build-${{ parameters.arch }}
timeoutInMinutes: 600
pool: ${{ parameters.pool }}
container:
image: debian:bullseye
options: "--name ci-container -v /usr/bin/docker:/tmp/docker:ro"
steps:
- script: |
/tmp/docker exec -t -u 0 ci-container \
sh -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confold" -y install sudo"
displayName: 'Install Sudo in container'
- script: |
sudo rm -rf $(ls -A1)
displayName: 'Clean Workspace'
- script: |
sudo mkdir -p $HOME
sudo chown $USER $HOME
sudo apt-get update
sudo apt-get install -y cmake git make build-essential quilt debhelper bc python3 python3-pip sudo libssl-dev libgcc-10-dev
sudo apt-get install -y clang
sudo apt-get install -y openssl libssl-dev libssl1.1
sudo apt-get install -y dh-exec dh-runit libaudit-dev libedit-dev libfido2-dev libgtk-3-dev libkrb5-dev
sudo apt-get install -y libwrap-dev pkg-config
sudo apt-get install -y libpam-dev libselinux1-dev libsystemd-dev libwrap0-dev
# Build Golang
sudo apt-get install -y golang
# Build Python
sudo apt-get install -y lsb-release sharutils libreadline-dev libncursesw5-dev libbz2-dev liblzma-dev libgdbm-dev libdb-dev tk-dev blt-dev libexpat1-dev libmpdec-dev libbluetooth-dev locales-all libsqlite3-dev media-types
sudo apt-get install -y time net-tools xvfb systemtap-sdt-dev python3-sphinx python3-docs-theme texinfo
# Build krb5
sudo apt-get install -y ss-dev libldap2-dev libc6-dev libkeyutils-dev byacc docbook-to-man libsasl2-dev libverto-dev python3-cheetah python3-lxml doxygen doxygen-latex tex-gyre
sudo pip3 install blurb
mkdir -p $(Pipeline.Workspace)/target
displayName: 'Install packages'
- checkout: self
submodules: true
- script: |
cd src/SymCrypt
git submodule update --init -- jitterentropy-library
displayName: 'Checkout Symcrypt submodules'
- script: |
set -ex
sudo mkdir -p $HOME
sudo pip3 install -r src/SymCrypt/scripts/requirements.txt
ARCH=${{ parameters.arch }} make symcrypt
sudo dpkg -i target/symcrypt-openssl*.deb
displayName: 'Build and install symcrypt'
- script: |
set -ex
ARCH=${{ parameters.arch }} make openssl
sudo dpkg -i target/libssl*.deb target/openssl*.deb
displayName: 'Build and install openssl'
- script: |
set -ex
sudo mkdir -p /etc/fips
echo 1 | sudo tee /etc/fips/fips_enable
openssl engine -v | grep -i symcrypt
pushd src/openssl
git clean -xdf
git checkout -- .
popd
ARCH=${{ parameters.arch }} TARGET_PATH=target-test make openssl
echo 0 | sudo tee /etc/fips/fips_enable
displayName: 'Test openssl with fips enabled'
- script: |
ARCH=${{ parameters.arch }} make all
displayName: 'Build others'
- publish: $(System.DefaultWorkingDirectory)/target
artifact: fips-symcrypt-${{ parameters.arch }}
displayName: "Archive packages"
- publish: $(Build.ArtifactStagingDirectory)
condition: failed()
artifact: '$fips-symcrypt-${{ parameters.arch }}-(System.JobAttempt)'
displayName: "Archive failed packages"