Add support for PKCS#11 3.2 validation objects #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Test kryoptic FIPS module | |
| on: [push, pull_request, workflow_dispatch] | |
| jobs: | |
| build: | |
| name: Test kryoptic FIPS module | |
| runs-on: ubuntu-22.04 | |
| container: quay.io/fedora/fedora:latest | |
| steps: | |
| ################# | |
| ### DNF cache ### | |
| ################# | |
| - name: Get Date for DNF cache entry | |
| id: get-date | |
| run: | | |
| echo "date=$(/bin/date -u "+%Y%V")" >> $GITHUB_OUTPUT | |
| shell: bash | |
| - name: Restore DNF cache | |
| uses: actions/cache/restore@v4 | |
| id: cache-dnf | |
| with: | |
| path: "/var/cache/libdnf5" | |
| key: fedora-dnf-${{ steps.get-date.outputs.date }} | |
| - name: Install Dependencies | |
| run: | | |
| dnf -y install git cargo clang-devel openssl-devel sqlite-devel \ | |
| 'perl(FindBin)' 'perl(lib)' 'perl(File::Compare)' \ | |
| 'perl(File::Copy)' 'perl(bigint)' 'perl(Time::HiRes)' \ | |
| 'perl(IPC::Cmd)' 'perl(Pod::Html)' 'perl(Digest::SHA)' \ | |
| 'perl(Module::Load::Conditional)' 'perl(File::Temp)' \ | |
| 'perl(Test::Harness)' 'perl(Test::More)' 'perl(Math::BigInt)' \ | |
| 'perl(Time::Piece)' zlib-devel sed sqlite-devel | |
| - name: DNF cache | |
| if: ${{ steps.cache-dnf.outputs.cache-hit != 'true' }} | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: "/var/cache/libdnf5" | |
| key: fedora-dnf-${{ steps.get-date.outputs.date }} | |
| ##################### | |
| ### OpenSSL build ### | |
| ##################### | |
| - name: Setup OpenSSL 3.5 | |
| id: ossl-setup | |
| run: | | |
| OPENSSL_BRANCH="openssl-3.5" | |
| cd .. | |
| git clone https://github.com/openssl/openssl.git \ | |
| --single-branch --branch $OPENSSL_BRANCH openssl | |
| cd openssl | |
| echo "KRYOPTIC_OPENSSL_SOURCES=$PWD" >> "$GITHUB_ENV" | |
| echo "cacheid=${{ runner.os }}-ossl-$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" | |
| - name: Restore OpenSSL build if cached | |
| uses: actions/cache/restore@v4 | |
| id: cache | |
| with: | |
| path: ${{ env.KRYOPTIC_OPENSSL_SOURCES }} | |
| key: ${{ steps.ossl-setup.outputs.cacheid }} | |
| - name: Build OpenSSL | |
| if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| run: | | |
| pushd ${{ env.KRYOPTIC_OPENSSL_SOURCES }} | |
| ./Configure | |
| make | |
| - name: Cache OpenSSL 3.5 build | |
| if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: ${{ env.KRYOPTIC_OPENSSL_SOURCES }} | |
| key: ${{ steps.ossl-setup.outputs.cacheid }} | |
| ###################### | |
| ### kryoptic build ### | |
| ###################### | |
| - name: Setup kryoptic | |
| run: | | |
| KRYOPTIC_REVISION="v1.3.1" | |
| cd .. | |
| git clone https://github.com/latchset/kryoptic.git \ | |
| --depth 1 --single-branch --revision $KRYOPTIC_REVISION kryoptic | |
| - name: Generate lock file | |
| run: | | |
| cd ../kryoptic && | |
| cargo generate-lockfile | |
| - name: Cache Rust dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| ../kryoptic/target/ | |
| key: fedora-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Build kryoptic | |
| run: | | |
| FEATURES="fips,pqc,dummy-integrity" | |
| OPTS="--no-default-features" | |
| cd ../kryoptic && | |
| cargo build -vv $OPTS --features "$FEATURES" | |
| - uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: Build logs OpenSSL version 3.5 | |
| path: | | |
| target/debug/build/*/output | |
| - name: Checkout rust-cryptoki | |
| uses: actions/checkout@v4 | |
| ################# | |
| ### the tests ### | |
| ################# | |
| - name: Run test script | |
| env: | |
| KRYOPTIC_CONF: /tmp/kryoptic.sql | |
| TEST_PKCS11_MODULE: /__w/rust-cryptoki/kryoptic/target/debug/libkryoptic_pkcs11.so | |
| OUT_DIR: /__w/rust-cryptoki/kryoptic/target/debug/deps/ | |
| run: | | |
| RUST_BACKTRACE=1 cargo build --all-features && | |
| RUST_BACKTRACE=1 cargo test | |