-
-
Notifications
You must be signed in to change notification settings - Fork 350
231 lines (196 loc) · 7.44 KB
/
Copy pathsigned-plugins.yml
File metadata and controls
231 lines (196 loc) · 7.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
name: Test Signed Plugins
on:
push:
branches: [ develop, feature/dig_sig_ver, feature/* ]
pull_request:
branches: [ develop ]
permissions:
contents: read
env:
CTEST_OUTPUT_ON_FAILURE: 1
jobs:
# Test signature verification in both serial and parallel configurations
test-signed-plugins:
name: "${{ matrix.config.name }}"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
config:
# Serial configurations
- name: "Serial (Debug + Shared)"
build_type: Debug
shared: ON
parallel: OFF
- name: "Serial (Release + Static)"
build_type: Release
shared: OFF
parallel: OFF
# Parallel configurations - test MPI collective verification
- name: "Parallel (Debug + Shared)"
build_type: Debug
shared: ON
parallel: ON
- name: "Parallel (Release + Shared)"
build_type: Release
shared: ON
parallel: ON
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install base dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
libssl-dev \
zlib1g-dev \
libaec-dev
- name: Install MPI dependencies
if: matrix.config.parallel == 'ON'
run: |
sudo apt-get install -y \
libopenmpi-dev \
openmpi-bin
- name: Generate test RSA key pair
run: |
echo "Generating test RSA key pair for CI testing..."
openssl genrsa -out ci-test-private.pem 2048
openssl rsa -in ci-test-private.pem -pubout -out ci-test-public.pem
echo "Test keys generated successfully"
ls -lh ci-test-*.pem
# Create KeyStore directory and add public key
mkdir -p ci-keystore
cp ci-test-public.pem ci-keystore/
echo "KeyStore directory created with public key"
ls -lh ci-keystore/
- name: Configure CMake
run: |
EXTRA_FLAGS=""
if [ "${{ matrix.config.parallel }}" == "ON" ]; then
EXTRA_FLAGS="-DMPIEXEC_PREFLAGS=--oversubscribe"
fi
cmake -B build \
-DCMAKE_BUILD_TYPE=${{ matrix.config.build_type }} \
-DHDF5_REQUIRE_SIGNED_PLUGINS:BOOL=ON \
-DHDF5_PLUGIN_KEYSTORE_DIR="${PWD}/ci-keystore" \
-DHDF5_ENABLE_PARALLEL:BOOL=${{ matrix.config.parallel }} \
-DBUILD_SHARED_LIBS:BOOL=${{ matrix.config.shared }} \
-DBUILD_STATIC_LIBS:BOOL=ON \
-DBUILD_TESTING:BOOL=ON \
-DHDF5_BUILD_TOOLS:BOOL=ON \
-DHDF5_ENABLE_ZLIB_SUPPORT:BOOL=ON \
-DHDF5_ENABLE_SZIP_SUPPORT:BOOL=ON \
$EXTRA_FLAGS
- name: Copy private key to build directory
run: |
echo "Copying private key to build directory for plugin signing..."
cp ci-test-private.pem build/private.pem
mkdir -p build/test
cp ci-test-private.pem build/test/private.pem
ls -lh build/private.pem build/test/private.pem
- name: Build
run: cmake --build build --parallel 4
- name: Verify signature test binary exists
run: |
if [ -f "build/bin/test_plugin_signature" ] || [ -f "build/bin/test_plugin_signature.exe" ]; then
echo "✓ Plugin signature verification test binary found"
ls -lh build/bin/test_plugin_signature* || true
else
echo "WARNING: Plugin signature verification test binary not found"
echo "This might be expected if HDF5_REQUIRE_SIGNED_PLUGINS is OFF"
fi
- name: Run Tests (Serial)
if: matrix.config.parallel == 'OFF'
run: |
cd build
ctest --parallel 4 --output-on-failure
# Explicitly run plugin signature verification test
echo ""
echo "Running plugin signature verification test..."
ctest --tests-regex "H5PLUGIN-signature-verification" --verbose
- name: Run Tests (Parallel)
if: matrix.config.parallel == 'ON'
run: |
cd build
# Run all tests including parallel tests
ctest --parallel 4 --output-on-failure
# Specifically test MPI tests to ensure collective verification is exercised
echo "Running MPI-specific tests..."
ctest --tests-regex "MPI_TEST" --verbose || echo "MPI tests completed"
# Explicitly run plugin signature verification test
echo ""
echo "Running plugin signature verification test..."
ctest --tests-regex "H5PLUGIN-signature-verification" --verbose
# Comprehensive test to verify signature verification logic paths
verify-signature-paths:
name: "Verify Signature Logic Paths"
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
libssl-dev \
zlib1g-dev \
libaec-dev \
libopenmpi-dev \
openmpi-bin
- name: Generate test RSA key pair
run: |
echo "Generating test RSA key pair for CI testing..."
openssl genrsa -out ci-test-private.pem 2048
openssl rsa -in ci-test-private.pem -pubout -out ci-test-public.pem
echo "Test keys generated successfully"
ls -lh ci-test-*.pem
# Create KeyStore directory and add public key
mkdir -p ci-keystore
cp ci-test-public.pem ci-keystore/
echo "KeyStore directory created with public key"
ls -lh ci-keystore/
- name: Configure CMake (Parallel with all features)
run: |
cmake -B build \
-DCMAKE_BUILD_TYPE=Debug \
-DHDF5_REQUIRE_SIGNED_PLUGINS:BOOL=ON \
-DHDF5_PLUGIN_KEYSTORE_DIR="${PWD}/ci-keystore" \
-DHDF5_ENABLE_PARALLEL:BOOL=ON \
-DMPIEXEC_PREFLAGS=--oversubscribe \
-DBUILD_SHARED_LIBS:BOOL=ON \
-DBUILD_TESTING:BOOL=ON \
-DHDF5_BUILD_TOOLS:BOOL=ON \
-DHDF5_ENABLE_ZLIB_SUPPORT:BOOL=ON
- name: Copy private key to build directory
run: |
echo "Copying private key to build directory for plugin signing..."
cp ci-test-private.pem build/private.pem
mkdir -p build/test
cp ci-test-private.pem build/test/private.pem
ls -lh build/private.pem build/test/private.pem
- name: Build
run: cmake --build build --parallel 4
- name: Verify H5PL__verify_plugin_signature is compiled
run: |
echo "Checking that signature verification function is present..."
grep -r "H5PL__verify_plugin_signature" src/H5PLint.c || true
- name: Verify signature verification code exists
run: |
echo "Checking signature verification implementation..."
grep -A 3 "Verify plugin signature" src/H5PLint.c
echo "All ranks verify independently in both serial and parallel modes"
- name: Run comprehensive tests
run: |
cd build
# Run full test suite
ctest --output-on-failure --verbose
- name: Verify plugin signature tests execute
run: |
cd build
echo "========================================"
echo "Running Plugin Signature Verification Tests"
echo "========================================"
# Run signature verification tests explicitly and fail on any error
ctest --tests-regex "H5PLUGIN-signature-verification" --verbose
echo ""
echo "Plugin signature verification tests completed successfully!"