When installing in standalone mode, don't modify system config #663
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: KRB5 Tests | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| build_wolfprovider: | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| fips_ref: ${{ matrix.fips_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.2-stable' ] | |
| openssl_ref: [ 'openssl-3.5.2' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true ] | |
| test_krb5: | |
| runs-on: ubuntu-22.04 | |
| needs: build_wolfprovider | |
| container: | |
| image: debian:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| # This should be a safe limit for the tests to run. | |
| timeout-minutes: 30 | |
| strategy: | |
| matrix: | |
| krb5_ref: [ 'krb5-1.20.1-final' ] | |
| wolfssl_ref: [ 'v5.8.2-stable' ] | |
| openssl_ref: [ 'openssl-3.5.2' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] | |
| replace_default: [ true ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download packages from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} | |
| path: /tmp | |
| - name: Install wolfSSL/OpenSSL/wolfprov packages | |
| run: | | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh \ | |
| ${{ matrix.replace_default && '--replace-default' || '' }} \ | |
| ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} | |
| - name: Install KRB5 dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y \ | |
| build-essential autoconf automake libtool \ | |
| bison flex libldap2-dev libkeyutils-dev \ | |
| libverto-dev libcom-err2 comerr-dev \ | |
| libss2 ss-dev | |
| - name: Checkout KRB5 | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: krb5/krb5 | |
| path: krb5 | |
| ref: ${{ matrix.krb5_ref }} | |
| fetch-depth: 1 | |
| - name: Checkout OSP | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: wolfssl/osp | |
| path: osp | |
| fetch-depth: 1 | |
| - run: | | |
| cd krb5 | |
| # Apply the wolfProvider patch | |
| if [ "${{ matrix.fips_ref }}" = "FIPS" ]; then | |
| patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/krb5/${{ matrix.krb5_ref }}-wolfprov-fips.patch | |
| else | |
| patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/krb5/${{ matrix.krb5_ref }}-wolfprov.patch | |
| fi | |
| - name: Build and test KRB5 with wolfProvider | |
| working-directory: krb5 | |
| shell: bash | |
| run: | | |
| set +o pipefail # ignore errors from make check | |
| # Build KRB5 | |
| cd src | |
| autoreconf -fiv | |
| ./configure \ | |
| --prefix=$GITHUB_WORKSPACE/krb5-install \ | |
| --with-crypto-impl=openssl \ | |
| --disable-pkinit \ | |
| CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" \ | |
| LDFLAGS="-L$GITHUB_WORKSPACE/openssl-install/lib64 -Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64" | |
| make -j$(nproc) | |
| make install | |
| export ${{ matrix.force_fail }} | |
| # Run tests and save output | |
| make check 2>&1 | tee krb5-test.log | |
| TEST_RESULT=${PIPESTATUS[0]} | |
| $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} krb5 |