PROTON-2594: ci: setup environment for PKCS#11 test

Now that all pieces are in place, let's adapt out Github Action
workflow, so softhsm2, opensc (for pkcs11-tool) and pkcs11-provider
(for OpenSSL integration) are available and amend the ctest step
to source scripts/prep-pkcs11_test.sh, so the relevant environment
variables are exported.

Note that pkcs11-provider is so recent, that we need to update to
ubuntu-24.04 _and_ run apt update, because the used image doesn't
yet know about the package.

.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
       fail-fast: false
       matrix:
         os:
-        - ubuntu-latest
+        - ubuntu-24.04
         - macOS-13
         - windows-latest
         buildType:
@@ -47,7 +47,9 @@ jobs:
     - name: Install Linux dependencies
       if: runner.os == 'Linux'
       run: |
-        sudo apt install -y swig libpython3-dev libsasl2-dev libjsoncpp-dev
+        sudo apt update
+        sudo apt install -y swig libpython3-dev libsasl2-dev libjsoncpp-dev \
+          softhsm2 pkcs11-provider opensc
     - name: Install Windows dependencies
       if: runner.os == 'Windows'
       run: |
@@ -88,7 +90,13 @@ jobs:
     - id: ctest
       name: ctest
       working-directory: ${{env.BuildDir}}
-      run: ctest -C ${BuildType} -V -T Test --no-compress-output ${{matrix.ctest_extra}}
+      run: |
+        if [ "$RUNNER_OS" = "Linux" ]; then
+          pushd ${{github.workspace}}
+          . scripts/prep-pkcs11_test.sh
+          popd
+        fi
+        ctest -C ${BuildType} -V -T Test --no-compress-output ${{matrix.ctest_extra}}
       shell: bash
     - name: Upload Test results
       if: always() && (steps.ctest.outcome == 'failure' || steps.ctest.outcome == 'success')

scripts/prep-pkcs11_test.sh

@@ -21,7 +21,6 @@
 
 KEYDIR="$(readlink -f cpp/testdata/certs)"
 
-
 if [ -z "$PKCS11_PROVIDER" ]; then
     export PKCS11_PROVIDER=$(openssl version -m | cut -d'"' -f2)/pkcs11.so
 fi
@@ -53,23 +52,27 @@ sed -r "s;@softhsmtokendir@;${softhsmtokendir};g" scripts/softhsm2.conf.in >$SOF
 
 export PKCS11_MODULE_LOAD_BEHAVIOR=late
 
+set -x
+
 softhsm2-util --delete-token --token proton-test 2>/dev/null || true
 softhsm2-util --init-token --free --label proton-test --pin tclientpw --so-pin tclientpw
 
-alias pkcs11-tool="pkcs11-tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw"
+pkcs11_tool () { pkcs11-tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw "$@"; }
 
-pkcs11-tool -l --label tclient --delete-object --type privkey 2>/dev/null || true
+pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tclient --delete-object --type privkey 2>/dev/null || true
 
-pkcs11-tool -l --label tclient --id 2222 \
+pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tclient --id 2222 \
     --write-object "$KEYDIR/client-certificate.pem" --type cert --usage-sign
-pkcs11-tool -l --label tclient --id 2222 \
+pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tclient --id 2222 \
     --write-object "$KEYDIR/client-private-key-no-password.pem" --type privkey --usage-sign
 
-pkcs11-tool -l --label tserver --id 4444 \
+pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tserver --id 4444 \
     --write-object "$KEYDIR/server-certificate-lh.pem" --type cert --usage-sign
-pkcs11-tool -l --label tserver --id 4444 \
+pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tserver --id 4444 \
     --write-object "$KEYDIR/server-private-key-lh-no-password.pem" --type privkey --usage-sign
 
+set +x
+
 # Workaround for https://github.com/latchset/pkcs11-provider/issues/419
 export PKCS11_MODULE_LOAD_BEHAVIOR=early