From 378abfafbed09f909242c5a2812e51be2e1b8aaf Mon Sep 17 00:00:00 2001 From: Ahmad Fatoum Date: Mon, 28 Oct 2024 08:49:40 +0100 Subject: [PATCH] PROTON-2594: ci: setup environment for PKCS#11 test Now that all pieces are in place, let's adapt out Github Action workflow, so softhsm2, opensc (for pkcs11-tool) and pkcs11-provider (for OpenSSL integration) are available and amend the ctest step to source scripts/prep-pkcs11_test.sh, so the relevant environment variables are exported. Note that pkcs11-provider is so recent, that we need to update to ubuntu-24.04 _and_ run apt update, because the used image doesn't yet know about the package. --- .github/workflows/build.yml | 14 +++++++++++--- scripts/prep-pkcs11_test.sh | 17 ++++++++++------- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c8e7ba3b3..9a4f48a52 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,7 @@ jobs: fail-fast: false matrix: os: - - ubuntu-latest + - ubuntu-24.04 - macOS-13 - windows-latest buildType: @@ -47,7 +47,9 @@ jobs: - name: Install Linux dependencies if: runner.os == 'Linux' run: | - sudo apt install -y swig libpython3-dev libsasl2-dev libjsoncpp-dev + sudo apt update + sudo apt install -y swig libpython3-dev libsasl2-dev libjsoncpp-dev \ + softhsm2 pkcs11-provider opensc - name: Install Windows dependencies if: runner.os == 'Windows' run: | @@ -88,7 +90,13 @@ jobs: - id: ctest name: ctest working-directory: ${{env.BuildDir}} - run: ctest -C ${BuildType} -V -T Test --no-compress-output ${{matrix.ctest_extra}} + run: | + if [ "$RUNNER_OS" = "Linux" ]; then + pushd ${{github.workspace}} + . scripts/prep-pkcs11_test.sh + popd + fi + ctest -C ${BuildType} -V -T Test --no-compress-output ${{matrix.ctest_extra}} shell: bash - name: Upload Test results if: always() && (steps.ctest.outcome == 'failure' || steps.ctest.outcome == 'success') diff --git a/scripts/prep-pkcs11_test.sh b/scripts/prep-pkcs11_test.sh index 1314475c5..9de8a7a74 100644 --- a/scripts/prep-pkcs11_test.sh +++ b/scripts/prep-pkcs11_test.sh @@ -21,7 +21,6 @@ KEYDIR="$(readlink -f cpp/testdata/certs)" - if [ -z "$PKCS11_PROVIDER" ]; then export PKCS11_PROVIDER=$(openssl version -m | cut -d'"' -f2)/pkcs11.so fi @@ -53,23 +52,27 @@ sed -r "s;@softhsmtokendir@;${softhsmtokendir};g" scripts/softhsm2.conf.in >$SOF export PKCS11_MODULE_LOAD_BEHAVIOR=late +set -x + softhsm2-util --delete-token --token proton-test 2>/dev/null || true softhsm2-util --init-token --free --label proton-test --pin tclientpw --so-pin tclientpw -alias pkcs11-tool="pkcs11-tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw" +pkcs11_tool () { pkcs11-tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw "$@"; } -pkcs11-tool -l --label tclient --delete-object --type privkey 2>/dev/null || true +pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tclient --delete-object --type privkey 2>/dev/null || true -pkcs11-tool -l --label tclient --id 2222 \ +pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tclient --id 2222 \ --write-object "$KEYDIR/client-certificate.pem" --type cert --usage-sign -pkcs11-tool -l --label tclient --id 2222 \ +pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tclient --id 2222 \ --write-object "$KEYDIR/client-private-key-no-password.pem" --type privkey --usage-sign -pkcs11-tool -l --label tserver --id 4444 \ +pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tserver --id 4444 \ --write-object "$KEYDIR/server-certificate-lh.pem" --type cert --usage-sign -pkcs11-tool -l --label tserver --id 4444 \ +pkcs11_tool --module=$PKCS11_PROVIDER_MODULE --token-label proton-test --pin tclientpw -l --label tserver --id 4444 \ --write-object "$KEYDIR/server-private-key-lh-no-password.pem" --type privkey --usage-sign +set +x + # Workaround for https://github.com/latchset/pkcs11-provider/issues/419 export PKCS11_MODULE_LOAD_BEHAVIOR=early