X509ref: Add name_constraints & policy_mappings access #2410
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
branches: | |
- master | |
push: | |
branches: | |
- master | |
env: | |
RUSTFLAGS: -Dwarnings | |
RUST_BACKTRACE: 1 | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
contents: read # to fetch code (actions/checkout) | |
jobs: | |
rustfmt: | |
name: rustfmt | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: sfackler/actions/rustup@master | |
- uses: sfackler/actions/rustfmt@master | |
clippy: | |
name: clippy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: sfackler/actions/rustup@master | |
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
id: rust-version | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/index | |
key: index-${{ runner.os }}-${{ github.run_number }} | |
restore-keys: | | |
index-${{ runner.os }}- | |
- run: cargo generate-lockfile | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/cache | |
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
- run: cargo fetch | |
- uses: actions/cache@v4 | |
with: | |
path: target | |
key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
- run: cargo clippy --all --all-targets | |
min-version: | |
name: min-version | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Remember to also update `--rust-target` in `openssl-sys/build/run_bindgen.rs` | |
- uses: sfackler/actions/rustup@master | |
with: | |
version: 1.63.0 | |
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
id: rust-version | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/index | |
key: index-${{ runner.os }}-${{ github.run_number }} | |
restore-keys: | | |
index-${{ runner.os }}- | |
- run: cargo generate-lockfile | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/cache | |
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
- run: cargo fetch | |
- uses: actions/cache@v4 | |
with: | |
path: target | |
key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
- run: cargo check -p openssl | |
windows-vcpkg: | |
name: windows-vcpkg | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: sfackler/actions/rustup@master | |
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
id: rust-version | |
- run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append | |
- run: vcpkg install openssl:x64-windows-static-md | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/index | |
key: index-${{ runner.os }}-${{ github.run_number }} | |
restore-keys: | | |
index-${{ runner.os }}- | |
- run: cargo generate-lockfile | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/cache | |
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
- run: cargo fetch | |
- uses: actions/cache@v4 | |
with: | |
path: target | |
key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
# - run: cargo run -p systest | |
- run: cargo test -p openssl | |
- run: cargo test -p openssl-errors | |
macos-homebrew: | |
name: macos-homebrew | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: sfackler/actions/rustup@master | |
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
id: rust-version | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/index | |
key: index-${{ runner.os }}-${{ github.run_number }} | |
restore-keys: | | |
index-${{ runner.os }}- | |
- run: cargo generate-lockfile | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/cache | |
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
- run: cargo fetch | |
- run: cargo run -p systest | |
- run: cargo test -p openssl | |
- run: cargo test -p openssl-errors | |
linux: | |
strategy: | |
fail-fast: false | |
matrix: | |
target: | |
- x86_64-unknown-linux-gnu | |
- i686-unknown-linux-gnu | |
- arm-unknown-linux-gnueabihf | |
bindgen: | |
- true | |
- false | |
library: | |
- name: boringssl | |
version: e23fe9b6eecc10e4f9ea1f0027fea5eaee7bd6b6 | |
- name: openssl | |
version: vendored | |
- name: openssl | |
version: 3.4.0-beta1 | |
- name: openssl | |
version: 3.3.0 | |
- name: openssl | |
version: 3.2.0 | |
- name: openssl | |
old: true | |
version: 1.1.1w | |
- name: openssl | |
version: 1.1.0l | |
old: true | |
dl-path: /old/1.1.0 | |
- name: openssl | |
version: 1.0.2u | |
old: true | |
dl-path: /old/1.0.2 | |
- name: openssl | |
version: 1.0.1u | |
old: true | |
dl-path: /old/1.0.1 | |
include: | |
- target: x86_64-unknown-linux-gnu | |
bindgen: true | |
library: | |
name: libressl | |
version: 2.5.5 | |
- target: x86_64-unknown-linux-gnu | |
bindgen: true | |
library: | |
name: libressl | |
version: 3.8.4 | |
- target: x86_64-unknown-linux-gnu | |
bindgen: true | |
library: | |
name: libressl | |
version: 3.9.2 | |
- target: x86_64-unknown-linux-gnu | |
bindgen: true | |
library: | |
name: libressl | |
version: 4.0.0 | |
- target: x86_64-unknown-linux-gnu | |
bindgen: false | |
library: | |
name: libressl | |
version: 2.5.5 | |
- target: x86_64-unknown-linux-gnu | |
bindgen: false | |
library: | |
name: libressl | |
version: 3.8.4 | |
- target: x86_64-unknown-linux-gnu | |
bindgen: false | |
library: | |
name: libressl | |
version: 3.9.2 | |
- target: x86_64-unknown-linux-gnu | |
bindgen: false | |
library: | |
name: libressl | |
version: 4.0.0 | |
name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }} | |
runs-on: ubuntu-latest | |
env: | |
OPENSSL_DIR: /opt/openssl | |
CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc | |
CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_AR: arm-linux-gnueabihf-ar | |
CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER: qemu-arm -L /usr/arm-linux-gnueabihf | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: sfackler/actions/rustup@master | |
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT | |
id: rust-version | |
- run: rustup target add ${{ matrix.target }} | |
- name: Install packages | |
run: | | |
case "${{ matrix.target }}" in | |
"x86_64-unknown-linux-gnu") | |
exit 0 | |
;; | |
"i686-unknown-linux-gnu") | |
packages="gcc-multilib g++-multilib" | |
;; | |
"arm-unknown-linux-gnueabihf") | |
packages="gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf qemu-user" | |
;; | |
esac | |
sudo apt-get update | |
sudo apt-get install -y $packages | |
- run: sudo apt-get remove -y libssl-dev | |
- uses: actions/cache@v4 | |
with: | |
path: /opt/openssl | |
key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-6 | |
if: matrix.library.version != 'vendored' | |
id: openssl-cache | |
- run: | | |
echo "RUST_TEST_THREADS=1" >> $GITHUB_ENV | |
echo BINDGEN_EXTRA_CLANG_ARGS="--sysroot /usr/arm-linux-gnueabihf" >> $GITHUB_ENV | |
if: matrix.target == 'arm-unknown-linux-gnueabihf' | |
- name: Build OpenSSL | |
run: | | |
case "${{ matrix.library.name }}" in | |
"openssl") | |
if [[ "${{ matrix.library.old }}" == "true" ]]; then | |
url="https://www.openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz" | |
else | |
url="https://github.com/openssl/openssl/releases/download/openssl-${{ matrix.library.version }}/openssl-${{ matrix.library.version }}.tar.gz" | |
fi | |
tar_flags="--strip-components=1" | |
;; | |
"libressl") | |
url="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${{ matrix.library.version }}.tar.gz" | |
tar_flags="--strip-components=1" | |
;; | |
"boringssl") | |
url="https://boringssl.googlesource.com/boringssl/+archive/${{ matrix.library.version }}.tar.gz" | |
tar_flags="" | |
;; | |
esac | |
case "${{ matrix.target}}" in | |
"x86_64-unknown-linux-gnu") | |
OS_COMPILER=linux-x86_64 | |
OS_FLAGS="" | |
;; | |
"i686-unknown-linux-gnu") | |
OS_COMPILER=linux-elf | |
OS_FLAGS="-m32 -msse2" | |
;; | |
"arm-unknown-linux-gnueabihf") | |
OS_COMPILER=linux-armv4 | |
OS_FLAGS="" | |
export AR=arm-linux-gnueabihf-ar | |
export CC=arm-linux-gnueabihf-gcc | |
export CXX=arm-linux-gnueabihf-g++ | |
;; | |
esac | |
mkdir /tmp/build | |
cd /tmp/build | |
curl -L $url | tar $tar_flags -xzf - | |
case "${{ matrix.library.name }}" in | |
"openssl") | |
./Configure --prefix=$OPENSSL_DIR --libdir=lib $OS_COMPILER -fPIC -g $OS_FLAGS no-shared | |
make | |
make install_sw | |
;; | |
"libressl") | |
./configure --prefix=$OPENSSL_DIR --disable-shared --with-pic | |
make | |
make install_sw | |
;; | |
"boringssl") | |
mkdir build | |
cd build | |
echo "set(CMAKE_SYSTEM_NAME Linux)" > toolchain.cmake | |
echo "set(CMAKE_SYSTEM_PROCESSOR $cpu)" >> toolchain.cmake | |
echo "set(triple ${{ matrix.target }})" >> toolchain.cmake | |
echo 'set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} '$OS_FLAGS '" CACHE STRING "c++ flags")' >> toolchain.cmake | |
echo 'set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} '$OS_FLAGS '" CACHE STRING "c flags")' >> toolchain.cmake | |
echo 'set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} '$OS_FLAGS '" CACHE STRING "asm flags")' >> toolchain.cmake | |
cmake .. -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DRUST_BINDINGS="${{ matrix.target }}" -DCMAKE_INSTALL_PREFIX="${OPENSSL_DIR}" -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake | |
make -j "$(nproc)" | |
make install | |
# Copy stuff around so it's all as the build system expects. | |
cp -r ../rust/ "$OPENSSL_DIR/rust" | |
cp -r ./ "$OPENSSL_DIR/build" | |
esac | |
if: matrix.library.version != 'vendored' && !steps.openssl-cache.outputs.cache-hit | |
- run: | | |
mkdir -p .cargo | |
echo '[patch.crates-io]' > .cargo/config.toml | |
echo 'bssl-sys = { path = "'$OPENSSL_DIR'/rust/bssl-sys" }' >> .cargo/config.toml | |
if: matrix.library.name == 'boringssl' && !matrix.bindgen | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/index | |
key: index-${{ runner.os }}-${{ github.run_number }} | |
restore-keys: | | |
index-${{ runner.os }}- | |
- run: cargo generate-lockfile | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cargo/registry/cache | |
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
- run: cargo fetch | |
- uses: actions/cache@v4 | |
with: | |
path: target | |
key: target-${{ matrix.target }}-${{ matrix.bindgen }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} | |
- name: Run systest | |
run: | | |
if [[ "${{ matrix.library.version }}" == "vendored" ]]; then | |
features="--features vendored" | |
fi | |
if [[ "${{ matrix.bindgen }}" == "true" && "${{ matrix.library.name }}" != "boringssl" ]]; then | |
features="$features --features bindgen" | |
fi | |
cargo run --manifest-path=systest/Cargo.toml --target ${{ matrix.target }} $features | |
if: matrix.library.name != 'boringssl' | |
- name: Test openssl | |
run: | | |
if [[ "${{ matrix.library.name }}" == "boringssl" && "${{ matrix.bindgen }}" != "true" ]]; then | |
features="--features unstable_boringssl" | |
BORINGSSL_BUILD_DIR="$OPENSSL_DIR/build/" | |
fi | |
if [[ "${{ matrix.library.version }}" == "vendored" ]]; then | |
features="--features vendored" | |
fi | |
if [[ "${{ matrix.bindgen }}" == "true" ]]; then | |
features="$features --features bindgen" | |
fi | |
cargo test --manifest-path=openssl/Cargo.toml --target ${{ matrix.target }} $features | |
- name: Test openssl-errors | |
run: | | |
if [[ "${{ matrix.library.version }}" == "vendored" ]]; then | |
features="--features openssl-sys/vendored" | |
fi | |
if [[ "${{ matrix.bindgen }}" == "true" ]]; then | |
features="$features --features openssl-sys/bindgen" | |
fi | |
cargo test --manifest-path=openssl-errors/Cargo.toml --target ${{ matrix.target }} $features | |
if: matrix.library.name != 'boringssl' |