Startsida Utforska Hjälp
Logga in
OWEALs
/
openssl
spegling av git://git.openssl.org/openssl.git
2
0
Fork 0
Filer Ärenden 1 Wiki
Träd: 36ba419286
Grenar Taggar
openssl
/
.github
/
workflows
/
fips-checksums.yml

fips-checksums.yml 4.7 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 
  1. # Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License 2.0 (the "License").  You may not use
    4. 

  4. # this file except in compliance with the License.  You can obtain a copy
    5. 

  5. # in the file LICENSE in the source distribution or at
    6. 

  6. # https://www.openssl.org/source/license.html
    7. 

  7. 

  8. name: FIPS Check and ABIDIFF
    9. 

  9. on: [pull_request]
    10. 

  10. 

  11. permissions:
    12. 

  12.   contents: read
    13. 

  13. 

  14. jobs:
    15. 

  15.   compute-checksums:
    16. 

  16.     runs-on: ubuntu-latest
    17. 

  17.     steps:
    18. 

  18.       - name: install unifdef
    19. 

  19.         run: |
    20. 

  20.             sudo apt-get update
    21. 

  21.             sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
    22. 

  22.       - name: create build dirs
    23. 

  23.         run: |
    24. 

  24.           mkdir ./build-pristine
    25. 

  25.           mkdir ./source-pristine
    26. 

  26.           mkdir ./build
    27. 

  27.           mkdir ./source
    28. 

  28.           mkdir ./artifact
    29. 

  29.       - uses: actions/checkout@v4
    30. 

  30.         with:
    31. 

  31.           repository: ${{ github.event.pull_request.base.repo.full_name }}
    32. 

  32.           ref: ${{ github.event.pull_request.base.ref }}
    33. 

  33.           path: source-pristine
    34. 

  34.       - name: config pristine
    35. 

  35.         run: ../source-pristine/config enable-fips
    36. 

  36.         working-directory: ./build-pristine
    37. 

  37.       - name: config pristine dump
    38. 

  38.         run: ./configdata.pm --dump
    39. 

  39.         working-directory: ./build-pristine
    40. 

  40.       - name: make build_generated pristine
    41. 

  41.         run: make -s build_generated
    42. 

  42.         working-directory: ./build-pristine
    43. 

  43.       - name: make fips-checksums pristine
    44. 

  44.         run: make fips-checksums
    45. 

  45.         working-directory: ./build-pristine
    46. 

  46.       - uses: actions/checkout@v4
    47. 

  47.         with:
    48. 

  48.           path: source
    49. 

  49.       - name: config
    50. 

  50.         run: ../source/config enable-fips
    51. 

  51.         working-directory: ./build
    52. 

  52.       - name: config dump
    53. 

  53.         run: ./configdata.pm --dump
    54. 

  54.         working-directory: ./build
    55. 

  55.       - name: make build_generated
    56. 

  56.         run: make -s build_generated
    57. 

  57.         working-directory: ./build
    58. 

  58.       - name: make fips-checksums
    59. 

  59.         run: make fips-checksums
    60. 

  60.         working-directory: ./build
    61. 

  61.       - name: update checksums
    62. 

  62.         run: |
    63. 

  63.           cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
    64. 

  64.           cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
    65. 

  65.           cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
    66. 

  66.       - name: make diff-fips-checksums
    67. 

  67.         run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
    68. 

  68.         working-directory: ./build
    69. 

  69.       - name: save PR number
    70. 

  70.         run: echo ${{ github.event.number }} > ./artifact/pr_num
    71. 

  71.       - name: save artifact
    72. 

  72.         uses: actions/upload-artifact@v3
    73. 

  73.         with:
    74. 

  74.           name: fips_checksum
    75. 

  75.           path: artifact/
    76. 

  76. 

  77.   compute-abidiff:
    78. 

  78.     runs-on: ubuntu-latest
    79. 

  79.     env:
    80. 

  80.       BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd
    81. 

  81.     steps:
    82. 

  82.       - name: create build dirs
    83. 

  83.         run: |
    84. 

  84.           mkdir ./build-pristine
    85. 

  85.           mkdir ./source-pristine
    86. 

  86.           mkdir ./build
    87. 

  87.           mkdir ./source
    88. 

  88.           mkdir ./artifact
    89. 

  89.       - name: install extra config support
    90. 

  90.         run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
    91. 

  91.       - uses: actions/checkout@v4
    92. 

  92.         with:
    93. 

  93.           repository: ${{ github.event.pull_request.base.repo.full_name }}
    94. 

  94.           ref: ${{ github.event.pull_request.base.ref }}
    95. 

  95.           path: source-pristine
    96. 

  96.       - name: config pristine
    97. 

  97.         run: ../source-pristine/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
    98. 

  98.         working-directory: ./build-pristine
    99. 

  99.       - name: make pristine
    100. 

  100.         run: make -s -j4
    101. 

  101.         working-directory: ./build-pristine
    102. 

  102.       - uses: actions/checkout@v4
    103. 

  103.         with:
    104. 

  104.           path: source
    105. 

  105.       - name: config
    106. 

  106.         run: ../source/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
    107. 

  107.         working-directory: ./build
    108. 

  108.       - name: make
    109. 

  109.         run: make -s -j4
    110. 

  110.         working-directory: ./build
    111. 

  111.       - name: abidiff
    112. 

  112.         run: abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libcrypto.so ./build/libcrypto.so && abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libssl.so ./build/libssl.so && touch ./artifact/abi_unchanged || ( touch ./artifact/abi_changed ; echo ABI CHANGED )
    113. 

  113.       - name: save PR number
    114. 

  114.         run: echo ${{ github.event.number }} > ./artifact/pr_num
    115. 

  115.       - name: save artifact
    116. 

  116.         uses: actions/upload-artifact@v3
    117. 

  117.         with:
    118. 

  118.           name: abidiff
    119. 

  119.           path: artifact/
    120.