name: Kerberos 5 Tests # START OF COMMON SECTION on: push: branches: [ 'master', 'main', 'release/**' ] pull_request: branches: [ '*' ] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true # END OF COMMON SECTION jobs: build_wolfssl: name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 5 steps: - name: workaround high-entropy ASLR # not needed after either an update to llvm or runner is done run: sudo sysctl vm.mmap_rnd_bits=28 - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 with: path: wolfssl configure: --enable-krb CC='gcc -fsanitize=address' install: true - name: tar build-dir run: tar -zcf build-dir.tgz build-dir - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-krb5 path: build-dir.tgz retention-days: 5 krb5_check: strategy: fail-fast: false matrix: # List of releases to test ref: [ 1.21.1 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 8 needs: build_wolfssl steps: - name: Download lib uses: actions/download-artifact@v4 with: name: wolf-install-krb5 - name: untar build-dir run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 with: repository: wolfssl/osp path: osp - name: Checkout krb5 uses: actions/checkout@v4 with: repository: krb5/krb5 ref: krb5-${{ matrix.ref }}-final path: krb5 - name: Apply patch working-directory: ./krb5 run: | patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch - name: workaround high-entropy ASLR # not needed after either an update to llvm or runner is done run: sudo sysctl vm.mmap_rnd_bits=28 - name: Build krb5 working-directory: ./krb5/src run: | autoreconf -ivf # Using rpath because LD_LIBRARY_PATH is overwritten during testing export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib" export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib" ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \ CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j - name: Run tests working-directory: ./krb5/src run: | CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j check