From b80ad81d8e77ace70e351116c3da7ed8192cf743 Mon Sep 17 00:00:00 2001 From: Norbert Pocs Date: Thu, 23 Jun 2022 15:49:30 +0000 Subject: [PATCH] .gitlab-ci: Add fedora rawhide to gitlab CI Rawhide has openssl 3.0 support which can test the new changes. Signed-off-by: Norbert Pocs Reviewed-by: Jakub Jelen Reviewed-by: Andreas Schneider --- .gitlab-ci.yml | 65 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 319e5f6a..655c3e57 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,7 @@ variables: MINGW_BUILD: buildenv-mingw TUMBLEWEED_BUILD: buildenv-tumbleweed UBUNTU_BUILD: buildenv-ubuntu + RAWHIDE_BUILD: buildenv-rawhide stages: - build @@ -20,7 +21,7 @@ stages: CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON" CMAKE_TEST_OPTIONS: "-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DWITH_BENCHMARKS=ON" CMAKE_OPTIONS: $CMAKE_DEFAULT_OPTIONS $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS - before_script: + before_script: &build - uname -a - cat /etc/os-release - mount @@ -60,6 +61,14 @@ stages: variables: CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON +.fedora_rawhide: + extends: .fedora + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$RAWHIDE_BUILD + before_script: + - *build + # Legacy cp is needed for SHA1 tests to pass + - update-crypto-policies --set LEGACY + .tumbleweed: extends: .tests image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD @@ -140,6 +149,49 @@ fedora/openssl_1.1.x/x86_64/minimal: -DWITH_GEX=OFF .. && make -j$(nproc) +fedora/openssl_3.0/x86_64: + extends: .fedora_rawhide + +fedora/openssl_3.0/x86_64/fips: + extends: .fedora_rawhide + before_script: + - echo "# userspace fips" > /etc/system-fips + # We do not need the kernel part, but in case we ever do: + # mkdir -p /var/tmp/userspace-fips + # echo 1 > /var/tmp/userspace-fips/fips_enabled + # mount --bind /var/tmp/userspace-fips/fips_enabled \ + # /proc/sys/crypto/fips_enabled + - update-crypto-policies --show + - update-crypto-policies --set FIPS + - update-crypto-policies --show + - mkdir -p obj && cd obj && cmake + -DCMAKE_BUILD_TYPE=RelWithDebInfo + -DPICKY_DEVELOPER=ON + -DWITH_BLOWFISH_CIPHER=ON + -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON + -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON + -DWITH_DSA=ON + -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. + script: + - cmake $CMAKE_OPTIONS .. && + make -j$(nproc) && + OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure + +fedora/openssl_3.0/x86_64/minimal: + extends: .fedora_rawhide + variables: + script: + - cmake $CMAKE_DEFAULT_OPTIONS + -DWITH_SFTP=OFF + -DWITH_SERVER=OFF + -DWITH_ZLIB=OFF + -DWITH_PCAP=OFF + -DWITH_DSA=OFF + -DUNIT_TESTING=ON + -DCLIENT_TESTING=ON + -DWITH_GEX=OFF .. && + make -j$(nproc) + # Address sanitizer doesn't mix well with LD_PRELOAD used in the testsuite # so, this is only enabled for unit tests right now. # TODO: add -DCLIENT_TESTING=ON -DSERVER_TESTING=ON @@ -274,6 +326,17 @@ fedora/csbuild/openssl_1.1.x: --color --print-current --print-fixed +fedora/csbuild/openssl_3.0.x: + extends: .csbuild + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$RAWHIDE_BUILD + script: + - csbuild + --build-dir=obj-csbuild + --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)" + --git-commit-range $CI_COMMIT_RANGE + --color + --print-current --print-fixed + fedora/csbuild/libgcrypt: extends: .csbuild script: