-
Notifications
You must be signed in to change notification settings - Fork 34
139 lines (119 loc) · 5.19 KB
/
Copy pathsocat.yml
File metadata and controls
139 lines (119 loc) · 5.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Socat Tests
on:
workflow_call:
inputs:
wolfssl_refs_json:
description: "JSON array of wolfssl refs to test; empty = use discover_versions output"
required: false
type: string
default: ""
workflow_dispatch: {}
jobs:
discover_versions:
uses: ./.github/workflows/_discover-versions.yml
build_wolfprovider:
needs: discover_versions
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
fips_ref: ${{ matrix.fips_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
fail-fast: false
matrix:
wolfssl_ref: ${{ inputs.wolfssl_refs_json != '' && fromJson(inputs.wolfssl_refs_json) || fromJson(needs.discover_versions.outputs.wolfssl_ref_array) }}
openssl_ref: ${{ fromJson(needs.discover_versions.outputs.openssl_ref_array) }}
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true ]
test_socat:
runs-on: ubuntu-22.04
needs: [build_wolfprovider, discover_versions]
continue-on-error: true
container:
image: ghcr.io/wolfssl/wolfprovider-test-deps:bookworm
env:
DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
socat_ref: [ 'socat-1.8.0.0' ]
wolfssl_ref: ${{ inputs.wolfssl_refs_json != '' && fromJson(inputs.wolfssl_refs_json) || fromJson(needs.discover_versions.outputs.wolfssl_ref_array) }}
openssl_ref: ${{ fromJson(needs.discover_versions.outputs.openssl_ref_array) }}
fips_ref: [ 'FIPS', 'non-FIPS' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Download packages from build job
uses: actions/download-artifact@v4
with:
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
path: /tmp
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
# Prevent later 'apt-get install' of test dependencies from
# replacing the wolfprov-patched libssl3, which breaks
# replace-default mode.
apt-mark hold libssl3 libssl-dev openssl libwolfssl libwolfprov
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh \
${{ matrix.replace_default && '--replace-default' || '' }} \
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
- name: Download socat
run: curl -O http://www.dest-unreach.org/socat/download/${{ matrix.socat_ref }}.tar.gz && tar xvf ${{ matrix.socat_ref }}.tar.gz
- name: Build socat
working-directory: ./${{ matrix.socat_ref }}
run: |
# Configure with OpenSSL
./configure
# Build socat
make
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
fetch-depth: 1
- name: Apply OSP patch to socat
working-directory: ./${{ matrix.socat_ref }}
run: |
PROJVER="${{ matrix.socat_ref }}"; PROJVER="${PROJVER#socat-}"
PATCH=$($GITHUB_WORKSPACE/scripts/resolve-osp-patch.sh $GITHUB_WORKSPACE/osp socat "$PROJVER" ${{ matrix.wolfssl_ref }} ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }})
patch -p0 < "$PATCH"
- name: Run socat tests
working-directory: ./${{ matrix.socat_ref }}
shell: bash
env:
SHELL: /bin/bash
PATH: /sbin:/usr/sbin:/usr/bin:/bin
run: |
# Create missing device file for vsock tests
mkdir -p /dev
touch /dev/vsock
# Show socat version (includes OpenSSL version info)
./socat -V
set +e
export ${{ matrix.force_fail }}
EXPECTED_FAILS=36,64,146,214,216,217,309,310,386,399,402,403,408,409,410,416,417,418,451,452,453,459,460,467,468,475,476,477,478,491,492,526,527,528,529,530
SOCAT=$GITHUB_WORKSPACE/${{ matrix.socat_ref }}/socat ./test.sh -t 0.5 --expect-fail $EXPECTED_FAILS
TEST_RESULT=$?
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} socat