2023-09-07 16:59:15 +08:00
|
|
|
# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
2021-09-20 07:54:10 +08:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
|
|
# in the file LICENSE in the source distribution or at
|
|
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
|
2023-12-01 23:02:35 +08:00
|
|
|
name: FIPS Check and ABIDIFF
|
2021-05-17 18:20:54 +08:00
|
|
|
on: [pull_request]
|
|
|
|
|
2022-07-09 22:03:23 +08:00
|
|
|
permissions:
|
|
|
|
contents: read
|
|
|
|
|
2021-05-17 18:20:54 +08:00
|
|
|
jobs:
|
|
|
|
compute-checksums:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: install unifdef
|
|
|
|
run: |
|
|
|
|
sudo apt-get update
|
|
|
|
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
|
|
|
|
- name: create build dirs
|
|
|
|
run: |
|
|
|
|
mkdir ./build-pristine
|
2021-05-26 19:13:02 +08:00
|
|
|
mkdir ./source-pristine
|
2021-05-17 18:20:54 +08:00
|
|
|
mkdir ./build
|
2021-05-26 19:13:02 +08:00
|
|
|
mkdir ./source
|
2021-05-19 15:50:17 +08:00
|
|
|
mkdir ./artifact
|
2023-09-05 15:56:28 +08:00
|
|
|
- uses: actions/checkout@v4
|
2021-05-26 19:13:02 +08:00
|
|
|
with:
|
2021-05-27 22:41:56 +08:00
|
|
|
repository: ${{ github.event.pull_request.base.repo.full_name }}
|
|
|
|
ref: ${{ github.event.pull_request.base.ref }}
|
2021-05-26 19:13:02 +08:00
|
|
|
path: source-pristine
|
2021-05-17 18:20:54 +08:00
|
|
|
- name: config pristine
|
2021-07-29 11:37:30 +08:00
|
|
|
run: ../source-pristine/config enable-fips
|
|
|
|
working-directory: ./build-pristine
|
|
|
|
- name: config pristine dump
|
|
|
|
run: ./configdata.pm --dump
|
2021-05-17 18:20:54 +08:00
|
|
|
working-directory: ./build-pristine
|
|
|
|
- name: make build_generated pristine
|
|
|
|
run: make -s build_generated
|
|
|
|
working-directory: ./build-pristine
|
|
|
|
- name: make fips-checksums pristine
|
|
|
|
run: make fips-checksums
|
|
|
|
working-directory: ./build-pristine
|
2023-09-05 15:56:28 +08:00
|
|
|
- uses: actions/checkout@v4
|
2021-05-17 18:20:54 +08:00
|
|
|
with:
|
2021-05-26 19:13:02 +08:00
|
|
|
path: source
|
2021-05-17 18:20:54 +08:00
|
|
|
- name: config
|
2021-07-29 11:37:30 +08:00
|
|
|
run: ../source/config enable-fips
|
|
|
|
working-directory: ./build
|
|
|
|
- name: config dump
|
|
|
|
run: ./configdata.pm --dump
|
2021-05-17 18:20:54 +08:00
|
|
|
working-directory: ./build
|
|
|
|
- name: make build_generated
|
|
|
|
run: make -s build_generated
|
|
|
|
working-directory: ./build
|
|
|
|
- name: make fips-checksums
|
|
|
|
run: make fips-checksums
|
|
|
|
working-directory: ./build
|
2021-05-26 19:13:02 +08:00
|
|
|
- name: update checksums
|
|
|
|
run: |
|
|
|
|
cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
|
|
|
|
cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
|
|
|
|
cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
|
2021-05-17 18:20:54 +08:00
|
|
|
- name: make diff-fips-checksums
|
2021-05-19 15:50:17 +08:00
|
|
|
run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
|
2021-05-17 18:20:54 +08:00
|
|
|
working-directory: ./build
|
2021-05-19 15:50:17 +08:00
|
|
|
- name: save PR number
|
|
|
|
run: echo ${{ github.event.number }} > ./artifact/pr_num
|
|
|
|
- name: save artifact
|
2022-11-02 15:53:36 +08:00
|
|
|
uses: actions/upload-artifact@v3
|
2021-05-17 18:20:54 +08:00
|
|
|
with:
|
2021-05-19 15:50:17 +08:00
|
|
|
name: fips_checksum
|
|
|
|
path: artifact/
|
2023-12-01 23:02:35 +08:00
|
|
|
|
|
|
|
compute-abidiff:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
env:
|
|
|
|
BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd
|
|
|
|
steps:
|
|
|
|
- name: create build dirs
|
|
|
|
run: |
|
|
|
|
mkdir ./build-pristine
|
|
|
|
mkdir ./source-pristine
|
|
|
|
mkdir ./build
|
|
|
|
mkdir ./source
|
|
|
|
mkdir ./artifact
|
|
|
|
- name: install extra config support
|
|
|
|
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
with:
|
|
|
|
repository: ${{ github.event.pull_request.base.repo.full_name }}
|
|
|
|
ref: ${{ github.event.pull_request.base.ref }}
|
|
|
|
path: source-pristine
|
|
|
|
- name: config pristine
|
|
|
|
run: ../source-pristine/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
|
|
|
|
working-directory: ./build-pristine
|
|
|
|
- name: make pristine
|
|
|
|
run: make -s -j4
|
|
|
|
working-directory: ./build-pristine
|
|
|
|
- uses: actions/checkout@v4
|
|
|
|
with:
|
|
|
|
path: source
|
|
|
|
- name: config
|
|
|
|
run: ../source/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
|
|
|
|
working-directory: ./build
|
|
|
|
- name: make
|
|
|
|
run: make -s -j4
|
|
|
|
working-directory: ./build
|
|
|
|
- name: abidiff
|
|
|
|
run: abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libcrypto.so ./build/libcrypto.so && abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libssl.so ./build/libssl.so && touch ./artifact/abi_unchanged || ( touch ./artifact/abi_changed ; echo ABI CHANGED )
|
|
|
|
- name: save PR number
|
|
|
|
run: echo ${{ github.event.number }} > ./artifact/pr_num
|
|
|
|
- name: save artifact
|
|
|
|
uses: actions/upload-artifact@v3
|
|
|
|
with:
|
|
|
|
name: abidiff
|
|
|
|
path: artifact/
|