shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 09:54:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

.gitlab-ci.yml: Add c9s fips runner

Browse Source 
Let's check tests in fips mode with an up to date system too as we already
found some issues running the tests there.

Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 7757ebf7a5)
This commit is contained in:
Norbert Pocs
2022-10-06 09:33:55 +02:00
committed by Andreas Schneider
parent d993088553
commit 53bc265987
1 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
.gitlab-ci.yml
View File

@@ -66,6 +66,23 @@ stages:
extends: .tests extends: .tests
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
.fips:
extends: .tests
variables:
# DSA is turned off in fips mode
CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON -DWITH_DSA=OFF
before_script:
- *build
- echo "# userspace fips" > /etc/system-fips
# We do not need the kernel part, but in case we ever do:
# mkdir -p /var/tmp/userspace-fips
# echo 1 > /var/tmp/userspace-fips/fips_enabled
# mount --bind /var/tmp/userspace-fips/fips_enabled \
# /proc/sys/crypto/fips_enabled
- update-crypto-policies --show
- update-crypto-policies --set FIPS
- update-crypto-policies --show
############################################################################### ###############################################################################
# CentOS builds # # CentOS builds #
@@ -88,6 +105,14 @@ centos9s/openssl_3.0.x/x86_64:
make -j$(nproc) && make -j$(nproc) &&
ctest --output-on-failure ctest --output-on-failure
centos9s/openssl_3.0.x/x86_64/fips:
extends: .fips
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
script:
- export OPENSSL_ENABLE_SHA1_SIGNATURES=1
- cmake3 $CMAKE_OPTIONS .. &&
make -j$(nproc) &&
OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
############################################################################### ###############################################################################
# Fedora builds # # Fedora builds #
@@ -112,25 +137,8 @@ fedora/openssl_3.0.x/x86_64:
extends: .fedora extends: .fedora
fedora/openssl_3.0.x/x86_64/fips: fedora/openssl_3.0.x/x86_64/fips:
extends: .fedora extends: .fips
before_script: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
- echo "# userspace fips" > /etc/system-fips
# We do not need the kernel part, but in case we ever do:
# mkdir -p /var/tmp/userspace-fips
# echo 1 > /var/tmp/userspace-fips/fips_enabled
# mount --bind /var/tmp/userspace-fips/fips_enabled \
# /proc/sys/crypto/fips_enabled
- update-crypto-policies --show
- update-crypto-policies --set FIPS
- update-crypto-policies --show
- mkdir -p obj && cd obj && cmake
-DCMAKE_BUILD_TYPE=RelWithDebInfo
-DPICKY_DEVELOPER=ON
-DWITH_BLOWFISH_CIPHER=ON
-DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
-DWITH_DSA=ON
-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
script: script:
- cmake $CMAKE_OPTIONS .. && - cmake $CMAKE_OPTIONS .. &&
make -j$(nproc) && make -j$(nproc) &&