diff mbox series

[v3,9/9] tests: Get the packages for pkcs11 testing on the CI/CD system

Message ID 20210908192343.4147739-10-stefanb@linux.vnet.ibm.com (mailing list archive)
State New, archived
Headers show
Series ima-evm-utils: Add support for signing with pkcs11 URIs | expand

Commit Message

Stefan Berger Sept. 8, 2021, 7:23 p.m. UTC 
From: Stefan Berger <stefanb@linux.ibm.com>

Get the packages for pkcs11 testing on the CI/CD system.

This is the status on various distros:

- Alpine: could not find package with pkcs11 engine
- Alt Linux: works
- Debian: works
- CentOS7: softhsm 2.1.0 is too old for tests to work; tests also fail
           when trying to sign with pkcs11 URI using openssl command line tool
- CentOS: works
- Fedora: works
- OpenSuSE Leap: package not available in main repo
- OpenSuSE Tumbleweed: works

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 ci/alt.sh        | 3 +++
 ci/debian.sh     | 3 ++-
 ci/fedora.sh     | 8 ++++++++
 ci/tumbleweed.sh | 3 +++
 4 files changed, 16 insertions(+), 1 deletion(-)

Comments

Mimi Zohar Sept. 13, 2021, 4:55 p.m. UTC | #1 
On Wed, 2021-09-08 at 15:23 -0400, Stefan Berger wrote:
> From: Stefan Berger <stefanb@linux.ibm.com>
> 
> Get the packages for pkcs11 testing on the CI/CD system.

How about saying, "Get the packages for pkcs11 testing on the CI/CD
system, where available.  On those system where it is not available,
skip the two tests."

Then just list those that do not have pkcs11 support or it's too old.

thanks,

Mimi

> 
> This is the status on various distros:
> 
> - Alpine: could not find package with pkcs11 engine
> - Alt Linux: works
> - Debian: works
> - CentOS7: softhsm 2.1.0 is too old for tests to work; tests also fail
>            when trying to sign with pkcs11 URI using openssl command line tool
> - CentOS: works
> - Fedora: works
> - OpenSuSE Leap: package not available in main repo
> - OpenSuSE Tumbleweed: works
> 
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
diff mbox series

Patch

diff --git a/ci/alt.sh b/ci/alt.sh
index 884c995..65389be 100755
--- a/ci/alt.sh
+++ b/ci/alt.sh
@@ -12,12 +12,15 @@  apt-get install -y \
 		asciidoc \
 		attr \
 		docbook-style-xsl \
+		gnutls-utils \
 		libattr-devel \
 		libkeyutils-devel \
+		libp11 \
 		libssl-devel \
 		openssl \
 		openssl-gost-engine \
 		rpm-build \
+		softhsm \
 		wget \
 		xsltproc \
 		xxd \
diff --git a/ci/debian.sh b/ci/debian.sh
index ad7d2c0..ae5c9c1 100755
--- a/ci/debian.sh
+++ b/ci/debian.sh
@@ -48,7 +48,8 @@  $apt \
 	procps \
 	sudo \
 	wget \
-	xsltproc \
+	xsltproc
 
 $apt xxd || $apt vim-common
 $apt libengine-gost-openssl1.1$ARCH || true
+$apt softhsm gnutls-bin libengine-pkcs11-openssl1.1$ARCH || true
diff --git a/ci/fedora.sh b/ci/fedora.sh
index 2d80915..0993607 100755
--- a/ci/fedora.sh
+++ b/ci/fedora.sh
@@ -25,6 +25,7 @@  yum -y install \
 	automake \
 	diffutils \
 	docbook-xsl \
+	gnutls-utils \
 	gzip \
 	keyutils-libs-devel \
 	libattr-devel \
@@ -33,6 +34,7 @@  yum -y install \
 	make \
 	openssl \
 	openssl-devel \
+	openssl-pkcs11 \
 	pkg-config \
 	procps \
 	sudo \
@@ -42,3 +44,9 @@  yum -y install \
 
 yum -y install docbook5-style-xsl || true
 yum -y install swtpm || true
+
+# SoftHSM is available via EPEL on CentOS
+if [ -f /etc/centos-release ]; then
+	yum -y install epel-release
+fi
+yum -y install softhsm || true
\ No newline at end of file
diff --git a/ci/tumbleweed.sh b/ci/tumbleweed.sh
index dfc478b..4e3da0c 100755
--- a/ci/tumbleweed.sh
+++ b/ci/tumbleweed.sh
@@ -42,6 +42,9 @@  zypper --non-interactive install --force-resolution --no-recommends \
 	which \
 	xsltproc
 
+zypper --non-interactive install --force-resolution --no-recommends \
+	gnutls openssl-engine-libp11 softhsm || true
+
 if [ -f /usr/lib/ibmtss/tpm_server -a ! -e /usr/local/bin/tpm_server ]; then
 	ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin
 fi