@@ -12,12 +12,15 @@ apt-get install -y \
asciidoc \
attr \
docbook-style-xsl \
+ gnutls-utils \
libattr-devel \
libkeyutils-devel \
+ libp11 \
libssl-devel \
openssl \
openssl-gost-engine \
rpm-build \
+ softhsm \
wget \
xsltproc \
xxd \
@@ -48,7 +48,8 @@ $apt \
procps \
sudo \
wget \
- xsltproc \
+ xsltproc
$apt xxd || $apt vim-common
$apt libengine-gost-openssl1.1$ARCH || true
+$apt softhsm gnutls-bin libengine-pkcs11-openssl1.1$ARCH || true
@@ -25,6 +25,7 @@ yum -y install \
automake \
diffutils \
docbook-xsl \
+ gnutls-utils \
gzip \
keyutils-libs-devel \
libattr-devel \
@@ -33,6 +34,7 @@ yum -y install \
make \
openssl \
openssl-devel \
+ openssl-pkcs11 \
pkg-config \
procps \
sudo \
@@ -42,3 +44,9 @@ yum -y install \
yum -y install docbook5-style-xsl || true
yum -y install swtpm || true
+
+# SoftHSM is available via EPEL on CentOS
+if [ -f /etc/centos-release ]; then
+ yum -y install epel-release
+fi
+yum -y install softhsm || true
\ No newline at end of file
@@ -42,6 +42,9 @@ zypper --non-interactive install --force-resolution --no-recommends \
which \
xsltproc
+zypper --non-interactive install --force-resolution --no-recommends \
+ gnutls openssl-engine-libp11 softhsm || true
+
if [ -f /usr/lib/ibmtss/tpm_server -a ! -e /usr/local/bin/tpm_server ]; then
ln -s /usr/lib/ibmtss/tpm_server /usr/local/bin
fi
Get the packages for pkcs11 testing on the CI/CD system, where available. On those system where it is not available, skip the two tests. The following distros cannot run the pkcs11 tests: - Alpine: package with pkcs11 engine not available - CentOS7: softhsm 2.1.0 is too old for tests to work; tests also fail when trying to sign with pkcs11 URI using openssl command line tool - OpenSuSE Leap: softhsm package not available in main repo Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- ci/alt.sh | 3 +++ ci/debian.sh | 3 ++- ci/fedora.sh | 8 ++++++++ ci/tumbleweed.sh | 3 +++ 4 files changed, 16 insertions(+), 1 deletion(-)