1# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. 2# 3# Licensed under the Apache License 2.0 (the "License"). You may not use 4# this file except in compliance with the License. You can obtain a copy 5# in the file LICENSE in the source distribution or at 6# https://www.openssl.org/source/license.html 7 8name: FIPS Check and ABIDIFF 9on: [pull_request] 10 11permissions: 12 contents: read 13 14jobs: 15 compute-checksums: 16 runs-on: ubuntu-latest 17 steps: 18 - name: install unifdef 19 run: | 20 sudo apt-get update 21 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef 22 - name: create build dirs 23 run: | 24 mkdir ./build-pristine 25 mkdir ./source-pristine 26 mkdir ./build 27 mkdir ./source 28 mkdir ./artifact 29 - uses: actions/checkout@v4 30 with: 31 repository: ${{ github.event.pull_request.base.repo.full_name }} 32 ref: ${{ github.event.pull_request.base.ref }} 33 path: source-pristine 34 - name: config pristine 35 run: ../source-pristine/config enable-fips 36 working-directory: ./build-pristine 37 - name: config pristine dump 38 run: ./configdata.pm --dump 39 working-directory: ./build-pristine 40 - name: make build_generated pristine 41 run: make -s build_generated 42 working-directory: ./build-pristine 43 - name: make fips-checksums pristine 44 run: make fips-checksums 45 working-directory: ./build-pristine 46 - uses: actions/checkout@v4 47 with: 48 path: source 49 - name: config 50 run: ../source/config enable-fips 51 working-directory: ./build 52 - name: config dump 53 run: ./configdata.pm --dump 54 working-directory: ./build 55 - name: make build_generated 56 run: make -s build_generated 57 working-directory: ./build 58 - name: make fips-checksums 59 run: make fips-checksums 60 working-directory: ./build 61 - name: update checksums 62 run: | 63 cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources 64 cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums 65 cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum 66 - name: make diff-fips-checksums 67 run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED ) 68 working-directory: ./build 69 - name: save PR number 70 run: echo ${{ github.event.number }} > ./artifact/pr_num 71 - name: save artifact 72 uses: actions/upload-artifact@v4 73 with: 74 name: fips_checksum 75 path: artifact/ 76 77 compute-abidiff: 78 runs-on: ubuntu-latest 79 env: 80 BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd 81 steps: 82 - name: create build dirs 83 run: | 84 mkdir ./build-pristine 85 mkdir ./source-pristine 86 mkdir ./build 87 mkdir ./source 88 mkdir ./artifact 89 - name: install extra config support 90 run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd 91 - uses: actions/checkout@v4 92 with: 93 repository: ${{ github.event.pull_request.base.repo.full_name }} 94 ref: ${{ github.event.pull_request.base.ref }} 95 path: source-pristine 96 - name: config pristine 97 run: ../source-pristine/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump 98 working-directory: ./build-pristine 99 - name: make pristine 100 run: make -s -j4 101 working-directory: ./build-pristine 102 - uses: actions/checkout@v4 103 with: 104 path: source 105 - name: config 106 run: ../source/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump 107 working-directory: ./build 108 - name: make 109 run: make -s -j4 110 working-directory: ./build 111 - name: abidiff 112 run: abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libcrypto.so ./build/libcrypto.so && abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libssl.so ./build/libssl.so && touch ./artifact/abi_unchanged || ( touch ./artifact/abi_changed ; echo ABI CHANGED ) 113 - name: save PR number 114 run: echo ${{ github.event.number }} > ./artifact/pr_num 115 - name: save artifact 116 uses: actions/upload-artifact@v4 117 with: 118 name: abidiff 119 path: artifact/ 120