Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When artifacts are submitted, use a github action to automatically run them against LibOQS or other open source tools #115

Open
johngray-dev opened this issue Jun 4, 2024 · 1 comment
Open

When artifacts are submitted, use a github action to automatically run them against LibOQS or other open source tools #115

johngray-dev opened this issue Jun 4, 2024 · 1 comment
Assignees
@ounsworth

Comments

@johngray-dev
Copy link
Collaborator

When artifacts are submitted, a github action could be started that would automatically unzip, run the artifacts against open source verification routines, and then update the compatibility matrix outputs.

  • This idea was discussed with the PKI Consortium who also have members that submit artifacts. This could be a great project for someone at the next hackathon.
@ounsworth ounsworth self-assigned this Jul 2, 2024
@Muzosh
Copy link
Contributor

Muzosh commented Jul 8, 2024

@ounsworth Not sure if it is any helpful to you, but I have been using this Dockerfile snippet to prepare openssl@3 with oqs-provider in my containers:

# BUILDER FOR OPENSSL WITH OQS-PROVIDER
FROM bitnami/minideb:bookworm AS builder
ENV OPENSSLv3_TAG  3.3.0
ENV OPENSSLv3_DOWNLOAD_URL      https://github.com/openssl/openssl/releases/download/openssl-$OPENSSLv3_TAG/openssl-$OPENSSLv3_TAG.tar.gz
ENV OQSPROVIDER_TAG 0.6.0

RUN install_packages \
    wget ca-certificates perl build-essential make git cmake ninja-build

# OPENSSL@3
WORKDIR /root/opensslv3
RUN wget $OPENSSLv3_DOWNLOAD_URL \
    && tar --strip-components=1 -zxvf openssl-$OPENSSLv3_TAG.tar.gz \
    && ./config \
    && make -j $(nproc) \
    && make -j $(nproc) install \
    && ldconfig

# OQS-PROVIDER
WORKDIR /root/oqsprovider
RUN git clone --branch $OQSPROVIDER_TAG --depth 1 https://github.com/open-quantum-safe/oqs-provider.git .\
    && OQSPROV_CMAKE_PARAMS="-DOQS_KEM_ENCODERS=ON" OPENSSL_INSTALL=/usr/local ./scripts/fullbuild.sh

# USE FOLLOWING CODE TO USE IT IN YOUR CONTAINER
# INSTALL PQ-OPENSSL3
# COPY --from=builder /usr/local/bin/* /usr/local/bin/
# COPY --from=builder /usr/local/include/* /usr/local/include/
# COPY --from=builder /usr/local/lib/* /usr/local/lib/
# COPY --from=builder /usr/local/share/* /usr/local/share/
# COPY --from=builder /usr/local/ssl/* /usr/local/ssl/

# RUN ldconfig /usr/local/lib

# COPY --from=builder /root/oqsprovider/_build/lib/oqsprovider.so /usr/local/lib/ossl-modules/oqsprovider.so
# RUN sed -i 's/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect\n\n\[oqsprovider_sect\]\nactivate = 1/g' /usr/local/ssl/openssl.cnf && sed -i 's/# activate = 1/activate = 1/g' /usr/local/ssl/openssl.cnf
# RUN rm -rf /root/oqsprovider

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ounsworth ounsworth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ounsworth @Muzosh @johngray-dev