Skip to content

Add security override for sha1 #990

Add security override for sha1

Add security override for sha1 #990

Workflow file for this run

name: debian
on:
push:
branches:
- main
- 'release/**'
paths-ignore:
- '/*.sh'
- '/.*'
- '/_*'
- 'Brewfile'
- 'docs/**'
- '**.adoc'
- '**.md'
- '**.nix'
- 'flake.lock'
- 'version.txt'
- '.github/workflows/*.yml'
- '!.github/workflows/debian.yml'
pull_request:
paths-ignore:
- '/*.sh'
- '/.*'
- '/_*'
- 'Brewfile'
- 'docs/**'
- '**.adoc'
- '**.md'
- '**.nix'
- 'flake.lock'
- 'version.txt'
concurrency:
group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}'
cancel-in-progress: true
env:
CORES: 2
LANG: C.UTF-8
LC_ALL: C.UTF-8
LC_LANG: C.UTF-8
RNP_LOG_CONSOLE: 1
jobs:
tests:
name: ${{ matrix.image.container }} [CC ${{ matrix.env.CC }}; backend ${{ matrix.image.backend }}; GnuPG system-shipped]
runs-on: ubuntu-latest
if: "!contains(github.event.head_commit.message, 'skip ci')"
timeout-minutes: 120
strategy:
fail-fast: false
matrix:
image:
- { container: 'debian-11-i386', cpu: 'i386', backend: 'botan' }
- { container: 'debian-11-i386', cpu: 'i386', backend: 'openssl' }
- { container: 'debian-11-amd64', cpu: 'x86_64', backend: 'botan' }
- { container: 'debian-11-amd64', cpu: 'x86_64', backend: 'openssl' }
- { container: 'debian-12-amd64', cpu: 'x86_64', backend: 'botan' }
- { container: 'debian-12-amd64', cpu: 'x86_64', backend: 'openssl' }
- { container: 'debian-10-i386', cpu: 'i386', backend: 'botan' }
env:
- { CC: 'gcc', CXX: 'g++' }
- { CC: 'clang', CXX: 'clang++' }
container: ghcr.io/rnpgp/ci-rnp-${{ matrix.image.container }}
env: ${{ matrix.env }}
steps:
- name: Checkout on x86_x64
if: matrix.image.cpu == 'x86_64'
uses: actions/checkout@v4
with:
submodules: true
- name: Checkout on i386
if: matrix.image.cpu == 'i386'
uses: actions/checkout@v4
with:
submodules: true
- name: Setup environment
shell: bash
# rnpuser is only needed for rnpkeys_generatekey_verifykeyHomeDirNoPermission test
run: |
useradd rnpuser
printf "\nrnpuser\tALL=(ALL)\tNOPASSWD:\tALL" > /etc/sudoers.d/rnpuser
printf "\nrnpuser\tsoft\tnproc\tunlimited\n" > /etc/security/limits.d/30-rnpuser.conf
- name: Configure
run: |
cmake -B build \
-DBUILD_SHARED_LIBS=ON \
-DCRYPTO_BACKEND=${{ matrix.image.backend }} \
-DDOWNLOAD_GTEST=ON \
-DCMAKE_BUILD_TYPE=Release .
- name: Build
run: cmake --build build --parallel ${{ env.CORES }}
- name: Test
run: |
mkdir -p "build/Testing/Temporary"
cp "cmake/CTestCostData.txt" "build/Testing/Temporary"
export PATH="$PWD/build/src/lib:$PATH"
chown -R rnpuser:rnpuser $PWD
exec su rnpuser -c "ctest --parallel ${{ env.CORES }} --test-dir build --output-on-failure"
- name: Package
run: cpack -G DEB -B debian --config build/CPackConfig.cmake