Skip to content

Use openssl? instead of OpenSSL::OPENSSL_VERSION_NUMBER. #805

Use openssl? instead of OpenSSL::OPENSSL_VERSION_NUMBER.

Use openssl? instead of OpenSSL::OPENSSL_VERSION_NUMBER. #805

Workflow file for this run

name: CI
on: [push, pull_request]
jobs:
ruby-versions:
uses: ruby/actions/.github/workflows/ruby_versions.yml@master
with:
engine: cruby-truffleruby
min_version: 2.7
test:
needs: ruby-versions
name: >-
${{ matrix.os }} ${{ matrix.ruby }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
# ubuntu-22.04 uses OpenSSL 3.0, ubuntu-20.04 uses OpenSSL 1.1.1
os: [ ubuntu-22.04, ubuntu-20.04, macos-latest, windows-latest ]
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
exclude:
# uses non-standard MSYS2 OpenSSL 3 package
- { os: windows-latest, ruby: head }
- { os: windows-latest, ruby: truffleruby }
- { os: windows-latest, ruby: truffleruby-head }
- { os: macos-latest, ruby: truffleruby }
- { os: ubuntu-20.04, ruby: truffleruby }
include:
- { os: windows-latest, ruby: ucrt }
- { os: windows-latest, ruby: mswin }
steps:
- name: repo checkout
uses: actions/checkout@v3
- name: load ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
- name: depends
run: bundle install
# Enable the verbose option in mkmf.rb to print the compiling commands.
- name: enable mkmf verbose
run: echo "MAKEFLAGS=V=1" >> $GITHUB_ENV
if: runner.os == 'Linux' || runner.os == 'macOS'
- name: set flags to check compiler warnings.
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV
if: ${{ !matrix.skip-warnings }}
# Enable provider search path for OpenSSL 3.0 in MSYS2.
# Remove when Ruby 3.2 build is updated
- name: enable windows provider search path
run: echo "OPENSSL_MODULES=$($env:RI_DEVKIT)\$($env:MSYSTEM_PREFIX)\lib\ossl-modules" >> $env:GITHUB_ENV
if: runner.os == 'Windows' && matrix.ruby == '3.2'
- name: compile
run: rake compile -- --enable-debug
- name: test
run: rake test TESTOPTS="-v --no-show-detail-immediately" OSSL_MDEBUG=1
timeout-minutes: 5
test-openssls:
name: >-
${{ matrix.openssl }} ${{ matrix.name-extra || '' }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
ruby: [ "3.0" ]
openssl:
# https://www.openssl.org/source/
- openssl-1.0.2u # EOL
- openssl-1.1.0l # EOL
- openssl-1.1.1v
- openssl-3.0.10
- openssl-3.1.2
# http://www.libressl.org/releases.html
- libressl-3.1.5 # EOL
- libressl-3.2.7 # EOL
- libressl-3.3.6 # EOL
- libressl-3.4.3 # EOL
- libressl-3.5.3 # EOL
- libressl-3.6.3
- libressl-3.7.3
- libressl-3.8.0 # Development release
fips-enabled: [ false ]
include:
- { os: ubuntu-latest, ruby: "3.0", openssl: openssl-3.0.10, fips-enabled: true, append-configure: 'enable-fips', name-extra: 'fips' }
- { os: ubuntu-latest, ruby: "3.0", openssl: openssl-3.1.2, fips-enabled: true, append-configure: 'enable-fips', name-extra: 'fips' }
- { os: ubuntu-latest, ruby: "3.0", openssl: openssl-head, git: 'git://git.openssl.org/openssl.git', branch: 'master' }
- { os: ubuntu-latest, ruby: "3.0", openssl: openssl-head, git: 'git://git.openssl.org/openssl.git', branch: 'master', fips-enabled: true, append-configure: 'enable-fips', name-extra: 'fips' }
steps:
- name: repo checkout
uses: actions/checkout@v3
- name: prepare openssl
run: |
# Enable Bash debugging option temporarily for debugging use.
set -x
mkdir -p tmp/build-openssl && cd tmp/build-openssl
case ${{ matrix.openssl }} in
openssl-*)
if [ -z "${{ matrix.git }}" ]; then
curl -OL https://ftp.openssl.org/source/${{ matrix.openssl }}.tar.gz
tar xf ${{ matrix.openssl }}.tar.gz && cd ${{ matrix.openssl }}
else
git clone -b ${{ matrix.branch }} --depth 1 ${{ matrix.git }} ${{ matrix.openssl }}
cd ${{ matrix.openssl }}
# Log the commit hash.
echo "Git commit: $(git rev-parse HEAD)"
fi
# shared is required for 1.0.x.
./Configure --prefix=$HOME/.openssl/${{ matrix.openssl }} --libdir=lib \
shared linux-x86_64 ${{ matrix.append-configure }}
make depend
;;
libressl-*)
curl -OL https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${{ matrix.openssl }}.tar.gz
tar xf ${{ matrix.openssl }}.tar.gz && cd ${{ matrix.openssl }}
./configure --prefix=$HOME/.openssl/${{ matrix.openssl }}
;;
*)
false
;;
esac
make -j4
make install_sw
- name: prepare openssl fips
run: make install_fips
working-directory: tmp/build-openssl/${{ matrix.openssl }}
if: matrix.fips-enabled
- name: set the open installed directory
run: >
sed -e "s|OPENSSL_DIR|$HOME/.openssl/${{ matrix.openssl }}|"
test/openssl/fixtures/ssl/openssl_fips.cnf.tmpl >
test/openssl/fixtures/ssl/openssl_fips.cnf
if: matrix.fips-enabled
- name: set openssl config file path for fips.
run: echo "OPENSSL_CONF=$(pwd)/test/openssl/fixtures/ssl/openssl_fips.cnf" >> $GITHUB_ENV
if: matrix.fips-enabled
- name: set fips environment variable for testing.
run: echo "TEST_RUBY_OPENSSL_FIPS_ENABLED=true" >> $GITHUB_ENV
if: matrix.fips-enabled
- name: load ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
- name: depends
run: bundle install
- name: enable mkmf verbose
run: echo "MAKEFLAGS=V=1" >> $GITHUB_ENV
if: runner.os == 'Linux' || runner.os == 'macOS'
- name: set flags to check compiler warnings.
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV
if: ${{ !matrix.skip-warnings }}
- name: compile
run: rake compile -- --enable-debug --with-openssl-dir=$HOME/.openssl/${{ matrix.openssl }}
- name: test
run: rake test TESTOPTS="-v --no-show-detail-immediately" OSSL_MDEBUG=1
timeout-minutes: 5
if: ${{ !matrix.fips-enabled }}
# Run only the passing tests on the FIPS mode as a temporary workaround.
# TODO Fix other tests, and run all the tests on FIPS mode.
- name: test on fips mode
run: |
ruby -I./lib -ropenssl \
-e 'Dir.glob "./test/openssl/{test_fips.rb,test_pkey.rb}", &method(:require)'
if: matrix.fips-enabled