From 802f224a9f4b2af6bb2500d7d689a4870e440581 Mon Sep 17 00:00:00 2001 From: Eduardo Ponz Segrelles Date: Wed, 28 Jun 2023 14:46:21 +0200 Subject: [PATCH] Fix Github Windows CI (#3616) * Refs #19014: Fix windows exception Signed-off-by: Eduardo Ponz * Refs #19014: Run github windows CI with security Signed-off-by: Eduardo Ponz * Refs #19014: Fix secure_ds_pubsub_secure_crypto_communication.py Signed-off-by: Eduardo Ponz * Refs #19014: Exit with 0 it EX_OK does not exist Signed-off-by: Eduardo Ponz * Refs #19014: adding softhsm2-util to path Signed-off-by: Miguel Barro * Refs #19014: Correctly propagate path between steps Signed-off-by: Eduardo Ponz * Refs #19014: Check softhsm with --help option Signed-off-by: Eduardo Ponz * Refs #19014. Add SOFTHSM2_CONF to fix softhsm2 operation Signed-off-by: Miguel Barro --------- Signed-off-by: Eduardo Ponz Signed-off-by: Miguel Barro Co-authored-by: Miguel Barro --- .github/workflows/config/default_ci.meta | 1 + .github/workflows/reusable-windows-ci.yml | 51 +++++++++++++------ ...e_ds_pubsub_secure_crypto_communication.py | 11 +++- ...e_ds_pubsub_secure_crypto_communication.py | 10 +++- 4 files changed, 54 insertions(+), 19 deletions(-) diff --git a/.github/workflows/config/default_ci.meta b/.github/workflows/config/default_ci.meta index f74f2d8e8cd..d600647118c 100644 --- a/.github/workflows/config/default_ci.meta +++ b/.github/workflows/config/default_ci.meta @@ -11,6 +11,7 @@ "-DFASTDDS_PIM_API_TESTS=ON", "-DPERFORMANCE_TESTS=ON", "-DNO_TLS=ON", + "-DSECURITY=ON", "-DMEMORYCHECK_COMMAND_OPTIONS=-q --tool=memcheck --leak-check=yes --show-reachable=yes --num-callers=50 --log-fd=2 --error-exitcode=1", "-DMEMORYCHECK_SUPPRESSIONS_FILE=../../src/fastrtps/valgrind.supp" diff --git a/.github/workflows/reusable-windows-ci.yml b/.github/workflows/reusable-windows-ci.yml index 316e9b6d3eb..f063e9dd604 100644 --- a/.github/workflows/reusable-windows-ci.yml +++ b/.github/workflows/reusable-windows-ci.yml @@ -248,14 +248,13 @@ jobs: # Install the HSM emulator (required for testing PKCS #11 support) $urlHSM = "https://github.com/disig/SoftHSM2-for-Windows/releases/download/v2.5.0/SoftHSM2-2.5.0.msi" $msiHSM = "$Env:tmp\SoftHSM2-2.5.0.msi" - iwr $urlHSM -OutFile $msiHSM - msiexec /i $msiHSM /quiet TARGETDIR="""${Env:ProgramFiles(x86)}""" - $Env:SOFTHSM2_ROOT = Join-Path "${Env:ProgramFiles(x86)}" SoftHSM2 - 'SOFTHSM2_ROOT=' + $Env:SOFTHSM2_ROOT | Out-File $Env:GITHUB_ENV -Append -Encoding OEM + msiexec /i $msiHSM /log "$Env:tmp\SoftHSM2.log" /quiet TARGETDIR="""${Env:ProgramFiles(x86)}""" + + # move to pkcs11 installation while msiexec installs softhsm2 # Build pkcs11 library - $deploy_dir = "$Env:ProgramFiles\libp11" + $deploy_dir = "$Env:ProgramFiles/libp11" git clone https://github.com/OpenSC/libp11.git $deploy_dir $deploy_dir = gi $deploy_dir @@ -269,11 +268,23 @@ jobs: nmake .\Makefile.mak OPENSSL_DIR="$Env:OPENSSL64_ROOT" BUILD_FOR=WIN64 $config = ls -Path "$Env:OPENSSL64_ROOT" -Recurse -Include openssl.cnf; $libp11_path = Join-Path $deploy_dir src - 'LibP11_ROOT_64=' + $libp11_path | Out-File $Env:GITHUB_ENV -Append -Encoding OEM - # Wait until installation is completed - Wait-Process -Name msiexec -ErrorAction SilentlyContinue - del $msiHSM + # Check softhsm2 installation + if (!(sls -Path "$Env:tmp\SoftHSM2.log" -Pattern "Installation success or error status: 0" -SimpleMatch -Quiet)) + { + Write-Error -Message "SoftHSM2 installation failed." + } + + # lead openssl to the right config file + $Env:OPENSSL_CONF=$config + + # Set up environment: introduce openssl and softhsm2 binaries in the path for the lower check + $Env:SOFTHSM2_ROOT = Join-Path "${Env:ProgramFiles(x86)}" SoftHSM2 + $Env:SOFTHSM2_CONF = (gci -Path $Env:SOFTHSM2_ROOT -R -Filter *.conf | select -First 1).fullname + $Env:Path += ($env:Path[-1] -ne ';' ? ';' : $null) + (Join-Path $Env:SOFTHSM2_ROOT bin) + $Env:Path += ";" + (Join-Path $Env:SOFTHSM2_ROOT lib) + $Env:Path += ";" + (Join-Path $Env:OPENSSL64_ROOT bin) + $Env:Path += ";" + $libp11_path # Set up OpenSSL $module_path = gci -Path $Env:SOFTHSM2_ROOT -Recurse -Include '*.dll' | ? FullName -match 64 @@ -298,14 +309,24 @@ jobs: ($contents[0..$header_line] + $header + $contents[$header_line..$contents.count] + $footer) | % { $_.TrimStart() } | Out-File $config -Encoding OEM; - # lead openssl to the right config file - $Env:OPENSSL_CONF=$config + # Check config file + Get-Content $config - # introduce openssl binary in the path for the lower check - $Env:Path += ";$Env:OPENSSL64_ROOT\bin" + # Propagate to the other steps using github actions ad hoc files + ('LibP11_ROOT_64=' + $libp11_path ), + ('OPENSSL_CONF=' + $Env:OPENSSL_CONF), + ('SOFTHSM2_ROOT=' + $Env:SOFTHSM2_ROOT), + ('SOFTHSM2_CONF=' + $Env:SOFTHSM2_CONF ) | + Out-File -Path $Env:GITHUB_ENV -Append -Encoding OEM + + # keep softhsm2-util working in the testing + (Join-path $Env:SOFTHSM2_ROOT bin), + (Join-path $Env:SOFTHSM2_ROOT lib), + $libp11_path | Out-File -Path $Env:GITHUB_PATH -Encoding OEM -Append # check if is working openssl engine pkcs11 -t + softhsm2-util --show-slots - name: Prepare colcon workspace run: | @@ -615,14 +636,14 @@ jobs: gci $dumpfolder | Sort-Object LastWriteTime "::endgroup::" } - + if($failed) { $msg = "$failed test(s) failed" "TestErrors=" + $msg | Out-File $Env:GITHUB_OUTPUT -Append Write-Error $msg; } - + # Avoid disturbing exit code 1 message $LASTEXITCODE=0 diff --git a/test/communication/multiple_secure_ds_pubsub_secure_crypto_communication.py b/test/communication/multiple_secure_ds_pubsub_secure_crypto_communication.py index 59c66586537..d519558eeac 100644 --- a/test/communication/multiple_secure_ds_pubsub_secure_crypto_communication.py +++ b/test/communication/multiple_secure_ds_pubsub_secure_crypto_communication.py @@ -203,12 +203,19 @@ def run(args): sub_proc.kill() pub_proc.kill() [ds_proc.kill() for ds_proc in ds_procs] - sys.exit(os.EX_SOFTWARE) + try: + sys.exit(os.EX_SOFTWARE) + except AttributeError: + sys.exit(1) + pub_proc.kill() ds_proc.kill() [ds_proc.kill() for ds_proc in ds_procs] - sys.exit(os.EX_OK) + try: + sys.exit(os.EX_OK) + except AttributeError: + sys.exit(0) if __name__ == '__main__': diff --git a/test/communication/secure_ds_pubsub_secure_crypto_communication.py b/test/communication/secure_ds_pubsub_secure_crypto_communication.py index c927ad12f3e..d28a673deca 100644 --- a/test/communication/secure_ds_pubsub_secure_crypto_communication.py +++ b/test/communication/secure_ds_pubsub_secure_crypto_communication.py @@ -202,12 +202,18 @@ def run(args): sub_proc.kill() pub_proc.kill() ds_proc.kill() - sys.exit(os.EX_SOFTWARE) + try: + sys.exit(os.EX_SOFTWARE) + except AttributeError: + sys.exit(1) pub_proc.kill() ds_proc.kill() - sys.exit(os.EX_OK) + try: + sys.exit(os.EX_OK) + except AttributeError: + sys.exit(0) if __name__ == '__main__':