Skip to content

Update aws-lc-fips-sys to v0.13.0, align w/ AWS-LC-FIPS-3.0.0 #37

Update aws-lc-fips-sys to v0.13.0, align w/ AWS-LC-FIPS-3.0.0

Update aws-lc-fips-sys to v0.13.0, align w/ AWS-LC-FIPS-3.0.0 #37

Workflow file for this run

name: compilers
on:
push:
branches:
- '*'
- '!generate/aws-lc-*'
pull_request:
branches:
- '*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
env:
RUST_BACKTRACE: 1
# We can pin the version if nightly is too unstable.
# Otherwise, we test against the latest version.
RUST_NIGHTLY_TOOLCHAIN: nightly
jobs:
aws-lc-rs-2004-gcc:
if: github.repository_owner == 'aws'
name: GCC ${{ matrix.gcc_version }} - CMake ${{ matrix.cmake }} - FIPS ${{ matrix.fips }}
runs-on: ubuntu-20.04
env:
AWS_LC_SYS_CMAKE_BUILDER: ${{ matrix.cmake }}
strategy:
fail-fast: false
matrix:
cmake: [ '0', '1' ]
gcc_version: [ '7', '8' ]
fips: [ '0', '1' ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: stable
- name: Set up GCC
uses: egor-tensin/setup-gcc@v1.3
with:
version: ${{ matrix.gcc_version }}
platform: x64
- if: matrix.fips == '1'
uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Run cargo test (debug)
run: cargo test -p aws-lc-rs --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
- name: Run cargo test (release)
run: cargo test -p aws-lc-rs --release --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
# The steps below verify that we're successfully using `-ffile-prefix-map`
# to remove build environment paths from the resulting library.
- if: ${{ matrix.gcc_version == '8' }}
name: Verify paths found in debug build
run: |
DEBUG_LIBCRYPTO=$(find ./target/debug -name "libaws_lc_*_crypto.a")
if strings ${DEBUG_LIBCRYPTO} | grep runner; then
exit 0; # SUCCESS
else
exit 1; # FAIL - we expected to find "runner" (i.e., a path)
fi
# TODO: Due to the nature of the FIPS build (e.g., its dynamic generation of
# assembly files and its custom compilation commands within CMake), not all
# source paths are stripped from the resulting binary.
- if: ${{ matrix.gcc_version == '8' && matrix.fips == '0' }}
name: Verify paths not found in release build
run: |
RELEASE_LIBCRYPTO=$(find ./target/release -name "libaws_lc_*_crypto.a")
if strings ${RELEASE_LIBCRYPTO} | grep runner; then
exit 1; # FAIL - we did not expect to find "runner" (i.e., a path)
else
exit 0; # SUCCESS
fi
aws-lc-rs-1804-gcc:
if: github.repository_owner == 'aws'
name: GCC ${{ matrix.gcc_version }} - CMake ${{ matrix.cmake }} - FIPS ${{ matrix.fips }}
runs-on: ubuntu-20.04
container:
image: ubuntu:18.04
env:
AWS_LC_SYS_CMAKE_BUILDER: ${{ matrix.cmake }}
strategy:
fail-fast: false
matrix:
cmake: [ '0', '1' ]
gcc_version: [ '4.8', '5', '6' ]
fips: [ '0', '1' ]
steps:
- run: |
apt-get update
apt-get install -y ca-certificates
apt-get install -y cmake curl sudo
apt-get install -y --no-install-recommends gpg-agent software-properties-common
apt-add-repository --yes ppa:git-core/ppa
add-apt-repository --yes ppa:longsleep/golang-backports
apt-get update
apt-get install -y build-essential git golang-go
curl -L -O -J https://github.com/PowerShell/PowerShell/releases/download/v7.2.23/powershell_7.2.23-1.deb_amd64.deb
dpkg -i powershell_7.2.23-1.deb_amd64.deb
apt-get install -f
rm powershell_7.2.23-1.deb_amd64.deb
- name: Checkout
run: |
git config --global --add safe.directory '*'
git clone --recursive ${{ github.server_url }}/${{ github.repository }}.git .
git fetch origin ${{ github.sha }}
git checkout --recurse-submodules -b ci-job ${{ github.sha }}
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: stable
- name: Set up GCC
uses: egor-tensin/setup-gcc@v1.3
with:
version: ${{ matrix.gcc_version }}
platform: x64
- name: Run cargo test (debug)
run: cargo test -p aws-lc-rs --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
- name: Run cargo test (release)
run: cargo test -p aws-lc-rs --release --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
aws-lc-rs-c-std-test:
if: github.repository_owner == 'aws'
name: C-std ${{ matrix.os }} - ${{ matrix.c_std }} - Force CMake ${{ matrix.cmake }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
c_std: [ "11", "99" ]
cmake: [ '0', '1' ]
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: stable
- run: |
echo 'export AWS_LC_SYS_CMAKE_BUILDER=${{ matrix.cmake }}' >> "$GITHUB_ENV"
- name: Run cargo test
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_PREBUILT_NASM: 1
AWS_LC_SYS_C_STD: ${{ matrix.c_std }}
run: cargo test --all-targets --features unstable