Add basic tlsfuzzer tests #687
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Address sanitizer | |
on: | |
push: | |
branches: ["main"] | |
pull_request: | |
branches: ["main"] | |
jobs: | |
build: | |
name: CI with Address Sanitizer | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
name: [fedora, debian] | |
include: | |
- name: fedora | |
container: fedora:latest | |
- name: debian | |
container: debian:sid | |
container: ${{ matrix.container }} | |
steps: | |
- name: Install Dependencies | |
run: | | |
if [ -f /etc/fedora-release ]; then | |
dnf -y install git clang gcc pkgconf-pkg-config meson \ | |
openssl-devel openssl diffutils expect python3 python3-six \ | |
softhsm opensc p11-kit-devel p11-kit-server gnutls-utils \ | |
nss-softokn nss-tools nss-softokn-devel \ | |
dnf-command\(debuginfo-install\) libasan | |
dnf -y debuginfo-install openssl | |
elif [ -f /etc/debian_version ]; then | |
apt-get -q update | |
apt-get -yq install git gcc clang meson \ | |
pkg-config libssl-dev openssl expect \ | |
procps libnss3 libnss3-tools libnss3-dev softhsm2 opensc p11-kit \ | |
libp11-kit-dev p11-kit-modules gnutls-bin | |
fi | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Install Debug symbols on Debian | |
run: | | |
if [ -f /etc/debian_version ]; then | |
cat .github/sid.debug.list > /etc/apt/sources.list.d/debug.list | |
apt-get -q update | |
apt-get -yq install openssl-dbgsym libssl3t64-dbgsym | |
fi | |
- name: Setup | |
# The detection on debian works ok, but on Fedora, we get linker script, | |
# that is not compabitlbe with LD_PRELOAD so we force the absolute path. | |
run: | | |
git config --global --add safe.directory \ | |
/__w/pkcs11-provider/pkcs11-provider | |
git submodule update --init | |
if [ -f /etc/fedora-release ]; then | |
CC=gcc \ | |
meson setup builddir -Db_sanitize=address -Dpreload_libasan=/usr/lib64/libasan.so.8.0.0 | |
elif [ -f /etc/debian_version ]; then | |
CC=gcc \ | |
meson setup builddir -Db_sanitize=address -Dpreload_libasan=/usr/lib/x86_64-linux-gnu/libasan.so.8.0.0 | |
fi | |
- name: Build and Test | |
run: | | |
meson compile -C builddir | |
meson test --num-processes 1 -C builddir | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: Address sanitizer logs on ${{ matrix.name }} | |
path: | | |
builddir/meson-logs/ | |
builddir/tests/*.log | |
builddir/tests/tmp.${{ matrix.token }}/p11prov-debug.log | |
builddir/tests/tmp.${{ matrix.token }}/testvars | |
builddir/tests/tmp.${{ matrix.token }}/openssl.cnf | |