Skip to content

CI: Simplify kryoptic build #711

CI: Simplify kryoptic build

CI: Simplify kryoptic build #711

---
name: Address sanitizer
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
jobs:
build:
name: CI with Address Sanitizer
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
name: [fedora, debian]
include:
- name: fedora
container: fedora:latest
- name: debian
container: debian:sid
container: ${{ matrix.container }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Install Dependencies
run: |
if [ -f /etc/fedora-release ]; then
dnf -y install git clang gcc pkgconf-pkg-config meson \
openssl-devel openssl diffutils expect \
softhsm opensc p11-kit-devel p11-kit-server gnutls-utils \
nss-softokn nss-tools nss-softokn-devel \
dnf-command\(debuginfo-install\) libasan
dnf -y debuginfo-install openssl
elif [ -f /etc/debian_version ]; then
cat .github/sid.debug.list > /etc/apt/sources.list.d/debug.list
apt-get -q update
apt-get -yq install git gcc clang meson \
pkg-config libssl-dev openssl expect \
procps libnss3 libnss3-tools libnss3-dev softhsm2 opensc p11-kit \
libp11-kit-dev p11-kit-modules gnutls-bin \
openssl-dbgsym libssl3t64-dbgsym
fi
- name: Setup
# The detection on debian works ok, but on Fedora, we get linker script,
# that is not compatible with LD_PRELOAD so we force the absolute path.
run: |
if [ -f /etc/fedora-release ]; then
CC=gcc \
meson setup builddir -Db_sanitize=address -Dpreload_libasan=/usr/lib64/libasan.so.8.0.0
elif [ -f /etc/debian_version ]; then
CC=gcc \
meson setup builddir -Db_sanitize=address -Dpreload_libasan=/usr/lib/x86_64-linux-gnu/libasan.so.8.0.0
fi
- name: Build and Test
# note, that this intentionally does not initialize submodules as
# the tlsfuzzer test does not work under address sanitizer well
run: |
meson compile -C builddir
meson test --num-processes 1 -C builddir
- uses: actions/upload-artifact@v4
if: failure()
with:
name: Address sanitizer logs on ${{ matrix.name }}
path: |
builddir/meson-logs/
builddir/tests/*.log
builddir/tests/tmp.${{ matrix.token }}/p11prov-debug.log
builddir/tests/tmp.${{ matrix.token }}/testvars
builddir/tests/tmp.${{ matrix.token }}/openssl.cnf