-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCS#11 testsuite #1224
PKCS#11 testsuite #1224
Conversation
The travis build fails, because it does not have cmocka package. Not sure if it is better to introduce configure condition and do not build it in travis, or download and install it during the build time. Probably combination of both of them so it is also tested, but not mandatory for all builds. |
if [[ ! -z "$2" && -f "$2" ]]; then | ||
P11LIB="$2" | ||
else | ||
P11LIB="/usr/lib64/pkcs11/opensc-pkcs11.so" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
superfluous assignment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The paths is not used only in the pkcs11-tool
, but also for others, including PKCS11SPY
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, thanks.
That's quite a lot of work done, thanks! It looks OK on first glance, but I'll need to get back to this later. Yes, you could test for cmocka in configure.ac which enables p11test conditionally. Maybe this would be a good opportunity to create a configure switch Can some of the tests be put into Does it make sense to call |
Thank you for the comments. I see that it is a lot of code so I don't expect it to be reviewed overnight. The tests in We can argue that Run the |
7148605
to
6ee2308
Compare
Now it builds fine on Linux, but it still needs some adjustments on osx, because I don't know how to install cmocka correctly there (it has probably some different default paths for pkgconfig and probably others). Pointers welcomed.
But this error is not fatal and it falls back to building without tests. |
I think the prefix should be /usr/local on macOS. Isn't there a brew package of cmocka? |
Is there some documentation available for setting up a test worker? |
When I was searching for it last time, I didn't find it in either Ubuntu nor OSX, but now I find in in both of them so have a look what is going to happen with the last commit.
It probably depends on platform, but from gitlab, with GitLab CI Runner, it is matter of install a package and set up the runner with the token from the gitlab administration: https://docs.gitlab.com/runner/install/ How I run the testsuite there is visible in your .gitlab-ci.yml: https://gitlab.com/redhat-sectech/OpenSC/blob/master/.gitlab-ci.yml |
.travis.yml
Outdated
@@ -1,6 +1,6 @@ | |||
language: c | |||
|
|||
sudo: false | |||
sudo: required |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this still required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should not be needed, if the installation from repositories worked (the last build was success including the installation of cmocka, so I will remove this line).
… it with certificate)
readonly: Typos, reformat
Do not attempt to build tests if cmocka is not available or --enable-tests is provided. It makes also more lightweight release builds out of the box (or with --disable-tests).
3302329
to
31570dd
Compare
ping. I rebased this PR on the current master changes. Would not this help in testing the new release? Is there something that could be improved? This could be helpful for others to gather results of their testing in the common format. |
As I announced some time ago [1] I was looking into a quite standalone PKCS#11 testsuite. We run this testsuite nightly (on upstream changes) for over a year now for our CAC and Coolkey cards and produce simple status badge, that would be nice to have also for other cards and in upstream:
![](https://camo.githubusercontent.com/08a1bbe3634d30ede3a19e46ef7ceb59b052525f2a05b5bbe118d8a7a7827b42/68747470733a2f2f6769746c61622e636f6d2f7265646861742d736563746563682f4f70656e53432f6261646765732f6d61737465722f6275696c642e737667)
If others have a spare card, reader and machine, they can do the same, quite irrespective to their platform of choice. Or at least running something like this on new supported cards or suppose-supported cards before release should also improve the releases avoiding regressions.
The tests work with common RSA keys and mechanisms as well as with ECC keys. Currently, there is also support for RSA-PSS and OAEP mechanisms that was verified against soft opencryptoki and softhsm software tokens, since there are no support for these mechanisms in OpenSC yet, but it can be a good base for it in future. It can also generate JSON report, which can be simply compared against last run and notice (unwanted) changes.
The commits represent the progress over time and evolution of the tool and might not be necessarily useful, since the features, fixes and refactoring was done somehow iterative.
The build passes with current Fedora 27 (OpenSSL 1.1.0) and RHEL7 (OpenSSL 1.0.2).
Comments, ideas, improvements, additions welcomed.
[1] https://sourceforge.net/p/opensc/mailman/message/35091170/
[2] https://gitlab.com/redhat-sectech/OpenSC/pipelines
Checklist