Skip to content

Commit

Permalink
OSX path fixes (#140)
Browse files Browse the repository at this point in the history 
* OSX path fixes

* Setting DYLD_LIBRARY_PATH to LD_LIBRARY_PATH if not already set

* more CCI tests for OSX

* remove OpenSSL3 build dependencies for preinstalled OSSL

* remove nanny env var guards

* guard negative tests for unsupported OpenSSL version
  • Loading branch information
@baentsch
baentsch committed Jun 1, 2023
1 parent 2c7a06a commit 07107de
Show file tree
Hide file tree
Showing 8 changed files with 166 additions and 72 deletions.
140 changes: 103 additions & 37 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,48 +4,77 @@ version: 2.1
# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051
localCheckout: &localCheckout
run: |-
git config --global --add safe.directory /tmp/_circleci_local_build_repo
PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd)
mkdir -p ${PROJECT_PATH}
cd /tmp/_circleci_local_build_repo
git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
jobs:
ubuntu_focal:
ubuntu:
description: A template for running OQS-OpenSSL tests on x64 Ubuntu Docker VMs
parameters:
IMAGE:
description: "docker image to use."
type: string
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
OPENSSL_PREINSTALL:
description: "OpenSSL version preinstalled."
type: string
docker:
- image: openquantumsafe/ci-ubuntu-focal-x86_64:latest
- image: << parameters.IMAGE >>
steps:
- setup_remote_docker
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Clone and build liboqs (only STD algs)
name: Clone and build liboqs (<< parameters.CMAKE_ARGS >>)
command: |
git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git &&
cd liboqs && mkdir _build && cd _build &&
cmake -GNinja -DOQS_ALGS_ENABLED=STD -DCMAKE_INSTALL_PREFIX=$(pwd)/../../.local .. && ninja install &&
cd ..
- run:
name: Clone and build OpenSSL(3)
command: |
git clone --branch master git://git.openssl.org/openssl.git openssl &&
cd openssl && ./config --prefix=$(echo $(pwd)/../.local) && make -j 18 && make install_sw && cd ..
- run:
name: Build OQS-OpenSSL provider (only STD algs with QSC encoding support)
command: |
mkdir _build && cd _build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja
cmake -GNinja << parameters.CMAKE_ARGS >> -DCMAKE_INSTALL_PREFIX=$(pwd)/../../.local .. && ninja install &&
cd .. && cd .. && pwd
- when:
condition:
not:
equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ]
steps:
- run:
name: Clone and build OpenSSL(3)
command: |
git clone --branch master git://git.openssl.org/openssl.git openssl &&
cd openssl && ./config --prefix=$(echo $(pwd)/../.local) && make -j 18 && make install_sw && cd ..
- run:
name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >> with QSC encoding support)
command: |
mkdir _build && cd _build && cmake -GNinja << parameters.CMAKE_ARGS >> -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd ..
- when:
condition:
equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ]
steps:
- run:
name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >> with QSC encoding support)
command: |
mkdir _build && cd _build && cmake -GNinja << parameters.CMAKE_ARGS >> -DUSE_ENCODING_LIB=ON -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja && cd ..
- run:
name: Run tests
command: |
./scripts/runtests.sh -V
- run:
name: Run tests (with encodings, positive and negative test)
command: |
./scripts/runtests_encodings.sh -V
! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
- run:
name: Build OQS-OpenSSL provider (only STD algs) with NOPUBKEY_IN_PRIVKEY and QSC encoding support
./scripts/runtests_encodings.sh -V > log
if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
cat log
! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
else
cat log
fi
- run:
name: Build OQS-OpenSSL provider (<< parameters.CMAKE_ARGS >>) with NOPUBKEY_IN_PRIVKEY and QSC encoding support
command: |
rm -rf _build && mkdir _build && cd _build && cmake -GNinja -DNOPUBKEY_IN_PRIVKEY=ON -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja
rm -rf _build && mkdir _build && cd _build && cmake -GNinja << parameters.CMAKE_ARGS >> -DNOPUBKEY_IN_PRIVKEY=ON -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local .. && ninja
- run:
name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON)
command: |
Expand All @@ -54,69 +83,106 @@ jobs:
name: Run tests (-DNOPUBKEY_IN_PRIVKEY=ON, with encodings, positive and negative test)
command: |
./scripts/runtests_encodings.sh -V
! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
cat log
! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
else
cat log
fi
macOS:
description: A template for running tests on macOS
parameters:
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
OPENSSL_PREINSTALL:
description: "OpenSSL version preinstalled."
type: string
macos:
xcode: "13.2.1"
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Install dependencies
command: env HOMEBREW_NO_AUTO_UPDATE=1 brew install cmake ninja
command: env HOMEBREW_NO_AUTO_UPDATE=1 brew install cmake ninja << parameters.OPENSSL_PREINSTALL >>
- run:
name: Get system information
command: sysctl -a | grep machdep.cpu && cc --version
- run:
name: Clone and build liboqs
command: |
git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git &&
cd liboqs && mkdir _build && cd _build &&
cmake -GNinja -DCMAKE_INSTALL_PREFIX=$(pwd)/../../.local << parameters.CMAKE_ARGS >> .. && ninja install &&
cd ..
- run:
name: Clone and build OpenSSL(3) master
command: |
git clone --branch master git://git.openssl.org/openssl.git openssl &&
cd openssl && ./config --prefix=$(echo $(pwd)/../.local) && make -j 18 && make install_sw && cd ..
- run:
name: Build OQS-OpenSSL provider
command: |
mkdir _build && cd _build && cmake -GNinja -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local << parameters.CMAKE_ARGS >> .. && ninja
export LIBOQS_INSTALLPATH=$(pwd)/.local && cd liboqs && mkdir _build && cd _build &&
cmake -GNinja -DCMAKE_INSTALL_PREFIX=$LIBOQS_INSTALLPATH << parameters.CMAKE_ARGS >> .. && ninja install &&
cd .. && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$LIBOQS_INSTALLPATH/lib" >> "$BASH_ENV"
- when:
condition:
not:
equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ]
steps:
- run:
name: Clone and build OpenSSL(3) master
command: |
git clone --branch master git://git.openssl.org/openssl.git openssl &&
cd openssl && ./config --prefix=$(echo $(pwd)/../.local) && make -j 18 && make install_sw && cd ..
- run:
name: Build OQS-OpenSSL provider
command: |
export OPENSSL_INSTALL=$(pwd)/.local && mkdir _build && cd _build && cmake -GNinja -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local << parameters.CMAKE_ARGS >> .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV"
- when:
condition:
equal: [ openssl@3, << parameters.OPENSSL_PREINSTALL >> ]
steps:
- run:
name: Build OQS-OpenSSL provider
command: |
export OPENSSL_INSTALL=`brew config | grep HOMEBREW_PREFIX | sed -e "s/HOMEBREW_PREFIX: //g"`/opt/openssl@3 && mkdir _build && cd _build && liboqs_DIR=`pwd`/../.local cmake -GNinja -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL .. && ninja && echo "export OPENSSL_INSTALL=$OPENSSL_INSTALL" >> "$BASH_ENV" && cd .. && echo "export DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$OPENSSL_INSTALL/lib" >> "$BASH_ENV"
- run:
name: Run tests
command: |
./scripts/runtests.sh -V
- run:
name: Build OQS-OpenSSL provider with QSC encoding support
command: |
rm -rf _build && mkdir _build && cd _build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$(pwd)/../.local -DCMAKE_PREFIX_PATH=$(pwd)/../.local << parameters.CMAKE_ARGS >> .. && ninja
rm -rf _build && mkdir _build && cd _build && cmake -GNinja -DUSE_ENCODING_LIB=ON -DOPENSSL_ROOT_DIR=$OPENSSL_INSTALL -DCMAKE_PREFIX_PATH=$(pwd)/../.local << parameters.CMAKE_ARGS >> .. && ninja
- run:
name: Run tests
command: |
./scripts/runtests.sh -V
- run:
name: Run tests (with encodings)
command: |
./scripts/runtests_encodings.sh -V
! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
./scripts/runtests_encodings.sh -V > log
if [ grep "Skipping testing of buggy OpenSSL" -eq 1 ]; then
cat log
! OQS_ENCODING_DILITHIUM2=foo OQS_ENCODING_DILITHIUM2_ALGNAME=bar ./scripts/runtests.sh -V
else
cat log
fi
workflows:
version: 2.1
build:
jobs:
- ubuntu_focal:
- ubuntu:
name: ubuntu-focal
context: openquantumsafe
IMAGE: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF
OPENSSL_PREINSTALL: openssl@1
- ubuntu:
name: ubuntu-jammy
context: openquantumsafe
IMAGE: openquantumsafe/ci-ubuntu-jammy:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD
OPENSSL_PREINSTALL: openssl@3
- macOS:
name: macOS-noopenssl
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF
OPENSSL_PREINSTALL: openssl
- macOS:
name: macOS-shared
CMAKE_ARGS: -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF -DOQS_ENABLE_KEM_CLASSIC_MCELIECE=OFF
OPENSSL_PREINSTALL: openssl@3

10 changes: 8 additions & 2 deletions scripts/fullbuild.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,12 @@
# EnvVar OPENSSL_INSTALL: If set, defines (binary) OpenSSL installation to use
# EnvVar OPENSSL_BRANCH: Defines branch/release of openssl; if set, forces source-build of OpenSSL3

if [[ "$OSTYPE" == "darwin"* ]]; then
SHLIBEXT="dylib"
else
SHLIBEXT="so"
fi

if [ $# -gt 0 ]; then
if [ "$1" == "-f" ]; then
rm -rf _build
Expand Down Expand Up @@ -88,8 +94,8 @@ if [ ! -f ".local/lib/liboqs.a" ]; then
fi

# Check whether provider is built:
if [ ! -f "_build/oqsprov/oqsprovider.so" ]; then
echo "oqsprovider not built: Building..."
if [ ! -f "_build/lib/oqsprovider.$SHLIBEXT" ]; then
echo "oqsprovider (_build/lib/oqsprovider.$SHLIBEXT) not built: Building..."
# for full debug build add: -DCMAKE_BUILD_TYPE=Debug
BUILD_TYPE="-DCMAKE_BUILD_TYPE=Debug"
# for omitting public key in private keys add -DNOPUBKEY_IN_PRIVKEY=ON
Expand Down
9 changes: 4 additions & 5 deletions scripts/oqsprovider-ca.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,12 @@ if [ -z "$OPENSSL_APP" ]; then
fi

if [ -z "$OPENSSL_MODULES" ]; then
echo "OPENSSL_MODULES env var not set. Exiting."
exit 1
echo "Warning: OPENSSL_MODULES env var not set."
fi

if [ -z "$LD_LIBRARY_PATH" ]; then
echo "LD_LIBRARY_PATH env var not set. Exiting."
exit 1
# Set OSX DYLD_LIBRARY_PATH if not already externally set
if [ -z "$DYLD_LIBRARY_PATH" ]; then
export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
fi

echo "oqsprovider-ca.sh commencing..."
Expand Down
9 changes: 4 additions & 5 deletions scripts/oqsprovider-certgen.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,12 @@ if [ -z "$OPENSSL_APP" ]; then
fi

if [ -z "$OPENSSL_MODULES" ]; then
echo "OPENSSL_MODULES env var not set. Exiting."
exit 1
echo "Warning: OPENSSL_MODULES env var not set."
fi

if [ -z "$LD_LIBRARY_PATH" ]; then
echo "LD_LIBRARY_PATH env var not set. Exiting."
exit 1
# Set OSX DYLD_LIBRARY_PATH if not already externally set
if [ -z "$DYLD_LIBRARY_PATH" ]; then
export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
fi

echo "oqsprovider-certgen.sh commencing..."
Expand Down
9 changes: 4 additions & 5 deletions scripts/oqsprovider-certverify.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,12 @@ if [ -z "$OPENSSL_APP" ]; then
fi

if [ -z "$OPENSSL_MODULES" ]; then
echo "OPENSSL_MODULES env var not set. Exiting."
exit 1
echo "Warning: OPENSSL_MODULES env var not set."
fi

if [ -z "$LD_LIBRARY_PATH" ]; then
echo "LD_LIBRARY_PATH env var not set. Exiting."
exit 1
# Set OSX DYLD_LIBRARY_PATH if not already externally set
if [ -z "$DYLD_LIBRARY_PATH" ]; then
export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
fi

echo "oqsprovider-certverify.sh commencing..."
Expand Down
9 changes: 4 additions & 5 deletions scripts/oqsprovider-cmssign.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,12 @@ if [ -z "$OPENSSL_APP" ]; then
fi

if [ -z "$OPENSSL_MODULES" ]; then
echo "OPENSSL_MODULES env var not set. Exiting."
exit 1
echo "Warning: OPENSSL_MODULES env var not set."
fi

if [ -z "$LD_LIBRARY_PATH" ]; then
echo "LD_LIBRARY_PATH env var not set. Exiting."
exit 1
# Set OSX DYLD_LIBRARY_PATH if not already externally set
if [ -z "$DYLD_LIBRARY_PATH" ]; then
export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
fi

# Assumes certgen has been run before: Quick check
Expand Down
9 changes: 4 additions & 5 deletions scripts/oqsprovider-cmsverify.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,12 @@ if [ -z "$OPENSSL_APP" ]; then
fi

if [ -z "$OPENSSL_MODULES" ]; then
echo "OPENSSL_MODULES env var not set. Exiting."
exit 1
echo "Warning: OPENSSL_MODULES env var not set."
fi

if [ -z "$LD_LIBRARY_PATH" ]; then
echo "LD_LIBRARY_PATH env var not set. Exiting."
exit 1
# Set OSX DYLD_LIBRARY_PATH if not already externally set
if [ -z "$DYLD_LIBRARY_PATH" ]; then
export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
fi

openssl_version=$($OPENSSL_APP version)
Expand Down
Loading

0 comments on commit 07107de

Please sign in to comment.