latchset · simo5 · Aug 29, 2024 · Aug 26, 2024 · Aug 27, 2024 · Aug 28, 2024
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -37,31 +37,45 @@ jobs:
               dnf -y install $dnf_opts \
                 git ${{ matrix.compiler }} meson \
                 pkgconf-pkg-config openssl-devel openssl \
-                diffutils expect valgrind
+                diffutils expect valgrind opensc gnutls-utils
               if [ "${{ matrix.token }}" = "softokn" ]; then
-                dnf -y install nss-softokn nss-tools nss-softokn-devel
+                dnf -y install nss-softokn nss-tools nss-softokn-devel \
+                  nss-devel
               elif [ "${{ matrix.token }}" = "softhsm" ]; then
-                dnf -y install softhsm opensc p11-kit-devel p11-kit-server \
-                  gnutls-utils
+                dnf -y install softhsm p11-kit-devel
               fi
             elif [ -f /etc/debian_version ]; then
               apt-get -q update
               apt-get -yq install git ${{ matrix.compiler }} meson \
                 pkg-config libssl-dev openssl expect \
-                valgrind procps
+                valgrind procps opensc gnutls-bin
               if [ "${{ matrix.token }}" = "softokn" ]; then
                 apt-get -yq install libnss3 libnss3-tools libnss3-dev
               elif [ "${{ matrix.token }}" = "softhsm" ]; then
-                apt-get -yq install softhsm2 opensc p11-kit libp11-kit-dev \
-                  p11-kit-modules gnutls-bin
+                apt-get -yq install softhsm2 p11-kit libp11-kit-dev \
+                  p11-kit-modules
               fi
             fi
+      - name: Check NSS version
+        id: nss-version-check
+        run: |
+          if [ "${{ matrix.name }}" = "centos" ]; then
+            if [ "${{ matrix.token }}" = "softokn" ]; then
+              NSSMINVER=`nss-config --version nss | cut -d '.' -f 2`
+              if [ $NSSMINVER -lt 101 ]; then
+                echo "skiptest=true" >> $GITHUB_OUTPUT
+              fi
+            fi
+          fi
       - name: Checkout Repository
+        if : ( steps.nss-version-check.outputs.skiptest != 'true' )
         uses: actions/checkout@v4
       - name: Setup
+        if : ( steps.nss-version-check.outputs.skiptest != 'true' )
         run: |
           CC=${{ matrix.compiler }} meson setup builddir
       - name: Build and Test
+        if : ( steps.nss-version-check.outputs.skiptest != 'true' )
         run: |
           meson compile -C builddir
           meson test --num-processes 1 -C builddir
@@ -75,6 +89,7 @@ jobs:
             builddir/tests/tmp.${{ matrix.token }}/testvars
             builddir/tests/tmp.${{ matrix.token }}/openssl.cnf
       - name: Run tests with valgrind
+        if : ( steps.nss-version-check.outputs.skiptest != 'true' )
         run: |
             if [ "${{ matrix.compiler }}" = "gcc" ]; then
               meson test --num-processes 1 -C builddir --setup=valgrind
@@ -103,13 +118,13 @@ jobs:
           brew install \
             meson \
             openssl@3 \
-            pkg-config
+            pkg-config \
+            opensc \
+            p11-kit
           if [ "${{ matrix.token }}" = "softokn" ]; then
             brew install nss
           elif [ "${{ matrix.token }}" = "softhsm" ]; then
             brew install \
-              opensc \
-              p11-kit \
               softhsm
           fi
       - name: Checkout Repository

diff --git a/packaging/pkcs11-provider.spec b/packaging/pkcs11-provider.spec
@@ -29,7 +29,6 @@ BuildRequires: openssl
 BuildRequires: softhsm
 BuildRequires: opensc
 BuildRequires: p11-kit-devel
-BuildRequires: p11-kit-server
 BuildRequires: gnutls-utils
 BuildRequires: xz
 BuildRequires: expect

diff --git a/tests/integration/bind.sh b/tests/integration/bind.sh
@@ -17,7 +17,7 @@ install_dependencies()
     dnf install -y --skip-broken \
         meson \
         p11-kit httpd mod_ssl openssl-devel gnutls-utils nss-tools \
-        p11-kit-devel p11-kit-server opensc softhsm-devel procps-ng \
+        p11-kit-devel opensc softhsm-devel procps-ng \
         openssl util-linux bind9-next opensc
 }
 

diff --git a/tests/integration/httpd.sh b/tests/integration/httpd.sh
@@ -19,7 +19,7 @@ install_dependencies()
     dnf install -y --skip-broken \
         meson \
         p11-kit httpd mod_ssl openssl-devel gnutls-utils nss-tools \
-        p11-kit-devel p11-kit-server opensc softhsm-devel procps-ng \
+        p11-kit-devel opensc softhsm-devel procps-ng \
         openssl util-linux
 }
 

diff --git a/tests/kryoptic-init.sh b/tests/kryoptic-init.sh
@@ -0,0 +1,42 @@
+#!/bin/bash -e
+# Copyright (C) 2024 Simo Sorce <[email protected]>
+# SPDX-License-Identifier: Apache-2.0
+
+title SECTION "Searching for Kryoptic module"
+
+find_kryoptic() {
+    for _lib in "$@" ; do
+        if test -f "$_lib" ; then
+            echo "Using kryoptic path $_lib"
+            P11LIB="$_lib"
+            return
+        fi
+    done
+    echo "skipped: Unable to find kryoptic PKCS#11 library"
+    exit 0
+}
+
+find_kryoptic \
+    "${KRYOPTIC}/target/debug/libkryoptic_pkcs11.so" \
+    "${KRYOPTIC}/target/release/libkryoptic_pkcs11.so" \
+    /usr/local/lib/kryoptic/libkryoptic_pkcs11so \
+    /usr/lib64/pkcs11/libkryoptic_pkcs11.so \
+    /usr/lib/pkcs11/libkryoptic_pkcs11.so \
+    /usr/lib/x86_64-linux-gnu/kryoptic/libkryoptic_pkcs11.so
+
+title LINE "Creating Kyroptic database"
+
+# Kryoptic configuration
+export KRYOPTIC_CONF="$TOKDIR/kryoptic.sql"
+
+export TOKENLABEL="Kryoptic Token"
+export TOKENLABELURI="Kryoptic%20Token"
+
+# init token
+pkcs11-tool --module "${P11LIB}" --init-token \
+    --label "${TOKENLABEL}" --so-pin "${PINVALUE}" 2>&1
+# set user pin
+pkcs11-tool --module "${P11LIB}" --so-pin "${PINVALUE}" \
+    --login --login-type so --init-pin --pin "${PINVALUE}" 2>&1
+
+export TOKENCONFIGVARS="export KRYOPTIC_CONF=$TOKDIR/kryoptic.sql"
diff --git a/tests/meson.build b/tests/meson.build
@@ -30,17 +30,13 @@ if nss_softokn.found()
   endif
 endif
 
-test_setup = {
-  'setup_softokn': {'suite': 'softokn', 'exe': find_program('setup-softokn.sh')},
-  'setup_softhsm': {'suite': 'softhsm', 'exe': find_program('setup-softhsm.sh')},
-  'setup_kryoptic': {'suite': 'kryoptic', 'exe': find_program('setup-kryoptic.sh')},
-}
-
-foreach name, targs : test_setup
+setup_script=find_program('setup.sh')
+foreach suite : ['softokn', 'softhsm', 'kryoptic']
   test(
-    name,
-    targs.get('exe'),
-    suite: targs.get('suite'),
+    'setup',
+    setup_script,
+    args: suite,
+    suite: suite,
     env: conf_env,
     is_parallel: false,
   )

diff --git a/tests/openssl.cnf.in b/tests/openssl.cnf.in
@@ -22,13 +22,12 @@ activate = 1
 
 [pkcs11_sect]
 module = @libtoollibs@/pkcs11@SHARED_EXT@
-pkcs11-module-init-args = configDir=@testsblddir@/tmp.softokn/tokens
 pkcs11-module-token-pin = file:@PINFILE@
+##TOKENOPTIONS
 #pkcs11-module-encode-provider-uri-to-pem
 #pkcs11-module-allow-export
 #pkcs11-module-load-behavior
 #pkcs11-module-block-operations
-##QUIRKS
 activate = 1
 
 ####################################################################