From 585e1f4deeaf47cf60cfec27020c9305b07d756f Mon Sep 17 00:00:00 2001 From: pi-314159 <74706004+pi-314159@users.noreply.github.com> Date: Wed, 21 Aug 2024 16:10:16 +0800 Subject: [PATCH 1/7] Drop CircleCI and switch to GitHub Actions --- .circleci/config.yml | 73 ----------------------------------- .github/PULL_REQUEST_TEMPLATE | 8 ++-- .github/workflows/shared.yml | 49 +++++++++++++++++++++++ .github/workflows/static.yml | 49 +++++++++++++++++++++++ README.md | 5 ++- oqs_scripts/try_handshake.py | 6 +-- 6 files changed, 107 insertions(+), 83 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/shared.yml create mode 100644 .github/workflows/static.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index f6900fcf8f..0000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,73 +0,0 @@ -version: 2.1 - -# This is here just to make CircleCI -# happy, but might be useful in the future. -parameters: - run_downstream_tests: - type: boolean - default: false - -# CircleCI doesn't handle large file sets properly for local builds -# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051 -localCheckout: &localCheckout - run: |- - PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd) - mkdir -p ${PROJECT_PATH} - cd /tmp/_circleci_local_build_repo - git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH} - cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH} - -jobs: - ubuntu_build: - description: A template for running BoringSSL tests on x64 Ubuntu Docker VMs - parameters: - LIBOQS_SHARED: - description: "Build liboqs as a shared library." - type: boolean - default: false - BORINGSSL_SHARED: - description: "Build BoringSSL as a shared library." - type: boolean - default: false - docker: - - image: openquantumsafe/ci-ubuntu-latest - auth: - username: $DOCKER_LOGIN - password: $DOCKER_PASSWORD - steps: - - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally - - run: - name: Clone liboqs - command: git clone --branch main --single-branch --depth 1 https://github.com/open-quantum-safe/liboqs.git - - run: - name: Build liboqs - command: mkdir build && cd build && cmake .. -G"Ninja" -DBUILD_SHARED_LIBS=<< parameters.LIBOQS_SHARED >> -DOQS_USE_OPENSSL=OFF -DCMAKE_INSTALL_PREFIX=../../oqs && ninja install - working_directory: liboqs - - run: - name: Configure BoringSSL - command: mkdir build && cd build && cmake -GNinja -DBUILD_SHARED_LIBS=<< parameters.BORINGSSL_SHARED >> -DLIBOQS_SHARED=<< parameters.LIBOQS_SHARED >> .. - - run: - name: Build BoringSSL - # More build processes exhaust memory on CircleCI - command: ninja - working_directory: build - - run: - name: Run BoringSSL tests - command: ninja run_tests - working_directory: build - - run: - name: Check that we have the bssl server and client syntax right - command: python3 oqs_scripts/try_handshake.py - -workflows: - version: 2.1 - build: - jobs: - - ubuntu_build: - name: static_oqs-static_bssl - context: openquantumsafe - - ubuntu_build: - name: shared_oqs-shared_bssl - context: openquantumsafe - LIBOQS_SHARED: true - BORINGSSL_SHARED: true diff --git a/.github/PULL_REQUEST_TEMPLATE b/.github/PULL_REQUEST_TEMPLATE index 6c101eabca..78e95caef4 100644 --- a/.github/PULL_REQUEST_TEMPLATE +++ b/.github/PULL_REQUEST_TEMPLATE @@ -1,7 +1,7 @@ -Please do not send pull requests to the BoringSSL repository. +Thank you for contributing to OQS-BoringSSL! Before submitting your pull request, please ensure the following: -We do, however, take contributions gladly. +1. Your changes include new tests or modifications to existing tests as needed. -See https://boringssl.googlesource.com/boringssl/+/master/CONTRIBUTING.md +2. You have tested the changes in a clean build environment. -Thanks! +3. Your changes do not break the build for projects that depend on OQS-BoringSSL. diff --git a/.github/workflows/shared.yml b/.github/workflows/shared.yml new file mode 100644 index 0000000000..05b9ae706f --- /dev/null +++ b/.github/workflows/shared.yml @@ -0,0 +1,49 @@ +name: OQS-BoringSSL (Shared) + +on: + push: + branches: + - main + paths-ignore: + - '**.md' + - 'oqs_template/**' + pull_request: + paths-ignore: + - '**.md' + - 'oqs_template/**' + schedule: + - cron: '2 7 18,28 * *' + workflow_dispatch: + +jobs: + build-shared: + name: Build Shared + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: 'stable' + - name: Install all dependencies + run: sudo apt update && sudo apt install cmake gcc ninja-build libunwind-dev pkg-config python3 -y + - name: Download and configure liboqs + run: | + git clone --branch main --single-branch --depth 1 https://github.com/open-quantum-safe/liboqs.git + cd liboqs && mkdir build && cd build && cmake -G"Ninja" -DBUILD_SHARED_LIBS=1 -DCMAKE_INSTALL_PREFIX=../../oqs -DOQS_USE_OPENSSL=OFF .. + shell: bash + - name: Build and install liboqs + working-directory: ./liboqs/build + run: ninja && ninja install + shell: bash + - name: Configure OQS-BoringSSL + run: mkdir build && cd build && cmake -GNinja -DBUILD_SHARED_LIBS=1 -DLIBOQS_SHARED=1 .. + shell: bash + - name: Build OQS-BoringSSL + working-directory: ./build + run: ninja + shell: bash + - name: Run tests + working-directory: ./build + run: ninja run_tests && cd .. && python3 oqs_scripts/try_handshake.py + shell: bash diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml new file mode 100644 index 0000000000..8a7a40bd7b --- /dev/null +++ b/.github/workflows/static.yml @@ -0,0 +1,49 @@ +name: OQS-BoringSSL (Static) + +on: + push: + branches: + - main + paths-ignore: + - '**.md' + - 'oqs_template/**' + pull_request: + paths-ignore: + - '**.md' + - 'oqs_template/**' + schedule: + - cron: '2 7 18,28 * *' + workflow_dispatch: + +jobs: + build-static: + name: Build Static + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: 'stable' + - name: Install all dependencies + run: sudo apt update && sudo apt install cmake gcc ninja-build libunwind-dev pkg-config python3 -y + - name: Download and configure liboqs + run: | + git clone --branch main --single-branch --depth 1 https://github.com/open-quantum-safe/liboqs.git + cd liboqs && mkdir build && cd build && cmake -G"Ninja" -DCMAKE_INSTALL_PREFIX=../../oqs -DOQS_USE_OPENSSL=OFF .. + shell: bash + - name: Build and install liboqs + working-directory: ./liboqs/build + run: ninja && ninja install + shell: bash + - name: Configure OQS-BoringSSL + run: mkdir build && cd build && cmake -GNinja .. + shell: bash + - name: Build OQS-BoringSSL + working-directory: ./build + run: ninja + shell: bash + - name: Run tests + working-directory: ./build + run: ninja run_tests && cd .. && python3 oqs_scripts/try_handshake.py + shell: bash diff --git a/README.md b/README.md index dc7aa4182f..d1accd2a4e 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ -[![CircleCI](https://circleci.com/gh/open-quantum-safe/boringssl/tree/master.svg?style=svg)](https://circleci.com/gh/open-quantum-safe/boringssl/tree/master) +![OQS-BoringSSL (Static)](https://github.com/open-quantum-safe/boringssl/actions/workflows/static.yml/badge.svg) +![OQS-BoringSSL (Shared)](https://github.com/open-quantum-safe/boringssl/actions/workflows/shared.yml/badge.svg) OQS-BoringSSL ================================== @@ -112,7 +113,7 @@ We've only tested the fork on the latest Ubuntu LTS and Windows. This fork has l On **Ubuntu**, you need to install the following packages: ``` -sudo apt install cmake gcc ninja-build libunwind-dev pkg-config python3 python3-psutil golang-go +sudo apt install cmake gcc ninja-build libunwind-dev pkg-config python3 golang-go ``` You will also need the latest version of the toolchain for the Go programming language, available [here](https://golang.org/dl/) diff --git a/oqs_scripts/try_handshake.py b/oqs_scripts/try_handshake.py index 097f8d3dcd..dedb1a5812 100644 --- a/oqs_scripts/try_handshake.py +++ b/oqs_scripts/try_handshake.py @@ -3,7 +3,6 @@ # client and server can establish a handshake with the choices. import argparse -import psutil import random import subprocess import time @@ -96,7 +95,7 @@ def try_handshake(bssl): random_sig = random.choice(sigs) server = subprocess.Popen([bssl, 'server', - '-accept', '0', + '-accept', '31416', '-sig-alg', random_sig], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) @@ -104,12 +103,11 @@ def try_handshake(bssl): # The server should (hopefully?) start # in 10 seconds. time.sleep(10) - server_port = psutil.Process(server.pid).connections()[0].laddr.port # Try to connect to it with the client random_kex = random.choice(kexs) client = subprocess.run([bssl, 'client', - '-connect', 'localhost:{}'.format(str(server_port)), + '-connect', 'localhost:31416', '-curves', random_kex], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, From 23caac7de9159d11e2ef076891d52dbe3078a5b4 Mon Sep 17 00:00:00 2001 From: PI <74706004+pi-314159@users.noreply.github.com> Date: Thu, 22 Aug 2024 03:16:30 -0500 Subject: [PATCH 2/7] Update static.yml Signed-off-by: PI <74706004+pi-314159@users.noreply.github.com> --- .github/workflows/static.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 8a7a40bd7b..356eeade15 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -3,7 +3,7 @@ name: OQS-BoringSSL (Static) on: push: branches: - - main + - master paths-ignore: - '**.md' - 'oqs_template/**' From 6582a3abff51a1ff689cb629a6035eaea866dc53 Mon Sep 17 00:00:00 2001 From: PI <74706004+pi-314159@users.noreply.github.com> Date: Thu, 22 Aug 2024 03:16:39 -0500 Subject: [PATCH 3/7] Update shared.yml Signed-off-by: PI <74706004+pi-314159@users.noreply.github.com> --- .github/workflows/shared.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shared.yml b/.github/workflows/shared.yml index 05b9ae706f..79124afa89 100644 --- a/.github/workflows/shared.yml +++ b/.github/workflows/shared.yml @@ -3,7 +3,7 @@ name: OQS-BoringSSL (Shared) on: push: branches: - - main + - master paths-ignore: - '**.md' - 'oqs_template/**' From 76470aa4447adabd660a9b9c683115f7ffdd560c Mon Sep 17 00:00:00 2001 From: PI <74706004+pi-314159@users.noreply.github.com> Date: Thu, 22 Aug 2024 04:10:04 -0500 Subject: [PATCH 4/7] Update README.md Signed-off-by: PI <74706004+pi-314159@users.noreply.github.com> --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d1accd2a4e..3f904711a2 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -![OQS-BoringSSL (Static)](https://github.com/open-quantum-safe/boringssl/actions/workflows/static.yml/badge.svg) -![OQS-BoringSSL (Shared)](https://github.com/open-quantum-safe/boringssl/actions/workflows/shared.yml/badge.svg) +[![OQS-BoringSSL (Static)](https://github.com/open-quantum-safe/boringssl/actions/workflows/static.yml/badge.svg)](https://github.com/open-quantum-safe/boringssl/actions/workflows/static.yml) +[![OQS-BoringSSL (Shared)](https://github.com/open-quantum-safe/boringssl/actions/workflows/shared.yml/badge.svg)](https://github.com/open-quantum-safe/boringssl/actions/workflows/shared.yml) OQS-BoringSSL ================================== From 07234e07c2e622c21d01b4070f53e2031a33785f Mon Sep 17 00:00:00 2001 From: PI <74706004+pi-314159@users.noreply.github.com> Date: Thu, 22 Aug 2024 04:43:20 -0500 Subject: [PATCH 5/7] Update PULL_REQUEST_TEMPLATE Signed-off-by: PI <74706004+pi-314159@users.noreply.github.com> --- .github/PULL_REQUEST_TEMPLATE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE b/.github/PULL_REQUEST_TEMPLATE index 78e95caef4..916655fec5 100644 --- a/.github/PULL_REQUEST_TEMPLATE +++ b/.github/PULL_REQUEST_TEMPLATE @@ -4,4 +4,4 @@ Thank you for contributing to OQS-BoringSSL! Before submitting your pull request 2. You have tested the changes in a clean build environment. -3. Your changes do not break the build for projects that depend on OQS-BoringSSL. +3. Your changes do not break the build for projects (i.e., NGINX-QUIC, cURL-QUIC, and Chromium) that depend on OQS-BoringSSL. From 637cdcd1ee0648f88b15f74e63f24e52cd193a90 Mon Sep 17 00:00:00 2001 From: PI <74706004+pi-314159@users.noreply.github.com> Date: Thu, 22 Aug 2024 04:49:23 -0500 Subject: [PATCH 6/7] Update try_handshake.py Signed-off-by: PI <74706004+pi-314159@users.noreply.github.com> --- oqs_scripts/try_handshake.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oqs_scripts/try_handshake.py b/oqs_scripts/try_handshake.py index dedb1a5812..7916753e04 100644 --- a/oqs_scripts/try_handshake.py +++ b/oqs_scripts/try_handshake.py @@ -95,7 +95,7 @@ def try_handshake(bssl): random_sig = random.choice(sigs) server = subprocess.Popen([bssl, 'server', - '-accept', '31416', + '-accept', '26150', '-sig-alg', random_sig], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) @@ -107,7 +107,7 @@ def try_handshake(bssl): # Try to connect to it with the client random_kex = random.choice(kexs) client = subprocess.run([bssl, 'client', - '-connect', 'localhost:31416', + '-connect', 'localhost:26150', '-curves', random_kex], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, From 7476079697e3ca6b5bfee92f406d030c6f39acfa Mon Sep 17 00:00:00 2001 From: PI <74706004+pi-314159@users.noreply.github.com> Date: Thu, 22 Aug 2024 05:12:12 -0500 Subject: [PATCH 7/7] Update and rename PULL_REQUEST_TEMPLATE to PULL_REQUEST_TEMPLATE.md Signed-off-by: PI <74706004+pi-314159@users.noreply.github.com> --- .github/PULL_REQUEST_TEMPLATE | 7 ------- .github/PULL_REQUEST_TEMPLATE.md | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 .github/PULL_REQUEST_TEMPLATE create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE b/.github/PULL_REQUEST_TEMPLATE deleted file mode 100644 index 916655fec5..0000000000 --- a/.github/PULL_REQUEST_TEMPLATE +++ /dev/null @@ -1,7 +0,0 @@ -Thank you for contributing to OQS-BoringSSL! Before submitting your pull request, please ensure the following: - -1. Your changes include new tests or modifications to existing tests as needed. - -2. You have tested the changes in a clean build environment. - -3. Your changes do not break the build for projects (i.e., NGINX-QUIC, cURL-QUIC, and Chromium) that depend on OQS-BoringSSL. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000000..5573c22d17 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,7 @@ +Thank you for contributing to OQS-BoringSSL! Before submitting your pull request, please ensure the following: + +1. Your changes include new tests or modifications to existing tests as needed. + +2. You have tested the changes in a clean build environment. + +3. Your changes do not break the build for projects (i.e., [NGINX-QUIC](https://github.com/open-quantum-safe/oqs-demos/blob/main/nginx/Dockerfile-QUIC), [cURL-QUIC](https://github.com/open-quantum-safe/oqs-demos/blob/main/curl/Dockerfile-QUIC), and [Chromium](https://github.com/open-quantum-safe/oqs-demos/tree/main/chromium)) that depend on OQS-BoringSSL.