SCP11: Remove dependency on OpenSSL during the SCP11b handshake #986
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: MacOS Build | |
# This workflow is triggered on pushes to the repository. | |
on: [push] | |
jobs: | |
job1: | |
name: MacOS | |
runs-on: macos-latest | |
steps: | |
# This action checks-out the repository under $GITHUB_WORKSPACE, so the workflow can access it. | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: Install prerequisites | |
run: | | |
set -x | |
brew update | |
brew install check gengetopt help2man opensc zlib | |
brew reinstall openssl@3 | |
- name: Build and install | |
run: | | |
set -x | |
mkdir build | |
cd build | |
cmake .. -DVERBOSE_CMAKE=ON -DOPENSSL_PKG_PATH=/usr/local/opt/[email protected]/lib/pkgconfig | |
make | |
make test | |
otool -L tool/yubico-piv-tool | grep libcrypto | |
otool -L lib/libykpiv.dylib | grep libcrypto | |
otool -L ykcs11/libykcs11.dylib | grep libcrypto | |
sudo make install | |
yubico-piv-tool --help | grep "Usage: yubico-piv-tool" | |
objdump --syms /usr/local/lib/libykcs11.dylib | grep C_Sign | |
pkcs11-tool --module /usr/local/lib/libykcs11.dylib --show-info | grep Yubico | |
- name: Build using OpenSSL static link | |
run: | | |
set -x | |
export PKG_CONFIG_PATH=/usr/local/opt/[email protected]/lib/pkgconfig:PKG_CONFIG_PATH | |
rm -rf build; mkdir build; cd build | |
cmake .. -DVERBOSE_CMAKE=ON -DOPENSSL_STATIC_LINK=ON -DBACKEND=macscard | |
make | |
make test | |
otool -L tool/yubico-piv-tool | grep libcrypto | wc -l | grep 0 | |
otool -L lib/libykpiv.dylib | grep libcrypto | wc -l | grep 0 | |
otool -L ykcs11/libykcs11.dylib | grep libcrypto | wc -l | grep 0 | |
sudo make install | |
yubico-piv-tool --help | grep "Usage: yubico-piv-tool" | |
pkcs11-tool --module /usr/local/lib/libykcs11.dylib --show-info | grep Yubico | |
- name: Build with YKCS11_DBG is set | |
run: | | |
set -x | |
export PKG_CONFIG_PATH=/usr/local/opt/[email protected]/lib/pkgconfig:PKG_CONFIG_PATH | |
rm -rf build; mkdir build; cd build | |
cmake .. -DVERBOSE_CMAKE=ON -DYKCS11_DBG=3 | |
make | |
make test | |
otool -L ykcs11/libykcs11.dylib | grep libcrypto | |
pkcs11-tool --module ykcs11/libykcs11.dylib --show-info | grep Yubico | |
- name: Build only library (no CLI and no ykcs11) | |
run: | | |
set -x | |
export PKG_CONFIG_PATH=/usr/local/opt/[email protected]/lib/pkgconfig:PKG_CONFIG_PATH | |
rm -rf build; mkdir build; cd build | |
cmake .. -DVERBOSE_CMAKE=ON -DBUILD_ONLY_LIB=ON | |
make | |
make test | |
- name: Build only dynamic libaries | |
run: | | |
set -x | |
export PKG_CONFIG_PATH=/usr/local/opt/[email protected]/lib/pkgconfig:PKG_CONFIG_PATH | |
rm -rf build; mkdir build; cd build | |
cmake .. -DVERBOSE_CMAKE=ON -DBUILD_STATIC_LIB=OFF | |
make | |
make test |