add ecdh_curve example configuration #7435
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI RPM | |
| on: | |
| push: | |
| branches-ignore: | |
| - coverity_scan | |
| pull_request: | |
| env: | |
| CC: gcc | |
| jobs: | |
| rpm-build: | |
| strategy: | |
| matrix: | |
| env: | |
| - { NAME: "centos-7", OS: "centos:7" } | |
| - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8" } | |
| - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9" } | |
| fail-fast: false | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ${{ matrix.env.OS }} | |
| env: | |
| HOSTAPD_BUILD_DIR: /tmp/eapol_test.ci | |
| HOSTAPD_GIT_TAG: hostapd_2_8 | |
| name: "RPM build" | |
| steps: | |
| # Required so that the checkout action uses git protocol rather than the GitHub REST API. | |
| # make rpm requires the FR directory to be a git repository. | |
| - name: Install recent git for CentOS 7 | |
| if: ${{ matrix.env.NAME == 'centos-7' }} | |
| run: | | |
| yum install -y https://packages.endpointdev.com/rhel/7/os/x86_64/git-core-2.30.1-1.ep7.x86_64.rpm | |
| - name: Install distro git for Rocky. | |
| if: ${{ startsWith(matrix.env.NAME, 'rocky-') }} | |
| run: | | |
| yum install -y git-core | |
| - uses: actions/checkout@v3 | |
| with: | |
| path: freeradius | |
| - name: Prepare filesystem | |
| run: | | |
| pwd | |
| ls -la | |
| mkdir rpms | |
| ls -la | |
| - name: LTB repo for CentOS and Rocky Linux 8 | |
| if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }} | |
| run: | | |
| echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo | |
| echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo | |
| echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo | |
| echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo | |
| echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo | |
| echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo | |
| rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project | |
| - name: Enable EPEL for CentOS and Rocky Linux | |
| if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} | |
| run: | | |
| yum install -y epel-release | |
| - name: Enable PowerTools on Rocky 8. | |
| if: ${{ matrix.env.NAME == 'rocky-8' }} | |
| run: | | |
| yum install -y yum-utils | |
| yum config-manager --enable PowerTools || : | |
| yum config-manager --enable powertools || : | |
| - name: Enable Code Ready Builer on Rocky 9. | |
| if: ${{ matrix.env.NAME == 'rocky-9' }} | |
| run: | | |
| yum install -y yum-utils | |
| yum config-manager --enable crb | |
| - name: Install common tools | |
| run: | | |
| yum install -y \ | |
| bzip2 \ | |
| gcc \ | |
| make \ | |
| perl \ | |
| rpm-build \ | |
| yum-utils | |
| # | |
| # We just patch the SPEC file for Fedora since we want to use the standard | |
| # make rpm target which wants to build with LDAP. | |
| # | |
| - name: Disable rlm_ldap on Fedora (no LTB packages) | |
| if: ${{ startsWith(matrix.env.NAME, 'fedora-') }} | |
| run: | | |
| sed -ie 's/%bcond_without ldap/%global _without_ldap: 1/' freeradius/redhat/freeradius.spec | |
| - name: Install build dependencies | |
| run: | | |
| yum-builddep -y freeradius/redhat/freeradius.spec | |
| # | |
| # It has been observed that sometimes not all the dependencies are | |
| # installed on the first go. Give it a second chance. | |
| # | |
| - name: Second run of install build dependencies | |
| run: | | |
| yum-builddep -y redhat/freeradius.spec | |
| working-directory: freeradius | |
| - name: Show versions | |
| run: | | |
| $CC --version | |
| make --version | |
| krb5-config --all || : | |
| openssl version | |
| # For pkill and ps | |
| - name: Enable procps-ng on Rocky | |
| if: ${{ startsWith(matrix.env.NAME, 'rocky-') }} | |
| run: | | |
| yum install -y procps-ng | |
| - name: Build RPMs | |
| run: | | |
| [ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : | |
| ./configure | |
| make rpm | |
| working-directory: freeradius | |
| - name: Collect RPMs | |
| run: | | |
| mv freeradius/rpmbuild/RPMS/x86_64/*.rpm rpms/ | |
| - name: Restore eapol_test build directory from cache | |
| uses: actions/cache@v3 | |
| id: hostapd-cache | |
| with: | |
| path: ${{ env.HOSTAPD_BUILD_DIR }} | |
| key: hostapd-${{ matrix.env.NAME }}-${{ env.HOSTAPD_GIT_TAG }}-v1 | |
| - name: Build eapol_test | |
| run: | | |
| yum install -y libnl3-devel which | |
| [ -r /opt/rh/devtoolset-8/enable ] && source /opt/rh/devtoolset-8/enable || : | |
| scripts/ci/eapol_test-build.sh | |
| mv scripts/ci/eapol_test/eapol_test ../rpms/ | |
| working-directory: freeradius | |
| - name: Store RPMs | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: rpms-${{ matrix.env.NAME }} | |
| path: rpms | |
| # | |
| # If the CI has failed and the branch is ci-debug then start a tmate | |
| # session. SSH rendezvous point is emited continuously in the job output. | |
| # | |
| - name: "Debug: Package dependancies for tmate" | |
| run: | | |
| yum install -y xz | |
| ln -s /bin/true /bin/apt-get | |
| if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
| - name: "Debug: Start tmate" | |
| uses: mxschmitt/action-tmate@v3 | |
| with: | |
| limit-access-to-actor: true | |
| sudo: false | |
| if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
| rpm-test: | |
| needs: | |
| - rpm-build | |
| strategy: | |
| matrix: | |
| env: | |
| - { NAME: "centos-7", OS: "centos:7" } | |
| - { NAME: "rocky-8", OS: "rockylinux/rockylinux:8" } | |
| - { NAME: "rocky-9", OS: "rockylinux/rockylinux:9" } | |
| fail-fast: false | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ${{ matrix.env.OS }} | |
| name: "RPM install test" | |
| steps: | |
| - name: LTB repo for CentOS and Rocky 8 | |
| if: ${{ startsWith(matrix.env.NAME, 'centos-') || matrix.env.NAME == 'rocky-8' }} | |
| run: | | |
| echo '[ltb-project]' > /etc/yum.repos.d/ltb-project.repo | |
| echo 'name=LTB project packages' >> /etc/yum.repos.d/ltb-project.repo | |
| echo 'baseurl=https://ltb-project.org/rpm/$releasever/$basearch' >> /etc/yum.repos.d/ltb-project.repo | |
| echo 'enabled=1' >> /etc/yum.repos.d/ltb-project.repo | |
| echo 'gpgcheck=1' >> /etc/yum.repos.d/ltb-project.repo | |
| echo 'gpgkey=https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project' >> /etc/yum.repos.d/ltb-project.repo | |
| rpm --import https://www.ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project | |
| - name: Enable EPEL for CentOS and Rocky Linux | |
| if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} | |
| run: | | |
| yum install -y epel-release | |
| - name: Enable PowerTools on Rocky 8 | |
| if: ${{ matrix.env.NAME == 'rocky-8' }} | |
| run: | | |
| yum install -y yum-utils | |
| yum config-manager --enable PowerTools || : | |
| yum config-manager --enable powertools || : | |
| - name: Enable Code Ready Builer on Rocky 9. | |
| if: ${{ matrix.env.NAME == 'rocky-9' }} | |
| run: | | |
| yum install -y yum-utils | |
| yum config-manager --enable crb | |
| # For pkill | |
| - name: Enable procps-ng on Centos and Rocky | |
| if: ${{ startsWith(matrix.env.NAME, 'centos-') || startsWith(matrix.env.NAME, 'rocky-') }} | |
| run: | | |
| yum install -y procps-ng | |
| - name: Load RPMs | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: rpms-${{ matrix.env.NAME }} | |
| - name: Install RPMs | |
| run: | | |
| yum install -y *.rpm | |
| - name: Ensure certificates are created | |
| if: ${{ matrix.env.NAME == 'centos-7' }} | |
| run: | | |
| if [ ! -e /etc/raddb/certs/server.pem ]; then | |
| /sbin/runuser -g radiusd -c 'umask 007; /etc/raddb/certs/bootstrap' | |
| fi | |
| - name: Config check | |
| run: | | |
| radiusd -XxC | |
| # | |
| # We now perform some post-install tests that depend on the availability | |
| # of the source tree | |
| # | |
| - name: Install pre-built eapol_test | |
| run: | | |
| yum install -y libnl3 make gdb which | |
| mv eapol_test /usr/local/bin | |
| chmod +x /usr/local/bin/eapol_test | |
| - uses: actions/checkout@v3 | |
| with: | |
| path: freeradius | |
| - name: Run the post-install test target | |
| run: | | |
| echo "top_builddir := $(pwd)" > Make.inc | |
| make -C src/tests/ OPENSSL_LIBS=1 EAPOL_TEST_BIN="$(which eapol_test)" $(pwd)/build/tests/eapol_test/eapol_test.mk | |
| make -f scripts/ci/package-test.mk package-test | |
| working-directory: freeradius | |
| - name: Upload radius logs on failure | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: radius-logs-${{ matrix.env.NAME }}.tgz | |
| path: | | |
| /var/log/radius | |
| freeradius/build/tests/eapol_test | |
| # | |
| # See above comments for tmate | |
| # | |
| - name: "Debug: Package dependancies for tmate" | |
| run: | | |
| yum install -y xz | |
| ln -s /bin/true /bin/apt-get | |
| if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |
| - name: "Debug: Start tmate" | |
| uses: mxschmitt/action-tmate@v3 | |
| with: | |
| limit-access-to-actor: true | |
| sudo: false | |
| if: ${{ github.ref == 'refs/heads/ci-debug' && failure() }} | |