fix: Increase received signature scheme limit #6301
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Rust Bindings | |
on: | |
pull_request: | |
branches: [main] | |
merge_group: | |
types: [checks_requested] | |
branches: [main] | |
env: | |
# Pin the nightly toolchain to prevent breakage. | |
# This should be occasionally updated. | |
RUST_NIGHTLY_TOOLCHAIN: nightly-2024-01-01 | |
ROOT_PATH: bindings/rust | |
EXAMPLE_WORKSPACE: bindings/rust-examples | |
jobs: | |
generate: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macOS-latest] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable | |
rustup override set stable | |
# https://github.com/aws/aws-lc-rs/blob/main/aws-lc-fips-sys/README.md#build-prerequisites | |
# go required to build aws-lc-rs in FIPS mode | |
- name: Install go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.18' | |
- uses: camshaft/rust-cache@v1 | |
- name: Generate | |
run: ${{env.ROOT_PATH}}/generate.sh | |
- name: Tests | |
working-directory: ${{env.ROOT_PATH}} | |
run: cargo test --all-features | |
# Ensure that all tests pass with the default feature set | |
- name: Default Tests | |
working-directory: ${{env.ROOT_PATH}} | |
run: cargo test | |
- name: Test external build | |
# if this test is failing, make sure that api headers are appropriately | |
# included. For a symbol to be visible in a shared lib, the | |
# __attribute__((visibility("default"))) label must be on a declaration | |
# in the same unit of compilation as the definition. Generally this just | |
# means that if the linker can't resolve foo_method in tls/foo.c, you | |
# forgot to include api/unstable/foo.h in tls/foo.c | |
if: ${{ matrix.os == 'ubuntu-latest' }} | |
run: | | |
cmake . -Bbuild -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=off | |
cmake --build build -- -j $(nproc) | |
export S2N_TLS_LIB_DIR=`pwd`/build/lib | |
export S2N_TLS_INCLUDE_DIR=`pwd`/api | |
export LD_LIBRARY_PATH=$S2N_TLS_LIB_DIR:$LD_LIBRARY_PATH | |
cd ${{env.ROOT_PATH}} | |
./generate.sh | |
ldd target/debug/integration | grep libs2n.so | |
# our benchmark testing includes interop tests between s2n-tls, rustls, and | |
# openssl | |
harness-interop-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable | |
rustup override set stable | |
- name: generate bindings | |
run: ${{env.ROOT_PATH}}/generate.sh --skip-tests | |
- name: bench tests | |
working-directory: ${{env.ROOT_PATH}}/bench | |
run: cargo test | |
s2n-tls-binding-examples: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable | |
rustup override set stable | |
- name: generate bindings | |
run: ${{env.ROOT_PATH}}/generate.sh --skip-tests | |
- name: build examples | |
working-directory: ${{env.EXAMPLE_WORKSPACE}} | |
run: cargo build | |
generate-openssl-102: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
- name: Cache OpenSSL 1.0.2 | |
id: cache-openssl | |
uses: actions/cache@v3 | |
with: | |
path: ~/openssl-102/install | |
key: ${{ runner.os }}-openssl-102 | |
- if: ${{ steps.cache-openssl.outputs.cache-hit != 'true' }} | |
name: Install OpenSSL 1.0.2 | |
run: | | |
mkdir ~/openssl-102 | |
pushd ~/openssl-102 | |
mkdir install | |
install_dir="$(pwd)"/install | |
wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz | |
tar -xzvf openssl-1.0.2u.tar.gz | |
pushd openssl-1.0.2u | |
./config --prefix="${install_dir}" --openssldir="${install_dir}"/openssl | |
make | |
make install | |
popd | |
popd | |
- name: Generate | |
run: OPENSSL_DIR=~/openssl-102/install ${{env.ROOT_PATH}}/generate.sh | |
- name: Tests | |
working-directory: ${{env.ROOT_PATH}} | |
run: cargo test --all-features | |
fips: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Install Rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable | |
rustup override set stable | |
# https://github.com/aws/aws-lc-rs/blob/main/aws-lc-fips-sys/README.md#build-prerequisites | |
# go required to build aws-lc-rs in FIPS mode | |
- name: Install go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.18' | |
- uses: camshaft/rust-cache@v1 | |
- name: Generate | |
run: ./${{env.ROOT_PATH}}/generate.sh | |
- name: Test fips | |
working-directory: ${{env.ROOT_PATH}} | |
run: | | |
cargo test --features fips | |
rustfmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Install Rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal --component rustfmt | |
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- uses: camshaft/rust-cache@v1 | |
# We don't need to format the generated files, | |
# but if they don't exist other code breaks. | |
- name: Generate | |
run: ./${{env.ROOT_PATH}}/generate.sh --skip-tests | |
- name: Run cargo fmt | |
run: | | |
cargo fmt --manifest-path ${{env.ROOT_PATH}}/Cargo.toml --all -- --check | |
clippy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Install Rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal --component clippy | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
# Enforce that clippy's msrv matches rust-toolchain | |
- name: Check MSRV | |
run: grep $(cat ${{env.ROOT_PATH}}/rust-toolchain) ${{env.ROOT_PATH}}/.clippy.toml | |
# We don't need to format the generated files, | |
# but if they don't exist other code breaks. | |
- name: Generate | |
run: ${{env.ROOT_PATH}}/generate.sh | |
# TODO translate json reports to in-action warnings | |
- name: Run cargo clippy | |
run: | | |
cargo clippy --manifest-path ${{env.ROOT_PATH}}/Cargo.toml --all-targets -- -D warnings | |
msrv: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
# Enforce crate msrv matches rust-toolchain | |
- name: Check MSRV of s2n-tls | |
run: grep "rust-version = \"$(cat ${{env.ROOT_PATH}}/rust-toolchain)\"" ${{env.ROOT_PATH}}/s2n-tls/Cargo.toml | |
- name: Check MSRV of s2n-tls-sys | |
run: grep "rust-version = \"$(cat ${{env.ROOT_PATH}}/rust-toolchain)\"" ${{env.ROOT_PATH}}/s2n-tls-sys/templates/Cargo.template | |
- name: Check MSRV of s2n-tokio | |
run: grep "rust-version = \"$(cat ${{env.ROOT_PATH}}/rust-toolchain)\"" ${{env.ROOT_PATH}}/s2n-tls-tokio/Cargo.toml | |