diff --git a/.github/workflows/release_linux.yml b/.github/workflows/release_linux.yml index 514c509..5d69f69 100644 --- a/.github/workflows/release_linux.yml +++ b/.github/workflows/release_linux.yml @@ -4,134 +4,234 @@ on: [push] jobs: - Ubuntu1804-Build: - name: Ubuntu1804 - runs-on: ubuntu-18.04 - env: - YUBIHSMSDK_VERSION: 2021-08 + debian_based: + strategy: + fail-fast: false + matrix: + environment: [ + "ubuntu:24.04", + "ubuntu:22.04", + "ubuntu:20.04", + "debian:12", + "debian:11", + ] + libyubihsm_tag : [ "2.5.0" ] + + name: build on ${{ matrix.environment }} + runs-on: ubuntu-latest + container: ${{ matrix.environment }} steps: - - name: Checkout repository - uses: actions/checkout@v2 - # download yubihsm-sdk installer from dev.y.c and install it - - name: install yubihsm-shell + - name: clone the Yubico/yubihsm-setup repository + uses: actions/checkout@v3 + with: + path: yubihsm-setup + + - name: extract platform name + env: + DOCKER_IMAGE: ${{ matrix.environment }} + run: | + # Remove everything from DOCKER_IMAGE that is not a letter or a number + PLATFORM=$(echo -n "$DOCKER_IMAGE" | sed -E 's/[^a-zA-Z0-9]//g') + echo "PLATFORM=$PLATFORM" >> $GITHUB_ENV + + - name: install dependencies + env: + CC: ${{ matrix.cc }} + DEBIAN_FRONTEND: noninteractive run: | - set -e -o pipefail set -x + export DEBIAN_FRONTEND=noninteractive + + apt-get update && apt-get dist-upgrade -y + apt-get install -y build-essential \ + chrpath \ + cmake \ + pkg-config \ + gengetopt \ + help2man \ + libedit-dev \ + libcurl4-openssl-dev \ + liblzma-dev \ + libssl-dev \ + libseccomp-dev \ + libusb-1.0.0-dev \ + dh-exec \ + git-buildpackage \ + curl \ + libpcsclite-dev \ + file \ + curl \ + jq + + curl -o rustup.sh https://sh.rustup.rs + bash ./rustup.sh -y + export PATH=$PATH:$HOME/.cargo/bin + cargo install cargo-deb + + - name: install libyubihsm + working-directory: yubihsm-setup + env: + LIBYUBIHSM_TAG: ${{ matrix.libyubihsm_tag }} + PLATFORM: ${{ env.PLATFORM }} + run: | + set -x + + echo "platform = $PLATFORM" + cd .. - curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-ubuntu1804-amd64.tar.gz |\ - tar -xzvf - - cd yubihsm2-sdk - sudo dpkg -i ./libyubihsm*_amd64.deb + + #git clone --branch $LIBYUBIHSM_TAG https://github.com/Yubico/yubihsm-shell.git + git clone https://github.com/Yubico/yubihsm-shell.git + cd yubihsm-shell + + if [ "$PLATFORM" = "ubuntu2404" ]; then + # ubuntu 24.04 comes with _FORTIFY_SOURCE already set + sed -i 's/add_definitions (-D_FORTIFY_SOURCE=2)/add_definitions (-D_FORTIFY_SOURCE=3)/' cmake/SecurityFlags.cmake + fi + + if [ "$PLATFORM" = "debian11" ]; then + dpkg-buildpackage -b --no-sign + else + dpkg-buildpackage + fi + dpkg -i ../libyubihsm*_amd64.deb - name: clone yubihsmrs + working-directory: yubihsm-setup run: | - set -e -o pipefail set -x - cd .. git clone https://github.com/Yubico/yubihsmrs.git - - name: Build yubihsm-setup + - name: Build binary + working-directory: yubihsm-setup + env: + PLATFORM: ${{ env.PLATFORM }} run: | - set -e -o pipefail set -x - mkdir -p artifact/yubihsm-setup - - cd .. - export PATH=$PATH:~/.cargo/bin - if [[ ! -x $(command -v rustc) ]]; then - curl -o rustup.sh https://sh.rustup.rs - bash ./rustup.sh -y - fi - cargo install cargo-deb + OUTPUT=$GITHUB_WORKSPACE/$PLATFORM/yubihsm-setup + mkdir -p $OUTPUT - cd yubihsm-setup - YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) cargo build --release + export PATH=$PATH:$HOME/.cargo/bin + + #YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) cargo build --release + YUBIHSM_LIB_DIR=/usr/lib/x86_64-linux-gnu cargo build --release strip --strip-all target/release/yubihsm-setup cargo deb --no-build - cp target/debian/*.deb artifact/yubihsm-setup/ + cp target/debian/*.deb $OUTPUT/ ./target/release/yubihsm-setup --version ./target/release/yubihsm-setup --help - LICENSE_DIR="artifact/yubihsm-setup/share/yubihsm-setup" - mkdir -p $LICENSE_DIR - cp -r resources/release/licenses $LICENSE_DIR/ - for lf in $LICENSE_DIR/licenses/*; do + LICESE_DIR="$OUTPUT/share/yubihsm-setup" + mkdir -p $LICESE_DIR + cp -r $GITHUB_WORKSPACE/yubihsm-setup/resources/release/licenses $LICESE_DIR/ + for lf in $LICESE_DIR/licenses/*; do chmod 644 $lf done - - name: Upload artifact - uses: actions/upload-artifact@v1 - with: - name: yubihsm-setup-ubuntu1804-amd64 - path: artifact + cd $OUTPUT + rm -f yubihsm-setup-$PLATFORM-amd64.tar.gz + tar -C .. -zcvf ../yubihsm-setup-$PLATFORM-amd64.tar.gz yubihsm-setup + rm -f *.deb + rm -rf licenses + rm -rf ../yubihsm-setup + - Ubuntu2004-Build: - name: Ubuntu2004 - runs-on: ubuntu-20.04 - env: - YUBIHSMSDK_VERSION: 2021-08 + - name: upload artifacts + uses: actions/upload-artifact@v3 + with: + name: "yubihsm-setup-${{ env.PLATFORM }}-amd64" + path: ${{ env.PLATFORM }} + + redhat_based: + strategy: + fail-fast: false + matrix: + environment: [ + "fedora:39", + "fedora:40", + ] + + name: build on ${{ matrix.environment }} + runs-on: ubuntu-latest + container: ${{ matrix.environment }} steps: - - name: Checkout repository - uses: actions/checkout@v2 - # download yubihsm-sdk installer from dev.y.c and install it - - name: install yubihsm-shell - run: | - set -e -o pipefail - set -x + - name: clone the Yubico/yubihsm-setup repository + uses: actions/checkout@v3 + with: + path: yubihsm-setup - cd .. - curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-ubuntu2004-amd64.tar.gz |\ - tar -xzvf - - cd yubihsm2-sdk - sudo dpkg -i ./libyubihsm*_amd64.deb + - name: extract platform name + env: + DOCKER_IMAGE: ${{ matrix.environment }} + run: | + # Remove everything from DOCKER_IMAGE that is not a letter or a number + PLATFORM=$(echo -n "$DOCKER_IMAGE" | sed -E 's/[^a-zA-Z0-9]//g') + echo "PLATFORM=$PLATFORM" >> $GITHUB_ENV - - name: clone yubihsmrs + - name: install dependencies + env: + PLATFORM: ${{ env.PLATFORM }} run: | - set -e -o pipefail - set -x + dnf -y update + dnf -y install binutils \ + gcc \ + gcc-c++ \ + git \ + chrpath \ + cmake \ + openssl-devel \ + libedit-devel \ + libcurl-devel \ + rpmdevtools \ + pcsc-lite-devel \ + libusb1-devel \ + + curl -o rustup.sh https://sh.rustup.rs + bash ./rustup.sh -y - cd .. - git clone https://github.com/Yubico/yubihsmrs.git + - name: install libyubihsm + run: | + git clone https://github.com/Yubico/yubihsm-shell.git + cd yubihsm-shell + mkdir build + cd build + cmake .. -DBUILD_ONLY_LIB=ON + make - - name: Build yubihsm-setup + - name: clone yubihsmrs run: | - set -e -o pipefail - set -x - mkdir -p artifact/yubihsm-setup + git clone https://github.com/Yubico/yubihsmrs.git - cd .. + - name: build release binary + working-directory: yubihsm-setup + env: + PLATFORM: ${{ env.PLATFORM }} + run: | + export PATH=$PATH:~/.cargo/bin if [[ ! -x $(command -v rustc) ]]; then curl -o rustup.sh https://sh.rustup.rs bash ./rustup.sh -y fi - cargo install cargo-deb - - cd yubihsm-setup - YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) cargo build --release - strip --strip-all target/release/yubihsm-setup - cargo deb --no-build - cp target/debian/*.deb artifact/yubihsm-setup/ - - ./target/release/yubihsm-setup --version - ./target/release/yubihsm-setup --help - LICENSE_DIR="artifact/yubihsm-setup/share/yubihsm-setup" - mkdir -p $LICENSE_DIR - cp -r resources/release/licenses $LICENSE_DIR/ - for lf in $LICENSE_DIR/licenses/*; do - chmod 644 $lf - done - - - name: Upload artifact - uses: actions/upload-artifact@v1 + OUTPUT=$GITHUB_WORKSPACE/$PLATFORM/yubihsm-setup + mkdir -p $OUTPUT + + cargo install cargo-rpm + cargo rpm init + YUBIHSM_LIB_DIR=$GITHUB_WORKSPACE/yubihsm-shell/build/lib cargo build --release + YUBIHSM_LIB_DIR=$GITHUB_WORKSPACE/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo rpm build + cp target/release/rpmbuild/RPMS/x86_64/*.rpm $OUTPUT/ + + - name: upload artifacts + uses: actions/upload-artifact@v3 with: - name: yubihsm-setup-ubuntu2004-amd64 - path: artifact \ No newline at end of file + name: "yubihsm-setup-${{ env.PLATFORM }}-amd64" + path: ${{ env.PLATFORM }} diff --git a/.github/workflows/release_macos.yml b/.github/workflows/release_macos.yml index 2f711a4..cb56729 100644 --- a/.github/workflows/release_macos.yml +++ b/.github/workflows/release_macos.yml @@ -5,29 +5,45 @@ on: [push] jobs: MacOS-Build: - runs-on: macos-10.15 + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - os: macos-latest + arch: amd + - os: macos-latest-xlarge + arch: arm env: + VERSION: 2.6.0 + SO_VERSION: 2 YUBIHSMSDK_VERSION: 2021-08 steps: - - name: Checkout repository - uses: actions/checkout@v2 + - name: Checkout the Yubico/yubihsm-setup repository + uses: actions/checkout@v3 - # download yubihsm-sdk installer from dev.y.c and install it - - name: install yubihsm-shell + - name: Install dependecies run: | set -e -o pipefail set -x + brew update + brew install cmake pkg-config gengetopt help2man libusb + brew reinstall openssl@3 + + - name: install libyubihsm + run: | cd .. - curl -L --max-redirs 2 -o yubihsm-sdk-installer.pkg https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-darwin-amd64.pkg - sudo installer -verbose -store -pkg yubihsm-sdk-installer.pkg -target / + git clone https://github.com/Yubico/yubihsm-shell.git + cd yubihsm-shell + mkdir build + cd build + cmake .. -DBUILD_ONLY_LIB=ON + make - name: clone yubihsmrs run: | - set -e -o pipefail - set -x - cd .. git clone https://github.com/Yubico/yubihsmrs.git @@ -35,28 +51,20 @@ jobs: run: | set -e -o pipefail set -x - mkdir artifact - - cd .. - brew install libusb + mkdir $GITHUB_WORKSPACE/artifact + export PATH=$PATH:~/.cargo/bin if [[ ! -x $(command -v rustc) ]]; then curl -o rustup.sh https://sh.rustup.rs bash ./rustup.sh -y fi - cd yubihsm-setup - RUSTFLAGS="-C link-args=-Wl,-rpath,\$ORIGIN/../lib" YUBIHSM_LIB_DIR=/usr/local/lib cargo build --release + RUSTFLAGS="-C link-args=-Wl,-rpath,\$ORIGIN/../lib" YUBIHSM_LIB_DIR=$GITHUB_WORKSPACE/../yubihsm-shell/build/lib cargo build --release strip -u -r target/release/yubihsm-setup - install target/release/yubihsm-setup artifact - - otool -L target/release/yubihsm-setup - - ./target/release/yubihsm-setup --version - ./target/release/yubihsm-setup --help + install target/release/yubihsm-setup ../artifact - name: Upload artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: - name: yubihsm-setup + name: yubihsm-setup-darwin-${{ matrix.arch }}64 path: artifact \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index 52394f9..1fd1883 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,15 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aho-corasick" +version = "0.6.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81ce3d38065e618af2d7b77e10c5ad9a069859b4be3c2250f674af3840d9c8a5" +dependencies = [ + "memchr", +] + [[package]] name = "aho-corasick" version = "0.7.18" @@ -79,6 +88,12 @@ dependencies = [ "unicode-width", ] +[[package]] +name = "heck" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" + [[package]] name = "hermit-abi" version = "0.1.19" @@ -137,12 +152,30 @@ version = "0.3.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" +[[package]] +name = "proc-macro2" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +dependencies = [ + "unicode-ident", +] + [[package]] name = "quick-error" version = "1.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" +[[package]] +name = "quote" +version = "1.0.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +dependencies = [ + "proc-macro2", +] + [[package]] name = "rand" version = "0.3.23" @@ -190,15 +223,37 @@ dependencies = [ "rand_core 0.3.1", ] +[[package]] +name = "regex" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9329abc99e39129fcceabd24cf5d85b4671ef7c29c50e972bc5afe32438ec384" +dependencies = [ + "aho-corasick 0.6.10", + "memchr", + "regex-syntax 0.5.6", + "thread_local", + "utf8-ranges", +] + [[package]] name = "regex" version = "1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d83f127d94bdbcda4c8cc2e50f6f84f4b611f69c902699ca385a39c3a75f9ff1" dependencies = [ - "aho-corasick", + "aho-corasick 0.7.18", "memchr", - "regex-syntax", + "regex-syntax 0.6.26", +] + +[[package]] +name = "regex-syntax" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d707a4fa2637f2dca2ef9fd02225ec7661fe01a53623c1e6515b6916511f7a7" +dependencies = [ + "ucd-util", ] [[package]] @@ -213,6 +268,12 @@ version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda" +[[package]] +name = "rustversion" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" + [[package]] name = "rusty_secrets" version = "0.0.2" @@ -233,12 +294,73 @@ dependencies = [ "quick-error", ] +[[package]] +name = "serde" +version = "1.0.190" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91d3c334ca1ee894a2c6f6ad698fe8c435b76d504b13d436f0685d648d6d96f7" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.190" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67c5609f394e5c2bd7fc51efda478004ea80ef42fee983d5c67a65e34f32c0e3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.38", +] + [[package]] name = "strsim" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" +[[package]] +name = "strum" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "063e6045c0e62079840579a7e47a355ae92f60eb74daaf156fb1e84ba164e63f" + +[[package]] +name = "strum_macros" +version = "0.24.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e385be0d24f186b4ce2f9982191e7101bb737312ad61c1f2f984f34bcf85d59" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "rustversion", + "syn 1.0.109", +] + +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn" +version = "2.0.38" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + [[package]] name = "textwrap" version = "0.11.0" @@ -248,12 +370,39 @@ dependencies = [ "unicode-width", ] +[[package]] +name = "thread_local" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6b53e329000edc2b34dbe8545fd20e55a333362d0a321909685a19bd28c3f1b" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "ucd-util" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c85f514e095d348c279b1e5cd76795082cf15bd59b93207832abe0b1d8fed236" + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + [[package]] name = "unicode-width" version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973" +[[package]] +name = "utf8-ranges" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcfc827f90e53a02eaef5e535ee14266c1d569214c6aa70133a624d8a3164ba" + [[package]] name = "vec_map" version = "0.8.2" @@ -284,12 +433,12 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "yubihsm-setup" -version = "2.3.0" +version = "2.3.1" dependencies = [ "base64", "clap", "lazy_static", - "regex", + "regex 1.5.6", "rusty_secrets", "scan_dir", "yubihsmrs", @@ -302,6 +451,9 @@ dependencies = [ "lazy_static", "libyubihsm-sys", "log 0.3.9", - "regex", + "regex 0.2.11", "rustc-serialize", + "serde", + "strum", + "strum_macros", ] diff --git a/resources/release/Vagrantfile b/resources/release/Vagrantfile index 04c8a52..7ec530e 100644 --- a/resources/release/Vagrantfile +++ b/resources/release/Vagrantfile @@ -8,18 +8,32 @@ Vagrant.configure("2") do |config| v.cpus = 2 end - config.vm.define "fedora33" do |fedora33| - fedora33.vm.box = "generic/fedora33" - fedora33.vm.synced_folder "../..", "/shared", type: "rsync", + config.vm.define "fedora35" do |fedora35| + fedora35.vm.box = "generic/fedora35" + fedora35.vm.synced_folder "../..", "/shared", type: "rsync", rsync__args: ["--verbose", "--archive", "-z", "--delete"] - fedora33.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora33", :privileged => false + fedora35.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora35", :privileged => false end - config.vm.define "fedora34" do |fedora34| - fedora34.vm.box = "messyzone/fedora34" - fedora34.vm.synced_folder "../..", "/shared", type: "rsync", + config.vm.define "fedora36" do |fedora36| + fedora36.vm.box = "generic/fedora36" + fedora36.vm.synced_folder "../..", "/shared", type: "rsync", rsync__args: ["--verbose", "--archive", "-z", "--delete"] - fedora34.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora34", :privileged => false + fedora36.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora36", :privileged => false + end + + config.vm.define "fedora37" do |fedora37| + fedora37.vm.box = "generic/fedora37" + fedora37.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--delete"] + fedora37.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora37", :privileged => false + end + + config.vm.define "fedora38" do |fedora38| + fedora38.vm.box = "fedora/38-cloud-base" + fedora38.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--delete"] + fedora38.vm.provision "shell", :path => "build-rpm.sh", :args => "fedora38", :privileged => false end config.vm.define "centos7" do |centos7| @@ -29,12 +43,12 @@ Vagrant.configure("2") do |config| centos7.vm.provision "shell", :path => "build-rpm.sh", :args => "centos7", :privileged => false end - config.vm.define "centos8" do |centos8| - centos8.vm.box = "zyz/centos8" - centos8.vm.synced_folder "../..", "/shared", type: "rsync", - rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] - centos8.vm.provision "shell", :path => "build-rpm.sh", :args => "centos8", :privileged => false - end +# config.vm.define "centos8" do |centos8| +# centos8.vm.box = "zyz/centos8" +# centos8.vm.synced_folder "../..", "/shared", type: "rsync", +# rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] +# centos8.vm.provision "shell", :path => "build-rpm.sh", :args => "centos8", :privileged => false +# end config.vm.define "debian9" do |debian9| debian9.vm.box = "roboxes/debian9" @@ -50,7 +64,7 @@ Vagrant.configure("2") do |config| end config.vm.define "debian11" do |debian11| - debian11.vm.box = "axcxl/debian11_xfce" + debian11.vm.box = "debian/bullseye64" debian11.vm.synced_folder "../..", "/shared", type: "rsync", rsync__args: ["--verbose", "--archive", "-z", "--delete"] debian11.vm.provision "shell", :path => "build-pkg.sh", :args => "debian11", :privileged => false @@ -82,11 +96,39 @@ Vagrant.configure("2") do |config| focal.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2004", :privileged => false end - config.vm.define "hirsute" do |hirsute| - hirsute.vm.box = "ubuntu/hirsute64" - hirsute.vm.synced_folder "../..", "/shared", type: "rsync", + config.vm.define "impish" do |impish| + impish.vm.box = "ubuntu/impish64" + impish.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] + impish.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2110", :privileged => false + end + + config.vm.define "jammy" do |jammy| + jammy.vm.box = "alvistack/ubuntu-22.04" + jammy.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] + jammy.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2204", :privileged => false + end + + config.vm.define "kinetic" do |kinetic| + kinetic.vm.box = "ubuntu/kinetic64" + kinetic.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] + kinetic.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2210", :privileged => false + end + + config.vm.define "lunar" do |lunar| + lunar.vm.box = "ubuntu/lunar64" + lunar.vm.synced_folder "../..", "/shared", type: "rsync", + rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] + lunar.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2304", :privileged => false + end + + config.vm.define "mantic" do |mantic| + mantic.vm.box = "ubuntu/mantic64" + mantic.vm.synced_folder "../..", "/shared", type: "rsync", rsync__args: ["--verbose", "--archive", "-z", "--copy-links"] - hirsute.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2104", :privileged => false + mantic.vm.provision "shell", :path => "build-pkg.sh", :args => "ubuntu2310", :privileged => false end end diff --git a/resources/release/build-all.sh b/resources/release/build-all.sh index ca96c0d..b6da2c3 100755 --- a/resources/release/build-all.sh +++ b/resources/release/build-all.sh @@ -2,7 +2,7 @@ set -e -o pipefail -x -for machine in focal hirsute debian10 fedora33 fedora34 centos7 centos8; do +for machine in focal impish jammy debian10 debian11 fedora35 fedora36 centos7; do vagrant box update $machine time vagrant up $machine vagrant rsync-back $machine diff --git a/resources/release/build-pkg.sh b/resources/release/build-pkg.sh index 711dc0f..0d92ffa 100644 --- a/resources/release/build-pkg.sh +++ b/resources/release/build-pkg.sh @@ -4,11 +4,28 @@ set -x PLATFORM=$1 -YUBIHSMSDK_VERSION="2021-08" # To download the latest released version of yubihsm-shell +YUBIHSMSDK_VERSION="2022-06" # To download the latest released version of yubihsm-shell export DEBIAN_FRONTEND=noninteractive sudo apt-get update && sudo apt-get dist-upgrade -y -sudo apt-get install -y build-essential git +#sudo apt-get install -y build-essential git cmake pkg-config libedit-dev libssl-dev libcurl4-openssl-dev libpcsclite-dev libusb-1.0-0-dev +sudo apt-get install -y build-essential \ + chrpath \ + git \ + cmake \ + pkg-config \ + gengetopt \ + help2man \ + libedit-dev \ + libcurl4-openssl-dev \ + liblzma-dev \ + libssl-dev \ + libseccomp-dev \ + libusb-1.0.0-dev \ + dh-exec \ + git-buildpackage \ + curl \ + libpcsclite-dev export PATH=$PATH:~/.cargo/bin if [[ ! -x $(command -v rustc) ]]; then @@ -28,14 +45,34 @@ mkdir -p "${OUTPUT}" pushd "/tmp" &>/dev/null # install yubihsm-shell - mkdir yubihsm2-sdk - pushd "yubihsm2-sdk" &>/dev/null - curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-$PLATFORM-amd64.tar.gz |\ - tar -xzvf - - pushd "yubihsm2-sdk" &>/dev/null - sudo dpkg -i ./libyubihsm*_amd64.deb - popd &>/dev/null - popd &>/dev/null +# mkdir yubihsm2-sdk +# pushd "yubihsm2-sdk" &>/dev/null +# curl -L --max-redirs 2 -o - https://developers.yubico.com/YubiHSM2/Releases/yubihsm2-sdk-$YUBIHSMSDK_VERSION-$PLATFORM-amd64.tar.gz |\ +# tar -xzvf - +# pushd "yubihsm2-sdk" &>/dev/null +# sudo dpkg -i ./libyubihsm*_amd64.deb +# popd &>/dev/null +# popd &>/dev/null + + #git clone https://github.com/Yubico/yubihsm-shell.git + #cp -r /shared/resources/yubihsm-shell . + #pushd "yubihsm-shell" &>/dev/null + # mkdir build + # pushd "build" &>/dev/null + # cmake .. -DBUILD_ONLY_LIB=ON + # make + # popd + # if [ "${PLATFORM:0:6}" == "debian" ] || [ "$PLATFORM" == "ubuntu1804" ]; then + # dpkg-buildpackage -b --no-sign + # else + # dpkg-buildpackage + # fi + #popd + #cp libyubihsm1*.deb "${OUTPUT}" + #cp libyubihsm-usb1*.deb "${OUTPUT}" + #cp libyubihsm-http1*.deb "${OUTPUT}" + + sudo dpkg -i $INPUT/resources/release/libyubihsm*_amd64.deb # install yubihsmrs rm -rf yubihsmrs @@ -45,8 +82,10 @@ pushd "/tmp" &>/dev/null rm -rf yubihsm-setup git clone "$INPUT" yubihsm-setup pushd "yubihsm-setup" &>/dev/null - YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) \ - cargo build --release + #YUBIHSM_LIB_DIR=$(dpkg -L libyubihsm1 | grep -e "libyubihsm.so.2$" | xargs dirname) \ + # cargo build --release + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo build --release + YUBIHSM_LIB_DIR=/usr/lib/x86_64-linux-gnu cargo build --release strip --strip-all target/release/yubihsm-setup cargo deb --no-build cp target/debian/*.deb "${OUTPUT}" diff --git a/resources/release/build-rpm.sh b/resources/release/build-rpm.sh index f0ab613..574d93a 100644 --- a/resources/release/build-rpm.sh +++ b/resources/release/build-rpm.sh @@ -3,7 +3,7 @@ set -e -o pipefail set -x PLATFORM=$1 -LIBYUBIHSM_VERSION="2.2.0" # To download the latest released version of yubihsm-shell +LIBYUBIHSM_VERSION="2.4.0" # To download the latest released version of yubihsm-shell if [ "$PLATFORM" == "centos7" ]; then sudo yum -y install centos-release-scl @@ -37,12 +37,13 @@ elif [ "$PLATFORM" == "centos8" ]; then elif [ "${PLATFORM:0:6}" == "fedora" ]; then sudo dnf -y update sudo dnf -y install binutils \ - git \ - cmake \ - openssl-devel \ - libusb-devel \ - libcurl-devel \ - rpmdevtools + git \ + cmake \ + openssl-devel \ + libusb1-devel \ + libcurl-devel \ + rpmdevtools \ + pcsc-lite-devel export CMAKE="cmake" fi @@ -61,16 +62,24 @@ mkdir -p $OUTPUT pushd "/tmp" &>/dev/null # build yubihsm-shell from source - rm -rf yubihsm-shell-$LIBYUBIHSM_VERSION - curl -L --max-redirs 2 -o - https://developers.yubico.com/yubihsm-shell/Releases/yubihsm-shell-$LIBYUBIHSM_VERSION.tar.gz |\ - tar -xzvf - - pushd "yubihsm-shell-$LIBYUBIHSM_VERSION" &>/dev/null - mkdir build - pushd "build" &>/dev/null - $CMAKE .. -DBUILD_ONLY_LIB=ON - make - popd &>/dev/null - popd &>/dev/null + #rm -rf yubihsm-shell-$LIBYUBIHSM_VERSION + #curl -L --max-redirs 2 -o - https://developers.yubico.com/yubihsm-shell/Releases/yubihsm-shell-$LIBYUBIHSM_VERSION.tar.gz |\ + # tar -xzvf - + + #git clone https://github.com/Yubico/yubihsm-shell.git + #cp -r /shared/resources/yubihsm-shell . + #pushd "yubihsm-shell-$LIBYUBIHSM_VERSION" &>/dev/null + #pushd "yubihsm-shell" &>/dev/null + # mkdir build + # pushd "build" &>/dev/null + # $CMAKE .. -DBUILD_ONLY_LIB=ON + # make + # popd &>/dev/null + #popd &>/dev/null + + sudo dnf -y install yubihsm-shell-2.4.1-1.fc38.x86_64.rpm + sudo dnf -y install yubihsm-devel-2.4.1-1.fc38.x86_64.rpm + # install yubihsmrs rm -rf yubihsmrs @@ -82,8 +91,12 @@ pushd "/tmp" &>/dev/null pushd "yubihsm-setup" &>/dev/null cargo install cargo-rpm cargo rpm init - YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo build --release - YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo rpm build + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo build --release + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell-$LIBYUBIHSM_VERSION/build/lib cargo rpm build + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo build --release + #YUBIHSM_LIB_DIR=/tmp/yubihsm-shell/build/lib cargo rpm build + cargo build --release + cargo rpm build cp target/release/rpmbuild/RPMS/x86_64/*.rpm $OUTPUT popd &>/dev/null popd &>/dev/null @@ -103,4 +116,4 @@ pushd "/shared" &>/dev/null rm -rf licenses rm -rf ../yubihsm-setup popd &>/dev/null -popd &>/dev/null \ No newline at end of file +popd &>/dev/null