Githubactions: Update Linux OS's (#441)

Githubactions: Update Linux OS's
Yubico · Dec 3, 2024 · 7978f4c · 7978f4c
1 parent 694c419
commit 7978f4c
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 25 deletions.
diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
@@ -8,16 +8,16 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - environment: "ubuntu:24.04"
+          - environment: "ubuntu:24.10"
             cc: "gcc"
             upload_for_test: "false"
-          - environment: "ubuntu:24.04"
+          - environment: "ubuntu:24.10"
             cc: "clang"
             upload_for_test: "false"
-          - environment: "ubuntu:23.10"
+          - environment: "ubuntu:24.04"
             cc: "gcc"
             upload_for_test: "false"
-          - environment: "ubuntu:23.10"
+          - environment: "ubuntu:24.04"
             cc: "clang"
             upload_for_test: "false"
           - environment: "ubuntu:22.04"
@@ -32,15 +32,6 @@ jobs:
           - environment: "ubuntu:20.04"
             cc: "clang"
             upload_for_test: "false"
-#          - environment: "ubuntu:18.04"
-#            cc: "gcc"
-#            upload_for_test: "false"
-#          - environment: "ubuntu:16.04"
-#            cc: "gcc"
-#            upload_for_test: "false"
-#          - environment: "ubuntu:14.04"
-#            cc: "gcc"
-#            upload_for_test: "false"
           - environment: "debian:12"
             cc: "gcc"
             upload_for_test: "false"
@@ -102,6 +93,15 @@ jobs:
           # append the following flags: -Wno-missing-braces -Wno-missing-field-initializers -Wno-implicit-function-declaration
           sed -i 's/-Wall -Wextra -Werror/-Wall -Wextra -Werror -Wno-missing-braces -Wno-missing-field-initializers -Wno-implicit-function-declaration/' cmake/SecurityFlags.cmake
 
+      - name: apply environment specific changes to CMakeLists.txt
+        working-directory: yubihsm-shell
+        if: ${{ matrix.environment == 'ubuntu:24.10' }}
+        run: |         
+          # ubuntu 24.10 comes with _FORTIFY_SOURCE already set
+          sed -i 's/add_definitions (-D_FORTIFY_SOURCE=2)/add_definitions (-D_FORTIFY_SOURCE=3)/' cmake/SecurityFlags.cmake
+          # Set PCSC flags
+          sed -i 's/#SET(CMAKE_C_FLAGS/SET(CMAKE_C_FLAGS/' ykhsmauth/CMakeLists.txt
+
       - name: do build
         working-directory: yubihsm-shell
         env:
@@ -172,10 +172,10 @@ jobs:
           - environment: "fedora:40"
             cc: "clang"
             upload_for_test: "false"
-          - environment: "fedora:39"
+          - environment: "fedora:41"
             cc: "gcc"
             upload_for_test: "false"
-          - environment: "fedora:39"
+          - environment: "fedora:41"
             cc: "clang"
             upload_for_test: "false"
 
@@ -224,6 +224,13 @@ jobs:
           # append the following flags: -Wno-missing-braces -Wno-missing-field-initializers -Wno-implicit-function-declaration
           sed -i 's/-Wall -Wextra -Werror/-Wall -Wextra -Werror -Wno-missing-braces -Wno-missing-field-initializers/' cmake/SecurityFlags.cmake
 
+      - name: apply environment specific changes to CMakeLists.txt
+        working-directory: yubihsm-shell
+        if: ${{ matrix.environment == 'fedora:41' }}
+        run: |
+          # Set PCSC flags
+          sed -i 's/#SET(CMAKE_C_FLAGS/SET(CMAKE_C_FLAGS/' ykhsmauth/CMakeLists.txt
+
       - name: do build
         working-directory: yubihsm-shell
         env:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -143,13 +143,10 @@ jobs:
       fail-fast: false
       matrix:
         environment: [
+            "ubuntu:24.10",
             "ubuntu:24.04",
-            "ubuntu:23.10",
             "ubuntu:22.04",
             "ubuntu:20.04",
-#            "ubuntu:18.04",
-#            "ubuntu:16.04",
-#            "ubuntu:14.04",
             "debian:12",
             "debian:11",
         ]
@@ -211,10 +208,18 @@ jobs:
 
       - name: apply environment specific changes to CMakeLists.txt
         working-directory: yubihsm-shell
-        if: ${{ matrix.environment == 'ubuntu:24.04' }}
+        env:
+          DOCKER_IMAGE: ${{ matrix.environment }}
         run: |
-          # ubuntu 24.04 comes with _FORTIFY_SOURCE already set
-          sed -i 's/add_definitions (-D_FORTIFY_SOURCE=2)/add_definitions (-D_FORTIFY_SOURCE=3)/' cmake/SecurityFlags.cmake
+          if [ "$DOCKER_IMAGE" = "ubuntu:24.04" ] || [ "$DOCKER_IMAGE" = "ubuntu:24.10" ]; then
+            # ubuntu 24.04 and above come with _FORTIFY_SOURCE already set
+            sed -i 's/add_definitions (-D_FORTIFY_SOURCE=2)/add_definitions (-D_FORTIFY_SOURCE=3)/' cmake/SecurityFlags.cmake
+          fi
+          
+          if [ "$DOCKER_IMAGE" = "ubuntu:24.10" ]; then
+            # Set PCSC flags
+            sed -i 's/#SET(CMAKE_C_FLAGS/SET(CMAKE_C_FLAGS/' ykhsmauth/CMakeLists.txt
+          fi
 
       - name: extract platform name
         env:
@@ -288,8 +293,8 @@ jobs:
       fail-fast: false
       matrix:
         environment: [
-            "fedora:39",
             "fedora:40",
+            "fedora:41",
         ]
 
     name: build on ${{ matrix.environment }}
@@ -317,6 +322,13 @@ jobs:
           # append the following flags: -Wno-missing-braces -Wno-missing-field-initializers -Wno-implicit-function-declaration
           sed -i 's/-Wall -Wextra -Werror/-Wall -Wextra -Werror -Wno-missing-braces -Wno-missing-field-initializers/' cmake/SecurityFlags.cmake
 
+      - name: apply environment specific changes to ykhsmauth/CMakeLists.txt
+        working-directory: yubihsm-shell
+        if: ${{ matrix.environment == 'fedora:41' }}
+        run: |
+          # Set PCSC flags
+          sed -i 's/#SET(CMAKE_C_FLAGS/SET(CMAKE_C_FLAGS/' ykhsmauth/CMakeLists.txt
+
       - name: extract platform name
         env:
           DOCKER_IMAGE: ${{ matrix.environment }}
@@ -336,7 +348,7 @@ jobs:
             # enable the epel repository for centos
             yum install -y epel-release
           fi
-          yum install -y checksec procps-ng jq file which curl
+          yum install -y procps-ng jq file which curl
 
       - name: build release
         working-directory: yubihsm-shell
@@ -383,8 +395,10 @@ jobs:
 
       - name: check binaries for hardening
         run: |
+          curl -o checksec.sh-2.5.0.tar.gz -L https://github.com/slimm609/checksec.sh/archive/refs/tags/2.5.0.tar.gz
+          tar xfz checksec.sh-2.5.0.tar.gz
           cs() {
-            checksec --file=/usr/bin/yubihsm-shell --format=json | jq -r ".[] | .$1"
+            checksec-2.5.0/checksec --file=/usr/bin/yubihsm-shell --format=json | jq -r ".[] | .$1"
           }
           if [ "`cs relro`" != "full" ]; then echo "relro is `cs relro`"; exit 1; fi
           if [ "`cs canary`" != "yes" ]; then echo "canary is `cs canary`"; exit 1; fi

diff --git a/ykhsmauth/CMakeLists.txt b/ykhsmauth/CMakeLists.txt
@@ -28,6 +28,9 @@ include_directories (
   ${LIBPCSC_INCLUDEDIR}
 )
 
+# Uncomment this for Ubuntu 24.10 and higher and Fedora 41 and higher
+#SET(CMAKE_C_FLAGS  "${CMAKE_C_FLAGS} ${LIBPCSC_CFLAGS}")
+
 add_library (ykhsmauth SHARED ${SOURCE})
 
 #add_definitions (-DVERSION="${yubihsm_shell_VERSION_MAJOR}.${yubihsm_shell_VERSION_MINOR}.${yubihsm_shell_VERSION_PATCH}")