Re: [ima-evm-utils: PATCH 5/5] ima-evm-utils: travis: openssl gost engine

[Mimi Zohar <zohar@linux.ibm.com>]

On Fri, 2020-07-31 at 22:40 +0200, Petr Vorel wrote:
> > Petr,
> > On Fri, Jul 31, 2020 at 10:18:08PM +0200, Petr Vorel wrote:
> > > > > +++ b/tests/install-gost-engine.sh
> > > > > @@ -0,0 +1,10 @@
> > > > > +#!/bin/sh
> > > > > +
> > > > > +openssl version
> > > > > +
> > > > > +git clone https://github.com/gost-engine/engine.git
> > > > gost-engine master branch corresponds to openssl-3.0 which is
> > > > probably
> > > > not on Travis systems yet. I think branch `openssl_1_1_0`
> > > > should be used.
> > > >   git clone --branch openssl_1_1_0 
> > > > https://github.com/gost-engine/engine.git
> > > FYI: it work on current setup.
> > > https://travis-ci.org/github/pevik/ima-evm-utils/builds/713815774
> > I think `install-gost-engine.sh` is not executed in this line:
> >   257 $ if [ "${SSL}" = "openssl" ]; then ./tests/install-gost-
> > engine.sh; openssl version; fi   0.00s
> 
> Good catch!
> $ ./tests/install-gost-engine.sh
> OpenSSL 1.1.1g  21 Apr 2020
> fatal: destination path 'engine' already exists and is not an empty
> directory.
> CMake Error at
> /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:165
> (message):
>   Could NOT find OpenSSL, try to set the path to OpenSSL root folder
> in the
>   system variable OPENSSL_ROOT_DIR: Found unsuitable version
> "1.1.1g", but
>   required is at least "3.0" (found /usr/lib64/libcrypto.so, )
> Call Stack (most recent call first):
>   /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:456
> (_FPHSA_FAILURE_MESSAGE)
>   /usr/share/cmake/Modules/FindOpenSSL.cmake:486
> (find_package_handle_standard_args)
>   CMakeLists.txt:11 (find_package)
> 
> -- Configuring incomplete, errors occurred!
> See also "/home/pvorel/install/src/ima-evm-
> utils.git/engine/CMakeFiles/CMakeOutput.log".
> make: *** No rule to make target 'install'.  Stop.
> 
> And when using suggested branch openssl_1_1_0, it also fails on make
> install
> $ ./tests/install-gost-engine.sh
> OpenSSL 1.1.1g  21 Apr 2020
> Cloning into 'engine'...
> remote: Enumerating objects: 63, done.
> remote: Counting objects: 100% (63/63), done.
> remote: Compressing objects: 100% (40/40), done.
> remote: Total 2738 (delta 33), reused 32 (delta 21), pack-reused 2675
> Receiving objects: 100% (2738/2738), 2.48 MiB | 2.09 MiB/s, done.
> Resolving deltas: 100% (1735/1735), done.
> -- The C compiler identification is GNU 10.1.1
> -- Detecting C compiler ABI info
> -- Detecting C compiler ABI info - done
> -- Check for working C compiler: /usr/bin/cc - skipped
> -- Detecting C compile features
> -- Detecting C compile features - done
> -- Found OpenSSL: /usr/lib64/libcrypto.so (found suitable version
> "1.1.1g", minimum required is "1.1")
> -- Check if the system is big endian
> -- Searching 16 bit integer
> -- Looking for sys/types.h
> -- Looking for sys/types.h - found
> -- Looking for stdint.h
> -- Looking for stdint.h - found
> -- Looking for stddef.h
> -- Looking for stddef.h - found
> -- Check size of unsigned short
> -- Check size of unsigned short - done
> -- Searching 16 bit integer - Using unsigned short
> -- Check if the system is big endian - little endian
> -- LITTLE_ENDIAN
> -- Configuring done
> -- Generating done
> -- Build files have been written to: /home/pvorel/install/src/ima-
> evm-utils.git/engine
> make: *** No rule to make target 'install'.  Stop.
> 
> => It'd be good to fix this and add some test with SSL=openssl
> variable.
> But the branch would have to be updated time to time.
> 
> BTW do you plan to test other crypto libraries?

Thanks, Vitaly, Petr, for catching this.  SSL isn't define yet.   The
test should be removed.  If/when libressl is added, it would look like:

-     - env: TSS=ibmtss
-     - env: TSS=tpm2-tss
+     - env: TSS=ibmtss SSL=openssl
+     - env: TSS=ibmtss SSL=libressl;
+     - env: TSS=tpm2-tss SSL=openssl
 
 before_install:
+   - if [ "${SSL}" = "libressl" ]; then
+        ./tests/install-libressl.sh;
+     fi

Mimi