Hi Tianjia,
On Wed, 2021-07-14 at 21:01 +0800, Tianjia Zhang wrote:
>
> index 5b07711..a0001b0 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -93,4 +93,4 @@ before_install:
> script:
> - INSTALL="${DISTRO%%:*}"
> - INSTALL="${INSTALL%%/*}"
> - - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if
> [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi
> && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ !
> \"$VARIANT\" ]; then which tpm_server || which swtpm ||
> ./tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\"
> ./build.sh"
> + - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if
> [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi
> && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ !
> \"$VARIANT\" ]; then which tpm_server || which swtpm ||
> ./tests/install-swtpm.sh; fi && ./tests/install-openssl3.sh &&
> CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
With "install-openssl3.sh", installing openssl 3.0 is being done for
every distro matrix rule. This needs to be limited to a specific
instance. Petr, please correct if I'm wrong, I assume a new variable
needs to be defined, similar to "TSS".
A similar change would need to be made in ci.yml.
> new file mode 100755
> index 0000000..21adb6f
> --- /dev/null
> +++ b/tests/install-openssl3.sh
> @@ -0,0 +1,15 @@
> +#!/bin/sh
> +
> +set -ex
> +
> +# The latest version in July 2021
> +wget --no-check-certificate https://github.com/openssl/openssl/archive/refs/tags/openssl-3.0.0-beta1.tar.gz
> +tar --no-same-owner -xvzf openssl-3.0.0-beta1.tar.gz
Petr said, "Although it appears there is no distro which would have
openssl 3.0 [1],
Debian actually have 3.0.0~~beta1-1 in experimental [2]. openSUSE has slightly
older version openssl-3.0.0-alpha16 [3]. I suppose we update soon to beta1 as
well.
Using distro packages would be probably faster to run in CI than install from git."
I guess, whether the openssl 3.0 source code is from the distro or from
openssl, it needs to be compiled from source.
Perhaps limiting compiling openssl 3.0 to those distros with the source
package is simpler than defining a new travis.yml variable, as
suggested above. Petr?
thanks,
Mimi
> +cd openssl-openssl-3.0.0-beta1
> +
> +./Configure --prefix=/opt/openssl --openssldir=/opt/openssl/ssl
> +make -j$(nproc) && sudo make install
> +
> +cd ..
> +rm -rf openssl-3.0.0-beta1.tar.gz
> +rm -rf openssl-openssl-3.0.0-beta1
