Test async usercalls mbedtls v0.12.1 #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: rust-sgx | |
permissions: | |
contents: read | |
on: | |
push: | |
paths-ignore: | |
- '*.md' | |
- 'LICENSE' | |
branches: | |
- staging | |
- trying | |
- master | |
pull_request: | |
paths-ignore: | |
- '*.md' | |
- 'LICENSE' | |
branches: | |
- master | |
- mz/async-usercalls | |
env: | |
CARGO_TERM_COLOR: always | |
CARGO_NET_RETRY: 10 | |
CARGO_INCREMENTAL: 0 | |
RUST_BACKTRACE: 1 | |
CFLAGS_x86_64_fortanix_unknown_sgx: "-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening" | |
CC_x86_64_fortanix_unknown_sgx: clang-11 | |
jobs: | |
build: | |
name: Build+test | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install dependencies | |
run: | | |
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add - | |
wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - | |
sudo add-apt-repository 'deb https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | |
sudo add-apt-repository 'deb http://apt.llvm.org/focal/ llvm-toolchain-focal-11 main' | |
sudo apt-get update | |
sudo apt-get install faketime protobuf-compiler libsgx-dcap-ql-dev clang-11 musl-tools libssl-dev | |
- name: Setup rust toolchain | |
run: | | |
rustup target add x86_64-fortanix-unknown-sgx x86_64-unknown-linux-musl | |
rustup toolchain add nightly | |
rustup target add x86_64-fortanix-unknown-sgx --toolchain nightly | |
# NOTE: linking glibc version of OpenSSL with musl binary. | |
# Unlikely to produce a working binary, but at least the build succeeds. | |
- run: mkdir -p /tmp/muslinclude && ln -sf /usr/include/x86_64-linux-gnu/openssl /tmp/muslinclude/openssl && PKG_CONFIG_ALLOW_CROSS=1 CFLAGS=-I/tmp/muslinclude CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=true cargo build --locked -p fortanix-sgx-tools --target x86_64-unknown-linux-musl | |
- run: cargo test --verbose --all --exclude sgxs-loaders --exclude async-usercalls && [ "$(echo $(nm -D target/debug/sgx-detect|grep __vdso_sgx_enter_enclave))" = "w __vdso_sgx_enter_enclave" ] | |
- run: cargo +nightly test --verbose -p async-usercalls --target x86_64-fortanix-unknown-sgx --no-run | |
- run: cargo +nightly test --verbose -p sgx-isa --features sgxstd --target x86_64-fortanix-unknown-sgx --no-run | |
- run: cargo test --verbose -p sgxs-tools | |
- run: cargo test --verbose -p dcap-ql --features link | |
- run: cargo test --verbose -p dcap-ql --features verify | |
- run: cargo +nightly build --verbose -p aesm-client --target=x86_64-fortanix-unknown-sgx | |
- run: cargo +nightly build --verbose -p aesm-client --target=x86_64-fortanix-unknown-sgx --features sgx-isa/sgxstd | |
- run: cargo +nightly test --manifest-path em-app/Cargo.toml --target=x86_64-fortanix-unknown-sgx --no-run | |
ci-success: | |
name: ci | |
if: always() | |
needs: | |
- build | |
runs-on: ubuntu-latest | |
steps: | |
- run: jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}' | |
- name: Done | |
run: exit 0 |