mirror of
https://gitlab.gnome.org/GNOME/libsecret.git
synced 2024-12-22 04:38:55 +00:00
63907d907e
These changes define the TPM2 API and add its implementations to the incubation area (egg/). Summary of the public API: `egg_tpm2_initialize`: Start a TPM context. `egg_tpm2_finalize`: End a TPM context. `egg_tpm2_generate_master_password`: Generate and returns an encrypted master password in `GBytes` format. TSS Marshaling, GVariant serialization is used. `egg_tpm2_decrypt_master_password`: Decrypts a master password generated from `egg_tpm2_generate_master_password`. TSS Unmarshaling, GVariant deserialization is used. TPM2 API: TSS Enhanced System API (ESAPI) Proposal: [extend file backend to use TPM2 derived encryption keys](https://gitlab.gnome.org/Teams/Engagement/gsoc-2021/-/issues/13) Related MRs: [#86](https://gitlab.gnome.org/GNOME/libsecret/-/merge_requests/86) Related Issues: [#63](https://gitlab.gnome.org/GNOME/libsecret/-/issues/63)
125 lines
3.7 KiB
YAML
125 lines
3.7 KiB
YAML
stages:
|
|
- build
|
|
- deploy
|
|
|
|
variables:
|
|
DEPENDENCIES: dbus-x11 diffutils gcc gjs meson ninja-build python3-dbus python3-gobject redhat-rpm-config tpm2-tss-devel
|
|
CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'"
|
|
|
|
fedora:Werror:
|
|
image: fedora:latest
|
|
stage: build
|
|
before_script:
|
|
- dnf upgrade -y
|
|
- dnf install -y 'dnf-command(builddep)'
|
|
- dnf builddep -y libsecret
|
|
- dnf install -y $DEPENDENCIES swtpm swtpm-tools tpm2-abrmd
|
|
- dbus-uuidgen --ensure
|
|
script:
|
|
- export XDG_CONFIG_HOME=$HOME/.config
|
|
- /usr/share/swtpm/swtpm-create-user-config-files --root
|
|
- mkdir -p ${XDG_CONFIG_HOME}/mytpm1
|
|
- swtpm_setup --tpm2 --tpmstate $XDG_CONFIG_HOME/mytpm1 --createek --allow-signing --decryption --create-ek-cert --create-platform-cert --lock-nvram --overwrite --display
|
|
- swtpm socket --tpm2 --tpmstate dir=$XDG_CONFIG_HOME/mytpm1 --flags startup-clear --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --daemon
|
|
- eval `dbus-launch --sh-syntax`
|
|
- 'tpm2-abrmd --logger=stdout --tcti=swtpm: --session --allow-root --flush-all &'
|
|
- 'export TCTI=tabrmd:bus_type=session'
|
|
- meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dtpm2=true
|
|
- meson compile -C _build
|
|
- meson test -C _build
|
|
artifacts:
|
|
when: on_failure
|
|
paths:
|
|
- _build/meson-logs/testlog.txt
|
|
|
|
fedora:asan:
|
|
image: fedora:latest
|
|
stage: build
|
|
before_script:
|
|
- dnf upgrade -y
|
|
- dnf install -y 'dnf-command(builddep)'
|
|
- dnf builddep -y libsecret
|
|
- dnf install -y $DEPENDENCIES libasan
|
|
- dbus-uuidgen --ensure
|
|
script:
|
|
- meson _build -Dsanitize=address
|
|
- meson compile -C _build
|
|
- eval `dbus-launch --sh-syntax`
|
|
- meson test -C _build
|
|
artifacts:
|
|
when: on_failure
|
|
paths:
|
|
- _build/meson-logs/testlog.txt
|
|
|
|
fedora:ubsan:
|
|
image: fedora:latest
|
|
stage: build
|
|
before_script:
|
|
- dnf upgrade -y
|
|
- dnf install -y 'dnf-command(builddep)'
|
|
- dnf builddep -y libsecret
|
|
- dnf install -y $DEPENDENCIES libubsan
|
|
- dbus-uuidgen --ensure
|
|
script:
|
|
- meson _build -Dsanitize=undefined
|
|
- meson compile -C _build
|
|
- eval `dbus-launch --sh-syntax`
|
|
- meson test -C _build
|
|
artifacts:
|
|
when: on_failure
|
|
paths:
|
|
- _build/meson-logs/testlog.txt
|
|
|
|
fedora-static-analyzers/test:
|
|
image: fedora:latest
|
|
stage: build
|
|
before_script:
|
|
- dnf upgrade -y
|
|
- dnf install -y 'dnf-command(builddep)'
|
|
- dnf builddep -y libsecret
|
|
- dnf install -y $DEPENDENCIES clang-analyzer cppcheck
|
|
- dbus-uuidgen --ensure
|
|
script:
|
|
- meson _build
|
|
- meson compile -C _build --ninja-args scan-build
|
|
- cppcheck --force -q $CPPCHECK_OPTIONS libsecret/ egg/ tool/
|
|
artifacts:
|
|
when: on_failure
|
|
paths:
|
|
- _build/meson-logs/testlog.txt
|
|
|
|
fedora:coverage:
|
|
image: fedora:latest
|
|
stage: build
|
|
before_script:
|
|
- dnf upgrade -y
|
|
- dnf install -y 'dnf-command(builddep)'
|
|
- dnf builddep -y libsecret
|
|
- dnf install -y $DEPENDENCIES lcov
|
|
- dbus-uuidgen --ensure
|
|
script:
|
|
- meson _build -Db_coverage=true
|
|
- meson compile -C _build
|
|
- eval `dbus-launch --sh-syntax`
|
|
- meson test -C _build
|
|
- ninja coverage-html -C _build
|
|
coverage: '/^\s+lines.+:\s+([\d.]+\%)\s+/'
|
|
artifacts:
|
|
name: "libsecret-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
|
|
when: on_success
|
|
paths:
|
|
- _build/meson-logs/coveragereport/
|
|
# https://github.com/linux-test-project/lcov/issues/58
|
|
allow_failure: true
|
|
|
|
pages:
|
|
stage: deploy
|
|
script:
|
|
- mv _build/meson-logs/coveragereport/ public/
|
|
artifacts:
|
|
when: on_success
|
|
paths:
|
|
- public
|
|
# https://github.com/linux-test-project/lcov/issues/58
|
|
allow_failure: true
|