From bd835cc7989cef7d5ecd25ef311d8e5015c22e2b Mon Sep 17 00:00:00 2001 From: Lindsay Stewart Date: Tue, 11 Mar 2025 21:02:45 -0700 Subject: [PATCH 1/3] ci: move openssl3fips build to existing asan build --- codebuild/bin/start_codebuild.sh | 1 - codebuild/spec/buildspec_openssl3fips.yml | 38 ----------------------- codebuild/spec/buildspec_sanitizer.yml | 7 +++++ 3 files changed, 7 insertions(+), 39 deletions(-) delete mode 100644 codebuild/spec/buildspec_openssl3fips.yml diff --git a/codebuild/bin/start_codebuild.sh b/codebuild/bin/start_codebuild.sh index 82752cdf7b6..9053ad5d7c4 100755 --- a/codebuild/bin/start_codebuild.sh +++ b/codebuild/bin/start_codebuild.sh @@ -28,7 +28,6 @@ BUILDS=( "s2nUnitNix" "Integv2NixBatchBF1FB83F-7tcZOiMDWPH0 us-east-2 batch" "kTLS us-west-2 no-batch" - "Openssl3fipsWIP us-west-2 no-batch" ) usage() { diff --git a/codebuild/spec/buildspec_openssl3fips.yml b/codebuild/spec/buildspec_openssl3fips.yml deleted file mode 100644 index c48c9b178e7..00000000000 --- a/codebuild/spec/buildspec_openssl3fips.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"). You may not use -# this file except in compliance with the License. A copy of the License is -# located at -# -# http://aws.amazon.com/apache2.0/ -# -# or in the "license" file accompanying this file. This file is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. See the License for the specific language governing permissions and -# limitations under the License. - -version: 0.2 - -env: - variables: - S2N_LIBCRYPTO: "openssl-3.0-fips" - CTEST_OUTPUT_ON_FAILURE: 1 - -phases: - build: - on-failure: ABORT - commands: - - | - cmake . -Bbuild \ - -DCMAKE_PREFIX_PATH=/usr/local/openssl-3.0-fips \ - -DCMAKE_BUILD_TYPE=RelWithDebInfo \ - -DASAN=ON \ - -DUBSAN=ON - - cmake --build ./build -- -j $(nproc) - post_build: - on-failure: ABORT - commands: - - export CTEST_PARALLEL_LEVEL=$(nproc) - # openssl3fips is still a work-in-progress. Not all tests pass. - - make -C build test diff --git a/codebuild/spec/buildspec_sanitizer.yml b/codebuild/spec/buildspec_sanitizer.yml index 189456f2af5..a03974d03f3 100644 --- a/codebuild/spec/buildspec_sanitizer.yml +++ b/codebuild/spec/buildspec_sanitizer.yml @@ -75,6 +75,13 @@ batch: variables: S2N_LIBCRYPTO: openssl-3.0 COMPILER: gcc + - identifier: gcc_openssl_3_fips + env: + compute-type: BUILD_GENERAL1_LARGE + image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24_20250214 + variables: + S2N_LIBCRYPTO: openssl-3.0-fips + COMPILER: gcc - identifier: gcc_openssl_1_1_1 env: compute-type: BUILD_GENERAL1_LARGE From 9248ea79c136ae7181dac71fd87354ffa0c026eb Mon Sep 17 00:00:00 2001 From: Lindsay Stewart Date: Fri, 14 Mar 2025 14:38:28 -0700 Subject: [PATCH 2/3] don't use datestamp -- main should work --- codebuild/spec/buildspec_sanitizer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/spec/buildspec_sanitizer.yml b/codebuild/spec/buildspec_sanitizer.yml index a03974d03f3..8161582f8e7 100644 --- a/codebuild/spec/buildspec_sanitizer.yml +++ b/codebuild/spec/buildspec_sanitizer.yml @@ -78,7 +78,7 @@ batch: - identifier: gcc_openssl_3_fips env: compute-type: BUILD_GENERAL1_LARGE - image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24_20250214 + image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24 variables: S2N_LIBCRYPTO: openssl-3.0-fips COMPILER: gcc From 768a8994ba53f16f5d1509f89020a31c6b3f297c Mon Sep 17 00:00:00 2001 From: Lindsay Stewart Date: Fri, 14 Mar 2025 14:51:03 -0700 Subject: [PATCH 3/3] Revert "don't use datestamp -- main should work" This reverts commit 9248ea79c136ae7181dac71fd87354ffa0c026eb. --- codebuild/spec/buildspec_sanitizer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/spec/buildspec_sanitizer.yml b/codebuild/spec/buildspec_sanitizer.yml index 8161582f8e7..a03974d03f3 100644 --- a/codebuild/spec/buildspec_sanitizer.yml +++ b/codebuild/spec/buildspec_sanitizer.yml @@ -78,7 +78,7 @@ batch: - identifier: gcc_openssl_3_fips env: compute-type: BUILD_GENERAL1_LARGE - image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24 + image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24_20250214 variables: S2N_LIBCRYPTO: openssl-3.0-fips COMPILER: gcc