ci: move openssl3fips build to existing asan build #5181
+7
−39
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lrstewart
force-pushed
the
openssl3fips_ci_asan
branch
from
6704957 to
bd835cc
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release Summary:
Resolved issues:
related to #5036
Description of changes:
Openssl3fipsWIP was added as a temporary workaround for almost all of the unit tests initially failing with openssl-3.0-fips. I could iteratively enable the unit tests in Openssl3fipsWIP as I fixed them. But now I've fixed all the unit tests, and Openssl3fipsWIP is running all the tests!
So remove the temporary Openssl3fipsWIP and move the openssl-3.0-fips build to the equivalent existing build, AddressSanitizer.
Call-outs:
We need to add other openssl-3.0-fips builds to the CI, but that proved more difficult than adding this one. The ubuntu24_20250214 image seems to be the only one with a working version of openssl-3.0-fips (I think the others are missing 8201205) and the ubuntu24 images are otherwise missing a lot of the dependencies other builds need. For example, there's no java (which the integ tests need) and no clang asan (which a clang build in AddressSanitizer would need).
When I setup Openssl3fipsWIP, I seem to have accidentally chosen the absolute easiest build to get working :)
Testing:
AddressSanitizer passes. Interestingly removing the Openssl3fipsWIP seems to prevent Openssl3fipsWIP from running at all instead of causing it to fail.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.