diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/ISSUE_TEMPLATE/bug_report.md | 80 | ||||
| -rw-r--r-- | .github/ISSUE_TEMPLATE/config.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/alpine_builds.yml | 39 | ||||
| -rw-r--r-- | .github/workflows/bsd_builds.yml | 32 | ||||
| -rw-r--r-- | .github/workflows/cifuzz_oss.yml | 46 | ||||
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 42 | ||||
| -rw-r--r-- | .github/workflows/cygwin_builds.yml | 30 | ||||
| -rw-r--r-- | .github/workflows/linux_builds.yml | 57 | ||||
| -rw-r--r-- | .github/workflows/linux_fuzz.yml | 41 | ||||
| -rw-r--r-- | .github/workflows/macos_builds.yml | 32 | ||||
| -rw-r--r-- | .github/workflows/openssl3.yml | 51 | ||||
| -rw-r--r-- | .github/workflows/windows_builds.yml | 32 |
12 files changed, 490 insertions, 0 deletions
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000000..6e88c1ff8006 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,80 @@ +--- +name: Bug report +labels: 'bug report' +about: Report a bug in libfido2 + +--- + +<!-- + +Please use the questions below as a template, and review your answers +for potentially sensitive information. + +Thank you! + +--> + +**What version of libfido2 are you using?** + +**What operating system are you running?** + +**What application are you using in conjunction with libfido2?** + +**How does the problem manifest itself?** + +**Is the problem reproducible?** + +**What are the steps that lead to the problem?** + +**Does the problem happen with different authenticators?** + +<!-- + +fido2-token is provided by the fido2-tools package on Debian and Ubuntu, +and shipped with libfido2 in macOS (Homebrew), Arch Linux, and Windows. + +--> + +**Please include the output of `fido2-token -L`.** + +<details> +<summary><code>fido2-token -L</code></summary> +<br> +<pre> +$ fido2-token -L + +</pre> +</details> + +**Please include the output of `fido2-token -I`.** + +<details> +<summary><code>fido2-token -I</code></summary> +<br> +<pre> +$ fido2-token -I <device> + +</pre> +</details> + +<!-- + +You are strongly encouraged to only capture debug output using test +credentials. Failure to do so can disclose sensitive information. + +--> + +**Please include the output of `FIDO_DEBUG=1`.** + +<details> +<summary><code>FIDO_DEBUG=1</code></summary> +<br> +<pre> +$ export FIDO_DEBUG=1 +$ <command1> +$ <command2> +(...) +$ <commandn> + +</pre> +</details> diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000000..3ecb227ffeb0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: false +contact_links: + - name: Feature Request + url: https://github.com/Yubico/libfido2/discussions/new + about: Share ideas for new features + - name: Ask a question about libfido2 + url: https://github.com/Yubico/libfido2/discussions/new + about: Ask the community for help diff --git a/.github/workflows/alpine_builds.yml b/.github/workflows/alpine_builds.yml new file mode 100644 index 000000000000..c6d826f39835 --- /dev/null +++ b/.github/workflows/alpine_builds.yml @@ -0,0 +1,39 @@ +# Copyright (c) 2022-2023 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: alpine + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ubuntu-20.04 + container: alpine:latest + strategy: + fail-fast: false + matrix: + cc: [ gcc, clang ] + steps: + - name: dependencies + run: | + apk -q update + apk add build-base clang clang-analyzer cmake coreutils eudev-dev + apk add git linux-headers openssl-dev sudo zlib-dev pcsc-lite-dev \ + libcbor-dev + - name: fix permissions on workdir + run: chown root:wheel "${GITHUB_WORKSPACE}" + - name: checkout libfido2 + uses: actions/checkout@v4 + - name: build libfido2 + env: + CC: ${{ matrix.cc }} + run: ./.actions/build-linux-${CC} diff --git a/.github/workflows/bsd_builds.yml b/.github/workflows/bsd_builds.yml new file mode 100644 index 000000000000..366ea2141aca --- /dev/null +++ b/.github/workflows/bsd_builds.yml @@ -0,0 +1,32 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: bsd + +on: + push: + branches: + - main + - '*-ci' + +jobs: + build: + if: github.repository == 'Yubico/libfido2' + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: + image: [freebsd/13.x, openbsd/7.2] + steps: + - uses: actions/checkout@v4 + - name: dependencies + run: | + sudo apt -q update + sudo apt install -q -y curl jq + - name: build + env: + IMAGE: ${{ matrix.image }} + SOURCEHUT_TOKEN: ${{ secrets.SOURCEHUT_TOKEN }} + run: ./.actions/build-bsd diff --git a/.github/workflows/cifuzz_oss.yml b/.github/workflows/cifuzz_oss.yml new file mode 100644 index 000000000000..556d5ad36f7c --- /dev/null +++ b/.github/workflows/cifuzz_oss.yml @@ -0,0 +1,46 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: cifuzz + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + fuzzing: + if: github.repository == 'Yubico/libfido2' + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: build fuzzers (${{ matrix.sanitizer }}) + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'libfido2' + language: c + sanitizer: ${{ matrix.sanitizer }} + dry-run: false + - name: run fuzzers (${{ matrix.sanitizer }}) + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'libfido2' + language: c + sanitizer: ${{ matrix.sanitizer }} + fuzz-seconds: 600 + dry-run: false + - name: upload crash + uses: actions/upload-artifact@v3 + if: failure() + with: + name: ${{ matrix.sanitizer }}-artifacts + path: ./out/artifacts diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000000..a3a8d54d2daa --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,42 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: "codeql" + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + schedule: + - cron: '0 0 * * 0' + +permissions: + security-events: write + +jobs: + codeql-build: + if: github.repository == 'Yubico/libfido2' + runs-on: ubuntu-22.04 + steps: + - name: checkout + uses: actions/checkout@v4 + with: + fetch-depth: 2 + - name: init codeql + uses: github/codeql-action/init@v2 + - name: build + env: + CC: gcc + run: | + sudo apt -q update + sudo apt install -q -y libcbor-dev libudev-dev libz-dev original-awk \ + libpcsclite-dev + ./.actions/build-linux-gcc + - name: perform codeql analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/cygwin_builds.yml b/.github/workflows/cygwin_builds.yml new file mode 100644 index 000000000000..d8146c54904e --- /dev/null +++ b/.github/workflows/cygwin_builds.yml @@ -0,0 +1,30 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: cygwin + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ windows-2022 ] + arch: [ x64 ] + config: [ "Debug", "Release" ] + steps: + - uses: actions/checkout@v4 + - name: build + run: | + .\windows\cygwin.ps1 -Config ${{ matrix.config }} diff --git a/.github/workflows/linux_builds.yml b/.github/workflows/linux_builds.yml new file mode 100644 index 000000000000..ec911cb92d92 --- /dev/null +++ b/.github/workflows/linux_builds.yml @@ -0,0 +1,57 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: linux + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - { os: ubuntu-20.04, cc: gcc-8 } + - { os: ubuntu-22.04, cc: gcc-9 } + - { os: ubuntu-22.04, cc: gcc-10 } + - { os: ubuntu-22.04, cc: gcc-11 } + - { os: ubuntu-22.04, cc: gcc-12 } + - { os: ubuntu-22.04, cc: clang-13 } + - { os: ubuntu-22.04, cc: clang-14 } + - { os: ubuntu-22.04, cc: clang-15 } + - { os: ubuntu-22.04, cc: clang-16 } + - { os: ubuntu-20.04, cc: i686-w64-mingw32-gcc-9 } + - { os: ubuntu-22.04, cc: i686-w64-mingw32-gcc-10 } + steps: + - uses: actions/checkout@v4 + - name: dependencies + run: | + sudo apt -q update + sudo apt install -q -y libcbor-dev libudev-dev libz-dev \ + original-awk mandoc libpcsclite-dev + - name: compiler + env: + CC: ${{ matrix.cc }} + run: | + if [ "${CC%-*}" == "clang" ]; then + sudo ./.actions/setup_clang "${CC}" + elif [ "${CC%-*}" == "i686-w64-mingw32-gcc" ]; then + sudo apt install -q -y binutils-mingw-w64-i686 gcc-mingw-w64 \ + g++-mingw-w64 mingw-w64-i686-dev + else + sudo apt install -q -y "${CC}" + fi + - name: build + env: + CC: ${{ matrix.cc }} + run: ./.actions/build-linux-${CC%-*} diff --git a/.github/workflows/linux_fuzz.yml b/.github/workflows/linux_fuzz.yml new file mode 100644 index 000000000000..296c0d9fab23 --- /dev/null +++ b/.github/workflows/linux_fuzz.yml @@ -0,0 +1,41 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: fuzzer + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ ubuntu-22.04 ] + cc: [ clang-16 ] + sanitizer: [ asan, msan ] + steps: + - uses: actions/checkout@v4 + - name: dependencies + run: | + sudo apt -q update + sudo apt install -q -y libudev-dev libpcsclite-dev + - name: compiler + env: + CC: ${{ matrix.cc }} + run: | + sudo ./.actions/setup_clang "${CC}" + - name: fuzz + env: + CC: ${{ matrix.cc }} + SANITIZER: ${{ matrix.sanitizer }} + run: ./.actions/fuzz-linux "${SANITIZER}" diff --git a/.github/workflows/macos_builds.yml b/.github/workflows/macos_builds.yml new file mode 100644 index 000000000000..7d84a750ac37 --- /dev/null +++ b/.github/workflows/macos_builds.yml @@ -0,0 +1,32 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: macos + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ macos-13, macos-12 ] + cc: [ clang ] + steps: + - uses: actions/checkout@v4 + - name: dependencies + run: brew install libcbor llvm mandoc openssl@3.0 pkg-config zlib + - name: build + env: + CC: ${{ matrix.cc }} + run: ./.actions/build-osx-clang diff --git a/.github/workflows/openssl3.yml b/.github/workflows/openssl3.yml new file mode 100644 index 000000000000..ee70c087d285 --- /dev/null +++ b/.github/workflows/openssl3.yml @@ -0,0 +1,51 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: openssl3 + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - os: ubuntu-22.04 + cc: gcc-11 + - os: ubuntu-22.04 + cc: clang-16 + - os: ubuntu-22.04 + cc: i686-w64-mingw32-gcc-10 + steps: + - uses: actions/checkout@v4 + - name: dependencies + env: + CC: ${{ matrix.cc }} + run: | + sudo apt -q update + sudo apt install -q -y libcbor-dev libudev-dev libz-dev \ + original-awk mandoc libpcsclite-dev + sudo apt remove -y libssl-dev + if [ "${CC%-*}" == "clang" ]; then + sudo ./.actions/setup_clang "${CC}" + elif [ "${CC%-*}" == "i686-w64-mingw32-gcc" ]; then + sudo apt install -q -y binutils-mingw-w64-i686 gcc-mingw-w64 \ + g++-mingw-w64 mingw-w64-i686-dev + else + sudo apt install -q -y "${CC}" + fi + - name: build + env: + CC: ${{ matrix.cc }} + run: ./.actions/build-linux-openssl3-${CC%-*} diff --git a/.github/workflows/windows_builds.yml b/.github/workflows/windows_builds.yml new file mode 100644 index 000000000000..bfc1eb3c1deb --- /dev/null +++ b/.github/workflows/windows_builds.yml @@ -0,0 +1,32 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: windows + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ windows-2022 ] + arch: [ x64, Win32, ARM64, ARM ] + type: [ dynamic, static ] + config: [ "Release" ] + steps: + - uses: actions/checkout@v4 + - name: build + run: | + .\windows\build.ps1 -Fido2Flags '/analyze' -Arch ${{ matrix.arch }} ` + -Type ${{ matrix.type }} -Config ${{ matrix.config }} |