Develop

check_build.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+# Install cargo deny if not already installed
+# cargo install --version 0.18.2 cargo-deny --locked
+
+find . -name "Cargo.toml" -not -path "./Cargo.toml" -exec dirname {} \; | while read -r dir; do
+  echo "Running cargo build in $dir"
+  pushd "$dir"
+  cargo build
+  cargo test -- --nocapture
+  cargo clippy --all-targets -- -D warnings
+  cargo deny check advisories
+  popd
+done
+
+cargo hack build --all --feature-powerset

find_empty_files.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -ex
+
+# Find all regular files that are empty (size 0)
+find . -not -path "./*.cargo_check/**" -not -path "./**target/**" -not -path "./*env/lib/*" -not -path "./*node_modules/**" -not -path "./.git/**" -type f -empty -print

.github/scripts/get_openssl_binaries.sh → get_openssl_binaries.sh

@@ -1,18 +1,14 @@
 #!/bin/bash
 set -ex
 
-if [ "$1" = "Cosmian/kms" || "$1" = "Cosmian/cli"]; then
-    export OPENSSL_DIR=/usr/local/openssl
-fi
-
 env
 
 if [ -z "$OPENSSL_DIR" ]; then
     echo "Error: OPENSSL_DIR is not set."
     exit 1
 fi
 
-if [ -z "$OS_NAME" ]; then
+if [[ -z "$OS_NAME" || "$OS_NAME" == "ui" ]]; then
     OS_NAME=ubuntu_22_04
 else
     OS_NAME=${OS_NAME#fips_}
@@ -37,5 +33,5 @@ mv "${OPENSSL_VERSION}.tar.gz" "${OPENSSL_DIR}"
 echo -n Extracting compressed archive...
 cd "${OPENSSL_DIR}"
 tar -xf "$OPENSSL_VERSION.tar.gz"
-find .
+chmod u+x lib*/ossl-modules/*
 rm "$OPENSSL_VERSION.tar.gz"

prepare_proteccio.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -ex
+
+wget -q https://package.cosmian.com/ci/hsm-proteccio.tar.gz
+tar -xzf hsm-proteccio.tar.gz
+rm hsm-proteccio.tar.gz
+
+sudo mkdir -p /etc/proteccio/
+sudo cp proteccio/etc/proteccio/* /etc/proteccio/
+sudo cp proteccio/lib/* /lib/
+sudo cp proteccio/usr/local/bin/* /usr/local/bin/
+
+rm -rf proteccio
+
+# Check HSM connectivity (non-fatal - tests will fail later if HSM is unreachable)
+# Temporarily clear Nix OpenSSL environment to use system libraries for Proteccio
+env -u LD_PRELOAD -u LD_LIBRARY_PATH -u OPENSSL_CONF -u OPENSSL_MODULES /usr/local/bin/nethsmstatus

prepare_utimaco.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+set -ex
+
+# Fallback to wget if nix is not available (CI environments)
+wget -q https://package.cosmian.com/ci/hsm-utimaco-simulator.tar.xz
+
+killall -9 bl_sim5 || true
+echo -n Extracting compressed archive...
+tar -xf hsm-utimaco-simulator.tar.xz
+rm hsm-utimaco-simulator.tar.xz
+./hsm-simulator/sim5_linux/bin/bl_sim5 -h -o -d ./hsm-simulator/sim5_linux/devices &
+
+sleep 5
+
+# Place PKCS#11 library and config in a user-writable, persistent location
+UTIMACO_ETC="$PWD/.utimaco"
+mkdir -p "$UTIMACO_ETC"
+cp ./hsm-simulator/libcs_pkcs11_R3.so "$UTIMACO_ETC/libcs_pkcs11_R3.so"
+export UTIMACO_PKCS11_LIB="$UTIMACO_ETC/libcs_pkcs11_R3.so"
+cp ./hsm-simulator/cs_pkcs11_R3.cfg "$UTIMACO_ETC/"
+chmod 644 "$UTIMACO_ETC/cs_pkcs11_R3.cfg"
+printf "[Global]\nLogpath = /tmp\nLogging = 3\n[CryptoServer]\nDevice = 3001@localhost\n" >"$UTIMACO_ETC/cs_pkcs11_R3.cfg"
+export CS_PKCS11_R3_CFG="$UTIMACO_ETC/cs_pkcs11_R3.cfg"
+
+cd ./hsm-simulator/Administration
+# set the SO PIN to 11223344
+./p11tool2 Slot=0 login=ADMIN,./key/ADMIN_SIM.key InitToken=11223344
+# Change the SO PIN to 12345678
+./p11tool2 Slot=0 LoginSO=11223344 SetPin=11223344,12345678
+# Set the User PIN to 11223344
+./p11tool2 Slot=0 LoginSO=12345678 InitPin=11223344
+# Change the User PIN to 12345678
+./p11tool2 Slot=0 LoginUser=11223344 SetPin=11223344,12345678
+./p11tool2 Slot=0 GetSlotInfo
+cd ../..
+
+rm -rf hsm-simulator