Skip clevis test during CI

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>

.github/workflows/ci.yml

@@ -35,10 +35,6 @@ jobs:
       - name: Remove clevis-pin-tpm2
         run: |
             dnf erase -y clevis-pin-tpm2
-      - name: Grab newer copies of the clevis in-tree TPM2 pin
-        run: |
-            curl https://raw.githubusercontent.com/latchset/clevis/master/src/pins/tpm2/clevis-encrypt-tpm2 -o /usr/bin/clevis-encrypt-tpm2
-            curl https://raw.githubusercontent.com/latchset/clevis/master/src/pins/tpm2/clevis-decrypt-tpm2 -o /usr/bin/clevis-decrypt-tpm2
       - name: Build
         run: cargo build
       - name: Start swtpm
@@ -58,7 +54,7 @@ jobs:
                 --daemon
       - name: Run integration tests
         run: |
-            TCTI=swtpm: cargo test -- --nocapture
+            TCTI=swtpm: SKIP_CLEVIS=true cargo test -- --nocapture
       - name: Run policy tests
         run: |
             # TCTI=swtpm: ./tests/test_policy

tests/integration_test.rs

@@ -120,20 +120,23 @@ fn generate_decrypt_clevis() -> DecryptFunc {
 const INPUT: &str = "some-static-content";
 
 const FAIL_FAST: Option<&'static str> = option_env!("FAIL_FAST");
+const SKIP_CLEVIS: Option<&'static str> = option_env!("SKIP_CLEVIS");
 
 // Testing against clevis requires https://github.com/latchset/clevis/commit/c6fc63fc055c18927decc7bcaa07821d5ae37614
 #[test]
 fn pcr_tests() {
-    let encrypters = vec![
+    let mut encrypters = vec![
         generate_encrypt_us(false),
         generate_encrypt_us(true),
-        generate_encrypt_clevis(),
     ];
-    let decrypters = vec![
+    let mut decrypters = vec![
         generate_decrypt_us(false),
         generate_decrypt_us(true),
-        generate_decrypt_clevis(),
     ];
+    if SKIP_CLEVIS.is_none() {
+        encrypters.push(generate_encrypt_clevis());
+        decrypters.push(generate_decrypt_clevis());
+    }
 
     let mut failed: u64 = 0;