diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 27aa227..00b4186 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,10 +35,6 @@ jobs: - name: Remove clevis-pin-tpm2 run: | dnf erase -y clevis-pin-tpm2 - - name: Grab newer copies of the clevis in-tree TPM2 pin - run: | - curl https://raw.githubusercontent.com/latchset/clevis/master/src/pins/tpm2/clevis-encrypt-tpm2 -o /usr/bin/clevis-encrypt-tpm2 - curl https://raw.githubusercontent.com/latchset/clevis/master/src/pins/tpm2/clevis-decrypt-tpm2 -o /usr/bin/clevis-decrypt-tpm2 - name: Build run: cargo build - name: Start swtpm @@ -58,7 +54,7 @@ jobs: --daemon - name: Run integration tests run: | - TCTI=swtpm: cargo test -- --nocapture + TCTI=swtpm: SKIP_CLEVIS=true cargo test -- --nocapture - name: Run policy tests run: | # TCTI=swtpm: ./tests/test_policy diff --git a/tests/integration_test.rs b/tests/integration_test.rs index f221943..956e5b9 100644 --- a/tests/integration_test.rs +++ b/tests/integration_test.rs @@ -120,20 +120,23 @@ fn generate_decrypt_clevis() -> DecryptFunc { const INPUT: &str = "some-static-content"; const FAIL_FAST: Option<&'static str> = option_env!("FAIL_FAST"); +const SKIP_CLEVIS: Option<&'static str> = option_env!("SKIP_CLEVIS"); // Testing against clevis requires https://github.com/latchset/clevis/commit/c6fc63fc055c18927decc7bcaa07821d5ae37614 #[test] fn pcr_tests() { - let encrypters = vec![ + let mut encrypters = vec![ generate_encrypt_us(false), generate_encrypt_us(true), - generate_encrypt_clevis(), ]; - let decrypters = vec![ + let mut decrypters = vec![ generate_decrypt_us(false), generate_decrypt_us(true), - generate_decrypt_clevis(), ]; + if SKIP_CLEVIS.is_none() { + encrypters.push(generate_encrypt_clevis()); + decrypters.push(generate_decrypt_clevis()); + } let mut failed: u64 = 0;