Adding interop tests

Fedora has some fairly nice interoperability tests that we can leverage
to build a PR and test it against gnutls and nss libraries.  This commit
adds the interop-tests.yml ci job to do that work, and run the interop
tests from beaker.

Fixes #20685

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)

(cherry picked from commit 337eb99c8474ed380f3aa6fbd6b2a4ab5d39aa26)

diff --git a/.github/workflows/interop-tests.yml b/.github/workflows/interop-tests.yml
new file mode 100644 (file)
index 0000000..952e1b7
--- /dev/null
+++ b/.github/workflows/interop-tests.yml
@@ -0,0 +1,50 @@
+# Notes:
+# /__w/openssl is the path that github bind-mounts into the container so the ci
+# filesystem for this job can be reached.  Please note that any changes made to
+# this job involving file system paths should be made prefixed with, or relative
+# to that directory
+name: Interoperability tests with GnuTLS and NSS
+on:
+  schedule:
+    - cron: '0 6 * * *'
+jobs:
+  test:
+    runs-on: ubuntu-22.04
+    container:
+      image: docker.io/fedora:39
+      options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
+    timeout-minutes: 90
+    strategy:
+      fail-fast: false
+      matrix:
+        COMPONENT: [gnutls, nss]
+    env:
+      COMPONENT: ${{ matrix.COMPONENT }}
+    steps:
+      - uses: actions/checkout@v4
+      - name : Install needed tools
+        run: |
+          dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \
+                 fips-mode-setup crypto-policies-scripts
+      - name: install interop tests
+        run: |
+          cd /__w/openssl/openssl
+          git clone --branch=openssl --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git
+      - name: build openssl as an rpm
+        run: |
+          mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree
+          cd /build && cp /__w/openssl/openssl/interop/openssl.spec SPECS/ && \
+          cd SPECS/ && source /__w/openssl/openssl/VERSION.dat && \
+          sed -i "s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \
+          sed -i 's/^Release: .*$/Release: dev/' openssl.spec
+          yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing
+          mkdir -p /build/SOURCES
+          tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/
+          rpmbuild -bb /build/SPECS/openssl.spec
+          dnf install -y /build/RPMS/x86_64/openssl-*
+      - name: Run interop tests
+        run: |
+          cd interop
+          tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local execute -h tmt --interactive
+          openssl version
+          echo "Finished - important to prevent unwanted output truncating"