Build and run card-functionality tests against two JavaCard images (SmartPGP and YubiKey NEO)

.gitlab-ci.yml

@@ -1,6 +1,13 @@
 # SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
 # SPDX-License-Identifier: CC0-1.0
 
+stages:
+  - build
+  - test
+  - docker-build
+  - docker-test
+  - deploy
+
 reuse:
   image:
     name: fsfe/reuse:latest
@@ -35,3 +42,81 @@ cargo-fmt:
   script:
     - rustup component add rustfmt
     - cargo fmt -- --check
+
+build_cardtest_smartpgp:
+  stage: docker-build
+  image: docker:stable
+
+  variables:
+    IMAGE_LATEST: $CI_REGISTRY_IMAGE/cardtest-smartpgp:latest
+    IMAGE_SHA: $CI_REGISTRY_IMAGE/cardtest-smartpgp:$CI_COMMIT_SHA
+  services:
+    - docker:stable-dind
+  before_script:
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+  script:
+    - docker pull $IMAGE_LATEST || true
+    - docker build -f card-functionality/docker/Dockerfile.cardtest.smartpgp --cache-from $IMAGE_LATEST -t $IMAGE_SHA -t $IMAGE_LATEST .
+    - docker push $IMAGE_SHA
+    - docker push $IMAGE_LATEST
+  needs: []
+
+build_cardtest_ykneo:
+  stage: docker-build
+  image: docker:stable
+
+  variables:
+    IMAGE_LATEST: $CI_REGISTRY_IMAGE/cardtest-ykneo:latest
+    IMAGE_SHA: $CI_REGISTRY_IMAGE/cardtest-ykneo:$CI_COMMIT_SHA
+  services:
+    - docker:stable-dind
+  before_script:
+    - docker info
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+  script:
+    - docker pull $IMAGE_LATEST || true
+    - docker build -f card-functionality/docker/Dockerfile.cardtest.ykneo --cache-from $IMAGE_LATEST -t $IMAGE_SHA -t $IMAGE_LATEST .
+    - docker push $IMAGE_SHA
+    - docker push $IMAGE_LATEST
+  needs: []
+
+run_cardtest_smartpgp_import:
+  stage: docker-test
+  image: registry.gitlab.com/hkos/openpgp-card/cardtest-smartpgp
+
+  script:
+    - cd /
+    - sh run.sh import
+  needs: ["build_cardtest_smartpgp"]
+
+run_cardtest_smartpgp_keygen:
+  stage: docker-test
+  image: registry.gitlab.com/hkos/openpgp-card/cardtest-smartpgp
+
+  script:
+    - cd /
+    - sh run.sh keygen
+
+  # run after import test - running tests in parallel on the same card fails
+  needs: ["run_cardtest_smartpgp_import"]
+
+run_cardtest_ykneo_import:
+  stage: docker-test
+  image: registry.gitlab.com/hkos/openpgp-card/cardtest-ykneo
+
+  script:
+    - cd /
+    - sh run.sh import
+  needs: ["build_cardtest_ykneo"]
+
+run_cardtest_ykneo_keygen:
+  stage: docker-test
+  image: registry.gitlab.com/hkos/openpgp-card/cardtest-ykneo
+
+  script:
+    - cd /
+    - sh run.sh keygen
+
+  # run after import test - running tests in parallel on the same card fails
+  needs: ["run_cardtest_ykneo_import"]

card-functionality/docker/Dockerfile.cardtest.smartpgp

@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+FROM registry.gitlab.com/hkos/openpgp-card-images/smartpgp
+
+USER root
+
+RUN useradd -ms /bin/bash ocard \
+ && apt update -y -qq \
+ && apt install -y -qq cargo rustc nettle-dev libclang-dev
+
+USER ocard
+WORKDIR /home/ocard
+
+RUN git clone https://gitlab.com/hkos/openpgp-card \
+ && cd openpgp-card/card-functionality \
+ && cargo build \
+ && true
+
+COPY card-functionality/docker/test-smartpgp.toml openpgp-card/card-functionality/config/test-cards.toml
+
+USER root
+WORKDIR /
+COPY card-functionality/docker/run.sh .
+
+ENV bin import
+CMD /bin/sh /run.sh ${bin}

card-functionality/docker/Dockerfile.cardtest.ykneo

@@ -0,0 +1,27 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+FROM registry.gitlab.com/hkos/openpgp-card-images/ykneo
+
+USER root
+
+RUN useradd -ms /bin/bash ocard \
+ && apt update -y -qq \
+ && apt install -y -qq cargo rustc nettle-dev libclang-dev
+
+USER ocard
+WORKDIR /home/ocard
+
+RUN git clone https://gitlab.com/hkos/openpgp-card \
+ && cd openpgp-card/card-functionality \
+ && cargo build \
+ && true
+
+COPY card-functionality/docker/test-ykneo.toml openpgp-card/card-functionality/config/test-cards.toml
+
+USER root
+WORKDIR /
+COPY card-functionality/docker/run.sh .
+
+ENV bin import
+CMD /bin/sh /run.sh ${bin}

card-functionality/docker/run.sh

@@ -0,0 +1,13 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+# Run pcscd (as root)
+/etc/init.d/pcscd start
+
+# Run the javacard applet (as jcardsim)
+su - -c "sh /home/jcardsim/run-card.sh" jcardsim
+
+# Run the openpgp-card test code (as ocard).
+# This uses $1 as the name of the binary to run.
+su - -c "cd openpgp-card/card-functionality/ && cargo run --bin $1" ocard
+

card-functionality/docker/test-smartpgp.toml

@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+[card.smartpgp]
+backend.pcsc = "FFFF:00001234"
+config.keygen = [
+    "RSA2k/17", "RSA3k/17", "RSA4k/17",
+    "NIST256", "NIST384", "NIST521"
+]
+config.import = [
+    "data/rsa2k.sec",
+    "data/rsa3k.sec",
+    "data/rsa4k.sec",
+    "data/nist256.sec",
+    "data/nist384.sec",
+    "data/nist521.sec"
+]
+

card-functionality/docker/test-ykneo.toml

@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2021 Heiko Schaefer <heiko@schaefer.name>
+# SPDX-License-Identifier: CC0-1.0
+
+[card.ykneo]
+backend.pcsc = "0006:11112222"
+config.keygen = [
+    "RSA2k/17",
+]
+config.import = [
+    "data/rsa2k.sec",
+]