s2n-tls
s2n-tls copied to clipboard
aws
Update CI with newer CodeBuild image
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
Our CI job for integration tests are setup to run against Ubuntu18 (aka standard:4.0), now 4+ years old. While we're looking at moving to Ubuntu22, see what's involved in creating a custom Docker image to speed up testing of unit and integrationv2 testing.
Solution:
Use standard:6.0 as a starting point. Call-out that the Docker image build logic will likely be setup using CDK and exist in another repository.
Requirements / Acceptance Criteria:
A sub-set of integrationv2 tests and all of the unit tests should run and pass on both ubuntu18 and 22, with as few changes to the CI scripting as possible. A future effort can start adding new tests to Ubuntu22.
- [x] All of the current libcrypto's used in testing should be pre-built**
- [x] Python3.9 should be available (for parity with current ubuntu18 setup)
- [x] SSM needs to be installed and functional
- [ ] Docker test cases
- [ ] Image published to private ECR
Out of scope:
Fuzz testing, SAW, valgrind, CBMC, compilers prior to gcc-9, any tooling which has missing dependencies (gnuTLS**) or was a point in time build that is unmaintained or not longer available/up-to-date.
