diff --git a/.github/workflows/debian-package-test.yml b/.github/workflows/debian-package-test.yml new file mode 100644 index 00000000..69c63f8d --- /dev/null +++ b/.github/workflows/debian-package-test.yml @@ -0,0 +1,92 @@ +name: Debian Package Build and Install Test + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +jobs: + debian-package-test: + runs-on: ubuntu-22.04 + + steps: + # Pull wolfPKCS11 + - uses: actions/checkout@v4 + with: + submodules: true + + # Install debian packaging tools + - name: Install debian packaging dependencies + run: | + sudo apt-get update + sudo apt-get install -y build-essential autoconf gawk debhelper lintian + + # Setup wolfssl with required flags for wolfPKCS11 + - uses: actions/checkout@v4 + with: + repository: wolfssl/wolfssl + path: wolfssl + - name: wolfssl autogen + working-directory: ./wolfssl + run: ./autogen.sh + - name: wolfssl configure + working-directory: ./wolfssl + run: | + ./configure --enable-cryptocb --enable-aescfb --enable-aesctr --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt --enable-md5 --enable-cmac \ + C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB" + - name: wolfssl make and install + working-directory: ./wolfssl + run: | + make + sudo make deb + + - name: wolfssl install + working-directory: ./wolfssl + run: | + sudo dpkg -i libwolfssl_*.deb libwolfssl-dev_*.deb + + # Setup wolfPKCS11 + - name: wolfpkcs11 autogen + run: ./autogen.sh + - name: wolfpkcs11 configure + run: ./configure --enable-nss --enable-aesecb --enable-aesctr --enable-aesccm --enable-aescmac + + # Test local debian package build + - name: Test make deb + run: | + make deb + ls -la *.deb + + # Test debian package installation + - name: Test debian package installation + run: | + sudo dpkg -i libwolfpkcs11_*.deb libwolfpkcs11-dev_*.deb + + # Verify installation + - name: Verify package installation + run: | + dpkg -l | grep wolfpkcs11 + ls -la /usr/lib/libwolfpkcs11* + ls -la /usr/include/wolfpkcs11/ || echo "Headers not found in expected location" + pkg-config --exists wolfpkcs11 && echo "pkg-config found wolfpkcs11" || echo "pkg-config did not find wolfpkcs11" + + # Upload generated packages as artifacts + - name: Upload debian packages + uses: actions/upload-artifact@v4 + with: + name: wolfpkcs11-debian-packages + path: "*.deb" + retention-days: 5 + + # Capture logs on failure + - name: Upload failure logs + if: failure() || cancelled() + uses: actions/upload-artifact@v4 + with: + name: debian-package-test-logs + path: | + test-suite.log + debian/files + debian/*.log + retention-days: 5 diff --git a/Docker/include.am b/Docker/include.am new file mode 100644 index 00000000..e40d0a61 --- /dev/null +++ b/Docker/include.am @@ -0,0 +1 @@ +EXTRA_DIST+= Docker/packaging/debian/Dockerfile diff --git a/Docker/packaging/debian/Dockerfile b/Docker/packaging/debian/Dockerfile new file mode 100644 index 00000000..dc746204 --- /dev/null +++ b/Docker/packaging/debian/Dockerfile @@ -0,0 +1,5 @@ +FROM debian:latest + +RUN apt-get -y update +RUN apt-get -y upgrade +RUN apt-get install -y build-essential autoconf gawk debhelper lintian libwolfssl-dev diff --git a/Makefile.am b/Makefile.am index 4081dd92..d4ddd1d7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -36,6 +36,8 @@ include wolfpkcs11/include.am include examples/include.am include tests/include.am include IDE/include.am +include debian/include.am +include Docker/include.am EXTRA_DIST+= README.md EXTRA_DIST+= LICENSE diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..e69e79fb --- /dev/null +++ b/debian/changelog @@ -0,0 +1,6 @@ +wolfpkcs11 (1.3.0) stable; urgency=medium + + * For a full changelog see + https://github.com/wolfSSL/wolfPKCS11/blob/master/README.md + + -- wolfSSL Mon, 07 Jul 2025 10:30:00 +0000 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..e1c56304 --- /dev/null +++ b/debian/control @@ -0,0 +1,41 @@ +Source: wolfpkcs11 +Maintainer: wolfSSL +Section: libs +Priority: optional +Standards-Version: 4.6.2 +Build-Depends: debhelper-compat (= 13), libwolfssl-dev +Vcs-Git: https://github.com/wolfSSL/wolfPKCS11.git +Vcs-browser: https://github.com/wolfSSL/wolfPKCS11 +Homepage: https://www.wolfssl.com/ + +Package: libwolfpkcs11 +Architecture: any +Section: libs +Priority: optional +Pre-Depends: +Depends: + ${shlibs:Depends}, + ${misc:Depends}, + libwolfssl +Description: wolfPKCS11 cryptographic library + PKCS#11 library that implements cryptographic algorithms using wolfSSL. + This library provides a PKCS#11 interface for applications requiring + cryptographic operations through hardware security modules (HSMs), + Trusted Platform Modules (TPMs), or software-based tokens. + +Package: libwolfpkcs11-dev +Architecture: any +Section: libdevel +Priority: optional +Pre-Depends: +Depends: + libwolfpkcs11 (= ${binary:Version}), + libwolfssl-dev, + ${misc:Depends} +Description: wolfPKCS11 cryptographic library development files + PKCS#11 library that implements cryptographic algorithms using wolfSSL. + This library provides a PKCS#11 interface for applications requiring + cryptographic operations through hardware security modules (HSMs), + Trusted Platform Modules (TPMs), or software-based tokens. + . + This package contains the development files. diff --git a/debian/control.in b/debian/control.in new file mode 100644 index 00000000..e1c56304 --- /dev/null +++ b/debian/control.in @@ -0,0 +1,41 @@ +Source: wolfpkcs11 +Maintainer: wolfSSL +Section: libs +Priority: optional +Standards-Version: 4.6.2 +Build-Depends: debhelper-compat (= 13), libwolfssl-dev +Vcs-Git: https://github.com/wolfSSL/wolfPKCS11.git +Vcs-browser: https://github.com/wolfSSL/wolfPKCS11 +Homepage: https://www.wolfssl.com/ + +Package: libwolfpkcs11 +Architecture: any +Section: libs +Priority: optional +Pre-Depends: +Depends: + ${shlibs:Depends}, + ${misc:Depends}, + libwolfssl +Description: wolfPKCS11 cryptographic library + PKCS#11 library that implements cryptographic algorithms using wolfSSL. + This library provides a PKCS#11 interface for applications requiring + cryptographic operations through hardware security modules (HSMs), + Trusted Platform Modules (TPMs), or software-based tokens. + +Package: libwolfpkcs11-dev +Architecture: any +Section: libdevel +Priority: optional +Pre-Depends: +Depends: + libwolfpkcs11 (= ${binary:Version}), + libwolfssl-dev, + ${misc:Depends} +Description: wolfPKCS11 cryptographic library development files + PKCS#11 library that implements cryptographic algorithms using wolfSSL. + This library provides a PKCS#11 interface for applications requiring + cryptographic operations through hardware security modules (HSMs), + Trusted Platform Modules (TPMs), or software-based tokens. + . + This package contains the development files. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..c7b8f339 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,27 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: wolfpkcs11 +Upstream-Contact: wolfSSL +Source: https://github.com/wolfSSL/wolfPKCS11/releases + +Files: + * +Copyright: + 2014-2025 wolfSSL Inc. +License: GPL-3+ + +License: GPL-3+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". diff --git a/debian/include.am b/debian/include.am new file mode 100644 index 00000000..b7a8bd69 --- /dev/null +++ b/debian/include.am @@ -0,0 +1,83 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= debian/changelog +EXTRA_DIST+= debian/control +EXTRA_DIST+= debian/control.in +EXTRA_DIST+= debian/copyright +EXTRA_DIST+= debian/include.am + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +deb: +# Setup meta folders + mkdir -p debian/libwolfpkcs11/DEBIAN debian/libwolfpkcs11-dev/DEBIAN +# "Install" wolfPKCS11 + make install exec_prefix=$(CURDIR)/debian/libwolfpkcs11/usr \ + prefix=$(CURDIR)/debian/libwolfpkcs11-dev/usr +# deb shared lib stuff + fakeroot dh_makeshlibs + dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info + dh_installdeb +# Generate the lib and src descriptions + fakeroot dh_gencontrol +# Make adjustments to the package structure and to satisfy lintian checks +# Correct doc dir name + @rm -rf debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev + @if [ -d debian/libwolfpkcs11-dev/usr/share/doc/wolfpkcs11 ]; then \ + mv debian/libwolfpkcs11-dev/usr/share/doc/wolfpkcs11 \ + debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev; \ + else \ + mkdir -p debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev; \ + fi +# Clear lib folder + @rm -rf debian/libwolfpkcs11-dev/usr/lib + @mkdir -p debian/libwolfpkcs11-dev/usr/lib +# Move the top level .so into the dev pkg + @mv debian/libwolfpkcs11/usr/lib/libwolfpkcs11.so debian/libwolfpkcs11-dev/usr/lib +# Create correct pkg doc dir + @rm -rf debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11 + @mkdir -p debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11 +# Place changelog + @gzip -n -9 -c debian/changelog | \ + tee debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11/changelog.gz > \ + debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev/changelog.gz +# Place copyright + @cp debian/copyright debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11 + @cp debian/copyright debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev +# Remove .la file https://wiki.debian.org/ReleaseGoals/LAFileRemoval + @rm debian/libwolfpkcs11/usr/lib/libwolfpkcs11.la +# Strip unwanted symbols +# https://www.debian.org/doc/debian-policy/ch-files.html#binaries + @strip --strip-unneeded debian/libwolfpkcs11/usr/lib/libwolfpkcs11.so.*.*.* +# Place pkgconfig so that it is available for cross-compilation +# https://lintian.debian.org/tags/pkg-config-unavailable-for-cross-compilation + @rm -rf debian/libwolfpkcs11/usr/lib/$(DEB_HOST_MULTIARCH) + @mkdir -p debian/libwolfpkcs11/usr/lib/$(DEB_HOST_MULTIARCH) + @if [ -d debian/libwolfpkcs11/usr/lib/pkgconfig ]; then \ + mv debian/libwolfpkcs11/usr/lib/pkgconfig \ + debian/libwolfpkcs11/usr/lib/$(DEB_HOST_MULTIARCH); \ + fi +# Set the expected access rules + @chmod 644 debian/libwolfpkcs11/usr/lib/libwolfpkcs11.so.*.*.* + @chmod 644 debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11/changelog.gz \ + debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11/copyright \ + debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev/changelog.gz \ + debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev/copyright +# Do this as the last step to mark all directories with the correct access bits + @find debian/libwolfpkcs11*/usr -type d | xargs chmod 755 +# Generate debs + dpkg-deb --root-owner-group -b debian/libwolfpkcs11 . + dpkg-deb --root-owner-group -b debian/libwolfpkcs11-dev . +# Check that everything is correct with lintian +# - we don't provide a manual page for wolfpkcs11-config +# - we don't care about matching the soname for our debs + lintian *.deb --fail-on error,warning --tag-display-limit 0 \ + --suppress-tags no-manual-page,package-name-doesnt-match-sonames +# Clean up the working dirs + make deb-clean + +deb-clean: + rm -rf debian/libwolfpkcs11 debian/libwolfpkcs11-dev debian/files \ + debian/*.substvars debian/.debhelper