Skip to content

Add Debian packaging support for wolfPKCS11 #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dgarske merged 6 commits into from
Jul 8, 2025
Merged

Add Debian packaging support for wolfPKCS11 #111

dgarske merged 6 commits into from
Jul 8, 2025

Conversation

@devin-ai-integration
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot commented Jul 7, 2025
edited by gasbytes
Loading

Add Debian packaging support for wolfPKCS11

Summary

This PR adds comprehensive Debian packaging support for wolfPKCS11, enabling the creation of .deb packages for easy installation and distribution. The implementation creates two packages (libwolfpkcs11 and libwolfpkcs11-dev).

Key additions:

  • Complete debian/ directory with control files, changelog, and copyright
  • Build targets make deb (local)
  • GitHub Action workflow for automated testing of debian package builds
  • Integration into the autotools build system with wolfSSL dependency handling

⚠️ Important dependency note: This implementation required rebuilding wolfSSL with specific flags (--enable-aescfb --enable-cryptocb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT") to resolve linking issues with single precision math functions.

Review & Testing Checklist for Human

  • Test package creation locally: Run make deb to verify .deb packages are created successfully
  • Test package installation: Install the generated .deb files on a clean Ubuntu system and verify functionality
  • Verify wolfSSL dependency handling: Test in environments where wolfSSL may not have the required build flags
  • Verify GitHub Action workflow: Check that the new debian-package-test.yml workflow runs successfully in CI
  • Test existing workflows: Ensure normal make, make check, and other existing build processes still work

Recommended Test Plan:

  1. Clone repository to fresh system
  2. Run make deb and verify two .deb packages are created
  3. Install packages with sudo dpkg -i *.deb and test functionality
  4. Verify GitHub Action runs without errors in CI

Diagram

%%{ init : { "theme" : "default" }}%%
graph TB
    subgraph "wolfPKCS11 Repository"
        MA["Makefile.am"]:::major-edit
        subgraph "debian/"
            DC["control.in"]:::major-edit
            DCO["control"]:::major-edit
            DI["include.am"]:::major-edit
            DCL["changelog"]:::major-edit
            DCR["copyright"]:::major-edit
        end
        subgraph "Docker/"
            DIN["include.am"]:::major-edit
            DF["packaging/debian/<br/>Dockerfile"]:::major-edit
        end
        subgraph ".github/workflows/"
            GHA["debian-package-test.yml"]:::major-edit
        end
    end
    
    subgraph "External Dependencies"
        WS["wolfSSL library<br/>(specific build flags required)"]:::context
    end
    
    subgraph "Build Targets"
        DB["make deb"]:::major-edit
        DDB["make deb-docker"]:::major-edit
    end
    
    MA --> DI
    MA --> DIN
    DI --> DB
    DI --> DDB
    DF --> DDB
    DC --> DB
    WS --> DB
    GHA --> DB
    GHA --> DDB
    
    subgraph Legend
        L1["Major Edit"]:::major-edit
        L2["Minor Edit"]:::minor-edit
        L3["Context/No Edit"]:::context
    end
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#87CEEB
    classDef context fill:#F5F5F5
Loading

Notes

  • The debian packaging structure is based on wolfSSL's existing implementation for consistency
  • Package metadata follows Debian policy standards with proper dependency declarations
  • The GitHub Action workflow tests both local and containerized builds plus installation verification
  • Critical: wolfSSL must be built with specific flags for wolfPKCS11 compatibility - this may require documentation updates

Link to Devin run: https://app.devin.ai/sessions/d206417ddb084b8b8270c94e0806c312
Requested by: [email protected]

@devin-ai-integration @LinuxJedi
Add Debian packaging support for wolfPKCS11
216cc1e 
- Created debian/ directory with control files for libwolfpkcs11 and libwolfpkcs11-dev packages
- Added wolfSSL as a build and runtime dependency as requested
- Implemented deb and deb-docker build targets based on wolfSSL packaging structure
- Added Docker configuration for containerized debian package building
- Integrated debian packaging into autotools build system

The packaging creates two packages:
- libwolfpkcs11: Runtime library package
- libwolfpkcs11-dev: Development headers and static library

Build with: make deb (local) or make deb-docker (containerized)

Co-Authored-By: [email protected] <[email protected]>
@devin-ai-integration
Copy link
Contributor Author

devin-ai-integration bot commented Jul 7, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@wolfSSL-Bot
Copy link

wolfSSL-Bot commented Jul 7, 2025

Can one of the admins verify this patch?

devin-ai-integration bot and others added 4 commits July 7, 2025 13:48
@devin-ai-integration @LinuxJedi
Add GitHub Action for testing Debian package build and installation
832605f 
- Created debian-package-test.yml workflow to test debian packaging functionality
- Tests both 'make deb' (local) and 'make deb-docker' (containerized) builds
- Verifies package installation and functionality after build
- Includes artifact upload of generated .deb packages for review
- Ensures normal build still works after debian packaging changes

Co-Authored-By: [email protected] <[email protected]>
@devin-ai-integration @LinuxJedi
Fix debian packaging issues
0100b45 
- Add --ignore-missing-info flag to dh_shlibdeps to handle manually installed wolfSSL
- Add conditional checks for missing documentation and pkgconfig directories
- Resolves CI failure in debian-package-test workflow

Co-Authored-By: [email protected] <[email protected]>
@devin-ai-integration @LinuxJedi
Fix changelog date format to resolve lintian warning
22351bd 
Co-Authored-By: [email protected] <[email protected]>
@devin-ai-integration @LinuxJedi
Fix debian package verification step by removing apt-get install -f
aaebd43 
Co-Authored-By: [email protected] <[email protected]>
@LinuxJedi LinuxJedi force-pushed the devin/1736248432-debian-packaging branch 3 times, most recently from 0bcc41d to 7987c6c Compare July 7, 2025 17:37
@LinuxJedi LinuxJedi force-pushed the devin/1736248432-debian-packaging branch from 7987c6c to 77a59e0 Compare July 7, 2025 17:46
@dgarske dgarske merged commit 7c09e2b into master Jul 8, 2025
47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@wolfSSL-Bot @dgarske @LinuxJedi