-
Notifications
You must be signed in to change notification settings - Fork 29
153 lines (132 loc) · 5.58 KB
/
debian-package.yml
File metadata and controls
153 lines (132 loc) · 5.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: Debian Package Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfprovider:
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
fips_ref: ${{ matrix.fips_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true, false ]
libwolfprov-replace-default:
name: libwolfprov ${{ matrix.replace_default && 'replace-default' || 'standalone' }} ${{ matrix.fips_ref }}
runs-on: ubuntu-22.04
needs: build_wolfprovider
# Run inside Debian Bookworm to match packaging environment
container:
image: debian:bookworm
env:
DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true, false ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
WOLFPROV_CONF_FILE: /etc/ssl/openssl.cnf.d/wolfprovider.conf
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Download packages from build job
uses: actions/download-artifact@v4
with:
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
path: /tmp
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh \
${{ matrix.replace_default && '--replace-default' || '' }} \
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
- name: Test OpenSSL provider functionality
run: |
WOLFPROV_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
# Temporarily move wolfprovider config so we can toggle between providers
echo "Temporarily disabling wolfprovider for default provider tests:"
mkdir -p /tmp/openssl-test
if [ -f $WOLFPROV_CONF_FILE ]; then
mv $WOLFPROV_CONF_FILE $WOLFPROV_CONF_BACKUP
echo " - Moved $WOLFPROV_CONF_FILE to $WOLFPROV_CONF_BACKUP"
else
echo "$WOLFPROV_CONF_FILE not found!"
exit 1
fi
# Run the do-cmd-test.sh script to execute interoperability tests
echo "Running OpenSSL provider interoperability tests..."
OPENSSL_BIN=$(eval which openssl) ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
# Restore wolfprovider configuration
echo "Restoring wolfprovider configuration:"
if [ -f $WOLFPROV_CONF_BACKUP ]; then
mv $WOLFPROV_CONF_BACKUP $WOLFPROV_CONF_FILE
echo " - Restored $WOLFPROV_CONF_FILE from $WOLFPROV_CONF_BACKUP"
fi
echo "PASS: All provider interoperability tests successful"
- name: Uninstall package and verify cleanup
run: |
# Uninstall the package
apt-get remove -y libwolfprov
if openssl list -providers | grep -q "wolfSSL Provider"; then
echo "wolfprovider is still listed as an OpenSSL provider"
exit 1
fi
# Purge the package to remove all files
apt-get remove --purge -y libwolfprov
# Verify the package is removed
if dpkg -l | grep -q libwolfprov; then
echo "Package still installed after removal"
dpkg -l | grep libwolfprov
exit 1
else
echo "Package successfully removed"
fi
# Check if the config file is removed
if [ -f $WOLFPROV_CONF_FILE ]; then
echo "wolfprovider.conf still exists after package removal"
ls -la $(dirname $WOLFPROV_CONF_FILE)
exit 1
else
echo "wolfprovider.conf successfully removed"
fi
# Check if the library files are removed
WOLFPROV_OBJS=$(find /usr/lib -name "libwolfprov.so*")
if [ -n "$WOLFPROV_OBJS" ]; then
echo "libwolfprov.so still exists after package removal"
echo "$WOLFPROV_OBJS"
exit 1
else
echo "libwolfprov.so successfully removed"
fi
echo "Package uninstallation and cleanup verification successful"