Skip to content

Commit 00fabf9

Browse files
JeremiahM37JeremiahM37
committed
hostap workflow
1 parent 2a9d13d commit 00fabf9

File tree

1 file changed

+264
-0
lines changed

1 file changed

+264
-0
lines changed

.github/workflows/hostap.yml

Lines changed: 264 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,264 @@
1+
name: hostap and wpa supplicant Tests
2+
3+
# START OF COMMON SECTION
4+
on:
5+
push:
6+
branches: [ 'master', 'main', 'release/**']
7+
pull_request:
8+
branches: [ '*' ]
9+
10+
concurrency:
11+
group: ${{ github.workflow }}-${{ github.ref }}
12+
cancel-in-progress: true
13+
# END OF COMMON SECTION
14+
15+
jobs:
16+
build_wolfprovider:
17+
uses: ./.github/workflows/build-wolfprovider.yml
18+
with:
19+
wolfssl_ref: ${{ matrix.wolfssl_ref }}
20+
openssl_ref: ${{ matrix.openssl_ref }}
21+
replace_default: ${{ matrix.replace_default }}
22+
strategy:
23+
matrix:
24+
wolfssl_ref: [ 'v5.8.2-stable' ]
25+
openssl_ref: [ 'openssl-3.5.2' ]
26+
replace_default: [ true ]
27+
28+
test_hostap:
29+
runs-on: ubuntu-22.04
30+
needs: build_wolfprovider
31+
# Run inside Debian Bookworm with privileged access for UML
32+
container:
33+
image: debian:bookworm
34+
options: --privileged --cap-add=ALL -v /dev:/dev
35+
env:
36+
DEBIAN_FRONTEND: noninteractive
37+
# This should be a safe limit for the tests to run.
38+
timeout-minutes: 90
39+
strategy:
40+
matrix:
41+
hostap_ref: [ 'main' ]
42+
wolfssl_ref: [ 'v5.8.2-stable' ]
43+
openssl_ref: [ 'openssl-3.5.2' ]
44+
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
45+
replace_default: [ true ]
46+
env:
47+
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
48+
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
49+
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
50+
51+
steps:
52+
# Checkout the source so we can run the check-workflow-result script.
53+
- name: Checkout wolfProvider
54+
uses: actions/checkout@v4
55+
with:
56+
fetch-depth: 1
57+
58+
- name: Checking OpenSSL/wolfProvider packages in cache
59+
uses: actions/cache/restore@v4
60+
id: wolfprov-cache
61+
with:
62+
path: |
63+
${{ env.WOLFSSL_PACKAGES_PATH }}
64+
${{ env.OPENSSL_PACKAGES_PATH }}
65+
${{ env.WOLFPROV_PACKAGES_PATH }}
66+
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
67+
fail-on-cache-miss: true
68+
69+
- name: Install wolfSSL/OpenSSL/wolfprov packages
70+
run: |
71+
printf "Installing OpenSSL/wolfProvider packages:\n"
72+
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
73+
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
74+
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
75+
76+
apt install --reinstall -y \
77+
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
78+
79+
apt install --reinstall -y \
80+
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
81+
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
82+
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
83+
84+
apt install --reinstall -y \
85+
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
86+
87+
- name: Show OpenSSL version
88+
run: |
89+
echo "OpenSSL version:"
90+
openssl version -a || true
91+
92+
- name: Test OpenSSL providers before hostap installation
93+
run: |
94+
echo "Testing OpenSSL providers before hostap installation..."
95+
openssl list -providers
96+
97+
- name: Verify wolfProvider is properly installed
98+
run: |
99+
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
100+
101+
- name: Install hostap dependencies
102+
run: |
103+
apt-get update
104+
apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
105+
libnl-3-dev binutils-dev libiberty-dev libnl-genl-3-dev libnl-route-3-dev \
106+
libdbus-1-dev bridge-utils tshark python3-pycryptodome libsqlite3-dev \
107+
libzstd1 wireless-tools iw build-essential autoconf automake libtool \
108+
pkg-config git wget ca-certificates flex bison bc libxml2-dev zlib1g-dev \
109+
python3-pip psmisc iproute2 procps net-tools systemd kmod wireless-regdb
110+
apt-get remove -y python3-cryptography 2>/dev/null || true
111+
pip install --no-cache-dir --force-reinstall --break-system-packages cryptography
112+
113+
- name: Checkout hostap
114+
run: |
115+
test -d hostap || git clone https://w1.fi/hostap.git
116+
cd hostap/tests/hwsim/vm && git checkout inside.sh 2>/dev/null || true
117+
118+
- name: Checkout OSP
119+
uses: actions/checkout@v4
120+
with:
121+
repository: wolfssl/osp
122+
path: osp
123+
fetch-depth: 1
124+
125+
- name: Apply hostap patches for wolfProvider
126+
run: |
127+
cd hostap
128+
if [ -f "$GITHUB_WORKSPACE/osp/wolfProvider/hostap/hostap-${{ matrix.hostap_ref }}-wolfprov.patch" ]; then
129+
echo "Applying OSP hostap patch..."
130+
patch -p1 < "$GITHUB_WORKSPACE/osp/wolfProvider/hostap/hostap-${{ matrix.hostap_ref }}-wolfprov.patch"
131+
else
132+
echo "No OSP patch found for hostap-${{ matrix.hostap_ref }}"
133+
fi
134+
135+
- name: Checkout linux
136+
uses: actions/checkout@v4
137+
with:
138+
repository: torvalds/linux
139+
path: linux
140+
ref: master
141+
142+
- name: Compile linux
143+
run: |
144+
cp $GITHUB_WORKSPACE/hostap/tests/hwsim/vm/kernel-config.uml linux/.config
145+
cd linux
146+
yes "" | ARCH=um make -j $(nproc)
147+
148+
- name: Update config
149+
working-directory: hostap/tests/hwsim
150+
run: |
151+
cat << EOF >> example-hostapd.config
152+
CFLAGS += -I/usr/include/openssl
153+
LDFLAGS += -L/usr/lib/x86_64-linux-gnu
154+
LIBS += -lssl -lcrypto
155+
EOF
156+
cat << EOF >> example-wpa_supplicant.config
157+
CFLAGS += -I/usr/include/openssl
158+
LDFLAGS += -L/usr/lib/x86_64-linux-gnu
159+
LIBS += -lssl -lcrypto
160+
EOF
161+
162+
- name: Setup non-WPFF environment
163+
working-directory: hostap/tests/hwsim
164+
if: matrix.force_fail == ''
165+
run: |
166+
cd vm && git checkout inside.sh 2>/dev/null || true && cd ..
167+
sed -i '115 r /dev/stdin' vm/inside.sh <<'ENVEOF'
168+
cat > /tmp/bin/halt << 'HALTEOF'
169+
#!/bin/sh
170+
sync
171+
exit 0
172+
HALTEOF
173+
chmod +x /tmp/bin/halt
174+
OPENSSL_MODULES_PATH=$(find /usr -name "libwolfprov.so" -exec dirname {} \; 2>/dev/null | head -1)
175+
[ -n "$OPENSSL_MODULES_PATH" ] && export OPENSSL_MODULES="$OPENSSL_MODULES_PATH"
176+
export OPENSSL_CONF="/etc/ssl/openssl.cnf"
177+
export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
178+
ENVEOF
179+
180+
- name: Setup WPFF environment
181+
working-directory: hostap/tests/hwsim
182+
if: matrix.force_fail == 'WOLFPROV_FORCE_FAIL=1'
183+
run: |
184+
cd vm && git checkout inside.sh 2>/dev/null || true && cd ..
185+
sed -i '115 r /dev/stdin' vm/inside.sh <<'ENVEOF'
186+
cat > /tmp/bin/halt << 'HALTEOF'
187+
#!/bin/sh
188+
sync
189+
exit 0
190+
HALTEOF
191+
chmod +x /tmp/bin/halt
192+
OPENSSL_MODULES_PATH=$(find /usr -name "libwolfprov.so" -exec dirname {} \; 2>/dev/null | head -1)
193+
[ -n "$OPENSSL_MODULES_PATH" ] && export OPENSSL_MODULES="$OPENSSL_MODULES_PATH"
194+
export OPENSSL_CONF="/etc/ssl/openssl.cnf"
195+
export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
196+
export WOLFPROV_FORCE_FAIL=1
197+
ENVEOF
198+
199+
- name: Update certs
200+
working-directory: hostap/tests/hwsim/auth_serv
201+
run: ./update.sh
202+
203+
- name: Build hostap and wpa_supplicant
204+
working-directory: hostap/tests/hwsim/
205+
run: ./build.sh
206+
207+
- name: Verify openssl binaries linked
208+
working-directory: hostap
209+
run: |
210+
ldd hostapd/hostapd | grep ssl
211+
ldd wpa_supplicant/wpa_supplicant | grep ssl
212+
213+
- name: Run focused tests
214+
id: testing
215+
working-directory: hostap/tests/hwsim/
216+
continue-on-error: true
217+
run: |
218+
set +e
219+
220+
echo "KERNELDIR=$GITHUB_WORKSPACE/linux" >> vm/vm-config
221+
222+
# Run smoke tests
223+
SMOKE_TESTS="ap_open ap_wpa2_psk discovery"
224+
timeout 3m ./vm/parallel-vm.py --nocurses $(nproc) $SMOKE_TESTS || SMOKE_RES=$?
225+
226+
# Run EAP tests (excluding MSCHAPv2 - requires MD4/DES not in wolfSSL)
227+
TLS_EAP_TESTS="ap_wpa2_eap_tls ap_wpa2_eap_ttls_eap_gtc ap_wpa2_eap_peap_eap_tls"
228+
timeout 5m ./vm/parallel-vm.py --nocurses $(nproc) $TLS_EAP_TESTS || TLS_RES=$?
229+
230+
# Evaluate results
231+
FINAL_RES=0
232+
if [ "${SMOKE_RES:-0}" -ne "0" ] || [ "${TLS_RES:-0}" -ne "0" ]; then
233+
FINAL_RES=1
234+
fi
235+
236+
# Check for connection failures (common with WOLFPROV_FORCE_FAIL)
237+
WPA_CONNECT_FAILS=$(grep -h "Could not connect to /tmp/wpas" /tmp/hwsim-test-logs/*-parallel.log 2>/dev/null | wc -l || echo "0")
238+
239+
# Ignore NOT-FOUND errors (test files missing/require special params)
240+
NOT_FOUND=$(grep -h "NOT-FOUND" /tmp/hwsim-test-logs/*-parallel.log 2>/dev/null | wc -l || echo "0")
241+
REAL_FAILS=$(grep -h "Failed:" /tmp/hwsim-test-logs/*-parallel.log 2>/dev/null | grep -v "NOT-FOUND" | wc -l || echo "0")
242+
if [ "$FINAL_RES" -ne "0" ] && [ "$REAL_FAILS" -eq "0" ] && [ "$NOT_FOUND" -gt "0" ]; then
243+
FINAL_RES=0
244+
fi
245+
246+
# Check results based on test mode
247+
if [ "${{ matrix.force_fail }}" = "WOLFPROV_FORCE_FAIL=1" ]; then
248+
# With force fail, we expect failures or connection issues
249+
if [ $FINAL_RES -ne 0 ] || [ "$WPA_CONNECT_FAILS" -gt "0" ]; then
250+
echo "✓ EXPECTED: Tests failed/crashed with WOLFPROV_FORCE_FAIL=1"
251+
exit 0
252+
else
253+
echo "✗ UNEXPECTED: Tests passed with WOLFPROV_FORCE_FAIL=1"
254+
exit 1
255+
fi
256+
else
257+
if [ $FINAL_RES -eq 0 ]; then
258+
echo "✓ SUCCESS: wolfProvider tests passed"
259+
exit 0
260+
else
261+
echo "✗ FAILURE: wolfProvider tests failed"
262+
exit 1
263+
fi
264+
fi

0 commit comments

Comments
 (0)