Updates after rebase

padelsbach · padelsbach · commit 014247555ecc · 2025-09-19T10:07:52.000-07:00
diff --git a/.github/packages/debian-wolfssl.tar.gz b/.github/packages/debian-wolfssl.tar.gz
diff --git a/.github/workflows/bind9.yml b/.github/workflows/bind9.yml
@@ -88,7 +88,7 @@ jobs:
             pkg-config make libidn2-dev libuv1-dev libnghttp2-dev libcap-dev \
             libjemalloc-dev zlib1g-dev libxml2-dev libjson-c-dev libcmocka-dev \
             python3-pytest python3-dnspython python3-hypothesis patch iproute2 \
-            net-tools
+            net-tools git
           PERL_MM_USE_DEFAULT=1 cpan -i Net::DNS
 
       - name: Checkout bind9
diff --git a/.github/workflows/build-wolfprovider.yml b/.github/workflows/build-wolfprovider.yml
@@ -98,61 +98,43 @@ jobs:
           git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true
           git fetch upstream --tags --no-recurse-submodules
 
-      # Cache wolfSSL to speed up builds:
-      # - Git repository cache: Avoids re-cloning wolfSSL repo
-      # - Complete build cache: Includes source, built packages, and artifacts
-      # Cache keys include script hash to invalidate when install script changes
-      - name: Cache wolfSSL git repository
-        uses: actions/cache@v4
-        with:
-          path: /tmp/wolfssl-pkg/wolfssl/.git
-          key: wolfssl-git-${{ env.wolfssl_ref }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-${{ github.sha }}
-          restore-keys: |
-            wolfssl-git-${{ env.wolfssl_ref }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-
-            wolfssl-git-${{ env.wolfssl_ref }}-
-
-      - name: Cache wolfSSL source and build
-        uses: actions/cache@v4
-        with:
-          path: |
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/wolfssl
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
-          key: wolfssl-complete-${{ env.wolfssl_ref }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-${{ github.sha }}
-          restore-keys: |
-            wolfssl-complete-${{ env.wolfssl_ref }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-
+      # - name: Restore wolfSSL packages
+      #   uses: actions/cache@v4
+      #   id: wolfssl_cache
+      #   with:
+      #     path: |
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
+      #     key: wolfssl-debian-packages-${{ inputs.wolfssl_ref }}
+
+      # - name: Install wolfSSL packages from cache
+      #   if: steps.wolfssl_cache.outputs.cache-hit == 'true'
+      #   run: |
+      #     printf "Installing wolfSSL packages from cache:\n"
+      #     ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb
+
+      # TODO: roll this step into utils-wolfssl.sh
+      # TODO: specify tag below
+      - name: Build wolfSSL packages and install
+        # if: steps.wolfssl_cache.outputs.cache-hit != 'true'
+        run: | 
+          # $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
+          $GITHUB_WORKSPACE/debian/install-wolfssl.sh ${{ env.WOLFSSL_PACKAGES_PATH }}
+
+      # # Unpack and install wolfSSL packages
+      # - name: Unpack and install wolfSSL packages
+      #   run: |
+      #     mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     tar -xzf .github/packages/debian-wolfssl.tar.gz -C ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     mv ${{ env.WOLFSSL_PACKAGES_PATH }}/debian-packages/* ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     apt install -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
 
-      - name: Install wolfssl debian package
-        run: |
-          mkdir -p "/tmp/wolfssl-pkg"
-          cd "/tmp/wolfssl-pkg"
-          
-          # Check if cached packages exist
-          if ls *.deb 1> /dev/null 2>&1; then
-            echo "Found cached wolfSSL packages, installing them..."
-            dpkg -i *.deb || apt-get install -f -y
-          else
-            echo "No cached packages found, building from source..."
-            # Install wolfssl packages with specified version
-            chmod +x $GITHUB_WORKSPACE/debian/install-wolfssl.sh
-            if [ "$wolfssl_ref" != "master" ]; then
-              $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag "$WOLFSSL_VERSION" "/tmp/wolfssl-pkg"
-            else
-              $GITHUB_WORKSPACE/debian/install-wolfssl.sh "/tmp/wolfssl-pkg"
-            fi
-          fi
-
-      - name: Install wolfSSL packages from cache
-        run: |
-          printf "Installing wolfSSL packages:\n"
-          ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
-          apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb
-  
       # Check for cached OpenSSL packages
       - name: Checking OpenSSL packages in cache
         uses: actions/cache@v4
-        id: openssl-cache
+        id: openssl_cache
         continue-on-error: true
         with:
           path: |
@@ -162,7 +144,7 @@ jobs:
 
       # Install OpenSSL packages from cache if available
       - name: Install OpenSSL packages from cache
-        if: steps.openssl-cache.outputs.cache-hit == 'true'
+        if: steps.openssl_cache.outputs.cache-hit == 'true'
         run: |
           printf "Installing OpenSSL packages from cache:\n"
           ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
diff --git a/.github/workflows/cjose.yml b/.github/workflows/cjose.yml
@@ -88,6 +88,13 @@ jobs:
           apt install --reinstall -y \
             ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
 
+
+
+      - name: Check wolfProvider is installed
+        run: |
+          openssl list -providers
+          openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
+
       - name: Download cjose
         uses: actions/checkout@v4
         with:
diff --git a/debian/control b/debian/control
@@ -9,8 +9,7 @@ Build-Depends:
  devscripts,
  dh-exec,
  git,
- pkgconf,
- libwolfssl-dev
+ pkgconf
 
 Package: libwolfprov
 Architecture: any
diff --git a/debian/install-wolfssl.sh b/debian/install-wolfssl.sh
@@ -130,14 +130,50 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
 
     # Configure with the specified options
     echo "Configuring wolfSSL with specified options..."
-    configure_opts="--enable-opensslcoexist --enable-cmac --with-eccminsz=192 --enable-ed25519 --enable-ed448 --enable-md5 --enable-curve25519 --enable-curve448 --enable-aesccm --enable-aesxts --enable-aescfb --enable-keygen --enable-shake128 --enable-shake256 --enable-wolfprovider --enable-rsapss --enable-scrypt"
+    configure_opts="--enable-opensslcoexist \
+        --enable-cmac \
+        --with-eccminsz=192 \
+        --enable-ed25519 \
+        --enable-ed448 \
+        --enable-md5 \
+        --enable-curve25519 \
+        --enable-curve448 \
+        --enable-aesccm \
+        --enable-aesxts \
+        --enable-aescfb \
+        --enable-keygen \
+        --enable-shake128 \
+        --enable-shake256 \
+        --enable-wolfprovider \
+        --enable-rsapss \
+        --enable-scrypt"
 
     if [ "$debug_mode" = "true" ]; then
         configure_opts="$configure_opts --enable-debug"
         echo "Debug mode enabled"
     fi
 
-    ./configure $configure_opts CFLAGS="-DWOLFSSL_OLD_OID_SUM -DWOLFSSL_PUBLIC_ASN -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DWOLFSSL_DH_EXTRA -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DWOLFSSL_PUBLIC_MP -DWOLFSSL_RSA_KEY_CHECK -DHAVE_FFDHE_Q -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_ECDSA_DETERMINISTIC_K -DWOLFSSL_VALIDATE_ECC_IMPORT -DRSA_MIN_SIZE=1024 -DHAVE_AES_ECB -DWC_RSA_DIRECT -DWC_RSA_NO_PADDING -DACVP_VECTOR_TESTING -DWOLFSSL_ECDSA_SET_K" LIBS="-lm"
+    ./configure $configure_opts \
+        CFLAGS="-DWOLFSSL_OLD_OID_SUM \
+            -DWOLFSSL_PUBLIC_ASN \
+            -DHAVE_FFDHE_3072 \
+            -DHAVE_FFDHE_4096 \
+            -DWOLFSSL_DH_EXTRA \
+            -DWOLFSSL_PSS_SALT_LEN_DISCOVER \
+            -DWOLFSSL_PUBLIC_MP \
+            -DWOLFSSL_RSA_KEY_CHECK \
+            -DHAVE_FFDHE_Q \
+            -DHAVE_FFDHE_6144 \
+            -DHAVE_FFDHE_8192 \
+            -DWOLFSSL_ECDSA_DETERMINISTIC_K \
+            -DWOLFSSL_VALIDATE_ECC_IMPORT \
+            -DRSA_MIN_SIZE=1024 \
+            -DHAVE_AES_ECB \
+            -DWC_RSA_DIRECT \
+            -DWC_RSA_NO_PADDING \
+            -DACVP_VECTOR_TESTING \
+            -DWOLFSSL_ECDSA_SET_K" \
+            LIBS="-lm"
 
     # Build Debian packages
     echo "Building Debian packages..."
