Add packaging for custom openssl

Author: padelsbach

.github/workflows/debian-package.yml

@@ -109,8 +109,23 @@ debian/*.deb
 debian/*.buildinfo
 debian/files
 debian/libwolfprov*
+debian/libssl-dev*
+debian/openssl*
+debian/libssl3*
 !debian/libwolfprov.install
 !debian/libwolfprov.postinst
 !debian/libwolfprov.postrm
 !debian/libwolfprov-dev.docs
 !debian/libwolfprov-dev.install
+!debian/openssl.cnf
+!debian/openssl.install
+!debian/openssl.postinst
+!debian/openssl.postrm
+!debian/libssl3.postinst
+!debian/libssl3.postrm
+!debian/libssl3.install
+!debian/libssl3.docs
+!debian/libssl3.install
+!debian/libssl3.postinst
+!debian/libssl3.postrm
+

.github/workflows/replace-default.yml

@@ -14,14 +14,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/include
 
 lib_LTLIBRARIES = libwolfprov.la
 
-# Conditionally build libdefault.so when --replace-default is enabled
-if BUILD_REPLACE_DEFAULT
-# Install libdefault.la directly to OpenSSL lib directory
-openssldir = $(OPENSSL_LIB_DIR)
-openssl_LTLIBRARIES = libdefault.la
-libdefault_la_SOURCES = src/wp_default_replace.c
-libdefault_la_LIBADD = libwolfprov.la
-endif
+# Create only libwolfprov.so, and not .so.X.Y.Z
+libwolfprov_la_LDFLAGS = -avoid-version
 
 EXTRA_DIST+=ChangeLog.md
 EXTRA_DIST+=README.md

.gitignore

@@ -0,0 +1,88 @@
+# WolfProvider Debian Packaging
+This is the flow for building and installing 
+
+## Local build
+
+From the repo root, run the following command:
+```
+./scripts/build-wolfprovider.sh --debian
+```
+
+For a FIPS build, run the following:
+```
+./scripts/build-wolfprovider.sh --debian --enable-fips
+```
+
+The Debian packages are placed in the parent directory, which should be one level above the repo root.
+
+## CI build
+Instead of doing a local build as outlined above, we can alternatively use packages generated from CI.
+
+To use a build from CI for local install, download the artifacts from the Debian CI job. Then install the .deb's from the zip file with `apt` as shown below rather than from the build.
+
+## Install
+
+If not already done, install the WolfSSL Debian package. The non-FIPS version is available in this repo and is installed by the script below. This step is only needed once, and can be done prior to the `build-wolfprovider.sh` step above.
+```
+./debian/install-wolfssl.sh ./.github/packages/debian-wolfssl.tar.gz
+```
+
+For the script above, some systems may require additional packages:
+```
+apt install build-essential devscripts dh-exec
+```
+
+### Optionally install custom OpenSSL
+
+**Important**: before proceeding with the wolfProvider install, make sure packages are not present:
+```
+apt purge -y libwolfprov ; apt purge -y openssl-config ; apt purge -y openssl ; apt purge -y libssl3
+```
+
+Get the system architecture which determines the library paths for the following steps:
+```
+export CURRENT_ARCH=$(dpkg --print-architecture)
+```
+
+Then install the wolfProvider-specific OpenSSL. From the repo root:
+```
+apt install ../openssl*${CURRENT_ARCH}*.deb ../libssl3*${CURRENT_ARCH}*.deb
+```
+
+Check that the provider API is disabled since wolfProvider is not installed:
+```
+$ openssl list -providers
+Could not load libwolfprov.so. Is the libwolfprov package installed?
+  libwolfprov.so: cannot open shared object file: No such file or directory
+```
+
+### Install wolfProvider
+
+Then install wolfProvider:
+```
+apt install ../libwolfprov*${CURRENT_ARCH}*.deb
+```
+
+Confirm that wolfProvider is installed:
+```
+$ openssl list -providers
+```
+
+Output should look like this:
+```
+Providers:
+  default
+    name: wolfSSL Provider
+    version: 1.0.2
+    status: active
+```
+
+## Release process
+Always use CI to perform the release build to avoid potential errors from building locally.
+
+* Tag the wolfProvider repo in the format `vX.Y.Z`
+  * The changelog is generated by the Debian scripts
+* Run the Debian job in CI
+* Download the artifacts zip file which contains the .deb's
+* Generate release archives as needed
+

Makefile.am

@@ -78,12 +78,6 @@ To remove all source directories, use the following:
 ./scripts/build-wolfprovider.sh --distclean
 ```
 
-To build a Debian package file, use the following command. 
-Note this will remove all ignored files in the repo, and there must be no staged changes.
-```
-./scripts/build-wolfprovider.sh --debian
-```
-
 Alternatively, you can manually compile each component using the following guide.
 
 ### OpenSSL

README-packaging.md

@@ -0,0 +1 @@
+wolfProvider/scripts/build-release.log

README.md

@@ -3,23 +3,25 @@ Section: libs
 Priority: optional
 Maintainer: WolfSSL <[email protected]>
 Standards-Version: 4.6.2
-Build-Depends: debhelper (>= 12),
-               devscripts,
-               pkgconf,
-               openssl,
-               libwolfssl,
-               libwolfssl-dev
-
+Rules-Requires-Root: no
+Build-Depends:
+ debhelper-compat (= 13),
+ devscripts,
+ dh-exec,
+ openssl,
+ git,
+ pkgconf,
+ libwolfssl-dev
 
 Package: libwolfprov
 Architecture: any
+Multi-Arch: same
 Depends: ${shlibs:Depends}, ${misc:Depends}, libssl3 (>= 3.0.3), libwolfssl (>= 5.8.2), openssl
 Provides: ${variant:provides}
 XB-Variant: ${variant}
 Description: wolfProvider library for OpenSSL — ${variant:desc}
  wolfProvider is a library that can be used as a Provider in OpenSSL.
  It provides cryptographic functionality through wolfSSL including:
- .
   * Hash functions (MD5, SHA-1, SHA-2, SHA-3)
   * Symmetric encryption (AES, DES)
   * Asymmetric cryptography (RSA, ECC, DH)
@@ -31,7 +33,40 @@ Description: wolfProvider library for OpenSSL — ${variant:desc}
 Package: libwolfprov-dev
 Architecture: any
 Section: libdevel
+Multi-Arch: same
 Depends: libwolfprov (= ${binary:Version}), ${misc:Depends}
-Description: Development files for wolfProvider
- This package contains the header files and development libraries
- needed to build applications using wolfProvider.
+XB-Variant: ${variant}
+Description: Development files for wolfProvider — ${variant:desc}
+ This package contains the headers and development files
+ for applications using wolfProvider.
+
+Package: openssl
+Architecture: any
+Section: utils
+Multi-Arch: foreign
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Secure Sockets Layer toolkit - command line interface
+ This package contains the OpenSSL command line utility.
+ Built for use with wolfProvider.
+
+Package: libssl3
+Architecture: any
+Multi-Arch: same
+Depends: libssl3 (= ${binary:Version}), ${misc:Depends}
+Breaks: libssl3 (<< 3.0.0)
+Replaces: libssl3
+Recommends: openssl
+Description: OpenSSL shared libraries (wolfProvider build)
+ This package contains the OpenSSL shared libraries built
+ for use with wolfProvider.
+
+Package: libssl-dev
+Architecture: any
+Section: libdevel
+Multi-Arch: same
+Depends: libssl3 (= ${binary:Version}), ${misc:Depends}
+Breaks: libssl-dev (<< 3.0.0)
+Replaces: libssl-dev
+Description: OpenSSL development files (wolfProvider build)
+ This package contains headers, pkg-config files and linker symlinks
+ for the OpenSSL version built for wolfProvider.