Skip to content

Commit 3a64ad2

Browse files
author
Test User
committed
Add working CI FIPS replace default testing
1 parent 6c8f010 commit 3a64ad2

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+1088
-634
lines changed

.github/workflows/bind9.yml

Lines changed: 18 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -18,21 +18,22 @@ jobs:
1818
with:
1919
wolfssl_ref: ${{ matrix.wolfssl_ref }}
2020
openssl_ref: ${{ matrix.openssl_ref }}
21+
fips_ref: ${{ matrix.fips_ref }}
2122
replace_default: ${{ matrix.replace_default }}
2223
strategy:
2324
matrix:
2425
wolfssl_ref: [ 'v5.8.2-stable' ]
2526
openssl_ref: [ 'openssl-3.5.2' ]
27+
fips_ref: [ 'FIPS', 'non-FIPS' ]
2628
replace_default: [ true ]
27-
fips: [ false ]
2829

2930
test_bind:
3031
runs-on: ubuntu-22.04
32+
needs: build_wolfprovider
3133
container:
3234
image: debian:bookworm
3335
env:
3436
DEBIAN_FRONTEND: noninteractive
35-
needs: build_wolfprovider
3637
# This should be a safe limit for the tests to run.
3738
timeout-minutes: 20
3839
strategy:
@@ -41,9 +42,9 @@ jobs:
4142
bind_ref: [ 'v9.18.28' ]
4243
wolfssl_ref: [ 'v5.8.2-stable' ]
4344
openssl_ref: [ 'openssl-3.5.2' ]
45+
fips_ref: [ 'FIPS', 'non-FIPS' ]
4446
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
4547
replace_default: [ true ]
46-
fips: [ false ]
4748
env:
4849
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
4950
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -54,20 +55,21 @@ jobs:
5455
with:
5556
fetch-depth: 1
5657

57-
- name: Checking OpenSSL/wolfProvider packages in cache
58-
uses: actions/cache/restore@v4
59-
id: wolfprov-cache
58+
- name: Download packages from build job
59+
uses: actions/download-artifact@v4
6060
with:
61-
path: |
62-
${{ env.WOLFSSL_PACKAGES_PATH }}
63-
${{ env.OPENSSL_PACKAGES_PATH }}
64-
${{ env.WOLFPROV_PACKAGES_PATH }}
65-
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
66-
fail-on-cache-miss: true
61+
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
62+
path: /tmp/packages
63+
64+
- name: Setup package directories
65+
run: |
66+
mv /tmp/packages/wolfssl-packages ${{ env.WOLFSSL_PACKAGES_PATH }}
67+
mv /tmp/packages/openssl-packages ${{ env.OPENSSL_PACKAGES_PATH }}
68+
mv /tmp/packages/wolfprov-packages ${{ env.WOLFPROV_PACKAGES_PATH }}
6769
6870
- name: Install wolfSSL/OpenSSL/wolfprov packages
6971
run: |
70-
printf "Installing OpenSSL/wolfProvider packages:\n"
72+
printf "Installing OpenSSL/wolfProvider packages (${{ matrix.fips_ref }}):\n"
7173
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
7274
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
7375
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
@@ -85,7 +87,9 @@ jobs:
8587
8688
- name: Verify wolfProvider is properly installed
8789
run: |
88-
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
90+
$GITHUB_WORKSPACE/scripts/verify-install.sh \
91+
${{ matrix.replace_default && '--replace-default' || '' }} \
92+
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
8993
9094
- name: Install bind9 test dependencies
9195
run: |

.github/workflows/build-wolfprovider.yml

Lines changed: 115 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
openssl_ref:
1010
required: true
1111
type: string
12+
fips_ref:
13+
required: false
14+
type: string
1215
replace_default:
1316
required: false
1417
type: boolean
@@ -31,7 +34,7 @@ jobs:
3134
steps:
3235
# Install git prior to cloning to ensure we have the full repo
3336
# TODO: create a docker with these pre-installed
34-
- name: Install common dependencies
37+
- name: Install build dependencies
3538
run: |
3639
apt-get update && apt-get install -y --no-install-recommends \
3740
build-essential \
@@ -55,6 +58,87 @@ jobs:
5558
bc \
5659
libdistro-info-perl
5760
61+
# Download pre-built packages from debs branch
62+
- name: Checkout debs branch
63+
uses: actions/checkout@v4
64+
with:
65+
repository: wolfSSL/wolfProvider
66+
ref: debs
67+
sparse-checkout: |
68+
fips
69+
nonfips
70+
openssl
71+
sparse-checkout-cone-mode: false
72+
path: debs
73+
74+
- name: Setup packages from debs branch
75+
run: |
76+
mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
77+
mkdir -p ${{ env.OPENSSL_PACKAGES_PATH }}
78+
79+
echo "Available packages in debs branch:"
80+
ls -la debs/
81+
82+
# Copy packages based on build type
83+
if [ "${{ inputs.fips_ref }}" = "FIPS" ]; then
84+
if [ -d "debs/fips" ] && [ "$(ls -A debs/fips/*.deb 2>/dev/null)" ]; then
85+
echo "Copying FIPS wolfSSL packages..."
86+
cp debs/fips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/
87+
else
88+
echo "ERROR: No FIPS packages found in debs branch"
89+
exit 1
90+
fi
91+
else
92+
if [ -d "debs/nonfips" ] && [ "$(ls -A debs/nonfips/*.deb 2>/dev/null)" ]; then
93+
echo "Copying non-FIPS wolfSSL packages..."
94+
cp debs/nonfips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/
95+
else
96+
echo "ERROR: No non-FIPS packages found in debs branch"
97+
exit 1
98+
fi
99+
fi
100+
# Copy OpenSSL packages
101+
if [ -d "debs/openssl" ] && [ "$(ls -A debs/openssl/*.deb 2>/dev/null)" ]; then
102+
echo "Copying OpenSSL packages..."
103+
cp debs/openssl/*.deb ${{ env.OPENSSL_PACKAGES_PATH }}/
104+
else
105+
echo "WARNING: No OpenSSL packages found in debs branch"
106+
fi
107+
108+
echo ""
109+
echo "Packages ready for installation:"
110+
echo "wolfSSL packages:"
111+
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
112+
echo ""
113+
echo "OpenSSL packages:"
114+
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
115+
116+
- name: Install OpenSSL and wolfSSL packages
117+
run: |
118+
echo "Installing OpenSSL and wolfSSL packages (${{ inputs.fips_ref }})..."
119+
120+
# Install OpenSSL packages first
121+
if [ -n "$(ls -A ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then
122+
echo "Installing OpenSSL packages..."
123+
dpkg -i ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb || true
124+
fi
125+
# Install wolfSSL packages
126+
if [ -n "$(ls -A ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then
127+
echo "Installing wolfSSL packages..."
128+
dpkg -i ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb || true
129+
fi
130+
131+
# Fix any dependency issues
132+
apt-get install -f -y
133+
134+
echo ""
135+
echo "Packages installed successfully:"
136+
echo "OpenSSL:"
137+
dpkg -l | grep openssl || echo " No OpenSSL packages found"
138+
echo ""
139+
echo "wolfSSL:"
140+
dpkg -l | grep wolfssl || echo " No wolfSSL packages found"
141+
58142
- name: Checkout wolfProvider
59143
uses: actions/checkout@v4
60144
with:
@@ -72,49 +156,47 @@ jobs:
72156
git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true
73157
git fetch upstream --tags --no-recurse-submodules
74158
75-
- name: Install wolfSSL
76-
run: |
77-
$GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
78-
79-
- name: Install OpenSSL
80-
run: |
81-
$GITHUB_WORKSPACE/debian/install-openssl.sh ${{ inputs.replace_default && '--replace-default' || '' }} ${{ env.OPENSSL_PACKAGES_PATH }}
82-
83159
- name: Install wolfProvider
84160
run: |
85-
$GITHUB_WORKSPACE/debian/install-wolfprov.sh ${{ env.WOLFPROV_PACKAGES_PATH }}
161+
if [ "${{ inputs.fips_ref }}" = "FIPS" ]; then
162+
FIPS_FLAG="--fips"
163+
else
164+
FIPS_FLAG=""
165+
fi
166+
$GITHUB_WORKSPACE/debian/install-wolfprov.sh $FIPS_FLAG ${{ env.WOLFPROV_PACKAGES_PATH }} || {
167+
echo "Build failed. Showing test-suite.log if available:"
168+
find . -name "test-suite.log" -exec cat {} \;
169+
exit 1
170+
}
86171
87-
- name: List packages directories
172+
- name: Setup packages directory
88173
run: |
174+
mkdir -p ${{ env.WOLFPROV_PACKAGES_PATH }}
175+
176+
# Copy wolfProvider packages (built in previous step)
177+
cp $GITHUB_WORKSPACE/../libwolfprov*.deb ${{ env.WOLFPROV_PACKAGES_PATH }}
178+
cp $GITHUB_WORKSPACE/../libwolfprov*.dsc ${{ env.WOLFPROV_PACKAGES_PATH }}
179+
cp $GITHUB_WORKSPACE/../libwolfprov*.tar.gz ${{ env.WOLFPROV_PACKAGES_PATH }}
180+
181+
# Note: OpenSSL and wolfSSL packages already copied from debs branch earlier
182+
183+
printf "Listing packages directory:\n"
184+
echo "wolfProvider packages:"
89185
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
186+
echo ""
187+
echo "wolfSSL packages:"
90188
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
189+
echo ""
190+
echo "OpenSSL packages:"
91191
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
92192
93-
- name: Save all packages to cache for use by other workflows
94-
uses: actions/cache/save@v4
95-
continue-on-error: true
193+
# Save all packages as artifacts for consumers
194+
- name: Upload wolfProvider packages
195+
uses: actions/upload-artifact@v4
96196
with:
197+
name: debian-packages-${{ inputs.fips_ref }}${{ inputs.replace_default && '-replace-default' || '' }}-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}
97198
path: |
98199
${{ env.WOLFSSL_PACKAGES_PATH }}
99200
${{ env.OPENSSL_PACKAGES_PATH }}
100201
${{ env.WOLFPROV_PACKAGES_PATH }}
101-
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }}
102-
103-
# Save all packages in a single artifact for consumers
104-
# TODO: support debug builds
105-
- name: Upload wolfProvider artifacts
106-
uses: actions/upload-artifact@v4
107-
continue-on-error: true
108-
with:
109-
name: openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }}
110-
path: |
111-
${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
112-
${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
113-
${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
114-
${{ env.OPENSSL_PACKAGES_PATH }}/*.deb
115-
${{ env.OPENSSL_PACKAGES_PATH }}/*.dsc
116-
${{ env.OPENSSL_PACKAGES_PATH }}/*.tar.gz
117-
${{ env.WOLFPROV_PACKAGES_PATH }}/*.deb
118-
${{ env.WOLFPROV_PACKAGES_PATH }}/*.dsc
119-
${{ env.WOLFPROV_PACKAGES_PATH }}/*.tar.gz
120202
retention-days: 1

.github/workflows/cjose.yml

Lines changed: 20 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: cjose Tests
33
# START OF COMMON SECTION
44
on:
55
push:
6-
branches: ['*'] #[ 'master', 'main', 'release/**' ]
6+
branches: [ 'master', 'main', 'release/**' ]
77
pull_request:
88
branches: [ '*' ]
99

@@ -18,13 +18,14 @@ jobs:
1818
with:
1919
wolfssl_ref: ${{ matrix.wolfssl_ref }}
2020
openssl_ref: ${{ matrix.openssl_ref }}
21+
fips_ref: ${{ matrix.fips_ref }}
2122
replace_default: ${{ matrix.replace_default }}
2223
strategy:
2324
matrix:
2425
wolfssl_ref: [ 'v5.8.2-stable' ]
2526
openssl_ref: [ 'openssl-3.5.2' ]
27+
fips_ref: [ 'FIPS', 'non-FIPS' ]
2628
replace_default: [ true ]
27-
fips: [ false ]
2829

2930
test_cjose:
3031
runs-on: ubuntu-22.04
@@ -42,9 +43,9 @@ jobs:
4243
cjose_ref: [ 'v0.6.2.1' ]
4344
wolfssl_ref: [ 'v5.8.2-stable' ]
4445
openssl_ref: [ 'openssl-3.5.2' ]
46+
fips_ref: [ 'FIPS', 'non-FIPS' ]
4547
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
4648
replace_default: [ true ]
47-
fips: [ false ]
4849
env:
4950
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
5051
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -61,38 +62,41 @@ jobs:
6162
with:
6263
fetch-depth: 1
6364

64-
- name: Checking OpenSSL/wolfProvider packages in cache
65-
uses: actions/cache/restore@v4
66-
id: wolfprov-cache
65+
- name: Download packages from build job
66+
uses: actions/download-artifact@v4
6767
with:
68-
path: |
69-
${{ env.WOLFSSL_PACKAGES_PATH }}
70-
${{ env.OPENSSL_PACKAGES_PATH }}
71-
${{ env.WOLFPROV_PACKAGES_PATH }}
72-
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
73-
fail-on-cache-miss: true
68+
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
69+
path: /tmp/packages
70+
71+
- name: Setup package directories
72+
run: |
73+
mv /tmp/packages/wolfssl-packages ${{ env.WOLFSSL_PACKAGES_PATH }}
74+
mv /tmp/packages/openssl-packages ${{ env.OPENSSL_PACKAGES_PATH }}
75+
mv /tmp/packages/wolfprov-packages ${{ env.WOLFPROV_PACKAGES_PATH }}
7476
7577
- name: Install wolfSSL/OpenSSL/wolfprov packages
7678
run: |
77-
printf "Installing OpenSSL/wolfProvider packages:\n"
79+
printf "Installing OpenSSL/wolfProvider packages (${{ matrix.fips_ref }}):\n"
7880
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
7981
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
8082
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
8183
82-
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
84+
apt install --reinstall -y \
8385
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
8486
8587
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
8688
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
8789
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
8890
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
8991
90-
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
92+
apt install --reinstall -y \
9193
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
9294
9395
- name: Verify wolfProvider is properly installed
9496
run: |
95-
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
97+
$GITHUB_WORKSPACE/scripts/verify-install.sh \
98+
${{ matrix.replace_default && '--replace-default' || '' }} \
99+
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
96100
97101
- name: Download cjose
98102
uses: actions/checkout@v4

0 commit comments

Comments
 (0)