Updates after rebase

Author: padelsbach

.github/packages/debian-wolfssl.tar.gz

@@ -88,7 +88,7 @@ jobs:
             pkg-config make libidn2-dev libuv1-dev libnghttp2-dev libcap-dev \
             libjemalloc-dev zlib1g-dev libxml2-dev libjson-c-dev libcmocka-dev \
             python3-pytest python3-dnspython python3-hypothesis patch iproute2 \
-            net-tools
+            net-tools git
           PERL_MM_USE_DEFAULT=1 cpan -i Net::DNS
 
       - name: Checkout bind9

.github/workflows/bind9.yml

@@ -98,61 +98,43 @@ jobs:
           git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true
           git fetch upstream --tags --no-recurse-submodules
 
-      # Cache wolfSSL to speed up builds:
-      # - Git repository cache: Avoids re-cloning wolfSSL repo
-      # - Complete build cache: Includes source, built packages, and artifacts
-      # Cache keys include script hash to invalidate when install script changes
-      - name: Cache wolfSSL git repository
-        uses: actions/cache@v4
-        with:
-          path: /tmp/wolfssl-pkg/wolfssl/.git
-          key: wolfssl-git-${{ env.wolfssl_ref }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-${{ github.sha }}
-          restore-keys: |
-            wolfssl-git-${{ env.wolfssl_ref }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-
-            wolfssl-git-${{ env.wolfssl_ref }}-
-
-      - name: Cache wolfSSL source and build
-        uses: actions/cache@v4
-        with:
-          path: |
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/wolfssl
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
-          key: wolfssl-complete-${{ env.wolfssl_ref }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-${{ github.sha }}
-          restore-keys: |
-            wolfssl-complete-${{ env.wolfssl_ref }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-
-
-      - name: Install wolfssl debian package
-        run: |
-          mkdir -p "/tmp/wolfssl-pkg"
-          cd "/tmp/wolfssl-pkg"
-          
-          # Check if cached packages exist
-          if ls *.deb 1> /dev/null 2>&1; then
-            echo "Found cached wolfSSL packages, installing them..."
-            dpkg -i *.deb || apt-get install -f -y
-          else
-            echo "No cached packages found, building from source..."
-            # Install wolfssl packages with specified version
-            chmod +x $GITHUB_WORKSPACE/debian/install-wolfssl.sh
-            if [ "$wolfssl_ref" != "master" ]; then
-              $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag "$WOLFSSL_VERSION" "/tmp/wolfssl-pkg"
-            else
-              $GITHUB_WORKSPACE/debian/install-wolfssl.sh "/tmp/wolfssl-pkg"
-            fi
-          fi
-
-      - name: Install wolfSSL packages from cache
+      # - name: Restore wolfSSL packages
+      #   uses: actions/cache@v4
+      #   id: wolfssl_cache
+      #   with:
+      #     path: |
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
+      #     key: wolfssl-debian-packages-${{ inputs.wolfssl_ref }}
+
+      # - name: Install wolfSSL packages from cache
+      #   if: steps.wolfssl_cache.outputs.cache-hit == 'true'
+      #   run: |
+      #     printf "Installing wolfSSL packages from cache:\n"
+      #     ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb
+
+      # # TODO: roll this step into utils-wolfssl.sh
+      # # TODO: specify tag below
+      # - name: Build wolfSSL packages and install
+      #   # if: steps.wolfssl_cache.outputs.cache-hit != 'true'
+      #   run: | 
+      #     # $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     $GITHUB_WORKSPACE/debian/install-wolfssl.sh ${{ env.WOLFSSL_PACKAGES_PATH }}
+
+      # Unpack and install wolfSSL packages
+      - name: Unpack and install wolfSSL packages
         run: |
-          printf "Installing wolfSSL packages:\n"
-          ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
-          apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb
-  
+          mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
+          tar -xzf .github/packages/debian-wolfssl.tar.gz -C ${{ env.WOLFSSL_PACKAGES_PATH }}
+          mv ${{ env.WOLFSSL_PACKAGES_PATH }}/debian-packages/* ${{ env.WOLFSSL_PACKAGES_PATH }}
+          apt install -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+
       # Check for cached OpenSSL packages
       - name: Checking OpenSSL packages in cache
         uses: actions/cache@v4
-        id: openssl-cache
+        id: openssl_cache
         continue-on-error: true
         with:
           path: |
@@ -162,7 +144,7 @@ jobs:
 
       # Install OpenSSL packages from cache if available
       - name: Install OpenSSL packages from cache
-        if: steps.openssl-cache.outputs.cache-hit == 'true'
+        if: steps.openssl_cache.outputs.cache-hit == 'true'
         run: |
           printf "Installing OpenSSL packages from cache:\n"
           ls -la ${{ env.OPENSSL_PACKAGES_PATH }}

.github/workflows/build-wolfprovider.yml

@@ -88,6 +88,13 @@ jobs:
           apt install --reinstall -y \
             ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
 
+
+
+      - name: Check wolfProvider is installed
+        run: |
+          openssl list -providers
+          openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
+
       - name: Download cjose
         uses: actions/checkout@v4
         with:

.github/workflows/cjose.yml

@@ -125,7 +125,6 @@ jobs:
         run: |
           python3 -m venv myenv
           source myenv/bin/activate
-          pip install cryptography  # will use your OpenSSL if built from source
 
       - name: Apply patch to disable pkcs12 test
         if : ${{ matrix.stunnel_ref == 'master' }}

.github/workflows/stunnel.yml

@@ -91,7 +91,7 @@ jobs:
             pkgconf zlib1g-dev libgcrypt20-dev libgpg-error-dev libgnutls28-dev \
             libp11-kit-dev libfido2-dev libtss2-dev libdw-dev libbz2-dev \
             liblzma-dev liblz4-dev libzstd-dev libxkbcommon-dev libglib2.0-dev \
-            libdbus-1-dev python3-setuptools python3-wheel
+            libdbus-1-dev python3-setuptools python3-wheel git
 
       - name: Checkout systemd
         uses: actions/checkout@v4
@@ -125,4 +125,8 @@ jobs:
           export ${{ matrix.force_fail }}
           meson test -C build $TEST_CASES
           TEST_RESULT=$?
+          if [ $TEST_RESULT -ne 0 ]; then
+            cat build/meson-logs/testlog.txt
+          fi
+
           $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} systemd

.github/workflows/systemd.yml

@@ -9,8 +9,7 @@ Build-Depends:
  devscripts,
  dh-exec,
  git,
- pkgconf,
- libwolfssl-dev
+ pkgconf
 
 Package: libwolfprov
 Architecture: any

debian/control

@@ -21,6 +21,7 @@ install_wolfssl_from_git() {
     local work_dir="$1"
     local git_tag="$2"
     local debug_mode="$3"
+    local reinstall_mode="$4"
 
     # If no working directory specified, create one using mktemp
     if [ -z "$work_dir" ]; then
@@ -114,6 +115,12 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
         else
             echo "configure.ac already contains required patches"
         fi
+
+        # Patch debian/rules.in to disable dh_strip
+        echo "Patching debian/rules.in to disable dh_strip..."
+        sed -i 's/^[[:space:]]*dh_strip.*/:/' debian/rules.in
+        echo "debian/rules.in patched successfully"
+        
     else
         echo "debian/rules.in found, using existing debian packaging"
     fi
@@ -130,22 +137,63 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
 
     # Configure with the specified options
     echo "Configuring wolfSSL with specified options..."
-    configure_opts="--enable-opensslcoexist --enable-cmac --with-eccminsz=192 --enable-ed25519 --enable-ed448 --enable-md5 --enable-curve25519 --enable-curve448 --enable-aesccm --enable-aesxts --enable-aescfb --enable-keygen --enable-shake128 --enable-shake256 --enable-wolfprovider --enable-rsapss --enable-scrypt"
+    configure_opts="--enable-opensslcoexist \
+        --enable-cmac \
+        --with-eccminsz=192 \
+        --enable-ed25519 \
+        --enable-ed448 \
+        --enable-md5 \
+        --enable-curve25519 \
+        --enable-curve448 \
+        --enable-aesccm \
+        --enable-aesxts \
+        --enable-aescfb \
+        --enable-keygen \
+        --enable-shake128 \
+        --enable-shake256 \
+        --enable-wolfprovider \
+        --enable-rsapss \
+        --enable-scrypt"
 
     if [ "$debug_mode" = "true" ]; then
         configure_opts="$configure_opts --enable-debug"
         echo "Debug mode enabled"
     fi
 
-    ./configure $configure_opts CFLAGS="-DWOLFSSL_OLD_OID_SUM -DWOLFSSL_PUBLIC_ASN -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DWOLFSSL_DH_EXTRA -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DWOLFSSL_PUBLIC_MP -DWOLFSSL_RSA_KEY_CHECK -DHAVE_FFDHE_Q -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_ECDSA_DETERMINISTIC_K -DWOLFSSL_VALIDATE_ECC_IMPORT -DRSA_MIN_SIZE=1024 -DHAVE_AES_ECB -DWC_RSA_DIRECT -DWC_RSA_NO_PADDING -DACVP_VECTOR_TESTING -DWOLFSSL_ECDSA_SET_K" LIBS="-lm"
+    ./configure $configure_opts \
+        CFLAGS="-DWOLFSSL_OLD_OID_SUM \
+            -DWOLFSSL_PUBLIC_ASN \
+            -DHAVE_FFDHE_3072 \
+            -DHAVE_FFDHE_4096 \
+            -DWOLFSSL_DH_EXTRA \
+            -DWOLFSSL_PSS_SALT_LEN_DISCOVER \
+            -DWOLFSSL_PUBLIC_MP \
+            -DWOLFSSL_RSA_KEY_CHECK \
+            -DHAVE_FFDHE_Q \
+            -DHAVE_FFDHE_6144 \
+            -DHAVE_FFDHE_8192 \
+            -DWOLFSSL_ECDSA_DETERMINISTIC_K \
+            -DWOLFSSL_VALIDATE_ECC_IMPORT \
+            -DRSA_MIN_SIZE=1024 \
+            -DHAVE_AES_ECB \
+            -DWC_RSA_DIRECT \
+            -DWC_RSA_NO_PADDING \
+            -DACVP_VECTOR_TESTING \
+            -DWOLFSSL_ECDSA_SET_K" \
+            LIBS="-lm"
 
     # Build Debian packages
     echo "Building Debian packages..."
     make deb
 
     # Install the generated packages
     echo "Installing generated .deb packages..."
-    dpkg -i ../*.deb
+    if [ "$reinstall_mode" = "true" ]; then
+        echo "Reinstall mode: forcing package reinstallation..."
+        dpkg -i --force-overwrite --force-confnew ../*.deb
+    else
+        dpkg -i ../*.deb
+    fi
 
     echo "WolfSSL installation from git completed successfully"
 }
@@ -155,6 +203,7 @@ main() {
     local work_dir=""
     local git_tag=""
     local debug_mode="false"
+    local reinstall_mode="false"
 
     # Parse command line arguments
     while [[ $# -gt 0 ]]; do
@@ -166,6 +215,7 @@ main() {
                 echo "Options:"
                 echo "  -t, --tag TAG        Clone and build specific tag or branch (default: master)"
                 echo "  -d, --debug          Enable debug build mode (adds --enable-debug)"
+                echo "  -r, --reinstall      Force reinstall even if packages are already installed"
                 echo "  -h, --help          Show this help message"
                 echo ""
                 echo "Arguments:"
@@ -178,6 +228,7 @@ main() {
                 echo "  $0 --tag v5.6.4 /tmp/build # Build tag v5.6.4 in /tmp/build"
                 echo "  $0 --debug                 # Build master with debug enabled"
                 echo "  $0 --debug --tag v5.6.4    # Build tag v5.6.4 with debug enabled"
+                echo "  $0 --reinstall             # Force reinstall even if packages exist"
                 exit 0
                 ;;
             -t|--tag)
@@ -188,6 +239,10 @@ main() {
                 debug_mode="true"
                 shift
                 ;;
+            -r|--reinstall)
+                reinstall_mode="true"
+                shift
+                ;;
             -*)
                 echo "Unknown option: $1" >&2
                 echo "Use --help for usage information" >&2
@@ -206,10 +261,15 @@ main() {
         esac
     done
 
-    echo "Checking if wolfSSL packages are already installed..."
-    if check_packages_installed; then
-        echo "Packages already installed, exiting successfully"
-        exit 0
+    # Only check if packages are installed if not in reinstall mode
+    if [ "$reinstall_mode" = "false" ]; then
+        echo "Checking if wolfSSL packages are already installed..."
+        if check_packages_installed; then
+            echo "Packages already installed, exiting successfully"
+            exit 0
+        fi
+    else
+        echo "Reinstall mode enabled, bypassing package check..."
     fi
 
     echo "Installing wolfSSL packages from git repository..."
@@ -219,7 +279,7 @@ main() {
         echo "Building wolfSSL master branch"
     fi
 
-    install_wolfssl_from_git "$work_dir" "$git_tag" "$debug_mode"
+    install_wolfssl_from_git "$work_dir" "$git_tag" "$debug_mode" "$reinstall_mode"
 
     echo "WolfSSL installation completed successfully"
 }