Squashed commit of the following:

commit 3b97af0
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Thu Sep 11 11:09:23 2025 -0700

    Add better failure detection

commit d6cfd4c
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Thu Sep 11 10:17:24 2025 -0700

    Add DRY install and fix bug

commit 82a6c82
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Thu Sep 11 09:43:02 2025 -0700

    Add correct exit handling

commit ab74618
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 18:12:06 2025 -0700

    Update debug to work correctly

commit a3c82ea
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 18:04:00 2025 -0700

    Add debug to figure out ret

commit 741ba83
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 17:35:59 2025 -0700

    Dont do the source env

commit 162ecbc
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 17:24:33 2025 -0700

    Install in correct order

commit 13d014e
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 17:16:24 2025 -0700

    Add _dev as well for ossl

commit c130172
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 17:00:16 2025 -0700

    Add debug and dont specify the ossl install

commit 4354399
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 16:35:53 2025 -0700

    Add only the main wp package

commit bc64e27
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 16:09:07 2025 -0700

    Add correct syntax to find package

commit f3fdc43
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 15:46:44 2025 -0700

    Add distinct commit hash

commit 808c4f8
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 13:19:25 2025 -0700

    Only test 5.8.2

commit 08ac4d7
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 12:42:48 2025 -0700

    Add comment out

commit 9e26b93
Author: Aidan Garske <aidan@wolfssl.com>
Date:   Wed Sep 10 12:31:41 2025 -0700

    Add .deb support for Github Workflows

Author: padelsbach

.github/scripts/install-packages.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+# install-packages.sh
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfProvider.
+#
+# wolfProvider is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# wolfProvider is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+echo "WolfSSL artifacts:"
+ls -la /tmp/wolfssl-artifacts || true
+echo "OpenSSL/wolfProvider artifacts:"
+ls -la /tmp/openssl-wolfprov-artifacts || true
+
+# Install wolfSSL first
+wolfssl_debs=$(ls -1 /tmp/wolfssl-artifacts/*.deb 2>/dev/null || true)
+if [ -n "$wolfssl_debs" ]; then
+  echo "Installing wolfSSL packages: $wolfssl_debs"
+  apt install -y $wolfssl_debs
+fi
+
+# Install OpenSSL packages (runtime + development headers)
+openssl_debs=$(ls -1 /tmp/openssl-wolfprov-artifacts/openssl_[0-9]*.deb 2>/dev/null || true)
+libssl3_debs=$(ls -1 /tmp/openssl-wolfprov-artifacts/libssl3_[0-9]*.deb 2>/dev/null || true)
+libssl_dev_debs=$(ls -1 /tmp/openssl-wolfprov-artifacts/libssl-dev_[0-9]*.deb 2>/dev/null || true)
+
+# Install in dependency order: libssl3 first, then openssl, then dev headers
+if [ -n "$libssl3_debs" ]; then
+  echo "Installing libssl3: $libssl3_debs"
+  apt install -y $libssl3_debs
+fi
+if [ -n "$openssl_debs" ]; then
+  echo "Installing openssl: $openssl_debs"
+  apt install -y $openssl_debs
+fi
+if [ -n "$libssl_dev_debs" ]; then
+  echo "Installing libssl-dev: $libssl_dev_debs"
+  apt install -y $libssl_dev_debs
+fi
+
+# Install wolfProvider main package only (no dev/debug needed for testing)
+wolfprov_main=$(ls -1 /tmp/openssl-wolfprov-artifacts/libwolfprov_[0-9]*.deb 2>/dev/null | head -n1 || true)
+
+if [ -z "$wolfprov_main" ]; then
+  echo "ERROR: libwolfprov main package not found in artifacts"
+  ls -la /tmp/openssl-wolfprov-artifacts
+  exit 1
+fi
+
+echo "Installing wolfProvider main package: $wolfprov_main"
+apt install -y "$wolfprov_main"

.github/workflows/asan.yml

@@ -4,8 +4,8 @@ name: Asan Test
 on:
   push:
     branches: [ "*" ]
-  pull_request:
-    branches: [ "*" ]
+  #pull_request:
+    #branches: [ "*" ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/bind9.yml

@@ -4,8 +4,8 @@ name: Bind9 Tests
 on:
   push:
     branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
+  #pull_request:
+    #branches: [ '*' ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/build-wolfprovider.yml

@@ -18,87 +18,103 @@ jobs:
   build_wolfprovider_common:
     name: Build wolfProvider
     runs-on: ubuntu-22.04
+    # Run inside Debian Bookworm to match packaging environment
+    container:
+      image: debian:bookworm
+      env:
+        DEBIAN_FRONTEND: noninteractive
     timeout-minutes: 20
     outputs:
       cache_key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }}
     steps:
+      - name: Set up environment
+        run: |
+          apt-get update
+          apt-get install -y \
+            build-essential \
+            devscripts \
+            debhelper \
+            dh-autoreconf \
+            libtool \
+            pkg-config \
+            git \
+            wget \
+            curl \
+            ca-certificates \
+            openssl \
+            dpkg-dev \
+            lintian \
+            fakeroot \
+            dh-exec \
+            equivs \
+            expect \
+            xxd
+
+      - name: Ensure the working directory safe
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
       - name: Checkout wolfProvider
         uses: actions/checkout@v4
         with:
           fetch-depth: 1
 
-      - name: Get OpenSSL commit hash
-        id: openssl-ref
+      - name: Fetch tags (for Debian versioning)
         run: |
-          sha=$(./scripts/resolve-ref.sh "${{ inputs.openssl_ref }}" "openssl/openssl")
-          echo "ref=$sha" >> "$GITHUB_OUTPUT"
-        env:
-          # Used token to bypass rate limits
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          git fetch --tags --force --prune
 
-      - name: Get WolfSSL commit hash
-        id: wolfssl-ref
+      - name: Install wolfSSL Debian packages from repo tarball
         run: |
-          sha=$(./scripts/resolve-ref.sh "${{ inputs.wolfssl_ref }}" "wolfssl/wolfssl")
-          echo "ref=$sha" >> "$GITHUB_OUTPUT"
-        env:
-          # Used token to bypass rate limits
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          mkdir -p "/tmp/wolfssl-pkg"
+          chmod +x $GITHUB_WORKSPACE/debian/install-wolfssl.sh
+          $GITHUB_WORKSPACE/debian/install-wolfssl.sh \
+            $GITHUB_WORKSPACE/.github/packages/debian-wolfssl.tar.gz \
+            "/tmp/wolfssl-pkg"
 
-      # Look for a cached version of OpenSSL
-      - name: Checking OpenSSL in cache
-        uses: actions/cache/restore@v4
-        id: openssl-cache
-        with:
-          path: |
-            openssl-install
-          key: ossl-depends-${{ steps.openssl-ref.outputs.ref }}
-          lookup-only: false
+          # Stage wolfSSL debs into artifacts directory
+          mkdir -p "/tmp/wolfprov-packages"
+          echo "Moving wolfssl files to artifacts directory..."
 
-      # Look for a cached version of WolfSSL
-      - name: Checking WolfSSL in cache
-        uses: actions/cache/restore@v4
-        id: wolfssl-cache
-        with:
-          path: |
-            wolfssl-install
-          key: wolfssl-depends-${{ steps.wolfssl-ref.outputs.ref }}
-          lookup-only: false
+          find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.deb" -exec cp {} /tmp/wolfprov-packages/ \;
+          find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.dsc" -exec cp {} /tmp/wolfprov-packages/ \;
+          find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.tar.gz" -exec cp {} /tmp/wolfprov-packages/ \;
+          find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.orig.tar.gz" -exec cp {} /tmp/wolfprov-packages/ \;
 
-      - name: Build wolfProvider
+      - name: Build Debian packages (wolfProvider + OpenSSL)
         run: |
-          OPENSSL_TAG=${{ inputs.openssl_ref }} WOLFSSL_TAG=${{ inputs.wolfssl_ref }} ./scripts/build-wolfprovider.sh
+          yes Y | ./scripts/build-wolfprovider.sh --debian
 
-      # Save the wolfProvider outputs for use by the parent jobs.
-      # Note that we don't try to restore since it will likely always 
-      # be a cache miss.
-      - name: Save wolfProvider into cache
-        uses: actions/cache/save@v4
-        with: 
-          path: |
-            wolfssl-install
-            wolfprov-install
-            openssl-install/lib64
-            openssl-install/include
-            openssl-install/bin
-          key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }}
+          echo "Generated packages in parent dir:"
+          ls -la ../ || true
+          ls -la ../*.deb ../*.dsc ../*.tar.gz 2>/dev/null || true
+
+      - name: Collect package artifacts
+        run: |
+          mkdir -p "/tmp/wolfprov-packages"
+          mv ../*.deb /tmp/wolfprov-packages/ 2>/dev/null || true
+          mv ../*.dsc /tmp/wolfprov-packages/ 2>/dev/null || true
+          mv ../*.tar.gz /tmp/wolfprov-packages/ 2>/dev/null || true
+          echo "Artifacts to upload:"
+          ls -la /tmp/wolfprov-packages || true
 
-      # If openssl cache miss, save it to the cache
-      - name: Save OpenSSL into cache
-        if: steps.openssl-cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
-        with: 
+      - name: Upload wolfSSL packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolfssl-debian-packages-${{ github.sha }}
           path: |
-            openssl-install
-          key: ossl-depends-${{ steps.openssl-ref.outputs.ref }}
+            /tmp/wolfprov-packages/*wolfssl*.deb
+          retention-days: 7
 
-      - name: Save WolfSSL into cache
-        if: steps.wolfssl-cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
-        with: 
+      - name: Upload OpenSSL/wolfProvider packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: openssl-wolfprov-debian-packages-${{ github.sha }}
           path: |
-            wolfssl-install
-          key: wolfssl-depends-${{ steps.wolfssl-ref.outputs.ref }}
+            /tmp/wolfprov-packages/*openssl*.deb
+            /tmp/wolfprov-packages/*libssl3*.deb
+            /tmp/wolfprov-packages/*libssl-dev*.deb
+            /tmp/wolfprov-packages/*libwolfprov*.deb
+          retention-days: 7
 
       - name: Print errors
         if: ${{ failure() }}

.github/workflows/cjose.yml

@@ -19,44 +19,54 @@ jobs:
       wolfssl_ref: ${{ matrix.wolfssl_ref }}
       openssl_ref: ${{ matrix.openssl_ref }}
     strategy:
-      matrix:
-        wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
+      matrix: 
+        # Test 5.8.2 since our .deb is based on that version
+        wolfssl_ref: [ 'v5.8.2-stable' ]
         openssl_ref: [ 'openssl-3.5.0' ]
 
   test_cjose:
     runs-on: ubuntu-22.04
     needs: build_wolfprovider
     # This should be a safe limit for the tests to run.
     timeout-minutes: 20
+    container:
+      image: debian:bookworm
+      env:
+        DEBIAN_FRONTEND: noninteractive
     strategy:
       matrix:
-        cjose_ref: [ 'master', 'v0.6.2.1' ]
-        wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
+        # Dont test osp master since it might be unstable
+        cjose_ref: [ 'v0.6.2.1' ]
+        wolfssl_ref: [ 'v5.8.2-stable' ]
         openssl_ref: [ 'openssl-3.5.0' ]
         force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
     steps:
+      - name: Set up environment
+        run: |
+          apt-get update
+          apt-get install -y git sudo build-essential autoconf automake \
+            libtool pkg-config libjansson-dev check ca-certificates dpkg-dev
+
       - name: Checkout wolfProvider
         uses: actions/checkout@v4
         with:
           fetch-depth: 1
 
-      - name: Retrieving wolfProvider from cache
-        uses: actions/cache/restore@v4
-        id: wolfprov-cache-restore
+      - name: Download wolfSSL packages
+        uses: actions/download-artifact@v4
         with:
-          path: |
-            wolfssl-install
-            wolfprov-install
-            openssl-install/lib64
-            openssl-install/include
-            openssl-install/bin
+          name: wolfssl-debian-packages-${{ github.sha }}
+          path: /tmp/wolfssl-artifacts
 
-          key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
-          fail-on-cache-miss: true
+      - name: Download OpenSSL/wolfProvider packages
+        uses: actions/download-artifact@v4
+        with:
+          name: openssl-wolfprov-debian-packages-${{ github.sha }}
+          path: /tmp/openssl-wolfprov-artifacts
 
-      - name: Install cjose dependencies
+      - name: Install wolfSSL/OpenSSL/wolfprov packages
         run: |
-          sudo apt-get install -y libjansson-dev check
+          $GITHUB_WORKSPACE/.github/scripts/install-packages.sh
 
       - name: Download cjose
         uses: actions/checkout@v4
@@ -69,22 +79,21 @@ jobs:
       - name: Build cjose
         working-directory: cjose
         run: |
-          # Configure with OpenSSL
-          ./configure CFLAGS="-Wno-error=deprecated-declarations" --with-openssl=$GITHUB_WORKSPACE/openssl-install
+          ./configure CFLAGS="-Wno-error=deprecated-declarations"
 
           # Build cjose
           make
 
       - name: Run cjose tests
         working-directory: cjose
         run: |
-          # Set up the environment for wolfProvider
-          source $GITHUB_WORKSPACE/scripts/env-setup
+          # wolfProvider is already loaded as the default provider
+          echo "Current OpenSSL providers:"
+          openssl list -providers
+          openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
           export ${{ matrix.force_fail }}
 
-          # Run tests
-          make test || true
-
-          # Capture result
-          TEST_RESULT=$(tail -1 ./test/check_cjose.log | grep PASS; echo $?)
+          make test 2>&1 | tee cjose-test.log
+          TEST_RESULT=$(grep -q "FAIL: check_cjose" cjose-test.log && echo "1" || echo "0")
+          echo "TEST_RESULT = $TEST_RESULT"
           $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} cjose

.github/workflows/cmdline.yml

@@ -4,8 +4,8 @@ name: Command Line Tests
 on:
   push:
     branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
+  #pull_request:
+    #branches: [ '*' ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/codespell.yml

@@ -4,8 +4,8 @@ name: Codespell test
 on:
   push:
     branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
+  #pull_request:
+    #branches: [ '*' ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/curl.yml

@@ -4,8 +4,8 @@ name: Curl Tests
 on:
   push:
     branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
+  #pull_request:
+    #branches: [ '*' ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}