99 openssl_ref :
1010 required : true
1111 type : string
12+ fips_ref :
13+ required : false
14+ type : string
1215 replace_default :
1316 required : false
1417 type : boolean
@@ -20,40 +23,98 @@ jobs:
2023 runs-on : ubuntu-22.04
2124 # Run inside Debian Bookworm to match packaging environment
2225 container :
23- image : debian :bookworm
26+ image : ghcr.io/aidangarske/wolfprovider-build :bookworm
2427 env :
2528 DEBIAN_FRONTEND : noninteractive
29+ # Add network capabilities so ifconfig/RTNETLINK operations are permitted
30+ # These are passed to `docker run` as runtime options
31+ options : --cap-add=NET_ADMIN --cap-add=NET_RAW
2632 timeout-minutes : 20
2733 env :
2834 WOLFSSL_PACKAGES_PATH : /tmp/wolfssl-packages
2935 OPENSSL_PACKAGES_PATH : /tmp/openssl-packages
3036 WOLFPROV_PACKAGES_PATH : /tmp/wolfprov-packages
3137 steps :
32- # Install git prior to cloning to ensure we have the full repo
33- # TODO: create a docker with these pre-installed
34- - name : Install common dependencies
38+ # Download pre-built packages from debs branch
39+ - name : Checkout debs branch
40+ uses : actions/checkout@v4
41+ with :
42+ repository : wolfSSL/wolfProvider
43+ ref : debs
44+ sparse-checkout : |
45+ fips
46+ nonfips
47+ openssl
48+ sparse-checkout-cone-mode : false
49+ path : debs
50+
51+ - name : Setup packages from debs branch
3552 run : |
36- apt-get update && apt-get install -y --no-install-recommends \
37- build-essential \
38- devscripts \
39- debhelper \
40- dh-autoreconf \
41- libtool \
42- pkg-config \
43- git \
44- wget \
45- curl \
46- ca-certificates \
47- openssl \
48- dpkg-dev \
49- lintian \
50- fakeroot \
51- dh-exec \
52- equivs \
53- expect \
54- xxd \
55- bc \
56- libdistro-info-perl
53+ mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
54+ mkdir -p ${{ env.OPENSSL_PACKAGES_PATH }}
55+
56+ echo "Available packages in debs branch:"
57+ ls -la debs/
58+
59+ # Copy packages based on build type
60+ if [ "${{ inputs.fips_ref }}" = "FIPS" ]; then
61+ if [ -d "debs/fips" ] && [ "$(ls -A debs/fips/*.deb 2>/dev/null)" ]; then
62+ echo "Copying FIPS wolfSSL packages..."
63+ cp debs/fips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/
64+ else
65+ echo "ERROR: No FIPS packages found in debs branch"
66+ exit 1
67+ fi
68+ else
69+ if [ -d "debs/nonfips" ] && [ "$(ls -A debs/nonfips/*.deb 2>/dev/null)" ]; then
70+ echo "Copying non-FIPS wolfSSL packages..."
71+ cp debs/nonfips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/
72+ else
73+ echo "ERROR: No non-FIPS packages found in debs branch"
74+ exit 1
75+ fi
76+ fi
77+ # Copy OpenSSL packages
78+ if [ -d "debs/openssl" ] && [ "$(ls -A debs/openssl/*.deb 2>/dev/null)" ]; then
79+ echo "Copying OpenSSL packages..."
80+ cp debs/openssl/*.deb ${{ env.OPENSSL_PACKAGES_PATH }}/
81+ else
82+ echo "WARNING: No OpenSSL packages found in debs branch"
83+ fi
84+
85+ echo ""
86+ echo "Packages ready for installation:"
87+ echo "wolfSSL packages:"
88+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
89+ echo ""
90+ echo "OpenSSL packages:"
91+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
92+
93+ name : Install OpenSSL and wolfSSL packages
94+ run : |
95+ echo "Installing OpenSSL and wolfSSL packages (${{ inputs.fips_ref }})..."
96+
97+ # Install OpenSSL packages first
98+ if [ -n "$(ls -A ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then
99+ echo "Installing OpenSSL packages..."
100+ dpkg -i ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb || true
101+ fi
102+ # Install wolfSSL packages
103+ if [ -n "$(ls -A ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then
104+ echo "Installing wolfSSL packages..."
105+ dpkg -i ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb || true
106+ fi
107+
108+ # Fix any dependency issues
109+ apt-get install -f -y
110+
111+ echo ""
112+ echo "Packages installed successfully:"
113+ echo "OpenSSL:"
114+ dpkg -l | grep openssl || echo " No OpenSSL packages found"
115+ echo ""
116+ echo "wolfSSL:"
117+ dpkg -l | grep wolfssl || echo " No wolfSSL packages found"
57118
58119name : Checkout wolfProvider
59120 uses : actions/checkout@v4
@@ -72,49 +133,38 @@ jobs:
72133 git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true
73134 git fetch upstream --tags --no-recurse-submodules
74135
75- name : Install wolfSSL
76- run : |
77- $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
78-
79- name : Install OpenSSL
80- run : |
81- $GITHUB_WORKSPACE/debian/install-openssl.sh ${{ inputs.replace_default && '--replace-default' || '' }} ${{ env.OPENSSL_PACKAGES_PATH }}
82-
83136name : Install wolfProvider
84137 run : |
85- $GITHUB_WORKSPACE/debian/install-wolfprov.sh ${{ env.WOLFPROV_PACKAGES_PATH }}
138+ $GITHUB_WORKSPACE/debian/install-wolfprov.sh ${{ inputs.fips_ref == 'FIPS' && '--fips' || '' }} ${{ env.WOLFPROV_PACKAGES_PATH }}
86139
87- name : List packages directories
140+ name : Setup packages directory
88141 run : |
142+ mkdir -p ${{ env.WOLFPROV_PACKAGES_PATH }}
143+
144+ # Copy wolfProvider packages (built in previous step)
145+ cp $GITHUB_WORKSPACE/../libwolfprov*.deb ${{ env.WOLFPROV_PACKAGES_PATH }}
146+ cp $GITHUB_WORKSPACE/../libwolfprov*.dsc ${{ env.WOLFPROV_PACKAGES_PATH }}
147+ cp $GITHUB_WORKSPACE/../libwolfprov*.tar.gz ${{ env.WOLFPROV_PACKAGES_PATH }}
148+
149+ # Note: OpenSSL and wolfSSL packages already copied from debs branch earlier
150+
151+ printf "Listing packages directory:\n"
152+ echo "wolfProvider packages:"
89153 ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
154+ echo ""
155+ echo "wolfSSL packages:"
90156 ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
157+ echo ""
158+ echo "OpenSSL packages:"
91159 ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
92160
93- - name : Save all packages to cache for use by other workflows
94- uses : actions/cache/save@v4
95- continue-on-error : true
161+ # Save all packages as artifacts for consumers
162+ - name : Upload wolfProvider packages
163+ uses : actions/upload-artifact@v4
96164 with :
165+ name : debian-packages-${{ inputs.fips_ref }}${{ inputs.replace_default && '-replace-default' || '' }}-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}
97166 path : |
98167 ${{ env.WOLFSSL_PACKAGES_PATH }}
99168 ${{ env.OPENSSL_PACKAGES_PATH }}
100169 ${{ env.WOLFPROV_PACKAGES_PATH }}
101- key : openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }}
102-
103- # Save all packages in a single artifact for consumers
104- # TODO: support debug builds
105- - name : Upload wolfProvider artifacts
106- uses : actions/upload-artifact@v4
107- continue-on-error : true
108- with :
109- name : openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }}
110- path : |
111- ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
112- ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
113- ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
114- ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb
115- ${{ env.OPENSSL_PACKAGES_PATH }}/*.dsc
116- ${{ env.OPENSSL_PACKAGES_PATH }}/*.tar.gz
117- ${{ env.WOLFPROV_PACKAGES_PATH }}/*.deb
118- ${{ env.WOLFPROV_PACKAGES_PATH }}/*.dsc
119- ${{ env.WOLFPROV_PACKAGES_PATH }}/*.tar.gz
120170retention-days : 1
0 commit comments