Merge pull request #278 from padelsbach/wp_debian_debug_mode

Cleanup Debian packaging flow

Author: aidangarske

.github/workflows/debian-package.yml

@@ -14,6 +14,9 @@ jobs:
       image: debian:bookworm   # or debian:bookworm-slim
       env:
         DEBIAN_FRONTEND: noninteractive
+    strategy:
+      matrix:
+        debug_flag: [ '', '--debug' ]
     steps:
     - name: Set up environment
       run: |
@@ -84,7 +87,7 @@ jobs:
     - name: Build Debian package
       run: |
         # Bypass the warning prompt with 'yes Y' 
-        yes Y | ./scripts/build-wolfprovider.sh --debian $FIPS_FLAG
+        yes Y | ./scripts/build-wolfprovider.sh --debian ${{ matrix.debug_flag }}
 
         # List generated packages
         echo "Generated Packages:"
@@ -202,12 +205,12 @@ jobs:
       if: always()
       uses: actions/upload-artifact@v4
       with:
-        name: wolfprovider-debian-packages
+        name: wolfprovider-debian-packages${{ matrix.debug_flag }}
         path: |
           /tmp/wolfprov-packages/*.deb
           /tmp/wolfprov-packages/*.dsc
           /tmp/wolfprov-packages/*.tar.gz
-        retention-days: 7
+        retention-days: 2
 
   libwolfprov-with-openssl:
     runs-on: ubuntu-22.04

.gitignore

@@ -112,20 +112,9 @@ debian/libwolfprov*
 debian/libssl-dev*
 debian/openssl*
 debian/libssl3*
-!debian/libwolfprov.install
-!debian/libwolfprov.postinst
-!debian/libwolfprov.postrm
-!debian/libwolfprov-dev.docs
-!debian/libwolfprov-dev.install
-!debian/openssl.cnf
-!debian/openssl.install
-!debian/openssl.postinst
-!debian/openssl.postrm
-!debian/libssl3.postinst
-!debian/libssl3.postrm
-!debian/libssl3.install
-!debian/libssl3.docs
-!debian/libssl3.install
-!debian/libssl3.postinst
-!debian/libssl3.postrm
+!debian/*.install
+!debian/*.postinst
+!debian/*.postrm
+!debian/*.docs
+!debian/*.links
 

debian/control

@@ -8,7 +8,6 @@ Build-Depends:
  debhelper-compat (= 13),
  devscripts,
  dh-exec,
- openssl,
  git,
  pkgconf,
  libwolfssl-dev

debian/libssl-dev.install

@@ -1,7 +1,5 @@
 #!/usr/bin/dh-exec
 usr/include/openssl/**
-usr/lib/${DEB_HOST_MULTIARCH}/libcrypto.so
-usr/lib/${DEB_HOST_MULTIARCH}/libssl.so
 usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/openssl.pc
 usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/libcrypto.pc
 usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/libssl.pc

debian/libssl-dev.links

@@ -0,0 +1,7 @@
+#!/usr/bin/dh-exec
+
+# Create symlinks for the shared libs rather than pulling in the full versioned files
+# This avoids issues with soname mismatches for applications linking against
+# libssl and libcrypto.
+usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so    usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so.3
+usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.3

debian/rules

@@ -21,7 +21,7 @@ ifeq ($(WOLFSSL_ISFIPS),1)
   VARIANT           := fips
   VARIANT_DESC      := FIPS build
   VARIANT_PROVIDES  := libwolfprov-fips
-  VERSION           := $(BASEVER)+fips
+  VERSION           := $(BASEVER)-fips
   FIPS_FLAG         := --enable-fips
   PROVIDER_CONF     := provider-fips.conf
 else
@@ -33,12 +33,21 @@ else
   FIPS_FLAG         :=
 endif
 
+# Debug build flag
+WOLFPROV_DEBUG?=0
+ifeq ($(WOLFPROV_DEBUG),1)
+  VARIANT           := $(VARIANT)-debug
+  VARIANT_DESC      := $(VARIANT_DESC) with debug logs
+  VERSION           := $(VERSION)-debug
+endif
+
 override_dh_auto_configure:
 	# None, handled below
 
 override_dh_auto_build:
-	# Always build OpenSSL with wolfProvider as the default provider
-	WOLFPROV_BUILD_DEBIAN=1 ./scripts/build-wolfprovider.sh --replace-default $(FIPS_FLAG)
+	# Always build OpenSSL with wolfProvider as the default provider even 
+	# if we choose not to use it.
+	WOLFPROV_BUILD_DEBIAN=1 WOLFPROV_DEBUG=$(WOLFPROV_DEBUG) ./scripts/build-wolfprovider.sh --replace-default $(FIPS_FLAG)
 
 override_dh_auto_install:
 	# Detect OpenSSL library directory (lib or lib64)
@@ -51,8 +60,8 @@ override_dh_auto_install:
 
 	# Install OpenSSL shared libraries for libssl3 package
 	install -d $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)
-	install -m755 ./openssl-install/$(OPENSSL_LIB_DIR)/libssl.so* \
-		./openssl-install/$(OPENSSL_LIB_DIR)/libcrypto.so* \
+	install -m755 ./openssl-install/$(OPENSSL_LIB_DIR)/libssl.so.3 \
+		./openssl-install/$(OPENSSL_LIB_DIR)/libcrypto.so.3 \
 		$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/
 
 	# Install OpenSSL headers and dev files for libssl-dev package

scripts/build-debian.sh

@@ -20,6 +20,9 @@ set -euo pipefail
 
 PKG_NAME="libwolfprov"
 
+WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
+WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}
+
 # Step 1: Determine the repo root
 REPO_ROOT=$(git rev-parse --show-toplevel)
 cd "$REPO_ROOT"
@@ -110,7 +113,7 @@ git archive --format=tar.gz --prefix="${TARBALL_PREFIX}/" \
 
 # Step 10: Build package
 echo "⚙️  Building package..."
-WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
-debuild -e WOLFSSL_ISFIPS -us -uc
+# Use nostrip to avoid building the -dbgsym package
+DEB_BUILD_OPTIONS="nostrip" debuild -e WOLFSSL_ISFIPS -e WOLFPROV_DEBUG -us -uc
 
 echo "✅ Build completed for version $VERSION"

scripts/build-wolfprovider.sh

@@ -144,7 +144,7 @@ fi
 
 if [ -n "$build_debian" ]; then
     echo "Building Debian package..."
-    WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0} ./scripts/build-debian.sh
+    WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0} WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0} ./scripts/build-debian.sh
     exit $?
 fi