Skip to content

Commit e8325ee

Browse files
author
Test User
committed
Rebase changes for FIPS replace default in wolfprov
1 parent 129fe6f commit e8325ee

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

44 files changed

+1113
-880
lines changed

.github/scripts/check-workflow-result.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -275,11 +275,11 @@ if [ "$WOLFPROV_FORCE_FAIL" = "WOLFPROV_FORCE_FAIL=1" ]; then
275275
elif [ "$TEST_SUITE" = "tcpdump" ]; then
276276
if [ -f "tcpdump-test.log" ]; then
277277
# Check for expected 7 failed tests (ESP/crypto segfaults)
278-
if grep -q "7 tests failed" tcpdump-test.log; then
279-
echo "PASS: tcpdump tests failed as expected with force fail enabled (7 tests failed)"
278+
if grep -q "2 tests failed" tcpdump-test.log; then
279+
echo "PASS: tcpdump tests failed as expected with force fail enabled (2 tests failed)"
280280
exit 0
281281
else
282-
echo "FAIL: tcpdump tests did not fail as expected (should have 7 failed tests)"
282+
echo "FAIL: tcpdump tests did not fail as expected (should have 2 failed tests)"
283283
exit 1
284284
fi
285285
else

.github/scripts/docker/Dockerfile

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
# Dockerfile used in `.github/workflows/build-wolfprovider.yml`
2+
FROM debian:bookworm
3+
4+
ENV DEBIAN_FRONTEND=noninteractive
5+
6+
RUN apt-get update && apt-get install -y --no-install-recommends \
7+
build-essential \
8+
devscripts \
9+
debhelper \
10+
dh-autoreconf \
11+
libtool \
12+
pkg-config \
13+
git \
14+
wget \
15+
curl \
16+
ca-certificates \
17+
openssl \
18+
dpkg-dev \
19+
lintian \
20+
fakeroot \
21+
dh-exec \
22+
equivs \
23+
expect \
24+
xxd \
25+
bc \
26+
libdistro-info-perl \
27+
&& rm -rf /var/lib/apt/lists/*

.github/workflows/bind9.yml

Lines changed: 18 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -18,21 +18,22 @@ jobs:
1818
with:
1919
wolfssl_ref: ${{ matrix.wolfssl_ref }}
2020
openssl_ref: ${{ matrix.openssl_ref }}
21+
fips_ref: ${{ matrix.fips_ref }}
2122
replace_default: ${{ matrix.replace_default }}
2223
strategy:
2324
matrix:
2425
wolfssl_ref: [ 'v5.8.2-stable' ]
2526
openssl_ref: [ 'openssl-3.5.2' ]
27+
fips_ref: [ 'FIPS', 'non-FIPS' ]
2628
replace_default: [ true ]
27-
fips: [ false ]
2829

2930
test_bind:
3031
runs-on: ubuntu-22.04
32+
needs: build_wolfprovider
3133
container:
3234
image: debian:bookworm
3335
env:
3436
DEBIAN_FRONTEND: noninteractive
35-
needs: build_wolfprovider
3637
# This should be a safe limit for the tests to run.
3738
timeout-minutes: 20
3839
strategy:
@@ -41,9 +42,9 @@ jobs:
4142
bind_ref: [ 'v9.18.28' ]
4243
wolfssl_ref: [ 'v5.8.2-stable' ]
4344
openssl_ref: [ 'openssl-3.5.2' ]
45+
fips_ref: [ 'FIPS', 'non-FIPS' ]
4446
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
4547
replace_default: [ true ]
46-
fips: [ false ]
4748
env:
4849
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
4950
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -54,20 +55,21 @@ jobs:
5455
with:
5556
fetch-depth: 1
5657

57-
- name: Checking OpenSSL/wolfProvider packages in cache
58-
uses: actions/cache/restore@v4
59-
id: wolfprov-cache
58+
- name: Download packages from build job
59+
uses: actions/download-artifact@v4
6060
with:
61-
path: |
62-
${{ env.WOLFSSL_PACKAGES_PATH }}
63-
${{ env.OPENSSL_PACKAGES_PATH }}
64-
${{ env.WOLFPROV_PACKAGES_PATH }}
65-
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
66-
fail-on-cache-miss: true
61+
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
62+
path: /tmp/packages
63+
64+
- name: Setup package directories
65+
run: |
66+
mv /tmp/packages/wolfssl-packages ${{ env.WOLFSSL_PACKAGES_PATH }}
67+
mv /tmp/packages/openssl-packages ${{ env.OPENSSL_PACKAGES_PATH }}
68+
mv /tmp/packages/wolfprov-packages ${{ env.WOLFPROV_PACKAGES_PATH }}
6769
6870
- name: Install wolfSSL/OpenSSL/wolfprov packages
6971
run: |
70-
printf "Installing OpenSSL/wolfProvider packages:\n"
72+
printf "Installing OpenSSL/wolfProvider packages (${{ matrix.fips_ref }}):\n"
7173
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
7274
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
7375
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
@@ -85,7 +87,9 @@ jobs:
8587
8688
- name: Verify wolfProvider is properly installed
8789
run: |
88-
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
90+
$GITHUB_WORKSPACE/scripts/verify-install.sh \
91+
${{ matrix.replace_default && '--replace-default' || '' }} \
92+
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
8993
9094
- name: Install bind9 test dependencies
9195
run: |

.github/workflows/build-wolfprovider.yml

Lines changed: 104 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
openssl_ref:
1010
required: true
1111
type: string
12+
fips_ref:
13+
required: false
14+
type: string
1215
replace_default:
1316
required: false
1417
type: boolean
@@ -20,7 +23,7 @@ jobs:
2023
runs-on: ubuntu-22.04
2124
# Run inside Debian Bookworm to match packaging environment
2225
container:
23-
image: debian:bookworm
26+
image: ghcr.io/aidangarske/wolfprovider-build:bookworm
2427
env:
2528
DEBIAN_FRONTEND: noninteractive
2629
timeout-minutes: 20
@@ -29,31 +32,86 @@ jobs:
2932
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
3033
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
3134
steps:
32-
# Install git prior to cloning to ensure we have the full repo
33-
# TODO: create a docker with these pre-installed
34-
- name: Install common dependencies
35+
# Download pre-built packages from debs branch
36+
- name: Checkout debs branch
37+
uses: actions/checkout@v4
38+
with:
39+
repository: wolfSSL/wolfProvider
40+
ref: debs
41+
sparse-checkout: |
42+
fips
43+
nonfips
44+
openssl
45+
sparse-checkout-cone-mode: false
46+
path: debs
47+
48+
- name: Setup packages from debs branch
3549
run: |
36-
apt-get update && apt-get install -y --no-install-recommends \
37-
build-essential \
38-
devscripts \
39-
debhelper \
40-
dh-autoreconf \
41-
libtool \
42-
pkg-config \
43-
git \
44-
wget \
45-
curl \
46-
ca-certificates \
47-
openssl \
48-
dpkg-dev \
49-
lintian \
50-
fakeroot \
51-
dh-exec \
52-
equivs \
53-
expect \
54-
xxd \
55-
bc \
56-
libdistro-info-perl
50+
mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
51+
mkdir -p ${{ env.OPENSSL_PACKAGES_PATH }}
52+
53+
echo "Available packages in debs branch:"
54+
ls -la debs/
55+
56+
# Copy packages based on build type
57+
if [ "${{ inputs.fips_ref }}" = "FIPS" ]; then
58+
if [ -d "debs/fips" ] && [ "$(ls -A debs/fips/*.deb 2>/dev/null)" ]; then
59+
echo "Copying FIPS wolfSSL packages..."
60+
cp debs/fips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/
61+
else
62+
echo "ERROR: No FIPS packages found in debs branch"
63+
exit 1
64+
fi
65+
else
66+
if [ -d "debs/nonfips" ] && [ "$(ls -A debs/nonfips/*.deb 2>/dev/null)" ]; then
67+
echo "Copying non-FIPS wolfSSL packages..."
68+
cp debs/nonfips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/
69+
else
70+
echo "ERROR: No non-FIPS packages found in debs branch"
71+
exit 1
72+
fi
73+
fi
74+
# Copy OpenSSL packages
75+
if [ -d "debs/openssl" ] && [ "$(ls -A debs/openssl/*.deb 2>/dev/null)" ]; then
76+
echo "Copying OpenSSL packages..."
77+
cp debs/openssl/*.deb ${{ env.OPENSSL_PACKAGES_PATH }}/
78+
else
79+
echo "WARNING: No OpenSSL packages found in debs branch"
80+
fi
81+
82+
echo ""
83+
echo "Packages ready for installation:"
84+
echo "wolfSSL packages:"
85+
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
86+
echo ""
87+
echo "OpenSSL packages:"
88+
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
89+
90+
- name: Install OpenSSL and wolfSSL packages
91+
run: |
92+
echo "Installing OpenSSL and wolfSSL packages (${{ inputs.fips_ref }})..."
93+
94+
# Install OpenSSL packages first
95+
if [ -n "$(ls -A ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then
96+
echo "Installing OpenSSL packages..."
97+
dpkg -i ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb || true
98+
fi
99+
# Install wolfSSL packages
100+
if [ -n "$(ls -A ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then
101+
echo "Installing wolfSSL packages..."
102+
dpkg -i ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb || true
103+
fi
104+
105+
# Fix any dependency issues
106+
apt-get install -f -y
107+
108+
echo ""
109+
echo "Packages installed successfully:"
110+
echo "OpenSSL:"
111+
dpkg -l | grep openssl || echo " No OpenSSL packages found"
112+
echo ""
113+
echo "wolfSSL:"
114+
dpkg -l | grep wolfssl || echo " No wolfSSL packages found"
57115
58116
- name: Checkout wolfProvider
59117
uses: actions/checkout@v4
@@ -72,49 +130,38 @@ jobs:
72130
git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true
73131
git fetch upstream --tags --no-recurse-submodules
74132
75-
- name: Install wolfSSL
76-
run: |
77-
$GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
78-
79-
- name: Install OpenSSL
80-
run: |
81-
$GITHUB_WORKSPACE/debian/install-openssl.sh ${{ inputs.replace_default && '--replace-default' || '' }} ${{ env.OPENSSL_PACKAGES_PATH }}
82-
83133
- name: Install wolfProvider
84134
run: |
85-
$GITHUB_WORKSPACE/debian/install-wolfprov.sh ${{ env.WOLFPROV_PACKAGES_PATH }}
135+
$GITHUB_WORKSPACE/debian/install-wolfprov.sh ${{ inputs.fips_ref == 'FIPS' && '--fips' || '' }} ${{ env.WOLFPROV_PACKAGES_PATH }}
86136
87-
- name: List packages directories
137+
- name: Setup packages directory
88138
run: |
139+
mkdir -p ${{ env.WOLFPROV_PACKAGES_PATH }}
140+
141+
# Copy wolfProvider packages (built in previous step)
142+
cp $GITHUB_WORKSPACE/../libwolfprov*.deb ${{ env.WOLFPROV_PACKAGES_PATH }}
143+
cp $GITHUB_WORKSPACE/../libwolfprov*.dsc ${{ env.WOLFPROV_PACKAGES_PATH }}
144+
cp $GITHUB_WORKSPACE/../libwolfprov*.tar.gz ${{ env.WOLFPROV_PACKAGES_PATH }}
145+
146+
# Note: OpenSSL and wolfSSL packages already copied from debs branch earlier
147+
148+
printf "Listing packages directory:\n"
149+
echo "wolfProvider packages:"
89150
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
151+
echo ""
152+
echo "wolfSSL packages:"
90153
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
154+
echo ""
155+
echo "OpenSSL packages:"
91156
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
92157
93-
- name: Save all packages to cache for use by other workflows
94-
uses: actions/cache/save@v4
95-
continue-on-error: true
158+
# Save all packages as artifacts for consumers
159+
- name: Upload wolfProvider packages
160+
uses: actions/upload-artifact@v4
96161
with:
162+
name: debian-packages-${{ inputs.fips_ref }}${{ inputs.replace_default && '-replace-default' || '' }}-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}
97163
path: |
98164
${{ env.WOLFSSL_PACKAGES_PATH }}
99165
${{ env.OPENSSL_PACKAGES_PATH }}
100166
${{ env.WOLFPROV_PACKAGES_PATH }}
101-
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }}
102-
103-
# Save all packages in a single artifact for consumers
104-
# TODO: support debug builds
105-
- name: Upload wolfProvider artifacts
106-
uses: actions/upload-artifact@v4
107-
continue-on-error: true
108-
with:
109-
name: openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }}
110-
path: |
111-
${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
112-
${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
113-
${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
114-
${{ env.OPENSSL_PACKAGES_PATH }}/*.deb
115-
${{ env.OPENSSL_PACKAGES_PATH }}/*.dsc
116-
${{ env.OPENSSL_PACKAGES_PATH }}/*.tar.gz
117-
${{ env.WOLFPROV_PACKAGES_PATH }}/*.deb
118-
${{ env.WOLFPROV_PACKAGES_PATH }}/*.dsc
119-
${{ env.WOLFPROV_PACKAGES_PATH }}/*.tar.gz
120167
retention-days: 1

0 commit comments

Comments
 (0)