Merge branch 'master' of github.com:ColtonWilley/wolfProvider into wp_krb5_workflow

Author: ColtonWilley

.github/packages/debian-packages-20250731T171211Z-1-001.zip

@@ -0,0 +1,60 @@
+name: Command Line Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  cmdtest_test:
+    name: Command line test
+    runs-on: ubuntu-22.04
+    timeout-minutes: 20
+    strategy:
+      matrix:
+        openssl_ref: [ 'master', 'openssl-3.5.0' ]
+        wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
+        force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+        debug: ['WOLFPROV_DEBUG=1', '']
+    steps:
+      - name: Checkout wolfProvider
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Checking wolfSSL/wolfProvider in cache
+        # Debug builds are not currently supported by build-wolfprovider.yml
+        # so those are manually built as a separate step.
+        if: ${{ matrix.debug == '' }}
+        uses: actions/cache@v4
+        id: wolfprov-cache
+        with:
+          path: |
+            wolfssl-install
+            wolfprov-install
+            openssl-install/lib64
+            openssl-install/include
+            openssl-install/bin
+
+          key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+                    # Normally we would fail on cache miss, but we rebuild below 
+          # for the DEBUG build.
+          fail-on-cache-miss: false
+
+      # If not yet built this version, build it now
+      - name: Build wolfProvider
+        # Only run the test for a cache miss. On hit, we've already run the test.
+        if: steps.wolfprov-cache-restore.cache-hit != 'true'
+        run: |
+          ${{ matrix.debug }} OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh
+
+      - name: Run tests
+        run: |
+          ${{ matrix.force_fail }} ${{ matrix.debug }} ./scripts/cmd_test/do-cmd-tests.sh

.github/workflows/cmdline.yml

@@ -0,0 +1,190 @@
+name: Debian Package Test
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ '*' ]
+  workflow_dispatch:
+
+jobs:
+  test-debian-package:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout wolfProvider
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 1
+    - run: |
+        # Fetch tags
+        git fetch --tags
+        # List all tags
+        git tag -l
+
+    - name: Set up environment
+      run: |
+        # Update package lists
+        sudo apt-get update
+        # Install build dependencies
+        sudo apt-get install -y \
+          build-essential \
+          devscripts \
+          debhelper \
+          dh-autoreconf \
+          libtool \
+          pkg-config \
+          git \
+          wget \
+          curl \
+          ca-certificates \
+          openssl \
+          dpkg-dev \
+          lintian \
+          fakeroot \
+          equivs
+        # Install additional tools for testing
+        sudo apt-get install -y \
+          expect \
+          xxd
+
+    # TODO: this step rebuilds the package for the current architecture
+    #       we may be able to remove it if we can ensure the package supports
+    #       the architecture of the runner (most likely amd64)
+    - name: Install custom wolfssl
+      run: |
+        mkdir -p "$RUNNER_TEMP/wolfssl-pkg"
+        cd "$RUNNER_TEMP/wolfssl-pkg"
+        unzip $GITHUB_WORKSPACE/.github/packages/debian-packages-20250731T171211Z-1-001.zip
+        cd debian-packages
+        sudo dpkg-source -x wolfssl_5.8.2-1.dsc
+        cd wolfssl-5.8.2
+        sudo dpkg-buildpackage -b -us -uc
+        sudo dpkg -i ../libwolfssl*.deb
+
+    - name: Build Debian package
+      run: |
+        # Run the build script
+        # Bypass the warning prompt with 'yes Y' 
+        yes Y | ./scripts/build-wolfprovider.sh --debian
+
+        # List generated packages
+        echo "Generated Packages:"
+        ls -la ../*.deb ../*.dsc ../*.tar.gz || true
+
+    - name: Install package
+      run: |
+        # Find the package file
+        PACKAGE_FILE=$(find ../ -name "libwolfprov_*.deb" | head -n1)
+        if [ -z "$PACKAGE_FILE" ]; then
+          echo "No package file found!"
+          ls -la ../
+          exit 1
+        fi
+
+        echo "Installing package: $PACKAGE_FILE and dependencies"
+        sudo apt install -y ./"$PACKAGE_FILE"
+
+        # Verify installation
+        echo "Package Installation Verification:"
+        dpkg -l | grep libwolfprov
+        dpkg -L libwolfprov
+
+    - name: Test OpenSSL provider functionality
+      run: |
+        PROVIDER_CONF="/etc/ssl/openssl.cnf.d/wolfprovider.conf"
+        PROVIDER_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
+
+        # Temporarily move wolfprovider config so we can toggle between providers
+        echo "3. Temporarily disabling wolfprovider for default provider tests:"
+        mkdir -p /tmp/openssl-test
+        if [ -f $PROVIDER_CONF ]; then
+          sudo mv $PROVIDER_CONF $PROVIDER_CONF_BACKUP
+          echo "   - Moved $PROVIDER_CONF to $PROVIDER_CONF_BACKUP"
+        else
+          echo "$PROVIDER_CONF not found!"
+          exit 1
+        fi
+
+        # Run the do-cmd-test.sh script to execute interoperability tests
+        echo "Running OpenSSL provider interoperability tests..."
+        OPENSSL_BIN=$(eval which openssl) ./scripts/cmd_test/do-cmd-tests.sh
+
+        # Restore wolfprovider configuration
+        echo "5. Restoring wolfprovider configuration:"
+        if [ -f $PROVIDER_CONF_BACKUP ]; then
+          sudo mv $PROVIDER_CONF_BACKUP $PROVIDER_CONF
+          echo "   - Restored $PROVIDER_CONF from $PROVIDER_CONF_BACKUP"
+        fi
+
+        echo "PASS: All provider interoperability tests successful"
+
+    - name: Uninstall package and verify cleanup
+      run: |
+        # Uninstall the package
+        sudo apt-get remove --purge -y libwolfprov
+
+        # Verify the package is removed
+        if dpkg -l | grep -q libwolfprov; then
+          echo "Package still installed after removal"
+          dpkg -l | grep libwolfprov
+          exit 1
+        else
+          echo "Package successfully removed"
+        fi
+
+        # Check if the config file is removed
+        if [ -f /etc/ssl/openssl.cnf.d/wolfprovider.conf ]; then
+          echo "wolfprovider.conf still exists after package removal"
+          ls -la /etc/ssl/openssl.cnf.d/
+          exit 1
+        else
+          echo "wolfprovider.conf successfully removed"
+        fi
+
+        # Check if the library files are removed
+        if [ -f /usr/lib/*/ossl-modules/libwolfprov.so ]; then
+          echo "libwolfprov.so still exists after package removal"
+          find /usr/lib -name "libwolfprov.so*" 2>/dev/null || true
+          exit 1
+        else
+          echo "libwolfprov.so successfully removed"
+        fi
+
+        # Verify default OpenSSL provider is active
+        echo "Verifying Default Provider is Active:"
+        openssl list -providers
+
+        # Verify that the default provider is present and active
+        echo "Checking default provider status:"
+        if openssl list -providers | grep -q "default" && \
+           openssl list -providers | grep -q "OpenSSL Default Provider" && \
+           openssl list -providers | grep -q "status: active"; then
+          echo "Default provider is present and active"
+        else
+          echo "Default provider verification failed"
+          echo "Provider output:"
+          openssl list -providers
+          exit 1
+        fi
+
+        echo "Package uninstallation and cleanup verification successful"
+
+    - name: Move package artifacts
+      run: |
+        # Move the generated packages to the temp directory
+        mv ../*.deb $RUNNER_TEMP/ || true
+        mv ../*.dsc $RUNNER_TEMP/ || true
+        mv ../*.tar.gz $RUNNER_TEMP/ || true
+
+    # Save the build outputs which for use in release packages
+    - name: Upload package artifacts
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: debian-packages
+        path: |
+          ${{ runner.temp }}/*.deb
+          ${{ runner.temp }}/*.dsc
+          ${{ runner.temp }}/*.tar.gz
+        retention-days: 7 

.github/workflows/debian-package.yml

@@ -0,0 +1,103 @@
+name: Libcryptsetup Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfprovider:
+    uses: ./.github/workflows/build-wolfprovider.yml
+    with:
+      wolfssl_ref: ${{ matrix.wolfssl_ref }}
+      openssl_ref: ${{ matrix.openssl_ref }}
+    strategy:
+      matrix:
+        wolfssl_ref: ['v5.8.0-stable', 'master']
+        openssl_ref: ['openssl-3.5.0']
+
+  test_cryptsetup:
+    runs-on: ubuntu-22.04
+    needs: build_wolfprovider
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    strategy:
+      fail-fast: false
+      matrix:
+        cryptsetup_ref: ['v2.6.1']
+        wolfssl_ref: ['v5.8.0-stable', 'master']
+        openssl_ref: ['openssl-3.5.0']
+        force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+
+    steps:
+      - name: Checkout wolfProvider
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Retrieving wolfSSL/wolfProvider from cache
+        uses: actions/cache/restore@v4
+        id: wolfprov-cache
+        with:
+          path: |
+            wolfssl-install
+            wolfprov-install
+            openssl-install/lib64
+            openssl-install/include
+            openssl-install/bin
+
+          key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+          fail-on-cache-miss: true
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            build-essential autoconf asciidoctor gettext autopoint libtool \
+            pkg-config uuid-dev libdevmapper-dev libpopt-dev libjson-c-dev \
+            libargon2-dev
+
+      - name: Checkout cryptsetup
+        uses: actions/checkout@v4
+        with:
+          repository: mbroz/cryptsetup
+          path: cryptsetup
+          ref: ${{ matrix.cryptsetup_ref }}
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/osp
+          path: osp
+          fetch-depth: 1
+      - run: |
+          cd cryptsetup
+          patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libcryptsetup/libcryptsetup-${{ matrix.cryptsetup_ref }}-wolfprov.patch
+
+      - name: Build cryptsetup
+        working-directory: cryptsetup
+        run: |
+          ./autogen.sh
+          ./configure --enable-static \
+            --with-crypto-backend=openssl \
+            --disable-ssh-token \
+            --with-openssl-includes=$GITHUB_WORKSPACE/openssl-install/include \
+            --with-openssl-libs=$GITHUB_WORKSPACE/openssl-install/lib64
+          make -j$(nproc)
+
+      - name: Run cryptsetup tests
+        working-directory: cryptsetup
+        run: |
+          source $GITHUB_WORKSPACE/scripts/env-setup
+          export ${{ matrix.force_fail }}
+
+          make check 2>&1 | tee cryptsetup-test.log
+          TEST_RESULT=$(grep -q "All 10 tests passed" cryptsetup-test.log && echo "0" || echo "1")
+          $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} cryptsetup