Debian package build script

.github/workflows/debian-package.yml

@@ -0,0 +1,190 @@
+name: Debian Package Test
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ '*' ]
+  workflow_dispatch:
+
+jobs:
+  test-debian-package:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout wolfProvider
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 1
+    - run: |
+        # Fetch tags
+        git fetch --tags
+        # List all tags
+        git tag -l
+
+    - name: Set up environment
+      run: |
+        # Update package lists
+        sudo apt-get update
+        # Install build dependencies
+        sudo apt-get install -y \
+          build-essential \
+          devscripts \
+          debhelper \
+          dh-autoreconf \
+          libtool \
+          pkg-config \
+          git \
+          wget \
+          curl \
+          ca-certificates \
+          openssl \
+          dpkg-dev \
+          lintian \
+          fakeroot \
+          equivs
+        # Install additional tools for testing
+        sudo apt-get install -y \
+          expect \
+          xxd
+
+    # TODO: this step rebuilds the package for the current architecture
+    #       we may be able to remove it if we can ensure the package supports
+    #       the architecture of the runner (most likely amd64)
+    - name: Install custom wolfssl
+      run: |
+        mkdir -p "$RUNNER_TEMP/wolfssl-pkg"
+        cd "$RUNNER_TEMP/wolfssl-pkg"
+        unzip $GITHUB_WORKSPACE/.github/packages/debian-packages-20250731T171211Z-1-001.zip
+        cd debian-packages
+        sudo dpkg-source -x wolfssl_5.8.2-1.dsc
+        cd wolfssl-5.8.2
+        sudo dpkg-buildpackage -b -us -uc
+        sudo dpkg -i ../libwolfssl*.deb
+
+    - name: Build Debian package
+      run: |
+        # Run the build script
+        # Bypass the warning prompt with 'yes Y' 
+        yes Y | ./scripts/build-wolfprovider.sh --debian
+
+        # List generated packages
+        echo "Generated Packages:"
+        ls -la ../*.deb ../*.dsc ../*.tar.gz || true
+
+    - name: Install package
+      run: |
+        # Find the package file
+        PACKAGE_FILE=$(find ../ -name "libwolfprov_*.deb" | head -n1)
+        if [ -z "$PACKAGE_FILE" ]; then
+          echo "No package file found!"
+          ls -la ../
+          exit 1
+        fi
+
+        echo "Installing package: $PACKAGE_FILE and dependencies"
+        sudo apt install -y ./"$PACKAGE_FILE"
+
+        # Verify installation
+        echo "Package Installation Verification:"
+        dpkg -l | grep libwolfprov
+        dpkg -L libwolfprov
+
+    - name: Test OpenSSL provider functionality
+      run: |
+        PROVIDER_CONF="/etc/ssl/openssl.cnf.d/wolfprovider.conf"
+        PROVIDER_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
+
+        # Temporarily move wolfprovider config so we can toggle between providers
+        echo "3. Temporarily disabling wolfprovider for default provider tests:"
+        mkdir -p /tmp/openssl-test
+        if [ -f $PROVIDER_CONF ]; then
+          sudo mv $PROVIDER_CONF $PROVIDER_CONF_BACKUP
+          echo "   - Moved $PROVIDER_CONF to $PROVIDER_CONF_BACKUP"
+        else
+          echo "$PROVIDER_CONF not found!"
+          exit 1
+        fi
+
+        # Run the do-cmd-test.sh script to execute interoperability tests
+        echo "Running OpenSSL provider interoperability tests..."
+        OPENSSL_BIN=$(eval which openssl) ./scripts/cmd_test/do-cmd-tests.sh
+
+        # Restore wolfprovider configuration
+        echo "5. Restoring wolfprovider configuration:"
+        if [ -f $PROVIDER_CONF_BACKUP ]; then
+          sudo mv $PROVIDER_CONF_BACKUP $PROVIDER_CONF
+          echo "   - Restored $PROVIDER_CONF from $PROVIDER_CONF_BACKUP"
+        fi
+
+        echo "PASS: All provider interoperability tests successful"
+
+    - name: Uninstall package and verify cleanup
+      run: |
+        # Uninstall the package
+        sudo apt-get remove --purge -y libwolfprov
+
+        # Verify the package is removed
+        if dpkg -l | grep -q libwolfprov; then
+          echo "Package still installed after removal"
+          dpkg -l | grep libwolfprov
+          exit 1
+        else
+          echo "Package successfully removed"
+        fi
+
+        # Check if the config file is removed
+        if [ -f /etc/ssl/openssl.cnf.d/wolfprovider.conf ]; then
+          echo "wolfprovider.conf still exists after package removal"
+          ls -la /etc/ssl/openssl.cnf.d/
+          exit 1
+        else
+          echo "wolfprovider.conf successfully removed"
+        fi
+
+        # Check if the library files are removed
+        if [ -f /usr/lib/*/ossl-modules/libwolfprov.so ]; then
+          echo "libwolfprov.so still exists after package removal"
+          find /usr/lib -name "libwolfprov.so*" 2>/dev/null || true
+          exit 1
+        else
+          echo "libwolfprov.so successfully removed"
+        fi
+
+        # Verify default OpenSSL provider is active
+        echo "Verifying Default Provider is Active:"
+        openssl list -providers
+
+        # Verify that the default provider is present and active
+        echo "Checking default provider status:"
+        if openssl list -providers | grep -q "default" && \
+           openssl list -providers | grep -q "OpenSSL Default Provider" && \
+           openssl list -providers | grep -q "status: active"; then
+          echo "Default provider is present and active"
+        else
+          echo "Default provider verification failed"
+          echo "Provider output:"
+          openssl list -providers
+          exit 1
+        fi
+
+        echo "Package uninstallation and cleanup verification successful"
+
+    - name: Move package artifacts
+      run: |
+        # Move the generated packages to the temp directory
+        mv ../*.deb $RUNNER_TEMP/ || true
+        mv ../*.dsc $RUNNER_TEMP/ || true
+        mv ../*.tar.gz $RUNNER_TEMP/ || true
+
+    # Save the build outputs which for use in release packages
+    - name: Upload package artifacts
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: debian-packages
+        path: |
+          ${{ runner.temp }}/*.deb
+          ${{ runner.temp }}/*.dsc
+          ${{ runner.temp }}/*.tar.gz
+        retention-days: 7 

.gitignore

@@ -73,3 +73,20 @@ examples/openssl_example
 cscope.out
 
 tags
+
+# Debian build files
+libwolfprov*.tar.gz
+debian/tmp
+debian/*.dch
+debian/autoreconf*
+debian/tmp
+debian/*debhelper*
+debian/*.deb
+debian/*.buildinfo
+debian/files
+debian/libwolfprov*
+!debian/libwolfprov.install
+!debian/libwolfprov.postinst
+!debian/libwolfprov.postrm
+!debian/libwolfprov-dev.docs
+!debian/libwolfprov-dev.install

README.md

@@ -62,6 +62,22 @@ It will retrieve the dependencies and compile them as necessary. To use other th
 OPENSSL_TAG=openssl-3.5.0 WOLFSSL_TAG=v5.8.0-stable WOLFPROV_DEBUG=1 scripts/build-wolfprovider.sh
 ```
 
+To clean the build, use the following:
+```
+./scripts/build-wolfprovider.sh --clean
+```
+
+To remove all source directories, use the following:
+```
+./scripts/build-wolfprovider.sh --distclean
+```
+
+To build a Debian package file, use the following command. 
+Note this will remove all ignored files in the repo, and there must be no staged changes.
+```
+./scripts/build-wolfprovider.sh --debian
+```
+
 Alternatively, you can manually compile each component using the following guide.
 
 ### OpenSSL

debian/changelog

@@ -0,0 +1,7 @@
+libwolfprov (1.0.2-1) unstable; urgency=medium
+
+  * Initial release.
+    This is the first packaging of libwolfprov.  
+    No Debian bugs are being closed in this upload.
+
+ -- WolfSSL Developer <[email protected]>  Mon, 28 Jul 2025 13:52:20 -0700

debian/compat

@@ -0,0 +1 @@
+12

debian/control

@@ -0,0 +1,35 @@
+Source: libwolfprov
+Section: libs
+Priority: optional
+Maintainer: WolfSSL <[email protected]>
+Standards-Version: 4.6.2
+Build-Depends: debhelper (>= 12),
+               devscripts,
+               pkgconf,
+               openssl,
+               libssl-dev,
+               libwolfssl,
+               libwolfssl-dev
+
+Package: libwolfprov
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libwolfssl, openssl
+Description: wolfProvider library for OpenSSL
+ wolfProvider is a library that can be used as a Provider in OpenSSL.
+ It provides cryptographic functionality through wolfSSL including:
+ .
+  * Hash functions (MD5, SHA-1, SHA-2, SHA-3)
+  * Symmetric encryption (AES, DES)
+  * Asymmetric cryptography (RSA, ECC, DH)
+  * Key derivation functions (HKDF, PBKDF2)
+  * Message authentication codes (HMAC, CMAC, GMAC)
+ .
+ This package contains the runtime library.
+
+Package: libwolfprov-dev
+Architecture: any
+Section: libdevel
+Depends: libwolfprov (= ${binary:Version}), ${misc:Depends}
+Description: Development files for wolfProvider
+ This package contains the header files and development libraries
+ needed to build applications using wolfProvider.

debian/copyright

@@ -0,0 +1,28 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: wolfProvider
+Source: https://github.com/wolfssl/wolfProvider
+
+Files: *
+Copyright: 2006-2025 wolfSSL Inc.
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General Public
+ License version 3 can be found in `/usr/share/common-licenses/GPL-3'.
+
+Files: debian/*
+Copyright: 2025 WolfSSL <[email protected]>
+License: GPL-3.0+
+ On Debian systems, the complete text of the GNU General Public
+ License version 3 can be found in `/usr/share/common-licenses/GPL-3'.

debian/libwolfprov-dev.docs

@@ -0,0 +1,3 @@
+README.md
+ChangeLog.md
+examples/openssl_example.c

debian/libwolfprov-dev.install

@@ -0,0 +1 @@
+usr/include/wolfprovider/*

debian/libwolfprov.install

@@ -0,0 +1,3 @@
+usr/lib/*/ossl-modules/libwolfprov.so*
+etc/ssl/openssl.cnf.d/
+etc/ssl/openssl.cnf.d/wolfprovider.conf

debian/libwolfprov.postinst

@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+CONF_FILE="/etc/ssl/openssl.cnf"
+INCLUDE_LINE=".include /etc/ssl/openssl.cnf.d/"
+
+if ! grep -qF "$INCLUDE_LINE" "$CONF_FILE"; then
+    echo "Adding include for wolfprovider..."
+    sed -i "/^openssl_conf/ a $INCLUDE_LINE" "$CONF_FILE"
+fi
+
+exit 0

debian/libwolfprov.postrm

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+  remove|purge)
+    rm -f /etc/ssl/openssl.cnf.d/wolfprovider.conf
+    rmdir /etc/ssl/openssl.cnf.d 2>/dev/null || true
+    ;;
+esac

debian/rules

@@ -0,0 +1,46 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@ --with autoreconf
+
+# Multiarch triplet
+DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+# Destination directory for installation
+DESTDIR=debian/tmp
+
+override_dh_auto_configure:
+	./autogen.sh
+	./configure
+
+override_dh_auto_build:
+	make -j$(shell nproc)
+
+override_dh_auto_install:
+	# Install library
+	install -d $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules
+	install -m755 ./.libs/libwolfprov.so* \
+		$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/
+	install -m755 ./.libs/libwolfprov.la* \
+		$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/
+
+	# Install headers
+	install -d $(DESTDIR)/usr/include/wolfprovider
+	install -m644 ./include/wolfprovider/*.h \
+		$(DESTDIR)/usr/include/wolfprovider/
+
+	# Install provider config file
+	install -d $(DESTDIR)/etc/ssl/openssl.cnf.d
+	install -m644 ./provider.conf \
+		$(DESTDIR)/etc/ssl/openssl.cnf.d/wolfprovider.conf
+
+override_dh_auto_clean:
+	dh_auto_clean
+	./scripts/build-wolfprovider.sh --clean --distclean
+
+override_dh_auto_test:
+	@echo "Skipping dh_auto_test (tests already run during build phase)"
+
+# Avoid warnings of the form package-has-unnecessary-activation-of-ldconfig-trigger
+override_dh_makeshlibs:
+	dh_makeshlibs -n
+

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)