diff --git a/.github/scripts/check-workflow-result.sh b/.github/scripts/check-workflow-result.sh index 6642959b..b1e61458 100755 --- a/.github/scripts/check-workflow-result.sh +++ b/.github/scripts/check-workflow-result.sh @@ -293,6 +293,23 @@ if [ "$WOLFPROV_FORCE_FAIL" = "WOLFPROV_FORCE_FAIL=1" ]; then echo "Error: $IPERF_TEST_LOG not found" exit 1 fi + # ----- BIND9 ----- + elif [ "$TEST_SUITE" = "bind9" ]; then + if [ -f "bind9-test.log" ]; then + # Check for expected error count (12 errors) and non-zero exit code + if grep -q "ERROR: 12" bind9-test.log; then + echo "PASS: BIND9 tests failed as expected with force fail enabled (12 errors)" + exit 0 + else + echo "FAIL: BIND9 tests did not fail as expected with force fail enabled" + echo " Expected: 12 errors and non-zero exit code" + echo " Got: $(grep 'ERROR:' bind9-test.log | tail -1)" + exit 1 + fi + else + echo "Error: bind9-test.log not found" + exit 1 + fi else if [ $TEST_RESULT -eq 0 ]; then echo "$TEST_SUITE tests unexpectedly succeeded with force fail enabled" diff --git a/.github/workflows/bind9.yml b/.github/workflows/bind9.yml index a247c132..5311ad9d 100644 --- a/.github/workflows/bind9.yml +++ b/.github/workflows/bind9.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_bind: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -34,8 +40,14 @@ jobs: bind_ref: [ 'v9.18.28' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -52,7 +64,7 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install bind9 test dependencies @@ -62,7 +74,7 @@ jobs: sudo apt install -y build-essential automake libtool gnutls-bin \ pkg-config make libidn2-dev libuv1-dev libnghttp2-dev libcap-dev \ libjemalloc-dev zlib1g-dev libxml2-dev libjson-c-dev libcmocka-dev \ - python3-pytest python3-dnspython python3-hypothesis + python3-pytest python3-dnspython python3-hypothesis net-tools iproute2 sudo PERL_MM_USE_DEFAULT=1 cpan -i Net::DNS - name: Checkout bind9 @@ -85,6 +97,7 @@ jobs: - name: Build and test bind9 with wolfProvider working-directory: bind9 + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup @@ -96,6 +109,5 @@ jobs: sudo ./bin/tests/system/ifconfig.sh up export ${{ matrix.force_fail }} - make -j$(nproc) check 2>&1 | tee bind9-test.log - TEST_RESULT=${PIPESTATUS[0]} + { make -j$(nproc) check 2>&1 | tee bind9-test.log; TEST_RESULT=${PIPESTATUS[0]}; } || true $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} bind9 diff --git a/.github/workflows/build-wolfprovider.yml b/.github/workflows/build-wolfprovider.yml index 1f315eef..22c9258c 100644 --- a/.github/workflows/build-wolfprovider.yml +++ b/.github/workflows/build-wolfprovider.yml @@ -9,6 +9,11 @@ on: openssl_ref: required: true type: string + replace_default: + required: false + type: boolean + default: false + description: "Build with --replace-default flag" outputs: cache_key: description: "Cache key for the build artifacts" @@ -18,10 +23,20 @@ jobs: build_wolfprovider_common: name: Build wolfProvider runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive timeout-minutes: 20 outputs: - cache_key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }} + cache_key: wolfprov${{ inputs.replace_default && '-replace-default' }}-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }} steps: + + - name: Install dependencies (needed for Debian) + run: | + apt-get update && \ + apt-get install -y curl jq git build-essential autoconf libtool pkg-config patch + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -52,7 +67,7 @@ jobs: with: path: | openssl-install - key: ossl-depends-${{ steps.openssl-ref.outputs.ref }} + key: ossl${{ inputs.replace_default && '-replace-default' }}-depends-${{ steps.openssl-ref.outputs.ref }} lookup-only: false # Look for a cached version of WolfSSL @@ -67,7 +82,17 @@ jobs: - name: Build wolfProvider run: | - OPENSSL_TAG=${{ inputs.openssl_ref }} WOLFSSL_TAG=${{ inputs.wolfssl_ref }} ./scripts/build-wolfprovider.sh + # Clean if there's a build mode mismatch + if ! OPENSSL_TAG=${{ inputs.openssl_ref }} WOLFSSL_TAG=${{ inputs.wolfssl_ref }} ./scripts/build-wolfprovider.sh ${{ inputs.replace_default && '--replace-default' || '' }}; then + echo "Build failed, attempting distclean and rebuild..." + ./scripts/build-wolfprovider.sh --distclean + OPENSSL_TAG=${{ inputs.openssl_ref }} WOLFSSL_TAG=${{ inputs.wolfssl_ref }} ./scripts/build-wolfprovider.sh ${{ inputs.replace_default && '--replace-default' || '' }} + fi + + - name: Check paths before saving to cache + run: | + ls -al $GITHUB_WORKSPACE + ls -al $GITHUB_WORKSPACE/openssl-install # Save the wolfProvider outputs for use by the parent jobs. # Note that we don't try to restore since it will likely always @@ -81,7 +106,7 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ inputs.replace_default && '-replace-default' }}-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }} # If openssl cache miss, save it to the cache - name: Save OpenSSL into cache @@ -90,7 +115,7 @@ jobs: with: path: | openssl-install - key: ossl-depends-${{ steps.openssl-ref.outputs.ref }} + key: ossl${{ inputs.replace_default && '-replace-default' }}-depends-${{ steps.openssl-ref.outputs.ref }} - name: Save WolfSSL into cache if: steps.wolfssl-cache.outputs.cache-hit != 'true' diff --git a/.github/workflows/cjose.yml b/.github/workflows/cjose.yml index 98b1ea67..27035d33 100644 --- a/.github/workflows/cjose.yml +++ b/.github/workflows/cjose.yml @@ -18,23 +18,42 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] + exclude: + - wolfssl_ref: 'master' + replace_default: true test_cjose: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: matrix: - cjose_ref: [ 'master', 'v0.6.2.1' ] + cjose_ref: [ 'v0.6.2.1' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] + replace_default: [ false, true ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install dependencies (needed for Debian) + if: ${{ matrix.replace_default }} + run: | + apt-get update && \ + apt-get install -y curl jq + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -51,12 +70,15 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install cjose dependencies run: | - sudo apt-get install -y libjansson-dev check + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y build-essential autoconf automake libtool \ + pkg-config gcc make libjansson-dev check - name: Download cjose uses: actions/checkout@v4 @@ -68,18 +90,27 @@ jobs: - name: Build cjose working-directory: cjose + shell: bash run: | + # Set up the environment for wolfProvider + source $GITHUB_WORKSPACE/scripts/env-setup + + # Set additional environment variables for OpenSSL + export OPENSSL_INSTALL=$GITHUB_WORKSPACE/openssl-install + export LDFLAGS="-L${OPENSSL_INSTALL}/lib64 -L${OPENSSL_INSTALL}/lib" + export CPPFLAGS="-I${OPENSSL_INSTALL}/include" + export PKG_CONFIG_PATH="${OPENSSL_INSTALL}/lib64/pkgconfig:${OPENSSL_INSTALL}/lib/pkgconfig:${PKG_CONFIG_PATH}" + # Configure with OpenSSL - ./configure CFLAGS="-Wno-error=deprecated-declarations" --with-openssl=$GITHUB_WORKSPACE/openssl-install + ./configure CFLAGS="-Wno-error=deprecated-declarations" --with-openssl=$OPENSSL_INSTALL # Build cjose make - name: Run cjose tests working-directory: cjose + shell: bash run: | - # Set up the environment for wolfProvider - source $GITHUB_WORKSPACE/scripts/env-setup export ${{ matrix.force_fail }} # Run tests diff --git a/.github/workflows/cmdline.yml b/.github/workflows/cmdline.yml index 06646dc3..a5eb3b37 100644 --- a/.github/workflows/cmdline.yml +++ b/.github/workflows/cmdline.yml @@ -21,8 +21,14 @@ jobs: matrix: openssl_ref: [ 'master', 'openssl-3.5.0' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] + # Command line tests require comparison between wolfSSL and OpenSSL, + # so only test with replace_default false. + replace_default: [ false ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] debug: ['WOLFPROV_DEBUG=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -43,7 +49,7 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} # Normally we would fail on cache miss, but we rebuild below # for the DEBUG build. fail-on-cache-miss: false @@ -51,10 +57,12 @@ jobs: # If not yet built this version, build it now - name: Build wolfProvider # Only run the test for a cache miss. On hit, we've already run the test. - if: steps.wolfprov-cache-restore.cache-hit != 'true' + if: steps.wolfprov-cache.outputs.cache-hit != 'true' run: | - ${{ matrix.debug }} OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + ${{ matrix.debug }} OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh ${{ matrix.replace_default && '--replace-default' || '' }} - name: Run tests + shell: bash run: | + source $GITHUB_WORKSPACE/scripts/env-setup ${{ matrix.force_fail }} ${{ matrix.debug }} ./scripts/cmd_test/do-cmd-tests.sh diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 204eaa6a..e499db83 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_curl: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,10 +39,13 @@ jobs: curl_ref: [ 'master', 'curl-8_4_0', 'curl-7_88_1' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] exclude: - curl_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -54,13 +63,26 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | - sudo apt-get update - sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y build-essential autoconf automake libtool \ + pkg-config nghttp2 libpsl5 libpsl-dev python3-impacket + + - name: Set up environment for curl build + shell: bash + run: | + # Set up the environment for wolfProvider + source $GITHUB_WORKSPACE/scripts/env-setup + echo "OPENSSL_LIB_PATH=$OPENSSL_LIB_PATH" >> $GITHUB_ENV + echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $GITHUB_ENV + echo "PKG_CONFIG_PATH=$PKG_CONFIG_PATH" >> $GITHUB_ENV + echo "CPPFLAGS=$CPPFLAGS" >> $GITHUB_ENV + echo "LDFLAGS=$LDFLAGS" >> $GITHUB_ENV - name: Build curl uses: wolfSSL/actions-build-autotools-project@v1 @@ -68,7 +90,7 @@ jobs: repository: curl/curl path: curl ref: ${{ matrix.curl_ref }} - configure: --with-openssl + configure: --with-openssl=$GITHUB_WORKSPACE/openssl-install/ check: false - name: Generate certificates for curl master force-fail tests @@ -79,8 +101,10 @@ jobs: make test-ca.cacert cd ../.. fi + - name: Test curl with wolfProvider working-directory: curl + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup @@ -88,7 +112,6 @@ jobs: export CURL_REF=${{ matrix.curl_ref }} # Run tests and save output to test.log - make -j$(nproc) test-ci 2>&1 | tee curl-test.log - # Capture the test result using PIPESTATUS (Bash only) - TEST_RESULT=${PIPESTATUS[0]} + # Don't use pipe status since it will exit on the first error when pipefail is set + { make -j$(nproc) test-ci 2>&1 | tee curl-test.log; TEST_RESULT=${PIPESTATUS[0]}; } || true $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} curl diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml index 58af58db..ceba2442 100644 --- a/.github/workflows/grpc.yml +++ b/.github/workflows/grpc.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_grpc: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 30 @@ -41,6 +47,10 @@ jobs: h2_ssl_cert_test h2_ssl_session_reuse_test wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -58,19 +68,21 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true + - name: Install prerequisites + run: | + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y build-essential autoconf libtool pkg-config \ + clang libc++-dev iproute2 net-tools git six + - name: Confirm IPv4 and IPv6 support run: | ip addr list lo | grep 'inet ' ip addr list lo | grep 'inet6 ' - - name: Install prerequisites - run: | - sudo apt-get update - sudo apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev - - name: Setup cmake version uses: jwlawson/actions-setup-cmake@v2 with: @@ -85,6 +97,7 @@ jobs: - name: Build grpc with wolfProvider working-directory: ./grpc + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/iperf.yml b/.github/workflows/iperf.yml index c9528ab9..4876de1c 100644 --- a/.github/workflows/iperf.yml +++ b/.github/workflows/iperf.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_iperf: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -32,8 +38,12 @@ jobs: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] iperf_ref: [ 'master', '3.12' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -51,13 +61,14 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | - sudo apt-get update - sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev - name: Checkout iperf uses: actions/checkout@v4 @@ -68,9 +79,15 @@ jobs: - name: Build iperf working-directory: iperf + shell: bash run: | + # Set up the environment for wolfProvider + source $GITHUB_WORKSPACE/scripts/env-setup + export LDFLAGS="-L${OPENSSL_INSTALL}/lib64" + export CPPFLAGS="-I${OPENSSL_INSTALL}/include" + # Configure with OpenSSL - ./configure --with-openssl=$GITHUB_WORKSPACE/openssl-install + ./configure --with-openssl=$GITHUB_WORKSPACE/openssl-install/ # Build iperf make -j @@ -90,9 +107,8 @@ jobs: - name: Run tests working-directory: iperf + shell: bash run: | - # Set up the environment for wolfProvider - source $GITHUB_WORKSPACE/scripts/env-setup export ${{ matrix.force_fail }} # Test variables for iperf diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index c8307e19..80a6debd 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_ipmitool: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -34,6 +40,10 @@ jobs: ipmitool_ref: [ 'master', 'IPMITOOL_1_8_19' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -51,14 +61,15 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | export DEBIAN_FRONTEND=noninteractive - sudo apt-get update - sudo apt-get install -y libreadline-dev + apt-get update && \ + apt-get install -y build-essential autoconf automake libtool \ + pkg-config libreadline-dev wget - name: Build ipmitool with wolfProvider uses: wolfSSL/actions-build-autotools-project@v1 @@ -70,6 +81,7 @@ jobs: - name: Confirm built with OpenSSL and test with wolfProvider working-directory: ipmitool + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml index de0a5d0c..4d4f7f69 100644 --- a/.github/workflows/krb5.yml +++ b/.github/workflows/krb5.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_krb5: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 30 @@ -33,8 +39,17 @@ jobs: krb5_ref: [ 'krb5-1.20.1-final' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -50,11 +65,12 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install KRB5 dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y \ build-essential autoconf automake libtool \ @@ -83,6 +99,7 @@ jobs: - name: Build and test KRB5 with wolfProvider working-directory: krb5 + shell: bash run: | # Build KRB5 cd src @@ -102,7 +119,7 @@ jobs: export ${{ matrix.force_fail }} # Run tests and save output - make check 2>&1 | tee krb5-test.log - TEST_RESULT=${PIPESTATUS[0]} + # Don't use pipe status since it will exit on the first error when pipefail is set + { make check 2>&1 | tee krb5-test.log; TEST_RESULT=${PIPESTATUS[0]}; } || true $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} krb5 diff --git a/.github/workflows/libcryptsetup.yml b/.github/workflows/libcryptsetup.yml index 19e727e9..07c18838 100644 --- a/.github/workflows/libcryptsetup.yml +++ b/.github/workflows/libcryptsetup.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: ['v5.8.0-stable', 'master'] openssl_ref: ['openssl-3.5.0'] + replace_default: [ false, true ] test_cryptsetup: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -34,7 +40,11 @@ jobs: cryptsetup_ref: ['v2.6.1'] wolfssl_ref: ['v5.8.0-stable', 'master'] openssl_ref: ['openssl-3.5.0'] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider @@ -53,16 +63,17 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | - sudo apt-get update - sudo apt-get install -y \ + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y \ build-essential autoconf asciidoctor gettext autopoint libtool \ pkg-config uuid-dev libdevmapper-dev libpopt-dev libjson-c-dev \ - libargon2-dev + libargon2-dev libblkid-dev - name: Checkout cryptsetup uses: actions/checkout@v4 @@ -83,17 +94,20 @@ jobs: - name: Build cryptsetup working-directory: cryptsetup + shell: bash run: | + source $GITHUB_WORKSPACE/scripts/env-setup ./autogen.sh ./configure --enable-static \ --with-crypto-backend=openssl \ --disable-ssh-token \ - --with-openssl-includes=$GITHUB_WORKSPACE/openssl-install/include \ - --with-openssl-libs=$GITHUB_WORKSPACE/openssl-install/lib64 + --with-openssl-includes=$OPENSSL_LIB_PATH/../include \ + --with-openssl-libs=$OPENSSL_LIB_PATH make -j$(nproc) - name: Run cryptsetup tests working-directory: cryptsetup + shell: bash run: | source $GITHUB_WORKSPACE/scripts/env-setup export ${{ matrix.force_fail }} diff --git a/.github/workflows/libeac3.yml b/.github/workflows/libeac3.yml index e6776a7a..392d1d4b 100644 --- a/.github/workflows/libeac3.yml +++ b/.github/workflows/libeac3.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_libeac3: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,7 +39,11 @@ jobs: openpace_ref: [ '1.1.3' ] # no master branch wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: # Checkout the source so we can run the check-workflow-result script. @@ -52,13 +62,15 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install libeac3 dependencies run: | - sudo apt-get update - sudo apt-get install -y autoconf automake libtool libc6 help2man gengetopt pkg-config m4 libeac3 + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y autoconf automake libtool libc6 help2man gengetopt \ + pkg-config m4 patch - name: Checkout openpace uses: actions/checkout@v4 @@ -84,10 +96,11 @@ jobs: autoreconf --verbose --install ./configure make - sudo make install + make install - name: Run libeac3 tests working-directory: openpace + shell: bash run: | echo "Setting environment variables..." source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/libfido2.yml b/.github/workflows/libfido2.yml index b95f7c73..d3b725bb 100644 --- a/.github/workflows/libfido2.yml +++ b/.github/workflows/libfido2.yml @@ -14,24 +14,33 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_libfido2: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 15 strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] libfido2_ref: [ 'main', '1.15.0' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - libfido2_ref: 'main' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -48,13 +57,14 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install test dependencies run: | - sudo apt-get update - sudo apt-get install -y build-essential cmake pkg-config libudev-dev \ + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y build-essential cmake pkg-config libudev-dev \ zlib1g-dev libcbor-dev libpcsclite-dev pcscd - name: Checkout libfido2 @@ -67,6 +77,7 @@ jobs: - name: Build and install libfido2 working-directory: libfido2_repo + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup @@ -78,13 +89,14 @@ jobs: - name: Run libfido2 tests working-directory: libfido2_repo/build + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup export ${{ matrix.force_fail }} # Run tests, excluding regress_dev which requires hardware/fails in CI - ctest --exclude-regex "regress_dev" 2>&1 | tee libfido2-test.log + ctest --exclude-regex "regress_dev" 2>&1 | tee libfido2-test.log || true # Check test results directly in YAML if grep -q "100% tests passed" libfido2-test.log; then diff --git a/.github/workflows/libhashkit2.yml b/.github/workflows/libhashkit2.yml index f3a640c3..8f3acc67 100644 --- a/.github/workflows/libhashkit2.yml +++ b/.github/workflows/libhashkit2.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_libhashkit2: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,11 +39,19 @@ jobs: libhashkit2_ref: [ 'v1.x', '1.1.4' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - libhashkit2_ref: 'v1.x' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -54,13 +68,14 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install libmemcached dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install cmake build-essential bison flex memcached libc6 + sudo apt-get install -y cmake build-essential bison flex memcached libc6 - name: Download libmemcached uses: actions/checkout@v4 @@ -83,6 +98,7 @@ jobs: - name: Run libhashkit2 tests working-directory: libmemcached/build + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/liboauth2.yml b/.github/workflows/liboauth2.yml index 7272c0b5..f9b3f038 100644 --- a/.github/workflows/liboauth2.yml +++ b/.github/workflows/liboauth2.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_liboauth2: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 20 strategy: @@ -32,8 +38,17 @@ jobs: liboauth2_ref: [ 'v1.4.5.4' ] # No master with patch wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -50,11 +65,12 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install liboauth2 dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y libcurl4-openssl-dev libjansson-dev \ libcjose-dev pkg-config build-essential apache2-dev libhiredis-dev \ @@ -77,6 +93,7 @@ jobs: - name: Build liboauth2 working-directory: liboauth2 + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup @@ -90,6 +107,7 @@ jobs: - name: Run liboauth2 tests working-directory: liboauth2 + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml index d0f4da01..2fae0fdd 100644 --- a/.github/workflows/libssh2.yml +++ b/.github/workflows/libssh2.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_libssh2: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 20 strategy: @@ -32,8 +38,17 @@ jobs: libssh2_ref: [ 'libssh2-1.10.0' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -50,11 +65,12 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev python3-impacket @@ -85,6 +101,7 @@ jobs: - name: Run libssh2 tests working-directory: libssh2 + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/libtss2.yml b/.github/workflows/libtss2.yml index ee2ed622..5dc886cb 100644 --- a/.github/workflows/libtss2.yml +++ b/.github/workflows/libtss2.yml @@ -14,25 +14,39 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_tpm2_tss: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 30 strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] tpm2_tss_ref: [ 'master', '4.1.3'] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - tpm2_tss_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -47,7 +61,7 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true # Replace system openssl with our version @@ -58,6 +72,7 @@ jobs: sudo ln -s $GITHUB_WORKSPACE/openssl-install/bin/openssl ${OPENSSL_SYSTEM} - name: Install test dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y pkg-config libcunit1-dev autoconf-archive \ gettext libcmocka-dev build-essential autoconf automake libtool \ @@ -85,8 +100,10 @@ jobs: if: ${{ matrix.tpm2_tss_ref }} == '4.1.3' run: | perl -pi -e 's|(#include )|#include \n$1|' ./test/unit/*.c + - name: Build and install tpm2-tss working-directory: tpm2_tss_repo + shell: bash run: | source $GITHUB_WORKSPACE/scripts/env-setup ./bootstrap @@ -94,8 +111,10 @@ jobs: --enable-unit --includedir=$GITHUB_WORKSPACE/openssl-install/include make -j$(nproc) make install + - name: Run tpm2-tss tests working-directory: tpm2_tss_repo + shell: bash run: | source $GITHUB_WORKSPACE/scripts/env-setup export ${{ matrix.force_fail }} diff --git a/.github/workflows/libwebsockets.yml b/.github/workflows/libwebsockets.yml index 624a1886..870db439 100644 --- a/.github/workflows/libwebsockets.yml +++ b/.github/workflows/libwebsockets.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_libwebsockets: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,11 +39,19 @@ jobs: libwebsockets_ref: [ 'main', 'v4.3.3' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - libwebsockets_ref: 'main' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + # Checkout the source so we can run the check-workflow-result script - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -54,11 +68,12 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install libwebsockets dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y libc6 libcap2 zlib1g cmake build-essential - name: Download libwebsockets diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml index 8619977f..c5039ab1 100644 --- a/.github/workflows/multi-compiler.yml +++ b/.github/workflows/multi-compiler.yml @@ -79,6 +79,7 @@ jobs: steps: - name: Install dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y ${{ matrix.CC }} ${{ matrix.CXX }} automake libtool diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml index 4ccaf28c..6659b2dc 100644 --- a/.github/workflows/net-snmp.yml +++ b/.github/workflows/net-snmp.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_net_snmp: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -34,7 +40,11 @@ jobs: net_snmp_ref: ['v5.9.3'] wolfssl_ref: ['master', 'v5.8.0-stable'] openssl_ref: ['openssl-3.5.0'] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -52,13 +62,14 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | - sudo apt-get update - sudo apt-get install -y libperl-dev + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y libperl-dev - name: Build net-snmp with wolfProvider uses: wolfSSL/actions-build-autotools-project@v1 @@ -76,6 +87,7 @@ jobs: - name: Run tests working-directory: net-snmp + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 04f29c96..10227697 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_nginx: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,11 +39,19 @@ jobs: nginx_ref: [ 'master', 'release-1.27.4' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', ''] exclude: - nginx_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -54,11 +68,15 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y build-essential autoconf automake libtool \ + pkg-config libpcre3-dev zlib1g-dev sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL - name: Checkout nginx @@ -83,6 +101,7 @@ jobs: - name: Run nginx-tests with wolfProvider working-directory: nginx-tests + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml index 287e1d4c..40563b37 100644 --- a/.github/workflows/openldap.yml +++ b/.github/workflows/openldap.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_openldap: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -34,6 +40,10 @@ jobs: openldap_ref: [ 'master', 'OPENLDAP_REL_ENG_2_5_13', 'OPENLDAP_REL_ENG_2_6_7' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -51,7 +61,7 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies @@ -68,6 +78,7 @@ jobs: - name: Build and test OpenLDAP with wolfProvider working-directory: openldap + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/opensc.yml b/.github/workflows/opensc.yml index f2be5099..9d6dd5f9 100644 --- a/.github/workflows/opensc.yml +++ b/.github/workflows/opensc.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_opensc: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 30 @@ -33,8 +39,17 @@ jobs: opensc_ref: [ '0.25.1' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -50,11 +65,12 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install OpenSC dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y \ autotools-dev libtool automake autoconf make pkg-config \ @@ -103,6 +119,7 @@ jobs: - name: Run OpenSC tests working-directory: opensc + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index bfb5c8db..9b9a822b 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_openssh: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -32,12 +38,20 @@ jobs: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] openssh_ref: [ 'master', 'V_10_0_P2', 'V_9_9_P1' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - openssh_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -54,7 +68,7 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Checkout OSP @@ -74,6 +88,7 @@ jobs: - name: Build and Test openssh-portable working-directory: openssh-portable + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 2571566b..2e91a02f 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_openvpn: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,11 +39,19 @@ jobs: openvpn_ref: [ 'master', 'v2.6.12' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] exclude: - openvpn_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -54,11 +68,12 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install test dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \ linux-libc-dev man2html libcmocka-dev python3-docutils \ @@ -96,6 +111,7 @@ jobs: - name: Test OpenVPN with wolfProvider working-directory: openvpn + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/pam-pkcs11.yml b/.github/workflows/pam-pkcs11.yml index 4603b1a0..aaac9527 100644 --- a/.github/workflows/pam-pkcs11.yml +++ b/.github/workflows/pam-pkcs11.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_pam_pkcs11: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,10 +39,13 @@ jobs: pam_pkcs11_ref: [ 'master', 'pam_pkcs11-0.6.12' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - pam_pkcs11_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: # Checkout the source so we can run the check-workflow-result script - name: Checkout wolfProvider @@ -55,10 +64,16 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true + - name: Install PAM dependencies + run: | + apt-get update + apt-get install -y git + - name: Run pam_pkcs11 tests + shell: bash run: | # Setup environment variables source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/ppp.yml b/.github/workflows/ppp.yml index a4ebd2ab..66136dcc 100644 --- a/.github/workflows/ppp.yml +++ b/.github/workflows/ppp.yml @@ -16,19 +16,26 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_ppp: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 15 strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] # Switched to v2.5.2 due to significant limitations with v2.4.9, # specifically the lack of a test suite, necessary configure options, # and compatibility with newer versions of openssl @@ -37,6 +44,8 @@ jobs: exclude: - ppp_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: # Checkout the source so we can run the check-workflow-result script @@ -55,7 +64,7 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Checkout PPP @@ -66,6 +75,10 @@ jobs: ref: ${{ matrix.ppp_ref }} fetch-depth: 1 + - name: Install PPP dependencies + run: | + apt-get install -y build-essential autoconf libtool pkg-config patch + - name: Apply PPP compatibility fixes for OpenSSL 3.x working-directory: ppp_repo run: | @@ -90,6 +103,7 @@ jobs: - name: Run PPP tests working-directory: ppp_repo + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/python3-ntp.yml b/.github/workflows/python3-ntp.yml index 9a318a0d..cf72fc9e 100644 --- a/.github/workflows/python3-ntp.yml +++ b/.github/workflows/python3-ntp.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_python3-ntp: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,11 +39,19 @@ jobs: python3-ntp_ref: [ 'master', 'NTPsec_1_2_2' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - python3-ntp_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -53,11 +67,12 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install python3-ntp dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y build-essential bison libcap-dev libseccomp-dev libavahi-compat-libdnssd-dev pps-tools python-dev-is-python3 @@ -87,6 +102,7 @@ jobs: - name: Run python3-ntp tests working-directory: ntpsec + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/qt5network5.yml b/.github/workflows/qt5network5.yml index cc66aae7..366e3e07 100644 --- a/.github/workflows/qt5network5.yml +++ b/.github/workflows/qt5network5.yml @@ -15,25 +15,39 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_qtbase_network: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 30 strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] qt_ref: [ 'dev', 'v5.15.8-lts-lgpl' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - qt_ref: 'dev' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -49,11 +63,12 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install Qt dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y build-essential pkg-config \ python3 perl libpcre2-dev zlib1g-dev cmake ninja-build @@ -75,6 +90,7 @@ jobs: - name: Configure Qt working-directory: qt5_repo + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup @@ -116,6 +132,7 @@ jobs: - name: Run QSSLSocket test working-directory: qt5_repo + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/replace-default.yml b/.github/workflows/replace-default.yml new file mode 100644 index 00000000..ff0e4c03 --- /dev/null +++ b/.github/workflows/replace-default.yml @@ -0,0 +1,67 @@ +name: Replace Default Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + replace_default_test: + name: Replace Default Test + runs-on: ubuntu-22.04 + timeout-minutes: 30 + strategy: + matrix: + # Test both standard and replace-default builds + replace_default: ['', '--replace-default'] + # Test with stable versions + wolfssl_ref: ['v5.8.0-stable'] + openssl_ref: ['openssl-3.5.0'] + steps: + + - name: Checkout wolfProvider + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Build wolfProvider ${{ matrix.replace_default && 'with replace-default' || 'standard' }} + run: | + OPENSSL_TAG=${{ matrix.openssl_ref }} \ + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} \ + ./scripts/build-wolfprovider.sh ${{ matrix.replace_default }} + + - name: Run standalone test suite + run: | + ./test/standalone/runners/run_standalone_tests.sh + + - name: Print errors on failure + if: ${{ failure() }} + run: | + # Build failure log + if [ -f scripts/build-release.log ]; then + echo "=== Build log (last 50 lines) ===" + tail -n 50 scripts/build-release.log + fi + + # Test suite failure log + if [ -f test-suite.log ]; then + echo "=== Test suite log ===" + cat test-suite.log + fi + + # Standalone test failures + if [ -d test/standalone/runners/test_results ]; then + for log in test/standalone/runners/test_results/*.log; do + if [ -f "$log" ]; then + echo "=== $log ===" + cat "$log" + fi + done + fi diff --git a/.github/workflows/rsync.yml b/.github/workflows/rsync.yml index 051c5ec3..cc8fde66 100644 --- a/.github/workflows/rsync.yml +++ b/.github/workflows/rsync.yml @@ -15,25 +15,39 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_rsync: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 15 strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] rsync_ref: [ 'master', 'v3.2.7' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - rsync_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -49,11 +63,12 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install rsync dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y gcc g++ gawk autoconf automake python3-cmarkgfm \ acl libacl1-dev attr libattr1-dev libxxhash-dev \ @@ -69,6 +84,7 @@ jobs: - name: Build and install rsync working-directory: rsync_repo + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup @@ -84,6 +100,7 @@ jobs: - name: Run rsync tests working-directory: rsync_repo + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/simple.yml b/.github/workflows/simple.yml index 959ee8cf..93f9bae3 100644 --- a/.github/workflows/simple.yml +++ b/.github/workflows/simple.yml @@ -18,6 +18,7 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ @@ -32,6 +33,7 @@ jobs: 'openssl-3.2.5', 'openssl-3.1.8', 'openssl-3.0.17'] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] debug: ['WOLFPROV_DEBUG=1', ''] @@ -54,8 +56,12 @@ jobs: 'openssl-3.2.5', 'openssl-3.1.8', 'openssl-3.0.17'] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] debug: ['WOLFPROV_DEBUG=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -76,14 +82,14 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} # Normally we would fail on cache miss, but we rebuild below # for the DEBUG build. fail-on-cache-miss: false - name: Build and test wolfProvider # Only run the test for a cache miss. On hit, we've already run the test. - if: steps.wolfprov-cache-restore.cache-hit != 'true' + if: steps.wolfprov-cache-restore.outputs.cache-hit != 'true' run: | ${{ matrix.debug }} \ OPENSSL_TAG=${{ matrix.openssl_ref }} \ diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml index 054b9966..90e7fd8c 100644 --- a/.github/workflows/socat.yml +++ b/.github/workflows/socat.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_socat: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -32,7 +38,16 @@ jobs: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -49,11 +64,12 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev @@ -71,6 +87,7 @@ jobs: - name: Run socat tests working-directory: ./socat-1.8.0.0 + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/sscep.yml b/.github/workflows/sscep.yml index 924e72ea..a2518f65 100644 --- a/.github/workflows/sscep.yml +++ b/.github/workflows/sscep.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_sscep: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 10 strategy: @@ -32,9 +38,18 @@ jobs: sscep_ref: [ 'master', 'v0.10.0' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -51,11 +66,12 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install sscep dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y scep psmisc @@ -82,6 +98,7 @@ jobs: sudo make install - name: Run sscep tests + shell: bash run: | source $GITHUB_WORKSPACE/scripts/env-setup export ${{ matrix.force_fail }} diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index e1e36e93..28deecb6 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -31,28 +31,17 @@ jobs: - sssd_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: fetch-depth: 1 - # Check if this version of wolfssl/wolfprovider has already been built, - # mark to cache these items on post if we do end up building - - name: Checking wolfSSL/wolfProvider in cache - uses: actions/cache@v4 - id: wolfprov-cache - with: - path: | - wolfssl-install - wolfprov-install - openssl-install/lib64 - openssl-install/include - openssl-install/bin - - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} - lookup-only: true - - # If not yet built this version, build it now + # Don't depend on the cache since it is likely a different OS - name: Build wolfProvider if: steps.wolfprov-cache.outputs.cache-hit != 'true' run: | diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index c4d0dfb4..5381397a 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_stunnel: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 10 @@ -33,11 +39,19 @@ jobs: stunnel_ref: [ 'master', 'stunnel-5.67' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] exclude: - stunnel_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -54,11 +68,12 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y libwrap0-dev autoconf-archive autotools-dev m4 @@ -129,6 +144,7 @@ jobs: - name: Verify stunnel with wolfProvider working-directory: ./stunnel + shell: bash run: | # Unset LD_LIBRARY_PATH after python setup unset LD_LIBRARY_PATH diff --git a/.github/workflows/systemd.yml b/.github/workflows/systemd.yml index f2ae0189..e43339ca 100644 --- a/.github/workflows/systemd.yml +++ b/.github/workflows/systemd.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: ['v5.8.0-stable', 'master'] openssl_ref: ['openssl-3.5.0'] + replace_default: [ false, true ] test_systemd: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -34,15 +40,21 @@ jobs: systemd_ref: ['v254'] wolfssl_ref: ['v5.8.0-stable', 'master'] openssl_ref: ['openssl-3.5.0'] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: - name: Install dependencies run: | - sudo apt-get update - sudo apt-get install -y build-essential meson ninja-build \ + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y build-essential meson ninja-build \ libmount-dev gperf python3-pytest libuv1-dev libnghttp2-dev \ libcap-dev uuid-dev libdevmapper-dev libpopt-dev libjson-c-dev \ - libargon2-dev libblkid-dev asciidoctor pkgconf zlib1g-dev + libargon2-dev libblkid-dev asciidoctor pkgconf zlib1g-dev \ + python3-jinja2 - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -59,7 +71,7 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Checkout systemd @@ -72,6 +84,7 @@ jobs: - name: Build systemd working-directory: systemd + shell: bash run: | source $GITHUB_WORKSPACE/scripts/env-setup meson setup -Dnobody-group=nogroup build @@ -79,6 +92,7 @@ jobs: - name: Run systemd tests working-directory: systemd + shell: bash run: | set +e source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/tcpdump.yml b/.github/workflows/tcpdump.yml index 879d94cf..f9f06552 100644 --- a/.github/workflows/tcpdump.yml +++ b/.github/workflows/tcpdump.yml @@ -15,13 +15,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_tcpdump: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 15 strategy: @@ -29,10 +35,13 @@ jobs: tcpdump_ref: [ 'master', 'tcpdump-4.99.3' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - tcpdump_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -49,13 +58,14 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install test dependencies run: | - sudo apt-get update - sudo apt-get install -y build-essential flex bison autoconf libtool + export DEBIAN_FRONTEND=noninteractive + apt-get update && \ + apt-get install -y build-essential flex bison autoconf libtool - name: Checkout libpcap uses: actions/checkout@v4 @@ -80,7 +90,9 @@ jobs: - name: Build and install tcpdump working-directory: tcpdump_repo + shell: bash run: | + source $GITHUB_WORKSPACE/scripts/env-setup if [ -f ./autogen.sh ]; then ./autogen.sh elif [ ! -f ./configure ]; then @@ -93,6 +105,7 @@ jobs: - name: Run tcpdump tests working-directory: tcpdump_repo + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/tnftp.yml b/.github/workflows/tnftp.yml index be262c37..ed9ea0ec 100644 --- a/.github/workflows/tnftp.yml +++ b/.github/workflows/tnftp.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_tnftp: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,8 +39,17 @@ jobs: tnftp_ref: [ 'tnftp-20210827' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -50,11 +65,12 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y build-essential autoconf libtool pkg-config vsftpd @@ -66,6 +82,7 @@ jobs: - name: Build and test tnftp working-directory: ${{ matrix.tnftp_ref }} + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/tpm2-tools.yml b/.github/workflows/tpm2-tools.yml index de17608f..18a9529f 100644 --- a/.github/workflows/tpm2-tools.yml +++ b/.github/workflows/tpm2-tools.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_tpm2_tools: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -34,8 +40,17 @@ jobs: tpm2_tools_ref: [ '5.7' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -52,11 +67,12 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install tpm2-tools test dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y git sudo autoconf expect vim dbus vim-common \ autoconf-archive python3 python3-yaml python3-pip libefivar-dev \ @@ -83,6 +99,7 @@ jobs: - name: Run tpm2-tools tests working-directory: tpm2-tools + shell: bash run: | # Set up the environment for wolfProvider source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/.github/workflows/x11vnc.yml b/.github/workflows/x11vnc.yml index 2f9d2d54..d511da2b 100644 --- a/.github/workflows/x11vnc.yml +++ b/.github/workflows/x11vnc.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_x11vnc: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider timeout-minutes: 10 strategy: @@ -32,9 +38,18 @@ jobs: x11vnc_ref: [ 'master', '0.9.17' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] + exclude: + - wolfssl_ref: 'master' + replace_default: true steps: + - name: Install sudo + run: | + apt-get update + apt-get install -y sudo + - name: Checkout wolfProvider uses: actions/checkout@v4 with: @@ -51,11 +66,12 @@ jobs: openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install x11vnc dependencies run: | + export DEBIAN_FRONTEND=noninteractive sudo apt-get update # common build dependencies @@ -80,6 +96,7 @@ jobs: - name: Build x11vnc working-directory: x11vnc + shell: bash run: | # force x11vnc to use the openssl binary in wolfProvider sudo ln -sf $GITHUB_WORKSPACE/openssl-install/bin/openssl /usr/bin/openssl @@ -100,6 +117,8 @@ jobs: sudo make install - name: Run x11vnc tests + working-directory: x11vnc + shell: bash run: | source $GITHUB_WORKSPACE/scripts/env-setup export ${{ matrix.force_fail }} diff --git a/.github/workflows/xmlsec.yml b/.github/workflows/xmlsec.yml index 7b68e7ef..a3700794 100644 --- a/.github/workflows/xmlsec.yml +++ b/.github/workflows/xmlsec.yml @@ -18,13 +18,19 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + replace_default: ${{ matrix.replace_default || false }} strategy: matrix: wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] test_xmlsec: runs-on: ubuntu-22.04 + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 @@ -33,10 +39,13 @@ jobs: xmlsec_ref: [ 'master', 'xmlsec-1_2_37' ] wolfssl_ref: [ 'master', 'v5.8.0-stable' ] openssl_ref: [ 'openssl-3.5.0' ] + replace_default: [ false, true ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] exclude: - xmlsec_ref: 'master' force_fail: 'WOLFPROV_FORCE_FAIL=1' + - wolfssl_ref: 'master' + replace_default: true steps: # Checkout the source so we can run the check-workflow-result script - name: Checkout wolfProvider @@ -54,14 +63,15 @@ jobs: openssl-install/lib64 openssl-install/include openssl-install/bin - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + key: wolfprov${{ matrix.replace_default && '-replace-default' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - name: Install xmlsec dependencies run: | - sudo apt-get update - sudo apt-get install -y automake autoconf libtool libtool-bin \ - libltdl-dev libltdl7 libxml2-dev + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y automake autoconf libtool libtool-bin \ + libltdl-dev libltdl7 libxml2-dev build-essential patch pkg-config - name: Checkout OSP uses: actions/checkout@v4 @@ -93,6 +103,7 @@ jobs: - name: Run xmlsec tests working-directory: xmlsec + shell: bash run: | echo "Setting environment variables..." source $GITHUB_WORKSPACE/scripts/env-setup diff --git a/scripts/env-setup b/scripts/env-setup index 15bae7c7..45f831b0 100755 --- a/scripts/env-setup +++ b/scripts/env-setup @@ -67,7 +67,7 @@ fi export OPENSSL_CONF="${OPENSSL_CONF:=$DEFAULT_PROVIDER_CONF}" export OPENSSL_MODULES="${OPENSSL_MODULES:=$WOLFPROV_LIB_PATH}" -export PKG_CONFIG_PATH="${PKG_CONFIG_PATH:=$OPENSSL_LIB_PATH/pkgconfig:$REPO_ROOT/libdefault-stub-install/lib}" +export PKG_CONFIG_PATH="${PKG_CONFIG_PATH:=$OPENSSL_LIB_PATH/pkgconfig}" # Other variables used by test scripts export WOLFPROV_PATH="${WOLFPROV_LIB_PATH}" diff --git a/scripts/utils-openssl.sh b/scripts/utils-openssl.sh index f11e4a4d..468425b3 100755 --- a/scripts/utils-openssl.sh +++ b/scripts/utils-openssl.sh @@ -105,33 +105,6 @@ is_openssl_patched() { return $patch_applied } -check_openssl_replace_default_mismatch() { - local openssl_is_patched=0 - - # Check if the source was patched for --replace-default - if is_openssl_patched; then - openssl_is_patched=1 - printf "INFO: OpenSSL source modified - wolfProvider integrated as default provider (non-stock build).\n" - fi - - # Check for mismatch - if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ] && [ "$openssl_is_patched" = "0" ]; then - printf "ERROR: --replace-default build mode mismatch!\n" - printf "Existing OpenSSL was built WITHOUT --replace-default patch\n" - printf "Current request: --replace-default build\n\n" - printf "Fix: ./scripts/build-wolfprovider.sh --distclean\n" - printf "Then rebuild with desired configuration.\n" - exit 1 - elif [ "$WOLFPROV_REPLACE_DEFAULT" != "1" ] && [ "$openssl_is_patched" = "1" ]; then - printf "ERROR: Standard build mode mismatch!\n" - printf "Existing OpenSSL was built WITH --replace-default patch\n" - printf "Current request: standard build\n\n" - printf "Fix: ./scripts/build-wolfprovider.sh --distclean\n" - printf "Then rebuild with desired configuration.\n" - exit 1 - fi -} - patch_openssl_version() { # Patch the OpenSSL version (wolfProvider/openssl-source/VERSION.dat) # with our BUILD_METADATA, depending on the FIPS flag. Either "wolfProvider" or "wolfProvider-fips". @@ -145,16 +118,22 @@ patch_openssl_version() { sed -i "s/RELEASE_DATE=.*/RELEASE_DATE=$(date '+%d %b %Y')/g" ${OPENSSL_SOURCE_DIR}/VERSION.dat } +patch_openssl_version_revert() { + # Revert the OpenSSL version (wolfProvider/openssl-source/VERSION.dat) + # to remove our BUILD_METADATA. + git checkout -- ${OPENSSL_SOURCE_DIR}/VERSION.dat +} + patch_openssl() { - if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then + if [ -d "${OPENSSL_INSTALL_DIR}" ]; then + # If openssl is already installed, patching makes no sense as + # it will not be rebuilt. It may already be built as patched, + # just return and let check_openssl_replace_default_mismatch + # check for the mismatch. + return 0 + fi - if [ -d "${OPENSSL_INSTALL_DIR}" ]; then - # If openssl is already installed, patching makes no sense as - # it will not be rebuilt. It may already be built as patched, - # just return and let check_openssl_replace_default_mismatch - # check for the mismatch. - return 0 - fi + if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then printf "\tApplying OpenSSL default provider patch ... " pushd ${OPENSSL_SOURCE_DIR} &> /dev/null @@ -179,6 +158,25 @@ patch_openssl() { printf "Done.\n" popd &> /dev/null + else + if is_openssl_patched; then + printf "\tReverting OpenSSL default provider patch ... " + pushd ${OPENSSL_SOURCE_DIR} &> /dev/null + + # Revert the patch + patch -R -p1 < ${SCRIPT_DIR}/../patches/openssl3-replace-default.patch >>$LOG_FILE 2>&1 + if [ $? != 0 ]; then + printf "ERROR.\n" + printf "\n\nPatch revert failed. Last 40 lines of log:\n" + tail -n 40 $LOG_FILE + do_cleanup + exit 1 + fi + patch_openssl_version_revert + printf "Done.\n" + + popd &> /dev/null + fi fi } @@ -253,7 +251,6 @@ install_openssl() { printf "\nInstalling OpenSSL ${OPENSSL_TAG} ...\n" clone_openssl patch_openssl - check_openssl_replace_default_mismatch pushd ${OPENSSL_SOURCE_DIR} &> /dev/null diff --git a/scripts/utils-wolfprovider.sh b/scripts/utils-wolfprovider.sh index 4f46a2d9..49445679 100644 --- a/scripts/utils-wolfprovider.sh +++ b/scripts/utils-wolfprovider.sh @@ -26,7 +26,6 @@ source ${SCRIPT_DIR}/utils-general.sh WOLFPROV_SOURCE_DIR=${SCRIPT_DIR}/.. WOLFPROV_INSTALL_DIR=${SCRIPT_DIR}/../wolfprov-install LIBDEFAULT_INSTALL_DIR=${WOLFPROV_INSTALL_DIR} -LIBDEFAULT_STUB_INSTALL_DIR=${SCRIPT_DIR}/../libdefault-stub-install WOLFPROV_WITH_WOLFSSL=--with-wolfssl=${WOLFSSL_INSTALL_DIR} # Check if using system wolfSSL installation