diff --git a/.github/workflows/bind9.yml b/.github/workflows/bind9.yml index e37eb4dc..d5affb37 100644 --- a/.github/workflows/bind9.yml +++ b/.github/workflows/bind9.yml @@ -2,10 +2,10 @@ name: Bind9 Tests # START OF COMMON SECTION on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.github/workflows/build-wolfprovider.yml b/.github/workflows/build-wolfprovider.yml index f2316da3..b6b4c01c 100644 --- a/.github/workflows/build-wolfprovider.yml +++ b/.github/workflows/build-wolfprovider.yml @@ -35,7 +35,6 @@ jobs: run: | apt-get update && apt-get install -y --no-install-recommends \ build-essential \ - ccache \ devscripts \ debhelper \ dh-autoreconf \ @@ -55,31 +54,31 @@ jobs: xxd # Experimental: use ccache - - name: Setup ccache - uses: hendrikmuhs/ccache-action@v1.2 - id: cc - with: - create-symlink: true + # - name: Setup ccache + # uses: hendrikmuhs/ccache-action@v1.2 + # id: cc + # with: + # create-symlink: true - - name: Setup ccache environment variables - run: | - echo CC=ccache\ gcc >> "$GITHUB_ENV" - echo CXX=ccache\ g++ >> "$GITHUB_ENV" - echo CCACHE_BASEDIR=${GITHUB_WORKSPACE} >> "$GITHUB_ENV" - echo CCACHE_NOHASHDIR=true >> "$GITHUB_ENV" - echo CCACHE_COMPILERCHECK=content >> "$GITHUB_ENV" - echo "CCACHE_DIR=${XDG_CACHE_HOME:-$HOME/.cache}/ccache" >> "$GITHUB_ENV" - mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/ccache" - - - name: Sanity check ccache routing - run: | - set -x - which -a gcc || true - gcc --version | head -1 - ccache --zero-stats - printf 'int main(){return 0;}\n' > t.c - $CC -c t.c - ccache -s + # - name: Setup ccache environment variables + # run: | + # echo CC=ccache\ gcc >> "$GITHUB_ENV" + # echo CXX=ccache\ g++ >> "$GITHUB_ENV" + # echo CCACHE_BASEDIR=${GITHUB_WORKSPACE} >> "$GITHUB_ENV" + # echo CCACHE_NOHASHDIR=true >> "$GITHUB_ENV" + # echo CCACHE_COMPILERCHECK=content >> "$GITHUB_ENV" + # echo "CCACHE_DIR=${XDG_CACHE_HOME:-$HOME/.cache}/ccache" >> "$GITHUB_ENV" + # mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/ccache" + + # - name: Sanity check ccache routing + # run: | + # set -x + # which -a gcc || true + # gcc --version | head -1 + # ccache --zero-stats + # printf 'int main(){return 0;}\n' > t.c + # $CC -c t.c + # ccache -s - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -115,21 +114,34 @@ jobs: # ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} # apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb - # # TODO: roll this step into utils-wolfssl.sh - # # TODO: specify tag below + # TODO: roll this step into utils-wolfssl.sh + # TODO: specify tag below # - name: Build wolfSSL packages and install # # if: steps.wolfssl_cache.outputs.cache-hit != 'true' # run: | # # $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }} # $GITHUB_WORKSPACE/debian/install-wolfssl.sh ${{ env.WOLFSSL_PACKAGES_PATH }} - # Unpack and install wolfSSL packages - - name: Unpack and install wolfSSL packages + # # Unpack and install wolfSSL packages + # - name: Unpack and install wolfSSL packages + # run: | + # mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }} + # tar -xzf .github/packages/debian-wolfssl.tar.gz -C ${{ env.WOLFSSL_PACKAGES_PATH }} + # mv ${{ env.WOLFSSL_PACKAGES_PATH }}/debian-packages/* ${{ env.WOLFSSL_PACKAGES_PATH }} + # apt install -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb + + - name: Install baseline openssl run: | - mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }} - tar -xzf .github/packages/debian-wolfssl.tar.gz -C ${{ env.WOLFSSL_PACKAGES_PATH }} - mv ${{ env.WOLFSSL_PACKAGES_PATH }}/debian-packages/* ${{ env.WOLFSSL_PACKAGES_PATH }} - apt install -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb + apt-get install --allow-downgrades --reinstall \ + libssl3=3.0.17-1~deb12u2 \ + libssl-dev=3.0.17-1~deb12u2 \ + openssl=3.0.17-1~deb12u2 + + - name: Build wolfSSL packages and install + # if: steps.wolfssl_cache.outputs.cache-hit != 'true' + run: | + # $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }} + $GITHUB_WORKSPACE/debian/install-wolfssl.sh ${{ env.WOLFSSL_PACKAGES_PATH }} # Check for cached OpenSSL packages - name: Checking OpenSSL packages in cache @@ -171,9 +183,9 @@ jobs: cp $GITHUB_WORKSPACE/../libwolfprov*.tar.gz ${{ env.WOLFPROV_PACKAGES_PATH }} printf "Listing packages directory:\n" - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} + ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} || true + ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} || true + ls -la ${{ env.OPENSSL_PACKAGES_PATH }} || true - name: Save to cache uses: actions/cache/save@v4 diff --git a/.github/workflows/simple.yml b/.github/workflows/simple.yml index 959ee8cf..4684df90 100644 --- a/.github/workflows/simple.yml +++ b/.github/workflows/simple.yml @@ -13,28 +13,6 @@ concurrency: # END OF COMMON SECTION jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - strategy: - matrix: - wolfssl_ref: [ - 'master', - 'v5.8.2-stable', - 'v5.8.0-stable'] - # Test against the newest of each minor version - openssl_ref: [ - 'openssl-3.5.2', - 'openssl-3.4.2', - 'openssl-3.3.4', - 'openssl-3.2.5', - 'openssl-3.1.8', - 'openssl-3.0.17'] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - debug: ['WOLFPROV_DEBUG=1', ''] - simple_test: name: Simple Test runs-on: ubuntu-22.04 @@ -62,28 +40,7 @@ jobs: with: fetch-depth: 1 - - name: Retrieving wolfProvider from cache - # Debug builds are not currently supported by build-wolfprovider.yml - # so those are manually built as a separate step. - if: ${{ matrix.debug == '' }} - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore - with: - path: | - wolfssl-install - wolfprov-install - openssl-install/lib64 - openssl-install/include - openssl-install/bin - - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} - # Normally we would fail on cache miss, but we rebuild below - # for the DEBUG build. - fail-on-cache-miss: false - - name: Build and test wolfProvider - # Only run the test for a cache miss. On hit, we've already run the test. - if: steps.wolfprov-cache-restore.cache-hit != 'true' run: | ${{ matrix.debug }} \ OPENSSL_TAG=${{ matrix.openssl_ref }} \ diff --git a/debian/install-wolfssl.sh b/debian/install-wolfssl.sh index 7e280bac..06eb2c01 100755 --- a/debian/install-wolfssl.sh +++ b/debian/install-wolfssl.sh @@ -117,9 +117,9 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac fi # Patch debian/rules.in to disable dh_strip - echo "Patching debian/rules.in to disable dh_strip..." - sed -i 's/^[[:space:]]*dh_strip.*/:/' debian/rules.in - echo "debian/rules.in patched successfully" + # echo "Patching debian/rules.in to disable dh_strip..." + # sed -i 's/^[[:space:]]*dh_strip.*/:/' debian/rules.in + # echo "debian/rules.in patched successfully" else echo "debian/rules.in found, using existing debian packaging" @@ -153,7 +153,11 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac --enable-shake256 \ --enable-wolfprovider \ --enable-rsapss \ - --enable-scrypt" + --enable-scrypt \ + --enable-keylog-export \ + --enable-debug-trace-errcodes=backtrace \ + --with-max-ecc-bits=1024 \ + --enable-sha" if [ "$debug_mode" = "true" ]; then configure_opts="$configure_opts --enable-debug" @@ -179,7 +183,10 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac -DWC_RSA_DIRECT \ -DWC_RSA_NO_PADDING \ -DACVP_VECTOR_TESTING \ - -DWOLFSSL_ECDSA_SET_K" \ + -DWOLFSSL_ECDSA_SET_K \ + -DHAVE_PUBLIC_FFDHE \ + -DWOLFSSL_PSS_LONG_SALT \ + -DWOLFSSL_LOGGINGENABLED_DEFAULT=1" \ LIBS="-lm" # Build Debian packages diff --git a/scripts/utils-openssl.sh b/scripts/utils-openssl.sh index 3ae08236..a3bcd6a3 100755 --- a/scripts/utils-openssl.sh +++ b/scripts/utils-openssl.sh @@ -310,7 +310,7 @@ install_openssl() { } init_openssl() { - if [ $WOLFPROV_BUILD_DEBIAN -eq 1 ]; then + if [ "${WOLFPROV_BUILD_DEBIAN:-0}" -eq 1 ]; then install_openssl_deb else install_openssl diff --git a/scripts/utils-wolfssl.sh b/scripts/utils-wolfssl.sh index 2fc0c687..cbb43347 100644 --- a/scripts/utils-wolfssl.sh +++ b/scripts/utils-wolfssl.sh @@ -184,6 +184,8 @@ install_wolfssl() { cd XXX-fips-test fi + printf "Running ./configure with: ${CONF_ARGS} ${WOLFSSL_CONFIG_OPTS} CFLAGS=\"${WOLFSSL_CONFIG_CFLAGS}\"\n" + printf "Running ./configure with: ${CONF_ARGS} ${WOLFSSL_CONFIG_OPTS} CFLAGS=\"${WOLFSSL_CONFIG_CFLAGS}\"\n" >>$LOG_FILE 2>&1 ./configure ${CONF_ARGS} ${WOLFSSL_CONFIG_OPTS} CFLAGS="${WOLFSSL_CONFIG_CFLAGS}" >>$LOG_FILE 2>&1 if [ $? != 0 ]; then printf "ERROR running ./configure\n"