Merge pull request #81 from gasbytes/gnutls-wolfssl-fips-ready #542
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: wget Test | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| build_gnutls: | |
| name: Build wolfSSL, GnuTLS and provider | |
| timeout-minutes: 20 | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| wget_ref: 'master' | |
| use_container: true | |
| - os: ubuntu-latest | |
| wget_ref: 'v1.21.3' | |
| use_container: true | |
| - os: ubuntu-24.04 | |
| wget_ref: 'v1.21.4' | |
| use_container: false | |
| - os: ubuntu-latest | |
| wget_ref: 'v1.24.5' | |
| use_container: true | |
| fail-fast: false | |
| runs-on: ${{ matrix.os }} | |
| container: ${{ matrix.use_container && 'debian:bookworm' || '' }} | |
| steps: | |
| - name: Checkout gnutls-wolfssl repository | |
| uses: actions/checkout@v4 | |
| - name: Ensure make available | |
| if: matrix.use_container == true | |
| run: | | |
| apt-get update | |
| apt-get install -y build-essential | |
| - name: Install GnuTLS dependencies | |
| if: matrix.use_container == true | |
| run: | | |
| apt-get install -y gnulib autopoint gperf gtk-doc-tools nettle-dev clang \ | |
| libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \ | |
| sudo wget git flex | |
| - name: Install wget dependencies | |
| if: matrix.use_container == true | |
| run: | | |
| sudo apt-get install -y autoconf-archive libhttp-daemon-perl | |
| - name: Install dependencies on native Ubuntu | |
| if: matrix.use_container == false | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential gnulib autopoint gperf gtk-doc-tools nettle-dev clang \ | |
| libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \ | |
| wget git flex autoconf-archive libhttp-daemon-perl | |
| # ───────────── cache the wolfssl/gnutls tool-chain ───────────── | |
| - name: Restore cached gnutls-wolfssl | |
| id: cache-gnutls | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ${{ matrix.use_container && '/opt/gnutls' || '~/cache/gnutls' }} | |
| ${{ matrix.use_container && '/opt/wolfssl' || '~/cache/wolfssl' }} | |
| ${{ matrix.use_container && '/opt/wolfssl-gnutls-wrapper' || '~/cache/wolfssl-gnutls-wrapper' }} | |
| ${{ !matrix.use_container && '~/cache/nettle' || '' }} | |
| key: gnutls-wolfssl-${{ matrix.use_container == false && '3.8.11' || '3.8.9' }}-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }} | |
| restore-keys: | | |
| gnutls-wolfssl-${{ matrix.use_container == false && '3.8.11' || '3.8.9' }}-${{ runner.os }}-${{ matrix.use_container }}- | |
| - name: Copy cache to /opt (native runner only) | |
| if: matrix.use_container == false && steps.cache-gnutls.outputs.cache-hit == 'true' | |
| run: | | |
| sudo mkdir -p /opt | |
| sudo cp -a ~/cache/gnutls /opt/ | |
| sudo cp -a ~/cache/wolfssl /opt/ | |
| sudo cp -a ~/cache/wolfssl-gnutls-wrapper /opt/ | |
| if [ -d ~/cache/nettle ]; then | |
| sudo cp -a ~/cache/nettle /opt/ | |
| fi | |
| - name: Setup nettle environment (native runner only) | |
| if: matrix.use_container == false | |
| run: | | |
| # Set up environment for nettle 3.10 in /opt/nettle | |
| echo "PKG_CONFIG_PATH=/opt/nettle/lib64/pkgconfig:/opt/nettle/lib/pkgconfig:$PKG_CONFIG_PATH" >> $GITHUB_ENV | |
| echo "LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:$LD_LIBRARY_PATH" >> $GITHUB_ENV | |
| - name: Build GnuTLS with wolfSSL provider using setup.sh script | |
| if: steps.cache-gnutls.outputs.cache-hit != 'true' | |
| run: | | |
| echo "Running setup.sh..." | |
| if [[ "${{ matrix.use_container }}" == "false" ]]; then | |
| GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl NETTLE_INSTALL=/opt/nettle ./setup.sh 3.8.11 | |
| else | |
| GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh | |
| fi | |
| # For native runner: also save to cache location | |
| if [[ "${{ matrix.use_container }}" == "false" ]]; then | |
| mkdir -p ~/cache | |
| sudo cp -a /opt/gnutls ~/cache/ | |
| sudo cp -a /opt/wolfssl ~/cache/ | |
| sudo cp -a /opt/wolfssl-gnutls-wrapper ~/cache/ | |
| if [ -d /opt/nettle ]; then | |
| sudo cp -a /opt/nettle ~/cache/ | |
| fi | |
| sudo chown -R $(id -u):$(id -g) ~/cache | |
| fi | |
| - name: Check setup.sh output directories | |
| run: | | |
| echo "Check for wolfSSL installation..." | |
| test -d /opt/wolfssl || exit 1 | |
| echo "Check for GnuTLS installation..." | |
| test -d /opt/gnutls || exit 1 | |
| echo "Check for wrapper installation..." | |
| test -d /opt/wolfssl-gnutls-wrapper/lib || exit 1 | |
| if [[ "${{ matrix.use_container }}" == "false" ]]; then | |
| echo "Check for nettle installation (3.8.11)..." | |
| test -d /opt/nettle || exit 1 | |
| fi | |
| - name: Verify GnuTLS version (native runner only) | |
| if: matrix.use_container == false | |
| run: | | |
| export LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:/opt/gnutls/lib:/opt/wolfssl/lib:$LD_LIBRARY_PATH | |
| GNUTLS_VERSION=$(/opt/gnutls/bin/gnutls-cli --version 2>&1 | grep -oP 'gnutls-cli \K[0-9]+\.[0-9]+\.[0-9]+') | |
| echo "Detected GnuTLS version: $GNUTLS_VERSION" | |
| if [ "$GNUTLS_VERSION" != "3.8.11" ]; then | |
| echo "ERROR: Expected GnuTLS 3.8.11 but got $GNUTLS_VERSION" | |
| exit 1 | |
| fi | |
| echo "GnuTLS version verified: 3.8.11" | |
| - name: Build wget at ${{ matrix.wget_ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: mirror/wget | |
| ref: ${{ matrix.wget_ref }} | |
| path: wget | |
| - name: Configure wget | |
| working-directory: wget | |
| # Default gnulib repository is: | |
| # https://git.savannah.gnu.org/git/gnulib | |
| # This has not been working lately: | |
| # The requested URL returned error: 502. | |
| # Manually checkout gnulib from GitHub | |
| run: | | |
| git clone https://github.com/coreutils/gnulib gnulib | |
| ./bootstrap | |
| autoreconf -fi | |
| if [[ "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then | |
| ./configure --with-ssl=gnutls --with-libgnutls-prefix=/opt/gnutls \ | |
| --without-libssl-prefix \ | |
| --disable-rpath \ | |
| --with-ssl=gnutls \ | |
| --enable-pcre \ | |
| --with-zlib \ | |
| --enable-ipv6 | |
| else | |
| ./configure --with-ssl=gnutls --with-libgnutls-prefix=/opt/gnutls | |
| fi | |
| - name: Make wget | |
| working-directory: wget | |
| run: | | |
| make -j $(nproc) | |
| # Get python 3.11 for old versions of wget | |
| - name: Install pyenv dependencies | |
| if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y make build-essential libssl-dev zlib1g-dev \ | |
| libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm \ | |
| libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev \ | |
| libffi-dev liblzma-dev | |
| - name: Install pyenv | |
| if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4' | |
| run: | | |
| curl https://pyenv.run | bash | |
| - name: Test wget | |
| working-directory: wget | |
| run: | | |
| # If Python 3.11 needed, reinitialize pyenv | |
| if [[ "${{ matrix.wget_ref }}" = "v1.21.3" || "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then | |
| export PYENV_ROOT="$HOME/.pyenv" | |
| export PATH="$PYENV_ROOT/bin:$PATH" | |
| eval "$(pyenv init --path)" | |
| eval "$(pyenv virtualenv-init -)" | |
| pyenv install 3.11.9 | |
| pyenv global 3.11.9 | |
| python --version | |
| fi | |
| # To make /opt/gnutls visible to the test binaries, LD_LIBRARY_PATH | |
| # is needed since we disable rpath for v1.21.4. | |
| if [[ "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then | |
| export LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:/opt/gnutls/lib:/opt/wolfssl/lib:/opt/wolfssl-gnutls-wrapper/lib:$LD_LIBRARY_PATH | |
| fi | |
| export WGW_LOGGING=1 | |
| make check | |
| find . -name '*.log' | xargs grep wgw |