- Added proper configurations for versions in wget and openldap that are

gasbytes · gasbytes · commit 996900340f04 · 2025-11-26T16:58:41.000+01:00
being tested  on ubuntu 24.04.
- Wireshark workflow
- Removing master version testing from the libjcat workflow.
Uses post quantum by default, not currently supported by gnutls-wolfssl.
diff --git a/.github/workflows/libjcat.yml b/.github/workflows/libjcat.yml
@@ -19,7 +19,7 @@ jobs:
     strategy:
       matrix:
         os: [ ubuntu-latest ]
-        libjcat_ref: [ 'master', '0.2.3', '0.2.0' ]
+        libjcat_ref: [ '0.2.3', '0.2.0' ]
       fail-fast: false
     runs-on: ${{ matrix.os }}
     container:
diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml
@@ -60,23 +60,48 @@ jobs:
             libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \
             git wget libsasl2-dev libsasl2-modules libsasl2-modules-gssapi-mit \
             libargon2-dev groff-base libltdl-dev automake libtool
-      # ───────────── cache the wolfssl/gnutls tool-chain ─────────────
+
+      - name: Prepare cache directories (native runner)
+        if: matrix.use_container == false
+        run: |
+          sudo mkdir -p /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper
+          sudo chown -R $USER:$USER /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper
+
+     # ───────────── cache the wolfssl/gnutls tool-chain ─────────────
       - name: Restore cached gnutls-wolfssl
         id: cache-gnutls
         uses: actions/cache@v4
         with:
           path: |
-            /opt/gnutls
-            /opt/wolfssl
-            /opt/wolfssl-gnutls-wrapper
-          key: gnutls-wolfssl-${{ runner.os }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
+            ${{ matrix.use_container && '/opt/gnutls' || '~/cache/gnutls' }}
+            ${{ matrix.use_container && '/opt/wolfssl' || '~/cache/wolfssl' }}
+            ${{ matrix.use_container && '/opt/wolfssl-gnutls-wrapper' || '~/cache/wolfssl-gnutls-wrapper' }}
+          key: gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
           restore-keys: |
-            gnutls-wolfssl-${{ runner.os }}-
+            gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-
+
+      - name: Copy cache to /opt (native runner only)
+        if: matrix.use_container == false && steps.cache-gnutls.outputs.cache-hit == 'true'
+        run: |
+          sudo mkdir -p /opt
+          sudo cp -a ~/cache/gnutls /opt/
+          sudo cp -a ~/cache/wolfssl /opt/
+          sudo cp -a ~/cache/wolfssl-gnutls-wrapper /opt/
+
       - name: Build GnuTLS with wolfSSL provider using setup.sh script
         if: steps.cache-gnutls.outputs.cache-hit != 'true'
         run: |
           echo "Running setup.sh..."
           GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
+          # For native runner: also save to cache location
+          if [[ "${{ matrix.use_container }}" == "false" ]]; then
+            mkdir -p ~/cache
+            sudo cp -a /opt/gnutls ~/cache/
+            sudo cp -a /opt/wolfssl ~/cache/
+            sudo cp -a /opt/wolfssl-gnutls-wrapper ~/cache/
+            sudo chown -R $(id -u):$(id -g) ~/cache
+          fi
+
       - name: Check setup.sh output directories
         run: |
           test -d /opt/wolfssl || { echo "/opt/wolfssl missing"; exit 1; }
@@ -95,6 +120,32 @@ jobs:
           export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig
           export CPPFLAGS=-I/opt/gnutls/include
           export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib"
+          if [[ "${{ matrix.openldap_ref }}" = "OPENLDAP_REL_ENG_2_6_7" ]]; then
+          ./configure \
+          ac_cv_func_memcmp_working=yes \
+          lt_cv_dlopen_self=yes \
+          --with-yielding-select=yes \
+          --enable-dynamic \
+          --enable-crypt \
+          --with-tls=gnutls \
+          --with-cyrus-sasl \
+          --enable-otp \
+          --with-argon2=libargon2 \
+          --enable-argon2 \
+          --enable-ppolicy \
+          --enable-remoteauth \
+          --prefix=/opt/openldap \
+          --enable-modules \
+          --enable-ipv6 \
+          --enable-asyncmeta=mod \
+          --enable-mdb=yes \
+          --enable-ldap=mod \
+          --enable-meta=mod \
+          --enable-null=mod \
+          --enable-passwd=mod \
+          --enable-proxycache=mod \
+          --enable-dnssrv=mod
+          else
           ./configure \
             --with-tls=gnutls \
             --with-cyrus-sasl \
@@ -105,6 +156,7 @@ jobs:
             --enable-remoteauth \
             --prefix=/opt/openldap \
             --enable-modules
+          fi
       - name: Build OpenLDAP
         working-directory: openldap
         run: |
diff --git a/.github/workflows/wget.yml b/.github/workflows/wget.yml
@@ -44,19 +44,16 @@ jobs:
         run: |
           apt-get update
           apt-get install -y build-essential
-
       - name: Install GnuTLS dependencies
         if: matrix.use_container == true
         run: |
           apt-get install -y gnulib autopoint gperf gtk-doc-tools nettle-dev clang \
             libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \
             sudo wget git flex
-
       - name: Install wget dependencies
         if: matrix.use_container == true
         run: |
           sudo apt-get install -y autoconf-archive libhttp-daemon-perl
-
       - name: Install dependencies on native Ubuntu
         if: matrix.use_container == false
         run: |
@@ -65,24 +62,40 @@ jobs:
             libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \
             wget git flex autoconf-archive libhttp-daemon-perl
 
-      # ───────────── cache the wolfssl/gnutls tool-chain ─────────────
+     # ───────────── cache the wolfssl/gnutls tool-chain ─────────────
       - name: Restore cached gnutls-wolfssl
         id: cache-gnutls
         uses: actions/cache@v4
         with:
           path: |
-            /opt/gnutls
-            /opt/wolfssl
-            /opt/wolfssl-gnutls-wrapper
-          key: gnutls-wolfssl-${{ runner.os }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
+            ${{ matrix.use_container && '/opt/gnutls' || '~/cache/gnutls' }}
+            ${{ matrix.use_container && '/opt/wolfssl' || '~/cache/wolfssl' }}
+            ${{ matrix.use_container && '/opt/wolfssl-gnutls-wrapper' || '~/cache/wolfssl-gnutls-wrapper' }}
+          key: gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
           restore-keys: |
-            gnutls-wolfssl-${{ runner.os }}-
+            gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-
+
+      - name: Copy cache to /opt (native runner only)
+        if: matrix.use_container == false && steps.cache-gnutls.outputs.cache-hit == 'true'
+        run: |
+          sudo mkdir -p /opt
+          sudo cp -a ~/cache/gnutls /opt/
+          sudo cp -a ~/cache/wolfssl /opt/
+          sudo cp -a ~/cache/wolfssl-gnutls-wrapper /opt/
 
       - name: Build GnuTLS with wolfSSL provider using setup.sh script
         if: steps.cache-gnutls.outputs.cache-hit != 'true'
         run: |
           echo "Running setup.sh..."
           GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
+          # For native runner: also save to cache location
+          if [[ "${{ matrix.use_container }}" == "false" ]]; then
+            mkdir -p ~/cache
+            sudo cp -a /opt/gnutls ~/cache/
+            sudo cp -a /opt/wolfssl ~/cache/
+            sudo cp -a /opt/wolfssl-gnutls-wrapper ~/cache/
+            sudo chown -R $(id -u):$(id -g) ~/cache
+          fi
 
       - name: Check setup.sh output directories
         run: |
@@ -92,7 +105,6 @@ jobs:
           test -d /opt/gnutls || exit 1
           echo "Check for wrapper installation..."
           test -d /opt/wolfssl-gnutls-wrapper/lib || exit 1
-
       - name: Build wget at ${{ matrix.wget_ref }}
         uses: actions/checkout@v4
         with:
@@ -111,13 +123,21 @@ jobs:
           git clone https://github.com/coreutils/gnulib gnulib
           ./bootstrap
           autoreconf -fi
-          ./configure --with-ssl=gnutls --with-libgnutls-prefix=/opt/gnutls
-
+          if [[ "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then
+            ./configure --with-ssl=gnutls --with-libgnutls-prefix=/opt/gnutls \
+            --without-libssl-prefix \
+            --disable-rpath \
+            --with-ssl=gnutls \
+            --enable-pcre \
+            --with-zlib \
+            --enable-ipv6
+          else
+            ./configure --with-ssl=gnutls --with-libgnutls-prefix=/opt/gnutls
+          fi
       - name: Make wget
         working-directory: wget
         run: |
           make -j $(nproc)
-
       # Get python 3.11 for old versions of wget
       - name: Install pyenv dependencies
         if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4'
@@ -127,12 +147,10 @@ jobs:
             libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm \
             libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev \
             libffi-dev liblzma-dev
-
       - name: Install pyenv
         if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4'
         run: |
           curl https://pyenv.run | bash
-
       - name: Test wget
         working-directory: wget
         run: |
@@ -146,5 +164,10 @@ jobs:
             pyenv global 3.11.9
             python --version
           fi
+          # To make /opt/gnutls visible to the test binaries, LD_LIBRARY_PATH
+          # is needed since we disable rpath for v1.21.4.
+          if [[ "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then
+          export LD_LIBRARY_PATH=/opt/gnutls/lib:/opt/wolfssl/lib:/opt/wolfssl-gnutls-wrapper/lib:$LD_LIBRARY_PATH
+          fi
           make check
           find . -name '*.log' | xargs grep wgw
diff --git a/.github/workflows/wireshark.yml b/.github/workflows/wireshark.yml
@@ -0,0 +1,112 @@
+name: wireshark test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build_gnutls:
+    name: Build wolfSSL, GnuTLS and provider
+    timeout-minutes: 20
+    strategy:
+      matrix:
+        os: [ ubuntu-24.04 ]
+        wireshark_ref: [ 'master', 'v4.2.12', 'v4.6.0' ]
+      fail-fast: false
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential gnulib autopoint gperf gtk-doc-tools nettle-dev clang \
+            libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \
+            wget git flex autoconf-archive libhttp-daemon-perl ninja-build
+
+      - name: Restore cached gnutls-wolfssl
+        id: cache-gnutls
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/cache/gnutls
+            ~/cache/wolfssl
+            ~/cache/wolfssl-gnutls-wrapper
+          key: gnutls-wolfssl-${{ runner.os }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
+          restore-keys: |
+            gnutls-wolfssl-${{ runner.os }}-
+
+      - name: Copy cache to /opt
+        if: steps.cache-gnutls.outputs.cache-hit == 'true'
+        run: |
+          sudo mkdir -p /opt
+          sudo cp -a ~/cache/gnutls /opt/
+          sudo cp -a ~/cache/wolfssl /opt/
+          sudo cp -a ~/cache/wolfssl-gnutls-wrapper /opt/
+          echo "Cache restored successfully"
+
+      - name: Build GnuTLS with wolfSSL provider using setup.sh script
+        if: steps.cache-gnutls.outputs.cache-hit != 'true'
+        run: |
+          echo "Cache miss - running setup.sh..."
+          GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
+          # Save to cache location
+          mkdir -p ~/cache
+          sudo cp -a /opt/gnutls ~/cache/
+          sudo cp -a /opt/wolfssl ~/cache/
+          sudo cp -a /opt/wolfssl-gnutls-wrapper ~/cache/
+          sudo chown -R $(id -u):$(id -g) ~/cache
+
+      - name: Check setup.sh output directories
+        run: |
+          echo "Check for wolfSSL installation..."
+          ls -la /opt/wolfssl || { echo "/opt/wolfssl not found"; exit 1; }
+          echo "Check for GnuTLS installation..."
+          ls -la /opt/gnutls || { echo "/opt/gnutls not found"; exit 1; }
+          echo "Check for wrapper installation..."
+          ls -la /opt/wolfssl-gnutls-wrapper/lib || { echo "/opt/wolfssl-gnutls-wrapper/lib not found"; exit 1; }
+
+      - name: Clone wireshark
+        run: |
+          git clone https://github.com/wireshark/wireshark.git
+
+      - name: Setup and build wireshark
+        working-directory: wireshark
+        run: |
+          if [[ "${{ matrix.wireshark_ref }}" != "master" ]]; then
+            git checkout ${{ matrix.wireshark_ref }}
+          fi
+          sudo ./tools/debian-setup.sh
+          sudo ./tools/debian-setup.sh --install-deb-deps
+          sudo ./tools/debian-setup.sh --install-test-deps
+          mkdir build && cd build
+          export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
+          cmake -G Ninja .. \
+          -DENABLE_PCAP=ON \
+          -DENABLE_GNUTLS=ON \
+          -DENABLE_CAP=ON \
+          -DENABLE_SBC=ON \
+          -DENABLE_NETLINK=ON \
+          -DBUILD_mmdbresolve=OFF \
+          -DBUILD_randpktdump=OFF \
+          -DBUILD_androiddump=OFF \
+          -DBUILD_dcerpcidl2wrs=OFF \
+          -DENABLE_QT5=OFF \
+          -DBUILD_wireshark=OFF
+          ninja
+          ninja test-programs
+
+      - name: Test Wireshark (TLS related tests only)
+        working-directory: wireshark
+        run: |
+          export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
+          cd build
+          pytest ../test/suite_decryption.py -v -s
