Merge pull request #46 from gasbytes/network-manager

Network manager workflows and added documentation to the README

Author: SparkiDev

.github/workflows/networkmanager.yml

@@ -0,0 +1,130 @@
+name: NetworkManager • wolfSSL / GnuTLS CI
+
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  nm-wolfssl-gnutls:
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
+
+    strategy:
+      fail-fast: false
+      matrix:
+        nm_version: [ master, "1.52.0", "1.42.4" ]
+
+    steps:
+    # ────────────────────────── checkout + packages ─────────────────────────
+    - name: Checkout repo
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Install build dependencies
+      run: |
+        sudo apt-get update -qq
+        sudo apt-get install --yes --no-install-recommends \
+          autoconf automake libtool m4 pkg-config build-essential git \
+          meson ninja-build gettext clang gperf gnulib autopoint gtk-doc-tools \
+          nettle-dev libtasn1-bin libtasn1-6-dev libunistring-dev libnvme-dev \
+          libp11-kit-dev libunbound-dev bison python3-yaml \
+          debhelper debugedit dh-autoreconf dh-strip-nondeterminism dwz intltool \
+          libbluetooth-dev libdebhelper-perl libndp-dev \
+          libfile-stripnondeterminism-perl libglib2.0-doc \
+          libnewt-dev libnl-3-dev libnl-cli-3-200 libnl-nf-3-200 libgirepository1.0-dev \
+          libpolkit-agent-1-dev libslang2-dev libsub-override-perl libdbus-1-dev ppp ppp-dev mobile-broadband-provider-info \
+          libteam-dev libteam5 libyaml-perl po-debconf libaudit-dev libudev-dev libsystemd-dev libmm-glib-dev libjansson-dev dhcpcd5 dnsmasq-base libpsl-dev libreadline-dev valac
+
+    - name: Build forked GnuTLS stack
+      run: |
+        LOGGING=0 GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
+        test -d /opt/gnutls && test -d /opt/wolfssl
+
+    - name: Build curl 7.88.1 (GnuTLS backend)
+      run: |
+        git clone --branch curl-7_88_1 https://github.com/curl/curl
+        cd curl
+        autoreconf -fi
+        ./configure --with-gnutls=/opt/gnutls --prefix=/opt/curl \
+                    --disable-static --enable-shared
+        make -j"$(nproc)"
+        sudo make install
+        sudo ldconfig
+
+    - name: Clone NetworkManager ${{ matrix.nm_version }}
+      run: |
+        git clone https://github.com/NetworkManager/NetworkManager
+        cd NetworkManager
+        if [ "${{ matrix.nm_version }}" != "master" ]; then
+          git checkout "${{ matrix.nm_version }}"
+        fi
+
+    - name: Configure & build NetworkManager
+      working-directory: NetworkManager
+      run: |
+        export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
+        export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
+        export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
+        export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+
+        if [ "${{ matrix.nm_version }}" != "master" ]; then
+          meson setup build-gnutls \
+            -Dcrypto=gnutls \
+            -Dtests=yes \
+            -Dsystemd_journal=true \
+            -Dmore_logging=true \
+            -Dqt=false
+        else
+          meson setup build-gnutls \
+            -Dcrypto=gnutls \
+            -Dtests=yes \
+            -Dsystemd_journal=true \
+            -Dmore_logging=true \
+            -Dqt=false \
+            -Dnbft=false
+        fi
+
+        ninja -C build-gnutls -j"$(nproc)"
+
+    # ───────────────────── verify linkage (before tests) ────────────────────
+    - name: Verify linkage to /opt/gnutls
+      working-directory: NetworkManager/build-gnutls
+      run: |
+        BIN=src/nmcli/nmcli
+        LIB=$(find src/libnm-client-impl -name 'libnm.so*' -type f | head -n1)
+        for obj in "$BIN" "$LIB"; do
+          echo "::group::ldd $obj"
+          ldd "$obj" | grep -E 'lib(curl|gnutls)'
+          echo "::endgroup::"
+          ldd "$obj" | grep -q '/opt/gnutls/lib/libgnutls.so.30' || exit 1
+        done
+
+    # ────────────────────────── run test-suite ──────────────────────────────
+    - name: Run NetworkManager tests
+      working-directory: NetworkManager
+      run: |
+        export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
+        export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
+        export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
+        export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+        export NM_TEST_REGENERATE=1
+
+        if [ "${{ matrix.nm_version }}" != "1.42.4" ]; then
+          ninja -C build-gnutls test
+        else
+          # Skipped on CI because the GitHub Actions kernel lacks the VRF/Team modules and QoS-mapping support that platform/test-link-linux expects, so the test aborts with “Unknown device type / xgress QoS mapping assertion.
+          # Doesn't test any TLS/Crypto capabilities.
+          cd build-gnutls
+          all_tests=$(meson test --list 2>/dev/null)
+          test_list=$(printf '%s\n' "$all_tests" \
+            | grep -v -E '^(platform/test-link-linux)$' \
+            | tr '\n' ' ')
+          meson test $test_list --print-errorlogs
+        fi

.github/workflows/tpm2-tools.yml

@@ -64,7 +64,7 @@ jobs:
           git clone --branch curl-8_4_0 https://github.com/curl/curl
           cd curl
           autoreconf -fi
-          ./configure --with-gnutls=/opt/gnutls --prefix=/usr/local
+          ./configure --with-gnutls=/opt/gnutls --prefix=/opt/curl
           make
           sudo make install
           sudo ldconfig
@@ -76,9 +76,10 @@ jobs:
           cd tpm2-tss
           git submodule update --init --recursive
           ./bootstrap
-          export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
-          export CPPFLAGS="-I/opt/gnutls/include $CPPFLAGS"
-          export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib $LDFLAGS"
+          export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
+          export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
+          export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
+          export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
           ./configure --prefix=/usr/local --disable-hardening
           make
           sudo make install
@@ -90,9 +91,10 @@ jobs:
           git clone https://github.com/tpm2-software/tpm2-abrmd
           cd tpm2-abrmd
           ./bootstrap
-          export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
-          export CPPFLAGS="-I/opt/gnutls/include $CPPFLAGS"
-          export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib $LDFLAGS"
+          export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
+          export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
+          export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
+          export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
           ./configure --prefix=/usr/local \
             --with-dbuspolicydir=/etc/dbus-1/system.d \
             --with-systemdsystemunitdir=/lib/systemd/system
@@ -122,9 +124,10 @@ jobs:
           fi
           
           ./bootstrap
-          export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
-          export CPPFLAGS="-I/opt/gnutls/include $CPPFLAGS"
-          export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib $LDFLAGS"
+          export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
+          export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
+          export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
+          export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
           ./configure --prefix=/usr/local --enable-unit=abrmd
           make
           sudo make install
@@ -136,17 +139,18 @@ jobs:
             echo "::group::ldd $bin"
             ldd "$bin" | grep -E "lib(curl|gnutls)"
             echo "::endgroup::"
-            ldd "$bin" | grep -q "libcurl.so.4 => /usr/local/lib/libcurl.so.4" &&
+            ldd "$bin" | grep -q "libcurl.so.4 => /opt/curl/lib/libcurl.so.4" &&
             ldd "$bin" | grep -q "libgnutls.so.30 => /opt/gnutls/lib/libgnutls.so.30" ||
             { echo "❌ Wrong linkage detected in $bin"; exit 1; }
           done
       
       - name: Run complete test-suite
         run: |
           cd tpm2-tools
-          export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
-          export CPPFLAGS="-I/opt/gnutls/include $CPPFLAGS"
-          export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib $LDFLAGS"
+          export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
+          export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
+          export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
+          export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
           export GNUTLS_DEBUG_LEVEL=5
           export WGW_LOGGING=1
           export TEST_REGENERATE_OUTPUT=1

README.md

@@ -1,3 +1,70 @@
 # gnutls-wolfssl
 
-Experimental port of wolfSSL into gnutls
+Experimental port of wolfSSL into GnuTLS. One script builds everything and drops the bits under /opt.
+
+## Quick start
+```
+git clone https://github.com/YOURORG/gnutls-wolfssl.git
+cd gnutls-wolfssl
+# regular build
+./setup.sh
+
+# build with FIPS 140 support
+./setup.sh fips
+```
+On success you get:
+```
+/opt/wolfssl                  wolfSSL
+/opt/gnutls                   GnuTLS built on wolfSSL
+/opt/wolfssl-gnutls-wrapper   runtime shim
+```
+If the loader can’t find the libs, add the path to LD_LIBRARY_PATH (Linux) or DYLD_LIBRARY_PATH (macOS).
+
+## Environment variables
+| var | default | note |
+|-----|---------|------|
+| WOLFSSL_INSTALL | /opt/wolfssl | install prefix |
+| GNUTLS_INSTALL  | /opt/gnutls  | install prefix |
+| GNUTLS_FORCE_FIPS_MODE | – | set at runtime to enforce FIPS |
+
+## Directory layout (after setup.sh has been run)
+```
+setup.sh                       do‑it‑all build script
+rebuild-gnutls.sh              rebuild GnuTLS only
+wolfssl/                       upstream clone
+gnutls/                        upstream clone + branch gnutls-wolfssl
+wolfssl-gnutls-wrapper/        thin shim + tests
+```
+
+## Tests
+```
+cd wolfssl-gnutls-wrapper
+
+# build wrapper
+make
+
+# full suite
+make test
+
+# fast run of the test suite
+make test_fast
+
+# test fips (only if ./setup.sh was run in fips mode)
+make test_fips
+```
+Each test prints ✔️/❌ and a summary.
+
+## Using in your project
+```
+cc app.c \
+  -I/opt/gnutls/include -I/opt/wolfssl/include \
+  -L/opt/gnutls/lib -lgnutls \
+  -L/opt/wolfssl/lib -lwolfssl \
+  -L/opt/wolfssl-gnutls-wrapper/lib -lgnutls-wolfssl-wrapper
+```
+Make sure the wrapper comes after gnutls on the linker line.
+
+## Clean up
+```
+sudo rm -rf /opt/wolfssl /opt/gnutls /opt/wolfssl-gnutls-wrapper
+```