Skip to content

Network manager workflows and added documentation to the README #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SparkiDev merged 2 commits into from
Jun 17, 2025
Merged

Network manager workflows and added documentation to the README #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7c8f234
Network Manager workflows
gasbytes Jun 13, 2025
e5d60c1
- Updated README.md;
gasbytes Jun 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 130 additions & 0 deletions .github/workflows/networkmanager.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
name: NetworkManager • wolfSSL / GnuTLS CI

on:
push:
branches: [ master, main ]
pull_request:
branches: [ '*' ]

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
nm-wolfssl-gnutls:
runs-on: ubuntu-22.04
timeout-minutes: 60

strategy:
fail-fast: false
matrix:
nm_version: [ master, "1.52.0", "1.42.4" ]

steps:
# ────────────────────────── checkout + packages ─────────────────────────
- name: Checkout repo
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Install build dependencies
run: |
sudo apt-get update -qq
sudo apt-get install --yes --no-install-recommends \
autoconf automake libtool m4 pkg-config build-essential git \
meson ninja-build gettext clang gperf gnulib autopoint gtk-doc-tools \
nettle-dev libtasn1-bin libtasn1-6-dev libunistring-dev libnvme-dev \
libp11-kit-dev libunbound-dev bison python3-yaml \
debhelper debugedit dh-autoreconf dh-strip-nondeterminism dwz intltool \
libbluetooth-dev libdebhelper-perl libndp-dev \
libfile-stripnondeterminism-perl libglib2.0-doc \
libnewt-dev libnl-3-dev libnl-cli-3-200 libnl-nf-3-200 libgirepository1.0-dev \
libpolkit-agent-1-dev libslang2-dev libsub-override-perl libdbus-1-dev ppp ppp-dev mobile-broadband-provider-info \
libteam-dev libteam5 libyaml-perl po-debconf libaudit-dev libudev-dev libsystemd-dev libmm-glib-dev libjansson-dev dhcpcd5 dnsmasq-base libpsl-dev libreadline-dev valac

- name: Build forked GnuTLS stack
run: |
LOGGING=0 GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
test -d /opt/gnutls && test -d /opt/wolfssl

- name: Build curl 7.88.1 (GnuTLS backend)
run: |
git clone --branch curl-7_88_1 https://github.com/curl/curl
cd curl
autoreconf -fi
./configure --with-gnutls=/opt/gnutls --prefix=/opt/curl \
--disable-static --enable-shared
make -j"$(nproc)"
sudo make install
sudo ldconfig

- name: Clone NetworkManager ${{ matrix.nm_version }}
run: |
git clone https://github.com/NetworkManager/NetworkManager
cd NetworkManager
if [ "${{ matrix.nm_version }}" != "master" ]; then
git checkout "${{ matrix.nm_version }}"
fi

- name: Configure & build NetworkManager
working-directory: NetworkManager
run: |
export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"

if [ "${{ matrix.nm_version }}" != "master" ]; then
meson setup build-gnutls \
-Dcrypto=gnutls \
-Dtests=yes \
-Dsystemd_journal=true \
-Dmore_logging=true \
-Dqt=false
else
meson setup build-gnutls \
-Dcrypto=gnutls \
-Dtests=yes \
-Dsystemd_journal=true \
-Dmore_logging=true \
-Dqt=false \
-Dnbft=false
fi

ninja -C build-gnutls -j"$(nproc)"

# ───────────────────── verify linkage (before tests) ────────────────────
- name: Verify linkage to /opt/gnutls
working-directory: NetworkManager/build-gnutls
run: |
BIN=src/nmcli/nmcli
LIB=$(find src/libnm-client-impl -name 'libnm.so*' -type f | head -n1)
for obj in "$BIN" "$LIB"; do
echo "::group::ldd $obj"
ldd "$obj" | grep -E 'lib(curl|gnutls)'
echo "::endgroup::"
ldd "$obj" | grep -q '/opt/gnutls/lib/libgnutls.so.30' || exit 1
done

# ────────────────────────── run test-suite ──────────────────────────────
- name: Run NetworkManager tests
working-directory: NetworkManager
run: |
export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
export NM_TEST_REGENERATE=1

if [ "${{ matrix.nm_version }}" != "1.42.4" ]; then
ninja -C build-gnutls test
else
# Skipped on CI because the GitHub Actions kernel lacks the VRF/Team modules and QoS-mapping support that platform/test-link-linux expects, so the test aborts with “Unknown device type / xgress QoS mapping assertion.
# Doesn't test any TLS/Crypto capabilities.
cd build-gnutls
all_tests=$(meson test --list 2>/dev/null)
test_list=$(printf '%s\n' "$all_tests" \
| grep -v -E '^(platform/test-link-linux)$' \
| tr '\n' ' ')
meson test $test_list --print-errorlogs
fi
32 changes: 18 additions & 14 deletions .github/workflows/tpm2-tools.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ jobs:
git clone --branch curl-8_4_0 https://github.com/curl/curl
cd curl
autoreconf -fi
./configure --with-gnutls=/opt/gnutls --prefix=/usr/local
./configure --with-gnutls=/opt/gnutls --prefix=/opt/curl
make
sudo make install
sudo ldconfig
Expand All @@ -76,9 +76,10 @@ jobs:
cd tpm2-tss
git submodule update --init --recursive
./bootstrap
export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
export CPPFLAGS="-I/opt/gnutls/include $CPPFLAGS"
export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib $LDFLAGS"
export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
./configure --prefix=/usr/local --disable-hardening
make
sudo make install
Expand All @@ -90,9 +91,10 @@ jobs:
git clone https://github.com/tpm2-software/tpm2-abrmd
cd tpm2-abrmd
./bootstrap
export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
export CPPFLAGS="-I/opt/gnutls/include $CPPFLAGS"
export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib $LDFLAGS"
export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
./configure --prefix=/usr/local \
--with-dbuspolicydir=/etc/dbus-1/system.d \
--with-systemdsystemunitdir=/lib/systemd/system
Expand Down Expand Up @@ -122,9 +124,10 @@ jobs:
fi

./bootstrap
export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
export CPPFLAGS="-I/opt/gnutls/include $CPPFLAGS"
export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib $LDFLAGS"
export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
./configure --prefix=/usr/local --enable-unit=abrmd
make
sudo make install
Expand All @@ -136,17 +139,18 @@ jobs:
echo "::group::ldd $bin"
ldd "$bin" | grep -E "lib(curl|gnutls)"
echo "::endgroup::"
ldd "$bin" | grep -q "libcurl.so.4 => /usr/local/lib/libcurl.so.4" &&
ldd "$bin" | grep -q "libcurl.so.4 => /opt/curl/lib/libcurl.so.4" &&
ldd "$bin" | grep -q "libgnutls.so.30 => /opt/gnutls/lib/libgnutls.so.30" ||
{ echo "❌ Wrong linkage detected in $bin"; exit 1; }
done

- name: Run complete test-suite
run: |
cd tpm2-tools
export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
export CPPFLAGS="-I/opt/gnutls/include $CPPFLAGS"
export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib $LDFLAGS"
export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"
export CPPFLAGS="-I/opt/gnutls/include -I/opt/curl/include${CPPFLAGS:+ $CPPFLAGS}"
export LDFLAGS="-L/opt/gnutls/lib -L/opt/curl/lib -Wl,-rpath,/opt/gnutls/lib:/opt/curl/lib${LDFLAGS:+ $LDFLAGS}"
export LD_LIBRARY_PATH="/opt/gnutls/lib:/opt/curl/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
export GNUTLS_DEBUG_LEVEL=5
export WGW_LOGGING=1
export TEST_REGENERATE_OUTPUT=1
Expand Down
69 changes: 68 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,70 @@
# gnutls-wolfssl

Experimental port of wolfSSL into gnutls
Experimental port of wolfSSL into GnuTLS. One script builds everything and drops the bits under /opt.

## Quick start
```
git clone https://github.com/YOURORG/gnutls-wolfssl.git
cd gnutls-wolfssl
# regular build
./setup.sh

# build with FIPS 140 support
./setup.sh fips
```
On success you get:
```
/opt/wolfssl wolfSSL
/opt/gnutls GnuTLS built on wolfSSL
/opt/wolfssl-gnutls-wrapper runtime shim
```
If the loader can’t find the libs, add the path to LD_LIBRARY_PATH (Linux) or DYLD_LIBRARY_PATH (macOS).

## Environment variables
| var | default | note |
|-----|---------|------|
| WOLFSSL_INSTALL | /opt/wolfssl | install prefix |
| GNUTLS_INSTALL | /opt/gnutls | install prefix |
| GNUTLS_FORCE_FIPS_MODE | – | set at runtime to enforce FIPS |

## Directory layout (after setup.sh has been run)
```
setup.sh do‑it‑all build script
rebuild-gnutls.sh rebuild GnuTLS only
wolfssl/ upstream clone
gnutls/ upstream clone + branch gnutls-wolfssl
wolfssl-gnutls-wrapper/ thin shim + tests
```

## Tests
```
cd wolfssl-gnutls-wrapper

# build wrapper
make

# full suite
make test

# fast run of the test suite
make test_fast

# test fips (only if ./setup.sh was run in fips mode)
make test_fips
```
Each test prints ✔️/❌ and a summary.

## Using in your project
```
cc app.c \
-I/opt/gnutls/include -I/opt/wolfssl/include \
-L/opt/gnutls/lib -lgnutls \
-L/opt/wolfssl/lib -lwolfssl \
-L/opt/wolfssl-gnutls-wrapper/lib -lgnutls-wolfssl-wrapper
```
Make sure the wrapper comes after gnutls on the linker line.

## Clean up
```
sudo rm -rf /opt/wolfssl /opt/gnutls /opt/wolfssl-gnutls-wrapper
```
Loading