Merge pull request #111 from wolfSSL/devin/1736248432-debian-packaging

Add Debian packaging support for wolfPKCS11

Author: dgarske

.github/workflows/debian-package-test.yml

@@ -0,0 +1,92 @@
+name: Debian Package Build and Install Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  debian-package-test:
+    runs-on: ubuntu-22.04
+    
+    steps:
+    # Pull wolfPKCS11
+    - uses: actions/checkout@v4
+      with:
+        submodules: true
+
+    # Install debian packaging tools
+    - name: Install debian packaging dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y build-essential autoconf gawk debhelper lintian
+
+    # Setup wolfssl with required flags for wolfPKCS11
+    - uses: actions/checkout@v4
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+    - name: wolfssl autogen
+      working-directory: ./wolfssl
+      run: ./autogen.sh
+    - name: wolfssl configure
+      working-directory: ./wolfssl
+      run: |
+        ./configure --enable-cryptocb --enable-aescfb --enable-aesctr  --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt --enable-md5 --enable-cmac \
+            C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB"
+    - name: wolfssl make and install
+      working-directory: ./wolfssl
+      run: |
+        make
+        sudo make deb
+
+    - name: wolfssl install
+      working-directory: ./wolfssl
+      run: |
+        sudo dpkg -i libwolfssl_*.deb libwolfssl-dev_*.deb
+
+    # Setup wolfPKCS11
+    - name: wolfpkcs11 autogen
+      run: ./autogen.sh
+    - name: wolfpkcs11 configure
+      run: ./configure --enable-nss --enable-aesecb --enable-aesctr --enable-aesccm --enable-aescmac
+
+    # Test local debian package build
+    - name: Test make deb
+      run: |
+        make deb
+        ls -la *.deb
+
+    # Test debian package installation
+    - name: Test debian package installation
+      run: |
+        sudo dpkg -i libwolfpkcs11_*.deb libwolfpkcs11-dev_*.deb
+        
+    # Verify installation
+    - name: Verify package installation
+      run: |
+        dpkg -l | grep wolfpkcs11
+        ls -la /usr/lib/libwolfpkcs11*
+        ls -la /usr/include/wolfpkcs11/ || echo "Headers not found in expected location"
+        pkg-config --exists wolfpkcs11 && echo "pkg-config found wolfpkcs11" || echo "pkg-config did not find wolfpkcs11"
+
+    # Upload generated packages as artifacts
+    - name: Upload debian packages
+      uses: actions/upload-artifact@v4
+      with:
+        name: wolfpkcs11-debian-packages
+        path: "*.deb"
+        retention-days: 5
+
+    # Capture logs on failure
+    - name: Upload failure logs
+      if: failure() || cancelled()
+      uses: actions/upload-artifact@v4
+      with:
+        name: debian-package-test-logs
+        path: |
+          test-suite.log
+          debian/files
+          debian/*.log
+        retention-days: 5

Docker/include.am

@@ -0,0 +1 @@
+EXTRA_DIST+= Docker/packaging/debian/Dockerfile

Docker/packaging/debian/Dockerfile

@@ -0,0 +1,5 @@
+FROM debian:latest
+
+RUN apt-get -y update
+RUN apt-get -y upgrade
+RUN apt-get install -y build-essential autoconf gawk debhelper lintian libwolfssl-dev

Makefile.am

@@ -36,6 +36,8 @@ include wolfpkcs11/include.am
 include examples/include.am
 include tests/include.am
 include IDE/include.am
+include debian/include.am
+include Docker/include.am
 
 EXTRA_DIST+= README.md
 EXTRA_DIST+= LICENSE

debian/changelog

@@ -0,0 +1,6 @@
+wolfpkcs11 (1.3.0) stable; urgency=medium
+
+  * For a full changelog see
+    https://github.com/wolfSSL/wolfPKCS11/blob/master/README.md
+
+ -- wolfSSL <support@wolfssl.com>  Mon, 07 Jul 2025 10:30:00 +0000

debian/control

@@ -0,0 +1,41 @@
+Source: wolfpkcs11
+Maintainer: wolfSSL <support@wolfssl.com>
+Section: libs
+Priority: optional
+Standards-Version: 4.6.2
+Build-Depends: debhelper-compat (= 13), libwolfssl-dev
+Vcs-Git: https://github.com/wolfSSL/wolfPKCS11.git
+Vcs-browser: https://github.com/wolfSSL/wolfPKCS11
+Homepage: https://www.wolfssl.com/
+
+Package: libwolfpkcs11
+Architecture: any
+Section: libs
+Priority: optional
+Pre-Depends:
+Depends:
+ ${shlibs:Depends},
+ ${misc:Depends},
+ libwolfssl
+Description: wolfPKCS11 cryptographic library
+ PKCS#11 library that implements cryptographic algorithms using wolfSSL.
+ This library provides a PKCS#11 interface for applications requiring
+ cryptographic operations through hardware security modules (HSMs),
+ Trusted Platform Modules (TPMs), or software-based tokens.
+
+Package: libwolfpkcs11-dev
+Architecture: any
+Section: libdevel
+Priority: optional
+Pre-Depends:
+Depends:
+ libwolfpkcs11 (= ${binary:Version}),
+ libwolfssl-dev,
+ ${misc:Depends}
+Description: wolfPKCS11 cryptographic library development files
+ PKCS#11 library that implements cryptographic algorithms using wolfSSL.
+ This library provides a PKCS#11 interface for applications requiring
+ cryptographic operations through hardware security modules (HSMs),
+ Trusted Platform Modules (TPMs), or software-based tokens.
+ .
+ This package contains the development files.

debian/control.in

@@ -0,0 +1,41 @@
+Source: wolfpkcs11
+Maintainer: wolfSSL <support@wolfssl.com>
+Section: libs
+Priority: optional
+Standards-Version: 4.6.2
+Build-Depends: debhelper-compat (= 13), libwolfssl-dev
+Vcs-Git: https://github.com/wolfSSL/wolfPKCS11.git
+Vcs-browser: https://github.com/wolfSSL/wolfPKCS11
+Homepage: https://www.wolfssl.com/
+
+Package: libwolfpkcs11
+Architecture: any
+Section: libs
+Priority: optional
+Pre-Depends:
+Depends:
+ ${shlibs:Depends},
+ ${misc:Depends},
+ libwolfssl
+Description: wolfPKCS11 cryptographic library
+ PKCS#11 library that implements cryptographic algorithms using wolfSSL.
+ This library provides a PKCS#11 interface for applications requiring
+ cryptographic operations through hardware security modules (HSMs),
+ Trusted Platform Modules (TPMs), or software-based tokens.
+
+Package: libwolfpkcs11-dev
+Architecture: any
+Section: libdevel
+Priority: optional
+Pre-Depends:
+Depends:
+ libwolfpkcs11 (= ${binary:Version}),
+ libwolfssl-dev,
+ ${misc:Depends}
+Description: wolfPKCS11 cryptographic library development files
+ PKCS#11 library that implements cryptographic algorithms using wolfSSL.
+ This library provides a PKCS#11 interface for applications requiring
+ cryptographic operations through hardware security modules (HSMs),
+ Trusted Platform Modules (TPMs), or software-based tokens.
+ .
+ This package contains the development files.

debian/copyright

@@ -0,0 +1,27 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: wolfpkcs11
+Upstream-Contact: wolfSSL <support@wolfssl.com>
+Source: https://github.com/wolfSSL/wolfPKCS11/releases
+
+Files:
+ *
+Copyright:
+ 2014-2025 wolfSSL Inc.
+License: GPL-3+
+
+License: GPL-3+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".

debian/include.am

@@ -0,0 +1,83 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= debian/changelog
+EXTRA_DIST+= debian/control
+EXTRA_DIST+= debian/control.in
+EXTRA_DIST+= debian/copyright
+EXTRA_DIST+= debian/include.am
+
+DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+
+deb:
+# Setup meta folders
+	mkdir -p debian/libwolfpkcs11/DEBIAN debian/libwolfpkcs11-dev/DEBIAN
+# "Install" wolfPKCS11
+	make install exec_prefix=$(CURDIR)/debian/libwolfpkcs11/usr \
+		prefix=$(CURDIR)/debian/libwolfpkcs11-dev/usr
+# deb shared lib stuff
+	fakeroot dh_makeshlibs
+	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
+	dh_installdeb
+# Generate the lib and src descriptions
+	fakeroot dh_gencontrol
+# Make adjustments to the package structure and to satisfy lintian checks
+# Correct doc dir name
+	@rm -rf debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev
+	@if [ -d debian/libwolfpkcs11-dev/usr/share/doc/wolfpkcs11 ]; then \
+		mv debian/libwolfpkcs11-dev/usr/share/doc/wolfpkcs11 \
+			debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev; \
+	else \
+		mkdir -p debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev; \
+	fi
+# Clear lib folder
+	@rm -rf debian/libwolfpkcs11-dev/usr/lib
+	@mkdir -p debian/libwolfpkcs11-dev/usr/lib
+# Move the top level .so into the dev pkg
+	@mv debian/libwolfpkcs11/usr/lib/libwolfpkcs11.so debian/libwolfpkcs11-dev/usr/lib
+# Create correct pkg doc dir
+	@rm -rf debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11
+	@mkdir -p debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11
+# Place changelog
+	@gzip -n -9 -c debian/changelog | \
+		tee debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11/changelog.gz > \
+		debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev/changelog.gz
+# Place copyright
+	@cp debian/copyright debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11
+	@cp debian/copyright debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev
+# Remove .la file https://wiki.debian.org/ReleaseGoals/LAFileRemoval
+	@rm debian/libwolfpkcs11/usr/lib/libwolfpkcs11.la
+# Strip unwanted symbols
+# https://www.debian.org/doc/debian-policy/ch-files.html#binaries
+	@strip --strip-unneeded debian/libwolfpkcs11/usr/lib/libwolfpkcs11.so.*.*.*
+# Place pkgconfig so that it is available for cross-compilation
+# https://lintian.debian.org/tags/pkg-config-unavailable-for-cross-compilation
+	@rm -rf debian/libwolfpkcs11/usr/lib/$(DEB_HOST_MULTIARCH)
+	@mkdir -p debian/libwolfpkcs11/usr/lib/$(DEB_HOST_MULTIARCH)
+	@if [ -d debian/libwolfpkcs11/usr/lib/pkgconfig ]; then \
+		mv debian/libwolfpkcs11/usr/lib/pkgconfig \
+			debian/libwolfpkcs11/usr/lib/$(DEB_HOST_MULTIARCH); \
+	fi
+# Set the expected access rules
+	@chmod 644 debian/libwolfpkcs11/usr/lib/libwolfpkcs11.so.*.*.*
+	@chmod 644 debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11/changelog.gz \
+		debian/libwolfpkcs11/usr/share/doc/libwolfpkcs11/copyright \
+		debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev/changelog.gz \
+		debian/libwolfpkcs11-dev/usr/share/doc/libwolfpkcs11-dev/copyright
+# Do this as the last step to mark all directories with the correct access bits
+	@find debian/libwolfpkcs11*/usr -type d | xargs chmod 755
+# Generate debs
+	dpkg-deb --root-owner-group -b debian/libwolfpkcs11 .
+	dpkg-deb --root-owner-group -b debian/libwolfpkcs11-dev .
+# Check that everything is correct with lintian
+# - we don't provide a manual page for wolfpkcs11-config
+# - we don't care about matching the soname for our debs
+	lintian *.deb --fail-on error,warning --tag-display-limit 0 \
+		--suppress-tags no-manual-page,package-name-doesnt-match-sonames
+# Clean up the working dirs
+	make deb-clean
+
+deb-clean:
+	rm -rf debian/libwolfpkcs11 debian/libwolfpkcs11-dev debian/files \
+		debian/*.substvars debian/.debhelper