This is the flow for building and installing
From the repo root, run the following command:
./scripts/build-wolfprovider.sh --debian
For a FIPS build, run the following:
./scripts/build-wolfprovider.sh --debian --enable-fips
The Debian packages are placed in the parent directory, which should be one level above the repo root.
Instead of doing a local build as outlined above, we can alternatively use packages generated from CI.
To use a build from CI for local install, download the artifacts from the Debian CI job. Then install the .deb's from the zip file with apt as shown below rather than from the build.
If not already done, install the WolfSSL Debian package. The script below will clone the wolfSSL repository and build packages from source. This step is only needed once, and can be done prior to the build-wolfprovider.sh step above.
Basic usage (builds master branch in temporary directory):
./debian/install-wolfssl.sh
Build master branch in specific directory:
./debian/install-wolfssl.sh /path/to/working/directory
Build specific tag or branch:
./debian/install-wolfssl.sh --tag v5.6.4
./debian/install-wolfssl.sh --tag v5.6.4 /path/to/working/directory
Build with debug mode enabled:
./debian/install-wolfssl.sh --debug
./debian/install-wolfssl.sh --debug --tag v5.6.4
./debian/install-wolfssl.sh --debug --tag v5.6.4 /path/to/working/directory
The script will automatically detect if wolfSSL is already cloned in the working directory and reuse it. For older tags that don't include debian packaging files, the script will automatically backport the packaging from master.
For the script above, some systems may require additional packages:
apt install build-essential devscripts dh-exec
Important: before proceeding with the wolfProvider install, make sure packages are not present:
apt purge -y libwolfprov ; apt purge -y openssl-config ; apt purge -y openssl ; apt purge -y libssl3
Get the system architecture which determines the library paths for the following steps:
export CURRENT_ARCH=$(dpkg --print-architecture)
Then install the wolfProvider-specific OpenSSL. From the repo root:
apt install ../openssl*${CURRENT_ARCH}*.deb ../libssl3*${CURRENT_ARCH}*.deb
Check that the provider API is disabled since wolfProvider is not installed:
$ openssl list -providers
Could not load libwolfprov.so. Is the libwolfprov package installed?
libwolfprov.so: cannot open shared object file: No such file or directory
Then install wolfProvider:
apt install ../libwolfprov*${CURRENT_ARCH}*.deb
Confirm that wolfProvider is installed:
$ openssl list -providers
Output should look like this:
Providers:
default
name: wolfSSL Provider
version: 1.0.2
status: active
Always use CI to perform the release build to avoid potential errors from building locally.
- Tag the wolfProvider repo in the format
vX.Y.Z- The changelog is generated by the Debian scripts
- Run the Debian job in CI
- Download the artifacts zip file which contains the .deb's
- Generate release archives as needed