Skip to content

Commit ccd9cc5

Browse files
dgarskedgarske
authored
Merge pull request #401 from aidangarske/fix-wolfprovider-ci-nightly
Fix nightly FIPS scripts CI: RPATH, dynamic wolfSSL tag, better FIPS errors
2 parents 2daab3b + 3881f28 commit ccd9cc5

2 files changed

Lines changed: 25 additions & 3 deletions

File tree

scripts/utils-openssl.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,13 +28,13 @@ source ${SCRIPT_DIR}/utils-general.sh
2828
OPENSSL_GIT_URL="https://github.com/openssl/openssl.git"
2929
OPENSSL_TAG=${OPENSSL_TAG:-"openssl-3.5.4"}
3030
OPENSSL_SOURCE_DIR=${SCRIPT_DIR}/../openssl-source
31-
OPENSSL_INSTALL_DIR=${SCRIPT_DIR}/../openssl-install
31+
OPENSSL_INSTALL_DIR=$(cd "${SCRIPT_DIR}/.." && pwd -P)/openssl-install
3232
OPENSSL_BIN=${OPENSSL_INSTALL_DIR}/bin/openssl
3333
OPENSSL_TEST=${OPENSSL_SOURCE_DIR}/test
3434
OPENSSL_LIB_DIRS="${OPENSSL_INSTALL_DIR}/lib:${OPENSSL_INSTALL_DIR}/lib64"
3535
OPENSSL_CFLAGS=${OPENSSL_CFLAGS:-""}
3636
OPENSSL_CXXFLAGS=${OPENSSL_CXXFLAGS:-""}
37-
OPENSSL_LDFLAGS=${OPENSSL_LDFLAGS:-""}
37+
OPENSSL_LDFLAGS=${OPENSSL_LDFLAGS:-"-Wl,-rpath,${OPENSSL_INSTALL_DIR}/lib -Wl,-rpath,${OPENSSL_INSTALL_DIR}/lib64"}
3838

3939
NUMCPU=${NUMCPU:-8}
4040
WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}

scripts/utils-wolfssl.sh

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,22 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
2222
source ${SCRIPT_DIR}/utils-general.sh
2323

2424
WOLFSSL_GIT=${WOLFSSL_GIT:-"https://github.com/wolfSSL/wolfssl.git"}
25-
WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.8.4-stable"}
25+
# Resolve WOLFSSL_TAG dynamically so we don't have to hand-bump on every release.
26+
# Order: explicit WOLFSSL_TAG (caller override) -> WOLFSSL_LATEST (Jenkins "Resolve
27+
# versions" stage already sets this with zero extra HTTP cost) -> GitHub releases
28+
# API (for local runs without Jenkins) -> hardcoded floor as a last-resort safety
29+
# net in case GitHub is unreachable.
30+
if [ -z "$WOLFSSL_TAG" ]; then
31+
if [ -n "$WOLFSSL_LATEST" ]; then
32+
WOLFSSL_TAG="$WOLFSSL_LATEST"
33+
else
34+
WOLFSSL_TAG=$(curl -fsSL https://api.github.com/repos/wolfSSL/wolfssl/releases/latest 2>/dev/null \
35+
| grep -oE '"tag_name"[[:space:]]*:[[:space:]]*"[^"]+"' \
36+
| head -1 \
37+
| sed -E 's/.*"([^"]+)"$/\1/')
38+
fi
39+
fi
40+
WOLFSSL_TAG="${WOLFSSL_TAG:-v5.9.1-stable}"
2641
WOLFSSL_SOURCE_DIR=${SCRIPT_DIR}/../wolfssl-source
2742
WOLFSSL_INSTALL_DIR=${SCRIPT_DIR}/../wolfssl-install
2843
WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
@@ -235,6 +250,13 @@ install_wolfssl() {
235250
fi
236251
if [ $RET_CODE != 0 ]; then
237252
printf "ERROR checking out FIPS (return code: $RET_CODE)\n"
253+
if [ -f "$LOG_FILE" ]; then
254+
echo ""
255+
echo "==> $fips_check_script output:"
256+
cat "$LOG_FILE"
257+
echo "==> end $fips_check_script output"
258+
echo ""
259+
fi
238260
rm -rf ${WOLFSSL_INSTALL_DIR}
239261
do_cleanup
240262
exit 1

0 commit comments

Comments
 (0)