Merge pull request #381 from padelsbach/wp-rsa-remove-ifdefs #950
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Debian Package Test | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| build_wolfprovider: | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| fips_ref: ${{ matrix.fips_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true, false ] | |
| libwolfprov-replace-default: | |
| name: libwolfprov ${{ matrix.replace_default && 'replace-default' || 'standalone' }} ${{ matrix.fips_ref }} | |
| runs-on: ubuntu-22.04 | |
| needs: build_wolfprovider | |
| # Run inside Debian Bookworm to match packaging environment | |
| container: | |
| image: debian:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| # This should be a safe limit for the tests to run. | |
| timeout-minutes: 20 | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true, false ] | |
| force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| WOLFPROV_CONF_FILE: /etc/ssl/openssl.cnf.d/wolfprovider.conf | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download packages from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} | |
| path: /tmp | |
| - name: Install OpenSSL packages | |
| run: | | |
| if [ "${{ matrix.replace_default }}" = "true" ]; then | |
| # Install OpenSSL packages for replace-default mode | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| else | |
| # Install standard OpenSSL packages | |
| apt-get update | |
| apt-get install -y \ | |
| openssl libssl3 libssl-dev | |
| fi | |
| - name: Install wolfSSL and wolfProvider packages | |
| run: | | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| # In standalone mode, use OPENSSL_CONF to enable wolfProvider. | |
| if [ "${{ matrix.replace_default }}" = "false" ]; then | |
| echo "Setting OPENSSL_CONF to /etc/ssl/openssl.cnf.d/wolfprovider.conf" | |
| # export OPENSSL_CONF=/etc/ssl/openssl.cnf.d/wolfprovider.conf | |
| echo "OPENSSL_CONF=/etc/ssl/openssl.cnf.d/wolfprovider.conf" >> "$GITHUB_ENV" | |
| fi | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh \ | |
| ${{ matrix.replace_default && '--replace-default' || '' }} \ | |
| ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} | |
| - name: Test OpenSSL provider functionality | |
| shell: bash | |
| run: | | |
| # Run the do-cmd-test.sh script to execute interoperability tests | |
| echo "Running OpenSSL provider interoperability tests..." | |
| OPENSSL_BIN=$(eval which openssl) ${{ matrix.replace_default && 'WOLFPROV_REPLACE_DEFAULT=1' || '' }} ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh | |
| echo "PASS: All provider interoperability tests successful" | |
| - name: Uninstall package and verify cleanup | |
| run: | | |
| # Uninstall the package | |
| apt-get remove -y libwolfprov | |
| if openssl list -providers | grep -q "wolfSSL Provider"; then | |
| echo "wolfprovider is still listed as an OpenSSL provider" | |
| exit 1 | |
| fi | |
| # Purge the package to remove all files | |
| apt-get remove --purge -y libwolfprov | |
| # Verify the package is removed | |
| if dpkg -l | grep -q libwolfprov; then | |
| echo "Package still installed after removal" | |
| dpkg -l | grep libwolfprov | |
| exit 1 | |
| else | |
| echo "Package successfully removed" | |
| fi | |
| # Check if the config file is removed | |
| if [ -f $WOLFPROV_CONF_FILE ]; then | |
| echo "wolfprovider.conf still exists after package removal" | |
| ls -la $(dirname $WOLFPROV_CONF_FILE) | |
| exit 1 | |
| else | |
| echo "wolfprovider.conf successfully removed" | |
| fi | |
| # Check if the library files are removed | |
| WOLFPROV_OBJS=$(find /usr/lib -name "libwolfprov.so*") | |
| if [ -n "$WOLFPROV_OBJS" ]; then | |
| echo "libwolfprov.so still exists after package removal" | |
| echo "$WOLFPROV_OBJS" | |
| exit 1 | |
| else | |
| echo "libwolfprov.so successfully removed" | |
| fi | |
| echo "Package uninstallation and cleanup verification successful" |