-
Notifications
You must be signed in to change notification settings - Fork 30
150 lines (132 loc) · 5.6 KB
/
debian-package.yml
File metadata and controls
150 lines (132 loc) · 5.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Debian Package Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfprovider:
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
fips_ref: ${{ matrix.fips_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true, false ]
libwolfprov-replace-default:
name: libwolfprov ${{ matrix.replace_default && 'replace-default' || 'standalone' }} ${{ matrix.fips_ref }}
runs-on: ubuntu-22.04
needs: build_wolfprovider
# Run inside Debian Bookworm to match packaging environment
container:
image: debian:bookworm
env:
DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
wolfssl_ref: [ 'v5.8.4-stable' ]
openssl_ref: [ 'openssl-3.5.4' ]
fips_ref: [ 'FIPS', 'non-FIPS' ]
replace_default: [ true, false ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
WOLFPROV_CONF_FILE: /etc/ssl/openssl.cnf.d/wolfprovider.conf
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Download packages from build job
uses: actions/download-artifact@v4
with:
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
path: /tmp
- name: Install OpenSSL packages
run: |
if [ "${{ matrix.replace_default }}" = "true" ]; then
# Install OpenSSL packages for replace-default mode
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
else
# Install standard OpenSSL packages
apt-get update
apt-get install -y \
openssl libssl3 libssl-dev
fi
- name: Install wolfSSL and wolfProvider packages
run: |
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
# In standalone mode, use OPENSSL_CONF to enable wolfProvider.
if [ "${{ matrix.replace_default }}" = "false" ]; then
echo "Setting OPENSSL_CONF to /etc/ssl/openssl.cnf.d/wolfprovider.conf"
# export OPENSSL_CONF=/etc/ssl/openssl.cnf.d/wolfprovider.conf
echo "OPENSSL_CONF=/etc/ssl/openssl.cnf.d/wolfprovider.conf" >> "$GITHUB_ENV"
fi
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh \
${{ matrix.replace_default && '--replace-default' || '' }} \
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
- name: Test OpenSSL provider functionality
shell: bash
run: |
# Run the do-cmd-test.sh script to execute interoperability tests
echo "Running OpenSSL provider interoperability tests..."
OPENSSL_BIN=$(eval which openssl) ${{ matrix.replace_default && 'WOLFPROV_REPLACE_DEFAULT=1' || '' }} ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
echo "PASS: All provider interoperability tests successful"
- name: Uninstall package and verify cleanup
run: |
# Uninstall the package
apt-get remove -y libwolfprov
if openssl list -providers | grep -q "wolfSSL Provider"; then
echo "wolfprovider is still listed as an OpenSSL provider"
exit 1
fi
# Purge the package to remove all files
apt-get remove --purge -y libwolfprov
# Verify the package is removed
if dpkg -l | grep -q libwolfprov; then
echo "Package still installed after removal"
dpkg -l | grep libwolfprov
exit 1
else
echo "Package successfully removed"
fi
# Check if the config file is removed
if [ -f $WOLFPROV_CONF_FILE ]; then
echo "wolfprovider.conf still exists after package removal"
ls -la $(dirname $WOLFPROV_CONF_FILE)
exit 1
else
echo "wolfprovider.conf successfully removed"
fi
# Check if the library files are removed
WOLFPROV_OBJS=$(find /usr/lib -name "libwolfprov.so*")
if [ -n "$WOLFPROV_OBJS" ]; then
echo "libwolfprov.so still exists after package removal"
echo "$WOLFPROV_OBJS"
exit 1
else
echo "libwolfprov.so successfully removed"
fi
echo "Package uninstallation and cleanup verification successful"