From 1766a691520820eb58d6f3c5826e09774f074b9e Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 28 Mar 2023 16:46:53 +0200 Subject: [PATCH 1/4] actions: Build wolfSSL in seperate job --- .github/workflows/hostap.yml | 66 ++++++++++++++++++++++++++++------- .github/workflows/openvpn.yml | 55 ++++++++++++++++++----------- .github/workflows/stunnel.yml | 33 ++++++++++++++---- 3 files changed, 114 insertions(+), 40 deletions(-) diff --git a/.github/workflows/hostap.yml b/.github/workflows/hostap.yml index 7fb6d27c5..d03aa5cf3 100644 --- a/.github/workflows/hostap.yml +++ b/.github/workflows/hostap.yml @@ -4,6 +4,46 @@ on: workflow_call: jobs: + build_wolfssl: + strategy: + matrix: + include: + - build_id: build1 + wolf_extra_config: --disable-tls13 + - build_id: build2 + wolf_extra_config: --enable-brainpool --enable-wpas-dpp + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-20.04 + steps: + # No way to view the full strategy in the browser (really weird) + - name: Print strategy + run: | + cat <> $GITHUB_ENV + + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: >- + --enable-wpas CFLAGS=-DWOLFSSL_STATIC_RSA + ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }} + install: true + + - name: Upload built lib + uses: actions/upload-artifact@v3 + with: + name: ${{ matrix.build_id }} + path: build-dir + retention-days: 1 + # Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop. hostap_test: strategy: @@ -23,13 +63,13 @@ jobs: hostap_cherry_pick: 698c05da2bd3233b005d45873caa852bc29b32c5, remove_teap: true, # TLS 1.3 does not work for this version - wolf_extra_config: --disable-tls13, + build_id: build1, }, # Test the dpp patch { hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb, osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446, - wolf_extra_config: --enable-brainpool --enable-wpas-dpp + build_id: build2 }, ] # parallelize the tests to be able to run all tests within 10 minutes @@ -44,11 +84,12 @@ jobs: config: { hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb, osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446, - wolf_extra_config: --enable-brainpool --enable-wpas-dpp + build_id: build2 } name: hwsim test # For openssl 1.1 runs-on: ubuntu-20.04 + needs: build_wolfssl steps: # No way to view the full strategy in the browser (really weird) - name: Print strategy @@ -57,6 +98,11 @@ jobs: ${{ toJSON(matrix) }} EOF + - name: Checkout wolfSSL + uses: actions/checkout@v3 + with: + path: wolfssl + - name: Install dependencies run: | # Don't prompt for anything @@ -75,19 +121,15 @@ jobs: lsmod | grep mac80211 - if: ${{ runner.debug }} - name: Enable wolfSSL and hostap debug logging + name: Enable hostap debug logging run: | - echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV echo "hostap_debug_flags=-d" >> $GITHUB_ENV - - name: Build wolfSSL - uses: wolfSSL/actions-build-autotools-project@v1 + - name: Download lib + uses: actions/download-artifact@v3 with: - path: wolfssl - configure: >- - --enable-wpas CFLAGS=-DWOLFSSL_STATIC_RSA - ${{ env.wolf_debug_flags }} ${{ matrix.config.wolf_extra_config }} - install: true + name: ${{ matrix.config.build_id }} + path: build-dir - name: Setup d-bus working-directory: wolfssl/.github/workflows/hostap-files diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index f0d907b7d..38faa2481 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -4,13 +4,9 @@ on: workflow_call: jobs: - openvpn_check: - strategy: - fail-fast: false - matrix: - # List of refs to test - ref: [ master, release/2.6, v2.6.0 ] - name: ${{ matrix.ref }} + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target runs-on: ubuntu-latest steps: - name: Build wolfSSL @@ -20,6 +16,29 @@ jobs: configure: --enable-openvpn install: true + - name: Upload built lib + uses: actions/upload-artifact@v3 + with: + name: wolf-install + path: build-dir + retention-days: 1 + + openvpn_check: + strategy: + fail-fast: false + matrix: + # List of refs to test + ref: [ master, release/2.6, v2.6.0 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v3 + with: + name: wolf-install + path: build-dir + - name: Install dependencies run: | sudo apt-get update @@ -29,6 +48,10 @@ jobs: - if: ${{ matrix.ref != 'master' }} name: Build and test openvpn with fsanitize + run: | + echo 'extra_c_flags=CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2"' >> $GITHUB_ENV + + - name: Build and test openvpn uses: wolfSSL/actions-build-autotools-project@v1 with: repository: OpenVPN/openvpn @@ -38,19 +61,9 @@ jobs: --with-crypto-library=wolfssl WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" WOLFSSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" - CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2" - check: true - - - if: ${{ matrix.ref == 'master' }} - name: Build and test openvpn without fsanitize - uses: wolfSSL/actions-build-autotools-project@v1 - with: - repository: OpenVPN/openvpn - ref: ${{ matrix.ref }} - path: openvpn - configure: >- - --with-crypto-library=wolfssl - WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" - WOLFSSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" + ${{ env.extra_c_flags }} check: true + - name: Confirm OpenVPN built with wolfSSL + working-directory: ./openvpn + run: ldd src/openvpn/openvpn | grep wolfssl diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index f782a8f2c..3ab4f7270 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -4,13 +4,9 @@ on: workflow_call: jobs: - stunnel_check: - strategy: - fail-fast: false - matrix: - # List of releases to test - ref: [ 5.67 ] - name: ${{ matrix.ref }} + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target runs-on: ubuntu-latest steps: - name: Build wolfSSL @@ -19,6 +15,29 @@ jobs: path: wolfssl configure: --enable-stunnel install: true + + - name: Upload built lib + uses: actions/upload-artifact@v3 + with: + name: wolf-install + path: build-dir + retention-days: 1 + + stunnel_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 5.67 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v3 + with: + name: wolf-install + path: build-dir - name: Checkout OSP uses: actions/checkout@v3 From f5b0c406c024202291068bae4391d80db21551b5 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 28 Mar 2023 17:17:18 +0200 Subject: [PATCH 2/4] use unique artifact names --- .github/workflows/hostap.yml | 10 +++++----- .github/workflows/openvpn.yml | 4 ++-- .github/workflows/stunnel.yml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/hostap.yml b/.github/workflows/hostap.yml index d03aa5cf3..402f7b715 100644 --- a/.github/workflows/hostap.yml +++ b/.github/workflows/hostap.yml @@ -8,9 +8,9 @@ jobs: strategy: matrix: include: - - build_id: build1 + - build_id: hostap-build1 wolf_extra_config: --disable-tls13 - - build_id: build2 + - build_id: hostap-build2 wolf_extra_config: --enable-brainpool --enable-wpas-dpp name: Build wolfSSL # Just to keep it the same as the testing target @@ -63,13 +63,13 @@ jobs: hostap_cherry_pick: 698c05da2bd3233b005d45873caa852bc29b32c5, remove_teap: true, # TLS 1.3 does not work for this version - build_id: build1, + build_id: hostap-build1, }, # Test the dpp patch { hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb, osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446, - build_id: build2 + build_id: hostap-build2 }, ] # parallelize the tests to be able to run all tests within 10 minutes @@ -84,7 +84,7 @@ jobs: config: { hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb, osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446, - build_id: build2 + build_id: hostap-build2 } name: hwsim test # For openssl 1.1 diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 38faa2481..cf943544f 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -19,7 +19,7 @@ jobs: - name: Upload built lib uses: actions/upload-artifact@v3 with: - name: wolf-install + name: wolf-install-openvpn path: build-dir retention-days: 1 @@ -36,7 +36,7 @@ jobs: - name: Download lib uses: actions/download-artifact@v3 with: - name: wolf-install + name: wolf-install-openvpn path: build-dir - name: Install dependencies diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index 3ab4f7270..2f8f1de45 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -19,7 +19,7 @@ jobs: - name: Upload built lib uses: actions/upload-artifact@v3 with: - name: wolf-install + name: wolf-install-stunnel path: build-dir retention-days: 1 @@ -36,7 +36,7 @@ jobs: - name: Download lib uses: actions/download-artifact@v3 with: - name: wolf-install + name: wolf-install-stunnel path: build-dir - name: Checkout OSP From 415d6151ff894d28851a46043f54ee7bc37b055d Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 28 Mar 2023 18:10:01 +0200 Subject: [PATCH 3/4] Use unique name in openwrt action --- .github/workflows/docker-OpenWrt.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml index a343f4d90..a8dab5846 100644 --- a/.github/workflows/docker-OpenWrt.yml +++ b/.github/workflows/docker-OpenWrt.yml @@ -20,7 +20,7 @@ jobs: - name: Upload libwolfssl.so uses: actions/upload-artifact@v3 with: - name: libwolfssl.so + name: openwrt-libwolfssl.so path: src/.libs/libwolfssl.so retention-days: 1 compile_container: @@ -36,8 +36,8 @@ jobs: - uses: docker/setup-buildx-action@v2 - uses: actions/download-artifact@v3 with: - name: libwolfssl.so - path: Docker/OpenWrt/. + name: openwrt-libwolfssl.so + path: Docker/OpenWrt/libwolfssl.so - name: Build but dont push uses: docker/build-push-action@v3 with: From 43ca374cad45688b834b17e09f1dce2da01e7001 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 29 Mar 2023 11:32:32 +0200 Subject: [PATCH 4/4] actions: Fix openwrt patch --- .github/workflows/docker-OpenWrt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml index a8dab5846..25508b4c3 100644 --- a/.github/workflows/docker-OpenWrt.yml +++ b/.github/workflows/docker-OpenWrt.yml @@ -37,7 +37,7 @@ jobs: - uses: actions/download-artifact@v3 with: name: openwrt-libwolfssl.so - path: Docker/OpenWrt/libwolfssl.so + path: Docker/OpenWrt/. - name: Build but dont push uses: docker/build-push-action@v3 with: