CI: install all apt deps from ghcr bundles

Extends the ghcr offline-install path to every install-apt-deps consumer
that was still on plain apt, and publishes the bundles they need.

New bundles built by ci-deps-image:
- ubuntu-24.04-embedded: the membrowse ARM cross-toolchain (~0.5 GB), kept
  out of -full so it does not bloat the interop workflows' pull.
- ubuntu-24.04-linuxkm: linux-headers-$(uname -r) + the kernel-module build
  toolchain. linux-headers tracks the runner's running kernel, so a daily
  job rebuilds it only when uname -r changed (recorded as an image label);
  a mismatch during a runner-image rollout just falls back to apt.

Consumers now passing ghcr-debs-tag:
- sssd -> ubuntu-24.04-full (its deps added to that list)
- hostap-vm -> ubuntu-22.04-full (its deps added to that list)
- membrowse targets -> ubuntu-24.04-embedded; the two linuxkm targets ->
  ubuntu-24.04-linuxkm (new per-target matrix.ghcr_tag)
- linuxkm.yml -> ubuntu-24.04-linuxkm (pinned to ubuntu-24.04 so the
  bundle's headers match the runner kernel)

Each consumer still falls back to apt when its bundle is unavailable, so
nothing breaks until ci-deps-image first publishes the new tags.
This commit is contained in:
Juliusz Sosinowicz
2026-06-16 15:22:36 +00:00
parent 2f50f8c968
commit 06e4ec9fe3
10 changed files with 155 additions and 9 deletions
@@ -4,6 +4,7 @@
# Keep sorted; add a package when an interop workflow adds one.
autoconf
automake
binutils-dev
bison
bridge-utils
build-essential
@@ -17,6 +18,7 @@ crossbuild-essential-arm64
crossbuild-essential-armel
crossbuild-essential-armhf
crossbuild-essential-riscv64
curl
device-tree-compiler
dfu-util
diffstat
@@ -39,12 +41,19 @@ help2man
iproute2
lcov
libcairo2-dev
libcurl4-openssl-dev
libdbus-1-dev
libglib2.0-dev
libgtk2.0-0
libiberty-dev
liblocale-gettext-perl
libmagic1
libncurses5-dev
libnl-3-dev
libnl-genl-3-dev
libnl-route-3-dev
libpcap-dev
libpcap0.8
libpopt0
libsdl1.2-dev
libsdl2-dev
@@ -63,6 +72,7 @@ python-is-python3
python3-dev
python3-pip
python3-ply
python3-pycryptodome
python3-setuptools
python3-tk
python3-wheel
@@ -73,6 +83,7 @@ socat
srecord
sudo
texinfo
tshark
uml-utilities
unzip
wget
@@ -0,0 +1,15 @@
# membrowse embedded-target apt packages for ubuntu-24.04 (the
# '-embedded' bundle: ghcr.io/<owner>/wolfssl-ci-debs:ubuntu-24.04-embedded).
# Kept separate from -full because the ARM cross-toolchain is large (~0.5 GB)
# and unrelated to the interop workflows that pull -full. Keep sorted.
build-essential
ca-certificates
cmake
gcc-arm-none-eabi
git
libnewlib-arm-none-eabi
libstdc++-arm-none-eabi-newlib
ninja-build
python3
unzip
wget
@@ -8,6 +8,7 @@ autoconf
autoconf-archive
automake
autopoint
bc
bubblewrap
build-essential
ccache
@@ -51,6 +52,8 @@ libidn2-dev
libio-socket-ssl-perl
libjansson-dev
libkrb5-dev
libldb-dev
libldb2
liblz4-dev
liblzma-dev
liblzo2-dev
@@ -87,6 +90,7 @@ pkgconf
psmisc
python3-docutils
python3-impacket
python3-ldb
python3-psutil
shellcheck
uuid-dev
+20
View File
@@ -4,6 +4,7 @@
"port": "gcc-arm",
"board": "cortex-m4",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -15,6 +16,7 @@
"port": "gcc-arm",
"board": "cortex-m4-min-ecc",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -26,6 +28,7 @@
"port": "gcc-arm",
"board": "cortex-m4-tls12",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -37,6 +40,7 @@
"port": "gcc-arm",
"board": "cortex-m4-baremetal",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_baremetal.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_baremetal.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -48,6 +52,7 @@
"port": "gcc-arm",
"board": "cortex-m0plus",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -59,6 +64,7 @@
"port": "gcc-arm",
"board": "cortex-m3",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -70,6 +76,7 @@
"port": "gcc-arm",
"board": "cortex-m7",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -81,6 +88,7 @@
"port": "gcc-arm",
"board": "cortex-m4-tls13",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -92,6 +100,7 @@
"port": "gcc-arm",
"board": "cortex-m4-dtls13",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_dtls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_dtls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
@@ -103,6 +112,7 @@
"port": "gcc-arm",
"board": "cortex-m4-pq",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
@@ -114,6 +124,7 @@
"port": "gcc-arm",
"board": "cortex-m4-rsa-only",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_rsa_only.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_rsa_only.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
@@ -125,6 +136,7 @@
"port": "gcc-arm",
"board": "cortex-m4-pkcs7",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_pkcs7.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pkcs7.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -136,6 +148,7 @@
"port": "gcc-arm",
"board": "cortex-m4-openssl-compat",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_openssl_compat.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_openssl_compat.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define SMALL_SESSION_CACHE\\n#undef HAVE_OCSP\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST_V2\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define USER_TICKS\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
@@ -147,6 +160,7 @@
"port": "gcc-arm",
"board": "cortex-m4-sp-math",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#define WOLFSSL_SP_MATH\\n#define WOLFSSL_SP_NO_ASM\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -158,6 +172,7 @@
"port": "gcc-arm",
"board": "cortex-m4-crypto-only",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "mkdir -p IDE/GCC-ARM/Header-gen && printf '#ifndef WOLFSSL_USER_SETTINGS_H\\n#define WOLFSSL_USER_SETTINGS_H\\n#define WOLFCRYPT_ONLY\\n#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define HAVE_AESGCM\\n#define HAVE_AES_DECRYPT\\n#define HAVE_ECC\\n#define HAVE_CHACHA\\n#define HAVE_POLY1305\\n#define WOLFSSL_SHA512\\n#define WOLFSSL_SHA384\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#endif\\n' > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -169,6 +184,7 @@
"port": "gcc-arm",
"board": "cortex-m7-tls13",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker.ld",
@@ -180,6 +196,7 @@
"port": "gcc-arm",
"board": "cortex-m7-pq",
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
"ld": "IDE/GCC-ARM/linker_large.ld",
@@ -191,6 +208,7 @@
"port": "stm32-sim",
"board": "stm32h753",
"apt_packages": "build-essential ca-certificates cmake ninja-build python3 git gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib wget unzip",
"ghcr_tag": "ubuntu-24.04-embedded",
"build_cmd": "if [ ! -d simulators ]; then git clone --depth 1 https://github.com/wolfSSL/simulators simulators; fi && sudo mkdir -p /opt && if [ ! -d /opt/cmsis-device-h7 ]; then sudo git clone --depth 1 https://github.com/STMicroelectronics/cmsis-device-h7.git /opt/cmsis-device-h7; fi && if [ ! -d /opt/CMSIS_5 ]; then sudo git clone --depth 1 https://github.com/ARM-software/CMSIS_5.git /opt/CMSIS_5; fi && if [ ! -d /opt/STM32CubeH7 ]; then (sudo git clone --depth 1 --branch v1.11.2 --recurse-submodules https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 || (sudo git clone --depth 1 --branch v1.11.2 https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 && cd /opt/STM32CubeH7 && sudo git submodule update --init --recursive --depth 1)); fi && sudo rm -rf /opt/firmware-stm32sim-h7 /opt/wolfssl-stm32sim && sudo mkdir -p /opt/firmware-stm32sim-h7 && sudo cp -r simulators/STM32Sim/firmware/wolfcrypt-test-h7/. /opt/firmware-stm32sim-h7/ && sudo cp /opt/firmware-stm32sim-h7/stm32h7xx_hal_conf.h /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc/ && sudo cp -r . /opt/wolfssl-stm32sim && sudo rm -f /opt/wolfssl-stm32sim/config.h && cd /opt/firmware-stm32sim-h7 && sudo cmake -G Ninja -DWOLFSSL_USER_SETTINGS=ON -DUSER_SETTINGS_FILE=/opt/firmware-stm32sim-h7/user_settings.h -DCMAKE_TOOLCHAIN_FILE=/opt/firmware-stm32sim-h7/toolchain-arm-none-eabi.cmake -DCMAKE_BUILD_TYPE=Release -DWOLFSSL_CRYPT_TESTS=OFF -DWOLFSSL_EXAMPLES=OFF -DWOLFSSL_ROOT=/opt/wolfssl-stm32sim -B /opt/firmware-stm32sim-h7/build -S /opt/firmware-stm32sim-h7 && sudo cmake --build /opt/firmware-stm32sim-h7/build && sudo cp /opt/firmware-stm32sim-h7/build/wolfcrypt_test.elf $GITHUB_WORKSPACE/wolfcrypt_test.elf",
"elf": "wolfcrypt_test.elf",
"ld": "simulators/STM32Sim/firmware/wolfcrypt-test-h7/stm32h753.ld",
@@ -201,6 +219,7 @@
"port": "linuxkm",
"board": "linux-kernel-module-standard",
"apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)",
"ghcr_tag": "ubuntu-24.04-linuxkm",
"build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1",
"elf": "linuxkm/libwolfssl.ko",
"ld": "linuxkm/wolfcrypt.lds",
@@ -211,6 +230,7 @@
"port": "linuxkm",
"board": "linux-kernel-module-pie",
"apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)",
"ghcr_tag": "ubuntu-24.04-linuxkm",
"build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1",
"elf": "linuxkm/libwolfssl.ko",
"ld": "linuxkm/wolfcrypt.lds",
+99 -8
View File
@@ -1,7 +1,9 @@
name: CI deps image
# Builds the prebuilt apt .deb bundles that the make-check family (the
# -minimal tags) and the interop workflows (the -full tags, a superset)
# -minimal tags), the interop workflows (the -full tags, a superset), the
# membrowse embedded targets (the -embedded tag - the big ARM cross-toolchain)
# and the linux kernel-module builds (the -linuxkm tag - kernel headers)
# install offline (see .github/actions/install-apt-deps, input
# ghcr-debs-tag). Each bundle holds the .debs for a package list in
# .github/ci-deps/ - every package plus the dependencies not already on the
@@ -22,13 +24,18 @@ name: CI deps image
on:
schedule:
# Weekend only - refresh the bundles weekly so they track base-image
# security updates. A mid-week package-list change waits for Saturday
# (or run this manually via workflow_dispatch); until then the offline
# install (a single --no-download install of the whole set) fails if any
# requested package is missing from the bundle, and install-apt-deps
# falls back to the full apt path.
# Weekly (Saturday) - the static bundles (-minimal/-full/-embedded).
# Refreshes them so they track base-image security updates. A mid-week
# package-list change waits for Saturday (or run this manually via
# workflow_dispatch); until then the offline install (a single
# --no-download install of the whole set) fails if any requested package
# is missing from the bundle, and install-apt-deps falls back to apt.
- cron: '0 2 * * 6'
# Daily - the kernel-tracking -linuxkm bundle only. linux-headers-$(uname
# -r) pins to the runner's running kernel (changes ~monthly); the linuxkm
# job rebuilds solely when uname -r differs from the published bundle, a
# cheap no-op otherwise. A mismatch mid-rollout just falls back to apt.
- cron: '0 3 * * *'
workflow_dispatch:
concurrency:
@@ -42,7 +49,11 @@ permissions:
jobs:
build:
name: build ${{ matrix.tag }}
if: github.repository_owner == 'wolfssl'
# Static bundles: weekly cron or manual dispatch. Skip the daily cron,
# which exists only to refresh the kernel-tracking -linuxkm bundle below.
if: >-
github.repository_owner == 'wolfssl' &&
(github.event_name != 'schedule' || github.event.schedule == '0 2 * * 6')
strategy:
fail-fast: false
matrix:
@@ -55,6 +66,10 @@ jobs:
tag: ubuntu-24.04-minimal
- runner: ubuntu-24.04
tag: ubuntu-24.04-full
# membrowse embedded targets' ARM cross-toolchain (~0.5 GB). Its own
# tag so it does not bloat the -full pull for the interop workflows.
- runner: ubuntu-24.04
tag: ubuntu-24.04-embedded
- runner: ubuntu-22.04
tag: ubuntu-22.04-minimal
- runner: ubuntu-22.04
@@ -114,3 +129,79 @@ jobs:
docker tag bundle "$IMG:${{ matrix.tag }}"
docker push "$IMG:${{ matrix.tag }}"
echo "Pushed $IMG:${{ matrix.tag }}"
# Kernel-tracking bundle for the linux kernel-module builds (linuxkm.yml and
# the membrowse linuxkm targets). linux-headers-$(uname -r) pins to the
# runner's running kernel, so this runs daily but rebuilds only when the
# kernel changed since the published bundle (the image carries the kernel as
# a label). A mismatch - e.g. during a gradual runner-image rollout - just
# makes install-apt-deps fall back to apt.
linuxkm:
name: build ubuntu-24.04-linuxkm
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 20
steps:
- name: Log in to ghcr
shell: bash
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
- name: Decide whether the published bundle already matches this kernel
id: check
shell: bash
run: |
set -uo pipefail
OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
IMG="ghcr.io/$OWNER/wolfssl-ci-debs:ubuntu-24.04-linuxkm"
K=$(uname -r)
echo "kernel=$K" >> "$GITHUB_OUTPUT"
echo "runner kernel: $K"
have=""
if docker pull -q "$IMG" >/dev/null 2>&1; then
have=$(docker inspect --format '{{ index .Config.Labels "kernel" }}' "$IMG" 2>/dev/null || true)
fi
echo "published bundle kernel: ${have:-<none>}"
if [ "$have" = "$K" ]; then
echo "rebuild=false" >> "$GITHUB_OUTPUT"
echo "Bundle already current for $K; nothing to do."
else
echo "rebuild=true" >> "$GITHUB_OUTPUT"
fi
- name: Resolve and download the .deb closure
if: steps.check.outputs.rebuild == 'true'
shell: bash
run: |
set -euo pipefail
K="${{ steps.check.outputs.kernel }}"
# linuxkm.yml installs only the headers; the membrowse linuxkm targets
# also need the build toolchain. Bundle the union - each consumer
# installs its own subset offline.
PKGS=(build-essential autoconf automake libtool "linux-headers-$K")
echo "Packages: ${PKGS[*]}"
export DEBIAN_FRONTEND=noninteractive
rm -rf debs && mkdir -p debs
sudo apt-get clean
retry() { local i; for i in 1 2 3 4 5; do "$@" && return 0; sleep $((2**i)); done; "$@"; }
retry sudo apt-get update -q
skipped=0
for pkg in "${PKGS[@]}"; do
retry sudo apt-get install -y --download-only "$pkg" \
|| { echo "::warning::could not download $pkg"; skipped=$((skipped+1)); }
done
sudo cp /var/cache/apt/archives/*.deb debs/ 2>/dev/null || true
echo "Bundled $(ls debs/*.deb 2>/dev/null | wc -l) .deb files; ${skipped} skipped"
test -n "$(ls debs/*.deb 2>/dev/null)"
- name: Build and push bundle (labelled with the kernel)
if: steps.check.outputs.rebuild == 'true'
shell: bash
run: |
set -euo pipefail
K="${{ steps.check.outputs.kernel }}"
OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
IMG="ghcr.io/$OWNER/wolfssl-ci-debs:ubuntu-24.04-linuxkm"
printf 'FROM busybox\nCOPY debs /debs\nLABEL kernel=%s\n' "$K" > Dockerfile.debs
docker build -f Dockerfile.debs -t "$IMG" .
docker push "$IMG"
echo "Pushed $IMG (kernel $K)"
+1
View File
@@ -230,6 +230,7 @@ jobs:
uses: ./wolfssl/.github/actions/install-apt-deps
with:
packages: libpcap0.8 libpcap-dev curl libcurl4-openssl-dev libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
ghcr-debs-tag: ubuntu-22.04-full
- name: Install pip dependencies
run: sudo pip install pycryptodome
+2 -1
View File
@@ -24,7 +24,7 @@ jobs:
]
name: build module
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
timeout-minutes: 5
steps:
- uses: actions/checkout@v5
@@ -34,6 +34,7 @@ jobs:
uses: ./.github/actions/install-apt-deps
with:
packages: linux-headers-$(uname -r)
ghcr-debs-tag: ubuntu-24.04-linuxkm
- name: Prepare target kernel for module builds
run: |
+1
View File
@@ -47,6 +47,7 @@ jobs:
uses: ./.github/actions/install-apt-deps
with:
packages: ${{ matrix.apt_packages }}
ghcr-debs-tag: ${{ matrix.ghcr_tag }}
- name: Run Membrowse Onboard Action
uses: membrowse/membrowse-action/onboard-action@v1
+1
View File
@@ -86,6 +86,7 @@ jobs:
uses: ./.github/actions/install-apt-deps
with:
packages: ${{ matrix.apt_packages }}
ghcr-debs-tag: ${{ matrix.ghcr_tag }}
- name: Build firmware
if: needs.check-changes.outputs.needs_build == 'true'
+1
View File
@@ -67,6 +67,7 @@ jobs:
uses: ./.github/actions/install-apt-deps
with:
packages: build-essential autoconf libldb-dev libldb2 python3-ldb bc libcap-dev
ghcr-debs-tag: ubuntu-24.04-full
- name: Setup env
run: |