From 06e4ec9fe32b3a0de910f53324b2c02b26b1bdc6 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 16 Jun 2026 15:22:36 +0000 Subject: [PATCH] CI: install all apt deps from ghcr bundles Extends the ghcr offline-install path to every install-apt-deps consumer that was still on plain apt, and publishes the bundles they need. New bundles built by ci-deps-image: - ubuntu-24.04-embedded: the membrowse ARM cross-toolchain (~0.5 GB), kept out of -full so it does not bloat the interop workflows' pull. - ubuntu-24.04-linuxkm: linux-headers-$(uname -r) + the kernel-module build toolchain. linux-headers tracks the runner's running kernel, so a daily job rebuilds it only when uname -r changed (recorded as an image label); a mismatch during a runner-image rollout just falls back to apt. Consumers now passing ghcr-debs-tag: - sssd -> ubuntu-24.04-full (its deps added to that list) - hostap-vm -> ubuntu-22.04-full (its deps added to that list) - membrowse targets -> ubuntu-24.04-embedded; the two linuxkm targets -> ubuntu-24.04-linuxkm (new per-target matrix.ghcr_tag) - linuxkm.yml -> ubuntu-24.04-linuxkm (pinned to ubuntu-24.04 so the bundle's headers match the runner kernel) Each consumer still falls back to apt when its bundle is unavailable, so nothing breaks until ci-deps-image first publishes the new tags. --- .../ci-deps/packages-ubuntu-22.04-full.txt | 11 ++ .../packages-ubuntu-24.04-embedded.txt | 15 +++ .../ci-deps/packages-ubuntu-24.04-full.txt | 4 + .github/membrowse-targets.json | 20 ++++ .github/workflows/ci-deps-image.yml | 107 ++++++++++++++++-- .github/workflows/hostap-vm.yml | 1 + .github/workflows/linuxkm.yml | 3 +- .github/workflows/membrowse-onboard.yml | 1 + .github/workflows/membrowse-report.yml | 1 + .github/workflows/sssd.yml | 1 + 10 files changed, 155 insertions(+), 9 deletions(-) create mode 100644 .github/ci-deps/packages-ubuntu-24.04-embedded.txt diff --git a/.github/ci-deps/packages-ubuntu-22.04-full.txt b/.github/ci-deps/packages-ubuntu-22.04-full.txt index f809efaeb4..389fbbd864 100644 --- a/.github/ci-deps/packages-ubuntu-22.04-full.txt +++ b/.github/ci-deps/packages-ubuntu-22.04-full.txt @@ -4,6 +4,7 @@ # Keep sorted; add a package when an interop workflow adds one. autoconf automake +binutils-dev bison bridge-utils build-essential @@ -17,6 +18,7 @@ crossbuild-essential-arm64 crossbuild-essential-armel crossbuild-essential-armhf crossbuild-essential-riscv64 +curl device-tree-compiler dfu-util diffstat @@ -39,12 +41,19 @@ help2man iproute2 lcov libcairo2-dev +libcurl4-openssl-dev +libdbus-1-dev libglib2.0-dev libgtk2.0-0 +libiberty-dev liblocale-gettext-perl libmagic1 libncurses5-dev +libnl-3-dev +libnl-genl-3-dev +libnl-route-3-dev libpcap-dev +libpcap0.8 libpopt0 libsdl1.2-dev libsdl2-dev @@ -63,6 +72,7 @@ python-is-python3 python3-dev python3-pip python3-ply +python3-pycryptodome python3-setuptools python3-tk python3-wheel @@ -73,6 +83,7 @@ socat srecord sudo texinfo +tshark uml-utilities unzip wget diff --git a/.github/ci-deps/packages-ubuntu-24.04-embedded.txt b/.github/ci-deps/packages-ubuntu-24.04-embedded.txt new file mode 100644 index 0000000000..0584e4dad3 --- /dev/null +++ b/.github/ci-deps/packages-ubuntu-24.04-embedded.txt @@ -0,0 +1,15 @@ +# membrowse embedded-target apt packages for ubuntu-24.04 (the +# '-embedded' bundle: ghcr.io//wolfssl-ci-debs:ubuntu-24.04-embedded). +# Kept separate from -full because the ARM cross-toolchain is large (~0.5 GB) +# and unrelated to the interop workflows that pull -full. Keep sorted. +build-essential +ca-certificates +cmake +gcc-arm-none-eabi +git +libnewlib-arm-none-eabi +libstdc++-arm-none-eabi-newlib +ninja-build +python3 +unzip +wget diff --git a/.github/ci-deps/packages-ubuntu-24.04-full.txt b/.github/ci-deps/packages-ubuntu-24.04-full.txt index 9872201d64..29344bd4e5 100644 --- a/.github/ci-deps/packages-ubuntu-24.04-full.txt +++ b/.github/ci-deps/packages-ubuntu-24.04-full.txt @@ -8,6 +8,7 @@ autoconf autoconf-archive automake autopoint +bc bubblewrap build-essential ccache @@ -51,6 +52,8 @@ libidn2-dev libio-socket-ssl-perl libjansson-dev libkrb5-dev +libldb-dev +libldb2 liblz4-dev liblzma-dev liblzo2-dev @@ -87,6 +90,7 @@ pkgconf psmisc python3-docutils python3-impacket +python3-ldb python3-psutil shellcheck uuid-dev diff --git a/.github/membrowse-targets.json b/.github/membrowse-targets.json index 5c737e8349..3acf427cca 100644 --- a/.github/membrowse-targets.json +++ b/.github/membrowse-targets.json @@ -4,6 +4,7 @@ "port": "gcc-arm", "board": "cortex-m4", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -15,6 +16,7 @@ "port": "gcc-arm", "board": "cortex-m4-min-ecc", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -26,6 +28,7 @@ "port": "gcc-arm", "board": "cortex-m4-tls12", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -37,6 +40,7 @@ "port": "gcc-arm", "board": "cortex-m4-baremetal", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_baremetal.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_baremetal.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -48,6 +52,7 @@ "port": "gcc-arm", "board": "cortex-m0plus", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -59,6 +64,7 @@ "port": "gcc-arm", "board": "cortex-m3", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -70,6 +76,7 @@ "port": "gcc-arm", "board": "cortex-m7", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -81,6 +88,7 @@ "port": "gcc-arm", "board": "cortex-m4-tls13", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -92,6 +100,7 @@ "port": "gcc-arm", "board": "cortex-m4-dtls13", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_dtls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_dtls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker_large.ld", @@ -103,6 +112,7 @@ "port": "gcc-arm", "board": "cortex-m4-pq", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker_large.ld", @@ -114,6 +124,7 @@ "port": "gcc-arm", "board": "cortex-m4-rsa-only", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_rsa_only.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_rsa_only.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker_large.ld", @@ -125,6 +136,7 @@ "port": "gcc-arm", "board": "cortex-m4-pkcs7", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_pkcs7.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pkcs7.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -136,6 +148,7 @@ "port": "gcc-arm", "board": "cortex-m4-openssl-compat", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_openssl_compat.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_openssl_compat.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define SMALL_SESSION_CACHE\\n#undef HAVE_OCSP\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST_V2\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define USER_TICKS\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker_large.ld", @@ -147,6 +160,7 @@ "port": "gcc-arm", "board": "cortex-m4-sp-math", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#define WOLFSSL_SP_MATH\\n#define WOLFSSL_SP_NO_ASM\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -158,6 +172,7 @@ "port": "gcc-arm", "board": "cortex-m4-crypto-only", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "mkdir -p IDE/GCC-ARM/Header-gen && printf '#ifndef WOLFSSL_USER_SETTINGS_H\\n#define WOLFSSL_USER_SETTINGS_H\\n#define WOLFCRYPT_ONLY\\n#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define HAVE_AESGCM\\n#define HAVE_AES_DECRYPT\\n#define HAVE_ECC\\n#define HAVE_CHACHA\\n#define HAVE_POLY1305\\n#define WOLFSSL_SHA512\\n#define WOLFSSL_SHA384\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#endif\\n' > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -169,6 +184,7 @@ "port": "gcc-arm", "board": "cortex-m7-tls13", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker.ld", @@ -180,6 +196,7 @@ "port": "gcc-arm", "board": "cortex-m7-pq", "apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'", "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", "ld": "IDE/GCC-ARM/linker_large.ld", @@ -191,6 +208,7 @@ "port": "stm32-sim", "board": "stm32h753", "apt_packages": "build-essential ca-certificates cmake ninja-build python3 git gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib wget unzip", + "ghcr_tag": "ubuntu-24.04-embedded", "build_cmd": "if [ ! -d simulators ]; then git clone --depth 1 https://github.com/wolfSSL/simulators simulators; fi && sudo mkdir -p /opt && if [ ! -d /opt/cmsis-device-h7 ]; then sudo git clone --depth 1 https://github.com/STMicroelectronics/cmsis-device-h7.git /opt/cmsis-device-h7; fi && if [ ! -d /opt/CMSIS_5 ]; then sudo git clone --depth 1 https://github.com/ARM-software/CMSIS_5.git /opt/CMSIS_5; fi && if [ ! -d /opt/STM32CubeH7 ]; then (sudo git clone --depth 1 --branch v1.11.2 --recurse-submodules https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 || (sudo git clone --depth 1 --branch v1.11.2 https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 && cd /opt/STM32CubeH7 && sudo git submodule update --init --recursive --depth 1)); fi && sudo rm -rf /opt/firmware-stm32sim-h7 /opt/wolfssl-stm32sim && sudo mkdir -p /opt/firmware-stm32sim-h7 && sudo cp -r simulators/STM32Sim/firmware/wolfcrypt-test-h7/. /opt/firmware-stm32sim-h7/ && sudo cp /opt/firmware-stm32sim-h7/stm32h7xx_hal_conf.h /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc/ && sudo cp -r . /opt/wolfssl-stm32sim && sudo rm -f /opt/wolfssl-stm32sim/config.h && cd /opt/firmware-stm32sim-h7 && sudo cmake -G Ninja -DWOLFSSL_USER_SETTINGS=ON -DUSER_SETTINGS_FILE=/opt/firmware-stm32sim-h7/user_settings.h -DCMAKE_TOOLCHAIN_FILE=/opt/firmware-stm32sim-h7/toolchain-arm-none-eabi.cmake -DCMAKE_BUILD_TYPE=Release -DWOLFSSL_CRYPT_TESTS=OFF -DWOLFSSL_EXAMPLES=OFF -DWOLFSSL_ROOT=/opt/wolfssl-stm32sim -B /opt/firmware-stm32sim-h7/build -S /opt/firmware-stm32sim-h7 && sudo cmake --build /opt/firmware-stm32sim-h7/build && sudo cp /opt/firmware-stm32sim-h7/build/wolfcrypt_test.elf $GITHUB_WORKSPACE/wolfcrypt_test.elf", "elf": "wolfcrypt_test.elf", "ld": "simulators/STM32Sim/firmware/wolfcrypt-test-h7/stm32h753.ld", @@ -201,6 +219,7 @@ "port": "linuxkm", "board": "linux-kernel-module-standard", "apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)", + "ghcr_tag": "ubuntu-24.04-linuxkm", "build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1", "elf": "linuxkm/libwolfssl.ko", "ld": "linuxkm/wolfcrypt.lds", @@ -211,6 +230,7 @@ "port": "linuxkm", "board": "linux-kernel-module-pie", "apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)", + "ghcr_tag": "ubuntu-24.04-linuxkm", "build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1", "elf": "linuxkm/libwolfssl.ko", "ld": "linuxkm/wolfcrypt.lds", diff --git a/.github/workflows/ci-deps-image.yml b/.github/workflows/ci-deps-image.yml index 4bffc66f68..60a7a7842a 100644 --- a/.github/workflows/ci-deps-image.yml +++ b/.github/workflows/ci-deps-image.yml @@ -1,7 +1,9 @@ name: CI deps image # Builds the prebuilt apt .deb bundles that the make-check family (the -# -minimal tags) and the interop workflows (the -full tags, a superset) +# -minimal tags), the interop workflows (the -full tags, a superset), the +# membrowse embedded targets (the -embedded tag - the big ARM cross-toolchain) +# and the linux kernel-module builds (the -linuxkm tag - kernel headers) # install offline (see .github/actions/install-apt-deps, input # ghcr-debs-tag). Each bundle holds the .debs for a package list in # .github/ci-deps/ - every package plus the dependencies not already on the @@ -22,13 +24,18 @@ name: CI deps image on: schedule: - # Weekend only - refresh the bundles weekly so they track base-image - # security updates. A mid-week package-list change waits for Saturday - # (or run this manually via workflow_dispatch); until then the offline - # install (a single --no-download install of the whole set) fails if any - # requested package is missing from the bundle, and install-apt-deps - # falls back to the full apt path. + # Weekly (Saturday) - the static bundles (-minimal/-full/-embedded). + # Refreshes them so they track base-image security updates. A mid-week + # package-list change waits for Saturday (or run this manually via + # workflow_dispatch); until then the offline install (a single + # --no-download install of the whole set) fails if any requested package + # is missing from the bundle, and install-apt-deps falls back to apt. - cron: '0 2 * * 6' + # Daily - the kernel-tracking -linuxkm bundle only. linux-headers-$(uname + # -r) pins to the runner's running kernel (changes ~monthly); the linuxkm + # job rebuilds solely when uname -r differs from the published bundle, a + # cheap no-op otherwise. A mismatch mid-rollout just falls back to apt. + - cron: '0 3 * * *' workflow_dispatch: concurrency: @@ -42,7 +49,11 @@ permissions: jobs: build: name: build ${{ matrix.tag }} - if: github.repository_owner == 'wolfssl' + # Static bundles: weekly cron or manual dispatch. Skip the daily cron, + # which exists only to refresh the kernel-tracking -linuxkm bundle below. + if: >- + github.repository_owner == 'wolfssl' && + (github.event_name != 'schedule' || github.event.schedule == '0 2 * * 6') strategy: fail-fast: false matrix: @@ -55,6 +66,10 @@ jobs: tag: ubuntu-24.04-minimal - runner: ubuntu-24.04 tag: ubuntu-24.04-full + # membrowse embedded targets' ARM cross-toolchain (~0.5 GB). Its own + # tag so it does not bloat the -full pull for the interop workflows. + - runner: ubuntu-24.04 + tag: ubuntu-24.04-embedded - runner: ubuntu-22.04 tag: ubuntu-22.04-minimal - runner: ubuntu-22.04 @@ -114,3 +129,79 @@ jobs: docker tag bundle "$IMG:${{ matrix.tag }}" docker push "$IMG:${{ matrix.tag }}" echo "Pushed $IMG:${{ matrix.tag }}" + + # Kernel-tracking bundle for the linux kernel-module builds (linuxkm.yml and + # the membrowse linuxkm targets). linux-headers-$(uname -r) pins to the + # runner's running kernel, so this runs daily but rebuilds only when the + # kernel changed since the published bundle (the image carries the kernel as + # a label). A mismatch - e.g. during a gradual runner-image rollout - just + # makes install-apt-deps fall back to apt. + linuxkm: + name: build ubuntu-24.04-linuxkm + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 20 + steps: + - name: Log in to ghcr + shell: bash + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin + + - name: Decide whether the published bundle already matches this kernel + id: check + shell: bash + run: | + set -uo pipefail + OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') + IMG="ghcr.io/$OWNER/wolfssl-ci-debs:ubuntu-24.04-linuxkm" + K=$(uname -r) + echo "kernel=$K" >> "$GITHUB_OUTPUT" + echo "runner kernel: $K" + have="" + if docker pull -q "$IMG" >/dev/null 2>&1; then + have=$(docker inspect --format '{{ index .Config.Labels "kernel" }}' "$IMG" 2>/dev/null || true) + fi + echo "published bundle kernel: ${have:-}" + if [ "$have" = "$K" ]; then + echo "rebuild=false" >> "$GITHUB_OUTPUT" + echo "Bundle already current for $K; nothing to do." + else + echo "rebuild=true" >> "$GITHUB_OUTPUT" + fi + + - name: Resolve and download the .deb closure + if: steps.check.outputs.rebuild == 'true' + shell: bash + run: | + set -euo pipefail + K="${{ steps.check.outputs.kernel }}" + # linuxkm.yml installs only the headers; the membrowse linuxkm targets + # also need the build toolchain. Bundle the union - each consumer + # installs its own subset offline. + PKGS=(build-essential autoconf automake libtool "linux-headers-$K") + echo "Packages: ${PKGS[*]}" + export DEBIAN_FRONTEND=noninteractive + rm -rf debs && mkdir -p debs + sudo apt-get clean + retry() { local i; for i in 1 2 3 4 5; do "$@" && return 0; sleep $((2**i)); done; "$@"; } + retry sudo apt-get update -q + skipped=0 + for pkg in "${PKGS[@]}"; do + retry sudo apt-get install -y --download-only "$pkg" \ + || { echo "::warning::could not download $pkg"; skipped=$((skipped+1)); } + done + sudo cp /var/cache/apt/archives/*.deb debs/ 2>/dev/null || true + echo "Bundled $(ls debs/*.deb 2>/dev/null | wc -l) .deb files; ${skipped} skipped" + test -n "$(ls debs/*.deb 2>/dev/null)" + + - name: Build and push bundle (labelled with the kernel) + if: steps.check.outputs.rebuild == 'true' + shell: bash + run: | + set -euo pipefail + K="${{ steps.check.outputs.kernel }}" + OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') + IMG="ghcr.io/$OWNER/wolfssl-ci-debs:ubuntu-24.04-linuxkm" + printf 'FROM busybox\nCOPY debs /debs\nLABEL kernel=%s\n' "$K" > Dockerfile.debs + docker build -f Dockerfile.debs -t "$IMG" . + docker push "$IMG" + echo "Pushed $IMG (kernel $K)" diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index 8a40451e66..a860006cb0 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -230,6 +230,7 @@ jobs: uses: ./wolfssl/.github/actions/install-apt-deps with: packages: libpcap0.8 libpcap-dev curl libcurl4-openssl-dev libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome + ghcr-debs-tag: ubuntu-22.04-full - name: Install pip dependencies run: sudo pip install pycryptodome diff --git a/.github/workflows/linuxkm.yml b/.github/workflows/linuxkm.yml index ebc0523149..8922f71bdf 100644 --- a/.github/workflows/linuxkm.yml +++ b/.github/workflows/linuxkm.yml @@ -24,7 +24,7 @@ jobs: ] name: build module if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 timeout-minutes: 5 steps: - uses: actions/checkout@v5 @@ -34,6 +34,7 @@ jobs: uses: ./.github/actions/install-apt-deps with: packages: linux-headers-$(uname -r) + ghcr-debs-tag: ubuntu-24.04-linuxkm - name: Prepare target kernel for module builds run: | diff --git a/.github/workflows/membrowse-onboard.yml b/.github/workflows/membrowse-onboard.yml index 6d8a3c1552..4cba2fa7d0 100644 --- a/.github/workflows/membrowse-onboard.yml +++ b/.github/workflows/membrowse-onboard.yml @@ -47,6 +47,7 @@ jobs: uses: ./.github/actions/install-apt-deps with: packages: ${{ matrix.apt_packages }} + ghcr-debs-tag: ${{ matrix.ghcr_tag }} - name: Run Membrowse Onboard Action uses: membrowse/membrowse-action/onboard-action@v1 diff --git a/.github/workflows/membrowse-report.yml b/.github/workflows/membrowse-report.yml index 191cd0c6e4..e4dabc58a7 100644 --- a/.github/workflows/membrowse-report.yml +++ b/.github/workflows/membrowse-report.yml @@ -86,6 +86,7 @@ jobs: uses: ./.github/actions/install-apt-deps with: packages: ${{ matrix.apt_packages }} + ghcr-debs-tag: ${{ matrix.ghcr_tag }} - name: Build firmware if: needs.check-changes.outputs.needs_build == 'true' diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml index 4c1f46cf8a..d3ba3667c6 100644 --- a/.github/workflows/sssd.yml +++ b/.github/workflows/sssd.yml @@ -67,6 +67,7 @@ jobs: uses: ./.github/actions/install-apt-deps with: packages: build-essential autoconf libldb-dev libldb2 python3-ldb bc libcap-dev + ghcr-debs-tag: ubuntu-24.04-full - name: Setup env run: |