mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 13:20:52 +02:00
Merge pull request #10701 from julek-wolfssl/ci-drop-apt-deps-cache
CI: install all apt deps from ghcr bundles, drop actions/cache apt-deps layer
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
name: 'Install apt dependencies'
|
||||
description: 'Install apt packages with retry logic and caching'
|
||||
description: 'Install apt packages with retry logic and an optional offline ghcr bundle'
|
||||
inputs:
|
||||
packages:
|
||||
description: 'Space-separated list of apt packages to install'
|
||||
@@ -16,16 +16,12 @@ inputs:
|
||||
description: 'Pass --no-install-recommends to apt-get install'
|
||||
required: false
|
||||
default: 'false'
|
||||
cache:
|
||||
description: 'Cache apt archives (disable for dynamic package names)'
|
||||
required: false
|
||||
default: 'true'
|
||||
ghcr-debs-tag:
|
||||
description: >
|
||||
Tag of a prebuilt .deb bundle published to
|
||||
ghcr.io/<owner>/wolfssl-ci-debs by the ci-deps-image workflow
|
||||
(e.g. "ubuntu-24.04-minimal"). When set, the packages are installed
|
||||
offline from that bundle and the apt cache path below is skipped; on
|
||||
offline from that bundle and the apt path below is skipped; on
|
||||
that happy path the apt mirror is not contacted. The offline install
|
||||
is all-or-nothing (a single --no-download install of the whole set),
|
||||
so any failure - bundle missing, not public, or not covering every
|
||||
@@ -39,7 +35,7 @@ runs:
|
||||
# Preferred path: install from a prebuilt .deb bundle pulled from ghcr,
|
||||
# entirely offline (--no-download), so a flaky/timing-out apt mirror
|
||||
# cannot break the build. Best-effort: on any failure we leave
|
||||
# "satisfied" unset and the apt steps below run unchanged. The bundle
|
||||
# "satisfied" unset and the apt step below runs unchanged. The bundle
|
||||
# image must be PUBLIC so anonymous `docker pull` works (including from
|
||||
# fork PRs whose GITHUB_TOKEN cannot read private packages).
|
||||
- name: Install from ghcr .deb bundle (offline)
|
||||
@@ -77,40 +73,9 @@ runs:
|
||||
echo "::notice::offline install incomplete for $IMG; using apt"
|
||||
fi
|
||||
|
||||
- name: Compute cache key
|
||||
if: inputs.cache == 'true' && steps.ghcr.outputs.satisfied != 'true'
|
||||
id: cache-key
|
||||
shell: bash
|
||||
run: |
|
||||
SORTED_PKGS=$(echo "${{ inputs.packages }}" | tr ' ' '\n' | sort -u | tr '\n' ' ')
|
||||
PKG_HASH=$(echo "$SORTED_PKGS" | sha256sum | cut -d' ' -f1 | head -c 16)
|
||||
OS_VERSION=$(lsb_release -rs 2>/dev/null || echo "unknown")
|
||||
echo "key=apt-deps-${{ runner.os }}-${{ runner.arch }}-${OS_VERSION}-${PKG_HASH}" >> $GITHUB_OUTPUT
|
||||
echo "restore-key=apt-deps-${{ runner.os }}-${{ runner.arch }}-${OS_VERSION}-" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Restore apt cache
|
||||
if: inputs.cache == 'true' && steps.ghcr.outputs.satisfied != 'true'
|
||||
id: apt-cache
|
||||
uses: actions/cache/restore@v5
|
||||
with:
|
||||
path: ~/apt-cache
|
||||
key: ${{ steps.cache-key.outputs.key }}
|
||||
restore-keys: ${{ steps.cache-key.outputs.restore-key }}
|
||||
|
||||
- name: Pre-seed apt archives from cache
|
||||
if: inputs.cache == 'true' && steps.apt-cache.outputs.cache-hit == 'true' && steps.ghcr.outputs.satisfied != 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
if [ -d ~/apt-cache ] && ls ~/apt-cache/*.deb >/dev/null 2>&1; then
|
||||
sudo cp ~/apt-cache/*.deb /var/cache/apt/archives/
|
||||
echo "Restored $(ls ~/apt-cache/*.deb | wc -l) cached .deb files"
|
||||
fi
|
||||
|
||||
- name: Install packages
|
||||
if: steps.ghcr.outputs.satisfied != 'true'
|
||||
shell: bash
|
||||
env:
|
||||
APT_CACHE_HIT: ${{ steps.apt-cache.outputs.cache-hit }}
|
||||
run: |
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
RETRIES=${{ inputs.retries }}
|
||||
@@ -120,17 +85,6 @@ runs:
|
||||
NO_REC="--no-install-recommends"
|
||||
fi
|
||||
|
||||
# Fast path: on cache hit the .debs are already pre-seeded into
|
||||
# /var/cache/apt/archives. Try installing directly first; if that
|
||||
# fails (e.g. the cached .debs were superseded in the index) fall
|
||||
# through to the regular update + install path.
|
||||
if [ "$APT_CACHE_HIT" = "true" ]; then
|
||||
if sudo apt-get install -y $NO_REC ${{ inputs.packages }}; then
|
||||
exit 0
|
||||
fi
|
||||
echo "::warning::install from cached .debs failed, falling back to apt-get update"
|
||||
fi
|
||||
|
||||
for i in $(seq 1 $RETRIES); do
|
||||
if sudo apt-get update -q && \
|
||||
sudo apt-get install -y $NO_REC ${{ inputs.packages }}; then
|
||||
@@ -144,21 +98,3 @@ runs:
|
||||
sleep $DELAY
|
||||
DELAY=$((DELAY * 2))
|
||||
done
|
||||
|
||||
# PR runs never write the apt cache (no churn); only push/schedule runs
|
||||
# refresh it. The make-check family does not need it anyway - it installs
|
||||
# from the ghcr bundle above.
|
||||
- name: Collect .deb files for cache
|
||||
if: inputs.cache == 'true' && github.event_name != 'pull_request' && steps.apt-cache.outputs.cache-hit != 'true' && steps.ghcr.outputs.satisfied != 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
mkdir -p ~/apt-cache
|
||||
cp /var/cache/apt/archives/*.deb ~/apt-cache/ 2>/dev/null || true
|
||||
echo "Cached $(ls ~/apt-cache/*.deb 2>/dev/null | wc -l) .deb files"
|
||||
|
||||
- name: Save apt cache
|
||||
if: inputs.cache == 'true' && github.event_name != 'pull_request' && steps.apt-cache.outputs.cache-hit != 'true' && steps.ghcr.outputs.satisfied != 'true'
|
||||
uses: actions/cache/save@v5
|
||||
with:
|
||||
path: ~/apt-cache
|
||||
key: ${{ steps.cache-key.outputs.key }}
|
||||
|
||||
@@ -0,0 +1,81 @@
|
||||
name: 'Install Arduino core'
|
||||
description: >
|
||||
Make an Arduino core (and the shared CI libraries) available, preferring a
|
||||
prebuilt bundle pulled from ghcr (published by the arduino-cores-image
|
||||
workflow) and falling back to `arduino-cli core install` when the bundle is
|
||||
unavailable or stale. Assumes arduino-cli is already on PATH.
|
||||
inputs:
|
||||
core-id:
|
||||
description: 'vendor:arch core to make available, e.g. esp32:esp32'
|
||||
required: true
|
||||
board-manager-url:
|
||||
description: >
|
||||
Optional third-party board_manager index URL, used only on the
|
||||
online-install fallback (the ghcr bundle already carries its own).
|
||||
required: false
|
||||
default: ''
|
||||
libs:
|
||||
description: 'Space-separated Arduino libraries to ensure are present'
|
||||
required: false
|
||||
default: 'ArduinoJson WiFiNINA Ethernet Bridge'
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
# Preferred path: restore ~/.arduino15 (the core + toolchain) and the
|
||||
# shared libraries from a prebuilt tarball pulled from ghcr, so the flaky
|
||||
# board_manager / toolchain downloads are off the PR critical path. The
|
||||
# bundle is published only under the wolfssl org (gated below), so fork PRs
|
||||
# read the public upstream image too. Best-effort: any failure leaves
|
||||
# "satisfied" unset and the online install below runs unchanged.
|
||||
- name: Restore Arduino core from ghcr bundle
|
||||
id: ghcr
|
||||
shell: bash
|
||||
run: |
|
||||
set -u
|
||||
command -v docker >/dev/null 2>&1 || { echo "::notice::docker unavailable; installing core online"; exit 0; }
|
||||
command -v arduino-cli >/dev/null 2>&1 || { echo "::notice::arduino-cli not on PATH; installing core online"; exit 0; }
|
||||
CORE_ID='${{ inputs.core-id }}'
|
||||
TAG=$(echo "$CORE_ID" | tr ':' '-')
|
||||
IMG="ghcr.io/wolfssl/wolfssl-ci-arduino:$TAG"
|
||||
if ! docker pull -q "$IMG" >/dev/null 2>&1; then
|
||||
echo "::notice::ghcr bundle $IMG unavailable; installing core online"
|
||||
exit 0
|
||||
fi
|
||||
cid=$(docker create "$IMG" 2>/dev/null) || { echo "::notice::cannot open bundle; installing core online"; exit 0; }
|
||||
rm -f "$RUNNER_TEMP/arduino-core.tar"
|
||||
docker cp "$cid:/arduino-core.tar" "$RUNNER_TEMP/arduino-core.tar" >/dev/null 2>&1 || true
|
||||
docker rm "$cid" >/dev/null 2>&1 || true
|
||||
test -f "$RUNNER_TEMP/arduino-core.tar" || { echo "::notice::bundle had no tarball; installing core online"; exit 0; }
|
||||
# Entries are stored relative to $HOME (.arduino15/..., Arduino/libraries/...).
|
||||
tar -C "$HOME" -xf "$RUNNER_TEMP/arduino-core.tar" || { echo "::notice::could not unpack bundle; installing core online"; exit 0; }
|
||||
rm -f "$RUNNER_TEMP/arduino-core.tar"
|
||||
if arduino-cli core list 2>/dev/null | awk 'NR>1 {print $1}' | grep -Fxq "$CORE_ID"; then
|
||||
echo "satisfied=true" >> "$GITHUB_OUTPUT"
|
||||
echo "Restored $CORE_ID from $IMG"
|
||||
else
|
||||
echo "::notice::bundle did not yield $CORE_ID; installing core online"
|
||||
fi
|
||||
|
||||
- name: Install Arduino core online
|
||||
if: steps.ghcr.outputs.satisfied != 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
CORE_ID='${{ inputs.core-id }}'
|
||||
BM_URL='${{ inputs.board-manager-url }}'
|
||||
retry() { local i; for i in 1 2 3 4 5; do "$@" && return 0; sleep $((2**i)); done; "$@"; }
|
||||
|
||||
arduino-cli config init --overwrite
|
||||
# Wait up to 10 minutes for the big toolchain downloads.
|
||||
arduino-cli config set network.connection_timeout 600s
|
||||
# Scope third-party indexes to the one core that needs them: arduino-cli
|
||||
# re-reads every configured index on each call and fails if any is
|
||||
# unreachable, so an unconditional URL makes all jobs depend on it.
|
||||
if [ -n "$BM_URL" ]; then
|
||||
arduino-cli config add board_manager.additional_urls "$BM_URL"
|
||||
fi
|
||||
retry arduino-cli core update-index
|
||||
retry arduino-cli core install "$CORE_ID"
|
||||
for lib in ${{ inputs.libs }}; do
|
||||
retry arduino-cli lib install "$lib"
|
||||
done
|
||||
@@ -4,6 +4,7 @@
|
||||
# Keep sorted; add a package when an interop workflow adds one.
|
||||
autoconf
|
||||
automake
|
||||
binutils-dev
|
||||
bison
|
||||
bridge-utils
|
||||
build-essential
|
||||
@@ -17,6 +18,7 @@ crossbuild-essential-arm64
|
||||
crossbuild-essential-armel
|
||||
crossbuild-essential-armhf
|
||||
crossbuild-essential-riscv64
|
||||
curl
|
||||
device-tree-compiler
|
||||
dfu-util
|
||||
diffstat
|
||||
@@ -39,12 +41,19 @@ help2man
|
||||
iproute2
|
||||
lcov
|
||||
libcairo2-dev
|
||||
libcurl4-openssl-dev
|
||||
libdbus-1-dev
|
||||
libglib2.0-dev
|
||||
libgtk2.0-0
|
||||
libiberty-dev
|
||||
liblocale-gettext-perl
|
||||
libmagic1
|
||||
libncurses5-dev
|
||||
libnl-3-dev
|
||||
libnl-genl-3-dev
|
||||
libnl-route-3-dev
|
||||
libpcap-dev
|
||||
libpcap0.8
|
||||
libpopt0
|
||||
libsdl1.2-dev
|
||||
libsdl2-dev
|
||||
@@ -63,6 +72,7 @@ python-is-python3
|
||||
python3-dev
|
||||
python3-pip
|
||||
python3-ply
|
||||
python3-pycryptodome
|
||||
python3-setuptools
|
||||
python3-tk
|
||||
python3-wheel
|
||||
@@ -73,6 +83,7 @@ socat
|
||||
srecord
|
||||
sudo
|
||||
texinfo
|
||||
tshark
|
||||
uml-utilities
|
||||
unzip
|
||||
wget
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
# membrowse embedded-target apt packages for ubuntu-24.04 (the
|
||||
# '-embedded' bundle: ghcr.io/<owner>/wolfssl-ci-debs:ubuntu-24.04-embedded).
|
||||
# Kept separate from -full because the ARM cross-toolchain is large (~0.5 GB)
|
||||
# and unrelated to the interop workflows that pull -full. Keep sorted.
|
||||
build-essential
|
||||
ca-certificates
|
||||
cmake
|
||||
gcc-arm-none-eabi
|
||||
git
|
||||
libnewlib-arm-none-eabi
|
||||
libstdc++-arm-none-eabi-newlib
|
||||
ninja-build
|
||||
python3
|
||||
unzip
|
||||
wget
|
||||
@@ -8,6 +8,7 @@ autoconf
|
||||
autoconf-archive
|
||||
automake
|
||||
autopoint
|
||||
bc
|
||||
bubblewrap
|
||||
build-essential
|
||||
ccache
|
||||
@@ -51,6 +52,8 @@ libidn2-dev
|
||||
libio-socket-ssl-perl
|
||||
libjansson-dev
|
||||
libkrb5-dev
|
||||
libldb-dev
|
||||
libldb2
|
||||
liblz4-dev
|
||||
liblzma-dev
|
||||
liblzo2-dev
|
||||
@@ -87,6 +90,7 @@ pkgconf
|
||||
psmisc
|
||||
python3-docutils
|
||||
python3-impacket
|
||||
python3-ldb
|
||||
python3-psutil
|
||||
shellcheck
|
||||
uuid-dev
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -15,6 +16,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-min-ecc",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -26,6 +28,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-tls12",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -37,6 +40,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-baremetal",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_baremetal.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_baremetal.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -48,6 +52,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m0plus",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m0plus -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -59,6 +64,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m3",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m3 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -70,6 +76,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m7",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -81,6 +88,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-tls13",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -92,6 +100,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-dtls13",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_dtls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_dtls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
@@ -103,6 +112,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-pq",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
@@ -114,6 +124,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-rsa-only",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_rsa_only.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_rsa_only.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
@@ -125,6 +136,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-pkcs7",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_pkcs7.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pkcs7.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -136,6 +148,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-openssl-compat",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_openssl_compat.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_openssl_compat.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define SMALL_SESSION_CACHE\\n#undef HAVE_OCSP\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST\\n#undef HAVE_CERTIFICATE_STATUS_REQUEST_V2\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define USER_TICKS\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
@@ -147,6 +160,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-sp-math",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#define WOLFSSL_SP_MATH\\n#define WOLFSSL_SP_NO_ASM\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -158,6 +172,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m4-crypto-only",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "mkdir -p IDE/GCC-ARM/Header-gen && printf '#ifndef WOLFSSL_USER_SETTINGS_H\\n#define WOLFSSL_USER_SETTINGS_H\\n#define WOLFCRYPT_ONLY\\n#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define HAVE_AESGCM\\n#define HAVE_AES_DECRYPT\\n#define HAVE_ECC\\n#define HAVE_CHACHA\\n#define HAVE_POLY1305\\n#define WOLFSSL_SHA512\\n#define WOLFSSL_SHA384\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n#endif\\n' > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -169,6 +184,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m7-tls13",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_tls13.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls13.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker.ld",
|
||||
@@ -180,6 +196,7 @@
|
||||
"port": "gcc-arm",
|
||||
"board": "cortex-m7-pq",
|
||||
"apt_packages": "gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "test -f examples/configs/user_settings_pq.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_pq.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define WOLFSSL_USER_IO\\n#define WOLFSSL_USER_CURRTIME\\n#define TIME_OVERRIDES\\n#define USER_TICKS\\n#define XTIME my_time\\n#define XGMTIME my_gmtime\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen ARCHFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs -DUSE_WOLF_ARM_STARTUP' SRC_LD=-T./linker_large.ld CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m7 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20040000'",
|
||||
"elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf",
|
||||
"ld": "IDE/GCC-ARM/linker_large.ld",
|
||||
@@ -191,6 +208,7 @@
|
||||
"port": "stm32-sim",
|
||||
"board": "stm32h753",
|
||||
"apt_packages": "build-essential ca-certificates cmake ninja-build python3 git gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib wget unzip",
|
||||
"ghcr_tag": "ubuntu-24.04-embedded",
|
||||
"build_cmd": "if [ ! -d simulators ]; then git clone --depth 1 https://github.com/wolfSSL/simulators simulators; fi && sudo mkdir -p /opt && if [ ! -d /opt/cmsis-device-h7 ]; then sudo git clone --depth 1 https://github.com/STMicroelectronics/cmsis-device-h7.git /opt/cmsis-device-h7; fi && if [ ! -d /opt/CMSIS_5 ]; then sudo git clone --depth 1 https://github.com/ARM-software/CMSIS_5.git /opt/CMSIS_5; fi && if [ ! -d /opt/STM32CubeH7 ]; then (sudo git clone --depth 1 --branch v1.11.2 --recurse-submodules https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 || (sudo git clone --depth 1 --branch v1.11.2 https://github.com/STMicroelectronics/STM32CubeH7.git /opt/STM32CubeH7 && cd /opt/STM32CubeH7 && sudo git submodule update --init --recursive --depth 1)); fi && sudo rm -rf /opt/firmware-stm32sim-h7 /opt/wolfssl-stm32sim && sudo mkdir -p /opt/firmware-stm32sim-h7 && sudo cp -r simulators/STM32Sim/firmware/wolfcrypt-test-h7/. /opt/firmware-stm32sim-h7/ && sudo cp /opt/firmware-stm32sim-h7/stm32h7xx_hal_conf.h /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc/ && sudo cp -r . /opt/wolfssl-stm32sim && sudo rm -f /opt/wolfssl-stm32sim/config.h && cd /opt/firmware-stm32sim-h7 && sudo cmake -G Ninja -DWOLFSSL_USER_SETTINGS=ON -DUSER_SETTINGS_FILE=/opt/firmware-stm32sim-h7/user_settings.h -DCMAKE_TOOLCHAIN_FILE=/opt/firmware-stm32sim-h7/toolchain-arm-none-eabi.cmake -DCMAKE_BUILD_TYPE=Release -DWOLFSSL_CRYPT_TESTS=OFF -DWOLFSSL_EXAMPLES=OFF -DWOLFSSL_ROOT=/opt/wolfssl-stm32sim -B /opt/firmware-stm32sim-h7/build -S /opt/firmware-stm32sim-h7 && sudo cmake --build /opt/firmware-stm32sim-h7/build && sudo cp /opt/firmware-stm32sim-h7/build/wolfcrypt_test.elf $GITHUB_WORKSPACE/wolfcrypt_test.elf",
|
||||
"elf": "wolfcrypt_test.elf",
|
||||
"ld": "simulators/STM32Sim/firmware/wolfcrypt-test-h7/stm32h753.ld",
|
||||
@@ -201,21 +219,21 @@
|
||||
"port": "linuxkm",
|
||||
"board": "linux-kernel-module-standard",
|
||||
"apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)",
|
||||
"ghcr_tag": "ubuntu-24.04-linuxkm",
|
||||
"build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1",
|
||||
"elf": "linuxkm/libwolfssl.ko",
|
||||
"ld": "linuxkm/wolfcrypt.lds",
|
||||
"linker_vars": "",
|
||||
"apt_cache": "false"
|
||||
"linker_vars": ""
|
||||
},
|
||||
{
|
||||
"target_name": "linuxkm-pie",
|
||||
"port": "linuxkm",
|
||||
"board": "linux-kernel-module-pie",
|
||||
"apt_packages": "build-essential autoconf automake libtool linux-headers-$(uname -r)",
|
||||
"ghcr_tag": "ubuntu-24.04-linuxkm",
|
||||
"build_cmd": "./autogen.sh && ./configure --with-linux-source=/lib/modules/$(uname -r)/build EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS='-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1' --with-max-rsa-bits=16384 && make -j$(nproc) KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1",
|
||||
"elf": "linuxkm/libwolfssl.ko",
|
||||
"ld": "linuxkm/wolfcrypt.lds",
|
||||
"linker_vars": "",
|
||||
"apt_cache": "false"
|
||||
"linker_vars": ""
|
||||
}
|
||||
]
|
||||
|
||||
@@ -18,6 +18,10 @@ jobs:
|
||||
|
||||
- name: Install alire
|
||||
uses: alire-project/setup-alire@v5
|
||||
with:
|
||||
# The toolchain is downloaded from GitHub releases, so caching is not
|
||||
# beneficial relative to the cache space it uses.
|
||||
cache: false
|
||||
|
||||
- name: Install wolfssl Ada
|
||||
working-directory: ./wrapper/Ada
|
||||
|
||||
@@ -0,0 +1,135 @@
|
||||
name: Arduino cores image
|
||||
|
||||
# Builds the prebuilt Arduino core bundles that arduino.yml restores offline
|
||||
# (see .github/actions/install-arduino-core). Each bundle is a tar of
|
||||
# ~/.arduino15 (the installed core + toolchain) and ~/Arduino/libraries (the
|
||||
# shared CI libraries) for one vendor:arch core, published to
|
||||
# ghcr.io/<owner>/wolfssl-ci-arduino:<core> (':' in the core id becomes '-').
|
||||
#
|
||||
# Why: the core/toolchain downloads (espressif, esp8266.com, pjrc.com) are
|
||||
# large and chronically flaky from runner egress, and the old actions/cache
|
||||
# layer both pressed on the 10 GB cache cap and - for esp32 - was deleted by
|
||||
# arduino.yml's disk cleanup before it was ever saved. Resolving each core ONCE
|
||||
# here and pulling it from ghcr on every PR keeps those downloads off the PR
|
||||
# critical path. ghcr storage/bandwidth is free for public images.
|
||||
#
|
||||
# ONE-TIME SETUP: after the first successful run, make the package
|
||||
# `wolfssl-ci-arduino` PUBLIC (repo/org > Packages > Package settings >
|
||||
# Change visibility). Anonymous `docker pull` then works from fork PRs too;
|
||||
# until then install-arduino-core simply installs the core online (no breakage).
|
||||
|
||||
on:
|
||||
schedule:
|
||||
# Monthly (1st). esp32 - the fastest-moving core - releases roughly monthly
|
||||
# and the rest far less often, so a monthly unconditional rebuild tracks
|
||||
# them closely enough; between rebuilds install-arduino-core installs any
|
||||
# newer core online. Each run republishes every bundle.
|
||||
- cron: '0 4 1 * *'
|
||||
workflow_dispatch:
|
||||
|
||||
concurrency:
|
||||
group: arduino-cores-image-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: build ${{ matrix.core_id }}
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
# teensy:avr's index lives at pjrc.com, chronically unreachable from runner
|
||||
# egress; let it fail without blocking the other eight bundles.
|
||||
continue-on-error: ${{ matrix.core_id == 'teensy:avr' }}
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 30
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
# Distinct vendor:arch cores behind arduino.yml's board matrix. The
|
||||
# esp32 and mbed_* cores are the GB-scale toolchains; the AVR/SAM/SAMD
|
||||
# cores are small. board_url is set only for cores whose index is not
|
||||
# in the default board manager.
|
||||
- core_id: arduino:avr
|
||||
- core_id: arduino:samd
|
||||
- core_id: arduino:sam
|
||||
- core_id: arduino:mbed_edge
|
||||
- core_id: arduino:mbed_portenta
|
||||
- core_id: arduino:renesas_uno
|
||||
- core_id: esp32:esp32
|
||||
- core_id: esp8266:esp8266
|
||||
board_url: https://arduino.esp8266.com/stable/package_esp8266com_index.json
|
||||
- core_id: teensy:avr
|
||||
board_url: https://www.pjrc.com/teensy/package_teensy_index.json
|
||||
steps:
|
||||
- name: Free disk space
|
||||
shell: bash
|
||||
run: |
|
||||
sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
|
||||
sudo apt-get clean
|
||||
df -h
|
||||
|
||||
- name: Install Arduino CLI
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
mkdir -p "$HOME/bin"
|
||||
echo "$HOME/bin" >> "$GITHUB_PATH"
|
||||
curl -fsSL --retry 5 --retry-delay 10 \
|
||||
https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh \
|
||||
| BINDIR="$HOME/bin" sh
|
||||
"$HOME/bin/arduino-cli" version
|
||||
|
||||
- name: Install the core and shared libraries
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
CORE_ID='${{ matrix.core_id }}'
|
||||
BM_URL='${{ matrix.board_url }}'
|
||||
retry() { local i; for i in 1 2 3 4 5; do "$@" && return 0; sleep $((2**i)); done; "$@"; }
|
||||
|
||||
arduino-cli config init --overwrite
|
||||
arduino-cli config set network.connection_timeout 600s
|
||||
if [ -n "$BM_URL" ]; then
|
||||
arduino-cli config add board_manager.additional_urls "$BM_URL"
|
||||
fi
|
||||
retry arduino-cli core update-index
|
||||
retry arduino-cli core install "$CORE_ID"
|
||||
# Mirror arduino.yml's always-installed libraries so consumers get a
|
||||
# complete bundle.
|
||||
for lib in ArduinoJson WiFiNINA Ethernet Bridge; do
|
||||
retry arduino-cli lib install "$lib"
|
||||
done
|
||||
mkdir -p "$HOME/Arduino/libraries"
|
||||
|
||||
- name: Pack the bundle tarball
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
mkdir -p "$RUNNER_TEMP/ctx"
|
||||
# Paths relative to $HOME so install-arduino-core can `tar -C $HOME -x`
|
||||
# straight back. Drop the staging area and any wolfssl lib (arduino.yml
|
||||
# always installs the latest wolfssl itself).
|
||||
tar --exclude='.arduino15/staging' --exclude='Arduino/libraries/wolfssl' \
|
||||
-C "$HOME" -cf "$RUNNER_TEMP/ctx/arduino-core.tar" .arduino15 Arduino/libraries
|
||||
echo "Tarball size: $(du -h "$RUNNER_TEMP/ctx/arduino-core.tar" | cut -f1)"
|
||||
|
||||
- name: Log in to ghcr
|
||||
shell: bash
|
||||
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
|
||||
|
||||
- name: Build and push bundle
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
|
||||
TAG=$(echo "${{ matrix.core_id }}" | tr ':' '-')
|
||||
IMG="ghcr.io/$OWNER/wolfssl-ci-arduino:$TAG"
|
||||
# Tiny busybox base so the consumer can `docker cp` the tarball out;
|
||||
# the base size is negligible next to the toolchain.
|
||||
printf 'FROM busybox\nCOPY arduino-core.tar /arduino-core.tar\n' > "$RUNNER_TEMP/ctx/Dockerfile"
|
||||
docker build -t "$IMG" "$RUNNER_TEMP/ctx"
|
||||
docker push "$IMG"
|
||||
echo "Pushed $IMG"
|
||||
@@ -197,53 +197,25 @@ jobs:
|
||||
run: |
|
||||
CORE_ID="$(echo '${{ matrix.fqbn }}' | cut -d: -f1-2)"
|
||||
echo "CORE_ID=$CORE_ID" >> "$GITHUB_ENV"
|
||||
# Third-party board_manager index for the cores that need one. Scoped
|
||||
# to the one CORE_ID that uses it: arduino-cli re-reads every index on
|
||||
# each call and fails if any is unreachable, so an unconditional URL
|
||||
# would make all jobs depend on pjrc.com / esp8266.com. Used only on
|
||||
# the online-install fallback; the ghcr bundle already carries it.
|
||||
case "$CORE_ID" in
|
||||
teensy:avr) echo "BM_URL=https://www.pjrc.com/teensy/package_teensy_index.json" >> "$GITHUB_ENV" ;;
|
||||
esp8266:esp8266) echo "BM_URL=https://arduino.esp8266.com/stable/package_esp8266com_index.json" >> "$GITHUB_ENV" ;;
|
||||
*) echo "BM_URL=" >> "$GITHUB_ENV" ;;
|
||||
esac
|
||||
|
||||
- name: Setup Arduino CLI
|
||||
run: |
|
||||
arduino-cli config init
|
||||
|
||||
# wait 10 minutes for big downloads (or use 0 for no limit)
|
||||
arduino-cli config set network.connection_timeout 600s
|
||||
|
||||
# Only add third-party board_manager URLs for matrix entries that actually need them.
|
||||
# arduino-cli re-reads every configured index on each invocation and fails the whole
|
||||
# step if any one is unreachable, so adding these unconditionally makes all jobs
|
||||
# depend on pjrc.com and esp8266.com -- a single outage there cascades into total
|
||||
# CI failure. Scope each URL to the one CORE_ID that uses it.
|
||||
if [ "$CORE_ID" = "teensy:avr" ]; then
|
||||
arduino-cli config add board_manager.additional_urls https://www.pjrc.com/teensy/package_teensy_index.json
|
||||
fi
|
||||
if [ "$CORE_ID" = "esp8266:esp8266" ]; then
|
||||
arduino-cli config add board_manager.additional_urls https://arduino.esp8266.com/stable/package_esp8266com_index.json
|
||||
fi
|
||||
arduino-cli core update-index
|
||||
|
||||
echo "CORE_ID: $CORE_ID"
|
||||
arduino-cli core install "$CORE_ID"
|
||||
|
||||
# The above is instead of:
|
||||
# arduino-cli core install esp32:esp32 # ESP32
|
||||
# arduino-cli core install arduino:avr # Arduino Uno, Mega, Nano
|
||||
# arduino-cli core install arduino:sam # Arduino Due
|
||||
# arduino-cli core install arduino:samd # Arduino Zero
|
||||
# arduino-cli core install teensy:avr # PJRC Teensy
|
||||
# arduino-cli core install esp8266:esp8266 # ESP8266
|
||||
# arduino-cli core install arduino:mbed_nano # nanorp2040connect
|
||||
# arduino-cli core install arduino:mbed_portenta # portenta_h7_m7
|
||||
# arduino-cli core install arduino:mbed_edge
|
||||
# arduino-cli core install arduino:renesas_uno
|
||||
|
||||
# For reference:
|
||||
|
||||
# mbed nano not yet tested
|
||||
# sudo "/home/$USER/.arduino15/packages/arduino/hardware/mbed_nano/4.2.4/post_install.sh"
|
||||
|
||||
# Always install networking (not part of FQBN matrix)
|
||||
# The first one also creates directory: /home/runner/Arduino/libraries
|
||||
arduino-cli lib install "ArduinoJson" # Example dependency
|
||||
arduino-cli lib install "WiFiNINA" # ARDUINO_SAMD_NANO_33_IOT
|
||||
arduino-cli lib install "Ethernet" # Install Ethernet library
|
||||
arduino-cli lib install "Bridge" # Pseudo-network for things like arduino:samd:tian
|
||||
# Restore the core + toolchain + shared libraries from the prebuilt ghcr
|
||||
# bundle (arduino-cores-image), falling back to `arduino-cli core install`
|
||||
# when it is unavailable. Replaces the old per-core actions/cache layer.
|
||||
- name: Install Arduino core and libraries
|
||||
uses: ./.github/actions/install-arduino-core
|
||||
with:
|
||||
core-id: ${{ env.CORE_ID }}
|
||||
board-manager-url: ${{ env.BM_URL }}
|
||||
|
||||
- name: Set Job Environment Variables
|
||||
run: |
|
||||
@@ -270,27 +242,6 @@ jobs:
|
||||
# WOLFSSL_EXAMPLES_ROOT is the repo root, not example location
|
||||
echo "WOLFSSL_EXAMPLES_ROOT = $WOLFSSL_EXAMPLES_ROOT"
|
||||
|
||||
- name: Cache Arduino Packages
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
~/.arduino15
|
||||
~/.cache/arduino
|
||||
# Exclude staging directory from cache to save space
|
||||
!~/.arduino15/staging
|
||||
|
||||
# Arduino libraries
|
||||
# Specific to Arduino CI Build (2 of 4) Arduinbo Release wolfSSL for Local Examples
|
||||
# Include all libraries, as the latest Arduino-wolfSSL will only change upon release.
|
||||
~/Arduino/libraries
|
||||
# Ensure wolfssl is not cached, we're always using the latest. See separate cache.
|
||||
!~/Arduino/libraries/wolfssl
|
||||
key: arduino-${{ runner.os }}-${{ env.CORE_ID }}-${{ hashFiles('Arduino/sketches/board_list.txt') }}
|
||||
|
||||
restore-keys: |
|
||||
arduino-${{ runner.os }}-${{ env.CORE_ID }}-
|
||||
arduino-${{ runner.os }}-
|
||||
|
||||
- name: Get wolfssl-examples
|
||||
run: |
|
||||
# Fetch Arduino examples from the wolfssl-examples repo
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
name: CI deps image
|
||||
|
||||
# Builds the prebuilt apt .deb bundles that the make-check family (the
|
||||
# -minimal tags) and the interop workflows (the -full tags, a superset)
|
||||
# -minimal tags), the interop workflows (the -full tags, a superset), the
|
||||
# membrowse embedded targets (the -embedded tag - the big ARM cross-toolchain)
|
||||
# and the linux kernel-module builds (the -linuxkm tag - kernel headers)
|
||||
# install offline (see .github/actions/install-apt-deps, input
|
||||
# ghcr-debs-tag). Each bundle holds the .debs for a package list in
|
||||
# .github/ci-deps/ - every package plus the dependencies not already on the
|
||||
@@ -22,13 +24,18 @@ name: CI deps image
|
||||
|
||||
on:
|
||||
schedule:
|
||||
# Weekend only - refresh the bundles weekly so they track base-image
|
||||
# security updates. A mid-week package-list change waits for Saturday
|
||||
# (or run this manually via workflow_dispatch); until then the offline
|
||||
# install (a single --no-download install of the whole set) fails if any
|
||||
# requested package is missing from the bundle, and install-apt-deps
|
||||
# falls back to the full apt path.
|
||||
# Weekly (Saturday) - the static bundles (-minimal/-full/-embedded).
|
||||
# Refreshes them so they track base-image security updates. A mid-week
|
||||
# package-list change waits for Saturday (or run this manually via
|
||||
# workflow_dispatch); until then the offline install (a single
|
||||
# --no-download install of the whole set) fails if any requested package
|
||||
# is missing from the bundle, and install-apt-deps falls back to apt.
|
||||
- cron: '0 2 * * 6'
|
||||
# Daily - the kernel-tracking -linuxkm bundle only. linux-headers-$(uname
|
||||
# -r) pins to the runner's running kernel (changes ~monthly); the linuxkm
|
||||
# job rebuilds solely when uname -r differs from the published bundle, a
|
||||
# cheap no-op otherwise. A mismatch mid-rollout just falls back to apt.
|
||||
- cron: '0 3 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
concurrency:
|
||||
@@ -42,7 +49,11 @@ permissions:
|
||||
jobs:
|
||||
build:
|
||||
name: build ${{ matrix.tag }}
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
# Static bundles: weekly cron or manual dispatch. Skip the daily cron,
|
||||
# which exists only to refresh the kernel-tracking -linuxkm bundle below.
|
||||
if: >-
|
||||
github.repository_owner == 'wolfssl' &&
|
||||
(github.event_name != 'schedule' || github.event.schedule == '0 2 * * 6')
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
@@ -55,6 +66,10 @@ jobs:
|
||||
tag: ubuntu-24.04-minimal
|
||||
- runner: ubuntu-24.04
|
||||
tag: ubuntu-24.04-full
|
||||
# membrowse embedded targets' ARM cross-toolchain (~0.5 GB). Its own
|
||||
# tag so it does not bloat the -full pull for the interop workflows.
|
||||
- runner: ubuntu-24.04
|
||||
tag: ubuntu-24.04-embedded
|
||||
- runner: ubuntu-22.04
|
||||
tag: ubuntu-22.04-minimal
|
||||
- runner: ubuntu-22.04
|
||||
@@ -114,3 +129,80 @@ jobs:
|
||||
docker tag bundle "$IMG:${{ matrix.tag }}"
|
||||
docker push "$IMG:${{ matrix.tag }}"
|
||||
echo "Pushed $IMG:${{ matrix.tag }}"
|
||||
|
||||
# Kernel-tracking bundle for the linux kernel-module builds (linuxkm.yml and
|
||||
# the membrowse linuxkm targets). linux-headers-$(uname -r) pins to the
|
||||
# runner's running kernel, so this runs daily but rebuilds only when the
|
||||
# kernel changed since the published bundle (the image carries the kernel as
|
||||
# a label). A mismatch - e.g. during a gradual runner-image rollout - just
|
||||
# makes install-apt-deps fall back to apt.
|
||||
linuxkm:
|
||||
name: build ubuntu-24.04-linuxkm
|
||||
if: github.repository_owner == 'wolfssl'
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 20
|
||||
steps:
|
||||
- name: Log in to ghcr
|
||||
shell: bash
|
||||
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
|
||||
|
||||
- name: Decide whether the published bundle already matches this kernel
|
||||
id: check
|
||||
shell: bash
|
||||
run: |
|
||||
set -uo pipefail
|
||||
OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
|
||||
IMG="ghcr.io/$OWNER/wolfssl-ci-debs:ubuntu-24.04-linuxkm"
|
||||
K=$(uname -r)
|
||||
echo "kernel=$K" >> "$GITHUB_OUTPUT"
|
||||
echo "runner kernel: $K"
|
||||
have=""
|
||||
if docker pull -q "$IMG" >/dev/null 2>&1; then
|
||||
have=$(docker inspect --format '{{ index .Config.Labels "kernel" }}' "$IMG" 2>/dev/null || true)
|
||||
fi
|
||||
echo "published bundle kernel: ${have:-<none>}"
|
||||
if [ "$have" = "$K" ]; then
|
||||
echo "rebuild=false" >> "$GITHUB_OUTPUT"
|
||||
echo "Bundle already current for $K; nothing to do."
|
||||
else
|
||||
echo "rebuild=true" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Resolve and download the .deb closure
|
||||
if: steps.check.outputs.rebuild == 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
K="${{ steps.check.outputs.kernel }}"
|
||||
# linuxkm.yml installs only the headers; the membrowse linuxkm targets
|
||||
# also need the build toolchain. Bundle the union - each consumer
|
||||
# installs its own subset offline.
|
||||
PKGS=(build-essential autoconf automake libtool "linux-headers-$K")
|
||||
echo "Packages: ${PKGS[*]}"
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
rm -rf debs && mkdir -p debs
|
||||
sudo apt-get clean
|
||||
retry() { local i; for i in 1 2 3 4 5; do "$@" && return 0; sleep $((2**i)); done; "$@"; }
|
||||
retry sudo apt-get update -q
|
||||
# The whole set is required and this bundle is small, so resolve it as
|
||||
# one closure and let any download failure fail the job. We push only
|
||||
# on success, so a transient mirror error keeps the last good bundle
|
||||
# rather than publishing a partial one - which the kernel-label skip
|
||||
# would then pin in place until the kernel next changes (~monthly).
|
||||
retry sudo apt-get install -y --download-only "${PKGS[@]}"
|
||||
sudo cp /var/cache/apt/archives/*.deb debs/ 2>/dev/null || true
|
||||
echo "Bundled $(ls debs/*.deb 2>/dev/null | wc -l) .deb files"
|
||||
test -n "$(ls debs/*.deb 2>/dev/null)" # headers are never preinstalled
|
||||
|
||||
- name: Build and push bundle (labelled with the kernel)
|
||||
if: steps.check.outputs.rebuild == 'true'
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
K="${{ steps.check.outputs.kernel }}"
|
||||
OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
|
||||
IMG="ghcr.io/$OWNER/wolfssl-ci-debs:ubuntu-24.04-linuxkm"
|
||||
printf 'FROM busybox\nCOPY debs /debs\nLABEL kernel=%s\n' "$K" > Dockerfile.debs
|
||||
docker build -f Dockerfile.debs -t "$IMG" .
|
||||
docker push "$IMG"
|
||||
echo "Pushed $IMG (kernel $K)"
|
||||
|
||||
@@ -230,6 +230,7 @@ jobs:
|
||||
uses: ./wolfssl/.github/actions/install-apt-deps
|
||||
with:
|
||||
packages: libpcap0.8 libpcap-dev curl libcurl4-openssl-dev libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
|
||||
ghcr-debs-tag: ubuntu-22.04-full
|
||||
|
||||
- name: Install pip dependencies
|
||||
run: sudo pip install pycryptodome
|
||||
|
||||
@@ -24,7 +24,7 @@ jobs:
|
||||
]
|
||||
name: build module
|
||||
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-24.04
|
||||
timeout-minutes: 5
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
@@ -34,6 +34,7 @@ jobs:
|
||||
uses: ./.github/actions/install-apt-deps
|
||||
with:
|
||||
packages: linux-headers-$(uname -r)
|
||||
ghcr-debs-tag: ubuntu-24.04-linuxkm
|
||||
|
||||
- name: Prepare target kernel for module builds
|
||||
run: |
|
||||
|
||||
@@ -47,7 +47,7 @@ jobs:
|
||||
uses: ./.github/actions/install-apt-deps
|
||||
with:
|
||||
packages: ${{ matrix.apt_packages }}
|
||||
cache: ${{ matrix.apt_cache || 'true' }}
|
||||
ghcr-debs-tag: ${{ matrix.ghcr_tag }}
|
||||
|
||||
- name: Run Membrowse Onboard Action
|
||||
uses: membrowse/membrowse-action/onboard-action@v1
|
||||
|
||||
@@ -86,7 +86,7 @@ jobs:
|
||||
uses: ./.github/actions/install-apt-deps
|
||||
with:
|
||||
packages: ${{ matrix.apt_packages }}
|
||||
cache: ${{ matrix.apt_cache || 'true' }}
|
||||
ghcr-debs-tag: ${{ matrix.ghcr_tag }}
|
||||
|
||||
- name: Build firmware
|
||||
if: needs.check-changes.outputs.needs_build == 'true'
|
||||
|
||||
@@ -67,7 +67,7 @@ jobs:
|
||||
uses: ./.github/actions/install-apt-deps
|
||||
with:
|
||||
packages: build-essential autoconf libldb-dev libldb2 python3-ldb bc libcap-dev
|
||||
cache: 'false'
|
||||
ghcr-debs-tag: ubuntu-24.04-full
|
||||
|
||||
- name: Setup env
|
||||
run: |
|
||||
|
||||
Reference in New Issue
Block a user