mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 14:20:53 +02:00
Merge pull request #10831 from padelsbach/ci-json-dry
CI: unify repeated flags using existing python script
This commit is contained in:
@@ -54,6 +54,21 @@
|
||||
# "cflags": "-fsanitize=address", "ldflags": "-fsanitize=address"}
|
||||
# ]
|
||||
#
|
||||
# Shared setup: instead of a bare list, the top level may be an object
|
||||
#
|
||||
# {"base": {...}, "configs": [...]}
|
||||
#
|
||||
# where "base" carries keys common to every config. List keys (configure,
|
||||
# prepare, run) are prepended to each config's own; any other key is a
|
||||
# default the config may override. This keeps one long shared flag list in
|
||||
# a single place instead of repeating it per config:
|
||||
#
|
||||
# {"base": {"configure": ["--enable-cryptocb", "--enable-ecc"]},
|
||||
# "configs": [
|
||||
# {"name": "ecc", "configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_ECC"]},
|
||||
# {"name": "rsa", "configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_RSA"]}
|
||||
# ]}
|
||||
#
|
||||
# Driven by CI workflows, which keep their config lists next to the
|
||||
# invocation (see .github/workflows/smoke-test.yml), but also runnable
|
||||
# locally - copy the JSON block out of the workflow into a file:
|
||||
@@ -175,6 +190,27 @@ def nproc() -> int:
|
||||
return os.cpu_count() or 1
|
||||
|
||||
|
||||
# Every recognized config key (and every key allowed inside "base").
|
||||
CONFIG_KEYS = {"name", "configure", "cc", "cflags", "ldflags", "minutes",
|
||||
"user_settings", "check", "prepare", "run", "comment",
|
||||
"build", "netns", "shards"}
|
||||
# List-valued keys are concatenated (base first) when merging "base" into a
|
||||
# config; every other key is a default the config overrides.
|
||||
MERGE_LIST_KEYS = ("configure", "prepare", "run")
|
||||
|
||||
|
||||
def merge_base(base: dict, entry: dict) -> dict:
|
||||
if not base:
|
||||
return entry
|
||||
merged = dict(base)
|
||||
for key, value in entry.items():
|
||||
if key in MERGE_LIST_KEYS:
|
||||
merged[key] = list(base.get(key, [])) + list(value)
|
||||
else:
|
||||
merged[key] = value
|
||||
return merged
|
||||
|
||||
|
||||
def load_configs(opts: argparse.Namespace,
|
||||
error: Callable[[str], NoReturn]) -> list[Config]:
|
||||
try:
|
||||
@@ -184,19 +220,39 @@ def load_configs(opts: argparse.Namespace,
|
||||
entries = json.loads(Path(opts.json).read_text())
|
||||
except (OSError, ValueError) as e:
|
||||
error(f"{opts.json}: {e}")
|
||||
# Two top-level shapes: a bare list of configs, or an object
|
||||
# {"base": {...}, "configs": [...]} whose "base" keys are shared by every
|
||||
# config (list keys prepended, other keys overridable defaults).
|
||||
base: dict = {}
|
||||
if isinstance(entries, dict):
|
||||
unknown_top = set(entries) - {"base", "configs"}
|
||||
if unknown_top:
|
||||
error(f"{opts.json}: unknown top-level key(s): "
|
||||
f"{' '.join(sorted(unknown_top))}")
|
||||
base = entries.get("base", {})
|
||||
if not isinstance(base, dict):
|
||||
error(f"{opts.json}: \"base\" must be an object")
|
||||
if "name" in base:
|
||||
error(f"{opts.json}: \"base\" must not set \"name\"")
|
||||
unknown = set(base) - CONFIG_KEYS
|
||||
if unknown:
|
||||
error(f"{opts.json}: unknown key(s) in \"base\": "
|
||||
f"{' '.join(sorted(unknown))}")
|
||||
for key in MERGE_LIST_KEYS:
|
||||
if key in base and not isinstance(base[key], list):
|
||||
error(f"{opts.json}: \"{key}\" in \"base\" must be a list")
|
||||
entries = entries.get("configs", [])
|
||||
if not isinstance(entries, list):
|
||||
error(f"{opts.json}: expected a JSON list of config objects")
|
||||
configs = []
|
||||
for entry in entries:
|
||||
if not isinstance(entry, dict):
|
||||
error(f"{opts.json}: config entries must be objects: {entry!r}")
|
||||
unknown = set(entry) - {"name", "configure", "cc", "cflags",
|
||||
"ldflags", "minutes", "user_settings",
|
||||
"check", "prepare", "run", "comment",
|
||||
"build", "netns", "shards"}
|
||||
unknown = set(entry) - CONFIG_KEYS
|
||||
if unknown:
|
||||
error(f"{opts.json}: unknown key(s) in {entry.get('name', entry)!r}: "
|
||||
f"{' '.join(sorted(unknown))}")
|
||||
entry = merge_base(base, entry)
|
||||
name = entry.get("name")
|
||||
if not isinstance(name, str) or not name or "/" in name:
|
||||
error(f"{opts.json}: every config needs a \"name\" usable as a "
|
||||
|
||||
@@ -57,170 +57,58 @@ jobs:
|
||||
- name: Allow unprivileged user namespaces (for bwrap)
|
||||
run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 || true
|
||||
|
||||
# The JSON list below is the former runner-per-config matrix (the
|
||||
# shared BASE_CONFIG env is folded into every entry); add new configs
|
||||
# as new entries. "minutes" drives longest-first scheduling: refresh
|
||||
# it from the Minutes column of a previous run's step summary.
|
||||
# The JSON below feeds .github/scripts/parallel-make-check.py: a shared
|
||||
# "base" of the common configure flags, then one entry per ONLY_* macro
|
||||
# whose "configure" (CPPFLAGS) is appended to the base. Add configs
|
||||
# as new entries. "minutes" (set once in base) drives longest-first
|
||||
# scheduling: refresh it from a previous run's step-summary Minutes.
|
||||
- name: Build and make check all configs (parallel, out-of-tree)
|
||||
run: |
|
||||
cat > "$RUNNER_TEMP/cryptocb-only-configs.json" <<'EOF'
|
||||
[
|
||||
{"name": "ecc", "minutes": 2,
|
||||
{"base": {"minutes": 2, "configure": [
|
||||
"--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13"]},
|
||||
"configs": [
|
||||
{"name": "ecc",
|
||||
"comment": "WOLF_CRYPTO_CB_ONLY_ECC: strips software ECC; swdev provides the software path via cryptocb. FP_ECC / ECCSI / SAKKE / deterministic-k test / OPENSSL_EXTRA compat layer all reference stripped primitives directly, so they stay off.",
|
||||
"configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13", "CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_ECC"]},
|
||||
{"name": "rsa", "minutes": 2,
|
||||
"configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_ECC"]},
|
||||
{"name": "rsa",
|
||||
"comment": "WOLF_CRYPTO_CB_ONLY_RSA: strips software RSA; swdev provides the software path via cryptocb.",
|
||||
"configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13", "CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_RSA"]},
|
||||
{"name": "sha256", "minutes": 2,
|
||||
"configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_RSA"]},
|
||||
{"name": "sha256",
|
||||
"comment": "WOLF_CRYPTO_CB_ONLY_SHA256: strips software SHA-256; swdev provides the software path via cryptocb.",
|
||||
"configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13", "CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_SHA256"]},
|
||||
{"name": "sha512", "minutes": 2,
|
||||
"configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_SHA256"]},
|
||||
{"name": "sha512",
|
||||
"comment": "WOLF_CRYPTO_CB_ONLY_SHA512: strips software SHA-512 family (SHA-384, SHA-512/224, SHA-512/256, SHA-512); swdev handles every variant explicitly via cryptocb.",
|
||||
"configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13", "CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_SHA512"]},
|
||||
{"name": "sha512-via-general", "minutes": 2,
|
||||
"configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_SHA512"]},
|
||||
{"name": "sha512-via-general",
|
||||
"comment": "Same as sha512 but tells swdev to refuse the SHA-384 / SHA-512/224 / SHA-512/256 variant callbacks (WOLFSSL_SWDEV_SHA512_GENERAL_ONLY). That forces the cryptocb dispatcher's fallback-to-plain-SHA-512-with-truncation path. The sha512 entry above instead has swdev handle every variant end-to-end, so the dispatcher fallback is otherwise uncovered.",
|
||||
"configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13",
|
||||
"CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_SHA512 -DWOLFSSL_SWDEV_SHA512_GENERAL_ONLY"]},
|
||||
{"name": "aes", "minutes": 2,
|
||||
"configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_SHA512 -DWOLFSSL_SWDEV_SHA512_GENERAL_ONLY"]},
|
||||
{"name": "aes",
|
||||
"comment": "WOLF_CRYPTO_CB_ONLY_AES: strips software AES; swdev provides the software path via cryptocb.",
|
||||
"configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13", "CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_AES"]},
|
||||
{"name": "aes-gcm-via-ecb", "minutes": 2,
|
||||
"configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_AES"]},
|
||||
{"name": "aes-gcm-via-ecb",
|
||||
"comment": "Same as aes but tells swdev to refuse AES-GCM (SWDEV_AES_ONLYECB). That forces the parent's CB_ONLY_AES host-side GCM software path: GHASH runs on the host while AES-CTR blocks dispatch back through cryptocb ECB. The aes entry instead has swdev handle GCM end-to-end, so the host-side GCM path is otherwise uncovered.",
|
||||
"configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13",
|
||||
"CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_AES -DSWDEV_AES_ONLYECB"]},
|
||||
{"name": "all", "minutes": 2,
|
||||
"configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_AES -DSWDEV_AES_ONLYECB"]},
|
||||
{"name": "all",
|
||||
"comment": "All five ONLY_* macros at once: every supported software primitive is stripped and dispatched through cryptocb. Catches any cross-algorithm call that a single-strip entry would still resolve via the remaining software paths.",
|
||||
"configure": ["--enable-swdev", "--enable-cryptocb", "--enable-ecc",
|
||||
"--enable-rsa", "--enable-dh", "--enable-aesgcm",
|
||||
"--enable-aesccm", "--enable-aesctr", "--enable-aescfb",
|
||||
"--enable-aeskeywrap", "--enable-aessiv", "--enable-aesofb",
|
||||
"--enable-aesxts", "--enable-camellia", "--enable-chacha",
|
||||
"--enable-poly1305", "--enable-sha", "--enable-sha3",
|
||||
"--enable-shake128", "--enable-shake256", "--enable-blake2",
|
||||
"--enable-blake2s", "--enable-hkdf", "--enable-hashdrbg",
|
||||
"--enable-hashflags", "--enable-curve25519", "--enable-ed25519",
|
||||
"--enable-curve448", "--enable-ed448", "--enable-mlkem",
|
||||
"--enable-dilithium", "--enable-scrypt", "--enable-pwdbased",
|
||||
"--enable-pkcs7", "--enable-pkcs12", "--enable-certgen",
|
||||
"--enable-certreq", "--enable-certext", "--enable-keygen",
|
||||
"--enable-asn=all", "--enable-cmac", "--enable-xchacha",
|
||||
"--enable-crl", "--enable-ocsp", "--enable-ocspstapling",
|
||||
"--enable-ocspstapling2", "--enable-dtls", "--enable-dtls13",
|
||||
"--enable-tls13",
|
||||
"CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA -DWOLF_CRYPTO_CB_ONLY_SHA256 -DWOLF_CRYPTO_CB_ONLY_SHA512 -DWOLF_CRYPTO_CB_ONLY_AES"]}
|
||||
]
|
||||
"configure": ["CPPFLAGS=-DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA -DWOLF_CRYPTO_CB_ONLY_SHA256 -DWOLF_CRYPTO_CB_ONLY_SHA512 -DWOLF_CRYPTO_CB_ONLY_AES"]}
|
||||
]}
|
||||
EOF
|
||||
.github/scripts/parallel-make-check.py \
|
||||
${{ github.event_name == 'schedule' && '--build-only' || '' }} \
|
||||
|
||||
@@ -57,78 +57,51 @@ jobs:
|
||||
- name: Allow unprivileged user namespaces (for bwrap)
|
||||
run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 || true
|
||||
|
||||
# The JSON list below is the former runner-per-config matrix; add new
|
||||
# configs as new entries (a "comment" key is allowed for notes).
|
||||
# The JSON below feeds .github/scripts/parallel-make-check.py: a shared
|
||||
# "base" that disables every PK alg, then one entry per combination
|
||||
# whose "configure" re-enables just the algs under test (appended to
|
||||
# the base). Add configs as new entries (a "comment" key is allowed).
|
||||
# "minutes" is the expected duration driving longest-first scheduling:
|
||||
# take it from the Minutes column of a previous run's step summary, or
|
||||
# omit it for a new config (defaults to 1) and refresh later. The list
|
||||
# is kept sorted by minutes for readability, but the schedule sorts by
|
||||
# the values, not list order.
|
||||
# omit it for a new config (defaults to 1) and refresh later.
|
||||
- name: Build and make check all configs (parallel, out-of-tree)
|
||||
run: |
|
||||
cat > "$RUNNER_TEMP/disable-pk-algs-configs.json" <<'EOF'
|
||||
[
|
||||
{"base": {"configure": ["--disable-rsa", "--disable-dh",
|
||||
"--disable-ecc", "--disable-curve25519", "--disable-ed25519",
|
||||
"--disable-curve448", "--disable-ed448"]},
|
||||
"configs": [
|
||||
{"name": "rsa-dh", "minutes": 1.2,
|
||||
"configure": ["--disable-rsa", "--disable-dh", "--disable-ecc",
|
||||
"--disable-curve25519", "--disable-ed25519", "--disable-curve448",
|
||||
"--disable-ed448", "--enable-rsa", "--enable-dh"]},
|
||||
"configure": ["--enable-rsa", "--enable-dh"]},
|
||||
{"name": "ecc", "minutes": 1.2,
|
||||
"configure": ["--disable-rsa", "--disable-dh", "--disable-ecc",
|
||||
"--disable-curve25519", "--disable-ed25519", "--disable-curve448",
|
||||
"--disable-ed448", "--enable-ecc"]},
|
||||
"configure": ["--enable-ecc"]},
|
||||
{"name": "rsa-curve25519", "minutes": 1.2,
|
||||
"configure": ["--disable-rsa", "--disable-dh", "--disable-ecc",
|
||||
"--disable-curve25519", "--disable-ed25519", "--disable-curve448",
|
||||
"--disable-ed448", "--enable-rsa", "--enable-curve25519"]},
|
||||
"configure": ["--enable-rsa", "--enable-curve25519"]},
|
||||
{"name": "ecc-curve25519", "minutes": 1.2,
|
||||
"configure": ["--disable-rsa", "--disable-dh", "--disable-ecc",
|
||||
"--disable-curve25519", "--disable-ed25519", "--disable-curve448",
|
||||
"--disable-ed448", "--enable-ecc", "--enable-curve25519"]},
|
||||
"configure": ["--enable-ecc", "--enable-curve25519"]},
|
||||
{"name": "rsa-curve448", "minutes": 1.2,
|
||||
"configure": ["--disable-rsa", "--disable-dh", "--disable-ecc",
|
||||
"--disable-curve25519", "--disable-ed25519", "--disable-curve448",
|
||||
"--disable-ed448", "--enable-rsa", "--enable-curve448"]},
|
||||
"configure": ["--enable-rsa", "--enable-curve448"]},
|
||||
{"name": "ecc-curve448", "minutes": 1.2,
|
||||
"configure": ["--disable-rsa", "--disable-dh", "--disable-ecc",
|
||||
"--disable-curve25519", "--disable-ed25519", "--disable-curve448",
|
||||
"--disable-ed448", "--enable-ecc", "--enable-curve448"]},
|
||||
"configure": ["--enable-ecc", "--enable-curve448"]},
|
||||
{"name": "curve25519-ed25519", "minutes": 1.2,
|
||||
"configure": ["--disable-rsa", "--disable-dh", "--disable-ecc",
|
||||
"--disable-curve25519", "--disable-ed25519", "--disable-curve448",
|
||||
"--disable-ed448", "--enable-curve25519", "--enable-ed25519"]},
|
||||
"configure": ["--enable-curve25519", "--enable-ed25519"]},
|
||||
{"name": "curve448-ed448", "minutes": 1.2,
|
||||
"configure": ["--disable-rsa", "--disable-dh", "--disable-ecc",
|
||||
"--disable-curve25519", "--disable-ed25519", "--disable-curve448",
|
||||
"--disable-ed448", "--enable-curve448", "--enable-ed448"]},
|
||||
"configure": ["--enable-curve448", "--enable-ed448"]},
|
||||
{"name": "cryptonly-rsa", "minutes": 0.8,
|
||||
"configure": ["--enable-cryptonly", "--disable-rsa", "--disable-dh",
|
||||
"--disable-ecc", "--disable-curve25519", "--disable-ed25519",
|
||||
"--disable-curve448", "--disable-ed448", "--enable-rsa"]},
|
||||
"configure": ["--enable-cryptonly", "--enable-rsa"]},
|
||||
{"name": "cryptonly-dh", "minutes": 0.8,
|
||||
"configure": ["--enable-cryptonly", "--disable-rsa", "--disable-dh",
|
||||
"--disable-ecc", "--disable-curve25519", "--disable-ed25519",
|
||||
"--disable-curve448", "--disable-ed448", "--enable-dh"]},
|
||||
"configure": ["--enable-cryptonly", "--enable-dh"]},
|
||||
{"name": "cryptonly-ecc", "minutes": 0.8,
|
||||
"configure": ["--enable-cryptonly", "--disable-rsa", "--disable-dh",
|
||||
"--disable-ecc", "--disable-curve25519", "--disable-ed25519",
|
||||
"--disable-curve448", "--disable-ed448", "--enable-ecc"]},
|
||||
"configure": ["--enable-cryptonly", "--enable-ecc"]},
|
||||
{"name": "cryptonly-curve25519", "minutes": 0.8,
|
||||
"configure": ["--enable-cryptonly", "--disable-rsa", "--disable-dh",
|
||||
"--disable-ecc", "--disable-curve25519", "--disable-ed25519",
|
||||
"--disable-curve448", "--disable-ed448", "--enable-curve25519"]},
|
||||
"configure": ["--enable-cryptonly", "--enable-curve25519"]},
|
||||
{"name": "cryptonly-ed25519", "minutes": 0.8,
|
||||
"configure": ["--enable-cryptonly", "--disable-rsa", "--disable-dh",
|
||||
"--disable-ecc", "--disable-curve25519", "--disable-ed25519",
|
||||
"--disable-curve448", "--disable-ed448", "--enable-ed25519"]},
|
||||
"configure": ["--enable-cryptonly", "--enable-ed25519"]},
|
||||
{"name": "cryptonly-curve448", "minutes": 0.8,
|
||||
"configure": ["--enable-cryptonly", "--disable-rsa", "--disable-dh",
|
||||
"--disable-ecc", "--disable-curve25519", "--disable-ed25519",
|
||||
"--disable-curve448", "--disable-ed448", "--enable-curve448"]},
|
||||
"configure": ["--enable-cryptonly", "--enable-curve448"]},
|
||||
{"name": "cryptonly-ed448", "minutes": 0.8,
|
||||
"configure": ["--enable-cryptonly", "--disable-rsa", "--disable-dh",
|
||||
"--disable-ecc", "--disable-curve25519", "--disable-ed25519",
|
||||
"--disable-curve448", "--disable-ed448", "--enable-ed448"]}
|
||||
]
|
||||
"configure": ["--enable-cryptonly", "--enable-ed448"]}
|
||||
]}
|
||||
EOF
|
||||
.github/scripts/parallel-make-check.py \
|
||||
${{ github.event_name == 'schedule' && '--build-only' || '' }} \
|
||||
|
||||
@@ -49,80 +49,41 @@ jobs:
|
||||
read-only: ${{ github.event_name == 'pull_request' }}
|
||||
max-size: 150M
|
||||
|
||||
# The JSON list below is the former runner-per-config matrix (the
|
||||
# shared base configure arguments are folded into every entry). Each
|
||||
# build must come out clean under -Wframe-larger-than/-Wstack-usage,
|
||||
# The JSON below feeds .github/scripts/parallel-make-check.py: a shared
|
||||
# "base" (common configure flags, warning CFLAGS, and the testwolfcrypt
|
||||
# run) plus one entry per asm/PQ variant whose "configure" is appended.
|
||||
# Each build must come out clean under -Wframe-larger-than/-Wstack-usage,
|
||||
# then runs testwolfcrypt under the relative-stack checker.
|
||||
- name: Build all configs (parallel, out-of-tree)
|
||||
run: |
|
||||
cat > "$RUNNER_TEMP/smallstacksize-configs.json" <<'EOF'
|
||||
[
|
||||
{"name": "noasm", "minutes": 1,
|
||||
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
||||
"--disable-testcert", "--enable-smallstack",
|
||||
"--enable-smallstackcache", "--enable-crypttests",
|
||||
"--disable-benchmark", "--disable-examples",
|
||||
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
||||
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
||||
"--disable-asm"],
|
||||
"check": false,
|
||||
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
||||
{"name": "noasm-pq", "minutes": 1,
|
||||
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
||||
"--disable-testcert", "--enable-smallstack",
|
||||
"--enable-smallstackcache", "--enable-crypttests",
|
||||
"--disable-benchmark", "--disable-examples",
|
||||
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
||||
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
||||
"--disable-asm", "--enable-mlkem", "--enable-lms", "--enable-xmss",
|
||||
"--enable-mldsa"],
|
||||
"check": false,
|
||||
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
||||
{"name": "noasm-allcrypto-pq", "minutes": 1,
|
||||
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
||||
"--disable-testcert", "--enable-smallstack",
|
||||
"--enable-smallstackcache", "--enable-crypttests",
|
||||
"--disable-benchmark", "--disable-examples",
|
||||
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
||||
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
||||
"--disable-asm", "--enable-all-crypto", "--enable-mlkem",
|
||||
"--enable-lms", "--enable-xmss", "--enable-mldsa"],
|
||||
"check": false,
|
||||
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
||||
{"name": "intelasm", "minutes": 1,
|
||||
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
||||
"--disable-testcert", "--enable-smallstack",
|
||||
"--enable-smallstackcache", "--enable-crypttests",
|
||||
"--disable-benchmark", "--disable-examples",
|
||||
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
||||
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
||||
"--enable-intelasm", "--enable-sp-asm"],
|
||||
"check": false,
|
||||
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
||||
{"name": "intelasm-pq", "minutes": 1,
|
||||
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
||||
"--disable-testcert", "--enable-smallstack",
|
||||
"--enable-smallstackcache", "--enable-crypttests",
|
||||
"--disable-benchmark", "--disable-examples",
|
||||
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
||||
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
||||
"--enable-intelasm", "--enable-sp-asm", "--enable-mlkem",
|
||||
"--enable-lms", "--enable-xmss", "--enable-mldsa"],
|
||||
"check": false,
|
||||
"run": [["./wolfcrypt/test/testwolfcrypt"]]},
|
||||
{"name": "intelasm-allcrypto-pq", "minutes": 1,
|
||||
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
||||
"--disable-testcert", "--enable-smallstack",
|
||||
"--enable-smallstackcache", "--enable-crypttests",
|
||||
"--disable-benchmark", "--disable-examples",
|
||||
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
||||
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END",
|
||||
"--enable-intelasm", "--enable-sp-asm", "--enable-all-crypto",
|
||||
"--enable-mlkem", "--enable-lms", "--enable-xmss",
|
||||
"--enable-mldsa"],
|
||||
"check": false,
|
||||
"run": [["./wolfcrypt/test/testwolfcrypt"]]}
|
||||
]
|
||||
{"base": {"minutes": 1, "check": false,
|
||||
"run": [["./wolfcrypt/test/testwolfcrypt"]],
|
||||
"configure": ["--enable-cryptonly", "--disable-cryptocb",
|
||||
"--disable-testcert", "--enable-smallstack",
|
||||
"--enable-smallstackcache", "--enable-crypttests",
|
||||
"--disable-benchmark", "--disable-examples",
|
||||
"--with-max-rsa-bits=16384", "--enable-stacksize=verbose",
|
||||
"CFLAGS=-Wframe-larger-than=2048 -Wstack-usage=4096 -DWOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES=8192 -DTEST_ALWAYS_RUN_TO_END"]},
|
||||
"configs": [
|
||||
{"name": "noasm",
|
||||
"configure": ["--disable-asm"]},
|
||||
{"name": "noasm-pq",
|
||||
"configure": ["--disable-asm", "--enable-mlkem", "--enable-lms",
|
||||
"--enable-xmss", "--enable-mldsa"]},
|
||||
{"name": "noasm-allcrypto-pq",
|
||||
"configure": ["--disable-asm", "--enable-all-crypto",
|
||||
"--enable-mlkem", "--enable-lms", "--enable-xmss", "--enable-mldsa"]},
|
||||
{"name": "intelasm",
|
||||
"configure": ["--enable-intelasm", "--enable-sp-asm"]},
|
||||
{"name": "intelasm-pq",
|
||||
"configure": ["--enable-intelasm", "--enable-sp-asm",
|
||||
"--enable-mlkem", "--enable-lms", "--enable-xmss", "--enable-mldsa"]},
|
||||
{"name": "intelasm-allcrypto-pq",
|
||||
"configure": ["--enable-intelasm", "--enable-sp-asm",
|
||||
"--enable-all-crypto", "--enable-mlkem", "--enable-lms",
|
||||
"--enable-xmss", "--enable-mldsa"]}
|
||||
]}
|
||||
EOF
|
||||
.github/scripts/parallel-make-check.py \
|
||||
${{ github.event_name == 'schedule' && '--build-only' || '' }} \
|
||||
|
||||
Reference in New Issue
Block a user