mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 13:20:52 +02:00
06e4ec9fe3
Extends the ghcr offline-install path to every install-apt-deps consumer that was still on plain apt, and publishes the bundles they need. New bundles built by ci-deps-image: - ubuntu-24.04-embedded: the membrowse ARM cross-toolchain (~0.5 GB), kept out of -full so it does not bloat the interop workflows' pull. - ubuntu-24.04-linuxkm: linux-headers-$(uname -r) + the kernel-module build toolchain. linux-headers tracks the runner's running kernel, so a daily job rebuilds it only when uname -r changed (recorded as an image label); a mismatch during a runner-image rollout just falls back to apt. Consumers now passing ghcr-debs-tag: - sssd -> ubuntu-24.04-full (its deps added to that list) - hostap-vm -> ubuntu-22.04-full (its deps added to that list) - membrowse targets -> ubuntu-24.04-embedded; the two linuxkm targets -> ubuntu-24.04-linuxkm (new per-target matrix.ghcr_tag) - linuxkm.yml -> ubuntu-24.04-linuxkm (pinned to ubuntu-24.04 so the bundle's headers match the runner kernel) Each consumer still falls back to apt when its bundle is unavailable, so nothing breaks until ci-deps-image first publishes the new tags.
72 lines
4.1 KiB
YAML
72 lines
4.1 KiB
YAML
name: Kernel Module Build
|
|
|
|
# START OF COMMON SECTION
|
|
on:
|
|
push:
|
|
branches: [ 'release/**' ]
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, ready_for_review]
|
|
branches: [ '*' ]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
# END OF COMMON SECTION
|
|
|
|
jobs:
|
|
build_library:
|
|
strategy:
|
|
matrix:
|
|
config: [
|
|
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
|
|
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
|
|
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-tls13 --enable-dtls --enable-dtls13'
|
|
]
|
|
name: build module
|
|
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 5
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
name: Checkout wolfSSL
|
|
|
|
- name: Install linux-headers
|
|
uses: ./.github/actions/install-apt-deps
|
|
with:
|
|
packages: linux-headers-$(uname -r)
|
|
ghcr-debs-tag: ubuntu-24.04-linuxkm
|
|
|
|
- name: Prepare target kernel for module builds
|
|
run: |
|
|
echo "preparing target kernel $(uname -r)"
|
|
pushd "/lib/modules/$(uname -r)/build" || $(exit 4)
|
|
if [ -f /proc/config.gz ]; then gzip -dc /proc/config.gz > /tmp/.config && sudo mv /tmp/.config . || $(exit 5); elif [ -f "/boot/config-$(uname -r)" ]; then sudo cp -p "/boot/config-$(uname -r)" .config || $(exit 6); fi
|
|
sudo make -j 4 olddefconfig || $(exit 7)
|
|
sudo make M="$(pwd)" modules_prepare || $(exit 8)
|
|
popd >/dev/null
|
|
|
|
- name: autogen.sh
|
|
run: |
|
|
./autogen.sh || $(exit 9)
|
|
|
|
- name: Build libwolfssl.ko, targeting GitHub ubuntu-latest, with --enable-all, PQC, and smallstack and stack depth warnings
|
|
run: |
|
|
echo "running ./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }}"
|
|
./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }} || $(exit 10)
|
|
# try to remove profiling (-pg) because it leads to "_mcleanup: gmon.out: Permission denied"
|
|
make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11)
|
|
ls -l linuxkm/libwolfssl.ko || $(exit 12)
|
|
echo "Successful linuxkm build."
|
|
|
|
- name: Verify DTLS 1.3 symbols are exported (when WOLFSSL_DTLS13 is configured)
|
|
run: |
|
|
if grep -q '^#define WOLFSSL_DTLS13' wolfssl/options.h; then
|
|
echo "WOLFSSL_DTLS13 defined; checking GPL exports in libwolfssl.ko..."
|
|
objdump -t linuxkm/libwolfssl.ko \
|
|
| grep -qE '__ksymtab_wolfDTLSv1_3_(client|server)_method$' \
|
|
|| { echo "::error::DTLS 1.3 entry points not exported from libwolfssl.ko"; exit 13; }
|
|
echo "DTLS 1.3 export check: PASS"
|
|
else
|
|
echo "WOLFSSL_DTLS13 not defined for this matrix entry; skipping symbol check."
|
|
fi
|