Skip to content

Commit d67e856

Browse files
author
Test User
committed
Rebase to master FIPS CI github addition
1 parent a7b2323 commit d67e856

40 files changed

+1121
-883
lines changed

.github/workflows/bind9.yml

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: Bind9 Tests
33
# START OF COMMON SECTION
44
on:
55
push:
6-
branches: [ 'master', 'main', 'release/**' ]
6+
branches: [ 'master', 'main', 'build-wolfprov-debian2', 'release/**' ]
77
pull_request:
88
branches: [ '*' ]
99

@@ -18,21 +18,22 @@ jobs:
1818
with:
1919
wolfssl_ref: ${{ matrix.wolfssl_ref }}
2020
openssl_ref: ${{ matrix.openssl_ref }}
21+
fips_ref: ${{ matrix.fips_ref }}
2122
replace_default: ${{ matrix.replace_default }}
2223
strategy:
2324
matrix:
2425
wolfssl_ref: [ 'v5.8.2-stable' ]
2526
openssl_ref: [ 'openssl-3.5.2' ]
27+
fips_ref: [ 'FIPS', 'non-FIPS' ]
2628
replace_default: [ true ]
27-
fips: [ false ]
2829

2930
test_bind:
3031
runs-on: ubuntu-22.04
32+
needs: build_wolfprovider
3133
container:
3234
image: debian:bookworm
3335
env:
3436
DEBIAN_FRONTEND: noninteractive
35-
needs: build_wolfprovider
3637
# This should be a safe limit for the tests to run.
3738
timeout-minutes: 20
3839
strategy:
@@ -41,9 +42,9 @@ jobs:
4142
bind_ref: [ 'v9.18.28' ]
4243
wolfssl_ref: [ 'v5.8.2-stable' ]
4344
openssl_ref: [ 'openssl-3.5.2' ]
45+
fips_ref: [ 'FIPS', 'non-FIPS' ]
4446
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
4547
replace_default: [ true ]
46-
fips: [ false ]
4748
env:
4849
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
4950
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -54,20 +55,21 @@ jobs:
5455
with:
5556
fetch-depth: 1
5657

57-
- name: Checking OpenSSL/wolfProvider packages in cache
58-
uses: actions/cache/restore@v4
59-
id: wolfprov-cache
58+
- name: Download packages from build job
59+
uses: actions/download-artifact@v4
6060
with:
61-
path: |
62-
${{ env.WOLFSSL_PACKAGES_PATH }}
63-
${{ env.OPENSSL_PACKAGES_PATH }}
64-
${{ env.WOLFPROV_PACKAGES_PATH }}
65-
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
66-
fail-on-cache-miss: true
61+
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
62+
path: /tmp/packages
63+
64+
- name: Setup package directories
65+
run: |
66+
mv /tmp/packages/wolfssl-packages ${{ env.WOLFSSL_PACKAGES_PATH }}
67+
mv /tmp/packages/openssl-packages ${{ env.OPENSSL_PACKAGES_PATH }}
68+
mv /tmp/packages/wolfprov-packages ${{ env.WOLFPROV_PACKAGES_PATH }}
6769
6870
- name: Install wolfSSL/OpenSSL/wolfprov packages
6971
run: |
70-
printf "Installing OpenSSL/wolfProvider packages:\n"
72+
printf "Installing OpenSSL/wolfProvider packages (${{ matrix.fips_ref }}):\n"
7173
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
7274
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
7375
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
@@ -85,7 +87,9 @@ jobs:
8587
8688
- name: Verify wolfProvider is properly installed
8789
run: |
88-
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
90+
$GITHUB_WORKSPACE/scripts/verify-install.sh \
91+
${{ matrix.replace_default && '--replace-default' || '' }} \
92+
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
8993
9094
- name: Install bind9 test dependencies
9195
run: |

.github/workflows/build-wolfprovider.yml

Lines changed: 108 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
steps:
3232
# Install git prior to cloning to ensure we have the full repo
3333
# TODO: create a docker with these pre-installed
34-
- name: Install common dependencies
34+
- name: Install build dependencies
3535
run: |
3636
apt-get update && apt-get install -y --no-install-recommends \
3737
build-essential \
@@ -55,6 +55,87 @@ jobs:
5555
bc \
5656
libdistro-info-perl
5757
58+
# Download pre-built packages from debs branch
59+
- name: Checkout debs branch
60+
uses: actions/checkout@v4
61+
with:
62+
repository: wolfSSL/wolfProvider
63+
ref: debs
64+
sparse-checkout: |
65+
fips
66+
nonfips
67+
openssl
68+
sparse-checkout-cone-mode: false
69+
path: debs
70+
71+
- name: Setup packages from debs branch
72+
run: |
73+
mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
74+
mkdir -p ${{ env.OPENSSL_PACKAGES_PATH }}
75+
76+
echo "Available packages in debs branch:"
77+
ls -la debs/
78+
79+
# Copy packages based on build type
80+
if [ "${{ inputs.fips_ref }}" = "FIPS" ]; then
81+
if [ -d "debs/fips" ] && [ "$(ls -A debs/fips/*.deb 2>/dev/null)" ]; then
82+
echo "Copying FIPS wolfSSL packages..."
83+
cp debs/fips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/
84+
else
85+
echo "ERROR: No FIPS packages found in debs branch"
86+
exit 1
87+
fi
88+
else
89+
if [ -d "debs/nonfips" ] && [ "$(ls -A debs/nonfips/*.deb 2>/dev/null)" ]; then
90+
echo "Copying non-FIPS wolfSSL packages..."
91+
cp debs/nonfips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/
92+
else
93+
echo "ERROR: No non-FIPS packages found in debs branch"
94+
exit 1
95+
fi
96+
fi
97+
# Copy OpenSSL packages
98+
if [ -d "debs/openssl" ] && [ "$(ls -A debs/openssl/*.deb 2>/dev/null)" ]; then
99+
echo "Copying OpenSSL packages..."
100+
cp debs/openssl/*.deb ${{ env.OPENSSL_PACKAGES_PATH }}/
101+
else
102+
echo "WARNING: No OpenSSL packages found in debs branch"
103+
fi
104+
105+
echo ""
106+
echo "Packages ready for installation:"
107+
echo "wolfSSL packages:"
108+
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
109+
echo ""
110+
echo "OpenSSL packages:"
111+
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
112+
113+
- name: Install OpenSSL and wolfSSL packages
114+
run: |
115+
echo "Installing OpenSSL and wolfSSL packages (${{ inputs.fips_ref }})..."
116+
117+
# Install OpenSSL packages first
118+
if [ -n "$(ls -A ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then
119+
echo "Installing OpenSSL packages..."
120+
dpkg -i ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb || true
121+
fi
122+
# Install wolfSSL packages
123+
if [ -n "$(ls -A ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then
124+
echo "Installing wolfSSL packages..."
125+
dpkg -i ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb || true
126+
fi
127+
128+
# Fix any dependency issues
129+
apt-get install -f -y
130+
131+
echo ""
132+
echo "Packages installed successfully:"
133+
echo "OpenSSL:"
134+
dpkg -l | grep openssl || echo " No OpenSSL packages found"
135+
echo ""
136+
echo "wolfSSL:"
137+
dpkg -l | grep wolfssl || echo " No wolfSSL packages found"
138+
58139
- name: Checkout wolfProvider
59140
uses: actions/checkout@v4
60141
with:
@@ -72,22 +153,38 @@ jobs:
72153
git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true
73154
git fetch upstream --tags --no-recurse-submodules
74155
75-
- name: Install wolfSSL
76-
run: |
77-
$GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
78-
79-
- name: Install OpenSSL
80-
run: |
81-
$GITHUB_WORKSPACE/debian/install-openssl.sh ${{ inputs.replace_default && '--replace-default' || '' }} ${{ env.OPENSSL_PACKAGES_PATH }}
82-
83156
- name: Install wolfProvider
84157
run: |
85-
$GITHUB_WORKSPACE/debian/install-wolfprov.sh ${{ env.WOLFPROV_PACKAGES_PATH }}
158+
if [ "${{ inputs.fips_ref }}" = "FIPS" ]; then
159+
FIPS_FLAG="--fips"
160+
else
161+
FIPS_FLAG=""
162+
fi
163+
$GITHUB_WORKSPACE/debian/install-wolfprov.sh $FIPS_FLAG ${{ env.WOLFPROV_PACKAGES_PATH }} || {
164+
echo "Build failed. Showing test-suite.log if available:"
165+
find . -name "test-suite.log" -exec cat {} \;
166+
exit 1
167+
}
86168
87-
- name: List packages directories
169+
- name: Setup packages directory
88170
run: |
171+
mkdir -p ${{ env.WOLFPROV_PACKAGES_PATH }}
172+
173+
# Copy wolfProvider packages (built in previous step)
174+
cp $GITHUB_WORKSPACE/../libwolfprov*.deb ${{ env.WOLFPROV_PACKAGES_PATH }}
175+
cp $GITHUB_WORKSPACE/../libwolfprov*.dsc ${{ env.WOLFPROV_PACKAGES_PATH }}
176+
cp $GITHUB_WORKSPACE/../libwolfprov*.tar.gz ${{ env.WOLFPROV_PACKAGES_PATH }}
177+
178+
# Note: OpenSSL and wolfSSL packages already copied from debs branch earlier
179+
180+
printf "Listing packages directory:\n"
181+
echo "wolfProvider packages:"
89182
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
183+
echo ""
184+
echo "wolfSSL packages:"
90185
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
186+
echo ""
187+
echo "OpenSSL packages:"
91188
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
92189
93190
- name: Save all packages to cache for use by other workflows

.github/workflows/cjose.yml

Lines changed: 20 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: cjose Tests
33
# START OF COMMON SECTION
44
on:
55
push:
6-
branches: ['*'] #[ 'master', 'main', 'release/**' ]
6+
branches: [ 'master', 'main', 'release/**' ]
77
pull_request:
88
branches: [ '*' ]
99

@@ -18,13 +18,14 @@ jobs:
1818
with:
1919
wolfssl_ref: ${{ matrix.wolfssl_ref }}
2020
openssl_ref: ${{ matrix.openssl_ref }}
21+
fips_ref: ${{ matrix.fips_ref }}
2122
replace_default: ${{ matrix.replace_default }}
2223
strategy:
2324
matrix:
2425
wolfssl_ref: [ 'v5.8.2-stable' ]
2526
openssl_ref: [ 'openssl-3.5.2' ]
27+
fips_ref: [ 'FIPS', 'non-FIPS' ]
2628
replace_default: [ true ]
27-
fips: [ false ]
2829

2930
test_cjose:
3031
runs-on: ubuntu-22.04
@@ -42,9 +43,9 @@ jobs:
4243
cjose_ref: [ 'v0.6.2.1' ]
4344
wolfssl_ref: [ 'v5.8.2-stable' ]
4445
openssl_ref: [ 'openssl-3.5.2' ]
46+
fips_ref: [ 'FIPS', 'non-FIPS' ]
4547
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
4648
replace_default: [ true ]
47-
fips: [ false ]
4849
env:
4950
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
5051
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -61,38 +62,41 @@ jobs:
6162
with:
6263
fetch-depth: 1
6364

64-
- name: Checking OpenSSL/wolfProvider packages in cache
65-
uses: actions/cache/restore@v4
66-
id: wolfprov-cache
65+
- name: Download packages from build job
66+
uses: actions/download-artifact@v4
6767
with:
68-
path: |
69-
${{ env.WOLFSSL_PACKAGES_PATH }}
70-
${{ env.OPENSSL_PACKAGES_PATH }}
71-
${{ env.WOLFPROV_PACKAGES_PATH }}
72-
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
73-
fail-on-cache-miss: true
68+
name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}
69+
path: /tmp/packages
70+
71+
- name: Setup package directories
72+
run: |
73+
mv /tmp/packages/wolfssl-packages ${{ env.WOLFSSL_PACKAGES_PATH }}
74+
mv /tmp/packages/openssl-packages ${{ env.OPENSSL_PACKAGES_PATH }}
75+
mv /tmp/packages/wolfprov-packages ${{ env.WOLFPROV_PACKAGES_PATH }}
7476
7577
- name: Install wolfSSL/OpenSSL/wolfprov packages
7678
run: |
77-
printf "Installing OpenSSL/wolfProvider packages:\n"
79+
printf "Installing OpenSSL/wolfProvider packages (${{ matrix.fips_ref }}):\n"
7880
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
7981
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
8082
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
8183
82-
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
84+
apt install --reinstall -y \
8385
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
8486
8587
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
8688
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
8789
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
8890
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
8991
90-
apt install --reinstall -y --allow-downgrades --allow-change-held-packages \
92+
apt install --reinstall -y \
9193
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
9294
9395
- name: Verify wolfProvider is properly installed
9496
run: |
95-
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
97+
$GITHUB_WORKSPACE/scripts/verify-install.sh \
98+
${{ matrix.replace_default && '--replace-default' || '' }} \
99+
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
96100
97101
- name: Download cjose
98102
uses: actions/checkout@v4

0 commit comments

Comments
 (0)