2020 fail-fast : false
2121
2222 # Limit concurrent jobs for scheduling problem on GitHub's hosted runner pool.
23- max-parallel : 12
23+ max-parallel : 10
2424
2525 matrix :
2626 math :
3131 - " SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=0"
3232 - " SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=1"
3333 asym : [ed25519, ecc256, ecc384, ecc521, rsa2048, rsa3072, rsa4096, ed448]
34- hash : [sha256, sha384, sha3]
34+ hash : [sha256, sha384, sha3] # --sha256 for commandline, SHA256 for make
3535
3636 # See https://github.com/wolfSSL/wolfBoot/issues/614 regarding exclusions:
3737 exclude :
@@ -41,41 +41,119 @@ jobs:
4141 steps :
4242 - uses : actions/checkout@v4
4343 with :
44+ clean : true
4445 submodules : true
4546
46- - name : make clean
47+ - name : hard clean
4748 run : |
48- make keysclean && make -C tools/keytools clean && rm -f include/target.h
49+ # Ensure parallel build did not leave behind any debris
50+ make clean || true
51+ make keysclean || true
52+ make -C tools/keytools clean || true
53+
54+ # The brute-force clean:
55+ rm -rf build build-* \
56+ test-app \
57+ build/vis_hal \
58+ build/vis_cmsis \
59+ **/*.o \
60+ **/*.d \
61+ **/*.a \
62+ include/target.h \
63+ src/keystore.c \
64+ keystore.der \
65+ pubkey_*.der
4966
5067name : Build test-lib
5168 env :
5269 shell : bash
53- ASYM : ${{ matrix.asym }}
70+ ASYM : ${{ matrix.asym }} # MAKE_SIGN in upper case
5471 HASH : ${{ matrix.hash }}
5572 MATH : ${{ matrix.math }}
5673 run : |
74+ # Test various library parameters
75+
76+ export MAKE_SIGN="${ASYM^^}"
77+ export MAKE_HASH="${HASH^^}"
78+ export MAKE_MATH='${{ matrix.math }}' # e.g., "SPMATH=1 WOLFBOOT_SMALL_STACK=1"
79+ export PRIVATE_KEY="wolfboot_signing_private_key.der"
80+
81+ echo "This MAKE_SIGN=$MAKE_SIGN"
82+ echo "This MAKE_HASH=$MAKE_HASH"
83+ echo "This MAKE_MATH=$MAKE_MATH"
84+
5785 # Sample build
5886 build_once() {
5987 # Convert asym and hash to upper case, optionally add additional param
60- make -j test-lib SIGN=${ASYM^^} HASH=${HASH^^} ${MATH} "$@"
88+ echo "Build test-lib..."
89+ echo "make -j1 test-lib SIGN=${MAKE_SIGN} HASH=${MAKE_HASH} ${MATH} \"$@\""
90+ make -j1 test-lib SIGN=${MAKE_SIGN} HASH=${MAKE_HASH} ${MATH} "$@"
6191 }
6292
6393 set -euo pipefail
6494
6595 # Get the reference config
6696 cp config/examples/library.config .config
6797
98+ # peek
99+ echo "Existing files?"
100+ if [ -f "src/keystore.c" ]; then
101+ echo "WARNING: Found unexpected src/keystore.c"
102+ fi
103+ if [ -f "include/target.h" ]; then
104+ echo "WARNING: Found unexpected include/target.h"
105+ fi
106+ if [ -f "keystore.der" ]; then
107+ echo "WARNING: Found unexpected keystore.der"
108+ fi
109+ if [ -f "wolfboot_signing_private_key.der" ]; then
110+ echo "WARNING: Found unexpected wolfboot_signing_private_key.der"
111+ fi
112+ if [ -f "./tools/keytools/keystore.der" ]; then
113+ echo "WARNING: Found unexpected ./tools/keytools/keystore.der"
114+ fi
115+ if [ -f "./tools/keytools/wolfboot_signing_private_key.der" ]; then
116+ echo "WARNING: Found unexpected ./tools/keytools/wolfboot_signing_private_key.der"
117+ fi
118+
68119 # Keytools
69- make keytools
70- ./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der
120+ echo ""
121+ echo "make -j1 keytools SIGN=\"${MAKE_SIGN}\" HASH=\"${MAKE_HASH}\" $MATH"
122+ make -j1 keytools SIGN="${MAKE_SIGN}" HASH="${MAKE_HASH}" $MATH
123+
124+ # Generate keys
125+ echo ""
126+ echo "./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der"
127+ ./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der
128+
129+ # Force fresh files
130+ # peek
131+ echo "Existing files?"
132+ if [ -f "src/keystore.c" ]; then
133+ echo "Found unexpected src/keystore.c"
134+ fi
135+ if [ -f "include/target.h" ]; then
136+ echo "Found unexpected include/target.h"
137+ fi
138+ if [ -f "keystore.der" ]; then
139+ echo "Found unexpected keystore.der"
140+ fi
141+ if [ -f "wolfboot_signing_private_key.der" ]; then
142+ echo "Found unexpected wolfboot_signing_private_key.der"
143+ fi
71144
72145 # Sign
146+ echo ""
73147 echo "Test" > test.bin
74- ./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1
148+ echo "Sign test.bin"
149+ echo "./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1"
150+ ./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1
75151
76152 # First attempt
77153 if build_once >build.out 2>build.err; then
78154 echo "Success on first attempt, WOLFBOOT_HUGE_STACK not applied."
155+ cat build.out
156+ cat build.err
79157 exit 0
80158 fi
81159
@@ -90,12 +168,16 @@ jobs:
90168 build_once WOLFBOOT_HUGE_STACK=1
91169 else
92170 echo "Build failed for another reason:"
171+ cat build.out
93172 cat build.err
94173 exit 1
95174 fi
96175
97176name : Run test-lib
98177 run : |
178+ # Check test_v1_signed.bin
179+
180+ echo "./test-lib test_v1_signed.bin"
99181 ./test-lib test_v1_signed.bin
100182 ./test-lib test_v1_signed.bin 2>&1 | grep "Firmware Valid"
101183
@@ -104,5 +186,25 @@ jobs:
104186 # Corrupt signed binary
105187 truncate -s -1 test_v1_signed.bin
106188 echo "A" >> test_v1_signed.bin
107- ./test-lib test_v1_signed.bin
108- ./test-lib test_v1_signed.bin 2>&1 | grep "Failure"
189+
190+ # Run once, capture output and status
191+ set +e
192+ output=$(./test-lib test_v1_signed.bin 2>&1)
193+ status=$?
194+ set -e
195+
196+ echo "$output"
197+
198+ # Must have failed (non-zero exit)
199+ if [ $status -eq 0 ]; then
200+ echo "Expected failure, but exit code was 0"
201+ exit 1
202+ fi
203+
204+ # Must include the expected Failure message
205+ echo "$output" | grep -F "Failure" >/dev/null || {
206+ echo "Expected 'Failure' not found in output"
207+ exit 1
208+ }
209+
210+ echo "Got expected non-zero exit and 'Failure' message."
0 commit comments