When installing in standalone mode, don't modify system config #747
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Debian Package Test | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| build_wolfprovider: | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| fips_ref: ${{ matrix.fips_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.2-stable' ] | |
| openssl_ref: [ 'openssl-3.5.2' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true, false ] | |
| libwolfprov-replace-default: | |
| name: libwolfprov ${{ matrix.replace_default && 'replace-default' || 'standalone' }} ${{ matrix.fips_ref }} | |
| runs-on: ubuntu-22.04 | |
| needs: build_wolfprovider | |
| # Run inside Debian Bookworm to match packaging environment | |
| container: | |
| image: debian:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| # This should be a safe limit for the tests to run. | |
| timeout-minutes: 20 | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.2-stable' ] | |
| openssl_ref: [ 'openssl-3.5.2' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true, false ] | |
| force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| WOLFPROV_CONF_FILE: /etc/ssl/openssl.cnf.d/wolfprovider.conf | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download packages from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} | |
| path: /tmp | |
| - name: Install wolfSSL/OpenSSL/wolfprov packages | |
| run: | | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| source $GITHUB_WORKSPACE/scripts/env-setup | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh \ | |
| ${{ matrix.replace_default && '--replace-default' || '' }} \ | |
| ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} | |
| - name: Test OpenSSL provider functionality | |
| run: | | |
| WOLFPROV_CONF_BACKUP="/tmp/wolfprovider.conf.backup" | |
| # Temporarily move wolfprovider config so we can toggle between providers | |
| echo "Temporarily disabling wolfprovider for default provider tests:" | |
| mkdir -p /tmp/openssl-test | |
| if [ -f $WOLFPROV_CONF_FILE ]; then | |
| mv $WOLFPROV_CONF_FILE $WOLFPROV_CONF_BACKUP | |
| echo " - Moved $WOLFPROV_CONF_FILE to $WOLFPROV_CONF_BACKUP" | |
| else | |
| echo "$WOLFPROV_CONF_FILE not found!" | |
| exit 1 | |
| fi | |
| # Run the do-cmd-test.sh script to execute interoperability tests | |
| echo "Running OpenSSL provider interoperability tests..." | |
| OPENSSL_BIN=$(eval which openssl) ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh | |
| # Restore wolfprovider configuration | |
| echo "Restoring wolfprovider configuration:" | |
| if [ -f $WOLFPROV_CONF_BACKUP ]; then | |
| mv $WOLFPROV_CONF_BACKUP $WOLFPROV_CONF_FILE | |
| echo " - Restored $WOLFPROV_CONF_FILE from $WOLFPROV_CONF_BACKUP" | |
| fi | |
| echo "PASS: All provider interoperability tests successful" | |
| - name: Uninstall package and verify cleanup | |
| run: | | |
| # Uninstall the package | |
| apt-get remove -y libwolfprov | |
| if openssl list -providers | grep -q "wolfSSL Provider"; then | |
| echo "wolfprovider is still listed as an OpenSSL provider" | |
| exit 1 | |
| fi | |
| # Purge the package to remove all files | |
| apt-get remove --purge -y libwolfprov | |
| # Verify the package is removed | |
| if dpkg -l | grep -q libwolfprov; then | |
| echo "Package still installed after removal" | |
| dpkg -l | grep libwolfprov | |
| exit 1 | |
| else | |
| echo "Package successfully removed" | |
| fi | |
| # Check if the config file is removed | |
| if [ -f $WOLFPROV_CONF_FILE ]; then | |
| echo "wolfprovider.conf still exists after package removal" | |
| ls -la $(dirname $WOLFPROV_CONF_FILE) | |
| exit 1 | |
| else | |
| echo "wolfprovider.conf successfully removed" | |
| fi | |
| # Check if the library files are removed | |
| WOLFPROV_OBJS=$(find /usr/lib -name "libwolfprov.so*") | |
| if [ -n "$WOLFPROV_OBJS" ]; then | |
| echo "libwolfprov.so still exists after package removal" | |
| echo "$WOLFPROV_OBJS" | |
| exit 1 | |
| else | |
| echo "libwolfprov.so successfully removed" | |
| fi | |
| echo "Package uninstallation and cleanup verification successful" |