When installing in standalone mode, don't modify system config #1774
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Stunnel Tests | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| build_wolfprovider: | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| fips_ref: ${{ matrix.fips_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.2-stable' ] | |
| openssl_ref: [ 'openssl-3.5.2' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true ] | |
| test_stunnel: | |
| runs-on: ubuntu-22.04 | |
| needs: build_wolfprovider | |
| container: | |
| image: debian:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| # This should be a safe limit for the tests to run. | |
| timeout-minutes: 10 | |
| strategy: | |
| matrix: | |
| stunnel_ref: [ 'stunnel-5.67' ] | |
| wolfssl_ref: [ 'v5.8.2-stable' ] | |
| openssl_ref: [ 'openssl-3.5.2' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] | |
| replace_default: [ true ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download packages from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} | |
| path: /tmp | |
| - name: Install wolfSSL/OpenSSL/wolfprov packages | |
| run: | | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh \ | |
| ${{ matrix.replace_default && '--replace-default' || '' }} \ | |
| ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} | |
| - name: Install dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y build-essential autoconf automake \ | |
| autoconf-archive libtool libwrap0-dev pkg-config python3-venv \ | |
| python3-cryptography patch git | |
| - name: Check Python version | |
| run: python3 --version | |
| - name: Checkout Stunnel | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: mtrojnar/stunnel | |
| ref: ${{ matrix.stunnel_ref }} | |
| path: stunnel | |
| fetch-depth: 1 | |
| - name: Checkout OSP | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: wolfssl/osp | |
| path: osp | |
| fetch-depth: 1 | |
| - name: Apply OSP patch to Stunnel | |
| if : ${{ matrix.stunnel_ref == 'stunnel-5.67' }} | |
| working-directory: ./stunnel | |
| run: | | |
| # Apply patch for WOLFPROV_FORCE_FAIL | |
| patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/stunnel/stunnel-WPFF-5.67-wolfprov.patch | |
| - name: Build Stunnel | |
| working-directory: ./stunnel | |
| run: | | |
| autoreconf -ivf | |
| ./configure | |
| make -j | |
| - name: Update python cryptography module | |
| working-directory: ./stunnel | |
| shell: bash | |
| run: | | |
| python3 -m venv myenv | |
| source myenv/bin/activate | |
| - name: Verify stunnel with wolfProvider | |
| working-directory: ./stunnel | |
| shell: bash | |
| run: | | |
| set +o pipefail # ignore errors from make check | |
| export ${{ matrix.force_fail }} | |
| # enter venv | |
| source myenv/bin/activate | |
| # Set this variable to prevent attempts to load the legacy OpenSSL | |
| # provider, which we don't support. | |
| # This is necessary for OpenSSL 3.0+ to avoid errors related to legacy | |
| # algorithms that are not supported by wolfProvider. | |
| export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 | |
| # Verify stunnel | |
| ./src/stunnel -version | |
| # Run tests | |
| # Results captured in tests/logs/results.log | |
| # Use `timeout` since the tests hang with WOLFPROV_FORCE_FAIL=1 | |
| timeout 10 make check 2>&1 || true | |
| # grep for "failed: 0" in the results log, indicating success | |
| TEST_RESULT=$(grep -c "failed: 0" tests/logs/results.log || echo 1) | |
| echo "Test result: $TEST_RESULT" | |
| $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} stunnel |