From patchwork Fri Sep 27 09:32:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3880 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:101b:b0:5b9:581e:f939 with SMTP id k27csp213633mae; Fri, 27 Sep 2024 02:32:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUPpn9sY+JuTJhh7P4zDEYwH42LbfNt1qhDtPmsfHhr7YS8lNwtXqvxMBAWozYiO4A3QOlWrRUKoII=@openvpn.net X-Google-Smtp-Source: AGHT+IGs/HLB9FkeM6JnOd1mNfequaP6DhIIjMFHHiJkZ9iQaU/RcxtGU/owR1YitHiu1olNakzj X-Received: by 2002:a05:6830:2685:b0:712:4021:b043 with SMTP id 46e09a7af769-714fbee0eeamr1284540a34.23.1727429547283; Fri, 27 Sep 2024 02:32:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727429547; cv=none; d=google.com; s=arc-20240605; b=Wa/sSUjV8cOTUsVg1m1eHWnkdhti6tESwk5Zw8M6oqbiubpfYt27878VjZJH5s+E/z EyMZIiQ/uw+u3nPPRpiN3ejW2+T8PBLRy3OlID3LIcG7dWs350Mab5kq86LWC3nKGPKi PuI/oWNPg64HtybCd2gpNR5rhA8BHe9mi6VOvtvHO8aDABlPiYSlm2JWuOiZxO6DIJMf I3rVqDJ8WLvrvtiReGlvMGctaMXtTjMpzO63hSzK8bs94mjYIyVwJn/gR/ZIOrn3pXGA 6a0DqMwSWZWbPis6ykKKffnuf3p4Hpqidk5ACYyb9DgFagrljUZHoTbpm6Mz8iF5vQ9w Wdzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=WWB/XBgcHVOxq0okNka6rb8jSwT52Krm5ECfBzgd7vk=; fh=SipEYX5S4C9flAQ9PajpSE6bO+d9zIqYY9I42vPrNlU=; b=eVk5zQ3BcPMpSsr+F9L0FhBJnXEHPYU6BeeQGLHGESRk0lteU6RPlKyyRlbS2umQg7 ThrdjnKuSo2c4W8zOLouKL5ex1l4dW5nSc+l2STvkEcXpdeolWZCuRqBFRHP9+YcvTlZ jTbjzDH5ol5w24AOB/fkq2VOkSJ/pfuepKPRZojx44c+a6EcskoKg6OCKvToOl6R9+Y5 uuFNxDs19E4+M4BNsSm8q1O48GZ365NbtFrCghW9mALRf1+diX10Jfb6j9XDK9DHman3 xkAsaWg+pwn+oJqB1syDkc7xP1SvV76dv4xBedIR+9RYBbozeVc8RJKbv+Q4+w5SGwK4 nAzw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="afp8N/S1"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZTZY00as; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=I6ShFFk+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-714fb6fa8b8si812308a34.286.2024.09.27.02.32.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Sep 2024 02:32:27 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="afp8N/S1"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZTZY00as; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=I6ShFFk+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1su7Kp-0002YG-Ry; Fri, 27 Sep 2024 09:32:23 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1su7Kn-0002Xs-D0 for openvpn-devel@lists.sourceforge.net; Fri, 27 Sep 2024 09:32:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=uK7srFCjg5OberIFaib3Q3yG+B2tbjpBZFmfLB5ZzxQ=; b=afp8N/S1ItWeyYoMP976Q5e8ru DWzXB14rkbuIzSOPDkOj6ePd6JbR455XWGXqenUd6VYS5gaqsOZrXl/ELaBvCCMKwiZAfFkQ9VO8N 4Qef00+XRgakZW2GuuXXFC+TDmgCSz3k7/RBTWN8vNMUmDO4+JY+8Y8jhbaGE005lYBs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=uK7srFCjg5OberIFaib3Q3yG+B2tbjpBZFmfLB5ZzxQ=; b=ZTZY00as3sQN+iMXEAgfOSHZIg dNTD9/hJt6cdvrURG+XpKRASdu4RdxS1bZLNofIC8G3yrcbTYXrRB1UsPF9o1s6nNIELs1rE2oV2M vOdVmOR/r4c4PxG6S4Cq1986WfKFytiJFg3zkMBRQT00KdetpDOwpulKxMd6I4YFDfMg=; Received: from mout-p-102.mailbox.org ([80.241.56.152]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1su7Km-0000ee-6b for openvpn-devel@lists.sourceforge.net; Fri, 27 Sep 2024 09:32:21 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4XFQGZ6D9lz9t1B; Fri, 27 Sep 2024 11:32:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1727429526; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uK7srFCjg5OberIFaib3Q3yG+B2tbjpBZFmfLB5ZzxQ=; b=I6ShFFk+eALXCSN86rzJxYthhhwwMafSapp6hFHnQVyanb2h/Il7UAiuvlHUCh/4Iv1i2e QQK211mV+1YQa3oMvH5mp4G8FmZeIrZ08yu1OPByTJbGBZYZJ6alUkFjX/fuQSkm6Z2i/c dWz86X1YM2Izyt/ZdT505jVj671AD7qMgCuJg7PZtwz44kFMOEXHBnUUXCyDHaZjhoOwrd Lmx5+3cUldkI8HwQAV/luEX39lBwDK4HDzur934ldqt7F+vV5+UaB2Gl/0Mywy2Y1Z2G5J Wag6Aq28XzADfhThHwi4XUujQW/EuWTt/9s6yu/TpNh+03rFIXHKzA+pmexnAA== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Fri, 27 Sep 2024 11:32:05 +0200 Message-Id: <20240927093205.22981-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4XFQGZ6D9lz9t1B X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Done by renovate. Updates will also be handled by renovate. This makes the builds slightly more deterministic and removes some potential supply-chain attack vectors. GitHub: #610 Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1su7Km-0000ee-6b Subject: [Openvpn-devel] [PATCH v1] GHA: Pin dependencies X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Yuriy Darnobyt Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1811341165145313313?= X-GMAIL-MSGID: =?utf-8?q?1811341165145313313?= Done by renovate. Updates will also be handled by renovate. This makes the builds slightly more deterministic and removes some potential supply-chain attack vectors. GitHub: #610 Change-Id: I92dfbc3a0cc347a51892600bf02b501295ce612b Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/773 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Yuriy Darnobyt diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 361d457..1bc250d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,7 +13,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y uncrustify - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: openvpn - name: Show uncrustify version @@ -27,7 +27,7 @@ - name: Show changes on standard output run: git diff working-directory: openvpn - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: uncrustify-changes.patch path: 'openvpn/uncrustify-changes.patch' @@ -49,22 +49,22 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y mingw-w64 unzip cmake ninja-build build-essential wget python3-docutils man2html-base - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Restore from cache and install vcpkg - uses: lukka/run-vcpkg@v11.5 + uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e vcpkgJsonGlob: '**/mingw/vcpkg.json' - name: Run CMake with vcpkg.json manifest - uses: lukka/run-cmake@v10.7 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 with: configurePreset: mingw-${{ matrix.arch }} buildPreset: mingw-${{ matrix.arch }} buildPresetAdditionalArgs: "['--config Debug']" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: openvpn-mingw-${{ matrix.arch }} path: | @@ -72,7 +72,7 @@ ${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll !${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: | @@ -91,9 +91,9 @@ name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" steps: - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Retrieve mingw unittest - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: openvpn-mingw-${{ matrix.arch }}-tests path: unittests @@ -165,7 +165,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} ${PKCS11PKG} - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure @@ -195,7 +195,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure @@ -256,7 +256,7 @@ - name: Install dependencies run: brew install openssl@1.1 openssl@3 lzo lz4 man2html cmocka libtool automake autoconf libressl - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure @@ -280,27 +280,27 @@ runs-on: windows-latest steps: - - uses: actions/checkout@v4 - - uses: lukka/get-cmake@v3.30.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: lukka/get-cmake@070a0507a7abe157ef918deec391da1be197d2d1 # v3.30.3 - name: Install rst2html run: python -m pip install --upgrade pip docutils - name: Restore artifacts, or setup vcpkg (do not install any package) - uses: lukka/run-vcpkg@v11.5 + uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 with: vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e vcpkgJsonGlob: '**/windows/vcpkg.json' - name: Run CMake with vcpkg.json manifest (NO TESTS) - uses: lukka/run-cmake@v10.7 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 if: ${{ matrix.arch == 'arm64' }} with: configurePreset: win-${{ matrix.arch }}-release buildPreset: win-${{ matrix.arch }}-release - name: Run CMake with vcpkg.json manifest - uses: lukka/run-cmake@v10.7 + uses: lukka/run-cmake@af1be47fd7c933593f687731bc6fdbee024d3ff4 # v10.8 if: ${{ matrix.arch != 'arm64' }} with: configurePreset: win-${{ matrix.arch }}-release @@ -308,7 +308,7 @@ testPreset: win-${{ matrix.arch }}-release testPresetAdditionalArgs: "['--output-on-failure']" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 with: name: openvpn-msvc-${{ matrix.arch }} path: | @@ -348,7 +348,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - name: "libressl: checkout" - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: libressl # versioning=semver-coerced @@ -369,7 +369,7 @@ - name: "ldconfig" run: sudo ldconfig - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure @@ -410,7 +410,7 @@ - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - name: "mbedtls: checkout" - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: mbedtls submodules: true @@ -424,7 +424,7 @@ run: sudo make install DESTDIR=/usr working-directory: mbedtls - name: Checkout OpenVPN - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: autoconf run: autoreconf -fvi - name: configure diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 37b8102..16c979d 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -13,7 +13,7 @@ steps: - name: Check submission cache id: check_submit - uses: actions/cache/restore@v4 + uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 with: path: | cov-int @@ -25,7 +25,7 @@ - name: Checkout OpenVPN if: steps.check_submit.outputs.cache-hit != 'true' - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Download Coverity Build Tool if: steps.check_submit.outputs.cache-hit != 'true' @@ -65,7 +65,7 @@ - name: Cache submission if: steps.check_submit.outputs.cache-hit != 'true' - uses: actions/cache/save@v4 + uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 with: path: | cov-int