From patchwork Sun Mar 22 10:38:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4846 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:8796:b0:83c:d90d:321 with SMTP id cq22csp296878mab; Sun, 22 Mar 2026 03:38:42 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVve39andAAizGYp7RCr2UhptFxWlQWErK8K4f/OUkcmiO0fOSK/bWgfRLzuFJ2nMO4r2ZMgrU21ew=@openvpn.net X-Received: by 2002:a05:6820:201a:b0:67d:9cc4:5c59 with SMTP id 006d021491bc7-67d9cc465ebmr2855241eaf.31.1774175921912; Sun, 22 Mar 2026 03:38:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774175921; cv=none; d=google.com; s=arc-20240605; b=KQhPPjLGOD6JYTxKjwVz0JZUv2d0oN0IHIj6OVoeU6FAwCsWwkoQsw+BRf7jMJYIWr 23uhhgXGQ8ndkv1bv2Vj4cs1AXIoVFafCRpb1TEorPb3qTSy6o+VzjhCY36dOhveUGmK BKoC+aRYf6P17oH7osYZWpctXbjCa5Q+GRdIHhm1YY3iNSnLuSTYeGzwhEWkKua7P35B pUDrcMyuYHrqPcGSWv+LA7uCGUSq6Xw+CayQOhpbrgtsIGVsW4bCRLpDTYpeURUoH/XS eqvg5Z8xR+RqCQkaNJgi4PD6WYgsc42m8boug4s9ZwTr/3DA4N/uu7ZxBw/hpLHs5a5r x/iQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=+/0h2u8lWfBy2n/3exf8fRcfhNfVBMT6bgD5Q0eeg5g=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=cjHy/He2z9uwGTcwktwUnbq40D7mvBAJRRefmfgvkk/DuK7kt340203SYvdek39W+D toWFKzz4EkTZKJKC8NQYzjHR2Quo2fWNHjQ8w1Rj+sgumEiDHrU+RrXuEZk2yiLh+E5y lpPhSBN+4qj10sANerrX1nfsFx57OXn4nATJxmHwT6St/VpEVRbaPZmpPCJKcE43iKxm Fzao1bCKZZ7ZzcCRkxEl1CZK6S4aJj6LeIFQUJpU/rfRZwBfsuhVA941tW9Lmfte5XHZ TFYTXcI3PB3nmzCLYTAs1Kf48OnTOqDSTtOVXmoJy1TomGccQklB1nm0PIe3jcoOQdcz Icuw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=EIW75G3E; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dkkcGx7W; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=k0R3puzD; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-67c254474d5si3578443eaf.73.2026.03.22.03.38.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 22 Mar 2026 03:38:41 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=EIW75G3E; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dkkcGx7W; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=k0R3puzD; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+/0h2u8lWfBy2n/3exf8fRcfhNfVBMT6bgD5Q0eeg5g=; b=EIW75G3EuffsoOi+VFlNp2kH2a n50AwDRg78H/RT0dE4qc4YjcFXO0d5VZbjiJIknRN8cUiyHiDFVRmVFrb84cQYZrnC+39GsaqoV+r S89kzJFfd6lSzCv6v1IWgrNP+mOhxr8BtT0RRa8+PjnYCGXN71nholIeBT2jg+V7ejAM=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w4GCZ-0002vF-UP; Sun, 22 Mar 2026 10:38:35 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w4GCY-0002v8-M1 for openvpn-devel@lists.sourceforge.net; Sun, 22 Mar 2026 10:38:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=fOxlOFzL14eiJ4fqd4AWLRxda1UXTdQ/BZpIDQYwiP0=; b=dkkcGx7Wpm57wcvyMTWRUg4dOS dYCT4I5OLftqATojD3HauBJaf4Z4Z2QEhelRsn50e7nkx0Ublqe1889T3bjN7kerOOP4rYVa+ivbf +UUM1U3iLub8rHIhVKJq4v8Fu39FNpnWA8Oh/EaMP5MOlu85lfR52CX8YthCdt8P2/oM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fOxlOFzL14eiJ4fqd4AWLRxda1UXTdQ/BZpIDQYwiP0=; b=k0R3puzDkE9qdEKsIvZnjGQHki sywsDBs90+EvOwZ83I88VzT/f7ePsaSWpg5WR2+2TQBmFCVvCzcTLY9DE1GJITQWK+MOquFkt537h 0QOcYEBlnOyUyLJ08NJ04tO1RyOdCs71Ng7CFlWwHbiKNeWNAM/EYJM9EJYS5P4SKhnQ=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1w4GCX-0000yC-3x for openvpn-devel@lists.sourceforge.net; Sun, 22 Mar 2026 10:38:34 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 62MAcLOt004736 for ; Sun, 22 Mar 2026 11:38:21 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 62MAcLkK004735 for openvpn-devel@lists.sourceforge.net; Sun, 22 Mar 2026 11:38:21 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 22 Mar 2026 11:38:13 +0100 Message-ID: <20260322103820.4717-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe Semver code changes by Frank Change-Id: Ie21fdb01b843a7af09fcd469b08c775eee7e3745 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1w4GCX-0000yC-3x Subject: [Openvpn-devel] [PATCH v4] GHA: Cache built crypto libraries X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1860358291604447094?= X-GMAIL-MSGID: =?utf-8?q?1860358291604447094?= From: Arne Schwabe Semver code changes by Frank Change-Id: Ie21fdb01b843a7af09fcd469b08c775eee7e3745 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1577 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1577 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index dd8e472..186662d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -328,29 +328,43 @@ LDFLAGS: ${{ matrix.ldflags }} CC: ${{matrix.cc}} UBSAN_OPTIONS: print_stacktrace=1 + # versioning=semver-coerced + LIBRESSL_REPO: libressl/portable + LIBRESSL_VERSION: v4.2.1 + LIBRESSL_INSTALL: /opt/libressl steps: - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev + - name: Restore libressl from cache + uses: actions/cache@v5 + id: libressl-cache + with: + path: ${{ env.LIBRESSL_INSTALL }} + key: ${{ matrix.os }}-libressl-${{matrix.build }}-${{ env.LIBRESSL_VERSION }} - name: "libressl: checkout" + if: steps.libressl-cache.outputs.cache-hit != 'true' uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: libressl - # versioning=semver-coerced - repository: libressl/portable - ref: v4.2.1 + repository: ${{ env.LIBRESSL_REPO }} + ref: ${{ env.LIBRESSL_VERSION }} - name: "libressl: autogen.sh" + if: steps.libressl-cache.outputs.cache-hit != 'true' env: LIBRESSL_GIT_OPTIONS: "--no-single-branch" run: ./autogen.sh working-directory: libressl - name: "libressl: configure" - run: ./configure + if: steps.libressl-cache.outputs.cache-hit != 'true' + run: ./configure --prefix=${{ env.LIBRESSL_INSTALL }} working-directory: libressl - name: "libressl: make all" + if: steps.libressl-cache.outputs.cache-hit != 'true' run: make -j3 working-directory: libressl - name: "libressl: make install" + if: steps.libressl-cache.outputs.cache-hit != 'true' run: sudo make install working-directory: libressl - name: "ldconfig" @@ -360,7 +374,11 @@ - name: autoconf run: autoreconf -fvi - name: configure - run: ./configure --with-crypto-library=openssl ${{matrix.configureflags}} --enable-werror + run: | + OPENSSL_CFLAGS="-I${{ env.LIBRESSL_INSTALL }}/include" \ + OPENSSL_LIBS="-L${{ env.LIBRESSL_INSTALL }}/lib -lssl -lcrypto" \ + LDFLAGS="-Wl,-rpath=${{ env.LIBRESSL_INSTALL }}/lib" \ + ./configure --with-crypto-library=openssl --enable-werror ${{matrix.configureflags}} - name: make all run: make -j3 - name: Ensure the build uses LibreSSL @@ -396,27 +414,41 @@ LDFLAGS: ${{ matrix.ldflags }} CC: ${{matrix.cc}} UBSAN_OPTIONS: print_stacktrace=1 + PKG_CONFIG_PATH: /opt/mbedtls4/lib/pkgconfig + # versioning=semver-coerced + MBEDTLS_REPO: Mbed-TLS/mbedtls + MBEDTLS_VERSION: v4.0.0 + MBEDTLS_INSTALL: /opt/mbedtls4 steps: - name: Install dependencies run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev + - name: Restore mbed TLS from cache + uses: actions/cache@v5 + id: mbedtls-cache + with: + path: ${{ env.MBEDTLS_INSTALL }} + key: ${{ matrix.os }}-mbedtls-${{matrix.build }}-${{ env.MBEDTLS_VERSION }} - name: "mbedtls: checkout" + if: steps.mbedtls-cache.outputs.cache-hit != 'true' uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: mbedtls submodules: recursive - # versioning=semver-coerced - repository: Mbed-TLS/mbedtls - ref: v4.0.0 + repository: ${{ env.MBEDTLS_REPO }} + ref: ${{ env.MBEDTLS_VERSION }} - uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3 - name: "mbedtls: cmake" - run: cmake -B build + if: steps.mbedtls-cache.outputs.cache-hit != 'true' + run: cmake -B build -DCMAKE_INSTALL_PREFIX=${{ env.MBEDTLS_INSTAL }} working-directory: mbedtls - name: "mbedtls: cmake --build" + if: steps.mbedtls-cache.outputs.cache-hit != 'true' run: cmake --build build working-directory: mbedtls - name: "mbedtls: cmake --install" - run: sudo cmake --install build --prefix /usr + if: steps.mbedtls-cache.outputs.cache-hit != 'true' + run: sudo cmake --install build working-directory: mbedtls - name: Checkout OpenVPN uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -426,7 +458,7 @@ run: ./configure --with-crypto-library=mbedtls --enable-werror - name: make all run: make -j3 - - name: Ensure the build uses mbed TLS 4.x + - name: Ensure the build uses mbed TLS ${{ env.MBEDTLS_VERSION }} run: | ./src/openvpn/openvpn --version ./src/openvpn/openvpn --version | grep -q "library versions: mbed TLS 4." @@ -463,19 +495,29 @@ CXX: ${{matrix.cxx}} UBSAN_OPTIONS: print_stacktrace=1 AWS_LC_INSTALL: /opt/aws-lc + # versioning=semver-coerced + AWS_LC_REPO: aws/aws-lc + AWS_LC_VERSION: v1.70.0 steps: - name: Install dependencies run: sudo apt update && sudo apt install -y gcc golang make liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev + - name: Restore AWS-LC from cache + uses: actions/cache@v5 + id: aws-lc-cache + with: + path: ${{ env.AWS_LC_INSTALL }} + key: ${{ matrix.os }}-aws-lc-${{matrix.build }}-${{ env.AWS_LC_VERSION }} - name: "AWS-LC: checkout" + if: steps.aws-lc-cache.outputs.cache-hit != 'true' uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: aws-lc - # versioning=semver-coerced - repository: aws/aws-lc - ref: v1.70.0 + repository: ${{ env.AWS_LC_REPO }} + ref: ${{ env.AWS_LC_VERSION }} - uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3 - name: "AWS-LC: build" + if: steps.aws-lc-cache.outputs.cache-hit != 'true' run: | mkdir build cd build diff --git a/renovate.json b/renovate.json index d0f319d..f9c62c4 100644 --- a/renovate.json +++ b/renovate.json @@ -40,9 +40,10 @@ "/^\\.github/workflows/.+\\.ya?ml$/" ], "matchStrings": [ - "versioning=(?.*?)\\n\\s*repository:\\s*(?.*?)\\n\\s*ref:\\s*(?.*?)\\n" + "versioning=(?.*?)\\n\\s*.*?_REPO:\\s*(?.*?)\\n\\s*.*?_VERSION:\\s*(?.*?)\\n" ], "datasourceTemplate": "github-tags" } + ] }