From patchwork Mon Apr 20 14:25:13 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4900 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:66c6:b0:84a:48f:a1fd with SMTP id x6csp1671345mal; Mon, 20 Apr 2026 07:25:40 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+Vge45GXqED8X5ewcuTUUcJcU29vKlLx4uUjEa26GUSlLeKmLCP0qxEh8EAAEB8k0Bp3xalkFtKo4=@openvpn.net X-Received: by 2002:a05:6820:626:b0:68c:a53c:8ff1 with SMTP id 006d021491bc7-69462e2de31mr7488148eaf.11.1776695140206; Mon, 20 Apr 2026 07:25:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776695140; cv=none; d=google.com; s=arc-20240605; b=gAunT3YHQZ2F+PxwXUpemKgDteHRw7bWICCO9+ZY8djU2wdzq7g8j/tEPn7SWEYjGk bxiFC3FE9A9zUJjNFr2CQIbps3Kv7ZJ1qqmIsk+hxI7b++F/SdhfsYHBCja7JEBcrW7h O/L6KGFk0xFaQhESXo7vsFC9MqTpdhs24aB4x/LfM7D75ZAM6XJ3qhdi/+pWKAM2beBz 2hOK7C3bH5KE8/e7bPSqDXgXbv8SsBhzaTD5zArSCxreA+ydcux6OwoAXEjP6xAR+d+O FC699nsy65wA8AK5rrM7OvVwkRagXMNf04DUCJQYDef37v8XI4BLEBPSTZhirf62MVQQ Idrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=iCqzy6TB6/uFqkt0PoutrAmh2OIqAUbp9EnO3QtC8W0=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=RWifunWSoeMGIUQ5yPAYdMaZHt7KcnTsljO34E5+P05s5kDZEbM9ycYK6gT0o2oDAP 2aKgWZrQtB2+7lXIhAZFolVM19gWBGKgKdACCJxYA9T/ugcprz6P0KydxtMmbtaNaxws CmeGZAf5L0wM4Mg915UUjEewTGkGcbbqoN7iD73YFwcm4eFIWZlzgZWPk/EgFe+NJt67 VU1PviPSGVW24ZiMrWmTvuX0lKEzUKrfqNiVbCtLMYG7GM15YmM5Lsd0uVoJMDEfj9b7 UTZKWc2ZpXY/InuhNBmQkUbbPdyHLNtGQ6R3TDO3v4t9Gi+kIj95OAX9HE0c2+3wkD0m 2P3g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Qk58LWF0; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=EyqwrHKy; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Fz/51+V8"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-69464e47b85si5713387eaf.16.2026.04.20.07.25.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Apr 2026 07:25:39 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Qk58LWF0; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=EyqwrHKy; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="Fz/51+V8"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=iCqzy6TB6/uFqkt0PoutrAmh2OIqAUbp9EnO3QtC8W0=; b=Qk58LWF0QJLAd9crj2bDxVJSjh KDp9DX1P0YocFPs4m53xFFGj4+Btb6WsBTGPT/34UX2hvSVL5kurt3KgIDuvMzkCz2GmqoIxtgk7Q +rq7itAAuiBM7CcuIWtCW/1NcD/mDHoKADfZIhzKDD9awBSiC5qASfMRD5pO+NoqoQ3Q=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wEpZ8-00086D-Mp; Mon, 20 Apr 2026 14:25:35 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wEpZ6-00085w-Mp for openvpn-devel@lists.sourceforge.net; Mon, 20 Apr 2026 14:25:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=aPqfzBIZBJq2nzkUW1qHhnN7gmucnDgTxoExgb8TIuM=; b=EyqwrHKygq9CLGpg90zVQY2syK 6NrSFuhJt52siy/uTZyqUUe1m2lMFkQ1ekuaBd43iI4CXOBsxcvyw3cAe10guQiG/wU2KJneS4nnq x0mmUK4jpKBCHXBoMlf6ochd4RpyJiR4qFxV1NvDMqOs8J/hpENP5gEnR/mhHf7Q1+oo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=aPqfzBIZBJq2nzkUW1qHhnN7gmucnDgTxoExgb8TIuM=; b=Fz/51+V8zAAVFPmBM2VK4f+Yis EOZFAhpjDgYN8CkyCcQCq0EqQvQD984OmuBglZgmy5sI6TcL8CaI8XMvtBTx41+WyAsBFTEW6yAI7 Y5ugWF740NatBAs1tsDcJ3uNNBtPhj3Wurp3e9WzZoKUrkG8sqgD0Y6NqZ6OlWx6aL/o=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wEpZ5-0007k1-Ib for openvpn-devel@lists.sourceforge.net; Mon, 20 Apr 2026 14:25:33 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 63KEPJQq000459 for ; Mon, 20 Apr 2026 16:25:19 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 63KEPJQu000457 for openvpn-devel@lists.sourceforge.net; Mon, 20 Apr 2026 16:25:19 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 20 Apr 2026 16:25:13 +0200 Message-ID: <20260420142519.438-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld We amassed a lot of code duplication there. Make it easier to track the differences between the libraries. Change-Id: I3d89016ccae297cfa596897c11a518f1ffbe3dc8 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt Gerrit URL: https://gerrit.openvpn.net/c/op [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1wEpZ5-0007k1-Ib Subject: [Openvpn-devel] [PATCH v2] GHA: Factor out building SSL libs to a reusable workflow X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1862999883261487430?= X-GMAIL-MSGID: =?utf-8?q?1862999883261487430?= From: Frank Lichtenheld We amassed a lot of code duplication there. Make it easier to track the differences between the libraries. Change-Id: I3d89016ccae297cfa596897c11a518f1ffbe3dc8 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1630 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1630 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Yuriy Darnobyt diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 365e72a..e4cb799 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -304,324 +304,49 @@ !${{ github.workspace }}/out/**/vcpkg_installed/** libressl: - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - ssllib: [libressl] - build: [ normal, asan ] - configureflags: ["--with-openssl-engine=no"] - include: - - build: asan - cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address -fno-sanitize-recover=all - cc: clang - - build: normal - cflags: "-O2 -g" - ldflags: "" - cc: gcc - - name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}" - runs-on: ${{matrix.os}} - env: - CFLAGS: ${{ matrix.cflags }} - LDFLAGS: ${{ matrix.ldflags }} - CC: ${{matrix.cc}} - UBSAN_OPTIONS: print_stacktrace=1 + uses: ./.github/workflows/test-ssllib.yml + with: + libname: libressl + ovpnlibdesc: LibreSSL # versioning=semver-coerced - LIBRESSL_REPO: libressl/portable - LIBRESSL_VERSION: v4.2.1 - LIBRESSL_INSTALL: /opt/libressl + ghrepo: libressl/portable + gitref: v4.2.1 + libconfigure: "LIBRESSL_GIT_OPTIONS=--no-single-branch ./autogen.sh && ./configure --prefix=$LIBPREFIX" - steps: - - name: Install dependencies - run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - - name: Restore libressl from cache - uses: actions/cache@v5 - id: libressl-cache - with: - path: ${{ env.LIBRESSL_INSTALL }} - key: ${{ matrix.os }}-libressl-${{matrix.build }}-${{ env.LIBRESSL_VERSION }} - - name: "libressl: checkout" - if: steps.libressl-cache.outputs.cache-hit != 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - path: libressl - repository: ${{ env.LIBRESSL_REPO }} - ref: ${{ env.LIBRESSL_VERSION }} - - name: "libressl: autogen.sh" - if: steps.libressl-cache.outputs.cache-hit != 'true' - env: - LIBRESSL_GIT_OPTIONS: "--no-single-branch" - run: ./autogen.sh - working-directory: libressl - - name: "libressl: configure" - if: steps.libressl-cache.outputs.cache-hit != 'true' - run: ./configure --prefix=${{ env.LIBRESSL_INSTALL }} - working-directory: libressl - - name: "libressl: make all" - if: steps.libressl-cache.outputs.cache-hit != 'true' - run: make -j3 - working-directory: libressl - - name: "libressl: make install" - if: steps.libressl-cache.outputs.cache-hit != 'true' - run: sudo make install - working-directory: libressl - - name: "ldconfig" - run: sudo ldconfig - - name: Checkout OpenVPN - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: autoconf - run: autoreconf -fvi - - name: configure - run: | - OPENSSL_CFLAGS="-I${{ env.LIBRESSL_INSTALL }}/include" \ - OPENSSL_LIBS="-L${{ env.LIBRESSL_INSTALL }}/lib -lssl -lcrypto" \ - LDFLAGS="-Wl,-rpath=${{ env.LIBRESSL_INSTALL }}/lib" \ - ./configure --with-crypto-library=openssl --enable-werror ${{matrix.configureflags}} - - name: make all - run: make -j3 - - name: Ensure the build uses LibreSSL - run: | - ./src/openvpn/openvpn --version - ./src/openvpn/openvpn --version | grep -q "library versions: LibreSSL" - - name: configure checks - run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc - - name: make check - run: make -j3 check VERBOSE=1 - - openssl: - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - ssllib: [openssl] - build: [ normal, asan ] - configureflags: ["--with-openssl-engine=no"] - include: - - build: asan - cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address -fno-sanitize-recover=all - cc: clang - - build: normal - cflags: "-O2 -g" - ldflags: "" - cc: gcc - - name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}} - 4.0" - runs-on: ${{matrix.os}} - env: - CFLAGS: ${{ matrix.cflags }} - LDFLAGS: ${{ matrix.ldflags }} - CC: ${{matrix.cc}} - UBSAN_OPTIONS: print_stacktrace=1 + openssl4: + uses: ./.github/workflows/test-ssllib.yml + with: + libname: openssl + ovpnlibdesc: OpenSSL 4. # versioning=semver-coerced - OPENSSL_REPO: openssl/openssl - OPENSSL_VERSION: openssl-4.0.0-beta1 - OPENSSL_INSTALL: /opt/openssl - - steps: - - name: Install dependencies - run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - - name: Restore OpenSSL 4.0 from cache - uses: actions/cache@v5 - id: openssl-cache - with: - path: ${{ env.OPENSSL_INSTALL }} - key: ${{ matrix.os }}-openssl-${{matrix.build }}-${{ env.OPENSSL_VERSION }} - - name: "openssl: checkout" - if: steps.openssl-cache.outputs.cache-hit != 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - path: openssl - repository: ${{ env.OPENSSL_REPO }} - ref: ${{ env.OPENSSL_VERSION }} - - name: "openssl: configure" - if: steps.openssl-cache.outputs.cache-hit != 'true' - run: ./Configure --prefix=${{ env.OPENSSL_INSTALL }} --libdir=${{ env.OPENSSL_INSTALL }}/lib --openssldir=${{ env.OPENSSL_INSTALL }} -g - working-directory: openssl - - name: "openssl: make all" - if: steps.openssl-cache.outputs.cache-hit != 'true' - run: make -j3 - working-directory: openssl - - name: "openssl: make install" - if: steps.openssl-cache.outputs.cache-hit != 'true' - run: sudo make install - working-directory: openssl - - name: "ldconfig" - run: sudo ldconfig - - name: Checkout OpenVPN - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: autoconf - run: autoreconf -fvi - - name: configure - run: | - OPENSSL_CFLAGS="-I${{ env.OPENSSL_INSTALL }}/include" \ - OPENSSL_LIBS="-L${{ env.OPENSSL_INSTALL }}/lib -lssl -lcrypto" \ - LDFLAGS="-Wl,-rpath=${{ env.OPENSSL_INSTALL }}/lib" \ - ./configure --with-crypto-library=openssl --enable-werror ${{matrix.configureflags}} - - name: make all - run: make -j3 - - name: Ensure the build uses Openssl - run: | - ./src/openvpn/openvpn --version - ./src/openvpn/openvpn --version | grep -q "library versions: OpenSSL 4.0" - - name: configure checks - run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc - - name: make check - run: make -j3 check VERBOSE=1 + ghrepo: openssl/openssl + gitref: openssl-4.0.0-beta1 + libconfigure: ./Configure --prefix=$LIBPREFIX --libdir=$LIBPREFIX/lib --openssldir=$LIBPREFIX -g mbedtls4: - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - ssllib: [mbedtls4] - build: [ normal, asan ] - include: - - build: asan - cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address -fno-sanitize-recover=all - cc: clang - - build: normal - cflags: "-O2 -g" - ldflags: "" - cc: gcc - - name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}" - runs-on: ${{matrix.os}} - env: - CFLAGS: ${{ matrix.cflags }} - LDFLAGS: ${{ matrix.ldflags }} - CC: ${{matrix.cc}} - UBSAN_OPTIONS: print_stacktrace=1 - PKG_CONFIG_PATH: /opt/mbedtls4/lib/pkgconfig + uses: ./.github/workflows/test-ssllib.yml + with: + libname: mbedtls + ovpnlibname: mbedtls + ovpnlibdesc: mbed TLS 4. # versioning=semver-coerced - MBEDTLS_REPO: Mbed-TLS/mbedtls - MBEDTLS_VERSION: v4.0.0 - MBEDTLS_INSTALL: /opt/mbedtls4 - - steps: - - name: Install dependencies - run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - - name: Restore mbed TLS from cache - uses: actions/cache@v5 - id: mbedtls-cache - with: - path: ${{ env.MBEDTLS_INSTALL }} - key: ${{ matrix.os }}-mbedtls-${{matrix.build }}-${{ env.MBEDTLS_VERSION }} - - name: "mbedtls: checkout" - if: steps.mbedtls-cache.outputs.cache-hit != 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - path: mbedtls - submodules: recursive - repository: ${{ env.MBEDTLS_REPO }} - ref: ${{ env.MBEDTLS_VERSION }} - - uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3 - - name: "mbedtls: cmake" - if: steps.mbedtls-cache.outputs.cache-hit != 'true' - run: cmake -B build -DCMAKE_INSTALL_PREFIX=${{ env.MBEDTLS_INSTAL }} - working-directory: mbedtls - - name: "mbedtls: cmake --build" - if: steps.mbedtls-cache.outputs.cache-hit != 'true' - run: cmake --build build - working-directory: mbedtls - - name: "mbedtls: cmake --install" - if: steps.mbedtls-cache.outputs.cache-hit != 'true' - run: sudo cmake --install build - working-directory: mbedtls - - name: Checkout OpenVPN - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: autoconf - run: autoreconf -fvi - - name: configure - run: ./configure --with-crypto-library=mbedtls --enable-werror - - name: make all - run: make -j3 - - name: Ensure the build uses mbed TLS ${{ env.MBEDTLS_VERSION }} - run: | - ./src/openvpn/openvpn --version - ./src/openvpn/openvpn --version | grep -q "library versions: mbed TLS 4." - - name: configure checks - run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc - - name: make check - run: make -j3 check VERBOSE=1 + ghrepo: Mbed-TLS/mbedtls + gitref: v4.0.0 + libconfigure: cmake -B build -DCMAKE_INSTALL_PREFIX=$LIBPREFIX + libmake: cmake --build build + libinstall: sudo cmake --install build + ovpnconfigureenv: PKG_CONFIG_PATH=$LIBPREFIX/lib/pkgconfig aws-lc: - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - ssllib: [ awslc ] - build: [ normal, asan ] - include: - - build: asan - cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address -fno-sanitize-recover=all - cc: clang - cxx: clang++ - - build: normal - cflags: "-O2 -g" - ldflags: "" - cc: gcc - cxx: c++ - - name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}" - runs-on: ${{matrix.os}} - env: - CFLAGS: ${{ matrix.cflags }} - LDFLAGS: ${{ matrix.ldflags }} - CC: ${{matrix.cc}} - CXX: ${{matrix.cxx}} - UBSAN_OPTIONS: print_stacktrace=1 - AWS_LC_INSTALL: /opt/aws-lc + uses: ./.github/workflows/test-ssllib.yml + with: + libname: aws-lc + ovpnlibdesc: AWS-LC # versioning=semver-coerced - AWS_LC_REPO: aws/aws-lc - AWS_LC_VERSION: v1.70.0 - - steps: - - name: Install dependencies - run: sudo apt update && sudo apt install -y gcc golang make liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - - name: Restore AWS-LC from cache - uses: actions/cache@v5 - id: aws-lc-cache - with: - path: ${{ env.AWS_LC_INSTALL }} - key: ${{ matrix.os }}-aws-lc-${{matrix.build }}-${{ env.AWS_LC_VERSION }} - - name: "AWS-LC: checkout" - if: steps.aws-lc-cache.outputs.cache-hit != 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - path: aws-lc - repository: ${{ env.AWS_LC_REPO }} - ref: ${{ env.AWS_LC_VERSION }} - - uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3 - - name: "AWS-LC: build" - if: steps.aws-lc-cache.outputs.cache-hit != 'true' - run: | - mkdir build - cd build - cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="${{ env.AWS_LC_INSTALL }}" -DBUILD_SHARED_LIBS=1 ../ - ninja install - working-directory: aws-lc - - name: Checkout OpenVPN - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: autoconf - run: autoreconf -fvi - - name: configure with AWS-LC - run: | - OPENSSL_CFLAGS="-I${{ env.AWS_LC_INSTALL }}/include" \ - OPENSSL_LIBS="-L${{ env.AWS_LC_INSTALL }}/lib -lssl -lcrypto" \ - LDFLAGS="-Wl,-rpath=${{ env.AWS_LC_INSTALL }}/lib" \ - ./configure --with-crypto-library=openssl - - name: make all - run: make -j3 - - name: Ensure the build uses AWS-LC - run: | - ./src/openvpn/openvpn --version - ./src/openvpn/openvpn --version | grep -q "library versions: AWS-LC" - - name: configure checks - run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc - - name: make check - run: make -j3 check VERBOSE=1 + ghrepo: aws/aws-lc + gitref: v1.70.0 + libconfigure: cmake -B build -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="$LIBPREFIX" -DBUILD_SHARED_LIBS=1 + libmake: cmake --build build + libinstall: sudo cmake --install build + # not ready for --enable-werror + ovpnconfigureflags: diff --git a/.github/workflows/test-ssllib.yml b/.github/workflows/test-ssllib.yml new file mode 100644 index 0000000..4e37fef --- /dev/null +++ b/.github/workflows/test-ssllib.yml @@ -0,0 +1,117 @@ +name: test_ssllib + +on: + workflow_call: + inputs: + libname: + required: true + type: string + ovpnlibname: + type: string + default: openssl + ovpnlibdesc: + required: true + type: string + ghrepo: + required: true + type: string + gitref: + required: true + type: string + libconfigure: + required: true + type: string + libmake: + type: string + default: "make -j3" + libinstall: + type: string + default: "sudo make install" + ovpnconfigureenv: + type: string + default: >- + OPENSSL_CFLAGS="-I$LIBPREFIX/include" + OPENSSL_LIBS="-L$LIBPREFIX/lib -lssl -lcrypto" + LDFLAGS="-Wl,-rpath=$LIBPREFIX/lib" + ovpnconfigureflags: + type: string + default: --enable-werror --with-openssl-engine=no + +jobs: + test_ssllib: + strategy: + fail-fast: false + matrix: + os: [ubuntu-24.04] + build: [normal, asan] + include: + - build: asan + cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + ldflags: -fsanitize=address -fno-sanitize-recover=all + cc: clang + cxx: clang++ + - build: normal + cflags: "-O2 -g" + ldflags: "" + cc: gcc + cxx: g++ + + name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{inputs.libname}}" + runs-on: ${{matrix.os}} + env: + CFLAGS: ${{matrix.cflags}} + LDFLAGS: ${{matrix.ldflags}} + CC: ${{matrix.cc}} + CXX: ${{matrix.cxx}} + UBSAN_OPTIONS: print_stacktrace=1 + LIBPREFIX: /opt/${{inputs.libname}} + + steps: + - name: Install dependencies + run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev + - name: Restore ${{inputs.libname}} from cache + uses: actions/cache@v5 + id: ssllib-cache + with: + path: ${{env.LIBPREFIX}} + key: ${{matrix.os}}-${{inputs.libname}}-${{matrix.build }}-${{inputs.gitref}} + - name: "${{inputs.libname}}: checkout" + if: steps.ssllib-cache.outputs.cache-hit != 'true' + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + submodules: recursive + path: ${{inputs.libname}} + repository: ${{inputs.ghrepo}} + ref: ${{inputs.gitref}} + - name: "${{inputs.libname}}: configure" + if: steps.ssllib-cache.outputs.cache-hit != 'true' + run: ${{inputs.libconfigure}} + working-directory: ${{inputs.libname}} + - name: "${{inputs.libname}}: build" + if: steps.ssllib-cache.outputs.cache-hit != 'true' + run: ${{inputs.libmake}} + working-directory: ${{inputs.libname}} + - name: "${{inputs.libname}}: install" + if: steps.ssllib-cache.outputs.cache-hit != 'true' + run: ${{inputs.libinstall}} + working-directory: ${{inputs.libname}} + - name: Run ldconfig + run: sudo ldconfig + - name: "OpenVPN: checkout" + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: "OpenVPN: autoreconf" + run: autoreconf -fvi + - name: "OpenVPN: configure" + run: | + ${{inputs.ovpnconfigureenv}} \ + ./configure --with-crypto-library=${{inputs.ovpnlibname}} ${{inputs.ovpnconfigureflags}} + - name: "OpenVPN: build" + run: make -j3 + - name: Ensure the build uses ${{inputs.libname}} + run: | + ./src/openvpn/openvpn --version + ./src/openvpn/openvpn --version | grep -q "library versions: ${{inputs.ovpnlibdesc}}" + - name: "OpenVPN: configure checks" + run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc + - name: "OpenVPN: make check" + run: make -j3 check VERBOSE=1 diff --git a/renovate.json b/renovate.json index f9c62c4..809ac3f 100644 --- a/renovate.json +++ b/renovate.json @@ -40,7 +40,7 @@ "/^\\.github/workflows/.+\\.ya?ml$/" ], "matchStrings": [ - "versioning=(?.*?)\\n\\s*.*?_REPO:\\s*(?.*?)\\n\\s*.*?_VERSION:\\s*(?.*?)\\n" + "versioning=(?.*?)\\n\\s*ghrepo:\\s*(?.*?)\\n\\s*gitrepo:\\s*(?.*?)\\n" ], "datasourceTemplate": "github-tags" }