From patchwork Mon Apr 20 16:07:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4901 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:66c6:b0:84a:48f:a1fd with SMTP id x6csp1743904mal; Mon, 20 Apr 2026 09:07:57 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/FiLapYUJ5YLvIdV5SsTubO5Io3pfbhjwwWhEcAq8McEjn1fqBo5DaqVR7ID4gyj0d5bG972WlPN4=@openvpn.net X-Received: by 2002:a05:6820:308f:b0:67f:31e3:81a with SMTP id 006d021491bc7-694636905bbmr6254433eaf.2.1776701277521; Mon, 20 Apr 2026 09:07:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776701277; cv=none; d=google.com; s=arc-20240605; b=WrWfztRhbLkhG5yj57cYnLX62Sd74mcwmnPgzJG4RdH2qNEF+MzaGdk0bR+0CSIajr C5PQiK9vbFaEtbzfebXxxdLcmZp/ASX0fASQkvVM/lrvgUp7m0JUdrB13mz51UH5LMND uJPyXXsjzhoIpYyZsG1SSgxvPQyhNELXk0eX5VdAFz6PCDMJHA+BJ604b6jEndHWrb5/ 8KrA4RzrfB8JFb5P+3i9YgKBzgeWVjlqRA409yMCnUVHpJQM1vF6aWvE6ACE7MkLEoiR PaKmlDCMmic6J4554tHy0f/udH06QPcgDmck00AZPLcPTTJPPBKS+E1Vaj6xQF4yepXI 1WMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=2J4bcvCsrCgIABJ/llMXmH7X1fTfFKl22mhJvf0gOiI=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=NDAgEXRRO08Ev8esxUuBEKbhqRjGXWgv/5MqdcE+0LbZO/KZjdLsRUwn84T7WV5OcQ nbGWSFc7kQoxODqfZ1Q4X7QG+qMYx8w9PDPoseuShQre0cDboKCOiH3YTqsCQjNnnBDD k930o/3wIz+mN7T94tOHD9UhAxltlfLBlpo/Z8Ni/hR9945D+++b3RA/tffa2aeP3pEo Ya2suwa29B9SFBucxsQeTVn9Nqsh7P7Uk8uXwGevOnK3lnEhyN3p3WEGudCBDvHRbTN0 kPPJ3w3496qKjo0h4o1KF93fZ34Y8g6/moH9ut1yDYHXGi9Cu93Bj1sE+uhtxklVr7pc cghQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=aTe6ygxc; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=egilnQ7S; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=H6STgAZR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-42c132654adsi968439fac.122.2026.04.20.09.07.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Apr 2026 09:07:57 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=aTe6ygxc; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=egilnQ7S; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=H6STgAZR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=2J4bcvCsrCgIABJ/llMXmH7X1fTfFKl22mhJvf0gOiI=; b=aTe6ygxcLriIYm5rpZ43h8sgeS Yvo1hsWpJm8EAGfufQApZHUZ70MvGMbA1HQ0YVAE3Czl0TK01QRX0C2r/kXrEhJJAsbO61ZwUkgYu zD9WgniJ1JqCBtXVnNeBSd3DMsa0NpA7d0rd5Q42QiUC+HLOUePY0fo1KUIwVXhrkLw4=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wErA6-00035U-RA; Mon, 20 Apr 2026 16:07:48 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wErA1-00035F-24 for openvpn-devel@lists.sourceforge.net; Mon, 20 Apr 2026 16:07:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=O60TtMPegjQ4lznzRZCOMLUipkwo9I14bZVUYXTYw/g=; b=egilnQ7STmPeGzlkIB9aE6Hyp7 74k8HRDg5GfaYGGgii19v/mXjsqfFlBFHl6dfNTtAlG5sXyuxBCa8oMy7AHpzpZHydU+7v2/PMdAD 2rqAN4TFs/oV48qEffwXxmnfY7HlmpqvT9mpCWcJfnri8N28lbTAZ/kVafam7WdhTs3I=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=O60TtMPegjQ4lznzRZCOMLUipkwo9I14bZVUYXTYw/g=; b=H6STgAZRCHmT8qaDMJM6GmFPGW M9FX/+JxEwb3Yg5X2f8C5AJwd5mi39sEgj95WdzC28BpqXS5pP/tO+WOJQMcnR6CfDAOXAF1sx7IZ 8a/+LilpO2e/wJy37UuQDjRHp2+/hjJqHRNasTBTVupMvxCsRqsOYMQjSzsaILm8ruBM=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wEr9w-0004jB-Lh for openvpn-devel@lists.sourceforge.net; Mon, 20 Apr 2026 16:07:42 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 63KG7XOx009511 for ; Mon, 20 Apr 2026 18:07:33 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 63KG7Xwo009510 for openvpn-devel@lists.sourceforge.net; Mon, 20 Apr 2026 18:07:33 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 20 Apr 2026 18:07:27 +0200 Message-ID: <20260420160732.9492-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld We amassed a lot of code duplication there. Make it easier to track the differences between the libraries. Change-Id: I3d89016ccae297cfa596897c11a518f1ffbe3dc8 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt Gerrit URL: https://gerrit.openvpn.net/c/op [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1wEr9w-0004jB-Lh Subject: [Openvpn-devel] [PATCH v3] GHA: Factor out building SSL libs to a reusable workflow X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1862999883261487430?= X-GMAIL-MSGID: =?utf-8?q?1863006318555539334?= From: Frank Lichtenheld We amassed a lot of code duplication there. Make it easier to track the differences between the libraries. Change-Id: I3d89016ccae297cfa596897c11a518f1ffbe3dc8 Signed-off-by: Frank Lichtenheld Acked-by: Yuriy Darnobyt Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1630 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1630 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Yuriy Darnobyt diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 365e72a..e4cb799 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -304,324 +304,49 @@ !${{ github.workspace }}/out/**/vcpkg_installed/** libressl: - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - ssllib: [libressl] - build: [ normal, asan ] - configureflags: ["--with-openssl-engine=no"] - include: - - build: asan - cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address -fno-sanitize-recover=all - cc: clang - - build: normal - cflags: "-O2 -g" - ldflags: "" - cc: gcc - - name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}" - runs-on: ${{matrix.os}} - env: - CFLAGS: ${{ matrix.cflags }} - LDFLAGS: ${{ matrix.ldflags }} - CC: ${{matrix.cc}} - UBSAN_OPTIONS: print_stacktrace=1 + uses: ./.github/workflows/test-ssllib.yml + with: + libname: libressl + ovpnlibdesc: LibreSSL # versioning=semver-coerced - LIBRESSL_REPO: libressl/portable - LIBRESSL_VERSION: v4.2.1 - LIBRESSL_INSTALL: /opt/libressl + ghrepo: libressl/portable + gitref: v4.2.1 + libconfigure: "LIBRESSL_GIT_OPTIONS=--no-single-branch ./autogen.sh && ./configure --prefix=$LIBPREFIX" - steps: - - name: Install dependencies - run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - - name: Restore libressl from cache - uses: actions/cache@v5 - id: libressl-cache - with: - path: ${{ env.LIBRESSL_INSTALL }} - key: ${{ matrix.os }}-libressl-${{matrix.build }}-${{ env.LIBRESSL_VERSION }} - - name: "libressl: checkout" - if: steps.libressl-cache.outputs.cache-hit != 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - path: libressl - repository: ${{ env.LIBRESSL_REPO }} - ref: ${{ env.LIBRESSL_VERSION }} - - name: "libressl: autogen.sh" - if: steps.libressl-cache.outputs.cache-hit != 'true' - env: - LIBRESSL_GIT_OPTIONS: "--no-single-branch" - run: ./autogen.sh - working-directory: libressl - - name: "libressl: configure" - if: steps.libressl-cache.outputs.cache-hit != 'true' - run: ./configure --prefix=${{ env.LIBRESSL_INSTALL }} - working-directory: libressl - - name: "libressl: make all" - if: steps.libressl-cache.outputs.cache-hit != 'true' - run: make -j3 - working-directory: libressl - - name: "libressl: make install" - if: steps.libressl-cache.outputs.cache-hit != 'true' - run: sudo make install - working-directory: libressl - - name: "ldconfig" - run: sudo ldconfig - - name: Checkout OpenVPN - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: autoconf - run: autoreconf -fvi - - name: configure - run: | - OPENSSL_CFLAGS="-I${{ env.LIBRESSL_INSTALL }}/include" \ - OPENSSL_LIBS="-L${{ env.LIBRESSL_INSTALL }}/lib -lssl -lcrypto" \ - LDFLAGS="-Wl,-rpath=${{ env.LIBRESSL_INSTALL }}/lib" \ - ./configure --with-crypto-library=openssl --enable-werror ${{matrix.configureflags}} - - name: make all - run: make -j3 - - name: Ensure the build uses LibreSSL - run: | - ./src/openvpn/openvpn --version - ./src/openvpn/openvpn --version | grep -q "library versions: LibreSSL" - - name: configure checks - run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc - - name: make check - run: make -j3 check VERBOSE=1 - - openssl: - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - ssllib: [openssl] - build: [ normal, asan ] - configureflags: ["--with-openssl-engine=no"] - include: - - build: asan - cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address -fno-sanitize-recover=all - cc: clang - - build: normal - cflags: "-O2 -g" - ldflags: "" - cc: gcc - - name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}} - 4.0" - runs-on: ${{matrix.os}} - env: - CFLAGS: ${{ matrix.cflags }} - LDFLAGS: ${{ matrix.ldflags }} - CC: ${{matrix.cc}} - UBSAN_OPTIONS: print_stacktrace=1 + openssl4: + uses: ./.github/workflows/test-ssllib.yml + with: + libname: openssl + ovpnlibdesc: OpenSSL 4. # versioning=semver-coerced - OPENSSL_REPO: openssl/openssl - OPENSSL_VERSION: openssl-4.0.0-beta1 - OPENSSL_INSTALL: /opt/openssl - - steps: - - name: Install dependencies - run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - - name: Restore OpenSSL 4.0 from cache - uses: actions/cache@v5 - id: openssl-cache - with: - path: ${{ env.OPENSSL_INSTALL }} - key: ${{ matrix.os }}-openssl-${{matrix.build }}-${{ env.OPENSSL_VERSION }} - - name: "openssl: checkout" - if: steps.openssl-cache.outputs.cache-hit != 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - path: openssl - repository: ${{ env.OPENSSL_REPO }} - ref: ${{ env.OPENSSL_VERSION }} - - name: "openssl: configure" - if: steps.openssl-cache.outputs.cache-hit != 'true' - run: ./Configure --prefix=${{ env.OPENSSL_INSTALL }} --libdir=${{ env.OPENSSL_INSTALL }}/lib --openssldir=${{ env.OPENSSL_INSTALL }} -g - working-directory: openssl - - name: "openssl: make all" - if: steps.openssl-cache.outputs.cache-hit != 'true' - run: make -j3 - working-directory: openssl - - name: "openssl: make install" - if: steps.openssl-cache.outputs.cache-hit != 'true' - run: sudo make install - working-directory: openssl - - name: "ldconfig" - run: sudo ldconfig - - name: Checkout OpenVPN - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: autoconf - run: autoreconf -fvi - - name: configure - run: | - OPENSSL_CFLAGS="-I${{ env.OPENSSL_INSTALL }}/include" \ - OPENSSL_LIBS="-L${{ env.OPENSSL_INSTALL }}/lib -lssl -lcrypto" \ - LDFLAGS="-Wl,-rpath=${{ env.OPENSSL_INSTALL }}/lib" \ - ./configure --with-crypto-library=openssl --enable-werror ${{matrix.configureflags}} - - name: make all - run: make -j3 - - name: Ensure the build uses Openssl - run: | - ./src/openvpn/openvpn --version - ./src/openvpn/openvpn --version | grep -q "library versions: OpenSSL 4.0" - - name: configure checks - run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc - - name: make check - run: make -j3 check VERBOSE=1 + ghrepo: openssl/openssl + gitref: openssl-4.0.0-beta1 + libconfigure: ./Configure --prefix=$LIBPREFIX --libdir=$LIBPREFIX/lib --openssldir=$LIBPREFIX -g mbedtls4: - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - ssllib: [mbedtls4] - build: [ normal, asan ] - include: - - build: asan - cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address -fno-sanitize-recover=all - cc: clang - - build: normal - cflags: "-O2 -g" - ldflags: "" - cc: gcc - - name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}" - runs-on: ${{matrix.os}} - env: - CFLAGS: ${{ matrix.cflags }} - LDFLAGS: ${{ matrix.ldflags }} - CC: ${{matrix.cc}} - UBSAN_OPTIONS: print_stacktrace=1 - PKG_CONFIG_PATH: /opt/mbedtls4/lib/pkgconfig + uses: ./.github/workflows/test-ssllib.yml + with: + libname: mbedtls + ovpnlibname: mbedtls + ovpnlibdesc: mbed TLS 4. # versioning=semver-coerced - MBEDTLS_REPO: Mbed-TLS/mbedtls - MBEDTLS_VERSION: v4.0.0 - MBEDTLS_INSTALL: /opt/mbedtls4 - - steps: - - name: Install dependencies - run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - - name: Restore mbed TLS from cache - uses: actions/cache@v5 - id: mbedtls-cache - with: - path: ${{ env.MBEDTLS_INSTALL }} - key: ${{ matrix.os }}-mbedtls-${{matrix.build }}-${{ env.MBEDTLS_VERSION }} - - name: "mbedtls: checkout" - if: steps.mbedtls-cache.outputs.cache-hit != 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - path: mbedtls - submodules: recursive - repository: ${{ env.MBEDTLS_REPO }} - ref: ${{ env.MBEDTLS_VERSION }} - - uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3 - - name: "mbedtls: cmake" - if: steps.mbedtls-cache.outputs.cache-hit != 'true' - run: cmake -B build -DCMAKE_INSTALL_PREFIX=${{ env.MBEDTLS_INSTAL }} - working-directory: mbedtls - - name: "mbedtls: cmake --build" - if: steps.mbedtls-cache.outputs.cache-hit != 'true' - run: cmake --build build - working-directory: mbedtls - - name: "mbedtls: cmake --install" - if: steps.mbedtls-cache.outputs.cache-hit != 'true' - run: sudo cmake --install build - working-directory: mbedtls - - name: Checkout OpenVPN - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: autoconf - run: autoreconf -fvi - - name: configure - run: ./configure --with-crypto-library=mbedtls --enable-werror - - name: make all - run: make -j3 - - name: Ensure the build uses mbed TLS ${{ env.MBEDTLS_VERSION }} - run: | - ./src/openvpn/openvpn --version - ./src/openvpn/openvpn --version | grep -q "library versions: mbed TLS 4." - - name: configure checks - run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc - - name: make check - run: make -j3 check VERBOSE=1 + ghrepo: Mbed-TLS/mbedtls + gitref: v4.0.0 + libconfigure: cmake -B build -DCMAKE_INSTALL_PREFIX=$LIBPREFIX + libmake: cmake --build build + libinstall: sudo cmake --install build + ovpnconfigureenv: PKG_CONFIG_PATH=$LIBPREFIX/lib/pkgconfig aws-lc: - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - ssllib: [ awslc ] - build: [ normal, asan ] - include: - - build: asan - cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" - ldflags: -fsanitize=address -fno-sanitize-recover=all - cc: clang - cxx: clang++ - - build: normal - cflags: "-O2 -g" - ldflags: "" - cc: gcc - cxx: c++ - - name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}" - runs-on: ${{matrix.os}} - env: - CFLAGS: ${{ matrix.cflags }} - LDFLAGS: ${{ matrix.ldflags }} - CC: ${{matrix.cc}} - CXX: ${{matrix.cxx}} - UBSAN_OPTIONS: print_stacktrace=1 - AWS_LC_INSTALL: /opt/aws-lc + uses: ./.github/workflows/test-ssllib.yml + with: + libname: aws-lc + ovpnlibdesc: AWS-LC # versioning=semver-coerced - AWS_LC_REPO: aws/aws-lc - AWS_LC_VERSION: v1.70.0 - - steps: - - name: Install dependencies - run: sudo apt update && sudo apt install -y gcc golang make liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev - - name: Restore AWS-LC from cache - uses: actions/cache@v5 - id: aws-lc-cache - with: - path: ${{ env.AWS_LC_INSTALL }} - key: ${{ matrix.os }}-aws-lc-${{matrix.build }}-${{ env.AWS_LC_VERSION }} - - name: "AWS-LC: checkout" - if: steps.aws-lc-cache.outputs.cache-hit != 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - path: aws-lc - repository: ${{ env.AWS_LC_REPO }} - ref: ${{ env.AWS_LC_VERSION }} - - uses: lukka/get-cmake@f176ccd3f28bda569c43aae4894f06b2435a3375 # v4.2.3 - - name: "AWS-LC: build" - if: steps.aws-lc-cache.outputs.cache-hit != 'true' - run: | - mkdir build - cd build - cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="${{ env.AWS_LC_INSTALL }}" -DBUILD_SHARED_LIBS=1 ../ - ninja install - working-directory: aws-lc - - name: Checkout OpenVPN - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: autoconf - run: autoreconf -fvi - - name: configure with AWS-LC - run: | - OPENSSL_CFLAGS="-I${{ env.AWS_LC_INSTALL }}/include" \ - OPENSSL_LIBS="-L${{ env.AWS_LC_INSTALL }}/lib -lssl -lcrypto" \ - LDFLAGS="-Wl,-rpath=${{ env.AWS_LC_INSTALL }}/lib" \ - ./configure --with-crypto-library=openssl - - name: make all - run: make -j3 - - name: Ensure the build uses AWS-LC - run: | - ./src/openvpn/openvpn --version - ./src/openvpn/openvpn --version | grep -q "library versions: AWS-LC" - - name: configure checks - run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc - - name: make check - run: make -j3 check VERBOSE=1 + ghrepo: aws/aws-lc + gitref: v1.70.0 + libconfigure: cmake -B build -GNinja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX="$LIBPREFIX" -DBUILD_SHARED_LIBS=1 + libmake: cmake --build build + libinstall: sudo cmake --install build + # not ready for --enable-werror + ovpnconfigureflags: diff --git a/.github/workflows/test-ssllib.yml b/.github/workflows/test-ssllib.yml new file mode 100644 index 0000000..c6a2e44 --- /dev/null +++ b/.github/workflows/test-ssllib.yml @@ -0,0 +1,117 @@ +name: test_ssllib + +on: + workflow_call: + inputs: + libname: + required: true + type: string + ovpnlibname: + type: string + default: openssl + ovpnlibdesc: + required: true + type: string + ghrepo: + required: true + type: string + gitref: + required: true + type: string + libconfigure: + required: true + type: string + libmake: + type: string + default: "make -j3" + libinstall: + type: string + default: "sudo make install" + ovpnconfigureenv: + type: string + default: >- + OPENSSL_CFLAGS="-I$LIBPREFIX/include" + OPENSSL_LIBS="-L$LIBPREFIX/lib -lssl -lcrypto" + LDFLAGS="-Wl,-rpath=$LIBPREFIX/lib" + ovpnconfigureflags: + type: string + default: --enable-werror --with-openssl-engine=no + +jobs: + test_ssllib: + strategy: + fail-fast: false + matrix: + os: [ubuntu-24.04] + build: [normal, asan] + include: + - build: asan + cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + ldflags: -fsanitize=address -fno-sanitize-recover=all + cc: clang + cxx: clang++ + - build: normal + cflags: "-O2 -g" + ldflags: "" + cc: gcc + cxx: g++ + + name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{inputs.libname}}" + runs-on: ${{matrix.os}} + env: + CFLAGS: ${{matrix.cflags}} + LDFLAGS: ${{matrix.ldflags}} + CC: ${{matrix.cc}} + CXX: ${{matrix.cxx}} + UBSAN_OPTIONS: print_stacktrace=1 + LIBPREFIX: /opt/${{inputs.libname}} + + steps: + - name: Install dependencies + run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev + - name: Restore ${{inputs.libname}} from cache + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + id: ssllib-cache + with: + path: ${{env.LIBPREFIX}} + key: ${{matrix.os}}-${{inputs.libname}}-${{matrix.build }}-${{inputs.gitref}} + - name: "${{inputs.libname}}: checkout" + if: steps.ssllib-cache.outputs.cache-hit != 'true' + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + submodules: recursive + path: ${{inputs.libname}} + repository: ${{inputs.ghrepo}} + ref: ${{inputs.gitref}} + - name: "${{inputs.libname}}: configure" + if: steps.ssllib-cache.outputs.cache-hit != 'true' + run: ${{inputs.libconfigure}} + working-directory: ${{inputs.libname}} + - name: "${{inputs.libname}}: build" + if: steps.ssllib-cache.outputs.cache-hit != 'true' + run: ${{inputs.libmake}} + working-directory: ${{inputs.libname}} + - name: "${{inputs.libname}}: install" + if: steps.ssllib-cache.outputs.cache-hit != 'true' + run: ${{inputs.libinstall}} + working-directory: ${{inputs.libname}} + - name: Run ldconfig + run: sudo ldconfig + - name: "OpenVPN: checkout" + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: "OpenVPN: autoreconf" + run: autoreconf -fvi + - name: "OpenVPN: configure" + run: | + ${{inputs.ovpnconfigureenv}} \ + ./configure --with-crypto-library=${{inputs.ovpnlibname}} ${{inputs.ovpnconfigureflags}} + - name: "OpenVPN: build" + run: make -j3 + - name: Ensure the build uses ${{inputs.libname}} + run: | + ./src/openvpn/openvpn --version + ./src/openvpn/openvpn --version | grep -q "library versions: ${{inputs.ovpnlibdesc}}" + - name: "OpenVPN: configure checks" + run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc + - name: "OpenVPN: make check" + run: make -j3 check VERBOSE=1 diff --git a/renovate.json b/renovate.json index f9c62c4..809ac3f 100644 --- a/renovate.json +++ b/renovate.json @@ -40,7 +40,7 @@ "/^\\.github/workflows/.+\\.ya?ml$/" ], "matchStrings": [ - "versioning=(?.*?)\\n\\s*.*?_REPO:\\s*(?.*?)\\n\\s*.*?_VERSION:\\s*(?.*?)\\n" + "versioning=(?.*?)\\n\\s*ghrepo:\\s*(?.*?)\\n\\s*gitrepo:\\s*(?.*?)\\n" ], "datasourceTemplate": "github-tags" }