-
Notifications
You must be signed in to change notification settings - Fork 33
149 lines (128 loc) · 5.1 KB
/
python3-ssl.yml
File metadata and controls
149 lines (128 loc) · 5.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Python SSL Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfprovider:
uses: ./.github/workflows/build-wolfprovider.yml
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
fips: [ false ]
test_python_ssl:
runs-on: ubuntu-22.04
needs: build_wolfprovider
# Python build and SSL tests can take time
timeout-minutes: 60
container:
image: debian:bookworm
options: --user root
env:
DEBIAN_FRONTEND: noninteractive
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
strategy:
fail-fast: false
matrix:
python_version: [ '3.13.7' ]
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
fips: [ false ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache-restore
with:
path: |
${{ env.WOLFSSL_PACKAGES_PATH }}
${{ env.OPENSSL_PACKAGES_PATH }}
${{ env.WOLFPROV_PACKAGES_PATH }}
key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
printf "Installing OpenSSL/wolfProvider packages:\n"
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
apt install --reinstall -y \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
apt install --reinstall -y \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Verify wolfProvider is properly installed
run: |
$GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
- name: Install Python build dependencies
run: |
apt-get update
apt-get install -y build-essential wget curl patch git \
zlib1g-dev libbz2-dev libreadline-dev \
libsqlite3-dev libncurses5-dev libgdbm-dev \
libnss3-dev libffi-dev liblzma-dev \
uuid-dev tk-dev libgdbm-compat-dev
- name: Download Python ${{ matrix.python_version }}
run: |
cd /tmp
wget https://www.python.org/ftp/python/${{ matrix.python_version }}/Python-${{ matrix.python_version }}.tgz
tar -xzf Python-${{ matrix.python_version }}.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfSSL/osp
path: osp
fetch-depth: 1
- run: |
cd /tmp/Python-${{ matrix.python_version }}
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/python3/python3-${{ matrix.python_version }}-wolfprov.patch
- name: Build Python ${{ matrix.python_version }}
working-directory: /tmp/Python-${{ matrix.python_version }}
run: |
# Configure Python to use the system OpenSSL (which has wolfProvider)
./configure \
--prefix=/opt/python${{ matrix.python_version }} \
--with-openssl=/usr \
--with-openssl-rpath=auto \
--enable-optimizations
# Build Python
make -j$(nproc)
make install
- name: Run Python SSL tests with wolfProvider
working-directory: /tmp/Python-${{ matrix.python_version }}
shell: bash
run: |
export ${{ matrix.force_fail }}
# Show Python and OpenSSL info
echo "Python version:"
/opt/python${{ matrix.python_version }}/bin/python3 --version
echo "Python OpenSSL version:"
/opt/python${{ matrix.python_version }}/bin/python3 -c "import ssl; print(ssl.OPENSSL_VERSION)"
echo "OpenSSL providers:"
openssl list -providers
# Run Python SSL test suite
/opt/python${{ matrix.python_version }}/bin/python3 -m test test_ssl -v 2>&1 | tee python-ssl-test.log
TEST_RESULT=${PIPESTATUS[0]}
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} python-ssl