Add mbed TLS from GIT to github actions #628
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The name of our workflow | |
name: Build | |
on: | |
push: | |
pull_request: | |
jobs: | |
checkuncrustify: | |
name: "Check code style with Uncrustify" | |
# Ubuntu 22.04 has uncrustify 0.72_f | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y uncrustify | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v4 | |
with: | |
path: openvpn | |
- name: Show uncrustify version | |
run: uncrustify --version | |
- name: Run uncrustify | |
run: ./dev-tools/reformat-all.sh | |
working-directory: openvpn | |
- name: Check for changes | |
run: git diff --output=uncrustify-changes.patch | |
working-directory: openvpn | |
- name: Show changes on standard output | |
run: git diff | |
working-directory: openvpn | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: uncrustify-changes.patch | |
path: 'openvpn/uncrustify-changes.patch' | |
- name: Set job status | |
run: test ! -s uncrustify-changes.patch | |
working-directory: openvpn | |
wolfssl: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-20.04] | |
ssllib: [wolfssl] | |
build: [normal, asan ] | |
include: | |
- build: asan | |
cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" | |
ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all | |
cc: clang | |
- build: normal | |
cflags: "-O2 -g" | |
ldflags: "" | |
configureflags: "" | |
cc: gcc | |
name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}" | |
runs-on: ${{matrix.os}} | |
env: | |
CFLAGS: ${{ matrix.cflags }} | |
LDFLAGS: ${{ matrix.ldflags }} | |
CC: ${{matrix.cc}} | |
UBSAN_OPTIONS: print_stacktrace=1 | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y build-essential liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev pkg-config libcap-ng-dev libnl-genl-3-dev | |
- name: Cache dependencies | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: '/opt/wolfssl' | |
key: ${{ matrix.build }}-wolfSSL | |
- name: "wolfSSL: checkout" | |
if: steps.cache.outputs.cache-hit != 'true' | |
uses: actions/checkout@v3 | |
with: | |
path: wolfssl | |
repository: wolfSSL/wolfssl | |
- name: "wolfSSL: autoconf" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: autoreconf -fvi | |
working-directory: wolfssl | |
- name: "wolfSSL: configure" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: ./configure --enable-openvpn --prefix=/opt/wolfssl | |
working-directory: wolfssl | |
- name: "wolfSSL: make all" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: make -j3 | |
working-directory: wolfssl | |
- name: "wolfSSL: make install" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: sudo make install | |
working-directory: wolfssl | |
- name: "ldconfig" | |
run: sudo ldconfig | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v3 | |
- name: autoconf | |
run: autoreconf -fvi | |
- name: configure ${{matrix.configureflag}} | |
run: PKG_CONFIG_PATH=/opt/wolfssl/lib/pkgconfig ./configure --with-crypto-library=${{matrix.ssllib}} --enable-werror | |
- name: make all | |
run: make -j3 | |
- name: make check | |
run: make check VERBOSE=1 | |
mbedtls-git: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-22.04] | |
ssllib: [mbedtls] | |
build: [normal, asan] | |
mbedver: [v3.5.0, v2.28.5] | |
include: | |
- build: asan | |
cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" | |
ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all | |
cc: clang | |
cmakebuild: ASan | |
- build: normal | |
cflags: "-O2 -g" | |
ldflags: "" | |
configureflags: "" | |
cc: gcc | |
cmakebuild: Release | |
name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - mbed TLS ${{matrix.mbedver}}" | |
runs-on: ${{matrix.os}} | |
env: | |
CFLAGS: ${{ matrix.cflags }} | |
LDFLAGS: ${{ matrix.ldflags }} | |
CC: ${{matrix.cc}} | |
UBSAN_OPTIONS: print_stacktrace=1 | |
MBEDTLS_CFLAGS: -I/opt/mbedtls/include | |
MBEDTLS_LIBS: -L/opt/mbedtls/lib -lmbedtls -lmbedx509 -lmbedcrypto | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y build-essential liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev cmake | |
- name: Cache dependencies | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: '/opt/mbedtls' | |
key: ${{ matrix.build }}-mbedtls-${{matrix.mbedver}}-${{matrix.cmakebuild}} | |
- name: "mbed TLS: checkout ${{matrix.mbedver}}" | |
if: steps.cache.outputs.cache-hit != 'true' | |
uses: actions/checkout@v3 | |
with: | |
path: mbedtls | |
repository: mbed-TLS/mbedtls | |
ref: ${{matrix.mbedver}} | |
- name: "mbed TLS: cmake" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: cmake -DCMAKE_BUILD_TYPE=${{matrix.cmakebuild}} -DUSE_SHARED_MBEDTLS_LIBRARY=On -DCMAKE_INSTALL_PREFIX=/opt/mbedtls -B mbedbuild -S mbedtls | |
- name: "mbed TLS: build" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: cmake --build mbedbuild | |
- name: "mbed TLS: install" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: cmake --install mbedbuild | |
- name: add /opt/mbedtls/lib to ld.so.conf.d | |
run: echo /opt/mbedtls/lib | sudo tee /etc/ld.so.conf.d/mbedtls.conf | |
- name: "ldconfig" | |
run: sudo ldconfig | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v3 | |
- name: autoconf | |
run: autoreconf -fvi | |
- name: configure ${{matrix.configureflag}} | |
run: PKG_CONFIG_PATH=/opt/mbedtls/lib/pkgconfig ./configure --with-crypto-library=${{matrix.ssllib}} --enable-werror | |
- name: make all | |
run: make -j3 | |
- name: make check | |
run: make check VERBOSE=1 | |
mingw: | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: [x86, x64] | |
name: "gcc-mingw - ${{ matrix.arch }} - OSSL" | |
runs-on: ubuntu-22.04 | |
env: | |
VCPKG_ROOT: ${{ github.workspace }}/vcpkg | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y mingw-w64 unzip cmake ninja-build build-essential wget python3-docutils man2html-base | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v4 | |
- name: Restore from cache and install vcpkg | |
uses: lukka/run-vcpkg@v11 | |
with: | |
vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e | |
vcpkgJsonGlob: '**/mingw/vcpkg.json' | |
- name: Run CMake with vcpkg.json manifest | |
uses: lukka/run-cmake@v10 | |
with: | |
configurePreset: mingw-${{ matrix.arch }} | |
buildPreset: mingw-${{ matrix.arch }} | |
buildPresetAdditionalArgs: "['--config Debug']" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: openvpn-mingw-${{ matrix.arch }} | |
path: | | |
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.exe | |
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll | |
!${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: openvpn-mingw-${{ matrix.arch }}-tests | |
path: | | |
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/test_*.exe | |
${{ github.workspace }}/out/build/mingw/${{ matrix.arch }}/Debug/*.dll | |
mingwac: | |
strategy: | |
fail-fast: false | |
matrix: | |
osslver: [1.1.1q, 3.0.5] | |
target: [mingw64, mingw] | |
include: | |
- target: mingw64 | |
chost: x86_64-w64-mingw32 | |
- target: mingw | |
chost: i686-w64-mingw32 | |
name: "gcc-mingw-autoconf - ${{matrix.target}} - OSSL ${{ matrix.osslver }}" | |
runs-on: ubuntu-22.04 | |
env: | |
MAKEFLAGS: -j3 | |
LZO_VERSION: "2.10" | |
PKCS11_HELPER_VERSION: "1.29.0" | |
OPENSSL_VERSION: "${{ matrix.osslver }}" | |
TAP_WINDOWS_VERSION: "9.23.3" | |
CMOCKA_VERSION: "1.1.5" | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y mingw-w64 libtool automake autoconf man2html unzip cmake ninja-build build-essential wget | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v3 | |
with: | |
path: openvpn | |
- name: autoconf | |
run: autoreconf -fvi | |
working-directory: openvpn | |
- name: Cache dependencies | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: '~/mingw/' | |
key: ${{ matrix.target }}-mingw-${{ matrix.osslver }}-${{ env.LZO_VERSION }}-${{ env.PKCS11_HELPER_VERSION }}-${{ env.TAP_WINDOWS_VERSION }}--${{ env.CMOCKA_VERSION }} | |
# Repeating if: steps.cache.outputs.cache-hit != 'true' | |
# on every step for building dependencies is ugly but | |
# I haven't found a better solution so far. | |
- name: Download mingw dependencies | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: | | |
wget -c -P download-cache/ "https://build.openvpn.net/downloads/releases/tap-windows-${TAP_WINDOWS_VERSION}.zip" | |
wget -c -P download-cache/ "https://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz" | |
wget -c -P download-cache/ "https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" | |
wget -c -P download-cache/ "https://github.com/coreboot/cmocka/archive/refs/tags/cmocka-${CMOCKA_VERSION}.tar.gz" | |
tar jxf "download-cache/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" | |
wget -c -P download-cache/ "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz" || wget -c -P download-cache/ "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" | |
tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" | |
tar zxf "download-cache/lzo-${LZO_VERSION}.tar.gz" | |
tar zxf "download-cache/cmocka-${CMOCKA_VERSION}.tar.gz" | |
unzip download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip | |
- name: create cmocka build directory | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: mkdir cmocka-build | |
- name: configure cmocka | |
if: steps.cache.outputs.cache-hit != 'true' | |
working-directory: "./cmocka-build" | |
run: cmake -GNinja -DCMAKE_C_COMPILER=${{ matrix.chost }}-gcc -DCMAKE_CXX_COMPILER=${{ matrix.chost }}-g++ -DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SHARED_LINKER_FLAGS=-static-libgcc -DCMAKE_PREFIX_PATH=${HOME}/mingw/opt/lib/pkgconfig/ -DCMAKE_INCLUDE_PATH=${HOME}/mingw/opt/lib/include -DCMAKE_LIBRARY_PATH=${HOME}/mingw/opt/lib -DCMAKE_INSTALL_PREFIX=${HOME}/mingw/opt/ ../cmocka-cmocka-${{ env.CMOCKA_VERSION }} | |
- name: build cmocka | |
if: steps.cache.outputs.cache-hit != 'true' | |
working-directory: "./cmocka-build" | |
run: ninja | |
- name: install cmocka | |
if: steps.cache.outputs.cache-hit != 'true' | |
working-directory: "./cmocka-build" | |
run: ninja install | |
- name: Configure OpenSSL | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: ./Configure --cross-compile-prefix=${{ matrix.chost }}- shared ${{ matrix.target }} no-capieng --prefix="${HOME}/mingw/opt" --openssldir="${HOME}/mingw/opt" -static-libgcc | |
working-directory: "./openssl-${{ env.OPENSSL_VERSION }}" | |
- name: Build OpenSSL | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: make | |
working-directory: "./openssl-${{ env.OPENSSL_VERSION }}" | |
# OpenSSL 3.0.5 installs itself into mingw/opt/lib64 instead of | |
# mingw/opt/lib, so we include both dirs in the following steps | |
# (pkcs11-helper and OpenVPN) so the libraries will be found | |
- name: Install OpenSSL | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: make install | |
working-directory: "./openssl-${{ env.OPENSSL_VERSION }}" | |
- name: autoreconf pkcs11-helper | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: autoreconf -iv | |
working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}" | |
- name: configure pkcs11-helper | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: OPENSSL_LIBS="-L${HOME}/mingw/opt/lib -L${HOME}/mingw/opt/lib64 -lssl -lcrypto" OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PKG_CONFIG_PATH=${HOME}/mingw/opt/lib/pkgconfig ./configure --host=${{ matrix.chost }} --program-prefix='' --libdir=${HOME}/mingw/opt/lib --prefix=${HOME}/mingw/opt --build=x86_64-pc-linux-gnu --disable-crypto-engine-gnutls --disable-crypto-engine-nss --disable-crypto-engine-polarssl --disable-crypto-engine-mbedtls | |
working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}" | |
- name: build pkcs11-helper | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: make all | |
working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}" | |
- name: install pkcs11-helper | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: make install | |
working-directory: "./pkcs11-helper-${{ env.PKCS11_HELPER_VERSION }}" | |
- name: Configure lzo | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: ./configure --host=${{ matrix.chost }} --program-prefix='' --libdir=${HOME}/mingw/opt/lib --prefix=${HOME}/mingw/opt --build=x86_64-pc-linux-gnu | |
working-directory: "./lzo-${{ env.LZO_VERSION }}" | |
- name: build lzo | |
if: steps.cache.outputs.cache-hit != 'true' | |
working-directory: "./lzo-${{ env.LZO_VERSION }}" | |
run: make | |
- name: install lzo | |
if: steps.cache.outputs.cache-hit != 'true' | |
working-directory: "./lzo-${{ env.LZO_VERSION }}" | |
run: make install | |
- name: copy tap-windows.h header | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: cp ./tap-windows-${TAP_WINDOWS_VERSION}/include/tap-windows.h ${HOME}/mingw/opt/include/ | |
- name: configure OpenVPN | |
run: PKG_CONFIG_PATH=${HOME}/mingw/opt/lib/pkgconfig LDFLAGS=-L$HOME/mingw/opt/lib CFLAGS=-I$HOME/mingw/opt/include OPENSSL_LIBS="-L${HOME}/opt/lib -L$HOME/mingw/opt/lib64 -lssl -lcrypto" OPENSSL_CFLAGS=-I$HOME/mingw/opt/include PREFIX=$HOME/mingw/opt LZO_CFLAGS=-I$HOME/mingw/opt/include LZO_LIBS="-L${HOME}/mingw/opt/lib -llzo2" ./configure --host=${{ matrix.chost }} --disable-lz4 | |
working-directory: openvpn | |
- name: build OpenVPN | |
run: make -j3 | |
working-directory: openvpn | |
- name: build OpenVPN unittests | |
run: make -j3 check | |
working-directory: openvpn | |
# We use multiple upload-artifact here, so it becomes a flat folder | |
# structure since we need the dlls on the same level as the binaries | |
- name: Archive cmocka/openssl/lzo dlls | |
uses: actions/upload-artifact@v3 | |
with: | |
retention-days: 1 | |
name: mingwac-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-dlls | |
path: '~/mingw/opt/bin/*.dll' | |
# libtool puts some wrapper binaries in openvpn/tests/unit_tests/openvpn/ | |
# and the real binaries in openvpn/tests/unit_tests/openvpn/.libs/ | |
- name: Archive unittest artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
retention-days: 1 | |
name: mingwac-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-tests | |
path: openvpn/tests/unit_tests/openvpn/.libs/*.exe | |
# Currently not used by the unit test but might in the future and also | |
# helpful if manually downloading and running openvpn.exe from a mingw | |
# build | |
- name: Archive openvpn binary | |
uses: actions/upload-artifact@v3 | |
with: | |
retention-days: 1 | |
name: mingwac-unittest-${{matrix.target}}-ossl${{ matrix.osslver }}-tests | |
path: openvpn/src/openvpn/.libs/*.exe | |
mingw-unittest: | |
needs: [ mingw ] | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: [x86, x64] | |
test: [argv, auth_token, buffer, cryptoapi, crypto, misc, ncp, packet_id, pkt, provider, ssl, tls_crypt, user_pass] | |
runs-on: windows-latest | |
name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL" | |
steps: | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v4 | |
- name: Retrieve mingw unittest | |
uses: actions/download-artifact@v4 | |
with: | |
name: openvpn-mingw-${{ matrix.arch }}-tests | |
path: unittests | |
- name: Run ${{ matrix.test }} unit test | |
run: ./unittests/test_${{ matrix.test }}.exe | |
env: | |
srcdir: "${{ github.workspace }}/tests/unit_tests/openvpn" | |
- name: Run reflect unit test | |
run: ./unittests/test_reflect.exe | |
ubuntu: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-20.04, ubuntu-22.04] | |
sslpkg: [libmbedtls-dev] | |
ssllib: [mbedtls] | |
libname: [mbed TLS] | |
include: | |
- os: ubuntu-20.04 | |
sslpkg: "libssl-dev" | |
libname: OpenSSL 1.1.1 | |
ssllib: openssl | |
- os: ubuntu-22.04 | |
sslpkg: "libssl-dev" | |
libname: OpenSSL 3.0.2 | |
ssllib: openssl | |
pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin" | |
extraconf: --enable-pkcs11 | |
- os: ubuntu-20.04 | |
sslpkg: "libssl-dev" | |
libname: OpenSSL 1.1.1 | |
ssllib: openssl | |
pkcs11pkg: "libpkcs11-helper1-dev softhsm2 gnutls-bin" | |
extraconf: "--enable-iproute2 --enable-pkcs11" | |
- os: ubuntu-20.04 | |
sslpkg: "libssl-dev" | |
libname: OpenSSL 1.1.1 | |
ssllib: openssl | |
extraconf: "--enable-async-push" | |
- os: ubuntu-20.04 | |
sslpkg: "libssl-dev" | |
libname: OpenSSL 1.1.1 | |
ssllib: openssl | |
extraconf: "--disable-management" | |
- os: ubuntu-20.04 | |
sslpkg: "libssl-dev" | |
libname: OpenSSL 1.1.1 | |
ssllib: openssl | |
extraconf: "--enable-small" | |
- os: ubuntu-20.04 | |
sslpkg: "libssl-dev" | |
libname: OpenSSL 1.1.1 | |
ssllib: openssl | |
extraconf: "--disable-lzo --disable-lz4" | |
name: "gcc - ${{matrix.os}} - ${{matrix.libname}} ${{matrix.extraconf}}" | |
env: | |
SSLPKG: "${{matrix.sslpkg}}" | |
PKCS11PKG: "${{matrix.pkcs11pkg}}" | |
runs-on: ${{matrix.os}} | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf ${SSLPKG} ${PKCS11PKG} | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v4 | |
- name: autoconf | |
run: autoreconf -fvi | |
- name: configure | |
run: ./configure --with-crypto-library=${{matrix.ssllib}} ${{matrix.extraconf}} --enable-werror | |
- name: make all | |
run: make -j3 | |
- name: make check | |
run: make check VERBOSE=1 | |
ubuntu-clang-asan: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-20.04] | |
ssllib: [mbedtls, openssl] | |
name: "clang-asan - ${{matrix.os}} - ${{matrix.ssllib}}" | |
env: | |
UBSAN_OPTIONS: print_stacktrace=1 | |
runs-on: ${{matrix.os}} | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf libmbedtls-dev | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v4 | |
- name: autoconf | |
run: autoreconf -fvi | |
- name: configure | |
run: CFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}} --enable-werror | |
- name: make all | |
run: make -j3 | |
- name: make check | |
run: make check VERBOSE=1 | |
macos: | |
strategy: | |
fail-fast: false | |
matrix: | |
ssllib: [ openssl11, openssl3, libressl] | |
build: [ normal, asan ] | |
os: [macos-12, macos-13, macos-14] | |
include: | |
# macos14 and newer runners use ARM CPUs and homebrew uses /opt/homebrew/ | |
# on ARM instead of /usr/local/ | |
- os: macos-12 | |
homebrew: /usr/local/opt | |
- os: macos-13 | |
homebrew: /usr/local/opt | |
- os: macos-14 | |
homebrew: /opt/homebrew/opt | |
- build: asan | |
cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" | |
ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all | |
# Our build system ignores LDFLAGS for plugins | |
configureflags: --disable-plugin-auth-pam --disable-plugin-down-root | |
- build: normal | |
cflags: "-O2 -g" | |
ldflags: "" | |
configureflags: "" | |
- ssllib: openssl11 | |
libdir: [email protected] | |
configuressllib: "" | |
- ssllib: openssl3 | |
libdir: openssl@3 | |
configuressllib: "" | |
- ssllib: libressl | |
libdir: libressl | |
configuressllib: "--with-openssl-engine=no" | |
runs-on: ${{matrix.os}} | |
name: "${{matrix.os}} - ${{matrix.libdir}} - ${{matrix.build}}" | |
env: | |
CFLAGS: ${{ matrix.cflags }} | |
LDFLAGS: ${{ matrix.ldflags }} | |
OPENSSL_CFLAGS: "-I${{matrix.homebrew}}/${{matrix.libdir}}/include" | |
OPENSSL_LIBS: "-L${{matrix.homebrew}}/${{matrix.libdir}}/lib -lcrypto -lssl" | |
LZO_CFLAGS: "-I${{matrix.homebrew}}/lzo/include" | |
LZO_LIBS: "-L${{matrix.homebrew}}/lzo/lib -llzo2" | |
UBSAN_OPTIONS: print_stacktrace=1 | |
steps: | |
- name: Install dependencies | |
run: brew install [email protected] openssl@3 lzo lz4 man2html cmocka libtool automake autoconf libressl | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v4 | |
- name: autoconf | |
run: autoreconf -fvi | |
- name: configure | |
run: ./configure --enable-werror ${{matrix.configureflags}} ${{matrix.configuressllib}} | |
- name: make all | |
run: make -j4 | |
- name: make check | |
run: make check VERBOSE=1 | |
msvc: | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: [amd64, x86, arm64] | |
name: "msbuild - ${{ matrix.arch }} - openssl" | |
env: | |
BUILD_CONFIGURATION: Release | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: lukka/get-cmake@latest | |
- name: Install rst2html | |
run: python -m pip install --upgrade pip docutils | |
- name: Restore artifacts, or setup vcpkg (do not install any package) | |
uses: lukka/run-vcpkg@v11 | |
with: | |
vcpkgGitCommitId: 8d3649ba34aab36914ddd897958599aa0a91b08e | |
vcpkgJsonGlob: '**/windows/vcpkg.json' | |
- name: Run CMake with vcpkg.json manifest (NO TESTS) | |
uses: lukka/run-cmake@v10 | |
if: ${{ matrix.arch == 'arm64' }} | |
with: | |
configurePreset: win-${{ matrix.arch }}-release | |
buildPreset: win-${{ matrix.arch }}-release | |
- name: Run CMake with vcpkg.json manifest | |
uses: lukka/run-cmake@v10 | |
if: ${{ matrix.arch != 'arm64' }} | |
with: | |
configurePreset: win-${{ matrix.arch }}-release | |
buildPreset: win-${{ matrix.arch }}-release | |
testPreset: win-${{ matrix.arch }}-release | |
testPresetAdditionalArgs: "['--output-on-failure']" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: openvpn-msvc-${{ matrix.arch }} | |
path: | | |
${{ github.workspace }}/out/**/*.exe | |
${{ github.workspace }}/out/**/*.dll | |
!${{ github.workspace }}/out/**/test_*.exe | |
!${{ github.workspace }}/out/**/CMakeFiles/** | |
!${{ github.workspace }}/out/**/vcpkg_installed/** | |
libressl: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-22.04] | |
ssllib: [libressl] | |
build: [ normal, asan ] | |
configureflags: ["--with-openssl-engine=no"] | |
include: | |
- build: asan | |
cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" | |
ldflags: -fsanitize=address -fno-sanitize-recover=all | |
cc: clang | |
- build: normal | |
cflags: "-O2 -g" | |
ldflags: "" | |
cc: gcc | |
name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}" | |
runs-on: ${{matrix.os}} | |
env: | |
CFLAGS: ${{ matrix.cflags }} | |
LDFLAGS: ${{ matrix.ldflags }} | |
CC: ${{matrix.cc}} | |
UBSAN_OPTIONS: print_stacktrace=1 | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev | |
- name: "libressl: checkout" | |
uses: actions/checkout@v4 | |
with: | |
path: libressl | |
repository: libressl/portable | |
ref: v3.8.3 | |
- name: "libressl: autogen.sh" | |
run: ./autogen.sh | |
working-directory: libressl | |
- name: "libressl: configure" | |
run: ./configure | |
working-directory: libressl | |
- name: "libressl: make all" | |
run: make -j3 | |
working-directory: libressl | |
- name: "libressl: make install" | |
run: sudo make install | |
working-directory: libressl | |
- name: "ldconfig" | |
run: sudo ldconfig | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v4 | |
- name: autoconf | |
run: autoreconf -fvi | |
- name: configure | |
run: ./configure --with-crypto-library=openssl ${{matrix.configureflags}} --enable-werror | |
- name: make all | |
run: make -j3 | |
- name: make check | |
run: make check VERBOSE=1 | |
mbedtls3: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-22.04] | |
build: [ normal, asan ] | |
mbedtlsver: [ v3.5.1, v2.28.6 ] | |
include: | |
- build: asan | |
cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" | |
ldflags: -fsanitize=address -fno-sanitize-recover=all | |
cc: clang | |
- build: normal | |
cflags: "-O2 -g" | |
ldflags: "" | |
cc: gcc | |
name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - mbed TLS ${{matrix.mbedtlsver}}" | |
runs-on: ${{matrix.os}} | |
env: | |
CFLAGS: ${{ matrix.cflags }} | |
LDFLAGS: ${{ matrix.ldflags }} | |
CC: ${{matrix.cc}} | |
UBSAN_OPTIONS: print_stacktrace=1 | |
MBEDTLS_CFLAGS: -I/opt/mbedtls/include | |
MBEDTLS_LIBS: -L/opt/mbedtls/lib -lmbedtls -lmbedx509 -lmbedcrypto | |
steps: | |
- name: Install dependencies | |
run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev | |
- name: Cache mbed TLS | |
id: cache | |
uses: actions/cache@v3 | |
with: | |
path: '/opt/mbedtls' | |
key: ${{ matrix.build }}-mbedtls-${{matrix.mbedtlsver}}-${{matrix.cmakebuild}} | |
- name: "Mbed TLS: checkout" | |
if: steps.cache.outputs.cache-hit != 'true' | |
uses: actions/checkout@v4 | |
with: | |
path: mbedtls | |
repository: Mbed-TLS/mbedtls | |
ref: ${{ matrix.mbedtlsver }} | |
- name: "Mbed TLS: make" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: make -j3 SHARED=1 | |
working-directory: mbedtls | |
- name: "Mbed TLS: make install" | |
if: steps.cache.outputs.cache-hit != 'true' | |
run: sudo make install DESTDIR=/opt/mbedtls | |
working-directory: mbedtls | |
- name: add /opt/mbedtls/lib to ld.so.conf.d | |
run: echo /opt/mbedtls/lib | sudo tee /etc/ld.so.conf.d/mbedtls.conf | |
- name: "ldconfig" | |
run: sudo ldconfig | |
- name: Checkout OpenVPN | |
uses: actions/checkout@v4 | |
- name: autoconf | |
run: autoreconf -fvi | |
- name: configure | |
run: ./configure --with-crypto-library=mbedtls | |
- name: make all | |
run: make -j3 | |
- name: make check | |
run: make check VERBOSE=1 |