Cache mbed TLS dependency and build latest 2.x mbed TLS as well

Change-Id: I39fb3f05b6245af9ae5dd666bfc53ed07e5cfb24
schwabe · Nov 20, 2023 · d2fac39 · d2fac39
1 parent 3a3364c
commit d2fac39
Showing 1 changed file with 23 additions and 79 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -105,78 +105,6 @@ jobs:
       - name: make check
         run: make check
 
-  mbedtls-git:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-22.04]
-        ssllib: [mbedtls]
-        build: [normal, asan]
-        mbedver: [v3.5.0, v2.28.5]
-        include:
-        - build: asan
-          cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all  -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
-          ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all
-          cc: clang
-          cmakebuild: ASan
-        - build: normal
-          cflags: "-O2 -g"
-          ldflags: ""
-          configureflags: ""
-          cc: gcc
-          cmakebuild: Release
-
-    name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - mbed TLS ${{matrix.mbedver}}"
-    runs-on: ${{matrix.os}}
-    env:
-      CFLAGS: ${{ matrix.cflags }}
-      LDFLAGS: ${{ matrix.ldflags }}
-      CC: ${{matrix.cc}}
-      UBSAN_OPTIONS: print_stacktrace=1
-      MBEDTLS_CFLAGS: -I/opt/mbedtls/include
-      MBEDTLS_LIBS: -L/opt/mbedtls/lib -lmbedtls -lmbedx509 -lmbedcrypto
-
-    steps:
-      - name: Install dependencies
-        run: sudo apt update && sudo apt install -y build-essential liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev cmake
-
-      - name: Cache dependencies
-        id: cache
-        uses: actions/cache@v3
-        with:
-          path: '/opt/mbedtls'
-          key: ${{ matrix.build }}-mbedtls-${{matrix.mbedver}}-${{matrix.cmakebuild}}
-      - name: "mbed TLS: checkout ${{matrix.mbedver}}"
-        if: steps.cache.outputs.cache-hit != 'true'
-        uses: actions/checkout@v3
-        with:
-          path: mbedtls
-          repository: mbed-TLS/mbedtls
-          ref: ${{matrix.mbedver}}
-      - name: "mbed TLS: cmake"
-        if: steps.cache.outputs.cache-hit != 'true'
-        run: cmake -DCMAKE_BUILD_TYPE=${{matrix.cmakebuild}} -DUSE_SHARED_MBEDTLS_LIBRARY=On -DCMAKE_INSTALL_PREFIX=/opt/mbedtls -B mbedbuild -S mbedtls
-      - name: "mbed TLS: build"
-        if: steps.cache.outputs.cache-hit != 'true'
-        run: cmake --build mbedbuild
-      - name: "mbed TLS: install"
-        if: steps.cache.outputs.cache-hit != 'true'
-        run: cmake --install mbedbuild
-      - name: add /opt/mbedtls/lib to ld.so.conf.d
-        run: echo /opt/mbedtls/lib | sudo tee /etc/ld.so.conf.d/mbedtls.conf
-      - name: "ldconfig"
-        run: sudo ldconfig
-      - name: Checkout OpenVPN
-        uses: actions/checkout@v3
-      - name: autoconf
-        run: autoreconf -fvi
-      - name: configure ${{matrix.configureflag}}
-        run: PKG_CONFIG_PATH=/opt/mbedtls/lib/pkgconfig ./configure --with-crypto-library=${{matrix.ssllib}} --enable-werror
-      - name: make all
-        run: make -j3
-      - name: make check
-        run: make check
-
   mingw:
     strategy:
       fail-fast: false
@@ -511,8 +439,8 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-22.04]
-        ssllib: [mbedtls3]
         build: [ normal, asan ]
+        mbedtlsver: [ v3.5.0, v2.28.5 ]
         include:
           - build: asan
             cflags: "-fsanitize=address -fno-sanitize-recover=all  -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
@@ -523,29 +451,45 @@ jobs:
             ldflags: ""
             cc: gcc
 
-    name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}}"
+    name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - mbed TLS ${{matrix.mbedtlsver}}"
     runs-on: ${{matrix.os}}
     env:
       CFLAGS: ${{ matrix.cflags }}
       LDFLAGS: ${{ matrix.ldflags }}
       CC: ${{matrix.cc}}
       UBSAN_OPTIONS: print_stacktrace=1
+      MBEDTLS_CFLAGS: -I/opt/mbedtls/include
+      MBEDTLS_LIBS: -L/opt/mbedtls/lib -lmbedtls -lmbedx509 -lmbedcrypto
 
     steps:
       - name: Install dependencies
         run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev
-      - name: "mbedtls: checkout"
+
+      - name: Cache mbed TLS
+        id: cache
+        uses: actions/cache@v3
+        with:
+          path: '/opt/mbedtls'
+          key: ${{ matrix.build }}-mbedtls-${{matrix.mbedtlsver}}-${{matrix.cmakebuild}}
+      - name: "Mbed TLS: checkout"
         uses: actions/checkout@v3
         with:
           path: mbedtls
           repository: Mbed-TLS/mbedtls
-          ref: v3.5.0
-      - name: "mbedtls: make no_test"
+          ref: ${{ matrix.mbedtlsver}
+          if: steps.cache.outputs.cache-hit != 'true'
+      - name: "Mbed TLS: make no_test"
         run: make -j3 no_test SHARED=1
         working-directory: mbedtls
-      - name: "mbedtls: make install"
-        run: sudo make install DESTDIR=/usr
+        if: steps.cache.outputs.cache-hit != 'true'
+      - name: "Mbed TLS: make install"
+        run: sudo make install DESTDIR=/opt/mbedtls
         working-directory: mbedtls
+        if: steps.cache.outputs.cache-hit != 'true'
+      - name: add /opt/mbedtls/lib to ld.so.conf.d
+        run: echo /opt/mbedtls/lib | sudo tee /etc/ld.so.conf.d/mbedtls.conf
+      - name: "ldconfig"
+        run: sudo ldconfig
       - name: Checkout OpenVPN
         uses: actions/checkout@v3
       - name: autoconf