Skip to content

Commit 6da7054

Browse files
gasbytesgasbytes
authored
Support for gnutls 3.8.11 (latest release) (#77)
* - Add GnuTLS version selection (now supporting 3.8.11 too), --help flag, and FIPS bundle support to setup.sh; - Updated README.md; * Updated native workflows to run against gnutls 3.8.11 * Check version when running and testing against gnutls 3.8.11 * - Removed rebuild-gnutls.sh script - Removed macOS support (barely used and doesn't really more value or coverage) * - dirmngr updated the version pull of gpg-error (now pulls 1.56) required for master; - updated meson version for vte (1.3.2), required for master; * Pin tpm2-tss to a compatible version to tpm2-tools 5.7 instead of pulling the latest from master (prevents parsing issues, not related to TLS capabilities)
1 parent bca871c commit 6da7054

10 files changed

Lines changed: 354 additions & 175 deletions

File tree

.github/workflows/dirmngr.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,8 @@ jobs:
7676
cd ..
7777
}
7878
79-
pkg-config --exists --atleast-version=1.51 gpg-error || \
80-
build libgpg-error 1.51 https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.51.tar.bz2
79+
pkg-config --exists --atleast-version=1.56 gpg-error || \
80+
build libgpg-error 1.56 https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.56.tar.bz2
8181
8282
pkg-config --exists --atleast-version=1.11.0 gcrypt || \
8383
build libgcrypt 1.11.1 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.1.tar.bz2

.github/workflows/libvte.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,8 @@ jobs:
6969
liblz4-dev python3-pip python3-setuptools \
7070
libglib2.0-dev libpcre2-dev libfribidi-dev \
7171
libgtk-3-dev libicu-dev gettext git \
72-
libtool autoconf automake meson ninja-build pkg-config
72+
libtool autoconf automake ninja-build pkg-config
73+
pip3 install --break-system-packages meson>=1.3.2
7374
7475
- name: Checkout VTE at ${{ matrix.vte_ref }}
7576
run: |

.github/workflows/openldap.yml

Lines changed: 76 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,8 @@ jobs:
6464
- name: Prepare cache directories (native runner)
6565
if: matrix.use_container == false
6666
run: |
67-
sudo mkdir -p /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper
68-
sudo chown -R $USER:$USER /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper
67+
sudo mkdir -p /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper /opt/nettle
68+
sudo chown -R $USER:$USER /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper /opt/nettle
6969
7070
# ───────────── cache the wolfssl/gnutls tool-chain ─────────────
7171
- name: Restore cached gnutls-wolfssl
@@ -76,9 +76,10 @@ jobs:
7676
${{ matrix.use_container && '/opt/gnutls' || '~/cache/gnutls' }}
7777
${{ matrix.use_container && '/opt/wolfssl' || '~/cache/wolfssl' }}
7878
${{ matrix.use_container && '/opt/wolfssl-gnutls-wrapper' || '~/cache/wolfssl-gnutls-wrapper' }}
79-
key: gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
79+
${{ !matrix.use_container && '~/cache/nettle' || '' }}
80+
key: gnutls-wolfssl-${{ matrix.use_container == false && '3.8.11' || '3.8.9' }}-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
8081
restore-keys: |
81-
gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-
82+
gnutls-wolfssl-${{ matrix.use_container == false && '3.8.11' || '3.8.9' }}-${{ runner.os }}-${{ matrix.use_container }}-
8283
8384
- name: Copy cache to /opt (native runner only)
8485
if: matrix.use_container == false && steps.cache-gnutls.outputs.cache-hit == 'true'
@@ -87,18 +88,35 @@ jobs:
8788
sudo cp -a ~/cache/gnutls /opt/
8889
sudo cp -a ~/cache/wolfssl /opt/
8990
sudo cp -a ~/cache/wolfssl-gnutls-wrapper /opt/
91+
if [ -d ~/cache/nettle ]; then
92+
sudo cp -a ~/cache/nettle /opt/
93+
fi
94+
95+
- name: Setup nettle environment (native runner only)
96+
if: matrix.use_container == false
97+
run: |
98+
# Set up environment for nettle 3.10 in /opt/nettle
99+
echo "PKG_CONFIG_PATH=/opt/nettle/lib64/pkgconfig:/opt/nettle/lib/pkgconfig:$PKG_CONFIG_PATH" >> $GITHUB_ENV
100+
echo "LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:$LD_LIBRARY_PATH" >> $GITHUB_ENV
90101
91102
- name: Build GnuTLS with wolfSSL provider using setup.sh script
92103
if: steps.cache-gnutls.outputs.cache-hit != 'true'
93104
run: |
94105
echo "Running setup.sh..."
95-
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
106+
if [[ "${{ matrix.use_container }}" == "false" ]]; then
107+
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl NETTLE_INSTALL=/opt/nettle ./setup.sh 3.8.11
108+
else
109+
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
110+
fi
96111
# For native runner: also save to cache location
97112
if [[ "${{ matrix.use_container }}" == "false" ]]; then
98113
mkdir -p ~/cache
99114
sudo cp -a /opt/gnutls ~/cache/
100115
sudo cp -a /opt/wolfssl ~/cache/
101116
sudo cp -a /opt/wolfssl-gnutls-wrapper ~/cache/
117+
if [ -d /opt/nettle ]; then
118+
sudo cp -a /opt/nettle ~/cache/
119+
fi
102120
sudo chown -R $(id -u):$(id -g) ~/cache
103121
fi
104122
@@ -107,6 +125,22 @@ jobs:
107125
test -d /opt/wolfssl || { echo "/opt/wolfssl missing"; exit 1; }
108126
test -d /opt/gnutls || { echo "/opt/gnutls missing"; exit 1; }
109127
test -d /opt/wolfssl-gnutls-wrapper/lib || { echo "/opt/wolfssl-gnutls-wrapper/lib missing"; exit 1; }
128+
if [[ "${{ matrix.use_container }}" == "false" ]]; then
129+
test -d /opt/nettle || { echo "/opt/nettle missing"; exit 1; }
130+
fi
131+
132+
- name: Verify GnuTLS version (native runner only)
133+
if: matrix.use_container == false
134+
run: |
135+
export LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:/opt/gnutls/lib:/opt/wolfssl/lib:$LD_LIBRARY_PATH
136+
GNUTLS_VERSION=$(/opt/gnutls/bin/gnutls-cli --version 2>&1 | grep -oP 'gnutls-cli \K[0-9]+\.[0-9]+\.[0-9]+')
137+
echo "Detected GnuTLS version: $GNUTLS_VERSION"
138+
if [ "$GNUTLS_VERSION" != "3.8.11" ]; then
139+
echo "ERROR: Expected GnuTLS 3.8.11 but got $GNUTLS_VERSION"
140+
exit 1
141+
fi
142+
echo "GnuTLS version verified: 3.8.11"
143+
110144
- name: Build OpenLDAP at ${{ matrix.openldap_ref }}
111145
run: |
112146
git clone https://git.openldap.org/openldap/openldap.git
@@ -117,45 +151,46 @@ jobs:
117151
- name: Configure OpenLDAP
118152
working-directory: openldap
119153
run: |
120-
export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig
154+
export PKG_CONFIG_PATH=/opt/gnutls/lib/pkgconfig:$PKG_CONFIG_PATH
121155
export CPPFLAGS=-I/opt/gnutls/include
122-
export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib"
123156
if [[ "${{ matrix.openldap_ref }}" = "OPENLDAP_REL_ENG_2_6_7" ]]; then
124-
./configure \
125-
ac_cv_func_memcmp_working=yes \
126-
lt_cv_dlopen_self=yes \
127-
--with-yielding-select=yes \
128-
--enable-dynamic \
129-
--enable-crypt \
130-
--with-tls=gnutls \
131-
--with-cyrus-sasl \
132-
--enable-otp \
133-
--with-argon2=libargon2 \
134-
--enable-argon2 \
135-
--enable-ppolicy \
136-
--enable-remoteauth \
137-
--prefix=/opt/openldap \
138-
--enable-modules \
139-
--enable-ipv6 \
140-
--enable-asyncmeta=mod \
141-
--enable-mdb=yes \
142-
--enable-ldap=mod \
143-
--enable-meta=mod \
144-
--enable-null=mod \
145-
--enable-passwd=mod \
146-
--enable-proxycache=mod \
147-
--enable-dnssrv=mod
157+
export LDFLAGS="-L/opt/nettle/lib64 -L/opt/nettle/lib -L/opt/gnutls/lib -Wl,-rpath,/opt/nettle/lib64 -Wl,-rpath,/opt/nettle/lib -Wl,-rpath,/opt/gnutls/lib"
158+
./configure \
159+
ac_cv_func_memcmp_working=yes \
160+
lt_cv_dlopen_self=yes \
161+
--with-yielding-select=yes \
162+
--enable-dynamic \
163+
--enable-crypt \
164+
--with-tls=gnutls \
165+
--with-cyrus-sasl \
166+
--enable-otp \
167+
--with-argon2=libargon2 \
168+
--enable-argon2 \
169+
--enable-ppolicy \
170+
--enable-remoteauth \
171+
--prefix=/opt/openldap \
172+
--enable-modules \
173+
--enable-ipv6 \
174+
--enable-asyncmeta=mod \
175+
--enable-mdb=yes \
176+
--enable-ldap=mod \
177+
--enable-meta=mod \
178+
--enable-null=mod \
179+
--enable-passwd=mod \
180+
--enable-proxycache=mod \
181+
--enable-dnssrv=mod
148182
else
149-
./configure \
150-
--with-tls=gnutls \
151-
--with-cyrus-sasl \
152-
--enable-otp \
153-
--with-argon2=libargon2 \
154-
--enable-argon2 \
155-
--enable-ppolicy \
156-
--enable-remoteauth \
157-
--prefix=/opt/openldap \
158-
--enable-modules
183+
export LDFLAGS="-L/opt/gnutls/lib -Wl,-rpath,/opt/gnutls/lib"
184+
./configure \
185+
--with-tls=gnutls \
186+
--with-cyrus-sasl \
187+
--enable-otp \
188+
--with-argon2=libargon2 \
189+
--enable-argon2 \
190+
--enable-ppolicy \
191+
--enable-remoteauth \
192+
--prefix=/opt/openldap \
193+
--enable-modules
159194
fi
160195
- name: Build OpenLDAP
161196
working-directory: openldap

.github/workflows/tpm2-tools.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,7 @@ jobs:
8080
export MAKEFLAGS="-j$(nproc)"
8181
git clone https://github.com/tpm2-software/tpm2-tss
8282
cd tpm2-tss
83+
git checkout 4.1.3
8384
git submodule update --init --recursive
8485
./bootstrap
8586
export PKG_CONFIG_PATH="/opt/gnutls/lib/pkgconfig:/opt/curl/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}"

.github/workflows/wget.yml

Lines changed: 39 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -71,9 +71,10 @@ jobs:
7171
${{ matrix.use_container && '/opt/gnutls' || '~/cache/gnutls' }}
7272
${{ matrix.use_container && '/opt/wolfssl' || '~/cache/wolfssl' }}
7373
${{ matrix.use_container && '/opt/wolfssl-gnutls-wrapper' || '~/cache/wolfssl-gnutls-wrapper' }}
74-
key: gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
74+
${{ !matrix.use_container && '~/cache/nettle' || '' }}
75+
key: gnutls-wolfssl-${{ matrix.use_container == false && '3.8.11' || '3.8.9' }}-${{ runner.os }}-${{ matrix.use_container }}-${{ hashFiles('setup.sh', 'wolfssl-gnutls-wrapper/**', 'wolfssl/**', 'gnutls/**') }}
7576
restore-keys: |
76-
gnutls-wolfssl-${{ runner.os }}-${{ matrix.use_container }}-
77+
gnutls-wolfssl-${{ matrix.use_container == false && '3.8.11' || '3.8.9' }}-${{ runner.os }}-${{ matrix.use_container }}-
7778
7879
- name: Copy cache to /opt (native runner only)
7980
if: matrix.use_container == false && steps.cache-gnutls.outputs.cache-hit == 'true'
@@ -82,18 +83,35 @@ jobs:
8283
sudo cp -a ~/cache/gnutls /opt/
8384
sudo cp -a ~/cache/wolfssl /opt/
8485
sudo cp -a ~/cache/wolfssl-gnutls-wrapper /opt/
86+
if [ -d ~/cache/nettle ]; then
87+
sudo cp -a ~/cache/nettle /opt/
88+
fi
89+
90+
- name: Setup nettle environment (native runner only)
91+
if: matrix.use_container == false
92+
run: |
93+
# Set up environment for nettle 3.10 in /opt/nettle
94+
echo "PKG_CONFIG_PATH=/opt/nettle/lib64/pkgconfig:/opt/nettle/lib/pkgconfig:$PKG_CONFIG_PATH" >> $GITHUB_ENV
95+
echo "LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:$LD_LIBRARY_PATH" >> $GITHUB_ENV
8596
8697
- name: Build GnuTLS with wolfSSL provider using setup.sh script
8798
if: steps.cache-gnutls.outputs.cache-hit != 'true'
8899
run: |
89100
echo "Running setup.sh..."
90-
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
101+
if [[ "${{ matrix.use_container }}" == "false" ]]; then
102+
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl NETTLE_INSTALL=/opt/nettle ./setup.sh 3.8.11
103+
else
104+
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
105+
fi
91106
# For native runner: also save to cache location
92107
if [[ "${{ matrix.use_container }}" == "false" ]]; then
93108
mkdir -p ~/cache
94109
sudo cp -a /opt/gnutls ~/cache/
95110
sudo cp -a /opt/wolfssl ~/cache/
96111
sudo cp -a /opt/wolfssl-gnutls-wrapper ~/cache/
112+
if [ -d /opt/nettle ]; then
113+
sudo cp -a /opt/nettle ~/cache/
114+
fi
97115
sudo chown -R $(id -u):$(id -g) ~/cache
98116
fi
99117
@@ -105,6 +123,23 @@ jobs:
105123
test -d /opt/gnutls || exit 1
106124
echo "Check for wrapper installation..."
107125
test -d /opt/wolfssl-gnutls-wrapper/lib || exit 1
126+
if [[ "${{ matrix.use_container }}" == "false" ]]; then
127+
echo "Check for nettle installation (3.8.11)..."
128+
test -d /opt/nettle || exit 1
129+
fi
130+
131+
- name: Verify GnuTLS version (native runner only)
132+
if: matrix.use_container == false
133+
run: |
134+
export LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:/opt/gnutls/lib:/opt/wolfssl/lib:$LD_LIBRARY_PATH
135+
GNUTLS_VERSION=$(/opt/gnutls/bin/gnutls-cli --version 2>&1 | grep -oP 'gnutls-cli \K[0-9]+\.[0-9]+\.[0-9]+')
136+
echo "Detected GnuTLS version: $GNUTLS_VERSION"
137+
if [ "$GNUTLS_VERSION" != "3.8.11" ]; then
138+
echo "ERROR: Expected GnuTLS 3.8.11 but got $GNUTLS_VERSION"
139+
exit 1
140+
fi
141+
echo "GnuTLS version verified: 3.8.11"
142+
108143
- name: Build wget at ${{ matrix.wget_ref }}
109144
uses: actions/checkout@v4
110145
with:
@@ -167,7 +202,7 @@ jobs:
167202
# To make /opt/gnutls visible to the test binaries, LD_LIBRARY_PATH
168203
# is needed since we disable rpath for v1.21.4.
169204
if [[ "${{ matrix.wget_ref }}" = "v1.21.4" ]]; then
170-
export LD_LIBRARY_PATH=/opt/gnutls/lib:/opt/wolfssl/lib:/opt/wolfssl-gnutls-wrapper/lib:$LD_LIBRARY_PATH
205+
export LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:/opt/gnutls/lib:/opt/wolfssl/lib:/opt/wolfssl-gnutls-wrapper/lib:$LD_LIBRARY_PATH
171206
fi
172207
make check
173208
find . -name '*.log' | xargs grep wgw

0 commit comments

Comments
 (0)