Skip to content

20240512-pkcs12_test-leak #53

20240512-pkcs12_test-leak

20240512-pkcs12_test-leak #53

Workflow file for this run

name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
strategy:
matrix:
include:
- build_id: hostap-build1
wolf_extra_config: --disable-tls13
- build_id: hostap-build2
wolf_extra_config: --enable-brainpool --enable-wpas-dpp
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-wpas CFLAGS=-DWOLFSSL_STATIC_RSA
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir
retention-days: 5
# Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
hostap_test:
strategy:
fail-fast: false
matrix:
# should hostapd be compiled with wolfssl
hostapd: [true, false]
# should wpa_supplicant be compiled with wolfssl
wpa_supplicant: [true, false]
# Fix the versions of hostap and osp to not break testing when a new
# patch is added in to osp. hostap_cherry_pick is used to apply the
# commit that updates the certificates used for testing. Tests are read
# from the corresponding configs/hostap_ref/tests file.
config: [
{
hostap_ref: hostap_2_10,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-build1,
},
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-build2
},
]
# parallelize the tests to be able to run all tests within 10 minutes
# Update the <total server> in the ./run-tests.py step when changing.
server: [1, 2, 3, 4, 5]
exclude:
# don't test openssl on both sides
- hostapd: false
wpa_supplicant: false
# no hostapd support for dpp yet
- hostapd: true
config: {
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-build2
}
name: hwsim test
# For openssl 1.1
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
timeout-minutes: 12
needs: build_wolfssl
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- name: Print computed job run ID
run: |
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
${{ toJSON(github) }}
END_OF_HEREDOC
)
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev linux-modules-extra-`uname -r` \
bridge-utils
sudo pip3 install pycryptodome
- name: Enable mac80211
run: |
sudo modprobe mac80211
lsmod | grep mac80211
- if: ${{ runner.debug }}
name: Enable hostap debug logging
run: |
echo "hostap_debug_flags=-d" >> $GITHUB_ENV
- name: Download lib
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
path: build-dir
- name: Setup d-bus
working-directory: wolfssl/.github/workflows/hostap-files
run: |
sudo cp dbus-wpa_supplicant.conf /usr/share/dbus-1/system.d/wpa_supplicant.conf
sudo service dbus reload
# This is super hack-ish :P
# If you are trying to reproduce this on a more generic system, you can
# just run `sudo apt install linux-modules-extra-$(uname -r)` and
# this should have the module in the package. No need to compile it.
- name: Compile and install mac80211_hwsim
working-directory: wolfssl/.github/workflows/hostap-files
run: |
# The tag will be the first two numbers of from uname -r
LINUX_TAG=$(uname -r | grep -oP '^\d+\.\d+')
# Download the correct version of the driver
wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.c
wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.h
make
sudo make install
sudo modprobe mac80211_hwsim
lsmod | grep mac80211_hwsim
sudo rmmod mac80211_hwsim
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
# necessary for cherry pick step
fetch-depth: 0
- if: ${{ matrix.config.hostap_cherry_pick }}
name: Cherry pick certificate update
working-directory: hostap
run: git cherry-pick -n -X theirs ${{ matrix.config.hostap_cherry_pick }}
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
ref: ${{ matrix.config.osp_ref }}
- if: ${{ matrix.config.osp_ref }}
name: Apply patch files
working-directory: hostap
run: |
for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
do
patch -p1 < $f
done
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
cat <<EOF >> hostap/hostapd/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
cat <<EOF >> hostap/wpa_supplicant/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- name: Build hostap
working-directory: hostap/tests/hwsim/
run: ./build.sh
- if: ${{ matrix.hostapd }}
name: Confirm hostapd linking with wolfSSL
run: ldd hostap/hostapd/hostapd | grep wolfssl
- if: ${{ matrix.wpa_supplicant }}
name: Confirm wpa_supplicant linking with wolfSSL
run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
- if: ${{ matrix.config.remove_teap }}
name: Remove EAP-TEAP from test configuration
working-directory: hostap/tests/hwsim/auth_serv
run: |
sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
sed -e 's/TEAP,//' -i eap_user.conf
- name: Run tests
id: testing
working-directory: hostap/tests/hwsim/
run: |
# Run tests in increments of 50 to cut down on the uploaded log size.
while mapfile -t -n 50 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
# Retry up to three times
for i in {1..3}; do
HWSIM_RES=0 # Not set when command succeeds
# Logs can grow quickly especially in debug mode
sudo rm -rf logs
sudo ./start.sh
sudo ./run-tests.py ${{ env.hostap_debug_flags }} --split ${{ matrix.server }}/5 $TESTS || HWSIM_RES=$?
sudo ./stop.sh
if [ "$HWSIM_RES" -eq "0" ]; then
break
fi
done
echo "test ran $i times"
if [ "$HWSIM_RES" -ne "0" ]; then
exit $HWSIM_RES
fi
done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
- name: Change failure log permissions
if: ${{ failure() && steps.testing.outcome == 'failure' }}
working-directory: hostap/tests/hwsim/
run: |
sudo chown -R $USER:$USER logs
zip -9 -r logs.zip logs/current
- name: Upload failure logs
if: ${{ failure() && steps.testing.outcome == 'failure' }}
uses: actions/upload-artifact@v4
with:
name: hostap-logs-${{ env.our_job_run_id }}
path: hostap/tests/hwsim/logs.zip
retention-days: 5