From: Darren Tucker Date: Mon, 22 Sep 2025 05:26:17 +0000 (+1000) Subject: Factor out OpenSSL install and test more versions. X-Git-Tag: V_10_1_P1~56 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=83853aa5e35f3da0690bccd2983764d4e749a670;p=thirdparty%2Fopenssh-portable.git Factor out OpenSSL install and test more versions. Move OpenSSL installation into its own script with a "-a" option to install the "next" version to test for ABI compatibility. --- diff --git a/.github/install_libcrypto.sh b/.github/install_libcrypto.sh new file mode 100755 index 000000000..c2e4380f9 --- /dev/null +++ b/.github/install_libcrypto.sh @@ -0,0 +1,71 @@ +#!/bin/sh +# +# Install specified libcrypto. +# -a : install version for ABI compatibility test. +# -n : dry run, don't actually build and install. +# +# Usage: $0 [-a] [-n] openssl-$branch/tag destdir [config options] + +set -e + +bincompat_test="" +dryrun="" +while [ "$1" = "-a" ] || [ "$1" = "-n" ]; do + if [ "$1" = "-a" ]; then + abi_compat_test=y + elif [ "$1" = "-n" ]; then + dryrun="echo dryrun:" + fi + shift +done + +ver="$1" +destdir="$2" +opts="$3" + +if [ -z "${ver}" ] || [ -z "${destdir}" ]; then + echo tag/branch and destdir required + exit 1 +fi + +set -x + +cd ${HOME} +[ -d ${HOME}/openssl ] || git clone https://github.com/openssl/openssl.git +cd ${HOME}/openssl +git fetch --all + +if [ "${abi_compat_test}" = "y" ]; then + echo selecting ABI test release/branch for ${ver} + case "${ver}" in + openssl-3.6) + ver=openssl-3.0.0 + echo "selecting older release ${ver}" + ;; + openssl-3.[012345]) + major=$(echo ${ver} | cut -f1 -d.) + minor=$(echo ${ver} | cut -f2 -d.) + ver="${major}.$((${minor} + 1))" + echo selecting next release branch ${ver} + ;; + openssl-3.*.*) + major=$(echo ${ver} | cut -f1 -d.) + minor=$(echo ${ver} | cut -f2 -d.) + patch=$(echo ${ver} | cut -f3 -d.) + ver="${major}.${minor}.$((${patch} + 1))" + echo checking for release tag ${ver} + if git tag | grep -q "^${ver}\$"; then + echo selected next patch release ${ver} + else + ver="${major}.${minor}" + echo not found, selecting release branch ${ver} + fi + ;; + esac +fi + +git checkout ${ver} +make clean >/dev/null 2>&1 || true +${dryrun} ./config no-threads shared ${opts} --prefix=${destdir} +${dryrun} make -j4 +${dryrun} sudo make install_sw diff --git a/.github/run_test.sh b/.github/run_test.sh index bf3f3c951..bd6fb7b7b 100755 --- a/.github/run_test.sh +++ b/.github/run_test.sh @@ -41,17 +41,6 @@ else ${env} make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}" fi -# Replace our self-built with the distro-provided one before running the tests -# again. -case "$1" in - openssl-3.*) - ${SUDO} cp /lib/x86_64-linux-gnu/libcrypto.so.3 /opt/openssl/lib64/libcrypto.so.3 - if [ -z "${TEST_SSH_SSHD_CONFOPTS}" ]; then - SSHD_CONFOPTS=AcceptEnv=OpenSSL3_ABI_Test - fi - ;; -esac - if [ ! -z "${SSHD_CONFOPTS}" ]; then echo "rerunning t-exec with TEST_SSH_SSHD_CONFOPTS='${SSHD_CONFOPTS}'" if [ -z "${LTESTS}" ]; then diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh index ff1de0bca..10ff77bad 100755 --- a/.github/setup_ci.sh +++ b/.github/setup_ci.sh @@ -225,13 +225,8 @@ if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then fi if [ ! -z "${INSTALL_OPENSSL}" ]; then - (cd ${HOME} && - git clone https://github.com/openssl/openssl.git && - cd ${HOME}/openssl && - git checkout ${INSTALL_OPENSSL} && - ./config no-threads shared ${SSLCONFOPTS} \ - --prefix=/opt/openssl && - make -j4 && sudo make install_sw) + .github/install_libcrypto.sh \ + "${INSTALL_OPENSSL}" /opt/openssl "${SSLCONFOPTS}" fi if [ ! -z "${INSTALL_LIBRESSL}" ]; then diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index c3684f9a5..7bda9d5b3 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -164,6 +164,11 @@ jobs: TEST_SSH_UNSAFE_PERMISSIONS: 1 TEST_SSH_HOSTBASED_AUTH: yes LTESTS: ${{ vars.LTESTS }} + - name: test OpenSSL3 ABI compatibility + if: ${{ startsWith(matrix.config, 'openssl-3') }} + run: | + sh .github/install_libcrypto.sh -a ${{ matrix.config }} /opt/openssl + sh .github/run_test.sh ${{ matrix.config }} - name: show logs if: failure() run: for i in regress/failed*.log; do echo ====; echo logfile $i; echo =====; cat $i; done