From: Emil Velikov Date: Sun, 31 May 2026 20:07:03 +0000 (+0100) Subject: ci: enable mbedtls by default for most instances X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=HEAD;p=thirdparty%2Fkmod.git ci: enable mbedtls by default for most instances As the mbedtls introduction commit says, mbedtls v3 is not available in Debian 12 and Ubuntu 22.04/24.04. Although to ensure we have sufficient build coverage, let's enable it everywhere else. While also adding a permutation where it's the only crypto implementation built-in. Signed-off-by: Emil Velikov Link: https://github.com/kmod-project/kmod/pull/426 Signed-off-by: Lucas De Marchi --- diff --git a/.github/actions/setup-os/setup-alpine.sh b/.github/actions/setup-os/setup-alpine.sh index 13756029..c5039ba4 100755 --- a/.github/actions/setup-os/setup-alpine.sh +++ b/.github/actions/setup-os/setup-alpine.sh @@ -13,6 +13,7 @@ apk add \ git \ gtk-doc \ linux-stable-dev \ + mbedtls-dev \ meson \ openssl-dev \ scdoc \ diff --git a/.github/actions/setup-os/setup-arch.sh b/.github/actions/setup-os/setup-arch.sh index d7bcb752..48409c83 100755 --- a/.github/actions/setup-os/setup-arch.sh +++ b/.github/actions/setup-os/setup-arch.sh @@ -18,5 +18,6 @@ pacman --noconfirm -Su \ gtk-doc \ linux-headers \ lld \ + mbedtls \ meson \ scdoc diff --git a/.github/actions/setup-os/setup-debian.sh b/.github/actions/setup-os/setup-debian.sh index f62d1d6c..672d3584 100755 --- a/.github/actions/setup-os/setup-debian.sh +++ b/.github/actions/setup-os/setup-debian.sh @@ -6,6 +6,14 @@ export DEBIAN_FRONTEND=noninteractive export TZ=Etc/UTC + +. /etc/os-release + +mbedtls_pkgs=() +if [[ "$VERSION_CODENAME" != "bookworm" ]]; then + mbedtls_pkgs=("libmbedtls-dev") +fi + apt-get update apt-get install --yes \ bash \ @@ -19,6 +27,7 @@ apt-get install --yes \ libzstd-dev \ linux-headers-generic \ meson \ + "${mbedtls_pkgs[@]}" \ scdoc \ zlib1g-dev \ zstd diff --git a/.github/actions/setup-os/setup-fedora.sh b/.github/actions/setup-os/setup-fedora.sh index e52b19cd..c6fe45b0 100755 --- a/.github/actions/setup-os/setup-fedora.sh +++ b/.github/actions/setup-os/setup-fedora.sh @@ -19,6 +19,7 @@ dnf install -y \ libubsan \ libzstd-devel \ make \ + mbedtls-devel \ meson \ openssl-devel \ scdoc \ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ac692870..5704ffa8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,7 +32,7 @@ jobs: matrix: include: - container: 'ubuntu:24.04' - meson_setup: '-D b_sanitize=none -D build-tests=false' + meson_setup: '-D b_sanitize=none -D build-tests=false -Dmbedtls=disabled' container: image: ${{ matrix.container }} diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2aef493e..9c6c93a6 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -29,7 +29,7 @@ jobs: matrix: include: - container: 'ubuntu:24.04' - meson_setup: '-D b_sanitize=none -D b_coverage=true' + meson_setup: '-D b_sanitize=none -D b_coverage=true -Dmbedtls=disabled' container: image: ${{ matrix.container }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 930a05e8..fe9dfeb9 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -35,13 +35,15 @@ jobs: only_bits: '64' - container: 'archlinux:multilib-devel' - container: 'debian:bookworm-slim' - meson_setup: '-Dzstd=disabled -Dxz=disabled -Dzlib=disabled' + meson_setup: '-Dzstd=disabled -Dxz=disabled -Dzlib=disabled -Dmbedtls=disabled' only_compiler: 'gcc' - container: 'debian:unstable' - container: 'fedora:latest' only_bits: '64' - container: 'ubuntu:22.04' + meson_setup: '-Dmbedtls=disabled' - container: 'ubuntu:24.04' + meson_setup: '-Dmbedtls=disabled' # Special configurations @@ -51,7 +53,7 @@ jobs: only_bits: '64' custom: 'no-xz-dlopen-all' - container: 'ubuntu:22.04' - meson_setup: '-Ddlopen=zstd,zlib' + meson_setup: '-Ddlopen=zstd,zlib -Dmbedtls=disabled' only_bits: '64' custom: 'dlopen-zstd-zlib' @@ -74,6 +76,13 @@ jobs: only_compiler: 'gcc' custom: 'custom-moduledir' + # Variant without openssl - only mbedtls + - container: 'archlinux:multilib-devel' + meson_setup: '-Dopenssl=disabled' + only_bits: '64' + only_compiler: 'gcc' + custom: 'mbedtls-only' + container: image: ${{ matrix.container }} @@ -116,8 +125,8 @@ jobs: should_fail -D dlopen=nonexistent should_fail -D xz=disabled -D dlopen=xz - should_pass -D dlopen=xz - should_pass -D dlopen=xz -D xz=enabled + should_pass -D mbedtls=disabled -D dlopen=xz + should_pass -D mbedtls=disabled -D dlopen=xz -D xz=enabled - name: configure run: | @@ -126,7 +135,7 @@ jobs: if [[ "$2" == "32" ]]; then echo "::notice::TODO fix and reuse the original options." - setup_options="$setup_options -Dzstd=disabled -Dxz=disabled -Dzlib=disabled -Dopenssl=disabled" + setup_options="$setup_options -Dzstd=disabled -Dxz=disabled -Dzlib=disabled -Dopenssl=disabled -Dmbedtls=disabled" echo "::notice::TODO fix and re-enable sanitizer(s)." setup_options="$setup_options -Db_sanitize=none" diff --git a/build-dev.ini b/build-dev.ini index 62ada834..ecb92d0a 100644 --- a/build-dev.ini +++ b/build-dev.ini @@ -11,7 +11,7 @@ zstd = 'enabled' xz = 'enabled' zlib = 'enabled' openssl = 'enabled' -mbedtls = 'disabled' +mbedtls = 'enabled' werror = true b_sanitize = 'address,undefined' diff --git a/meson_options.txt b/meson_options.txt index 581c420a..cfb2b0ac 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -63,8 +63,8 @@ option( option( 'mbedtls', type : 'feature', - value : 'disabled', - description : 'MbedTLS support, PKCS7 signatures. Default: disabled', + value : 'enabled', + description : 'MbedTLS support, PKCS7 signatures. Default: enabled', ) option(