ci: enable mbedtls by default for most instances As the mbedtls introduction commit says, mbedtls v3 is not available in Debian 12 and Ubuntu 22.04/24.04. Although to ensure we have sufficient build coverage, let's enable it everywhere else. While also adding a permutation where it's the only crypto implementation built-in. Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com> Link: https://github.com/kmod-project/kmod/pull/426 Signed-off-by: Lucas De Marchi <demarchi@kernel.org>
diff --git a/.github/actions/setup-os/setup-alpine.sh b/.github/actions/setup-os/setup-alpine.sh index 1375602..c5039ba 100755 --- a/.github/actions/setup-os/setup-alpine.sh +++ b/.github/actions/setup-os/setup-alpine.sh
@@ -13,6 +13,7 @@ git \ gtk-doc \ linux-stable-dev \ + mbedtls-dev \ meson \ openssl-dev \ scdoc \
diff --git a/.github/actions/setup-os/setup-arch.sh b/.github/actions/setup-os/setup-arch.sh index d7bcb75..48409c8 100755 --- a/.github/actions/setup-os/setup-arch.sh +++ b/.github/actions/setup-os/setup-arch.sh
@@ -18,5 +18,6 @@ gtk-doc \ linux-headers \ lld \ + mbedtls \ meson \ scdoc
diff --git a/.github/actions/setup-os/setup-debian.sh b/.github/actions/setup-os/setup-debian.sh index f62d1d6..672d358 100755 --- a/.github/actions/setup-os/setup-debian.sh +++ b/.github/actions/setup-os/setup-debian.sh
@@ -6,6 +6,14 @@ export DEBIAN_FRONTEND=noninteractive export TZ=Etc/UTC + +. /etc/os-release + +mbedtls_pkgs=() +if [[ "$VERSION_CODENAME" != "bookworm" ]]; then + mbedtls_pkgs=("libmbedtls-dev") +fi + apt-get update apt-get install --yes \ bash \ @@ -19,6 +27,7 @@ libzstd-dev \ linux-headers-generic \ meson \ + "${mbedtls_pkgs[@]}" \ scdoc \ zlib1g-dev \ zstd
diff --git a/.github/actions/setup-os/setup-fedora.sh b/.github/actions/setup-os/setup-fedora.sh index e52b19c..c6fe45b 100755 --- a/.github/actions/setup-os/setup-fedora.sh +++ b/.github/actions/setup-os/setup-fedora.sh
@@ -19,6 +19,7 @@ libubsan \ libzstd-devel \ make \ + mbedtls-devel \ meson \ openssl-devel \ scdoc \
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ac69287..5704ffa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml
@@ -32,7 +32,7 @@ matrix: include: - container: 'ubuntu:24.04' - meson_setup: '-D b_sanitize=none -D build-tests=false' + meson_setup: '-D b_sanitize=none -D build-tests=false -Dmbedtls=disabled' container: image: ${{ matrix.container }}
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2aef493..9c6c93a 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml
@@ -29,7 +29,7 @@ matrix: include: - container: 'ubuntu:24.04' - meson_setup: '-D b_sanitize=none -D b_coverage=true' + meson_setup: '-D b_sanitize=none -D b_coverage=true -Dmbedtls=disabled' container: image: ${{ matrix.container }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 930a05e..fe9dfeb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml
@@ -35,13 +35,15 @@ only_bits: '64' - container: 'archlinux:multilib-devel' - container: 'debian:bookworm-slim' - meson_setup: '-Dzstd=disabled -Dxz=disabled -Dzlib=disabled' + meson_setup: '-Dzstd=disabled -Dxz=disabled -Dzlib=disabled -Dmbedtls=disabled' only_compiler: 'gcc' - container: 'debian:unstable' - container: 'fedora:latest' only_bits: '64' - container: 'ubuntu:22.04' + meson_setup: '-Dmbedtls=disabled' - container: 'ubuntu:24.04' + meson_setup: '-Dmbedtls=disabled' # Special configurations @@ -51,7 +53,7 @@ only_bits: '64' custom: 'no-xz-dlopen-all' - container: 'ubuntu:22.04' - meson_setup: '-Ddlopen=zstd,zlib' + meson_setup: '-Ddlopen=zstd,zlib -Dmbedtls=disabled' only_bits: '64' custom: 'dlopen-zstd-zlib' @@ -74,6 +76,13 @@ only_compiler: 'gcc' custom: 'custom-moduledir' + # Variant without openssl - only mbedtls + - container: 'archlinux:multilib-devel' + meson_setup: '-Dopenssl=disabled' + only_bits: '64' + only_compiler: 'gcc' + custom: 'mbedtls-only' + container: image: ${{ matrix.container }} @@ -116,8 +125,8 @@ should_fail -D dlopen=nonexistent should_fail -D xz=disabled -D dlopen=xz - should_pass -D dlopen=xz - should_pass -D dlopen=xz -D xz=enabled + should_pass -D mbedtls=disabled -D dlopen=xz + should_pass -D mbedtls=disabled -D dlopen=xz -D xz=enabled - name: configure run: | @@ -126,7 +135,7 @@ if [[ "$2" == "32" ]]; then echo "::notice::TODO fix and reuse the original options." - setup_options="$setup_options -Dzstd=disabled -Dxz=disabled -Dzlib=disabled -Dopenssl=disabled" + setup_options="$setup_options -Dzstd=disabled -Dxz=disabled -Dzlib=disabled -Dopenssl=disabled -Dmbedtls=disabled" echo "::notice::TODO fix and re-enable sanitizer(s)." setup_options="$setup_options -Db_sanitize=none"
diff --git a/build-dev.ini b/build-dev.ini index 62ada83..ecb92d0 100644 --- a/build-dev.ini +++ b/build-dev.ini
@@ -11,7 +11,7 @@ xz = 'enabled' zlib = 'enabled' openssl = 'enabled' -mbedtls = 'disabled' +mbedtls = 'enabled' werror = true b_sanitize = 'address,undefined'
diff --git a/meson_options.txt b/meson_options.txt index 581c420..cfb2b0a 100644 --- a/meson_options.txt +++ b/meson_options.txt
@@ -63,8 +63,8 @@ option( 'mbedtls', type : 'feature', - value : 'disabled', - description : 'MbedTLS support, PKCS7 signatures. Default: disabled', + value : 'enabled', + description : 'MbedTLS support, PKCS7 signatures. Default: enabled', ) option(