-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OpenVPN to CI #1705
Merged
Merged
Add OpenVPN to CI #1705
Changes from all commits
Commits
Show all changes
19 commits
Select commit
Hold shift + click to select a range
745fff4
added integration script for openvpn
smittals2 d4491fd
added openvpn to ci workflow
smittals2 574f387
Merge branch 'aws:main' into openvpnCI
smittals2 2756cc4
tls1prf patch
smittals2 b0839d7
added ld_library_path export to the openvpn integration script
smittals2 c5f0f3d
moved ld path export
smittals2 b5b0e04
changed dependency for openvpn workflow to ubuntu names
smittals2 b30442d
added testing and exporting path for openvpn integration script
smittals2 dc9f56f
new line at EOF
smittals2 569b113
depedency change
smittals2 c5bc642
depedency change
smittals2 205db17
changed dependencies
smittals2 c76b172
Merge branch 'main' into openvpnCI
smittals2 44221ff
anchoring to specific tag instead of random commit
smittals2 722b405
consolidated patches and recreated for 2.6.8
smittals2 2da61cc
changed to version 2.6.9
smittals2 042944b
anchor to tip of minor release instead of specific version
smittals2 bcd62c2
Merge branch 'main' into openvpnCI
smittals2 a493a20
consolidated and parallelized make step for OpenVPN
smittals2 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
23 changes: 0 additions & 23 deletions
23
tests/ci/integration/openvpn_patch/aws-lc-openvpn-cert.patch
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
#!/usr/bin/env bash | ||
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# SPDX-License-Identifier: Apache-2.0 OR ISC | ||
|
||
set -exu | ||
|
||
source tests/ci/common_posix_setup.sh | ||
|
||
# Set up environment. | ||
|
||
# SYS_ROOT | ||
# - SRC_ROOT(aws-lc) | ||
# - SCRATCH_FOLDER | ||
# - OPENVPN_SRC_FOLDER | ||
# - AWS_LC_BUILD_FOLDER | ||
# - AWS_LC_INSTALL_FOLDER | ||
|
||
# Assumes script is executed from the root of aws-lc directory | ||
SCRATCH_FOLDER="${SRC_ROOT}/OPENVPN_BUILD_ROOT" | ||
OPENVPN_SRC_FOLDER="${SCRATCH_FOLDER}/openvpn" | ||
OPENVPN_BUILD_PREFIX="${OPENVPN_SRC_FOLDER}/build/install" | ||
OPENVPN_BUILD_EPREFIX="${OPENVPN_SRC_FOLDER}/build/exec-install" | ||
OPENVPN_PATCH_BUILD_FOLDER="${SRC_ROOT}/tests/ci/integration/openvpn_patch" | ||
|
||
AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build" | ||
AWS_LC_INSTALL_FOLDER="${SCRATCH_FOLDER}/aws-lc-install" | ||
|
||
|
||
mkdir -p ${SCRATCH_FOLDER} | ||
rm -rf "${SCRATCH_FOLDER:?}"/* | ||
cd ${SCRATCH_FOLDER} | ||
|
||
function openvpn_build() { | ||
autoreconf -ivf | ||
|
||
OPENSSL_CFLAGS="-I/${AWS_LC_INSTALL_FOLDER}/include" \ | ||
OPENSSL_LIBS="-L/${AWS_LC_INSTALL_FOLDER}/lib -lssl -lcrypto" \ | ||
./configure \ | ||
--prefix="$OPENVPN_BUILD_PREFIX" \ | ||
--exec-prefix="$OPENVPN_BUILD_EPREFIX" \ | ||
--with-crypto-library=openssl \ | ||
--with-openssl-engine=no \ | ||
--disable-management | ||
|
||
make -j install | ||
|
||
export LD_LIBRARY_PATH="${AWS_LC_INSTALL_FOLDER}/lib" | ||
|
||
local openvpn_executable="${OPENVPN_SRC_FOLDER}/build/exec-install/sbin/openvpn" | ||
ldd ${openvpn_executable} \ | ||
| grep "${AWS_LC_INSTALL_FOLDER}/lib/libcrypto.so" || exit 1 | ||
} | ||
|
||
# TODO: Remove this when we make an upstream contribution. | ||
function openvpn_patch_build() { | ||
for patchfile in $(find -L "${OPENVPN_PATCH_BUILD_FOLDER}" -type f -name '*.patch'); do | ||
echo "Apply patch $patchfile..." | ||
patch -p1 --quiet -i "$patchfile" | ||
done | ||
} | ||
|
||
function openvpn_run_tests() { | ||
# Explicitly running as sudo and passing in LD_LIBRARY_PATH as some OpenVPN | ||
# tests run as sudo and LD_LIBRARY_PATH doesn't get inherited. | ||
sudo LD_LIBRARY_PATH="${AWS_LC_INSTALL_FOLDER}/lib" make check | ||
WillChilds-Klein marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
|
||
git clone https://github.com/OpenVPN/openvpn.git ${OPENVPN_SRC_FOLDER} | ||
|
||
# anchoring to tip of minor release 2.6.x for OpenVPN, currently not compatible | ||
# with tip of main | ||
cd ${OPENVPN_SRC_FOLDER} && git checkout release/2.6 | ||
mkdir -p ${AWS_LC_BUILD_FOLDER} ${AWS_LC_INSTALL_FOLDER} | ||
ls | ||
|
||
aws_lc_build "$SRC_ROOT" "$AWS_LC_BUILD_FOLDER" "$AWS_LC_INSTALL_FOLDER" -DBUILD_TESTING=OFF -DBUILD_TOOL=OFF -DCMAKE_BUILD_TYPE=Debug -DBUILD_SHARED_LIBS=1 | ||
|
||
# Build openvpn from source. | ||
pushd ${OPENVPN_SRC_FOLDER} | ||
openvpn_patch_build | ||
openvpn_build | ||
openvpn_run_tests |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not a blocker, but why is this change needed? looking at the source, the
cert_names
stack doesn't appear to be modified between these assignments ofcnum
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once SSL_CTX_set_client_CA_list is called (line 52), in OpenSSL the passed in cert_names stack remains untouched but AWS-LC resets it. So later when sk_X509_NAME_num is called (previously line 59), we get a 0 length in AWS-LC which causes an error below when cnum != added (line 60). Therefore, we obtain the length of the stack before calling SSL_CTX_set_client_CA_list. This patch doesn't break behavior for OpenSSL either.