hostap.yml 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292
  1. name: hostap and wpa-supplicant Tests
  2. # START OF COMMON SECTION
  3. on:
  4. push:
  5. branches: [ 'master', 'main', 'release/**' ]
  6. pull_request:
  7. branches: [ '*' ]
  8. concurrency:
  9. group: ${{ github.workflow }}-${{ github.ref }}
  10. cancel-in-progress: true
  11. # END OF COMMON SECTION
  12. jobs:
  13. build_wolfssl:
  14. strategy:
  15. matrix:
  16. include:
  17. - build_id: hostap-build1
  18. wolf_extra_config: --disable-tls13
  19. - build_id: hostap-build2
  20. wolf_extra_config: --enable-brainpool --enable-wpas-dpp
  21. name: Build wolfSSL
  22. # Just to keep it the same as the testing target
  23. runs-on: ubuntu-20.04
  24. # This should be a safe limit for the tests to run.
  25. timeout-minutes: 4
  26. steps:
  27. # No way to view the full strategy in the browser (really weird)
  28. - name: Print strategy
  29. run: |
  30. cat <<EOF
  31. ${{ toJSON(matrix) }}
  32. EOF
  33. - if: ${{ runner.debug }}
  34. name: Enable wolfSSL debug logging
  35. run: |
  36. echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
  37. - name: Build wolfSSL
  38. uses: wolfSSL/actions-build-autotools-project@v1
  39. with:
  40. path: wolfssl
  41. configure: >-
  42. --enable-wpas CFLAGS=-DWOLFSSL_STATIC_RSA
  43. ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
  44. install: true
  45. - name: Upload built lib
  46. uses: actions/upload-artifact@v4
  47. with:
  48. name: ${{ matrix.build_id }}
  49. path: build-dir
  50. retention-days: 5
  51. # Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
  52. hostap_test:
  53. strategy:
  54. fail-fast: false
  55. matrix:
  56. # should hostapd be compiled with wolfssl
  57. hostapd: [true, false]
  58. # should wpa_supplicant be compiled with wolfssl
  59. wpa_supplicant: [true, false]
  60. # Fix the versions of hostap and osp to not break testing when a new
  61. # patch is added in to osp. hostap_cherry_pick is used to apply the
  62. # commit that updates the certificates used for testing. Tests are read
  63. # from the corresponding configs/hostap_ref/tests file.
  64. config: [
  65. {
  66. hostap_ref: hostap_2_10,
  67. hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
  68. remove_teap: true,
  69. # TLS 1.3 does not work for this version
  70. build_id: hostap-build1,
  71. },
  72. # Test the dpp patch
  73. {
  74. hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
  75. hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
  76. osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
  77. build_id: hostap-build2
  78. },
  79. ]
  80. # parallelize the tests to be able to run all tests within 10 minutes
  81. # Update the <total server> in the ./run-tests.py step when changing.
  82. server: [1, 2, 3, 4, 5]
  83. exclude:
  84. # don't test openssl on both sides
  85. - hostapd: false
  86. wpa_supplicant: false
  87. # no hostapd support for dpp yet
  88. - hostapd: true
  89. config: {
  90. hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
  91. osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
  92. build_id: hostap-build2
  93. }
  94. name: hwsim test
  95. # For openssl 1.1
  96. runs-on: ubuntu-20.04
  97. # This should be a safe limit for the tests to run.
  98. timeout-minutes: 12
  99. needs: build_wolfssl
  100. steps:
  101. # No way to view the full strategy in the browser (really weird)
  102. - name: Print strategy
  103. run: |
  104. cat <<EOF
  105. ${{ toJSON(matrix) }}
  106. EOF
  107. - name: Print computed job run ID
  108. run: |
  109. SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
  110. ${{ toJSON(github) }}
  111. END_OF_HEREDOC
  112. )
  113. echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
  114. echo Our job run ID is $SHA_SUM
  115. - name: Checkout wolfSSL
  116. uses: actions/checkout@v4
  117. with:
  118. path: wolfssl
  119. - name: Install dependencies
  120. run: |
  121. # Don't prompt for anything
  122. export DEBIAN_FRONTEND=noninteractive
  123. sudo apt-get update
  124. # hostap dependencies
  125. sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
  126. libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
  127. libnl-route-3-dev libdbus-1-dev linux-modules-extra-`uname -r` \
  128. bridge-utils
  129. sudo pip3 install pycryptodome
  130. - name: Enable mac80211
  131. run: |
  132. sudo modprobe mac80211
  133. lsmod | grep mac80211
  134. - if: ${{ runner.debug }}
  135. name: Enable hostap debug logging
  136. run: |
  137. echo "hostap_debug_flags=-d" >> $GITHUB_ENV
  138. - name: Download lib
  139. uses: actions/download-artifact@v4
  140. with:
  141. name: ${{ matrix.config.build_id }}
  142. path: build-dir
  143. - name: Setup d-bus
  144. working-directory: wolfssl/.github/workflows/hostap-files
  145. run: |
  146. sudo cp dbus-wpa_supplicant.conf /usr/share/dbus-1/system.d/wpa_supplicant.conf
  147. sudo service dbus reload
  148. # This is super hack-ish :P
  149. # If you are trying to reproduce this on a more generic system, you can
  150. # just run `sudo apt install linux-modules-extra-$(uname -r)` and
  151. # this should have the module in the package. No need to compile it.
  152. - name: Compile and install mac80211_hwsim
  153. working-directory: wolfssl/.github/workflows/hostap-files
  154. run: |
  155. # The tag will be the first two numbers of from uname -r
  156. LINUX_TAG=$(uname -r | grep -oP '^\d+\.\d+')
  157. # Download the correct version of the driver
  158. wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.c
  159. wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.h
  160. make
  161. sudo make install
  162. sudo modprobe mac80211_hwsim
  163. lsmod | grep mac80211_hwsim
  164. sudo rmmod mac80211_hwsim
  165. - name: Checkout hostap
  166. uses: actions/checkout@v4
  167. with:
  168. repository: julek-wolfssl/hostap-mirror
  169. path: hostap
  170. ref: ${{ matrix.config.hostap_ref }}
  171. # necessary for cherry pick step
  172. fetch-depth: 0
  173. - if: ${{ matrix.config.hostap_cherry_pick }}
  174. name: Cherry pick certificate update
  175. working-directory: hostap
  176. run: git cherry-pick -n -X theirs ${{ matrix.config.hostap_cherry_pick }}
  177. - if: ${{ matrix.config.osp_ref }}
  178. name: Checkout OSP
  179. uses: actions/checkout@v4
  180. with:
  181. repository: wolfssl/osp
  182. path: osp
  183. ref: ${{ matrix.config.osp_ref }}
  184. - if: ${{ matrix.config.osp_ref }}
  185. name: Apply patch files
  186. working-directory: hostap
  187. run: |
  188. for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
  189. do
  190. patch -p1 < $f
  191. done
  192. - if: ${{ matrix.hostapd }}
  193. name: Setup hostapd config file
  194. run: |
  195. cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
  196. hostap/hostapd/.config
  197. cat <<EOF >> hostap/hostapd/.config
  198. CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
  199. LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
  200. EOF
  201. - if: ${{ matrix.wpa_supplicant }}
  202. name: Setup wpa_supplicant config file
  203. run: |
  204. cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
  205. hostap/wpa_supplicant/.config
  206. cat <<EOF >> hostap/wpa_supplicant/.config
  207. CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
  208. LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
  209. EOF
  210. - name: Build hostap
  211. working-directory: hostap/tests/hwsim/
  212. run: ./build.sh
  213. - if: ${{ matrix.hostapd }}
  214. name: Confirm hostapd linking with wolfSSL
  215. run: ldd hostap/hostapd/hostapd | grep wolfssl
  216. - if: ${{ matrix.wpa_supplicant }}
  217. name: Confirm wpa_supplicant linking with wolfSSL
  218. run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
  219. - if: ${{ matrix.config.remove_teap }}
  220. name: Remove EAP-TEAP from test configuration
  221. working-directory: hostap/tests/hwsim/auth_serv
  222. run: |
  223. sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
  224. sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
  225. sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
  226. sed -e 's/TEAP,//' -i eap_user.conf
  227. - name: Run tests
  228. id: testing
  229. working-directory: hostap/tests/hwsim/
  230. run: |
  231. # Run tests in increments of 50 to cut down on the uploaded log size.
  232. while mapfile -t -n 50 ary && ((${#ary[@]})); do
  233. TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
  234. # Retry up to three times
  235. for i in {1..3}; do
  236. HWSIM_RES=0 # Not set when command succeeds
  237. # Logs can grow quickly especially in debug mode
  238. sudo rm -rf logs
  239. sudo ./start.sh
  240. sudo ./run-tests.py ${{ env.hostap_debug_flags }} --split ${{ matrix.server }}/5 $TESTS || HWSIM_RES=$?
  241. sudo ./stop.sh
  242. if [ "$HWSIM_RES" -eq "0" ]; then
  243. break
  244. fi
  245. done
  246. echo "test ran $i times"
  247. if [ "$HWSIM_RES" -ne "0" ]; then
  248. exit $HWSIM_RES
  249. fi
  250. done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
  251. - name: Change failure log permissions
  252. if: ${{ failure() && steps.testing.outcome == 'failure' }}
  253. working-directory: hostap/tests/hwsim/
  254. run: |
  255. sudo chown -R $USER:$USER logs
  256. zip -9 -r logs.zip logs/current
  257. - name: Upload failure logs
  258. if: ${{ failure() && steps.testing.outcome == 'failure' }}
  259. uses: actions/upload-artifact@v4
  260. with:
  261. name: hostap-logs-${{ env.our_job_run_id }}
  262. path: hostap/tests/hwsim/logs.zip
  263. retention-days: 5