[openssh-commits] [openssh] 02/02: Factor out OpenSSL install and test more versions.

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Sep 22 19:07:06 AEST 2025 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 83853aa5e35f3da0690bccd2983764d4e749a670
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Mon Sep 22 15:26:17 2025 +1000

    Factor out OpenSSL install and test more versions.
    
    Move OpenSSL installation into its own script with a "-a" option to
    install the "next" version to test for ABI compatibility.
---
 .github/install_libcrypto.sh | 71 ++++++++++++++++++++++++++++++++++++++++++++
 .github/run_test.sh          | 11 -------
 .github/setup_ci.sh          |  9 ++----
 .github/workflows/c-cpp.yml  |  5 ++++
 4 files changed, 78 insertions(+), 18 deletions(-)

diff --git a/.github/install_libcrypto.sh b/.github/install_libcrypto.sh
new file mode 100755
index 000000000..c2e4380f9
--- /dev/null
+++ b/.github/install_libcrypto.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+#
+# Install specified libcrypto.
+#  -a : install version for ABI compatibility test.
+#  -n : dry run, don't actually build and install.
+#
+# Usage: $0 [-a] [-n] openssl-$branch/tag destdir [config options]
+
+set -e
+
+bincompat_test=""
+dryrun=""
+while [ "$1" = "-a" ] || [ "$1" = "-n" ]; do
+	if [ "$1" = "-a" ]; then
+		abi_compat_test=y
+	elif [ "$1" = "-n" ]; then
+		dryrun="echo dryrun:"
+	fi
+	shift
+done
+
+ver="$1"
+destdir="$2"
+opts="$3"
+
+if [ -z "${ver}" ] || [ -z "${destdir}" ]; then
+	echo tag/branch and destdir required
+	exit 1
+fi
+
+set -x
+
+cd ${HOME}
+[ -d ${HOME}/openssl ] || git clone https://github.com/openssl/openssl.git
+cd ${HOME}/openssl
+git fetch --all
+
+if [ "${abi_compat_test}" = "y" ]; then
+	echo selecting ABI test release/branch for ${ver}
+	case "${ver}" in
+	openssl-3.6)
+		ver=openssl-3.0.0
+		echo "selecting older release ${ver}"
+		;;
+	openssl-3.[012345])
+		major=$(echo ${ver} | cut -f1 -d.)
+		minor=$(echo ${ver} | cut -f2 -d.)
+		ver="${major}.$((${minor} + 1))"
+		echo selecting next release branch ${ver}
+		;;
+	openssl-3.*.*)
+		major=$(echo ${ver} | cut -f1 -d.)
+		minor=$(echo ${ver} | cut -f2 -d.)
+		patch=$(echo ${ver} | cut -f3 -d.)
+		ver="${major}.${minor}.$((${patch} + 1))"
+		echo checking for release tag ${ver}
+		if git tag | grep -q "^${ver}\$"; then
+			echo selected next patch release ${ver}
+		else
+			ver="${major}.${minor}"
+			echo not found, selecting release branch ${ver}
+		fi
+		;;
+	esac
+fi
+
+git checkout ${ver}
+make clean >/dev/null 2>&1 || true
+${dryrun} ./config no-threads shared ${opts} --prefix=${destdir}
+${dryrun} make -j4
+${dryrun} sudo make install_sw
diff --git a/.github/run_test.sh b/.github/run_test.sh
index bf3f3c951..bd6fb7b7b 100755
--- a/.github/run_test.sh
+++ b/.github/run_test.sh
@@ -41,17 +41,6 @@ else
     ${env} make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}"
 fi
 
-# Replace our self-built with the distro-provided one before running the tests
-# again.
-case "$1" in
-    openssl-3.*)
-	${SUDO} cp /lib/x86_64-linux-gnu/libcrypto.so.3 /opt/openssl/lib64/libcrypto.so.3
-	if [ -z "${TEST_SSH_SSHD_CONFOPTS}" ]; then
-		SSHD_CONFOPTS=AcceptEnv=OpenSSL3_ABI_Test
-	fi
-	;;
-esac
-
 if [ ! -z "${SSHD_CONFOPTS}" ]; then
     echo "rerunning t-exec with TEST_SSH_SSHD_CONFOPTS='${SSHD_CONFOPTS}'"
     if [ -z "${LTESTS}" ]; then
diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index ff1de0bca..10ff77bad 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -225,13 +225,8 @@ if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
 fi
 
 if [ ! -z "${INSTALL_OPENSSL}" ]; then
-    (cd ${HOME} &&
-     git clone https://github.com/openssl/openssl.git &&
-     cd ${HOME}/openssl &&
-     git checkout ${INSTALL_OPENSSL} &&
-     ./config no-threads shared ${SSLCONFOPTS} \
-         --prefix=/opt/openssl &&
-     make -j4 && sudo make install_sw)
+	.github/install_libcrypto.sh \
+	    "${INSTALL_OPENSSL}" /opt/openssl "${SSLCONFOPTS}"
 fi
 
 if [ ! -z "${INSTALL_LIBRESSL}" ]; then
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index c3684f9a5..7bda9d5b3 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -164,6 +164,11 @@ jobs:
         TEST_SSH_UNSAFE_PERMISSIONS: 1
         TEST_SSH_HOSTBASED_AUTH: yes
         LTESTS: ${{ vars.LTESTS }}
+    - name: test OpenSSL3 ABI compatibility
+      if: ${{ startsWith(matrix.config, 'openssl-3') }}
+      run: |
+       sh .github/install_libcrypto.sh -a ${{ matrix.config }} /opt/openssl
+       sh .github/run_test.sh ${{ matrix.config }}
     - name: show logs
       if: failure()
       run: for i in regress/failed*.log; do echo ====; echo logfile $i; echo =====; cat $i; done

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list