Open
Conversation
padelsbach
force-pushed
the
wp-wpff-ci-2026-04
branch
5 times, most recently
from
2814d6a to
f354fbd
Compare
Contributor
Author
|
revert changes here after merging: https://cloud.wolfssl-test.com/jenkins/job/wolfProvider/job/IGEL-openssl-debian12/configure |
padelsbach
force-pushed
the
wp-wpff-ci-2026-04
branch
4 times, most recently
from
f036ec9 to
8593bfa
Compare
padelsbach
commented
Apr 14, 2026
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | ||
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | ||
|
|
||
| # Prevent later 'apt-get install' of test dependencies from |
Contributor
Author
There was a problem hiding this comment.
This ensures we don't clobber the installed libs in subsequent steps.
It's the same for all the yamls...
padelsbach
commented
Apr 14, 2026
| is_wolfssl_fips=$(echo "$dpkg_output" | grep -E '^ii\s+libwolfssl\s' | grep -qi "fips" && echo 1 || echo 0) | ||
| # Match any dpkg status whose second char is 'i' (installed state), so a | ||
| # package marked on hold ('hi') is still recognized as installed. | ||
| is_wolfssl_installed=$(echo "$dpkg_output" | grep -Eq '^[ih]i\s+libwolfssl\s' && echo 1 || echo 0) |
Contributor
Author
There was a problem hiding this comment.
Allows us to find the "held" package
padelsbach
force-pushed
the
wp-wpff-ci-2026-04
branch
4 times, most recently
from
2dad770 to
c4a1f26
Compare
padelsbach
force-pushed
the
wp-wpff-ci-2026-04
branch
from
c4a1f26 to
87782b7
Compare
Contributor
Author
|
jenkins retest this please |
padelsbach
requested review from
ColtonWilley,
aidangarske and
wolfSSL-Fenrir-bot
and removed request for
ColtonWilley
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #391
No scan targets match the changed files in this PR. Review skipped.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bookworm updated to openssl 3.0.19 on 2026-04-07, right when CI started failing.
Workflows which run
apt installafter installing our patched openssl was now updating openssl, overwriting our version. The force-fail checks catch this and fail the CI run.Complicating things, openssh now requires
libssl3 (>= 3.0.19).Changelist:
install-openssl.shto check moredeb-srclocations to ensure we don't keep building 3.0.18, and enable 3.0.19 (or whatever is latest) to build via Jenkinsapt-mark holdin CI anytime we install libwolfprov, libwolfssl or openssl to ensure it is not clobberedverify-install.sh