Skip to content

build-cn10k-openssl-engine #61

build-cn10k-openssl-engine

build-cn10k-openssl-engine #61

name: build-cn10k-openssl-engine
on:
push:
schedule:
- cron: "0 0 * * 1"
pull_request:
permissions:
contents: write
pages: write
id-token: write
packages: write
jobs:
ubuntu-cn10k-build:
name: ubuntu-cn10k-arm64
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
include:
- arch: aarch64
distro: ubuntu22.04
compiler: gcc
library: static
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: Generate cache keys
id: get_ref_keys
run: |
echo 'ccache=ccache-${{ matrix.distro }}-${{ matrix.compiler }}-${{ matrix.arch }}-'$(date -u +%Y-w%W) >> $GITHUB_OUTPUT
- name: Retrieve ccache cache
uses: actions/cache@v4
with:
path: ~/.ccache
key: ${{ steps.get_ref_keys.outputs.ccache }}-${{ github.ref }}
restore-keys: |
${{ steps.get_ref_keys.outputs.ccache }}-refs/heads/main
- name: Extract version details
id: version
run: |
mkdir -p "${PWD}/artifacts"
git tag --points-at HEAD > /tmp/tags
[ -s /tmp/tags ] && PKG_POSTFIX= || PKG_POSTFIX=-devel
echo "PKG_VERSION_NAME=`cat VERSION`" >> "${PWD}/artifacts/env"
echo "PKG_POSTFIX=${PKG_POSTFIX}" >> "${PWD}/artifacts/env"
FW_PKG_POSTFIX=""
if [ $PKG_POSTFIX = -devel ]; then
FW_PKG_POSTFIX=""
else
FW_PKG_POSTFIX=$PKG_POSTFIX
fi
echo "FW_PKG_POSTFIX=${FW_PKG_POSTFIX}" >> "${PWD}/artifacts/env"
echo "DPDK_BASE_PKG_VERSION=`cat DPDK_VERSION | grep BASE_VERSION | awk -F'=' '{print $2}' | awk -F'.' '{print $1"."$2}'`" >> "${PWD}/artifacts/env"
echo "DPDK_PKG_VERSION=`cat DPDK_VERSION | grep RELEASE_VERSION | awk -F'=' '{print $2}'`" >> "${PWD}/artifacts/env"
source "${PWD}/artifacts/env"
- uses: uraimo/run-on-arch-action@v2.8.1
name: Build Engine and generate package
id: build
with:
arch: ${{ matrix.arch }}
distro: ${{ matrix.distro }}
githubToken: ${{ github.token }}
setup: |
mkdir -p ~/.ccache
dockerRunArgs: |
--volume "${PWD}/artifacts:/artifacts"
--volume "${HOME}/.ccache:/root/.ccache"
shell: /bin/bash
install: |
apt-get update -q -y
apt-get install -y build-essential gcc meson ccache git doxygen apt-utils
apt-get install -y build-essential ccache git software-properties-common
add-apt-repository -y ppa:ubuntu-toolchain-r/test
apt-get update -q -y
apt-get install -y libnl-3-dev libnl-route-3-dev libnl-xfrm-3-dev
apt-get install -y sphinx-common python3-sphinx-rtd-theme pkg-config
apt-get install -y libarchive-dev libbsd-dev libbpf-dev
apt-get install -y libfdt-dev libjansson-dev autoconf dh-autoreconf
apt-get install -y libssl-dev ninja-build python3-pip
apt-get install -y python3-pyelftools python3-setuptools python3-wheel zlib1g-dev
apt-get install -y gcc-13 bzip2-doc icu-devtools libacl1-dev libattr1-dev
apt-get install -y libbz2-dev libgmp-dev libgmpxx4ldbl libicu-dev liblz4-dev
apt-get install -y liblzma-dev libxml2-dev libzstd-dev nettle-dev wget lsb-release
run: |
source /artifacts/env
git config --global --add safe.directory "${PWD}"
DISTRO=ubuntu-`lsb_release -rs`
echo "DISTRO=${DISTRO}" >> /artifacts/env
export CC='ccache gcc-13 -mcpu=neoverse-n2+sve2+crypto'
echo "cache_dir = /root/.ccache" > /root/.ccache/ccache.conf
ccache -p
pkg-config --list-all
BASE_DIR=${PWD}
OPENSSL_PATCH_VERSION=$(ls patches/nginx/deps/openssl/ | head -n 1)
OPENSSL_VERSION=${OPENSSL_PATCH_VERSION#v}
echo "OPENSSL_VERSION=${OPENSSL_VERSION}" >> /artifacts/env
wget "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz"
tar -xzf openssl-${OPENSSL_VERSION}.tar.gz
cd "${PWD}/openssl-${OPENSSL_VERSION}"
for patch in ${BASE_DIR}/patches/nginx/deps/openssl/${OPENSSL_PATCH_VERSION}/*.patch; do
patch -p1 < "$patch"
done
./Configure linux-aarch64
until make; do echo "Building OpenSSL failed, retrying"; done
cd ..
export OPENSSL_INSTALL=$BASE_DIR/openssl-${OPENSSL_VERSION}
wget "https://github.com/MarvellEmbeddedProcessors/marvell-dpdk/releases/download/dpdk-cn10k-${DPDK_BASE_PKG_VERSION}_${DPDK_PKG_VERSION}-${DISTRO}-${DPDK_PKG_VERSION}/dpdk-${DPDK_BASE_PKG_VERSION}-cn10k_${DPDK_PKG_VERSION}_arm64.deb"
apt-get install -y ./"dpdk-${DPDK_BASE_PKG_VERSION}-cn10k_${DPDK_PKG_VERSION}_arm64.deb"
git clone "https://github.com/MarvellEmbeddedProcessors/marvell-openssl-engine.git"
cd "${PWD}/marvell-openssl-engine"
echo "ENGINE_VERSION=`cat localversion`" >> "${BASE_DIR}/artifacts/env"
echo "CPT_PKG_VERSION=`cat CPT_PKG_VERSION`" >> "${BASE_DIR}/artifacts/env"
source /artifacts/env
export DPDK_INSTALL=/
make OTX2=y OSSL_CONF=y DPDK_PC=$DPDK_INSTALL/usr/lib/aarch64-linux-gnu/pkgconfig/
mkdir -p "${PWD}/install/usr/local/lib/engines-1.1/"
cp -r "${PWD}/dpdk_engine.so" "${PWD}/install/usr/local/lib/engines-1.1/."
mkdir -p "${PWD}/install/usr/share/openssl-engine-dpdk/"
cp -r "${PWD}/scripts/"* "${PWD}/install/usr/share/openssl-engine-dpdk/"
mkdir -p "${PWD}/install/usr/local/lib/engines-1.1/doc/"
cp -r "${PWD}/doc/"* "${PWD}/install/usr/local/lib/engines-1.1/doc/."
mkdir -p "${PWD}/install/DEBIAN"
cd "${PWD}/install"
echo 'Package: openssl-engine-'${ENGINE_VERSION}'-cn10k'${PKG_POSTFIX} >> DEBIAN/control
echo 'Version: '${PKG_VERSION_NAME} >> DEBIAN/control
echo "Maintainer: Jerin Jacob (jerinj@marvell.com)" >> DEBIAN/control
echo 'Depends: cpt-firmware-cn10k'${FW_PKG_POSTFIX}' (= '$CPT_PKG_VERSION'), dpdk-'$DPDK_BASE_PKG_VERSION'-cn10k (= '$DPDK_PKG_VERSION'), openssl-'$OPENSSL_VERSION'-cn10k'$PKG_POSTFIX' (= '$PKG_VERSION_NAME')' >> DEBIAN/control
echo "Architecture: arm64" >> DEBIAN/control
echo "Description: DPDK based OpenSSL Engine for Marvell Octeon 10" >> DEBIAN/control
cd ..
mv "${PWD}/install" "${PWD}/openssl-engine-${ENGINE_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64"
dpkg --build "openssl-engine-${ENGINE_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64"
cp -r "openssl-engine-${ENGINE_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64.deb" /artifacts/.
- name: Export version name
id: artifacts
run: |
source "${PWD}/artifacts/env"
echo $PKG_VERSION_NAME
echo "PKG_VERSION_NAME=${PKG_VERSION_NAME}" >> "$GITHUB_OUTPUT"
echo $ENGINE_VERSION
echo "ENGINE_VERSION=${ENGINE_VERSION}" >> "$GITHUB_OUTPUT"
echo $DISTRO
echo "DISTRO=${DISTRO}" >> "$GITHUB_OUTPUT"
[[ "$PKG_POSTFIX" == "-devel" ]] && TAG=devel || TAG=${PKG_VERSION_NAME}
[[ "$PKG_POSTFIX" == "-devel" ]] && IS_DEVEL="true" || IS_DEVEL="false"
echo "PKG_POSTFIX=${PKG_POSTFIX}" >> "$GITHUB_OUTPUT"
echo "TAG=${TAG}" >> "$GITHUB_OUTPUT"
echo $DPDK_PKG_VERSION
echo "DPDK_PKG_VERSION=${DPDK_PKG_VERSION}" >> "$GITHUB_OUTPUT"
echo $DPDK_BASE_PKG_VERSION
echo "DPDK_BASE_PKG_VERSION=${DPDK_BASE_PKG_VERSION}" >> "$GITHUB_OUTPUT"
echo "IS_DEVEL=${IS_DEVEL}" >> "$GITHUB_OUTPUT"
- name: Delete existing release
if: ${{ github.event_name == 'push' }}
env:
GH_TOKEN: ${{ github.token }}
run: |
if gh release view ossl_eng-${{ steps.artifacts.outputs.ENGINE_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}; then
gh release delete ossl_eng-${{ steps.artifacts.outputs.ENGINE_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }} --cleanup-tag -y
else
echo "Release not found"
fi
- name: Release Engine cn10k package
uses: softprops/action-gh-release@v2.0.4
if: ${{ github.event_name == 'push' }}
with:
draft: false
tag_name: ossl_eng-${{ steps.artifacts.outputs.ENGINE_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}
files: |
${{ github.workspace }}/artifacts/openssl-engine-${{ steps.artifacts.outputs.ENGINE_VERSION }}-cn10k${{ steps.artifacts.outputs.PKG_POSTFIX }}_${{ steps.artifacts.outputs.PKG_VERSION_NAME }}_arm64.deb
- name: Dispatch package update event
if: ${{ github.event_name == 'push' }}
run: |
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PPA_REPO_SECRET }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/marvellembeddedprocessors/packages/dispatches \
-d '{"event_type":"dispatch-event", "client_payload": {"package" : "engine",
"tag": "ossl_eng-${{ steps.artifacts.outputs.ENGINE_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}",
"dpdk_tag" : "dpdk-cn10k-${{ steps.artifacts.outputs.DPDK_BASE_PKG_VERSION }}_${{ steps.artifacts.outputs.DPDK_PKG_VERSION }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.DPDK_PKG_VERSION }}",
"has_dpdk" : "true",
"distro" : "${{ steps.artifacts.outputs.DISTRO }}",
"platform" : "cn10k",
"devel": "${{ steps.artifacts.outputs.IS_DEVEL }}"}}'