[PATCH 1/2] ci: Build mbedtls from source for old systems
8 views
Skip to first unread message
Bastian Germann
May 26, 2026, 4:32:07 PM (10 days ago) May 26
to swup...@googlegroups.com, Bastian Germann
Signed-off-by: Bastian Germann <ba...@debian.org>
---
ci/install-src-deps.sh | 12 ++++++++++++
ci/setup.sh | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/ci/install-src-deps.sh b/ci/install-src-deps.sh
index bfef0708..d21ca0b7 100755
--- a/ci/install-src-deps.sh
+++ b/ci/install-src-deps.sh
@@ -15,6 +15,17 @@ if [ $(id -u) = 0 ]; then
_SUDO=
fi
+install_mbedtls() {
+ rm -rf /tmp/mbedtls
+ git clone https://github.com/Mbed-TLS/mbedtls.git /tmp/mbedtls
+ cd /tmp/mbedtls
+ git checkout v3.6.6
+ git submodule update --init
+ cmake -DENABLE_TESTING=OFF -DENABLE_PROGRAMS=OFF .
+ cmake --build .
+ $_SUDO cmake --install .
+}
+
install_mtd_utils() {
$_SUDO mkdir -p /usr/local/lib
$_SUDO mkdir -p /usr/local/include
@@ -61,6 +72,7 @@ install_zchunk() {
$_SUDO meson install -C build
}
+install_mbedtls
install_mtd_utils
install_libubootenv
install_efibootguard
diff --git a/ci/setup.sh b/ci/setup.sh
index 863b1c42..6d769fde 100755
--- a/ci/setup.sh
+++ b/ci/setup.sh
@@ -42,7 +42,6 @@ $_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
libjson-c-dev \
liblua5.2-dev \
libluajit-5.1-dev \
- libmbedtls-dev \
libp11-kit-dev \
librsync-dev \
libssl-dev \
@@ -65,6 +64,7 @@ $_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
if ! grep -qP "VERSION_CODENAME=(jammy|bookworm)" /etc/os-release; then
$_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
libebgenv-dev \
+ libmbedtls-dev \
libmtd-dev \
libubi-dev \
libubootenv-dev \
---
ci/install-src-deps.sh | 12 ++++++++++++
ci/setup.sh | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/ci/install-src-deps.sh b/ci/install-src-deps.sh
index bfef0708..d21ca0b7 100755
--- a/ci/install-src-deps.sh
+++ b/ci/install-src-deps.sh
@@ -15,6 +15,17 @@ if [ $(id -u) = 0 ]; then
_SUDO=
fi
+install_mbedtls() {
+ rm -rf /tmp/mbedtls
+ git clone https://github.com/Mbed-TLS/mbedtls.git /tmp/mbedtls
+ cd /tmp/mbedtls
+ git checkout v3.6.6
+ git submodule update --init
+ cmake -DENABLE_TESTING=OFF -DENABLE_PROGRAMS=OFF .
+ cmake --build .
+ $_SUDO cmake --install .
+}
+
install_mtd_utils() {
$_SUDO mkdir -p /usr/local/lib
$_SUDO mkdir -p /usr/local/include
@@ -61,6 +72,7 @@ install_zchunk() {
$_SUDO meson install -C build
}
+install_mbedtls
install_mtd_utils
install_libubootenv
install_efibootguard
diff --git a/ci/setup.sh b/ci/setup.sh
index 863b1c42..6d769fde 100755
--- a/ci/setup.sh
+++ b/ci/setup.sh
@@ -42,7 +42,6 @@ $_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
libjson-c-dev \
liblua5.2-dev \
libluajit-5.1-dev \
- libmbedtls-dev \
libp11-kit-dev \
librsync-dev \
libssl-dev \
@@ -65,6 +64,7 @@ $_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
if ! grep -qP "VERSION_CODENAME=(jammy|bookworm)" /etc/os-release; then
$_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
libebgenv-dev \
+ libmbedtls-dev \
libmtd-dev \
libubi-dev \
libubootenv-dev \
Bastian Germann
May 26, 2026, 4:32:09 PM (10 days ago) May 26
to swup...@googlegroups.com, Bastian Germann
For Ubuntu Noble, run the CI codepath that used to be run for Jammy.
Jammy is no longer tested in the CI and libmbedtls on noble is too old
to contain the pkcs7.h header.
ci/setup.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ci/setup.sh b/ci/setup.sh
index 6d769fde..4bf8a383 100755
--- a/ci/setup.sh
+++ b/ci/setup.sh
@@ -60,8 +60,8 @@ $_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
xxd \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
-# packages are too old in Ubuntu Jammy and Debian Bookworm
-if ! grep -qP "VERSION_CODENAME=(jammy|bookworm)" /etc/os-release; then
+# packages are too old in Ubuntu Noble and Debian Bookworm
+if ! grep -qP "VERSION_CODENAME=(noble|bookworm)" /etc/os-release; then
Jammy is no longer tested in the CI and libmbedtls on noble is too old
to contain the pkcs7.h header.
ci/setup.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ci/setup.sh b/ci/setup.sh
index 6d769fde..4bf8a383 100755
--- a/ci/setup.sh
+++ b/ci/setup.sh
@@ -60,8 +60,8 @@ $_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
xxd \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
-# packages are too old in Ubuntu Jammy and Debian Bookworm
-if ! grep -qP "VERSION_CODENAME=(jammy|bookworm)" /etc/os-release; then
+# packages are too old in Ubuntu Noble and Debian Bookworm
+if ! grep -qP "VERSION_CODENAME=(noble|bookworm)" /etc/os-release; then
$_SUDO apt-get -qq update && apt-get install --yes --no-install-recommends \
libebgenv-dev \
libmbedtls-dev \
libebgenv-dev \
Reply all
Reply to author
Forward
0 new messages