Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Espressif Managed Component wolfSSL 5.7.4 post-release update #8251

Merged

Conversation

gojimmypi
Copy link
Contributor

Description

This PR updates the Espressif examples and builds on the updates in #8076. Enclosed are changes essential for the wolfSSL Managed Component examples to work properly with the v5.7.4-stable release of wolfssl.

Primary changes are to CMakeLists.txt and sdkconfig.defaults. Only minor changes made to example code.

Note this PR is based on the bdd62314 release commit, and DOES NOT INCLUDE other wolfSSL post-release updates.

The result will be an as-published wolfSSL 5.7.4 with only the changes needed for Espressif example updates. See my pr-post-release-bdd62314-espressif branch.

In particular, this PR addresses the new esp-tls and Certificate Bundle Support features introduced in #7936 and the respective interaction with Managed Components.

As not all versions of the ESP-IDF support the new esp-tls integration with wolfSSL, all of the examples now have the settings disabled by default in the respective dkconfig.defaults files:

# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y

See my ESP-IDF v5.3.1 work and the respective release for PlatformIO.

To use it with PlatformIO, adjust this line in the platformio.ini file:

platform_packages = framework-espidf @ https://github.com/gojimmypi/esp-idf/releases/download/v5.3.1.20240926c/esp-idf-v5.3.1.20240926c.zip

I have an example with my esp_http_client_example.

Other Changes

  • There are some corrections to cmake add_compile_definitions syntax.

  • Improved checks for Managed Component names (e.g. staging site user names & mywolfssl)

  • Adds new IS_GIT_REPO check to avoid attempts to glean attributes from non-git directories, such as those in Managed Component examples.

  • client-tls.c changed the NoPeerCheck != 0 to be information, not a warning.

  • TLS_SMP_CLIENT_TASK_BYTES bumped up to 10K default, rather than 8K.

  • sdk_init_meminfo(); is only disabled when available and DEBUG_WOLFSSL enabled.

  • The server example now gates out this_heap and stack_start variables not used as appropriate.

  • While testing and editing the cmake files, I also discovered instances of message("text") that were being sent to stderr.
    I replaced those with message(STATUS "text")

  • Various spelling corrections

  • Addresses zd# 18228

Testing

Much of the testing occurred with the staging instance under my user name.

At the moment, the staging site is giving me a "Bad Gateway" error.

See also the internal wolfSSL scripts. I've added additional diagnostics and automated testing.

Release

As of the date of this PR creation, the release wolfSSL Managed Component has NOT yet been published. I plan to publish preview releases soon.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@gojimmypi gojimmypi self-assigned this Dec 4, 2024
@gojimmypi gojimmypi requested a review from dgarske December 4, 2024 17:27
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good otherwise.

.gitignore Outdated Show resolved Hide resolved
@gojimmypi gojimmypi marked this pull request as draft December 4, 2024 18:20
@gojimmypi gojimmypi force-pushed the pr-post-release-bdd62314-espressif branch 4 times, most recently from 7cc156d to 2b9cfac Compare December 4, 2024 21:54
@gojimmypi
Copy link
Contributor Author

The staging site is still giving me a Bad Gateway error:

https://components-staging.espressif.com/components/gojimmypi/mywolfssl/versions/5.7.2

I've published a 5.7.4-preview1a production release to:

https://components.espressif.com/components/wolfssl/wolfssl/versions/5.7.4-preview1a?language=en

I'll be doing some final checks and testing of those examples.

Awaiting this PR to be approved before publishing a final 5.7.4 Espressif Managed Component release.

@gojimmypi gojimmypi marked this pull request as ready for review December 4, 2024 23:51
@gojimmypi gojimmypi requested a review from dgarske December 4, 2024 23:51
dgarske
dgarske previously approved these changes Dec 4, 2024
@dgarske dgarske assigned wolfSSL-Bot and unassigned dgarske Dec 4, 2024
@gojimmypi gojimmypi marked this pull request as draft December 5, 2024 00:02
@gojimmypi
Copy link
Contributor Author

ugh. At least one of the examples is failing to compile despite numerous successful tests on the staging site.

Unable to test again on staging site today, perhaps I missed a change. This is what I see for the production preview:

WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
cd $WRK_IDF_PATH
. ./export.sh
cd /mnt/c/test
idf.py create-project-from-example "wolfssl/wolfssl^5.7.4-preview1a:wolfssl_client"
cd wolfssl_client
idf.py menuconfig
idf.py -p /dev/ttyS19 -b 115200 build flash monitor

results in

wolfssl_client/main/include/client-tls.h:27:10: fatal error: wolfssl/wolfcrypt/settings.h: No such file or directory
   27 | #include <wolfssl/wolfcrypt/settings.h>
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

@dgarske I've reverted to draft, investigating....

@gojimmypi
Copy link
Contributor Author

ok, this does not seem to be a problem with with publish. It's not just a settings.h that cannot be found, the entire example managed_components directory is empty from the above example, with no wolfssl component.

image

The entire wolfSSL component source is however present in the dist\wolfssl_5.7.4-preview1a.tgz file that was assembled and uploaded:

image

This command should have populated the entire directory with both the example and the wolfssl component:

idf.py create-project-from-example "wolfssl/wolfssl^5.7.4-preview1a:wolfssl_client"

I suspect there's a component web site problem, particularly with the "gateway error" on the staging site. I'll reach out to Espressif for help. It may possibly be some other issue.

For reference, here's the idf_component.yml, the same as staging site, other than version ID string:

description: wolfSSL Embedded SSL/TLS Library
discussion: https://www.wolfssl.com/forums
documentation: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html
files:
  exclude:
  - '**/*'
  - INSTALL.md
  - '*.py'
  - '**/*.list'
  - '**/.vs/**/*'
  - '**/build/**/*'
  - '**/dist/**/*'
  - '**/dist.bak/**/*'
  - '**/out/**/*'
  - '*.sh'
  - '*.bak'
  - sdkconfig
  - README_DIST.md
  - README_REGISTRY_PREPEND.md
  - README_STAGING_PREPEND.md
  - README_STAGING.md
  - ./src/sp_arm64.c
  - ./src/sp_armthumb.c
  - ./src/sp_x86_64.c
  - ./src/sp_arm32.c
  - ./src/sp_c32.c
  - ./src/sp_cortexm.c
  include:
  - ./README.md
  - ./LICENSE.txt
  - ./idf_component.yml
  - ./CMakeLists.txt
  - ./Kconfig
  - ./install_log.txt
  - ./src/**/*
  - ./include/**/*
  - ./wolfssl/**/*
  - ./wolfcrypt/**/*
  - ./examples/**/*
issues: https://github.com/wolfSSL/wolfssl/issues
repository: https://github.com/wolfSSL/wolfssl.git
url: https://www.wolfssl.com
version: 5.7.4-Preview1a

found here:

image

I will leave this PR in draft mode until fully resolved.

@gojimmypi
Copy link
Contributor Author

gojimmypi commented Dec 5, 2024

Additional information:

# idf.py create-project-from-example "wolfssl/wolfssl^5.7.4-preview1a:wolfssl_client"

# edit: later preview published components work. the above command uses latest. this uses specific earlier failing version:
idf.py create-project-from-example "wolfssl/wolfssl=5.7.4-preview1a:wolfssl_client"

cd wolfssl_client

# NO managed_component directory exists

idf.py menuconfig

# managed_component directory exists

idf.py build

# managed_component directory is removed early in the build process

And sure enough, from the build log - note last lines:

Executing action: all (aliases: build)
Running ninja in directory /mnt/c/test/libtest/wolfssl_client/build
Executing "ninja all"...
[0/1] Re-running CMake...
-- Begin project wolfssl_client
-- Detected UNIX
-- Detected WSL
-- Detected Linux
-- Found PROTOCOL_EXAMPLES_DIR=/mnt/c/SysGCC/esp32/esp-idf/v5.2/examples/common_components/protocol_examples_common
-- USERNAME =
-- THIS_USER = gojimmypi
-- Checking for wolfSSL as Managed Component or not... /mnt/c/test/libtest/wolfssl_client
-- No conflicting wolfSSL components found as a Managed Component.
-- EXTRA_COMPONENT_DIRS WOLFSSL_PATH: /mnt/c/test/libtest/wolfssl_client/managed_components/wolfssl__wolfssl
-- git rev-parse returned 'fatal: not a git repository (or any parent up to mount point /mnt)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).'
-- Could not use 'git describe' to determine PROJECT_VER.
-- Building ESP-IDF components for target esp32
Manifest files have changed, solving dependencies.
Using component placed at /mnt/c/test/libtest/wolfssl_client/managed_components/wolfssl__wolfssl for dependency wolfssl/wolfssl(^5.7.4-Preview1a), specified in /mnt/c/test/libtest/wolfssl_client/main/idf_component.yml
..Updating lock file at /mnt/c/test/libtest/wolfssl_client/dependencies.lock
Deleting 1 unused components
 wolfssl__wolfssl

None of the published wolfSSL cmake ever files remove the wolfSSL component.

This is what is in /mnt/c/test/libtest/wolfssl_client/main/idf_component.yml:

dependencies:
  idf:
    version: '>=4.1.0'
  wolfssl/wolfssl: ^5.7.4-Preview1a

This did not happen with the staging-components. I believe the prior production work fine. However, this does not seem to be limited to the new preview. The latest 5.7.2 Managed Component is exhibiting this behavior as well. I suspect it is in the ESP-IDF, and not the published component. Investigation continues....

@gojimmypi gojimmypi force-pushed the pr-post-release-bdd62314-espressif branch from 2b9cfac to 06c0c09 Compare December 6, 2024 05:47
@gojimmypi
Copy link
Contributor Author

gojimmypi commented Dec 6, 2024

The latest force push commit replaces the list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) with the PRIV_REQUIRES in the CMakeLists.txt for main with an explicit reference to wolfSSL like this:

idf_component_register(SRCS main.c
                       INCLUDE_DIRS "."
                            "./include"
                       PRIV_REQUIRES driver "${MAIN_WOLFSSL_COMPONENT_NAME}")

In doing so, additional explicit references were also needed for some examples (e.g. protocol_examples_common, driver, and nvs_flash).

Note that a variable MAIN_WOLFSSL_COMPONENT_NAME is needed as the library name varies: it is mywolfssl on the staging site to clearly distinguish from the production release name of wolfssl.

This appears to resolve the undesired Deleting 1 unused components wolfssl__wolfssl only after first running idf.py menuconfig and then idf.py build.

I did try actually using other wolfSSL code directly in main.c (printing the macro value from version.h) so that wolfssl unused problem would be resolved... but no luck. Perhaps it would need to be actual binary code such as the sdk_init_meminfo() that was also gated out in this update to only be used with DEBUG_WOLFSSL. Just as well, as that would have been an unintuitive, hacky solution anyhow.

The observed behavior with the staging Managed Components was different from the release site. Code that worked perfectly on the staging site still suffered from the Deleting unused components problem on the production release site. Reason unknown. The PRIV_REQUIRES route seems to be considerably more robust that the EXTRA_COMPONENT_DIRS .

ESP-IDF v5.2 was used for all development testing.

Reminder that the exact same example code is used for all types of components: local install, ESP-IDF, and local Managed Components.

Note that additional changes have been made to the publishing scripts. One problematic issue encountered with my first release site preview is that I used mixed case in the 5.7.4-preview1a. (5.7.4-Preview1a). Using mixed case is now prohibited in the publishing script, with a hard failure error.

The latest preview release is currently 5.7.4-preview1e.

Additional testing is still underway, but things are finally looking promising.

@kumekay
Copy link

kumekay commented Dec 6, 2024

Hi @gojimmypi I tried to reproduce the issue with ESP-IDF v5.2.3 and the component manager v2.1.0, but didn't manage to reproduce. Could you please help with the steps?

$ idf.py create-project-from-example "wolfssl/wolfssl^5.7.4-preview1a:wolfssl_client"                                                                                       
$ idf.py menuconfig
$ ls managed_components/wolfssl__wolfssl                                                                                                                                        
CMakeLists.txt    Kconfig           LICENSE.txt       README.md         examples          idf_component.yml include           src               wolfcrypt         wolfssl
$ idf.py build
...
Successfully created esp32 image.
Generated /Users/ku/t/wolfssl_client/build/wolfssl_client.bin
[1046/1046] cd /Users/ku/t/wolfssl_client/build/esp-idf/esptool_py && /Users/ku/.espressif/p...uild/partition_table/partition-table.bin /Users/ku/t/wolfssl_client/build/wolfssl_client.bin
wolfssl_client.bin binary size 0x10b6e0 bytes. Smallest app partition is 0x177000 bytes. 0x6b920 bytes (29%) free.

Project build complete. To flash, run:
...
$ ls managed_components/wolfssl__wolfssl                                                                                                                                        [11:56:26]
CMakeLists.txt    Kconfig           LICENSE.txt       README.md         examples          idf_component.yml include           src               wolfcrypt         wolfssl

Using mixed case is now prohibited in the publishing script, with a hard failure error.

What kind of issue is caused by mixed casing? Can we do something on our side to avoid it?

@gojimmypi
Copy link
Contributor Author

Hello @kumekay and thanks for taking a look at this.

I'm using ESP-IDF v5.2 release here, not the latest v5.2.3.

$ idf.py --version
ESP-IDF v5.2-dev-3903-g66992aca7a-dirty

The only changes are some backup files:

image

I also tried ESP-IDF v5.3 just now, and observed the same results.

With your create-project-from-example syntax, I think you may be grabbing the latest preview version of the component, which I finally (think) I have working.

To test my initial problematic preview version that deletes unused code, please use this syntax (note the = not ^ for version specification):

idf.py create-project-from-example "wolfssl/wolfssl=5.7.4-preview1a:wolfssl_client"
cd wolfssl_client
idf.py menuconfig
idf.py build

No changes made in idf.py menuconfig. Just run it and then exit.

I see this output:

$ idf.py build
Executing action: all (aliases: build)
Running ninja in directory /mnt/c/workspace/wolfssl_scripts-gojimmypi/espressif/test/wolfssl_client/build
Executing "ninja all"...
[0/1] Re-running CMake...
-- Begin project wolfssl_client
-- Detected UNIX
-- Detected WSL
-- Detected Linux
-- Found PROTOCOL_EXAMPLES_DIR=/mnt/c/SysGCC/esp32/esp-idf/v5.2/examples/common_components/protocol_examples_common
-- USERNAME =
-- THIS_USER = gojimmypi
-- Checking for wolfSSL as Managed Component or not... /mnt/c/workspace/wolfssl_scripts-gojimmypi/espressif/test/wolfssl_client
-- No conflicting wolfSSL components found as a Managed Component.
-- EXTRA_COMPONENT_DIRS WOLFSSL_PATH: /mnt/c/workspace/wolfssl_scripts-gojimmypi/espressif/test/wolfssl_client/managed_components/wolfssl__wolfssl
-- Building ESP-IDF components for target esp32
Manifest files have changed, solving dependencies.
Using component placed at /mnt/c/workspace/wolfssl_scripts-gojimmypi/espressif/test/wolfssl_client/managed_components/wolfssl__wolfssl for dependency wolfssl/wolfssl(^5.7.4-Preview1a), specified in /mnt/c/workspace/wolfssl_scripts-gojimmypi/espressif/test/wolfssl_client/main/idf_component.yml
..Updating lock file at /mnt/c/workspace/wolfssl_scripts-gojimmypi/espressif/test/wolfssl_client/dependencies.lock
Deleting 1 unused components
 wolfssl__wolfssl
Processing 1 dependencies:

Note that with automated testing without the interactive menuconfig, the examples compile, build, flash and run successfully.

I searched through my ESP32 directory (used in WSL, but initially installed in Windows via ViasualGDB), but could find no reference to the code that is printing the "Deleting 1 unused component" message. Is is possibly that the idf.py calls code outside of the IDF_PATH ?

 echo $IDF_PATH
/mnt/c/SysGCC/esp32/esp-idf/v5.2

Regarding the case, note the contents of ./wolfssl_client/main/idf_component.yml:

dependencies:
  idf:
    version: '>=4.1.0'
  wolfssl/wolfssl: ^5.7.4-Preview1a

The published Preview1a has a lower case p, but some enclosed references still have upper case.

What kind of issue is caused by mixed casing?

I did observe some inconsistencies, but I was primarily looking at the cause of component deletion.

Can we do something on our side to avoid it?

Perhaps either enforce a case, or don't change them? My Preview1a ended up as preview1a in some places.

Cheers & thank you again for your help.

@gojimmypi
Copy link
Contributor Author

Some Managed Component issues were observed regarding which version of wolfSSL is pulled in from the examples such as when using this syntax:

idf.py create-project-from-example "wolfssl/wolfssl^5.7.2:wolfssl_client"

or this explicitly stated version with = not ^:

idf.py create-project-from-example "wolfssl/wolfssl=5.7.2:wolfssl_client"

See espressif/idf-component-manager#78

Otherwise the latest wolfssl 5.7.4-preview1e is still looking good. Draft status for this PR maintained as testing continues.

@gojimmypi
Copy link
Contributor Author

Note for future reference: the prior method that used the CMake list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH}) with wolfSSL as a regular (non managed) component is known to be problematic for Managed Component Examples!

See the IDF Component Manager Packagaing documentation:

image

This PR includes that change to use the idf_component_register( ... PRIV_REQUIRES) instead.

With this PR, the examples should be much more robust when using wolfSSL as either a regular local component or as a Managed Component.

@gojimmypi
Copy link
Contributor Author

In addition to the EXTRA_COMPONENT_DIRS vs PRIV_REQUIRES, it is important to keep the Component Manager itself updated. It is not updated automatically with each ESP-IDF version update. See also espressif/idf-component-manager#78

As noted in espressif/idf-component-manager#73 (comment) :

pip install -U idf-component-manager

I've also updated the wolfSSL publishing scripts to include this information in the README files that will be visible on the home page of each Managed Component.

See the IDF Component Manager Documentation for details.

Additional Component Manager troubleshooting tips are presented when opening a new issue.

@gojimmypi
Copy link
Contributor Author

I've confirmed the ESP Registry wolfSSL Managed Component 5.7.4-preview1f is working as desired with the changes in this PR.

Releasing the draft status, request to be merged. Thank you.

@gojimmypi gojimmypi marked this pull request as ready for review December 18, 2024 19:19
@JacobBarthelmeh JacobBarthelmeh merged commit a5f9ec6 into wolfSSL:master Dec 18, 2024
143 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants