Added DHCP + HTTPS-over-TLS13 m33mu test, up m33mu

danielinux · danielinux · commit a563448b289d · 2026-03-06T22:58:13.000+01:00
diff --git a/.github/workflows/stm32h563-m33mu-https-tls13.yml b/.github/workflows/stm32h563-m33mu-https-tls13.yml
@@ -0,0 +1,135 @@
+name: STM32H563 m33mu (HTTPS TLS 1.3)
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  stm32h563_m33mu_https_tls13:
+    runs-on: ubuntu-latest
+    timeout-minutes: 25
+    container:
+      image: ghcr.io/danielinux/m33mu-ci:1.6
+      options: --privileged
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install host tools
+        run: |
+          set -euo pipefail
+          apt-get update
+          apt-get install -y sudo dnsmasq iproute2 curl git tcpdump
+
+      - name: Fetch wolfSSL
+        run: |
+          set -euo pipefail
+          if [ ! -d ../wolfssl ]; then
+            git clone --depth 1 --branch master https://github.com/wolfSSL/wolfssl.git ../wolfssl
+          fi
+
+      - name: Build STM32H563 HTTPS (TZEN off)
+        run: |
+          set -euo pipefail
+          make -C src/port/stm32h563 clean TZEN=0 ENABLE_HTTPS=1 CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
+          make -C src/port/stm32h563 TZEN=0 ENABLE_HTTPS=1 CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy
+          strings src/port/stm32h563/app.bin | grep -q "Initializing HTTPS server"
+
+      - name: Run m33mu + DHCP + HTTPS test
+        timeout-minutes: 15
+        run: |
+          set -euo pipefail
+
+          cleanup() {
+            set +e
+            if [ -f /tmp/m33mu.pid ]; then
+              sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
+            fi
+            if [ -f /tmp/tcpdump.pid ]; then
+              sudo kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
+            fi
+            sudo pkill -x m33mu 2>/dev/null || true
+            if [ -f /tmp/dnsmasq.pid ]; then
+              sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
+            fi
+            sudo ip link del tap0 2>/dev/null || true
+          }
+          trap cleanup EXIT
+
+          sudo ip tuntap add dev tap0 mode tap
+          sudo ip addr add 192.168.12.1/24 dev tap0
+          sudo ip link set tap0 up
+
+          cat > /tmp/dnsmasq.conf <<'CONF'
+          interface=tap0
+          bind-interfaces
+          dhcp-range=192.168.12.50,192.168.12.100,255.255.255.0,12h
+          dhcp-leasefile=/tmp/dnsmasq.leases
+          log-dhcp
+          CONF
+          sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
+
+          sudo tcpdump -i tap0 -nn -U -w /tmp/https-test.pcap > /tmp/tcpdump.log 2>&1 &
+          echo $! > /tmp/tcpdump.pid
+
+          sudo m33mu src/port/stm32h563/app.bin \
+            --cpu stm32h563 --tap:tap0 --uart-stdout --timeout 180 --quit-on-faults \
+            2>&1 | tee /tmp/m33mu.log &
+          sleep 1
+          m33mu_pid="$(pgrep -n -x m33mu || true)"
+          if [ -n "${m33mu_pid}" ]; then
+            echo "${m33mu_pid}" > /tmp/m33mu.pid
+          fi
+
+          ip=""
+          for _ in $(seq 1 90); do
+            if [ -s /tmp/dnsmasq.leases ]; then
+              ip="$(tail -n1 /tmp/dnsmasq.leases | cut -d' ' -f3)"
+            fi
+            if [ -n "${ip}" ]; then
+              break
+            fi
+            sleep 1
+          done
+          if [ -z "${ip}" ]; then
+            echo "No DHCP lease acquired."
+            echo "m33mu log:"
+            tail -n 200 /tmp/m33mu.log || true
+            exit 1
+          fi
+          echo "Leased IP: ${ip}"
+
+          ok=0
+          for _ in $(seq 1 60); do
+            if ! pgrep -x m33mu >/dev/null 2>&1; then
+              echo "m33mu exited before HTTPS check."
+              tail -n 200 /tmp/m33mu.log || true
+              exit 1
+            fi
+            if curl --silent --show-error --fail --insecure --tlsv1.3 \
+                --connect-timeout 10 --max-time 20 \
+                "https://${ip}/" | tee /tmp/curl.log | grep -q "wolfIP"; then
+              ok=1
+              break
+            fi
+            sleep 0.5
+          done
+          if [ "${ok}" -ne 1 ]; then
+            echo "HTTPS test failed."
+            echo "m33mu log:"
+            tail -n 200 /tmp/m33mu.log || true
+            echo "curl log:"
+            tail -n 200 /tmp/curl.log || true
+            echo "tcpdump log:"
+            tail -n 50 /tmp/tcpdump.log || true
+            exit 1
+          fi
+          echo "HTTPS test succeeded."
+          if [ -f /tmp/m33mu.pid ]; then
+            sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
+          fi
+          if [ -f /tmp/tcpdump.pid ]; then
+            sudo kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
+          fi
diff --git a/.github/workflows/stm32h563-m33mu.yml b/.github/workflows/stm32h563-m33mu.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 20
     container:
-      image: ghcr.io/danielinux/m33mu-ci:1.5
+      image: ghcr.io/danielinux/m33mu-ci:1.6
       options: --privileged
 
     steps:
