Add network namespace isolation, macOS CI, and Windows build support for fwTPM#486
Open
dgarske wants to merge 1 commit intowolfSSL:masterfrom
Open
Add network namespace isolation, macOS CI, and Windows build support for fwTPM#486dgarske wants to merge 1 commit intowolfSSL:masterfrom
dgarske wants to merge 1 commit intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR improves fwTPM portability and CI robustness by isolating socket-based tests in Linux network namespaces, expanding CI coverage to macOS, and adding Windows build-only support (Winsock + CMake linking).
Changes:
- Run fwTPM socket tests under
unshare --user --netand introduce a “fixed port” mode for CI stability. - Enable macOS CI for socket transport and adjust build/link flags for CMake.
- Add Windows build-only support via Winsock initialization/cleanup, signal handling fallback, and
ws2_32linking.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/fwtpm_check.sh | Adds “fixed port” mode vs. random port selection for fwTPM socket tests. |
| src/fwtpm/fwtpm_main.c | Uses signal() on Windows and sigaction on POSIX for shutdown handling. |
| src/fwtpm/fwtpm_io.c | Introduces Winsock send/recv paths, WSAStartup/WSACleanup, and closes via CloseSocket. |
| configure.ac | Enables fwTPM default on macOS and blocks TIS/SHM transport on Windows with a clear error. |
| CMakeLists.txt | Adjusts link libraries for UNIX/macOS and adds ws2_32 for Windows. |
| .github/workflows/sanitizer.yml | Runs sanitizer job under network namespace and forces fixed port mode. |
| .github/workflows/fwtpm-test.yml | Adds macOS test matrix entry; uses namespace isolation when available; tweaks package install/ldconfig behavior. |
| .github/workflows/cmake-build.yml | Adds a Windows CMake build matrix entry and gates Linux-only package installation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
dgarske
force-pushed
the
ciports
branch
2 times, most recently
from
2512477 to
f4b5973
Compare
…for fwTPM Use unshare --user --net to isolate fwtpm_check.sh TCP ports in CI, eliminating flaky port conflicts on shared runners. Add macOS CI with socket transport tests. Add Windows socket portability (Winsock2) and build-only CI via CMake.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
fwtpm-socketCI failures by running tests in a Linux network namespace (unshare --user --net) with fixed port 2321*darwin*configure exclusion, fix CMake pthread/rt linking, addfwtpm-macos-socketmatrix entryfwtpm_io.c,signal()fallback infwtpm_main.c,ws2_32linking, CMake CI entry