min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

boring-sys: include all files needed to build FIPS 

This commit modifies the Cargo `include` field for `boring-sys` to
include all the files necessary to actually build the FIPS-certified
revision of BoringSSL. Currently, some of these files are missing (see
#157 for details on this).

This branch improves on my previous approach in PR #158, which switched
from using a Cargo `include` to a Cargo `exclude`. Using `exclude`
rather than `include` resulted in a much larger crates.io package, but
at the time, I thought this was less likely to result in breakage in the
future, because I was concerned about the inability to verify that the
set of excludes/includes can build a new pinned `boringssl` git revision
without having to actually publish a crates.io release.

However, as @nox pointed out in [this comment][1], `cargo package` can
be used to verify a build with the `exclude`s/`include`s applied. This
branch therefore adds `cargo package` steps to CI that check that the
package can actually be built. This way, we are able to make a much
smaller change to the included files, resulting in a smaller package
published to crates.io.

On this branch, the package is 6.7MiB compressed, which is not much
larger than it was previously:

```
    Finished dev [unoptimized + debuginfo] target(s) in 55.65s
    Packaged 1851 files, 33.7MiB (6.7MiB compressed)
```

Fixes #157
Closes #158

[1]: https://github.com/cloudflare/boring/pull/158#issuecomment-1693067112,
This commit is contained in:
Eliza Weisman 2023-08-25 14:29:55 -07:00 committed by Ivan Nikulin
parent c8d52a7614
commit 2345c2f988
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
boring-sys/Cargo.toml
View File

@ -17,6 +17,7 @@ include = [
"/*.toml",
"/LICENSE-MIT",
"/cmake/*.cmake",
# boringssl (non-FIPS)
"/deps/boringssl/**/*.[chS]",
"/deps/boringssl/**/*.asm",
"/deps/boringssl/sources.json",
@ -27,16 +28,22 @@ include = [
"/deps/boringssl/**/CMakeLists.txt",
"/deps/boringssl/**/sources.cmake",
"/deps/boringssl/LICENSE",
# boringssl (FIPS)
"/deps/boringssl-fips/**/*.[chS]",
"/deps/boringssl-fips/**/*.asm",
"/deps/boringssl/sources.json",
"/deps/boringssl/src/crypto/obj/obj_mac.num",
"/deps/boringssl/src/crypto/obj/objects.txt",
"/deps/boringssl-fips/**/*.pl",
"/deps/boringssl-fips/**/*.go",
"/deps/boringssl-fips/**/go.mod",
"/deps/boringssl-fips/**/go.sum",
"/deps/boringssl-fips/sources.json",
"/deps/boringssl-fips/crypto/obj/obj_mac.num",
"/deps/boringssl-fips/crypto/obj/objects.txt",
"/deps/boringssl-fips/crypto/err/*.errordata",
"/deps/boringssl-fips/**/*.bzl",
"/deps/boringssl-fips/src/**/*.cc",
"/deps/boringssl-fips/**/*.cc",
"/deps/boringssl-fips/**/CMakeLists.txt",
"/deps/boringssl-fips/**/sources.cmake",
"/deps/boringssl/LICENSE",
"/deps/boringssl-fips/LICENSE",
"/build.rs",
"/src",
"/patches",