From 5aed467dcbe19117910cb526394a3f25820de75c Mon Sep 17 00:00:00 2001 From: Rushil Mehra Date: Wed, 24 Jan 2024 00:12:22 -0800 Subject: [PATCH] Fix building with non bazel commits of boringssl We need to add `/build/crypto` and `/build/ssl` to the library search path to handle the case where we pass `BORING_BSSL_SOURCE_PATH` when building without enabling any fips features. Otherwise, non bazel commits will not work because `/build/` itself will not contain any crypto libraries to link with --- boring-sys/build/config.rs | 7 +++++++ boring-sys/build/main.rs | 33 +++++++++++++++++++++++++-------- boring-sys/patches/rpk.patch | 2 +- 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/boring-sys/build/config.rs b/boring-sys/build/config.rs index d05396ae..7af00f4b 100644 --- a/boring-sys/build/config.rs +++ b/boring-sys/build/config.rs @@ -5,6 +5,7 @@ use std::path::PathBuf; pub(crate) struct Config { pub(crate) manifest_dir: PathBuf, pub(crate) out_dir: PathBuf, + pub(crate) is_bazel: bool, pub(crate) host: String, pub(crate) target: String, pub(crate) target_arch: String, @@ -51,9 +52,15 @@ impl Config { features.fips || features.fips_link_precompiled, ); + let mut is_bazel = false; + if let Some(src_path) = &env.source_path { + is_bazel = src_path.join("src").exists(); + } + let config = Self { manifest_dir, out_dir, + is_bazel, host, target, target_arch, diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs index 68f24c35..1c9a3e92 100644 --- a/boring-sys/build/main.rs +++ b/boring-sys/build/main.rs @@ -507,9 +507,16 @@ fn apply_patch(config: &Config, patch_name: &str) -> io::Result<()> { .join(patch_name) .canonicalize()?; + let mut args = vec!["apply", "-v", "--whitespace=fix"]; + + // non-bazel versions of BoringSSL have no src/ dir + if config.is_bazel { + args.push("-p2"); + } + run_command( Command::new("git") - .args(["apply", "-v", "--whitespace=fix"]) + .args(&args) .arg(cmd_path) .current_dir(src_path), )?; @@ -548,6 +555,16 @@ fn built_boring_source_path(config: &Config) -> &PathBuf { "cargo:warning=skipping git patches application, provided\ native BoringSSL is expected to have the patches included" ); + } else if config.env.source_path.is_some() + && (config.features.rpk + || config.features.pq_experimental + || config.features.underscore_wildcards) + { + panic!( + "BORING_BSSL_ASSUME_PATCHED must be set when setting + BORING_BSSL_SOURCE_PATH and using any of the following + features: rpk, pq-experimental, underscore-wildcards" + ); } else { ensure_patches_applied(config).unwrap(); } @@ -620,7 +637,13 @@ fn main() { let bssl_dir = built_boring_source_path(&config); let build_path = get_boringssl_platform_output_path(&config); - if config.features.fips || config.features.fips_link_precompiled { + if config.is_bazel { + println!( + "cargo:rustc-link-search=native={}/lib/{}", + bssl_dir.display(), + build_path + ); + } else { println!( "cargo:rustc-link-search=native={}/build/crypto/{}", bssl_dir.display(), @@ -631,12 +654,6 @@ fn main() { bssl_dir.display(), build_path ); - println!( - "cargo:rustc-link-search=native={}/lib/{}", - bssl_dir.display(), - build_path - ); - } else { println!( "cargo:rustc-link-search=native={}/build/{}", bssl_dir.display(), diff --git a/boring-sys/patches/rpk.patch b/boring-sys/patches/rpk.patch index d7ea46a3..bc2e3a8f 100644 --- a/boring-sys/patches/rpk.patch +++ b/boring-sys/patches/rpk.patch @@ -347,9 +347,9 @@ index 8d5a23872..b9ac70dfe 100644 @@ -150,6 +169,7 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg) cert_compression_negotiated(false), ++ server_certificate_type_negotiated(false), apply_jdk11_workaround(false), can_release_private_key(false), -+ server_certificate_type_negotiated(false), channel_id_negotiated(false) { assert(ssl);