boring-sys: Ignore patches when boringSSL is precompiled
Internal users often have two builds for `boring`, one using a precompiled build of boringSSL and another built from source with patches applied. However the features that enable these builds are mutually exclusive. For example, the `"pq-experimental"` feature is required to build the source with all of the necessary codepoints for PQ key exchange, but if this feature is enabled and a precompiled boringSSL is provided, then the build will fail. This means users will have to also control their builds with mutually exclusive features. An alternative is to *ignore* features that enable patches whenever a precompiled boringSSL is provided. This is a little different from the "assume patched" environment variable, which applies whenever we're building from source.
This commit is contained in:
Christopher Patton
Kornel
parent
57307d739e
commit
867f2b3b99
|
|
@ -96,10 +96,15 @@ impl Config {
|
||||||
|| self.features.underscore_wildcards;
|
|| self.features.underscore_wildcards;
|
||||||
|
|
||||||
let patches_required = features_with_patches_enabled && !self.env.assume_patched;
|
let patches_required = features_with_patches_enabled && !self.env.assume_patched;
|
||||||
let build_from_sources_required = self.features.fips_link_precompiled || patches_required;
|
|
||||||
|
|
||||||
if is_precompiled_native_lib && build_from_sources_required {
|
if is_precompiled_native_lib && patches_required {
|
||||||
panic!("precompiled BoringSSL was provided, so FIPS configuration or optional patches can't be applied");
|
println!(
|
||||||
|
"cargo:warning=precompiled BoringSSL was provided, so patches will be ignored"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
if is_precompiled_native_lib && self.features.fips_link_precompiled {
|
||||||
|
panic!("precompiled BoringSSL was provided, so FIPS configuration can't be applied");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue