1# Copyright 2021 The Pigweed Authors 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); you may not 4# use this file except in compliance with the License. You may obtain a copy of 5# the License at 6# 7# https://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12# License for the specific language governing permissions and limitations under 13# the License. 14"""Install and check status of BoringSSL + Chromium verifier.""" 15 16import pathlib 17from typing import Sequence 18import pw_package.git_repo 19import pw_package.package_manager 20 21# List of sources to checkout for chromium verifier. 22# The list is hand-picked. It is currently only tested locally (i.e. the list 23# compiles and can run certificate chain verification). Unittest will be added 24# in pw_tls_client that uses the this package, so that it can be used as a 25# criterion for rolling. 26CHROMIUM_VERIFIER_LIBRARY_SOURCES = [ 27 'base/*', 28 '!base/check.h', 29 '!base/check_op.h', 30 '!base/logging.h', 31 'build/buildflag.h', 32 'build/write_buildflag_header.py', 33 'crypto', 34 'net/base', 35 'net/cert', 36 'net/data', 37 'net/der', 38 'testing/gtest/include', 39 'testing/gmock/include', 40 'third_party/abseil-cpp', 41 'third_party/boringssl', 42 'third_party/googletest', 43 'time/internal/cctz/include/cctz/civil_time_detail.h', 44 'url/gurl.h', 45 'url/third_party/mozilla/url_parse.h', 46 'url/url_canon.h', 47 'url/url_canon_ip.h', 48 'url/url_canon_stdstring.h', 49 'url/url_constants.h', 50 'net/test/test_certificate_data.h', 51 'net/cert/internal/path_builder_unittest.cc', 52 'third_party/modp_b64', 53] 54 55CHROMIUM_VERIFIER_UNITTEST_SOURCES = [ 56 # TODO(pwbug/394): Look into in necessary unittests to port. 57 'net/cert/internal/path_builder_unittest.cc', 58] 59 60CHROMIUM_VERIFIER_SOURCES = CHROMIUM_VERIFIER_LIBRARY_SOURCES +\ 61 CHROMIUM_VERIFIER_UNITTEST_SOURCES 62 63 64def chromium_verifier_repo_path( 65 chromium_verifier_install: pathlib.Path) -> pathlib.Path: 66 """Return the sub-path for repo checkout of chromium verifier""" 67 return chromium_verifier_install / 'src' 68 69 70def chromium_third_party_boringssl_repo_path( 71 chromium_verifier_repo: pathlib.Path) -> pathlib.Path: 72 """Returns the path of third_party/boringssl library in chromium repo""" 73 return chromium_verifier_repo / 'third_party' / 'boringssl' / 'src' 74 75 76def chromium_third_party_googletest_repo_path( 77 chromium_verifier_repo: pathlib.Path) -> pathlib.Path: 78 """Returns the path of third_party/googletest in chromium repo""" 79 return chromium_verifier_repo / 'third_party' / 'googletest' / 'src' 80 81 82class ChromiumVerifier(pw_package.package_manager.Package): 83 """Install and check status of Chromium Verifier""" 84 def __init__(self, *args, **kwargs): 85 super().__init__(*args, name='chromium_verifier', **kwargs) 86 self._chromium_verifier = pw_package.git_repo.GitRepo( 87 name='chromium_verifier', 88 url='https://chromium.googlesource.com/chromium/src', 89 commit='04ebce24d98339954fb1d2a67e68da7ca81ca47c', 90 sparse_list=CHROMIUM_VERIFIER_SOURCES, 91 ) 92 93 # The following is for checking out necessary headers of 94 # boringssl and googletest third party libraries that chromium verifier 95 # depends on. The actual complete libraries will be separate packages. 96 97 self._boringssl = pw_package.git_repo.GitRepo( 98 name='boringssl', 99 url=''.join([ 100 'https://pigweed.googlesource.com', 101 '/third_party/boringssl/boringssl' 102 ]), 103 commit='9f55d972854d0b34dae39c7cd3679d6ada3dfd5b', 104 sparse_list=['include'], 105 ) 106 107 self._googletest = pw_package.git_repo.GitRepo( 108 name='googletest', 109 url=''.join([ 110 'https://chromium.googlesource.com/', 111 'external/github.com/google/googletest.git', 112 ]), 113 commit='53495a2a7d6ba7e0691a7f3602e9a5324bba6e45', 114 sparse_list=[ 115 'googletest/include', 116 'googlemock/include', 117 ]) 118 119 def install(self, path: pathlib.Path) -> None: 120 # Checkout chromium verifier 121 chromium_repo = chromium_verifier_repo_path(path) 122 self._chromium_verifier.install(chromium_repo) 123 124 # Checkout third party boringssl headers 125 boringssl_repo = chromium_third_party_boringssl_repo_path( 126 chromium_repo) 127 self._boringssl.install(boringssl_repo) 128 129 # Checkout third party googletest headers 130 googletest_repo = chromium_third_party_googletest_repo_path( 131 chromium_repo) 132 self._googletest.install(googletest_repo) 133 134 def status(self, path: pathlib.Path) -> bool: 135 chromium_repo = chromium_verifier_repo_path(path) 136 if not self._chromium_verifier.status(chromium_repo): 137 return False 138 139 boringssl_repo = chromium_third_party_boringssl_repo_path( 140 chromium_repo) 141 if not self._boringssl.status(boringssl_repo): 142 return False 143 144 googletest_repo = chromium_third_party_googletest_repo_path( 145 chromium_repo) 146 if not self._googletest.status(googletest_repo): 147 return False 148 149 return True 150 151 def info(self, path: pathlib.Path) -> Sequence[str]: 152 return ( 153 f'{self.name} installed in: {path}', 154 'Enable by running "gn args out" and adding this line:', 155 f' dir_pw_third_party_chromium_verifier = {path}', 156 ) 157 158 159pw_package.package_manager.register(ChromiumVerifier) 160