# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This script contains common functions which can be used to help when building # specific components of the beto-rust repo. To load these into your environment # run `source ./scripts/build-script.sh` Then run the functions from root # This can also be sourced to help when writing further build scripts export SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) # Use to generate headers for new source code files gen_headers() { set -e $HOME/go/bin/addlicense -c "Google LLC" -l apache -ignore=**/android/build/** -ignore=target/** -ignore=**/target/** -ignore=".idea/*" -ignore=**/cmake-build/** -ignore="**/java/build/**" . } # Checks the workspace 3rd party crates and makes sure they have a valid license check_crate_licenses(){ set -e cd $SCRIPT_DIR/.. cargo deny --workspace check } # Checks everything in beto-rust check_everything(){ set -e cd $SCRIPT_DIR/.. check_license_headers check_workspace check_boringssl check_ldt_ffi build_fuzzers } # Checks everything included in the top level workspace check_workspace(){ set -e cd $SCRIPT_DIR/.. # ensure formatting is correct (Check for it first because it is fast compared to running tests) cargo fmt --check # make sure everything compiles cargo check --workspace --all-targets # run all the tests cargo test --workspace --quiet # ensure the docs are valid (cross-references to other code, etc) cargo doc --workspace --no-deps cargo clippy --all-targets cargo deny --workspace check # Check the build for targets without using RustCrypto dependencies cargo check --features=openssl --no-default-features } # Checks that the license auditing tool is installed and that all source files in the project contain the needed headers check_license_headers() { set -e cd $SCRIPT_DIR/.. # install location for those following the default instructions ADDLICENSE="$HOME/go/bin/addlicense" if [ ! -x "$ADDLICENSE" ]; then # if not in the default place, assume it's in PATH ADDLICENSE="addlicense" fi # see README for instructions on setting up addlicense tool if ($ADDLICENSE -h >/dev/null 2>&1); then echo "Add license is already installed" else echo "ERROR: addlicense tool is not installed, see instructions in README" exit 1 fi if $ADDLICENSE -check \ -ignore="**/android/build/**" \ -ignore="target/**" \ -ignore="**/target/**" \ -ignore="**/.idea/**" \ -ignore="**/cmake-build/**" \ -ignore="**/java/build/**" \ -ignore="**/java/*/build/**" \ .; then echo "License header check succeeded!" else echo "ERROR: License header missing for above files" exit 1 fi } # Build all fuzz targets build_fuzzers() { set -e cd $SCRIPT_DIR/.. # rust fuzzers for fuzzed_crate in presence/xts_aes presence/ldt presence/ldt_np_adv connections/ukey2/ukey2_connections; do (cd "$fuzzed_crate" && cargo +nightly fuzz build) done # ffi fuzzers rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build (cd presence/ldt_np_adv_ffi_fuzz && mkdir -p cmake-build && cd cmake-build && cmake ../.. -DENABLE_FUZZ=true && make) rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build } # Builds and runs all tests for all combinations of features for the LDT FFI check_ldt_ffi() { set -e cd $SCRIPT_DIR/.. # We need to handle ldt_np_adv_ffi separately since it requires the nightly toolchain cd presence/ldt_np_adv_ffi cargo fmt --check cargo check # Default build, RustCrypto + no_std cargo build --release # Turn on std, still using RustCrypto cargo build --features=std # Turn off default features and try to build with std cargo build --no-default-features --features=std # Turn off RustCrypto and use openssl cargo build --no-default-features --features=openssl # Turn off RustCrypto and use boringssl cargo build --no-default-features --features=boringssl cargo doc --no-deps cargo clippy --release cargo clippy --features=std cargo clippy --no-default-features --features=openssl cargo clippy --no-default-features --features=boringssl cargo clippy --no-default-features --features=std cargo deny check cd ../ # build C/C++ samples, tests, and benches mkdir -p cmake-build && cd cmake-build cmake .. -DENABLE_TESTS=true make # test with default build settings (rustcrypto, no_std) echo "Testing default features (no_std + rustcrypto)" (cd ../ldt_np_adv_ffi && cargo build --release) (cd ldt_np_c_sample/tests && ctest) # test with std echo "Testing std feature flag" (cd ../ldt_np_adv_ffi && cargo build --features std --release) (cd ldt_np_c_sample/tests && make && ctest) # test with boringssl crypto feature flag echo "Testing boringssl" (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features boringssl --release) (cd ldt_np_c_sample/tests && make && ctest) # test with openssl feature flag echo "Testing openssl" (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features openssl --release) (cd ldt_np_c_sample/tests && make && ctest) # test with std feature flag echo "Testing std with no default features" (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features std --release) (cd ldt_np_c_sample/tests && make && ctest) cd ../ } # Clones boringssl and uses bindgen to generate the rust crate, applies AOSP # specific patches to the 3p `openssl` crate so that it can use a bssl backend prepare_boringssl() { set -e cd $SCRIPT_DIR/../.. projectroot=$PWD mkdir -p boringssl-build && cd boringssl-build if ! git -C boringssl pull origin master; then git clone https://boringssl.googlesource.com/boringssl fi cd boringssl && mkdir -p build && cd build target=$(rustc -vV | awk '/host/ { print $2 }') cmake -G Ninja .. -DRUST_BINDINGS="$target" && ninja # A valid Rust crate is built under `boringssl-build/boringssl/build/rust/bssl-sys` cd $projectroot/boringssl-build rm -Rf rust-openssl git clone https://github.com/sfackler/rust-openssl.git git -C rust-openssl checkout 11797d9ecb73e94b7f55a49274318abc9dc074d2 git -C rust-openssl branch -f BASE_COMMIT git -C rust-openssl am $projectroot/nearby/scripts/openssl-patches/*.patch cd $projectroot/nearby cat <<'EOF' >&2 ========== Preparation complete. The required repositories are downloaded to `beto-rust/boringssl-build`. If you need to go back to a clean state, you can remove that directory and rerun this script. You can now build and test with boringssl using the following command `cargo --config .cargo/config-boringssl.toml test -p crypto_provider* --features=boringssl,std` ========== EOF echo } # Checks the build and tests for all boringssl related deps # crypto_provider_openssl is used on AOSP # crypto_provider_boringssl is used on Chromium # And we want to verify that both of these are tested in our own repo check_boringssl() { set -e cd $SCRIPT_DIR/../.. # clones boringssl and uses bindgen to generate the sys bindings prepare_boringssl # test the openssl crate with the boringssl feature cargo --config .cargo/config-boringssl.toml test -p crypto_provider_openssl --features=boringssl # test the crypto_provider built on the new bssl crate cd crypto/crypto_provider_boringssl cargo check cargo fmt --check cargo clippy --all-targets cargo test cargo doc --no-deps cd ../../ } # Helper for setting up dependencies on the build machine setup_kokoro_macos () { set -e go install github.com/google/addlicense@latest curl https://sh.rustup.rs -sSf | sh -s -- -y --no-modify-path --default-toolchain 1.68.0 cargo install --locked cargo-deny --color never 2>&1 source "$HOME/.cargo/env" rustup install nightly brew install rapidjson google-benchmark ninja bindgen # Unfortunately CMake is not smart enough to find this on its own, even though # it is in fact there by default on the build machines export OPENSSL_ROOT_DIR="/usr/local/opt/openssl@3" }