• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2022 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# This script contains common functions which can be used to help when building
16# specific components of the beto-rust repo. To load these into your environment
17# run `source ./scripts/build-script.sh` Then run the functions from root
18# This can also be sourced to help when writing further build scripts
19
20export SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
21
22# Use to generate headers for new source code files
23gen_headers() {
24  set -e
25  $HOME/go/bin/addlicense -c "Google LLC" -l apache -ignore=**/android/build/** -ignore=target/** -ignore=**/target/** -ignore=".idea/*" -ignore=**/cmake-build/** -ignore="**/java/build/**" .
26}
27
28# Checks the workspace 3rd party crates and makes sure they have a valid license
29check_crate_licenses(){
30    set -e
31    cd $SCRIPT_DIR/..
32    cargo deny --workspace check
33}
34
35# Checks everything in beto-rust
36check_everything(){
37  set -e
38  cd $SCRIPT_DIR/..
39  check_license_headers
40  check_workspace
41  check_boringssl
42  check_ldt_ffi
43  build_fuzzers
44}
45
46# Checks everything included in the top level workspace
47check_workspace(){
48  set -e
49  cd $SCRIPT_DIR/..
50  # ensure formatting is correct (Check for it first because it is fast compared to running tests)
51  cargo fmt --check
52  # make sure everything compiles
53  cargo check --workspace --all-targets
54  # run all the tests
55  cargo test --workspace --quiet
56  # ensure the docs are valid (cross-references to other code, etc)
57  cargo doc --workspace --no-deps
58  cargo clippy --all-targets
59  cargo deny --workspace check
60  # Check the build for targets without using RustCrypto dependencies
61  cargo check --features=openssl --no-default-features
62}
63
64# Checks that the license auditing tool is installed and that all source files in the project contain the needed headers
65check_license_headers() {
66  set -e
67  cd $SCRIPT_DIR/..
68  # install location for those following the default instructions
69  ADDLICENSE="$HOME/go/bin/addlicense"
70  if [ ! -x "$ADDLICENSE" ]; then
71    # if not in the default place, assume it's in PATH
72    ADDLICENSE="addlicense"
73  fi
74
75  # see README for instructions on setting up addlicense tool
76  if ($ADDLICENSE -h >/dev/null 2>&1); then
77    echo "Add license is already installed"
78  else
79    echo "ERROR: addlicense tool is not installed, see instructions in README"
80    exit 1
81  fi
82
83  if $ADDLICENSE -check \
84      -ignore="**/android/build/**" \
85      -ignore="target/**" \
86      -ignore="**/target/**" \
87      -ignore="**/.idea/**" \
88      -ignore="**/cmake-build/**" \
89      -ignore="**/java/build/**" \
90      -ignore="**/java/*/build/**" \
91      .; then
92    echo "License header check succeeded!"
93  else
94    echo "ERROR: License header missing for above files"
95    exit 1
96  fi
97}
98
99# Build all fuzz targets
100build_fuzzers() {
101  set -e
102  cd $SCRIPT_DIR/..
103  # rust fuzzers
104  for fuzzed_crate in presence/xts_aes presence/ldt presence/ldt_np_adv connections/ukey2/ukey2_connections; do
105    (cd "$fuzzed_crate" && cargo +nightly fuzz build)
106  done
107
108  # ffi fuzzers
109  rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build
110  (cd presence/ldt_np_adv_ffi_fuzz && mkdir -p cmake-build && cd cmake-build && cmake ../.. -DENABLE_FUZZ=true && make)
111  rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build
112}
113
114# Builds and runs all tests for all combinations of features for the LDT FFI
115check_ldt_ffi() {
116  set -e
117  cd $SCRIPT_DIR/..
118  # We need to handle ldt_np_adv_ffi separately since it requires the nightly toolchain
119  cd presence/ldt_np_adv_ffi
120  cargo fmt --check
121  cargo check
122  # Default build, RustCrypto + no_std
123  cargo build --release
124  # Turn on std, still using RustCrypto
125  cargo build --features=std
126  # Turn off default features and try to build with std
127  cargo build --no-default-features --features=std
128  # Turn off RustCrypto and use openssl
129  cargo build --no-default-features --features=openssl
130  # Turn off RustCrypto and use boringssl
131  cargo build --no-default-features --features=boringssl
132  cargo doc --no-deps
133  cargo clippy --release
134  cargo clippy --features=std
135  cargo clippy --no-default-features --features=openssl
136  cargo clippy --no-default-features --features=boringssl
137  cargo clippy --no-default-features --features=std
138  cargo deny check
139  cd ../
140
141  # build C/C++ samples, tests, and benches
142  mkdir -p cmake-build && cd cmake-build
143  cmake .. -DENABLE_TESTS=true
144  make
145
146  # test with default build settings (rustcrypto, no_std)
147  echo "Testing default features (no_std + rustcrypto)"
148  (cd ../ldt_np_adv_ffi && cargo build --release)
149  (cd ldt_np_c_sample/tests && ctest)
150
151  # test with std
152  echo "Testing std feature flag"
153  (cd ../ldt_np_adv_ffi && cargo build --features std --release)
154  (cd ldt_np_c_sample/tests && make && ctest)
155
156  # test with boringssl crypto feature flag
157  echo "Testing boringssl"
158  (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features boringssl --release)
159  (cd ldt_np_c_sample/tests && make && ctest)
160
161  # test with openssl feature flag
162  echo "Testing openssl"
163  (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features openssl --release)
164  (cd ldt_np_c_sample/tests && make && ctest)
165
166  # test with std feature flag
167  echo "Testing std with no default features"
168  (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features std --release)
169  (cd ldt_np_c_sample/tests && make && ctest)
170  cd ../
171}
172
173# Clones boringssl and uses bindgen to generate the rust crate, applies AOSP
174# specific patches to the 3p `openssl` crate so that it can use a bssl backend
175prepare_boringssl() {
176  set -e
177  cd $SCRIPT_DIR/../..
178  projectroot=$PWD
179  mkdir -p boringssl-build && cd boringssl-build
180
181  if ! git -C boringssl pull origin master; then
182    git clone https://boringssl.googlesource.com/boringssl
183  fi
184  cd boringssl && mkdir -p build && cd build
185  target=$(rustc -vV | awk '/host/ { print $2 }')
186  cmake -G Ninja .. -DRUST_BINDINGS="$target" && ninja
187  # A valid Rust crate is built under `boringssl-build/boringssl/build/rust/bssl-sys`
188
189  cd $projectroot/boringssl-build
190  rm -Rf rust-openssl
191  git clone https://github.com/sfackler/rust-openssl.git
192  git -C rust-openssl checkout 11797d9ecb73e94b7f55a49274318abc9dc074d2
193  git -C rust-openssl branch -f BASE_COMMIT
194  git -C rust-openssl am $projectroot/nearby/scripts/openssl-patches/*.patch
195
196  cd $projectroot/nearby
197
198  cat <<'EOF' >&2
199==========
200Preparation complete. The required repositories are downloaded to `beto-rust/boringssl-build`. If
201you need to go back to a clean state, you can remove that directory and rerun this script.
202
203You can now build and test with boringssl using the following command
204  `cargo --config .cargo/config-boringssl.toml test -p crypto_provider* --features=boringssl,std`
205==========
206EOF
207  echo
208}
209
210# Checks the build and tests for all boringssl related deps
211# crypto_provider_openssl is used on AOSP
212# crypto_provider_boringssl is used on Chromium
213# And we want to verify that both of these are tested in our own repo
214check_boringssl() {
215  set -e
216  cd $SCRIPT_DIR/../..
217  # clones boringssl and uses bindgen to generate the sys bindings
218  prepare_boringssl
219
220  # test the openssl crate with the boringssl feature
221  cargo --config .cargo/config-boringssl.toml test -p crypto_provider_openssl --features=boringssl
222
223  # test the crypto_provider built on the new bssl crate
224  cd crypto/crypto_provider_boringssl
225  cargo check
226  cargo fmt --check
227  cargo clippy --all-targets
228  cargo test
229  cargo doc --no-deps
230  cd ../../
231}
232
233# Helper for setting up dependencies on the build machine
234setup_kokoro_macos () {
235  set -e
236  go install github.com/google/addlicense@latest
237  curl https://sh.rustup.rs -sSf | sh -s -- -y --no-modify-path --default-toolchain 1.68.0
238  cargo install --locked cargo-deny --color never 2>&1
239  source "$HOME/.cargo/env"
240  rustup install nightly
241  brew install rapidjson google-benchmark ninja bindgen
242
243  # Unfortunately CMake is not smart enough to find this on its own, even though
244  # it is in fact there by default on the build machines
245  export OPENSSL_ROOT_DIR="/usr/local/opt/openssl@3"
246}
247