Google Git
Sign in
beto-core / beto-core / 9bfc955731213b299f893dbf4ca86874b31e6b18 / . / nearby / scripts / build-script.sh
blob: 7311df2bf7103367f2c0593b6725268430625ab5 [file] [log] [blame]
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This script contains common functions which can be used to help when building
# specific components of the beto-rust repo. To load these into your environment
# run `source ./scripts/build-script.sh` Then run the functions from root
# This can also be sourced to help when writing further build scripts
export SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# Use to generate headers for new source code files
gen_headers() {
set -e
$HOME/go/bin/addlicense -c "Google LLC" -l apache -ignore=**/android/build/** -ignore=target/** -ignore=**/target/** -ignore=".idea/*" -ignore=**/cmake-build/** -ignore="**/java/build/**" .
}
# Checks the workspace 3rd party crates and makes sure they have a valid license
check_crate_licenses(){
set -e
cd $SCRIPT_DIR/..
cargo deny --workspace check
}
# Checks everything in beto-rust
check_everything(){
set -e
cd $SCRIPT_DIR/..
check_license_headers
check_workspace
check_boringssl
check_ldt_ffi
build_fuzzers
}
# Checks everything included in the top level workspace
check_workspace(){
set -e
cd $SCRIPT_DIR/..
# ensure formatting is correct (Check for it first because it is fast compared to running tests)
cargo fmt --check
# make sure everything compiles
cargo check --workspace --all-targets
# run all the tests
cargo test --workspace --quiet
# ensure the docs are valid (cross-references to other code, etc)
cargo doc --workspace --no-deps
cargo clippy --all-targets
cargo deny --workspace check
# Check the build for targets without using RustCrypto dependencies
cargo check --features=openssl --no-default-features
}
# Checks that the license auditing tool is installed and that all source files in the project contain the needed headers
check_license_headers() {
set -e
cd $SCRIPT_DIR/..
# install location for those following the default instructions
ADDLICENSE="$HOME/go/bin/addlicense"
if [ ! -x "$ADDLICENSE" ]; then
# if not in the default place, assume it's in PATH
ADDLICENSE="addlicense"
fi
# see README for instructions on setting up addlicense tool
if ($ADDLICENSE -h >/dev/null 2>&1); then
echo "Add license is already installed"
else
echo "ERROR: addlicense tool is not installed, see instructions in README"
exit 1
fi
if $ADDLICENSE -check \
-ignore="**/android/build/**" \
-ignore="target/**" \
-ignore="**/target/**" \
-ignore="**/.idea/**" \
-ignore="**/cmake-build/**" \
-ignore="**/java/build/**" \
-ignore="**/java/*/build/**" \
.; then
echo "License header check succeeded!"
else
echo "ERROR: License header missing for above files"
exit 1
fi
}
# Build all fuzz targets
build_fuzzers() {
set -e
cd $SCRIPT_DIR/..
# rust fuzzers
for fuzzed_crate in presence/xts_aes presence/ldt presence/ldt_np_adv connections/ukey2/ukey2_connections; do
(cd "$fuzzed_crate" && cargo +nightly fuzz build)
done
# ffi fuzzers
rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build
(cd presence/ldt_np_adv_ffi_fuzz && mkdir -p cmake-build && cd cmake-build && cmake ../.. -DENABLE_FUZZ=true && make)
rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build
}
# Builds and runs all tests for all combinations of features for the LDT FFI
check_ldt_ffi() {
set -e
cd $SCRIPT_DIR/..
# We need to handle ldt_np_adv_ffi separately since it requires the nightly toolchain
cd presence/ldt_np_adv_ffi
cargo fmt --check
cargo check
# Default build, RustCrypto + no_std
cargo build --release
# Turn on std, still using RustCrypto
cargo build --features=std
# Turn off default features and try to build with std
cargo build --no-default-features --features=std
# Turn off RustCrypto and use openssl
cargo build --no-default-features --features=openssl
# Turn off RustCrypto and use boringssl
cargo build --no-default-features --features=boringssl
cargo doc --no-deps
cargo clippy --release
cargo clippy --features=std
cargo clippy --no-default-features --features=openssl
cargo clippy --no-default-features --features=boringssl
cargo clippy --no-default-features --features=std
cargo deny check
cd ../
# build C/C++ samples, tests, and benches
mkdir -p cmake-build && cd cmake-build
cmake .. -DENABLE_TESTS=true
make
# test with default build settings (rustcrypto, no_std)
echo "Testing default features (no_std + rustcrypto)"
(cd ../ldt_np_adv_ffi && cargo build --release)
(cd ldt_np_c_sample/tests && ctest)
# test with std
echo "Testing std feature flag"
(cd ../ldt_np_adv_ffi && cargo build --features std --release)
(cd ldt_np_c_sample/tests && make && ctest)
# test with boringssl crypto feature flag
echo "Testing boringssl"
(cd ../ldt_np_adv_ffi && cargo build --no-default-features --features boringssl --release)
(cd ldt_np_c_sample/tests && make && ctest)
# test with openssl feature flag
echo "Testing openssl"
(cd ../ldt_np_adv_ffi && cargo build --no-default-features --features openssl --release)
(cd ldt_np_c_sample/tests && make && ctest)
# test with std feature flag
echo "Testing std with no default features"
(cd ../ldt_np_adv_ffi && cargo build --no-default-features --features std --release)
(cd ldt_np_c_sample/tests && make && ctest)
cd ../
}
# Clones boringssl and uses bindgen to generate the rust crate, applies AOSP
# specific patches to the 3p `openssl` crate so that it can use a bssl backend
prepare_boringssl() {
set -e
cd $SCRIPT_DIR/../..
projectroot=$PWD
mkdir -p boringssl-build && cd boringssl-build
if ! git -C boringssl pull origin master; then
git clone https://boringssl.googlesource.com/boringssl
fi
cd boringssl && mkdir -p build && cd build
cmake -G Ninja .. -DRUST_BINDINGS="$(gcc -dumpmachine)" && ninja
# A valid Rust crate is built under `boringssl-build/boringssl/build/rust/bssl-sys`
cd $projectroot/boringssl-build
rm -Rf rust-openssl
git clone https://github.com/sfackler/rust-openssl.git
git -C rust-openssl checkout 11797d9ecb73e94b7f55a49274318abc9dc074d2
git -C rust-openssl branch -f BASE_COMMIT
git -C rust-openssl am $projectroot/nearby/scripts/openssl-patches/*.patch
cd $projectroot/nearby
cat <<'EOF' >&2
==========
Preparation complete. The required repositories are downloaded to `beto-rust/boringssl-build`. If
you need to go back to a clean state, you can remove that directory and rerun this script.
You can now build and test with boringssl using the following command
`cargo --config .cargo/config-boringssl.toml test -p crypto_provider* --features=boringssl,std`
==========
EOF
echo
}
# Checks the build and tests for all boringssl related deps
# crypto_provider_openssl is used on AOSP
# crypto_provider_boringssl is used on Chromium
# And we want to verify that both of these are tested in our own repo
check_boringssl() {
set -e
cd $SCRIPT_DIR/../..
# clones boringssl and uses bindgen to generate the sys bindings
prepare_boringssl
# test the openssl crate with the boringssl feature
cargo --config .cargo/config-boringssl.toml test -p crypto_provider_openssl --features=boringssl
# test the crypto_provider built on the new bssl crate
cd crypto/crypto_provider_boringssl
cargo check
cargo fmt --check
cargo clippy --all-targets
cargo test
cargo doc --no-deps
cd ../../
}
# Helper for setting up dependencies on the build machine
setup_kokoro_macos () {
set -e
go install github.com/google/addlicense@latest
curl https://sh.rustup.rs -sSf | sh -s -- -y --no-modify-path --default-toolchain 1.68.0
cargo install --locked cargo-deny --color never 2>&1
source "$HOME/.cargo/env"
rustup install nightly
brew install rapidjson google-benchmark ninja bindgen
# Unfortunately CMake is not smart enough to find this on its own, even though
# it is in fact there by default on the build machines
export OPENSSL_ROOT_DIR="/usr/local/opt/openssl@3"
}