Skip to content

Commit

Permalink
boringssl
Browse files Browse the repository at this point in the history
  • Loading branch information
fffonion committed Mar 4, 2022
1 parent a6b5d12 commit 5ed4b67
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 22 deletions.
50 changes: 34 additions & 16 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,15 @@ RUN apt-get update && \
m4 \
libpcre3 \
libpcre3-dev \
libyaml-dev
libyaml-dev \
cmake \
clang \
ninja-build

# LuaRocks - OpenSSL - OpenResty
ARG LUAROCKS
ARG OPENSSL
ARG BORINGSSL
ARG OPENRESTY
ARG KONG_NGX_MODULE
ARG KONG_BUILD_TOOLS
Expand All @@ -47,13 +51,36 @@ ENV LIBGMP_INSTALL=${BUILD_PREFIX}/libgmp
ENV LIBNETTLE_INSTALL=${BUILD_PREFIX}/libnettle
ENV LIBJQ_INSTALL=${BUILD_PREFIX}/libjq

# Go and go-pluginserver
ENV GO_VERSION=${GO_VERSION}
ENV GOROOT=${BUILD_PREFIX}/go
ENV GOPATH=${BUILD_PREFIX}/gopath
ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH
RUN mkdir -p ${GOROOT} ${GOPATH}

RUN bash -c "[[ ! -z ${GO_VERSION} || ! -z ${BORINGSSL} ]]" && ( \
curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \
tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \
rm /tmp/go.tar.gz ) || \
echo "go is not required"

RUN mkdir -p ${BUILD_PREFIX}
COPY build.sh ${BUILD_PREFIX}
COPY silent ${BUILD_PREFIX}/silent
RUN ${BUILD_PREFIX}/build.sh

ENV OPENSSL_DIR=${OPENSSL_INSTALL}
ENV OPENSSL_LIBDIR=${OPENSSL_INSTALL}
# if it's normal openssl
ENV OPENSSL_DIR=${BORINGSSL:-${OPENSSL_INSTALL}}
ENV OPENSSL_LIBDIR=${BORINGSSL:-${OPENSSL_INSTALL}}
ENV OPENSSL_INCDIR=${BORINGSSL:-${OPENSSL_INSTALL}/include}

# if it's boringssl then
ENV OPENSSL_INSTALL=${BORINGSSL:+/work/boringssl-${BORINGSSL}/.openssl}
# unset OPENSSL_* env vars to use system libraries to build lua modules
# openresty is already built at this point, boringssl libs are correctly linked
ENV OPENSSL_DIR=${BORINGSSL:+}
ENV OPENSSL_LIBDIR=${BORINGSSL:+}
ENV OPENSSL_INCDIR=${BORINGSSL:+}

ENV PATH=$PATH:${OPENRESTY_INSTALL}/nginx/sbin:${OPENRESTY_INSTALL}/bin:${LUAROCKS_INSTALL}/bin
ENV PATH=${OPENSSL_INSTALL}/bin:$PATH
Expand All @@ -70,19 +97,6 @@ RUN apt-get update --fix-missing && \
iproute2 \
net-tools

# Go and go-pluginserver
ENV GO_VERSION=${GO_VERSION}
ENV GOROOT=${BUILD_PREFIX}/go
ENV GOPATH=${BUILD_PREFIX}/gopath
ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH
RUN mkdir -p ${GOROOT} ${GOPATH}

RUN [ ! -z ${GO_VERSION} ] && ( \
curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \
tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \
rm /tmp/go.tar.gz ) || \
echo "go is not required"

ENV KONG_GO_PLUGINSERVER_INSTALL=${BUILD_PREFIX}/gps
ENV KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER}

Expand Down Expand Up @@ -110,6 +124,10 @@ RUN [ ! -z ${GO_VERSION} ] && ( \
RUN cpanm --notest Test::Nginx
RUN cpanm --notest local::lib

RUN export

RUN echo '###############'

COPY 42-kong-envs.sh /etc/profile.d/

WORKDIR /kong
7 changes: 6 additions & 1 deletion docker/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,15 @@ function build {
local flags=(
"--prefix ${BUILD_PREFIX}"
"--openresty ${OPENRESTY}"
"--openssl ${OPENSSL}"
"--luarocks ${LUAROCKS}"
)

if [[ ! -z $BORINGSSL ]]; then
flags+=("--boringssl ${BORINGSSL}")
else
flags+=("--openssl ${OPENSSL}")
fi

local after=()

if version_lte $OPENSSL 1.0; then
Expand Down
24 changes: 19 additions & 5 deletions gojira.sh
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,7 @@ function image_name {
if [[ -n $GOJIRA_IMAGE ]]; then return; fi

# No supplied dependency versions
if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then
if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then
# No supplied local kong path and kong prefix does not exist
if [[ -z "$GOJIRA_LOC_PATH" && ! -d "$GOJIRA_KONGS/$PREFIX" ]]; then
create_kong
Expand All @@ -552,6 +552,7 @@ function image_name {
OPENRESTY=${OPENRESTY:-$(req_find $req_file RESTY_VERSION)}
LUAROCKS=${LUAROCKS:-$(req_find $req_file RESTY_LUAROCKS_VERSION)}
OPENSSL=${OPENSSL:-$(req_find $req_file RESTY_OPENSSL_VERSION)}
BORINGSSL=${BORINGSSL:-$(req_find $req_file RESTY_BORINGSSL_VERSION)}
KONG_NGX_MODULE=${KONG_NGX_MODULE:-$(req_find $req_file KONG_NGINX_MODULE_BRANCH)}
KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS_BRANCH)}
KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER_VERSION:-$(req_find $req_file KONG_GO_PLUGINSERVER_VERSION)}
Expand All @@ -564,21 +565,27 @@ function image_name {
OPENRESTY=${OPENRESTY:-$(yaml_find $yaml_file OPENRESTY)}
LUAROCKS=${LUAROCKS:-$(yaml_find $yaml_file LUAROCKS)}
OPENSSL=${OPENSSL:-$(yaml_find $yaml_file OPENSSL)}
BORINGSSL=${BORINGSSL:-$(yaml_find $yaml_file BORINGSSL)}
fi

if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then
if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then
err "${GOJIRA}: Could not guess version dependencies in" \
"$req_file or $yaml_file. " \
"Specify versions as LUAROCKS, OPENSSL, and OPENRESTY envs"
"Specify versions as LUAROCKS, OPENSSL/BORINGSSL, and OPENRESTY envs"
fi

KONG_NGX_MODULE=${KONG_NGX_MODULE:-master}
KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS:-master}

ssl_provider="openssl-$OPENSSL"
if [[ ! -z $BORINGSSL ]]; then
ssl_provider="boriongssl-$BORINGSSL"
fi

local components=(
"luarocks-$LUAROCKS"
"openresty-${OPENRESTY}"
"openssl-$OPENSSL"
"$ssl_provider"
"knm-$KONG_NGX_MODULE"
"kbt-$KONG_BUILD_TOOLS"
)
Expand Down Expand Up @@ -618,6 +625,8 @@ function build {
"--label LUAROCKS=$LUAROCKS"
"--build-arg OPENSSL=$OPENSSL"
"--label OPENSSL=$OPENSSL"
"--build-arg BORINGSSL=$BORINGSSL"
"--label BORINGSSL=$BORINGSSL"
"--build-arg OPENRESTY=$OPENRESTY"
"--label OPENRESTY=$OPENRESTY"
"--build-arg KONG_NGX_MODULE=$KONG_NGX_MODULE"
Expand All @@ -626,11 +635,16 @@ function build {
"--label KONG_BUILD_TOOLS=$KONG_BUILD_TOOLS"
)

ssl_provider=" * OpenSSL: $OPENSSL "
if [[ ! -z $BORINGSSL ]]; then
ssl_provider=" * BoringSSL: $BORINGSSL "
fi

>&2 echo "Building $GOJIRA_IMAGE"
>&2 echo ""
>&2 echo " Version info"
>&2 echo "=========================="
>&2 echo " * OpenSSL: $OPENSSL "
>&2 echo "$ssl_provider"
>&2 echo " * OpenResty: $OPENRESTY"
>&2 echo " * LuaRocks: $LUAROCKS "
>&2 echo " * Kong NM: $KONG_NGX_MODULE"
Expand Down

0 comments on commit 5ed4b67

Please sign in to comment.