diff --git a/docker/Dockerfile b/docker/Dockerfile index 26f2548..69ecd20 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -25,11 +25,15 @@ RUN apt-get update && \ m4 \ libpcre3 \ libpcre3-dev \ - libyaml-dev + libyaml-dev \ + cmake \ + clang \ + ninja-build # LuaRocks - OpenSSL - OpenResty ARG LUAROCKS ARG OPENSSL +ARG BORINGSSL ARG OPENRESTY ARG KONG_NGX_MODULE ARG KONG_BUILD_TOOLS @@ -47,13 +51,36 @@ ENV LIBGMP_INSTALL=${BUILD_PREFIX}/libgmp ENV LIBNETTLE_INSTALL=${BUILD_PREFIX}/libnettle ENV LIBJQ_INSTALL=${BUILD_PREFIX}/libjq +# Go and go-pluginserver +ENV GO_VERSION=${GO_VERSION} +ENV GOROOT=${BUILD_PREFIX}/go +ENV GOPATH=${BUILD_PREFIX}/gopath +ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH +RUN mkdir -p ${GOROOT} ${GOPATH} + +RUN bash -c "[[ ! -z ${GO_VERSION} || ! -z ${BORINGSSL} ]]" && ( \ + curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \ + tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \ + rm /tmp/go.tar.gz ) || \ + echo "go is not required" + RUN mkdir -p ${BUILD_PREFIX} COPY build.sh ${BUILD_PREFIX} COPY silent ${BUILD_PREFIX}/silent RUN ${BUILD_PREFIX}/build.sh -ENV OPENSSL_DIR=${OPENSSL_INSTALL} -ENV OPENSSL_LIBDIR=${OPENSSL_INSTALL} +# if it's normal openssl +ENV OPENSSL_DIR=${BORINGSSL:-${OPENSSL_INSTALL}} +ENV OPENSSL_LIBDIR=${BORINGSSL:-${OPENSSL_INSTALL}} +ENV OPENSSL_INCDIR=${BORINGSSL:-${OPENSSL_INSTALL}/include} + +# if it's boringssl then +ENV OPENSSL_INSTALL=${BORINGSSL:+/work/boringssl-${BORINGSSL}/.openssl} +# unset OPENSSL_* env vars to use system libraries to build lua modules +# openresty is already built at this point, boringssl libs are correctly linked +ENV OPENSSL_DIR=${BORINGSSL:+} +ENV OPENSSL_LIBDIR=${BORINGSSL:+} +ENV OPENSSL_INCDIR=${BORINGSSL:+} ENV PATH=$PATH:${OPENRESTY_INSTALL}/nginx/sbin:${OPENRESTY_INSTALL}/bin:${LUAROCKS_INSTALL}/bin ENV PATH=${OPENSSL_INSTALL}/bin:$PATH @@ -70,19 +97,6 @@ RUN apt-get update --fix-missing && \ iproute2 \ net-tools -# Go and go-pluginserver -ENV GO_VERSION=${GO_VERSION} -ENV GOROOT=${BUILD_PREFIX}/go -ENV GOPATH=${BUILD_PREFIX}/gopath -ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH -RUN mkdir -p ${GOROOT} ${GOPATH} - -RUN [ ! -z ${GO_VERSION} ] && ( \ - curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \ - tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \ - rm /tmp/go.tar.gz ) || \ - echo "go is not required" - ENV KONG_GO_PLUGINSERVER_INSTALL=${BUILD_PREFIX}/gps ENV KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER} @@ -110,6 +124,10 @@ RUN [ ! -z ${GO_VERSION} ] && ( \ RUN cpanm --notest Test::Nginx RUN cpanm --notest local::lib +RUN export + +RUN echo '###############' + COPY 42-kong-envs.sh /etc/profile.d/ WORKDIR /kong diff --git a/docker/build.sh b/docker/build.sh index bf77964..ff648b8 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -87,10 +87,15 @@ function build { local flags=( "--prefix ${BUILD_PREFIX}" "--openresty ${OPENRESTY}" - "--openssl ${OPENSSL}" "--luarocks ${LUAROCKS}" ) + if [[ ! -z $BORINGSSL ]]; then + flags+=("--boringssl ${BORINGSSL}") + else + flags+=("--openssl ${OPENSSL}") + fi + local after=() if version_lte $OPENSSL 1.0; then diff --git a/gojira.sh b/gojira.sh index 5191cb5..81833da 100755 --- a/gojira.sh +++ b/gojira.sh @@ -537,7 +537,7 @@ function image_name { if [[ -n $GOJIRA_IMAGE ]]; then return; fi # No supplied dependency versions - if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then # No supplied local kong path and kong prefix does not exist if [[ -z "$GOJIRA_LOC_PATH" && ! -d "$GOJIRA_KONGS/$PREFIX" ]]; then create_kong @@ -552,6 +552,7 @@ function image_name { OPENRESTY=${OPENRESTY:-$(req_find $req_file RESTY_VERSION)} LUAROCKS=${LUAROCKS:-$(req_find $req_file RESTY_LUAROCKS_VERSION)} OPENSSL=${OPENSSL:-$(req_find $req_file RESTY_OPENSSL_VERSION)} + BORINGSSL=${BORINGSSL:-$(req_find $req_file RESTY_BORINGSSL_VERSION)} KONG_NGX_MODULE=${KONG_NGX_MODULE:-$(req_find $req_file KONG_NGINX_MODULE_BRANCH)} KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS_BRANCH)} KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER_VERSION:-$(req_find $req_file KONG_GO_PLUGINSERVER_VERSION)} @@ -564,21 +565,27 @@ function image_name { OPENRESTY=${OPENRESTY:-$(yaml_find $yaml_file OPENRESTY)} LUAROCKS=${LUAROCKS:-$(yaml_find $yaml_file LUAROCKS)} OPENSSL=${OPENSSL:-$(yaml_find $yaml_file OPENSSL)} + BORINGSSL=${BORINGSSL:-$(yaml_find $yaml_file BORINGSSL)} fi - if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then err "${GOJIRA}: Could not guess version dependencies in" \ "$req_file or $yaml_file. " \ - "Specify versions as LUAROCKS, OPENSSL, and OPENRESTY envs" + "Specify versions as LUAROCKS, OPENSSL/BORINGSSL, and OPENRESTY envs" fi KONG_NGX_MODULE=${KONG_NGX_MODULE:-master} KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS:-master} + ssl_provider="openssl-$OPENSSL" + if [[ ! -z $BORINGSSL ]]; then + ssl_provider="boriongssl-$BORINGSSL" + fi + local components=( "luarocks-$LUAROCKS" "openresty-${OPENRESTY}" - "openssl-$OPENSSL" + "$ssl_provider" "knm-$KONG_NGX_MODULE" "kbt-$KONG_BUILD_TOOLS" ) @@ -618,6 +625,8 @@ function build { "--label LUAROCKS=$LUAROCKS" "--build-arg OPENSSL=$OPENSSL" "--label OPENSSL=$OPENSSL" + "--build-arg BORINGSSL=$BORINGSSL" + "--label BORINGSSL=$BORINGSSL" "--build-arg OPENRESTY=$OPENRESTY" "--label OPENRESTY=$OPENRESTY" "--build-arg KONG_NGX_MODULE=$KONG_NGX_MODULE" @@ -626,11 +635,16 @@ function build { "--label KONG_BUILD_TOOLS=$KONG_BUILD_TOOLS" ) + ssl_provider=" * OpenSSL: $OPENSSL " + if [[ ! -z $BORINGSSL ]]; then + ssl_provider=" * BoringSSL: $BORINGSSL " + fi + >&2 echo "Building $GOJIRA_IMAGE" >&2 echo "" >&2 echo " Version info" >&2 echo "==========================" - >&2 echo " * OpenSSL: $OPENSSL " + >&2 echo "$ssl_provider" >&2 echo " * OpenResty: $OPENRESTY" >&2 echo " * LuaRocks: $LUAROCKS " >&2 echo " * Kong NM: $KONG_NGX_MODULE"