Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wip boringssl #40

Closed
wants to merge 2 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 34 additions & 16 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,15 @@ RUN apt-get update && \
m4 \
libpcre3 \
libpcre3-dev \
libyaml-dev
libyaml-dev \
cmake \
clang \
ninja-build

# LuaRocks - OpenSSL - OpenResty
ARG LUAROCKS
ARG OPENSSL
ARG BORINGSSL
ARG OPENRESTY
ARG KONG_NGX_MODULE
ARG KONG_BUILD_TOOLS
Expand All @@ -47,13 +51,36 @@ ENV LIBGMP_INSTALL=${BUILD_PREFIX}/libgmp
ENV LIBNETTLE_INSTALL=${BUILD_PREFIX}/libnettle
ENV LIBJQ_INSTALL=${BUILD_PREFIX}/libjq

# Go and go-pluginserver
ENV GO_VERSION=${GO_VERSION}
ENV GOROOT=${BUILD_PREFIX}/go
ENV GOPATH=${BUILD_PREFIX}/gopath
ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH
RUN mkdir -p ${GOROOT} ${GOPATH}

RUN bash -c "[[ ! -z ${GO_VERSION} || ! -z ${BORINGSSL} ]]" && ( \
curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \
tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \
rm /tmp/go.tar.gz ) || \
echo "go is not required"

RUN mkdir -p ${BUILD_PREFIX}
COPY build.sh ${BUILD_PREFIX}
COPY silent ${BUILD_PREFIX}/silent
RUN ${BUILD_PREFIX}/build.sh

ENV OPENSSL_DIR=${OPENSSL_INSTALL}
ENV OPENSSL_LIBDIR=${OPENSSL_INSTALL}
# if it's normal openssl
ENV OPENSSL_DIR=${BORINGSSL:-${OPENSSL_INSTALL}}
ENV OPENSSL_LIBDIR=${BORINGSSL:-${OPENSSL_INSTALL}}
ENV OPENSSL_INCDIR=${BORINGSSL:-${OPENSSL_INSTALL}/include}

# if it's boringssl then
ENV OPENSSL_INSTALL=${BORINGSSL:+/work/boringssl-${BORINGSSL}/.openssl}
# unset OPENSSL_* env vars to use system libraries to build lua modules
# openresty is already built at this point, boringssl libs are correctly linked
ENV OPENSSL_DIR=${BORINGSSL:+/usr}
ENV OPENSSL_LIBDIR=${BORINGSSL:+}
ENV OPENSSL_INCDIR=${BORINGSSL:+}

ENV PATH=$PATH:${OPENRESTY_INSTALL}/nginx/sbin:${OPENRESTY_INSTALL}/bin:${LUAROCKS_INSTALL}/bin
ENV PATH=${OPENSSL_INSTALL}/bin:$PATH
Expand All @@ -70,19 +97,6 @@ RUN apt-get update --fix-missing && \
iproute2 \
net-tools

# Go and go-pluginserver
ENV GO_VERSION=${GO_VERSION}
ENV GOROOT=${BUILD_PREFIX}/go
ENV GOPATH=${BUILD_PREFIX}/gopath
ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH
RUN mkdir -p ${GOROOT} ${GOPATH}

RUN [ ! -z ${GO_VERSION} ] && ( \
curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \
tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \
rm /tmp/go.tar.gz ) || \
echo "go is not required"

ENV KONG_GO_PLUGINSERVER_INSTALL=${BUILD_PREFIX}/gps
ENV KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER}

Expand Down Expand Up @@ -110,6 +124,10 @@ RUN [ ! -z ${GO_VERSION} ] && ( \
RUN cpanm --notest Test::Nginx
RUN cpanm --notest local::lib

RUN export

RUN echo '###############'

COPY 42-kong-envs.sh /etc/profile.d/

WORKDIR /kong
7 changes: 6 additions & 1 deletion docker/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,15 @@ function build {
local flags=(
"--prefix ${BUILD_PREFIX}"
"--openresty ${OPENRESTY}"
"--openssl ${OPENSSL}"
"--luarocks ${LUAROCKS}"
)

if [[ ! -z $BORINGSSL ]]; then
flags+=("--boringssl ${BORINGSSL}")
else
flags+=("--openssl ${OPENSSL}")
fi

local after=()

if version_lte $OPENSSL 1.0; then
Expand Down
24 changes: 19 additions & 5 deletions gojira.sh
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,7 @@ function image_name {
if [[ -n $GOJIRA_IMAGE ]]; then return; fi

# No supplied dependency versions
if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then
if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then
fffonion marked this conversation as resolved.
Show resolved Hide resolved
# No supplied local kong path and kong prefix does not exist
if [[ -z "$GOJIRA_LOC_PATH" && ! -d "$GOJIRA_KONGS/$PREFIX" ]]; then
create_kong
Expand All @@ -552,6 +552,7 @@ function image_name {
OPENRESTY=${OPENRESTY:-$(req_find $req_file RESTY_VERSION)}
LUAROCKS=${LUAROCKS:-$(req_find $req_file RESTY_LUAROCKS_VERSION)}
OPENSSL=${OPENSSL:-$(req_find $req_file RESTY_OPENSSL_VERSION)}
BORINGSSL=${BORINGSSL:-$(req_find $req_file RESTY_BORINGSSL_VERSION)}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the var name will probably be modified in kong-ee? https://github.com/Kong/kong-ee/blob/master/.requirements#L13

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure i get this one, are you suggesting to rename this variable to name BORINGSSL_VERSION that aligns to .requirements?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.requirements uses BORINGSSL_VERSION and the gojira PR is trying to read RESTY_BORINGSSL_VERSION. so just asking which one is correct.

KONG_NGX_MODULE=${KONG_NGX_MODULE:-$(req_find $req_file KONG_NGINX_MODULE_BRANCH)}
KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS_BRANCH)}
KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER_VERSION:-$(req_find $req_file KONG_GO_PLUGINSERVER_VERSION)}
Expand All @@ -564,21 +565,27 @@ function image_name {
OPENRESTY=${OPENRESTY:-$(yaml_find $yaml_file OPENRESTY)}
LUAROCKS=${LUAROCKS:-$(yaml_find $yaml_file LUAROCKS)}
OPENSSL=${OPENSSL:-$(yaml_find $yaml_file OPENSSL)}
BORINGSSL=${BORINGSSL:-$(yaml_find $yaml_file BORINGSSL)}
fi

if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then
if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then
fffonion marked this conversation as resolved.
Show resolved Hide resolved
err "${GOJIRA}: Could not guess version dependencies in" \
"$req_file or $yaml_file. " \
"Specify versions as LUAROCKS, OPENSSL, and OPENRESTY envs"
"Specify versions as LUAROCKS, OPENSSL/BORINGSSL, and OPENRESTY envs"
fi

KONG_NGX_MODULE=${KONG_NGX_MODULE:-master}
KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS:-master}

ssl_provider="openssl-$OPENSSL"
if [[ ! -z $BORINGSSL ]]; then
fffonion marked this conversation as resolved.
Show resolved Hide resolved
ssl_provider="boriongssl-$BORINGSSL"
fi

local components=(
"luarocks-$LUAROCKS"
"openresty-${OPENRESTY}"
"openssl-$OPENSSL"
"$ssl_provider"
"knm-$KONG_NGX_MODULE"
"kbt-$KONG_BUILD_TOOLS"
)
Expand Down Expand Up @@ -618,6 +625,8 @@ function build {
"--label LUAROCKS=$LUAROCKS"
"--build-arg OPENSSL=$OPENSSL"
"--label OPENSSL=$OPENSSL"
"--build-arg BORINGSSL=$BORINGSSL"
"--label BORINGSSL=$BORINGSSL"
"--build-arg OPENRESTY=$OPENRESTY"
"--label OPENRESTY=$OPENRESTY"
"--build-arg KONG_NGX_MODULE=$KONG_NGX_MODULE"
Expand All @@ -626,11 +635,16 @@ function build {
"--label KONG_BUILD_TOOLS=$KONG_BUILD_TOOLS"
)

ssl_provider=" * OpenSSL: $OPENSSL "
if [[ ! -z $BORINGSSL ]]; then
fffonion marked this conversation as resolved.
Show resolved Hide resolved
ssl_provider=" * BoringSSL: $BORINGSSL "
fi

>&2 echo "Building $GOJIRA_IMAGE"
>&2 echo ""
>&2 echo " Version info"
>&2 echo "=========================="
>&2 echo " * OpenSSL: $OPENSSL "
>&2 echo "$ssl_provider"
>&2 echo " * OpenResty: $OPENRESTY"
>&2 echo " * LuaRocks: $LUAROCKS "
>&2 echo " * Kong NM: $KONG_NGX_MODULE"
Expand Down