From f0fb118307b7066717796332a038871ff2c31eb4 Mon Sep 17 00:00:00 2001 From: Wangchong Zhou Date: Fri, 4 Mar 2022 12:52:09 +0800 Subject: [PATCH 1/6] boringssl --- docker/Dockerfile | 50 ++++++++++++++++++++++++++++++++--------------- docker/build.sh | 5 ++++- gojira.sh | 29 ++++++++++++++++++++++----- 3 files changed, 62 insertions(+), 22 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index b4bed0b..9f20382 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -32,11 +32,15 @@ RUN apt-get update && \ m4 \ libpcre3 \ libpcre3-dev \ - libyaml-dev + libyaml-dev \ + cmake \ + clang \ + ninja-build # LuaRocks - OpenSSL - OpenResty ARG LUAROCKS ARG OPENSSL +ARG BORINGSSL ARG OPENRESTY ARG KONG_NGX_MODULE ARG KONG_BUILD_TOOLS @@ -58,13 +62,36 @@ ENV LIBGMP_INSTALL=${BUILD_PREFIX}/libgmp ENV LIBNETTLE_INSTALL=${BUILD_PREFIX}/libnettle ENV LIBJQ_INSTALL=${BUILD_PREFIX}/libjq +# Go and go-pluginserver +ENV GO_VERSION=${GO_VERSION} +ENV GOROOT=${BUILD_PREFIX}/go +ENV GOPATH=${BUILD_PREFIX}/gopath +ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH +RUN mkdir -p ${GOROOT} ${GOPATH} + +RUN bash -c "[[ ! -z ${GO_VERSION} || ! -z ${BORINGSSL} ]]" && ( \ + curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \ + tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \ + rm /tmp/go.tar.gz ) || \ + echo "go is not required" + RUN mkdir -p ${BUILD_PREFIX} COPY build.sh ${BUILD_PREFIX} COPY silent ${BUILD_PREFIX}/silent RUN ${BUILD_PREFIX}/build.sh -ENV OPENSSL_DIR=${OPENSSL_INSTALL} -ENV OPENSSL_LIBDIR=${OPENSSL_INSTALL} +# if it's normal openssl +ENV OPENSSL_DIR=${BORINGSSL:-${OPENSSL_INSTALL}} +ENV OPENSSL_LIBDIR=${BORINGSSL:-${OPENSSL_INSTALL}} +ENV OPENSSL_INCDIR=${BORINGSSL:-${OPENSSL_INSTALL}/include} + +# if it's boringssl then +ENV OPENSSL_INSTALL=${BORINGSSL:+/work/boringssl-${BORINGSSL}/.openssl} +# unset OPENSSL_* env vars to use system libraries to build lua modules +# openresty is already built at this point, boringssl libs are correctly linked +ENV OPENSSL_DIR=${BORINGSSL:+/usr} +ENV OPENSSL_LIBDIR=${BORINGSSL:+} +ENV OPENSSL_INCDIR=${BORINGSSL:+} ENV PATH=$PATH:${OPENRESTY_INSTALL}/nginx/sbin:${OPENRESTY_INSTALL}/bin:${LUAROCKS_INSTALL}/bin ENV PATH=${OPENSSL_INSTALL}/bin:$PATH @@ -81,19 +108,6 @@ RUN apt-get update --fix-missing && \ iproute2 \ net-tools -# Go and go-pluginserver -ENV GO_VERSION=${GO_VERSION} -ENV GOROOT=${BUILD_PREFIX}/go -ENV GOPATH=${BUILD_PREFIX}/gopath -ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH -RUN mkdir -p ${GOROOT} ${GOPATH} - -RUN [ ! -z ${GO_VERSION} ] && ( \ - curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \ - tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \ - rm /tmp/go.tar.gz ) || \ - echo "go is not required" - ENV KONG_GO_PLUGINSERVER_INSTALL=${BUILD_PREFIX}/gps ENV KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER} @@ -121,6 +135,10 @@ RUN [ ! -z ${GO_VERSION} ] && ( \ RUN cpanm --notest Test::Nginx RUN cpanm --notest local::lib +RUN export + +RUN echo '###############' + COPY 42-kong-envs.sh /etc/profile.d/ WORKDIR /kong diff --git a/docker/build.sh b/docker/build.sh index fc2c696..d0186a2 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -95,7 +95,6 @@ function build { local flags=( "--prefix ${BUILD_PREFIX}" "--openresty ${OPENRESTY}" - "--openssl ${OPENSSL}" "--luarocks ${LUAROCKS}" ) @@ -113,6 +112,10 @@ function build { if [[ ! -z "${ATC_ROUTER}" ]]; then flags+=("--atc-router ${ATC_ROUTER}") + if [[ ! -z $BORINGSSL ]]; then + flags+=("--boringssl ${BORINGSSL}") + else + flags+=("--openssl ${OPENSSL}") fi local after=() diff --git a/gojira.sh b/gojira.sh index 97262ff..4d59d69 100755 --- a/gojira.sh +++ b/gojira.sh @@ -545,7 +545,7 @@ function image_name { if [[ -n $GOJIRA_IMAGE ]]; then return; fi # No supplied dependency versions - if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then # No supplied local kong path and kong prefix does not exist if [[ -z "$GOJIRA_LOC_PATH" && ! -d "$GOJIRA_KONGS/$PREFIX" ]]; then create_kong @@ -561,6 +561,7 @@ function image_name { LUAROCKS=${LUAROCKS:-$(req_find $req_file RESTY_LUAROCKS_VERSION)} OPENSSL=${OPENSSL:-$(req_find $req_file RESTY_OPENSSL_VERSION)} RESTY_EVENTS=${RESTY_EVENTS:-$(req_find $req_file RESTY_EVENTS_VERSION)} + BORINGSSL=${BORINGSSL:-$(req_find $req_file RESTY_BORINGSSL_VERSION)} KONG_NGX_MODULE=${KONG_NGX_MODULE:-$(req_find $req_file KONG_NGINX_MODULE_BRANCH)} KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS_BRANCH)} KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER_VERSION:-$(req_find $req_file KONG_GO_PLUGINSERVER_VERSION)} @@ -580,21 +581,27 @@ function image_name { RESTY_EVENTS=${RESTY_EVENTS:-$(yaml_find $yaml_file RESTY_EVENTS_VERSION)} RESTY_WEBSOCKET=${RESTY_WEBSOCKET:-$(yaml_find $yaml_file RESTY_WEBSOCKET_VERSION)} ATC_ROUTER=${ATC_ROUTER:-$(yaml_find $yaml_file ATC_ROUTER_VERSION)} + BORINGSSL=${BORINGSSL:-$(yaml_find $yaml_file BORINGSSL)} fi - if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then err "${GOJIRA}: Could not guess version dependencies in" \ "$req_file or $yaml_file. " \ - "Specify versions as LUAROCKS, OPENSSL, and OPENRESTY envs" + "Specify versions as LUAROCKS, OPENSSL/BORINGSSL, and OPENRESTY envs" fi KONG_NGX_MODULE=${KONG_NGX_MODULE:-master} KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS:-master} + ssl_provider="openssl-$OPENSSL" + if [[ ! -z $BORINGSSL ]]; then + ssl_provider="boriongssl-$BORINGSSL" + fi + local components=( "luarocks-$LUAROCKS" "openresty-${OPENRESTY}" - "openssl-$OPENSSL" + "$ssl_provider" "knm-$KONG_NGX_MODULE" "kbt-$KONG_BUILD_TOOLS" ) @@ -640,6 +647,11 @@ function image_name { "atc-router-${ATC_ROUTER}" ) fi + if [[ -n "$BORINGSSL" ]]; then + components+=( + "boring-ssl-${$BORINGSSL}" + ) + fi read -r components_sha rest <<<"$(IFS="-" ; echo -n "${components[*]}" | sha1sum)" GOJIRA_IMAGE=gojira:$components_sha @@ -654,6 +666,8 @@ function build { "--label LUAROCKS=$LUAROCKS" "--build-arg OPENSSL=$OPENSSL" "--label OPENSSL=$OPENSSL" + "--build-arg BORINGSSL=$BORINGSSL" + "--label BORINGSSL=$BORINGSSL" "--build-arg OPENRESTY=$OPENRESTY" "--label OPENRESTY=$OPENRESTY" "--build-arg KONG_NGX_MODULE=$KONG_NGX_MODULE" @@ -663,11 +677,16 @@ function build { "--build-arg APT_MIRROR=$GOJIRA_APT_MIRROR" ) + ssl_provider=" * OpenSSL: $OPENSSL " + if [[ ! -z $BORINGSSL ]]; then + ssl_provider=" * BoringSSL: $BORINGSSL " + fi + >&2 echo "Building $GOJIRA_IMAGE" >&2 echo "" >&2 echo " Version info" >&2 echo "==========================" - >&2 echo " * OpenSSL: $OPENSSL " + >&2 echo "$ssl_provider" >&2 echo " * OpenResty: $OPENRESTY" >&2 echo " * LuaRocks: $LUAROCKS " >&2 echo " * Kong NM: $KONG_NGX_MODULE" From 9902e4c273bba4d75c345184e3d66d8b1ca13f54 Mon Sep 17 00:00:00 2001 From: Wangchong Zhou Date: Fri, 8 Apr 2022 01:19:44 +0800 Subject: [PATCH 2/6] Apply suggestions from code review Co-authored-by: Fero <6863207+mikefero@users.noreply.github.com> --- gojira.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gojira.sh b/gojira.sh index 4d59d69..32b11e4 100755 --- a/gojira.sh +++ b/gojira.sh @@ -545,7 +545,7 @@ function image_name { if [[ -n $GOJIRA_IMAGE ]]; then return; fi # No supplied dependency versions - if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS || -z "${OPENSSL}${BORINGSSL}" || -z $OPENRESTY ]]; then # No supplied local kong path and kong prefix does not exist if [[ -z "$GOJIRA_LOC_PATH" && ! -d "$GOJIRA_KONGS/$PREFIX" ]]; then create_kong @@ -584,7 +584,7 @@ function image_name { BORINGSSL=${BORINGSSL:-$(yaml_find $yaml_file BORINGSSL)} fi - if [[ -z $LUAROCKS || (-z $OPENSSL && -z $BORINGSSL) || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS || -z "${OPENSSL}${BORINGSSL}" || -z $OPENRESTY ]]; then err "${GOJIRA}: Could not guess version dependencies in" \ "$req_file or $yaml_file. " \ "Specify versions as LUAROCKS, OPENSSL/BORINGSSL, and OPENRESTY envs" @@ -594,7 +594,7 @@ function image_name { KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS:-master} ssl_provider="openssl-$OPENSSL" - if [[ ! -z $BORINGSSL ]]; then + if [[ -n $BORINGSSL ]]; then ssl_provider="boriongssl-$BORINGSSL" fi @@ -678,7 +678,7 @@ function build { ) ssl_provider=" * OpenSSL: $OPENSSL " - if [[ ! -z $BORINGSSL ]]; then + if [[ -n $BORINGSSL ]]; then ssl_provider=" * BoringSSL: $BORINGSSL " fi From 2dfa8cff7e8f2c33b1c1193ffbfdaa5b1a8740e1 Mon Sep 17 00:00:00 2001 From: Alan Boudreault Date: Thu, 14 Apr 2022 09:04:40 -0400 Subject: [PATCH 3/6] fix(*) add missing lib and ensure GO_VERSION is passed to docker --- docker/Dockerfile | 7 ++++--- gojira.sh | 18 ++++++++++++++---- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 9f20382..550a8d5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -35,7 +35,8 @@ RUN apt-get update && \ libyaml-dev \ cmake \ clang \ - ninja-build + ninja-build \ + libunwind-dev # LuaRocks - OpenSSL - OpenResty ARG LUAROCKS @@ -69,7 +70,7 @@ ENV GOPATH=${BUILD_PREFIX}/gopath ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH RUN mkdir -p ${GOROOT} ${GOPATH} -RUN bash -c "[[ ! -z ${GO_VERSION} || ! -z ${BORINGSSL} ]]" && ( \ +RUN bash -c '[[ ! -z "${GO_VERSION}" ]]' && echo https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz && ( \ curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \ tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \ rm /tmp/go.tar.gz ) || \ @@ -127,7 +128,7 @@ RUN [ ! -z ${KONG_GO_PLUGINSERVER} ] && ( \ # Test Enablement # --------------- # Add vegeta HTTP load testing tool for executing stress tests -RUN [ ! -z ${GO_VERSION} ] && ( \ +RUN [ ! -z "${GO_VERSION}" ] && ( \ go get -u github.com/tsenart/vegeta && \ vegeta -version ) || \ echo "go has not been installed; vegeta requires golang" diff --git a/gojira.sh b/gojira.sh index 32b11e4..96aaec6 100755 --- a/gojira.sh +++ b/gojira.sh @@ -545,7 +545,7 @@ function image_name { if [[ -n $GOJIRA_IMAGE ]]; then return; fi # No supplied dependency versions - if [[ -z $LUAROCKS || -z "${OPENSSL}${BORINGSSL}" || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS ]] || [[ -z "${OPENSSL}${BORINGSSL}" ]] || [[ -z $OPENRESTY ]]; then # No supplied local kong path and kong prefix does not exist if [[ -z "$GOJIRA_LOC_PATH" && ! -d "$GOJIRA_KONGS/$PREFIX" ]]; then create_kong @@ -605,10 +605,15 @@ function image_name { "knm-$KONG_NGX_MODULE" "kbt-$KONG_BUILD_TOOLS" ) + if [[ -n "$KONG_GO_PLUGINSERVER" ]] || [[ -n "$BORINGSSL" ]]; then + GO_VERSION=${GO_VERSION:-1.13.12} + components+=( + "go-$GO_VERSION" + ) + fi if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then GO_VERSION=${GO_VERSION:-1.13.12} components+=( - "go-$GO_VERSION" "gps-$KONG_GO_PLUGINSERVER" ) fi @@ -720,14 +725,19 @@ function build { ) >&2 echo " * Resty Events: $RESTY_EVENTS" fi - if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then + + if [[ -n "$KONG_GO_PLUGINSERVER" ]] || [[ -n "$BORINGSSL" ]]; then BUILD_ARGS+=( "--build-arg GO_VERSION=$GO_VERSION" "--label GO_VERSION=$GO_VERSION" + ) + >&2 echo " * Go: $GO_VERSION" + fi + if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then + BUILD_ARGS+=( "--build-arg KONG_GO_PLUGINSERVER=$KONG_GO_PLUGINSERVER" "--label KONG_GO_PLUGINSERVER=$KONG_GO_PLUGINSERVER" ) - >&2 echo " * Go: $GO_VERSION" >&2 echo " * Kong GPS: $KONG_GO_PLUGINSERVER" fi if [[ -n "$KONG_LIBGMP" ]]; then From 2ada136489bd47c7d39828bb3a048c4837a437e5 Mon Sep 17 00:00:00 2001 From: Alan Boudreault Date: Thu, 21 Apr 2022 21:28:02 -0400 Subject: [PATCH 4/6] squash: merge conflict mistake --- docker/build.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker/build.sh b/docker/build.sh index d0186a2..5af8527 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -112,7 +112,9 @@ function build { if [[ ! -z "${ATC_ROUTER}" ]]; then flags+=("--atc-router ${ATC_ROUTER}") - if [[ ! -z $BORINGSSL ]]; then + fi + + if [[ ! -z "${BORINGSSL}" ]]; then flags+=("--boringssl ${BORINGSSL}") else flags+=("--openssl ${OPENSSL}") From 19424710c305fd7382ae837e2d5e816b85bfe3cc Mon Sep 17 00:00:00 2001 From: Alan Boudreault Date: Thu, 8 Sep 2022 13:43:16 -0400 Subject: [PATCH 5/6] ttt --- docker/build.sh | 1 + gojira.sh | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/build.sh b/docker/build.sh index 5af8527..976e7d4 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -115,6 +115,7 @@ function build { fi if [[ ! -z "${BORINGSSL}" ]]; then + flags+=("--ssl-provider boringssl") flags+=("--boringssl ${BORINGSSL}") else flags+=("--openssl ${OPENSSL}") diff --git a/gojira.sh b/gojira.sh index 96aaec6..4a46ab5 100755 --- a/gojira.sh +++ b/gojira.sh @@ -595,7 +595,7 @@ function image_name { ssl_provider="openssl-$OPENSSL" if [[ -n $BORINGSSL ]]; then - ssl_provider="boriongssl-$BORINGSSL" + ssl_provider="boringssl-$BORINGSSL" fi local components=( @@ -654,7 +654,7 @@ function image_name { fi if [[ -n "$BORINGSSL" ]]; then components+=( - "boring-ssl-${$BORINGSSL}" + "boring-ssl-${BORINGSSL}" ) fi From cacbb4365d9a609fe6bc8a6ac564bedc7e7e2bac Mon Sep 17 00:00:00 2001 From: Alan Boudreault Date: Thu, 8 Sep 2022 15:33:23 -0400 Subject: [PATCH 6/6] ttt --- docker/build.sh | 3 +-- gojira.sh | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/docker/build.sh b/docker/build.sh index 976e7d4..7e0df11 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -117,9 +117,8 @@ function build { if [[ ! -z "${BORINGSSL}" ]]; then flags+=("--ssl-provider boringssl") flags+=("--boringssl ${BORINGSSL}") - else - flags+=("--openssl ${OPENSSL}") fi + flags+=("--openssl ${OPENSSL}") local after=() diff --git a/gojira.sh b/gojira.sh index 4a46ab5..ef72461 100755 --- a/gojira.sh +++ b/gojira.sh @@ -563,7 +563,7 @@ function image_name { RESTY_EVENTS=${RESTY_EVENTS:-$(req_find $req_file RESTY_EVENTS_VERSION)} BORINGSSL=${BORINGSSL:-$(req_find $req_file RESTY_BORINGSSL_VERSION)} KONG_NGX_MODULE=${KONG_NGX_MODULE:-$(req_find $req_file KONG_NGINX_MODULE_BRANCH)} - KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS_BRANCH)} + KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS)} KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER_VERSION:-$(req_find $req_file KONG_GO_PLUGINSERVER_VERSION)} KONG_LIBGMP=${GMP_VERSION:-$(req_find $req_file KONG_GMP_VERSION)} KONG_LIBNETTLE=${NETTLE_VERSION:-$(req_find $req_file KONG_DEP_NETTLE_VERSION)}