Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add boringssl support #48

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 36 additions & 17 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,16 @@ RUN apt-get update && \
m4 \
libpcre3 \
libpcre3-dev \
libyaml-dev
libyaml-dev \
cmake \
clang \
ninja-build \
libunwind-dev

# LuaRocks - OpenSSL - OpenResty
ARG LUAROCKS
ARG OPENSSL
ARG BORINGSSL
ARG OPENRESTY
ARG KONG_NGX_MODULE
ARG KONG_BUILD_TOOLS
Expand All @@ -58,13 +63,36 @@ ENV LIBGMP_INSTALL=${BUILD_PREFIX}/libgmp
ENV LIBNETTLE_INSTALL=${BUILD_PREFIX}/libnettle
ENV LIBJQ_INSTALL=${BUILD_PREFIX}/libjq

# Go and go-pluginserver
ENV GO_VERSION=${GO_VERSION}
ENV GOROOT=${BUILD_PREFIX}/go
ENV GOPATH=${BUILD_PREFIX}/gopath
ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH
RUN mkdir -p ${GOROOT} ${GOPATH}

RUN bash -c '[[ ! -z "${GO_VERSION}" ]]' && echo https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz && ( \
curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \
tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \
rm /tmp/go.tar.gz ) || \
echo "go is not required"

RUN mkdir -p ${BUILD_PREFIX}
COPY build.sh ${BUILD_PREFIX}
COPY silent ${BUILD_PREFIX}/silent
RUN ${BUILD_PREFIX}/build.sh

ENV OPENSSL_DIR=${OPENSSL_INSTALL}
ENV OPENSSL_LIBDIR=${OPENSSL_INSTALL}
# if it's normal openssl
ENV OPENSSL_DIR=${BORINGSSL:-${OPENSSL_INSTALL}}
ENV OPENSSL_LIBDIR=${BORINGSSL:-${OPENSSL_INSTALL}}
ENV OPENSSL_INCDIR=${BORINGSSL:-${OPENSSL_INSTALL}/include}

# if it's boringssl then
ENV OPENSSL_INSTALL=${BORINGSSL:+/work/boringssl-${BORINGSSL}/.openssl}
# unset OPENSSL_* env vars to use system libraries to build lua modules
# openresty is already built at this point, boringssl libs are correctly linked
ENV OPENSSL_DIR=${BORINGSSL:+/usr}
ENV OPENSSL_LIBDIR=${BORINGSSL:+}
ENV OPENSSL_INCDIR=${BORINGSSL:+}

ENV PATH=$PATH:${OPENRESTY_INSTALL}/nginx/sbin:${OPENRESTY_INSTALL}/bin:${LUAROCKS_INSTALL}/bin
ENV PATH=${OPENSSL_INSTALL}/bin:$PATH
Expand All @@ -81,19 +109,6 @@ RUN apt-get update --fix-missing && \
iproute2 \
net-tools

# Go and go-pluginserver
ENV GO_VERSION=${GO_VERSION}
ENV GOROOT=${BUILD_PREFIX}/go
ENV GOPATH=${BUILD_PREFIX}/gopath
ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH
RUN mkdir -p ${GOROOT} ${GOPATH}

RUN [ ! -z ${GO_VERSION} ] && ( \
curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \
tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \
rm /tmp/go.tar.gz ) || \
echo "go is not required"

ENV KONG_GO_PLUGINSERVER_INSTALL=${BUILD_PREFIX}/gps
ENV KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER}

Expand All @@ -113,14 +128,18 @@ RUN [ ! -z ${KONG_GO_PLUGINSERVER} ] && ( \
# Test Enablement
# ---------------
# Add vegeta HTTP load testing tool for executing stress tests
RUN [ ! -z ${GO_VERSION} ] && ( \
RUN [ ! -z "${GO_VERSION}" ] && ( \
go get -u github.com/tsenart/vegeta && \
vegeta -version ) || \
echo "go has not been installed; vegeta requires golang"

RUN cpanm --notest Test::Nginx
RUN cpanm --notest local::lib

RUN export
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was probably for debugging, to remove?


RUN echo '###############'

COPY 42-kong-envs.sh /etc/profile.d/

WORKDIR /kong
7 changes: 6 additions & 1 deletion docker/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,6 @@ function build {
local flags=(
"--prefix ${BUILD_PREFIX}"
"--openresty ${OPENRESTY}"
"--openssl ${OPENSSL}"
"--luarocks ${LUAROCKS}"
)

Expand All @@ -115,6 +114,12 @@ function build {
flags+=("--atc-router ${ATC_ROUTER}")
fi

if [[ ! -z "${BORINGSSL}" ]]; then
flags+=("--ssl-provider boringssl")
flags+=("--boringssl ${BORINGSSL}")
fi
flags+=("--openssl ${OPENSSL}")

local after=()

if version_lte $OPENSSL 1.0; then
Expand Down
47 changes: 38 additions & 9 deletions gojira.sh
Original file line number Diff line number Diff line change
Expand Up @@ -545,7 +545,7 @@ function image_name {
if [[ -n $GOJIRA_IMAGE ]]; then return; fi

# No supplied dependency versions
if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then
if [[ -z $LUAROCKS ]] || [[ -z "${OPENSSL}${BORINGSSL}" ]] || [[ -z $OPENRESTY ]]; then
# No supplied local kong path and kong prefix does not exist
if [[ -z "$GOJIRA_LOC_PATH" && ! -d "$GOJIRA_KONGS/$PREFIX" ]]; then
create_kong
Expand All @@ -561,8 +561,9 @@ function image_name {
LUAROCKS=${LUAROCKS:-$(req_find $req_file RESTY_LUAROCKS_VERSION)}
OPENSSL=${OPENSSL:-$(req_find $req_file RESTY_OPENSSL_VERSION)}
RESTY_EVENTS=${RESTY_EVENTS:-$(req_find $req_file RESTY_EVENTS_VERSION)}
BORINGSSL=${BORINGSSL:-$(req_find $req_file RESTY_BORINGSSL_VERSION)}
KONG_NGX_MODULE=${KONG_NGX_MODULE:-$(req_find $req_file KONG_NGINX_MODULE_BRANCH)}
KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS_BRANCH)}
KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS)}
KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER_VERSION:-$(req_find $req_file KONG_GO_PLUGINSERVER_VERSION)}
KONG_LIBGMP=${GMP_VERSION:-$(req_find $req_file KONG_GMP_VERSION)}
KONG_LIBNETTLE=${NETTLE_VERSION:-$(req_find $req_file KONG_DEP_NETTLE_VERSION)}
Expand All @@ -580,28 +581,39 @@ function image_name {
RESTY_EVENTS=${RESTY_EVENTS:-$(yaml_find $yaml_file RESTY_EVENTS_VERSION)}
RESTY_WEBSOCKET=${RESTY_WEBSOCKET:-$(yaml_find $yaml_file RESTY_WEBSOCKET_VERSION)}
ATC_ROUTER=${ATC_ROUTER:-$(yaml_find $yaml_file ATC_ROUTER_VERSION)}
BORINGSSL=${BORINGSSL:-$(yaml_find $yaml_file BORINGSSL)}
fi

if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then
if [[ -z $LUAROCKS || -z "${OPENSSL}${BORINGSSL}" || -z $OPENRESTY ]]; then
err "${GOJIRA}: Could not guess version dependencies in" \
"$req_file or $yaml_file. " \
"Specify versions as LUAROCKS, OPENSSL, and OPENRESTY envs"
"Specify versions as LUAROCKS, OPENSSL/BORINGSSL, and OPENRESTY envs"
fi

KONG_NGX_MODULE=${KONG_NGX_MODULE:-master}
KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS:-master}

ssl_provider="openssl-$OPENSSL"
if [[ -n $BORINGSSL ]]; then
ssl_provider="boringssl-$BORINGSSL"
fi

local components=(
"luarocks-$LUAROCKS"
"openresty-${OPENRESTY}"
"openssl-$OPENSSL"
"$ssl_provider"
"knm-$KONG_NGX_MODULE"
"kbt-$KONG_BUILD_TOOLS"
)
if [[ -n "$KONG_GO_PLUGINSERVER" ]] || [[ -n "$BORINGSSL" ]]; then
GO_VERSION=${GO_VERSION:-1.13.12}
components+=(
"go-$GO_VERSION"
)
fi
if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then
GO_VERSION=${GO_VERSION:-1.13.12}
components+=(
"go-$GO_VERSION"
"gps-$KONG_GO_PLUGINSERVER"
)
fi
aboudreault marked this conversation as resolved.
Show resolved Hide resolved
Expand Down Expand Up @@ -640,6 +652,11 @@ function image_name {
"atc-router-${ATC_ROUTER}"
)
fi
if [[ -n "$BORINGSSL" ]]; then
components+=(
"boring-ssl-${BORINGSSL}"
)
fi

read -r components_sha rest <<<"$(IFS="-" ; echo -n "${components[*]}" | sha1sum)"
GOJIRA_IMAGE=gojira:$components_sha
Expand All @@ -654,6 +671,8 @@ function build {
"--label LUAROCKS=$LUAROCKS"
"--build-arg OPENSSL=$OPENSSL"
"--label OPENSSL=$OPENSSL"
"--build-arg BORINGSSL=$BORINGSSL"
"--label BORINGSSL=$BORINGSSL"
"--build-arg OPENRESTY=$OPENRESTY"
"--label OPENRESTY=$OPENRESTY"
"--build-arg KONG_NGX_MODULE=$KONG_NGX_MODULE"
Expand All @@ -663,11 +682,16 @@ function build {
"--build-arg APT_MIRROR=$GOJIRA_APT_MIRROR"
)

ssl_provider=" * OpenSSL: $OPENSSL "
if [[ -n $BORINGSSL ]]; then
ssl_provider=" * BoringSSL: $BORINGSSL "
fi

>&2 echo "Building $GOJIRA_IMAGE"
>&2 echo ""
>&2 echo " Version info"
>&2 echo "=========================="
>&2 echo " * OpenSSL: $OPENSSL "
>&2 echo "$ssl_provider"
>&2 echo " * OpenResty: $OPENRESTY"
>&2 echo " * LuaRocks: $LUAROCKS "
>&2 echo " * Kong NM: $KONG_NGX_MODULE"
Expand Down Expand Up @@ -701,14 +725,19 @@ function build {
)
>&2 echo " * Resty Events: $RESTY_EVENTS"
fi
if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then

if [[ -n "$KONG_GO_PLUGINSERVER" ]] || [[ -n "$BORINGSSL" ]]; then
BUILD_ARGS+=(
"--build-arg GO_VERSION=$GO_VERSION"
"--label GO_VERSION=$GO_VERSION"
)
>&2 echo " * Go: $GO_VERSION"
fi
if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then
BUILD_ARGS+=(
"--build-arg KONG_GO_PLUGINSERVER=$KONG_GO_PLUGINSERVER"
"--label KONG_GO_PLUGINSERVER=$KONG_GO_PLUGINSERVER"
)
>&2 echo " * Go: $GO_VERSION"
>&2 echo " * Kong GPS: $KONG_GO_PLUGINSERVER"
fi
if [[ -n "$KONG_LIBGMP" ]]; then
Expand Down