diff --git a/boring-sys/Cargo.toml b/boring-sys/Cargo.toml index 20fd892f..b6257348 100644 --- a/boring-sys/Cargo.toml +++ b/boring-sys/Cargo.toml @@ -71,14 +71,6 @@ rpk = [] # can be provided by setting `BORING_BSSL{,_FIPS}_SOURCE_PATH`. pq-experimental = [] -# Disables git patching of the BoringSSL sources for features like `rpk` and `pq-experimental`, -# but keeps the related Rust API. -# -# Supposed to be used with either pre-compiled BoringSSL (via `BORING_BSSL{,_FIPS}_PATH` env -# variable) or with custom BoringSSL sources (via `BORING_BSSL{,_FIPS}_SOURCE_PATH` env variable) -# already containing required patches. -no-patches = [] - [build-dependencies] bindgen = { workspace = true } cmake = { workspace = true } diff --git a/boring-sys/build/config.rs b/boring-sys/build/config.rs index a927f42a..9add6bb0 100644 --- a/boring-sys/build/config.rs +++ b/boring-sys/build/config.rs @@ -15,7 +15,6 @@ pub(crate) struct Config { } pub(crate) struct Features { - pub(crate) no_patches: bool, pub(crate) fips: bool, pub(crate) fips_link_precompiled: bool, pub(crate) pq_experimental: bool, @@ -27,6 +26,7 @@ pub(crate) struct Env { pub(crate) include_path: Option, pub(crate) source_path: Option, pub(crate) precompiled_bcm_o: Option, + pub(crate) assume_patched: bool, pub(crate) debug: Option, pub(crate) opt_level: Option, pub(crate) android_ndk_home: Option, @@ -71,15 +71,15 @@ impl Config { let is_external_native_lib_source = !is_precompiled_native_lib && self.env.source_path.is_none(); - if self.features.no_patches && is_external_native_lib_source { + if self.env.assume_patched && is_external_native_lib_source { panic!( - "`no-patches` feature is supposed to be used with `BORING_BSSL{{,_FIPS}}_PATH`\ - or `BORING_BSSL{{,_FIPS}}_SOURCE_PATH` env variables" + "`BORING_BSSL_{{,_FIPS}}_ASSUME_PATCHED` env variable is supposed to be used with\ + `BORING_BSSL{{,_FIPS}}_PATH` or `BORING_BSSL{{,_FIPS}}_SOURCE_PATH` env variables" ); } let features_with_patches_enabled = self.features.rpk || self.features.pq_experimental; - let patches_required = features_with_patches_enabled && !self.features.no_patches; + let patches_required = features_with_patches_enabled && !self.env.assume_patched; let build_from_sources_required = self.features.fips_link_precompiled || patches_required; if is_precompiled_native_lib && build_from_sources_required { @@ -90,14 +90,12 @@ impl Config { impl Features { fn from_env() -> Self { - let no_patches = env::var_os("CARGO_FEATURE_NO_PATCHES").is_some(); let fips = env::var_os("CARGO_FEATURE_FIPS").is_some(); let fips_link_precompiled = env::var_os("CARGO_FEATURE_FIPS_LINK_PRECOMPILED").is_some(); let pq_experimental = env::var_os("CARGO_FEATURE_PQ_EXPERIMENTAL").is_some(); let rpk = env::var_os("CARGO_FEATURE_RPK").is_some(); Self { - no_patches, fips, fips_link_precompiled, pq_experimental, @@ -121,14 +119,15 @@ impl Env { } else { var(name) } - .map(PathBuf::from) }; Self { - path: boringssl_var("BORING_BSSL_PATH"), - include_path: boringssl_var("BORING_BSSL_INCLUDE_PATH"), - source_path: boringssl_var("BORING_BSSL_SOURCE_PATH"), - precompiled_bcm_o: boringssl_var("BORING_BSSL_PRECOMPILED_BCM_O"), + path: boringssl_var("BORING_BSSL_PATH").map(PathBuf::from), + include_path: boringssl_var("BORING_BSSL_INCLUDE_PATH").map(PathBuf::from), + source_path: boringssl_var("BORING_BSSL_SOURCE_PATH").map(PathBuf::from), + precompiled_bcm_o: boringssl_var("BORING_BSSL_PRECOMPILED_BCM_O").map(PathBuf::from), + assume_patched: boringssl_var("BORING_BSSL_ASSUME_PATCHED") + .is_some_and(|v| !v.is_empty()), debug: var("DEBUG"), opt_level: var("OPT_LEVEL"), android_ndk_home: var("ANDROID_NDK_HOME").map(Into::into), diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs index d990a258..bff8d04f 100644 --- a/boring-sys/build/main.rs +++ b/boring-sys/build/main.rs @@ -496,7 +496,7 @@ fn built_boring_source_path(config: &Config) -> &PathBuf { static BUILD_SOURCE_PATH: OnceLock = OnceLock::new(); BUILD_SOURCE_PATH.get_or_init(|| { - if config.features.no_patches { + if config.env.assume_patched { println!( "cargo:warning=skipping git patches application, provided\ native BoringSSL is expected to have the patches included" diff --git a/boring/Cargo.toml b/boring/Cargo.toml index 717960b9..64564907 100644 --- a/boring/Cargo.toml +++ b/boring/Cargo.toml @@ -25,23 +25,19 @@ fips = ["boring-sys/fips"] fips-link-precompiled = ["boring-sys/fips-link-precompiled"] # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250) +# This feature is necessary in order to compile the bindings for the +# default branch of boringSSL. Alternatively, a version of boringSSL that +# implements the same feature set can be provided by setting +# `BORING_BSSL{,_FIPS}_SOURCE_PATH` and `BORING_BSSL{,_FIPS}_ASSUME_PATCHED`. rpk = ["boring-sys/rpk"] # Applies a patch to the boringSSL source code that enables support for PQ key # exchange. This feature is necessary in order to compile the bindings for the # default branch of boringSSL. Alternatively, a version of boringSSL that # implements the same feature set can be provided by setting -# `BORING_BSSL{,_FIPS}_SOURCE_PATH`. +# `BORING_BSSL{,_FIPS}_SOURCE_PATH` and `BORING_BSSL{,_FIPS}_ASSUME_PATCHED`. pq-experimental = ["boring-sys/pq-experimental"] -# Disables git patching of the BoringSSL sources for features like `rpk` and `pq-experimental`, -# but keeps the related Rust API. -# -# Supposed to be used with either pre-compiled BoringSSL (via `BORING_BSSL{,_FIPS}_PATH` env -# variable) or with custom BoringSSL sources (via `BORING_BSSL{,_FIPS}_SOURCE_PATH` env variable) -# already containing required patches. -no-patches = ["boring-sys/no-patches"] - # Controlling key exchange preferences at compile time # Choose key exchange preferences at compile time. This prevents the user from diff --git a/hyper-boring/Cargo.toml b/hyper-boring/Cargo.toml index 171c4f34..edaf7a97 100644 --- a/hyper-boring/Cargo.toml +++ b/hyper-boring/Cargo.toml @@ -28,14 +28,6 @@ fips-link-precompiled = ["tokio-boring/fips-link-precompiled"] # Enables experimental post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/) pq-experimental = ["tokio-boring/pq-experimental"] -# Disables git patching of the BoringSSL sources for features like `rpk` and `pq-experimental`, -# but keeps the related Rust API. -# -# Supposed to be used with either pre-compiled BoringSSL (via `BORING_BSSL{,_FIPS}_PATH` env -# variable) or with custom BoringSSL sources (via `BORING_BSSL{,_FIPS}_SOURCE_PATH` env variable) -# already containing required patches. -no-patches = ["tokio-boring/no-patches"] - [dependencies] antidote = { workspace = true } http = { workspace = true } diff --git a/tokio-boring/Cargo.toml b/tokio-boring/Cargo.toml index 9ba9661a..69fdf641 100644 --- a/tokio-boring/Cargo.toml +++ b/tokio-boring/Cargo.toml @@ -25,14 +25,6 @@ fips-link-precompiled = ["boring/fips-link-precompiled", "boring-sys/fips-link-p # Enables experimental post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/) pq-experimental = ["boring/pq-experimental"] -# Disables git patching of the BoringSSL sources for features like `rpk` and `pq-experimental`, -# but keeps the related Rust API. -# -# Supposed to be used with either pre-compiled BoringSSL (via `BORING_BSSL{,_FIPS}_PATH` env -# variable) or with custom BoringSSL sources (via `BORING_BSSL{,_FIPS}_SOURCE_PATH` env variable) -# already containing required patches. -no-patches = ["boring/no-patches"] - [dependencies] boring = { workspace = true } boring-sys = { workspace = true }