-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add support for AWS-LC build in ESDK #750
Merged
Merged
Changes from 4 commits
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
2be237c
add support for AWS-LC build in ESDK
samuel40791765 cacd657
align with clang format linters
samuel40791765 a93ff1c
clang format linters need another whitespace
samuel40791765 4dc402d
different memory freeing behaviour
samuel40791765 8dce55d
clarify some ambiguities
samuel40791765 5d68502
remove local testing change
samuel40791765 6456001
update aws-lc version tag
samuel40791765 3e5322f
fix OPENSSL_ROOT_DIR
alex-chew 92f0349
Merge branch 'master' into aws-lc-support
alex-chew 6a27238
Merge branch 'master' into aws-lc-support
ajewellamz 148e108
Merge branch 'master' into aws-lc-support
alex-chew a1eab4c
rerun CI
alex-chew b3c5df4
test adding delay in timing
samuel40791765 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
#!/bin/bash | ||
|
||
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
# This script is similar to |install-shared-deps.sh| except below differences: | ||
# 1. OpenSSL is replaced with awslc. | ||
# 2. LibCurl version is updated to 7.74. | ||
# After this script, awslc(static and shared) and curl will be installed under /deps/install. | ||
|
||
set -euxo pipefail | ||
|
||
export AWSLC_SRC_DIR=/tmp/awslc | ||
export INSTALL_DIR=/deps/install | ||
export LD_LIBRARY_PATH=${INSTALL_DIR} | ||
export NUM_CPU_THREADS=$(nproc) | ||
|
||
function download_awslc() { | ||
AWSLC_GIT_URL='https://github.com/awslabs/aws-lc.git' | ||
AWSLC_GIT_REF='main' | ||
rm -rf ${AWSLC_SRC_DIR} | ||
mkdir -p ${AWSLC_SRC_DIR} | ||
git clone --depth 1 --branch ${AWSLC_GIT_REF} "${AWSLC_GIT_URL}" "${AWSLC_SRC_DIR}" | ||
} | ||
|
||
function build_awslc() { | ||
BUILD_DIR=/tmp/build/awslc | ||
rm -rf ${BUILD_DIR} | ||
mkdir -p ${BUILD_DIR} | ||
CMAKE_BUILD_COMMAND="cmake ${AWSLC_SRC_DIR} $@ \ | ||
-GNinja \ | ||
-DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ | ||
-DCMAKE_BUILD_TYPE=RelWithDebInfo" | ||
if [[ !(-z "${CFLAGS+x}" || -z "${CFLAGS}") ]]; then | ||
CMAKE_BUILD_COMMAND="${CMAKE_BUILD_COMMAND} -DCMAKE_C_FLAGS=${CFLAGS}" | ||
fi | ||
if [[ !(-z "${CXXFLAGS+x}" || -z "${CXXFLAGS}") ]]; then | ||
CMAKE_BUILD_COMMAND="${CMAKE_BUILD_COMMAND} -DCMAKE_CXX_FLAGS=${CXXFLAGS}" | ||
fi | ||
alex-chew marked this conversation as resolved.
Show resolved
Hide resolved
|
||
(cd ${BUILD_DIR} && ${CMAKE_BUILD_COMMAND}) | ||
cmake --build ${BUILD_DIR} | ||
cmake --build ${BUILD_DIR} --target install | ||
rm -rf ${BUILD_DIR} | ||
} | ||
|
||
function install_libcurl() { | ||
mkdir /deps/curl | ||
cd /deps/curl | ||
wget https://curl.haxx.se/download/curl-7.74.0.tar.gz | ||
tar xzf curl-*.tar.gz | ||
cd curl-*/ | ||
# awslc is forked from boringssl. | ||
# |OPENSSL_IS_AWSLC| macro is equivalent to |OPENSSL_IS_BORINGSSL|. | ||
# Replacing OPENSSL_IS_BORINGSSL with OPENSSL_IS_AWSLC. | ||
find ./ -type f -exec sed -i -e 's/OPENSSL_IS_BORINGSSL/OPENSSL_IS_AWSLC/g' {} \; | ||
alex-chew marked this conversation as resolved.
Show resolved
Hide resolved
|
||
./configure --with-ssl=/deps/install \ | ||
--prefix=/deps/install \ | ||
--disable-ldap \ | ||
--without-libidn \ | ||
--without-gnutls \ | ||
--without-nss \ | ||
--without-gssapi | ||
make -j"${NUM_CPU_THREADS}" | ||
make install | ||
cd / | ||
rm -rf /deps/curl | ||
} | ||
|
||
mkdir -p /deps | ||
|
||
download_awslc | ||
|
||
build_awslc '-DBUILD_SHARED_LIBS=ON' | ||
build_awslc '-DBUILD_SHARED_LIBS=OFF' | ||
|
||
install_libcurl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
FROM ubuntu:latest | ||
|
||
# Needed for setup-apt-cache.sh | ||
ADD https://mirrors.kernel.org/ubuntu/pool/main/n/net-tools/net-tools_1.60+git20180626.aebd88e-1ubuntu1_amd64.deb /tmp | ||
ADD https://mirrors.kernel.org/ubuntu/pool/universe/n/netcat/netcat-traditional_1.10-40_amd64.deb /tmp | ||
RUN dpkg -i /tmp/net-tools_*.deb /tmp/netcat-*.deb | ||
|
||
ADD bin/setup-apt-cache.sh /usr/local/bin/ | ||
ADD bin/setup-apt.sh /usr/local/bin/ | ||
RUN setup-apt-cache.sh | ||
RUN setup-apt.sh | ||
|
||
ENV PATH=/usr/local/bin:/usr/bin:/bin | ||
|
||
ENV CC=/usr/bin/gcc | ||
ENV CXX=/usr/bin/g++ | ||
ENV CFLAGS= | ||
ENV CXXFLAGS= | ||
ENV LDFLAGS= | ||
|
||
# Same paths as the main docker file, ubuntu-latest-x64.Dockerfile. | ||
ENV LDFLAGS="-Wl,-rpath -Wl,/deps/install/lib -Wl,-rpath -Wl,/deps/shared/install/lib -L/deps/install/lib -L/deps/shared/install/lib" | ||
|
||
ADD bin/apt-install-pkgs /usr/local/bin/ | ||
ADD bin/install-shared-deps-awslc.sh /usr/local/bin/ | ||
RUN install-shared-deps-awslc.sh | ||
|
||
ADD bin/install-aws-deps.sh /usr/local/bin | ||
RUN install-aws-deps.sh | ||
|
||
ADD bin/install-node.sh /usr/local/bin | ||
RUN install-node.sh | ||
|
||
# Remove apt proxy configuration before publishing the dockerfile | ||
RUN rm -f /etc/apt/apt.conf.d/99proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should pin a particular AWS-LC version as we do for the OpenSSL Dockerfiles. I tried changing this to the latest relevant tag I saw (AWS-LC-FIPS-1.0.2), but the Docker image failed to build because (I assume) that tag is a bit out of date. Can you tag the working commit on
main
and pin that tag here? Then I can build the image and set up a CI build that runs within it.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the confusion, the
AWS-LC-FIPS-1.0.2
branch points to a FIPS version release, which points to a branch of an older commit of the repo that's still in the process of getting FIPS validated.I've set the docker image tag to
v1.1.0
, which points to a newer commit should work. Just so you know, we'll also be setting up an encryption-sdk CI in AWS-LC, so we can verify that all future versions of AWS-LC will build with ESDK :)