Add links to aws-lc-fips-sys Cargo.toml (#279)

.github/workflows/ci.yml

@@ -207,6 +207,30 @@ jobs:
         env:
           DYLD_ROOT_PATH: "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot"
 
+  sys-crate-tests:
+    name: sys crate tests
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest, macos-12 ]
+        features: [ aws-lc-sys, aws-lc-fips-sys ]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: 'recursive'
+      - uses: actions-rs/toolchain@v1.0.7
+        id: toolchain
+        with:
+          toolchain: stable
+          override: true
+      - name: Run cargo test
+        working-directory: ./sys-testing
+        run: cargo test --features ${{ matrix.features }} --no-default-features
+      - name: Run cargo run
+        working-directory: ./sys-testing
+        run: cargo run --features ${{ matrix.features }} --no-default-features
+
   aws-lc-rs-test:
     name: aws-lc-rs tests
     runs-on: ${{ matrix.os }}

Cargo.toml

@@ -4,7 +4,7 @@ members = [
     "aws-lc-sys",
     "aws-lc-fips-sys",
     "aws-lc-rs-testing",
-    "aws-lc-sys-testing",
+    "sys-testing"
 ]
 resolver = "2"
 

aws-lc-fips-sys/Cargo.toml

@@ -2,6 +2,7 @@
 name = "aws-lc-fips-sys"
 description = "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. This is the FIPS validated version of AWS-LC."
 version = "0.11.1"
+links = "aws_lc_fips_0_11_1"
 authors = ["AWS-LC"]
 edition = "2021"
 repository = "https://github.com/aws/aws-lc-rs"
@@ -59,6 +60,7 @@ ssl = []
 [build-dependencies]
 cmake = "0.1.48"
 dunce = "1.0"
+fs_extra = "1"
 
 [target.'cfg(any(all(target_os = "linux", target_arch = "x86_64"), all(target_os = "linux", target_arch = "aarch64")))'.build-dependencies]
 bindgen = { version = "0.69.1", optional = true }

aws-lc-fips-sys/builder/main.rs

@@ -89,17 +89,16 @@ impl OutputLibType {
 
 impl OutputLib {
     fn libname(self, prefix: Option<&str>) -> String {
-        format!(
-            "{}{}",
-            if let Some(pfix) = prefix { pfix } else { "" },
-            match self {
-                OutputLib::Crypto => "crypto",
-                OutputLib::Ssl => "ssl",
-                OutputLib::RustWrapper => {
-                    "rust_wrapper"
-                }
-            }
-        )
+        let name = match self {
+            OutputLib::Crypto => "crypto",
+            OutputLib::Ssl => "ssl",
+            OutputLib::RustWrapper => "rust_wrapper",
+        };
+        if let Some(prefix) = prefix {
+            format!("{prefix}_{name}")
+        } else {
+            name.to_string()
+        }
     }
 }
 
@@ -199,7 +198,7 @@ fn prepare_cmake_build(manifest_dir: &PathBuf, build_prefix: String) -> cmake::C
 }
 
 fn build_rust_wrapper(manifest_dir: &PathBuf) -> PathBuf {
-    prepare_cmake_build(manifest_dir, prefix_string())
+    prepare_cmake_build(manifest_dir, prefix_string() + "_")
         .configure_arg("--no-warn-unused-cli")
         .build()
 }
@@ -370,18 +369,10 @@ fn main() {
         RustWrapper.libname(Some(&prefix))
     );
 
-    for include_path in [
-        get_rust_include_path(&manifest_dir),
-        get_generated_include_path(&manifest_dir),
-        get_aws_lc_include_path(&manifest_dir),
-    ] {
-        println!("cargo:include={}", include_path.display());
-    }
-    if let Some(include_paths) = get_aws_lc_fips_sys_includes_path() {
-        for path in include_paths {
-            println!("cargo:include={}", path.display());
-        }
-    }
+    println!(
+        "cargo:include={}",
+        setup_include_paths(&out_dir, &manifest_dir).display()
+    );
 
     println!("cargo:rerun-if-changed=builder/");
     println!("cargo:rerun-if-changed=aws-lc/");
@@ -410,3 +401,39 @@ fn check_dependencies() {
         "Required build dependency is missing. Halting build."
     );
 }
+
+fn setup_include_paths(out_dir: &Path, manifest_dir: &Path) -> PathBuf {
+    let mut include_paths = vec![
+        get_rust_include_path(manifest_dir),
+        get_generated_include_path(manifest_dir),
+        get_aws_lc_include_path(manifest_dir),
+    ];
+
+    if let Some(extra_paths) = get_aws_lc_fips_sys_includes_path() {
+        include_paths.extend(extra_paths);
+    }
+
+    let include_dir = out_dir.join("include");
+    std::fs::create_dir_all(&include_dir).unwrap();
+
+    // iterate over all of the include paths and copy them into the final output
+    for path in include_paths {
+        for child in std::fs::read_dir(path).into_iter().flatten().flatten() {
+            if child.file_type().map_or(false, |t| t.is_file()) {
+                let _ = std::fs::copy(
+                    child.path(),
+                    include_dir.join(child.path().file_name().unwrap()),
+                );
+                continue;
+            }
+
+            // prefer the earliest paths
+            let options = fs_extra::dir::CopyOptions::new()
+                .skip_exist(true)
+                .copy_inside(true);
+            let _ = fs_extra::dir::copy(child.path(), &include_dir, &options);
+        }
+    }
+
+    include_dir
+}

sys-testing/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "sys-testing"
+version = "0.1.0"
+edition = "2021"
+publish = false
+
+[features]
+default = ["aws-lc-sys"]
+aws-lc-sys = ["dep:aws-lc-sys"]
+aws-lc-fips-sys = ["dep:aws-lc-fips-sys"]
+
+[dependencies]
+aws-lc-sys = { path = "../aws-lc-sys", optional = true }
+aws-lc-fips-sys = { path = "../aws-lc-fips-sys", optional = true }
+
+[build-dependencies]
+cc = "1"
+toml_edit = "0.21"
+
+[package.metadata.cargo-udeps.ignore]
+normal = [ "aws-lc-sys", "aws-lc-fips-sys" ] # the sys crate is only used through a C library build

sys-testing/build.rs

@@ -0,0 +1,47 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
+
+use toml_edit::Document;
+
+fn main() {
+    if cfg!(all(feature = "aws-lc-sys", feature = "aws-lc-fips-sys")) {
+        panic!("only one sys crate can be built at a time")
+    } else if cfg!(feature = "aws-lc-sys") {
+        let aws_lc_sys_links = get_package_links_property("../aws-lc-sys/Cargo.toml");
+        build_and_link(aws_lc_sys_links.as_ref(), "aws_lc_sys");
+        return;
+    } else if cfg!(feature = "aws-lc-fips-sys") {
+        let aws_lc_fips_sys_links = get_package_links_property("../aws-lc-fips-sys/Cargo.toml");
+        build_and_link(aws_lc_fips_sys_links.as_ref(), "aws_lc_fips");
+        return;
+    }
+    panic!(
+        "select a sys crate for testing using --features aws-lc-sys or --features aws-lc-fips-sys"
+    )
+}
+
+fn build_and_link(links: &str, target_name: &str) {
+    // ensure that the include path is exported and set up correctly
+    cc::Build::new()
+        .include(env(format!("DEP_{}_INCLUDE", links.to_uppercase())))
+        .file("src/testing.c")
+        .compile(target_name);
+
+    // ensure the libcrypto artifact is linked
+    println!("cargo:rustc-link-lib={links}_crypto");
+}
+
+fn get_package_links_property(cargo_toml_path: &str) -> String {
+    let cargo_toml = std::fs::read_to_string(cargo_toml_path).unwrap();
+    let cargo_toml = cargo_toml.parse::<Document>().unwrap();
+
+    let links = cargo_toml["package"]["links"].as_str().unwrap();
+
+    String::from(links)
+}
+
+fn env<S: AsRef<str>>(s: S) -> String {
+    let s = s.as_ref();
+    println!("cargo:rerun-if-env-changed={s}");
+    std::env::var(s).unwrap_or_else(|_| panic!("missing env var {s}"))
+}

aws-lc-sys-testing/src/testing.c → sys-testing/src/testing.c

@@ -1,7 +1,6 @@
 #include <openssl/is_awslc.h>
 #include <openssl/evp.h>
 
-int testing_evp_key_type(int nid)
-{
+int testing_evp_key_type(int nid) {
     return EVP_PKEY_type(nid);
 }