diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index e0eca751d7d..82a6685217e 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -34,12 +34,12 @@ jobs: toolchain: ${{ env.RUSTTOOLCHAIN }} - name: Run cargo test - run: cargo test --verbose --all-targets --features=boringssl-boring-crate,${{ env.FEATURES }} + run: cargo test --verbose --all-targets --features=${{ env.FEATURES }} # Need to run doc tests separately. # (https://github.com/rust-lang/cargo/issues/6669) - name: Run cargo doc test - run: cargo test --verbose --doc --features=boringssl-boring-crate,${{ env.FEATURES }} + run: cargo test --verbose --doc --features=${{ env.FEATURES }} # NOTE: this is disabled as it fails when building changes that bump # version of local crates (e.g. when doing a `qlog` release) that have not diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml index 3f30532500b..dab9a0961f8 100644 --- a/.github/workflows/stable.yml +++ b/.github/workflows/stable.yml @@ -22,8 +22,7 @@ jobs: strategy: matrix: tls-feature: - - "" # default, boringssl-vendored - - "boringssl-boring-crate" + - "" # default - "openssl" # Only run on "pull_request" event for external PRs. This is to avoid # duplicate builds for PRs created from internal branches. @@ -56,20 +55,20 @@ jobs: echo "LD_LIBRARY_PATH=$PWD" >> "$GITHUB_ENV" - name: Run cargo test - if: ${{ matrix.tls-feature == 'boringssl-boring-crate' }} - run: cargo test --verbose --all-targets --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} + if: ${{ matrix.tls-feature == '' }} + run: cargo test --verbose --all-targets --no-default-features --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} # tokio-quiche requires the `boring` crate, so don't run its tests when # building without it. - name: Run cargo test - if: ${{ matrix.tls-feature != 'boringssl-boring-crate' }} - run: cargo test --verbose --all-targets --features=${{ matrix.tls-feature }} ${{ env.NO_BORING_OPTIONS }} + if: ${{ matrix.tls-feature != '' }} + run: cargo test --verbose --all-targets --no-default-features --features=${{ matrix.tls-feature }} ${{ env.NO_BORING_OPTIONS }} # Need to run doc tests separately. # (https://github.com/rust-lang/cargo/issues/6669) - name: Run cargo doc test - if: ${{ matrix.tls-feature == 'boringssl-boring-crate' }} - run: cargo test --verbose --doc --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} + if: ${{ matrix.tls-feature == '' }} + run: cargo test --verbose --doc --no-default-features --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} # Need to run doc tests separately. # (https://github.com/rust-lang/cargo/issues/6669) @@ -77,8 +76,8 @@ jobs: # tokio-quiche requires the `boring` crate, so don't run its tests when # building without it. - name: Run cargo doc test - if: ${{ matrix.tls-feature != 'boringssl-boring-crate' }} - run: cargo test --verbose --doc --features=${{ matrix.tls-feature }} ${{ env.NO_BORING_OPTIONS }} + if: ${{ matrix.tls-feature != '' }} + run: cargo test --verbose --doc --no-default-features --features=${{ matrix.tls-feature }} ${{ env.NO_BORING_OPTIONS }} # NOTE: this is disabled as it fails when building changes that bump # version of local crates (e.g. when doing a `qlog` release) that have not @@ -88,10 +87,10 @@ jobs: # run: cargo package --verbose --workspace --exclude=quiche_apps --allow-dirty - name: Run cargo clippy - run: cargo clippy --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} -- -D warnings + run: cargo clippy --no-default-features --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} -- -D warnings - name: Run cargo clippy on examples - run: cargo clippy --examples --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} -- -D warnings + run: cargo clippy --examples --no-default-features --features=${{ matrix.tls-feature }} ${{ env.DEFAULT_OPTIONS }} -- -D warnings - name: Run cargo doc run: cargo doc --no-deps --all-features --document-private-items @@ -199,17 +198,20 @@ jobs: - name: Run cargo build if: endsWith(matrix.target, '-gnu') - run: cargo build --target=${{ matrix.target }} --verbose --all-targets ${{ env.DEFAULT_OPTIONS }} --features=boringssl-boring-crate + run: cargo build --target=${{ matrix.target }} --verbose --all-targets ${{ env.DEFAULT_OPTIONS }} - name: Run cargo test if: endsWith(matrix.target, '-msvc') - run: cargo test --target=${{ matrix.target }} --verbose --all-targets ${{ env.DEFAULT_OPTIONS }} --features=boringssl-boring-crate + run: cargo test --target=${{ matrix.target }} --verbose --all-targets ${{ env.DEFAULT_OPTIONS }} quiche_multiarch: runs-on: ubuntu-latest strategy: matrix: - target: ["aarch64-unknown-linux-gnu","armv7-unknown-linux-gnueabihf","i686-unknown-linux-gnu"] + targets: [ + ["aarch64-unknown-linux-gnu", "arm64", "aarch64"], + ["i686-unknown-linux-gnu", "i386", "i686"], + ] # Only run on "pull_request" event for external PRs. This is to avoid # duplicate builds for PRs created from internal branches. if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository @@ -223,15 +225,35 @@ jobs: uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUSTTOOLCHAIN }} + targets: ${{ matrix.targets[0] }} - - name: Install cargo-binstall - uses: cargo-bins/cargo-binstall@main - - - name: Install cross - run: cargo-binstall -y cross - - - name: Run cargo test using cross - run: cross test --target=${{ matrix.target }} --verbose --all-targets ${{ env.NO_BORING_OPTIONS }} + - name: Debian cross setup ${{ matrix.targets[1] }} + run: | + QEMU_PACKAGES="" + if [[ "${{ matrix.targets[1] }}" != "i386" ]]; then + QEMU_PACKAGES="qemu-user libc6:${{ matrix.targets[1] }}" + + sudo dpkg --add-architecture ${{ matrix.targets[1] }} + # In Ubuntu only ports have packages for other architectures + THE_ANIMAL_DJ=$(lsb_release -sc) + echo " + deb [arch=${{ matrix.targets[1] }}] http://ports.ubuntu.com/ubuntu-ports/ ${THE_ANIMAL_DJ} main restricted universe multiverse + deb [arch=${{ matrix.targets[1] }}] http://ports.ubuntu.com/ubuntu-ports/ ${THE_ANIMAL_DJ}-updates main restricted universe multiverse + deb [arch=${{ matrix.targets[1] }}] http://ports.ubuntu.com/ubuntu-ports/ ${THE_ANIMAL_DJ}-security main restricted universe multiverse + " | sudo tee /etc/apt/sources.list.d/cross-${{ matrix.targets[1] }}.list + sudo apt-get update || true + + echo >> $GITHUB_ENV CARGO_TARGET_$(echo ${{ matrix.targets[0] }} | tr '[:lower:]-' '[:upper:]_')_RUNNER=qemu-${{ matrix.targets[2] }} + fi + + sudo apt-get -y --no-install-recommends install crossbuild-essential-${{ matrix.targets[1] }} libclang-dev $QEMU_PACKAGES + + echo >> $GITHUB_ENV CC=/usr/bin/${{ matrix.targets[2] }}-linux-gnu-gcc + echo >> $GITHUB_ENV CXX=/usr/bin/${{ matrix.targets[2] }}-linux-gnu-g++ + echo >> $GITHUB_ENV CARGO_TARGET_$(echo ${{ matrix.targets[0] }} | tr '[:lower:]-' '[:upper:]_')_LINKER=/usr/bin/${{ matrix.targets[2] }}-linux-gnu-gcc + + - name: Run cargo test ${{ matrix.targets[1] }} + run: cargo test --target=${{ matrix.targets[0] }} --verbose --all-targets ${{ env.NO_BORING_OPTIONS }} http3_test: runs-on: ubuntu-latest diff --git a/.gitmodules b/.gitmodules index 8ce47d3912a..e69de29bb2d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +0,0 @@ -[submodule "boringssl"] - path = quiche/deps/boringssl - url = https://github.com/google/boringssl.git - ignore = dirty diff --git a/Dockerfile b/Dockerfile index ca245c1d0a0..f526d396571 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY quiche/ ./quiche/ COPY task-killswitch ./task-killswitch/ COPY tokio-quiche ./tokio-quiche/ -RUN apt-get update && apt-get install -y cmake && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y clang cmake && rm -rf /var/lib/apt/lists/* RUN cargo build --release --manifest-path apps/Cargo.toml diff --git a/README.md b/README.md index 5b607397c37..cfb5a3cfac4 100644 --- a/README.md +++ b/README.md @@ -328,16 +328,17 @@ cargo can also be used to run the testsuite: Note that [BoringSSL], which is used to implement QUIC's cryptographic handshake based on TLS, needs to be built and linked to quiche. This is done automatically when building quiche using cargo, but requires the `cmake` command to be -available during the build process. On Windows you also need -[NASM](https://www.nasm.us/). The [official BoringSSL +available during the build process. + +On Windows [NASM](https://www.nasm.us/) is also required. The [official BoringSSL documentation](https://github.com/google/boringssl/blob/master/BUILDING.md) has more details. -In alternative you can use your own custom build of BoringSSL by configuring -the BoringSSL directory with the ``QUICHE_BSSL_PATH`` environment variable: +In alternative you can use your own custom build of BoringSSL by configuring the +BoringSSL directory with the ``BORING_BSSL_PATH`` environment variable: ```bash - $ QUICHE_BSSL_PATH="/path/to/boringssl" cargo build --examples + $ BORING_BSSL_PATH="/path/to/boringssl" cargo build --examples ``` Alternatively you can use [OpenSSL/quictls]. To enable quiche to use this vendor diff --git a/apps/Cargo.toml b/apps/Cargo.toml index 48e7da4e084..99e0aa3234c 100644 --- a/apps/Cargo.toml +++ b/apps/Cargo.toml @@ -16,9 +16,6 @@ fuzzing = ["quiche/fuzzing"] # Enable qlog support. qlog = ["quiche/qlog"] -# Use BoringSSL provided by the boring crate. -boringssl-boring-crate = ["quiche/boringssl-boring-crate"] - # Enable sfv support. sfv = ["quiche/sfv"] diff --git a/quiche/Cargo.toml b/quiche/Cargo.toml index e9e62bc648a..b0a3c59b9f1 100644 --- a/quiche/Cargo.toml +++ b/quiche/Cargo.toml @@ -15,12 +15,6 @@ include = [ "/*.md", "/*.toml", "/COPYING", - "/deps/boringssl/**/*.[chS]", - "/deps/boringssl/**/*.asm", - "/deps/boringssl/src/**/*.cc", - "/deps/boringssl/**/CMakeLists.txt", - "/deps/boringssl/**/sources.cmake", - "/deps/boringssl/LICENSE", "/examples", "/include", "/quiche.svg", @@ -28,10 +22,7 @@ include = [ ] [features] -default = ["boringssl-vendored"] - -# Build the vendored BoringSSL library. -boringssl-vendored = [] +default = ["boringssl-boring-crate"] # Use the BoringSSL library provided by the boring crate. boringssl-boring-crate = ["boring", "foreign-types-shared"] @@ -60,11 +51,10 @@ tag-prefix = "" [package.metadata.docs.rs] no-default-features = true -features = ["boringssl-boring-crate", "qlog"] +features = ["qlog"] rustdoc-args = ["--cfg", "docsrs"] [build-dependencies] -cmake = "0.1" pkg-config = { version = "0.3", optional = true } cdylib-link-lines = { version = "0.1", optional = true } diff --git a/quiche/deps/boringssl b/quiche/deps/boringssl deleted file mode 160000 index f1c75347daa..00000000000 --- a/quiche/deps/boringssl +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f1c75347daa2ea81a941e953f2263e0a4d970c8d diff --git a/quiche/src/build.rs b/quiche/src/build.rs index 1785936fd60..af9cc478e63 100644 --- a/quiche/src/build.rs +++ b/quiche/src/build.rs @@ -1,175 +1,3 @@ -// Additional parameters for Android build of BoringSSL. -// -// Requires Android NDK >= 19. -const CMAKE_PARAMS_ANDROID_NDK: &[(&str, &[(&str, &str)])] = &[ - ("aarch64", &[("ANDROID_ABI", "arm64-v8a")]), - ("arm", &[("ANDROID_ABI", "armeabi-v7a")]), - ("x86", &[("ANDROID_ABI", "x86")]), - ("x86_64", &[("ANDROID_ABI", "x86_64")]), -]; - -// iOS. -const CMAKE_PARAMS_IOS: &[(&str, &[(&str, &str)])] = &[ - ("aarch64", &[ - ("CMAKE_OSX_ARCHITECTURES", "arm64"), - ("CMAKE_OSX_SYSROOT", "iphoneos"), - ]), - ("x86_64", &[ - ("CMAKE_OSX_ARCHITECTURES", "x86_64"), - ("CMAKE_OSX_SYSROOT", "iphonesimulator"), - ]), -]; - -// ARM Linux. -const CMAKE_PARAMS_ARM_LINUX: &[(&str, &[(&str, &str)])] = &[ - ("aarch64", &[("CMAKE_SYSTEM_PROCESSOR", "aarch64")]), - ("arm", &[("CMAKE_SYSTEM_PROCESSOR", "arm")]), -]; - -/// Returns the platform-specific output path for lib. -/// -/// MSVC generator on Windows place static libs in a target sub-folder, -/// so adjust library location based on platform and build target. -/// See issue: https://github.com/alexcrichton/cmake-rs/issues/18 -fn get_boringssl_platform_output_path() -> String { - if cfg!(target_env = "msvc") { - // Code under this branch should match the logic in cmake-rs - let debug_env_var = - std::env::var("DEBUG").expect("DEBUG variable not defined in env"); - - let deb_info = match &debug_env_var[..] { - "false" => false, - "true" => true, - unknown => panic!("Unknown DEBUG={unknown} env var."), - }; - - let opt_env_var = std::env::var("OPT_LEVEL") - .expect("OPT_LEVEL variable not defined in env"); - - let subdir = match &opt_env_var[..] { - "0" => "Debug", - "1" | "2" | "3" => - if deb_info { - "RelWithDebInfo" - } else { - "Release" - }, - "s" | "z" => "MinSizeRel", - unknown => panic!("Unknown OPT_LEVEL={unknown} env var."), - }; - - subdir.to_string() - } else { - "".to_string() - } -} - -/// Returns a new cmake::Config for building BoringSSL. -/// -/// It will add platform-specific parameters if needed. -fn get_boringssl_cmake_config() -> cmake::Config { - let arch = std::env::var("CARGO_CFG_TARGET_ARCH").unwrap(); - let os = std::env::var("CARGO_CFG_TARGET_OS").unwrap(); - let pwd = std::env::current_dir().unwrap(); - - let mut boringssl_cmake = cmake::Config::new("deps/boringssl"); - - // Add platform-specific parameters. - match os.as_ref() { - "android" => { - // We need ANDROID_NDK_HOME to be set properly. - let android_ndk_home = std::env::var("ANDROID_NDK_HOME") - .expect("Please set ANDROID_NDK_HOME for Android build"); - let android_ndk_home = std::path::Path::new(&android_ndk_home); - for (android_arch, params) in CMAKE_PARAMS_ANDROID_NDK { - if *android_arch == arch { - for (name, value) in *params { - boringssl_cmake.define(name, value); - } - } - } - let toolchain_file = - android_ndk_home.join("build/cmake/android.toolchain.cmake"); - let toolchain_file = toolchain_file.to_str().unwrap(); - boringssl_cmake.define("CMAKE_TOOLCHAIN_FILE", toolchain_file); - - // 21 is the minimum level tested. You can give higher value. - boringssl_cmake.define("ANDROID_NATIVE_API_LEVEL", "21"); - boringssl_cmake.define("ANDROID_STL", "c++_shared"); - - boringssl_cmake - }, - - "ios" => { - for (ios_arch, params) in CMAKE_PARAMS_IOS { - if *ios_arch == arch { - for (name, value) in *params { - boringssl_cmake.define(name, value); - } - } - } - - // Bitcode is always on. - let bitcode_cflag = "-fembed-bitcode"; - - // Hack for Xcode 10.1. - let target_cflag = if arch == "x86_64" { - "-target x86_64-apple-ios-simulator" - } else { - "" - }; - - let cflag = format!("{bitcode_cflag} {target_cflag}"); - - boringssl_cmake.define("CMAKE_ASM_FLAGS", &cflag); - boringssl_cmake.cflag(&cflag); - - boringssl_cmake - }, - - "linux" => match arch.as_ref() { - "aarch64" | "arm" => { - for (arm_arch, params) in CMAKE_PARAMS_ARM_LINUX { - if *arm_arch == arch { - for (name, value) in *params { - boringssl_cmake.define(name, value); - } - } - } - boringssl_cmake.define("CMAKE_SYSTEM_NAME", "Linux"); - boringssl_cmake.define("CMAKE_SYSTEM_VERSION", "1"); - - boringssl_cmake - }, - - "x86" => { - boringssl_cmake.define( - "CMAKE_TOOLCHAIN_FILE", - pwd.join("deps/boringssl/src/util/32-bit-toolchain.cmake") - .as_os_str(), - ); - - boringssl_cmake - }, - - _ => boringssl_cmake, - }, - - _ => { - // Configure BoringSSL for building on 32-bit non-windows platforms. - if arch == "x86" && os != "windows" { - boringssl_cmake.define( - "CMAKE_TOOLCHAIN_FILE", - pwd.join("deps/boringssl/src/util/32-bit-toolchain.cmake") - .as_os_str(), - ); - } - - boringssl_cmake - }, - } -} - fn write_pkg_config() { use std::io::prelude::*; @@ -216,40 +44,6 @@ fn target_dir_path() -> std::path::PathBuf { } fn main() { - if cfg!(feature = "boringssl-vendored") && - !cfg!(feature = "boringssl-boring-crate") && - !cfg!(feature = "openssl") - { - let bssl_dir = std::env::var("QUICHE_BSSL_PATH").unwrap_or_else(|_| { - let mut cfg = get_boringssl_cmake_config(); - - if cfg!(feature = "fuzzing") { - cfg.cxxflag("-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE") - .cxxflag("-DBORINGSSL_UNSAFE_FUZZER_MODE"); - } - - cfg.build_target("ssl").build(); - cfg.build_target("crypto").build().display().to_string() - }); - - println!("cargo:rustc-link-arg=-Wl,-rpath,{bssl_dir}"); - - let build_path = get_boringssl_platform_output_path(); - let mut build_dir = format!("{bssl_dir}/build/{build_path}"); - - // If build directory doesn't exist, use the specified path as is. - if !std::path::Path::new(&build_dir).is_dir() { - build_dir = bssl_dir; - } - - println!("cargo:rustc-link-search=native={build_dir}"); - - let bssl_link_kind = std::env::var("QUICHE_BSSL_LINK_KIND") - .unwrap_or("static".to_string()); - println!("cargo:rustc-link-lib={bssl_link_kind}=ssl"); - println!("cargo:rustc-link-lib={bssl_link_kind}=crypto"); - } - if cfg!(feature = "boringssl-boring-crate") { println!("cargo:rustc-link-lib=static=ssl"); println!("cargo:rustc-link-lib=static=crypto"); diff --git a/quiche/src/lib.rs b/quiche/src/lib.rs index f63271c4ed0..06e3420b0e2 100644 --- a/quiche/src/lib.rs +++ b/quiche/src/lib.rs @@ -359,11 +359,8 @@ //! quiche defines a number of [feature flags] to reduce the amount of compiled //! code and dependencies: //! -//! * `boringssl-vendored` (default): Build the vendored BoringSSL library. -//! -//! * `boringssl-boring-crate`: Use the BoringSSL library provided by the -//! [boring] crate. It takes precedence over `boringssl-vendored` if both -//! features are enabled. +//! * `boringssl-boring-crate` (default): Use the BoringSSL library provided by +//! the [boring] crate. //! //! * `pkg-config-meta`: Generate pkg-config metadata file for libquiche. //!