This is an automated email from the ASF dual-hosted git repository. bneradt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/trafficserver-ci.git
The following commit(s) were added to refs/heads/main by this push: new 85f1e5c fedora:40: build quiche with both openssl and boringssl (#342) 85f1e5c is described below commit 85f1e5c5cb5b569b6391f9fb05e8c304b68bc421 Author: Brian Neradt <brian.ner...@gmail.com> AuthorDate: Wed May 1 13:44:11 2024 -0500 fedora:40: build quiche with both openssl and boringssl (#342) Pull in the updated tools/build_h3_tools.sh work from ATS. --- docker/fedora40/Dockerfile | 20 +++- ...ild_h3_tools.sh => build_boringssl_h3_tools.sh} | 121 +++++++++++---------- ...build_h3_tools.sh => build_openssl_h3_tools.sh} | 109 ++++++------------- 3 files changed, 110 insertions(+), 140 deletions(-) diff --git a/docker/fedora40/Dockerfile b/docker/fedora40/Dockerfile index 7cfb986..763b559 100644 --- a/docker/fedora40/Dockerfile +++ b/docker/fedora40/Dockerfile @@ -79,12 +79,25 @@ RUN pip3 install pipenv httpbin # go will be installed by build_h3_tools. ARG h3_tools_dir=/root/build_h3_tools RUN mkdir -p ${h3_tools_dir} -COPY /build_h3_tools.sh ${h3_tools_dir}/build_h3_tools.sh -# This will install OpenSSL QUIC and related tools in /opt. +COPY build_boringssl_h3_tools.sh ${h3_tools_dir} +# boringssl RUN <<EOF set -e cd ${h3_tools_dir} - bash ${h3_tools_dir}/build_h3_tools.sh; \ + export BASE=/opt/h3-tools-boringssl + bash ${h3_tools_dir}/build_boringssl_h3_tools.sh + cd /root + rm -rf ${h3_tools_dir} /root/.rustup +EOF +# openssl: These are stored in /opt so that CI can easily access the curl, +# h2load, etc., from there. +RUN mkdir -p ${h3_tools_dir} +COPY build_openssl_h3_tools.sh ${h3_tools_dir} +RUN <<EOF + set -e + cd ${h3_tools_dir} + export BASE=/opt + bash ${h3_tools_dir}/build_openssl_h3_tools.sh cd /root rm -rf ${h3_tools_dir} /root/.rustup EOF @@ -96,6 +109,7 @@ EOF # Autests require some go applications. RUN <<EOF set -e + ln -s /opt/h3-tools-boringssl/go /opt/go echo 'export PATH=$PATH:/opt/go/bin' | tee -a /etc/profile.d/go.sh echo 'export GOBIN=/opt/go/bin' | tee -a /etc/profile.d/go.sh diff --git a/docker/fedora40/build_h3_tools.sh b/docker/fedora40/build_boringssl_h3_tools.sh old mode 100644 new mode 100755 similarity index 72% copy from docker/fedora40/build_h3_tools.sh copy to docker/fedora40/build_boringssl_h3_tools.sh index c4d2f8e..e1b758b --- a/docker/fedora40/build_h3_tools.sh +++ b/docker/fedora40/build_boringssl_h3_tools.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash # -# Simple script to build OpenSSL and various tools with H3 and QUIC support. +# Simple script to build BoringsSSL and various tools with H3 and QUIC support +# including quiche+BoringSSL. # This probably needs to be modified based on platform. # # Licensed to the Apache Software Foundation (ASF) under one @@ -21,37 +22,32 @@ set -e - # This is a slightly modified version of: -# https://github.com/apache/trafficserver/blob/19dfdd4753232d0b77ca555f7ef5f5ba3d2ccae1/tools/build_h3_tools.sh +# https://github.com/apache/trafficserver/blob/master/tools/build_boringssl_h3_tools.sh # # This present script been modified from the latter in the following ways: # -# * This version checks out specific commits of the repos so that people -# creating images from the corresponding Dockerfile do not get different -# versions of these over time. -# -# * It also doesn't run sudo since the Dockerfile will run this as root. +# * It doesn't run sudo since the Dockerfile will run this as root. # -# * It also doesn't use a mktemp since the caller sets up a temporary directory +# * It doesn't use a mktemp since the caller sets up a temporary directory # that it later removes. -# Update this as the draft we support updates. -OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"} +WORKDIR="$(pwd)" # Set these, if desired, to change these to your preferred installation # directory -BASE=${BASE:-"/opt"} -OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"} -OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"} +BASE=${BASE:-"/opt/h3-tools-boringssl"} MAKE="make" +echo "Building boringssl H3 dependencies in ${WORKDIR}. Installation will be done in ${BASE}" + CFLAGS=${CFLAGS:-"-O3 -g"} CXXFLAGS=${CXXFLAGS:-"-O3 -g"} +BORINGSSL_PATH="${BASE}/boringssl" if [ -e /etc/redhat-release ]; then MAKE="gmake" - TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64" + TMP_BORINGSSL_LIB_PATH="${BASE}/boringssl/lib64" echo "+-------------------------------------------------------------------------+" echo "| You probably need to run this, or something like this, for your system: |" echo "| |" @@ -64,7 +60,7 @@ if [ -e /etc/redhat-release ]; then echo echo elif [ -e /etc/debian_version ]; then - TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib" + TMP_BORINGSSL_LIB_PATH="${BASE}/boringssl/lib" echo "+-------------------------------------------------------------------------+" echo "| You probably need to run this, or something like this, for your system: |" echo "| |" @@ -86,8 +82,8 @@ if [ `uname -s` = "Darwin" ]; then echo "+-------------------------------------------------------------------------+" fi -if [ -z ${QUICHE_BSSL_PATH+x} ]; then - QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"} +if [ -z ${BORINGSSL_LIB_PATH+x} ]; then + BORINGSSL_LIB_PATH=${TMP_BORINGSSL_LIB_PATH:-"${BORINGSSL_PATH}/lib"} fi set -x @@ -135,26 +131,51 @@ if [ ! -d boringssl ]; then cd .. fi cd boringssl + +# un-set it for a bit. +set +e +BSSL_C_FLAGS="-Wdangling-pointer=0" +GCCO=$(eval "gcc --help=warnings | grep dangling-pointer=") +retVal=$? +if [ $retVal -eq 1 ]; then + BSSL_C_FLAGS="" +fi +set -e + +# Note: -Wdangling-pointer=0 +# We may have some issues with latest GCC compilers, so disabling -Wdangling-pointer= cmake \ - -B build \ + -B build-shared \ -DGO_EXECUTABLE=${GO_BINARY_PATH} \ -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \ + -DCMAKE_C_FLAGS=${BSSL_C_FLAGS} \ -DBUILD_SHARED_LIBS=1 -cmake --build build -j ${num_threads} -cmake --install build +cmake \ + -B build-static \ + -DGO_EXECUTABLE=${GO_BINARY_PATH} \ + -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \ + -DCMAKE_C_FLAGS=${BSSL_C_FLAGS} \ + -DBUILD_SHARED_LIBS=0 +cmake --build build-shared -j ${num_threads} +cmake --build build-static -j ${num_threads} +cmake --install build-shared +cmake --install build-static chmod -R a+rX ${BASE} + cd .. # Build quiche # Steps borrowed from: https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile echo "Building quiche" QUICHE_BASE="${BASE:-/opt}/quiche" -[ ! -d quiche ] && git clone --recursive https://github.com/cloudflare/quiche.git +[ ! -d quiche ] && git clone https://github.com/cloudflare/quiche.git cd quiche -git checkout 0.20.1 -QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog +git checkout 0.21.0 +QUICHE_BSSL_PATH=${BORINGSSL_LIB_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog mkdir -p ${QUICHE_BASE}/lib/pkgconfig mkdir -p ${QUICHE_BASE}/include cp target/release/libquiche.a ${QUICHE_BASE}/lib/ @@ -164,30 +185,7 @@ cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig chmod -R a+rX ${BASE} cd .. -echo "Building OpenSSL with QUIC support" -[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1 https://github.com/quictls/openssl.git openssl-quic -cd openssl-quic -./config enable-tls1_3 --prefix=${OPENSSL_PREFIX} -${MAKE} -j ${num_threads} -${MAKE} install_sw -chmod -R a+rX ${BASE} - -# The symlink target provides a more convenient path for the user while also -# providing, in the symlink source, the precise branch of the OpenSSL build. -ln -sf ${OPENSSL_PREFIX} ${OPENSSL_BASE} -chmod -R a+rX ${BASE} -cd .. - -# OpenSSL will install in /lib or lib64 depending upon the architecture. -if [ -d "${OPENSSL_PREFIX}/lib" ]; then - OPENSSL_LIB="${OPENSSL_PREFIX}/lib" -elif [ -d "${OPENSSL_PREFIX}/lib64" ]; then - OPENSSL_LIB="${OPENSSL_PREFIX}/lib64" -else - echo "Could not find the OpenSSL install library directory." - exit 1 -fi -LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"} +LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${BORINGSSL_LIB_PATH}"} # Then nghttp3 echo "Building nghttp3..." @@ -197,7 +195,7 @@ git submodule update --init autoreconf -if ./configure \ --prefix=${BASE} \ - PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \ + PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${BORINGSSL_LIB_PATH}/pkgconfig \ CFLAGS="${CFLAGS}" \ CXXFLAGS="${CXXFLAGS}" \ LDFLAGS="${LDFLAGS}" \ @@ -214,9 +212,12 @@ cd ngtcp2 autoreconf -if ./configure \ --prefix=${BASE} \ - PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \ - CFLAGS="${CFLAGS}" \ - CXXFLAGS="${CXXFLAGS}" \ + --with-boringssl \ + BORINGSSL_CFLAGS="-I${BORINGSSL_PATH}/include" \ + BORINGSSL_LIBS="-L${BORINGSSL_LIB_PATH} -lssl -lcrypto" \ + PKG_CONFIG_PATH=${BASE}/lib/pkgconfig \ + CFLAGS="${CFLAGS} -fPIC" \ + CXXFLAGS="${CXXFLAGS} -fPIC" \ LDFLAGS="${LDFLAGS}" \ --enable-lib-only ${MAKE} -j ${num_threads} @@ -241,11 +242,13 @@ fi # Note for FreeBSD: This will not build h2load. h2load can be run on a remote machine. ./configure \ --prefix=${BASE} \ - PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \ - CFLAGS="${CFLAGS}" \ - CXXFLAGS="${CXXFLAGS}" \ - LDFLAGS="${LDFLAGS} -L${OPENSSL_LIB}" \ + PKG_CONFIG_PATH=${BASE}/lib/pkgconfig \ + CFLAGS="${CFLAGS} -I${BORINGSSL_PATH}/include" \ + CXXFLAGS="${CXXFLAGS} -I${BORINGSSL_PATH}/include" \ + LDFLAGS="${LDFLAGS}" \ + OPENSSL_LIBS="-lcrypto -lssl -L${BORINGSSL_LIB_PATH}" \ --enable-http3 \ + --disable-examples \ ${ENABLE_APP} ${MAKE} -j ${num_threads} ${MAKE} install @@ -261,13 +264,13 @@ cd curl autoreconf -fi || autoreconf -fi ./configure \ --prefix=${BASE} \ - --with-ssl=${OPENSSL_PREFIX} \ + --with-openssl="${BORINGSSL_PATH}" \ --with-nghttp2=${BASE} \ --with-nghttp3=${BASE} \ --with-ngtcp2=${BASE} \ + LDFLAGS="${LDFLAGS} -L${BORINGSSL_LIB_PATH} -Wl,-rpath,${BORINGSSL_LIB_PATH}" \ CFLAGS="${CFLAGS}" \ - CXXFLAGS="${CXXFLAGS}" \ - LDFLAGS="${LDFLAGS}" + CXXFLAGS="${CXXFLAGS}" ${MAKE} -j ${num_threads} ${MAKE} install chmod -R a+rX ${BASE} diff --git a/docker/fedora40/build_h3_tools.sh b/docker/fedora40/build_openssl_h3_tools.sh old mode 100644 new mode 100755 similarity index 79% rename from docker/fedora40/build_h3_tools.sh rename to docker/fedora40/build_openssl_h3_tools.sh index c4d2f8e..beeadee --- a/docker/fedora40/build_h3_tools.sh +++ b/docker/fedora40/build_openssl_h3_tools.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash # -# Simple script to build OpenSSL and various tools with H3 and QUIC support. +# Simple script to build OpenSSL and various tools with H3 and QUIC support +# including quiche+openssl-quictls. # This probably needs to be modified based on platform. # # Licensed to the Apache Software Foundation (ASF) under one @@ -21,37 +22,35 @@ set -e - # This is a slightly modified version of: -# https://github.com/apache/trafficserver/blob/19dfdd4753232d0b77ca555f7ef5f5ba3d2ccae1/tools/build_h3_tools.sh +# https://github.com/apache/trafficserver/blob/master/tools/build_openssl_h3_tools.sh # # This present script been modified from the latter in the following ways: # -# * This version checks out specific commits of the repos so that people -# creating images from the corresponding Dockerfile do not get different -# versions of these over time. -# -# * It also doesn't run sudo since the Dockerfile will run this as root. +# * It doesn't run sudo since the Dockerfile will run this as root. # -# * It also doesn't use a mktemp since the caller sets up a temporary directory +# * It doesn't use a mktemp since the caller sets up a temporary directory # that it later removes. +WORKDIR="$(pwd)" + # Update this as the draft we support updates. OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"} # Set these, if desired, to change these to your preferred installation # directory -BASE=${BASE:-"/opt"} +BASE=${BASE:-"/opt/h3-tools-openssl"} OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"} OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"} MAKE="make" +echo "Building openssl/quictls H3 dependencies in ${WORKDIR}. Installation will be done in ${BASE}" + CFLAGS=${CFLAGS:-"-O3 -g"} CXXFLAGS=${CXXFLAGS:-"-O3 -g"} if [ -e /etc/redhat-release ]; then MAKE="gmake" - TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64" echo "+-------------------------------------------------------------------------+" echo "| You probably need to run this, or something like this, for your system: |" echo "| |" @@ -64,7 +63,6 @@ if [ -e /etc/redhat-release ]; then echo echo elif [ -e /etc/debian_version ]; then - TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib" echo "+-------------------------------------------------------------------------+" echo "| You probably need to run this, or something like this, for your system: |" echo "| |" @@ -86,10 +84,6 @@ if [ `uname -s` = "Darwin" ]; then echo "+-------------------------------------------------------------------------+" fi -if [ -z ${QUICHE_BSSL_PATH+x} ]; then - QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"} -fi - set -x if [ `uname -s` = "Linux" ] then @@ -102,68 +96,6 @@ else num_threads=$(sysctl -n hw.logicalcpu) fi -# boringssl -echo "Building boringssl..." - -# We need this go version. -mkdir -p ${BASE}/go - -if [ `uname -m` = "arm64" -o `uname -m` = "aarch64" ]; then - ARCH="arm64" -else - ARCH="amd64" -fi - -if [ `uname -s` = "Darwin" ]; then - OS="darwin" -elif [ `uname -s` = "FreeBSD" ]; then - OS="freebsd" -else - OS="linux" -fi - -wget https://go.dev/dl/go1.21.6.${OS}-${ARCH}.tar.gz -rm -rf ${BASE}/go && tar -C ${BASE} -xf go1.21.6.${OS}-${ARCH}.tar.gz -rm go1.21.6.${OS}-${ARCH}.tar.gz -chmod -R a+rX ${BASE} - -GO_BINARY_PATH=${BASE}/go/bin/go -if [ ! -d boringssl ]; then - git clone https://boringssl.googlesource.com/boringssl - cd boringssl - git checkout a1843d660b47116207877614af53defa767be46a - cd .. -fi -cd boringssl -cmake \ - -B build \ - -DGO_EXECUTABLE=${GO_BINARY_PATH} \ - -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \ - -DBUILD_SHARED_LIBS=1 -cmake --build build -j ${num_threads} -cmake --install build -chmod -R a+rX ${BASE} -cd .. - -# Build quiche -# Steps borrowed from: https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile -echo "Building quiche" -QUICHE_BASE="${BASE:-/opt}/quiche" -[ ! -d quiche ] && git clone --recursive https://github.com/cloudflare/quiche.git -cd quiche -git checkout 0.20.1 -QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog -mkdir -p ${QUICHE_BASE}/lib/pkgconfig -mkdir -p ${QUICHE_BASE}/include -cp target/release/libquiche.a ${QUICHE_BASE}/lib/ -[ -f target/release/libquiche.so ] && cp target/release/libquiche.so ${QUICHE_BASE}/lib/ -cp quiche/include/quiche.h ${QUICHE_BASE}/include/ -cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig -chmod -R a+rX ${BASE} -cd .. - echo "Building OpenSSL with QUIC support" [ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1 https://github.com/quictls/openssl.git openssl-quic cd openssl-quic @@ -189,6 +121,27 @@ else fi LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"} +# Build quiche +# Steps borrowed from: https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile +echo "Building quiche" +QUICHE_BASE="${BASE:-/opt}/quiche" +[ ! -d quiche ] && git clone https://github.com/cloudflare/quiche.git +cd quiche +git checkout 0.21.0 + +PKG_CONFIG_PATH="$OPENSSL_LIB"/pkgconfig LD_LIBRARY_PATH="$OPENSSL_LIB" \ + cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog,openssl + +mkdir -p ${QUICHE_BASE}/lib/pkgconfig +mkdir -p ${QUICHE_BASE}/include +cp target/release/libquiche.a ${QUICHE_BASE}/lib/ +[ -f target/release/libquiche.so ] && cp target/release/libquiche.so ${QUICHE_BASE}/lib/ +cp quiche/include/quiche.h ${QUICHE_BASE}/include/ +cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig +chmod -R a+rX ${BASE} +cd .. + + # Then nghttp3 echo "Building nghttp3..." [ ! -d nghttp3 ] && git clone --depth 1 -b v1.2.0 https://github.com/ngtcp2/nghttp3.git