This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/trafficserver-ci.git
The following commit(s) were added to refs/heads/main by this push:
new 85f1e5c fedora:40: build quiche with both openssl and boringssl (#342)
85f1e5c is described below
commit 85f1e5c5cb5b569b6391f9fb05e8c304b68bc421
Author: Brian Neradt <brian.ner...@gmail.com>
AuthorDate: Wed May 1 13:44:11 2024 -0500
fedora:40: build quiche with both openssl and boringssl (#342)
Pull in the updated tools/build_h3_tools.sh work from ATS.
---
docker/fedora40/Dockerfile | 20 +++-
...ild_h3_tools.sh => build_boringssl_h3_tools.sh} | 121 +++++++++++----------
...build_h3_tools.sh => build_openssl_h3_tools.sh} | 109 ++++++-------------
3 files changed, 110 insertions(+), 140 deletions(-)
diff --git a/docker/fedora40/Dockerfile b/docker/fedora40/Dockerfile
index 7cfb986..763b559 100644
--- a/docker/fedora40/Dockerfile
+++ b/docker/fedora40/Dockerfile
@@ -79,12 +79,25 @@ RUN pip3 install pipenv httpbin
# go will be installed by build_h3_tools.
ARG h3_tools_dir=/root/build_h3_tools
RUN mkdir -p ${h3_tools_dir}
-COPY /build_h3_tools.sh ${h3_tools_dir}/build_h3_tools.sh
-# This will install OpenSSL QUIC and related tools in /opt.
+COPY build_boringssl_h3_tools.sh ${h3_tools_dir}
+# boringssl
RUN <<EOF
set -e
cd ${h3_tools_dir}
- bash ${h3_tools_dir}/build_h3_tools.sh; \
+ export BASE=/opt/h3-tools-boringssl
+ bash ${h3_tools_dir}/build_boringssl_h3_tools.sh
+ cd /root
+ rm -rf ${h3_tools_dir} /root/.rustup
+EOF
+# openssl: These are stored in /opt so that CI can easily access the curl,
+# h2load, etc., from there.
+RUN mkdir -p ${h3_tools_dir}
+COPY build_openssl_h3_tools.sh ${h3_tools_dir}
+RUN <<EOF
+ set -e
+ cd ${h3_tools_dir}
+ export BASE=/opt
+ bash ${h3_tools_dir}/build_openssl_h3_tools.sh
cd /root
rm -rf ${h3_tools_dir} /root/.rustup
EOF
@@ -96,6 +109,7 @@ EOF
# Autests require some go applications.
RUN <<EOF
set -e
+ ln -s /opt/h3-tools-boringssl/go /opt/go
echo 'export PATH=$PATH:/opt/go/bin' | tee -a /etc/profile.d/go.sh
echo 'export GOBIN=/opt/go/bin' | tee -a /etc/profile.d/go.sh
diff --git a/docker/fedora40/build_h3_tools.sh
b/docker/fedora40/build_boringssl_h3_tools.sh
old mode 100644
new mode 100755
similarity index 72%
copy from docker/fedora40/build_h3_tools.sh
copy to docker/fedora40/build_boringssl_h3_tools.sh
index c4d2f8e..e1b758b
--- a/docker/fedora40/build_h3_tools.sh
+++ b/docker/fedora40/build_boringssl_h3_tools.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env bash
#
-# Simple script to build OpenSSL and various tools with H3 and QUIC support.
+# Simple script to build BoringsSSL and various tools with H3 and QUIC support
+# including quiche+BoringSSL.
# This probably needs to be modified based on platform.
#
# Licensed to the Apache Software Foundation (ASF) under one
@@ -21,37 +22,32 @@
set -e
-
# This is a slightly modified version of:
-#
https://github.com/apache/trafficserver/blob/19dfdd4753232d0b77ca555f7ef5f5ba3d2ccae1/tools/build_h3_tools.sh
+#
https://github.com/apache/trafficserver/blob/master/tools/build_boringssl_h3_tools.sh
#
# This present script been modified from the latter in the following ways:
#
-# * This version checks out specific commits of the repos so that people
-# creating images from the corresponding Dockerfile do not get different
-# versions of these over time.
-#
-# * It also doesn't run sudo since the Dockerfile will run this as root.
+# * It doesn't run sudo since the Dockerfile will run this as root.
#
-# * It also doesn't use a mktemp since the caller sets up a temporary directory
+# * It doesn't use a mktemp since the caller sets up a temporary directory
# that it later removes.
-# Update this as the draft we support updates.
-OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"}
+WORKDIR="$(pwd)"
# Set these, if desired, to change these to your preferred installation
# directory
-BASE=${BASE:-"/opt"}
-OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"}
-OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"}
+BASE=${BASE:-"/opt/h3-tools-boringssl"}
MAKE="make"
+echo "Building boringssl H3 dependencies in ${WORKDIR}. Installation will be
done in ${BASE}"
+
CFLAGS=${CFLAGS:-"-O3 -g"}
CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
+BORINGSSL_PATH="${BASE}/boringssl"
if [ -e /etc/redhat-release ]; then
MAKE="gmake"
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64"
+ TMP_BORINGSSL_LIB_PATH="${BASE}/boringssl/lib64"
echo
"+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your
system: |"
echo "|
|"
@@ -64,7 +60,7 @@ if [ -e /etc/redhat-release ]; then
echo
echo
elif [ -e /etc/debian_version ]; then
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib"
+ TMP_BORINGSSL_LIB_PATH="${BASE}/boringssl/lib"
echo
"+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your
system: |"
echo "|
|"
@@ -86,8 +82,8 @@ if [ `uname -s` = "Darwin" ]; then
echo
"+-------------------------------------------------------------------------+"
fi
-if [ -z ${QUICHE_BSSL_PATH+x} ]; then
- QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
+if [ -z ${BORINGSSL_LIB_PATH+x} ]; then
+ BORINGSSL_LIB_PATH=${TMP_BORINGSSL_LIB_PATH:-"${BORINGSSL_PATH}/lib"}
fi
set -x
@@ -135,26 +131,51 @@ if [ ! -d boringssl ]; then
cd ..
fi
cd boringssl
+
+# un-set it for a bit.
+set +e
+BSSL_C_FLAGS="-Wdangling-pointer=0"
+GCCO=$(eval "gcc --help=warnings | grep dangling-pointer=")
+retVal=$?
+if [ $retVal -eq 1 ]; then
+ BSSL_C_FLAGS=""
+fi
+set -e
+
+# Note: -Wdangling-pointer=0
+# We may have some issues with latest GCC compilers, so disabling
-Wdangling-pointer=
cmake \
- -B build \
+ -B build-shared \
-DGO_EXECUTABLE=${GO_BINARY_PATH} \
-DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
+ -DCMAKE_C_FLAGS=${BSSL_C_FLAGS} \
-DBUILD_SHARED_LIBS=1
-cmake --build build -j ${num_threads}
-cmake --install build
+cmake \
+ -B build-static \
+ -DGO_EXECUTABLE=${GO_BINARY_PATH} \
+ -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
+ -DCMAKE_C_FLAGS=${BSSL_C_FLAGS} \
+ -DBUILD_SHARED_LIBS=0
+cmake --build build-shared -j ${num_threads}
+cmake --build build-static -j ${num_threads}
+cmake --install build-shared
+cmake --install build-static
chmod -R a+rX ${BASE}
+
cd ..
# Build quiche
# Steps borrowed from:
https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
echo "Building quiche"
QUICHE_BASE="${BASE:-/opt}/quiche"
-[ ! -d quiche ] && git clone --recursive
https://github.com/cloudflare/quiche.git
+[ ! -d quiche ] && git clone https://github.com/cloudflare/quiche.git
cd quiche
-git checkout 0.20.1
-QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build
-j4 --package quiche --release --features ffi,pkg-config-meta,qlog
+git checkout 0.21.0
+QUICHE_BSSL_PATH=${BORINGSSL_LIB_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build
-j4 --package quiche --release --features ffi,pkg-config-meta,qlog
mkdir -p ${QUICHE_BASE}/lib/pkgconfig
mkdir -p ${QUICHE_BASE}/include
cp target/release/libquiche.a ${QUICHE_BASE}/lib/
@@ -164,30 +185,7 @@ cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
chmod -R a+rX ${BASE}
cd ..
-echo "Building OpenSSL with QUIC support"
-[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1
https://github.com/quictls/openssl.git openssl-quic
-cd openssl-quic
-./config enable-tls1_3 --prefix=${OPENSSL_PREFIX}
-${MAKE} -j ${num_threads}
-${MAKE} install_sw
-chmod -R a+rX ${BASE}
-
-# The symlink target provides a more convenient path for the user while also
-# providing, in the symlink source, the precise branch of the OpenSSL build.
-ln -sf ${OPENSSL_PREFIX} ${OPENSSL_BASE}
-chmod -R a+rX ${BASE}
-cd ..
-
-# OpenSSL will install in /lib or lib64 depending upon the architecture.
-if [ -d "${OPENSSL_PREFIX}/lib" ]; then
- OPENSSL_LIB="${OPENSSL_PREFIX}/lib"
-elif [ -d "${OPENSSL_PREFIX}/lib64" ]; then
- OPENSSL_LIB="${OPENSSL_PREFIX}/lib64"
-else
- echo "Could not find the OpenSSL install library directory."
- exit 1
-fi
-LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"}
+LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${BORINGSSL_LIB_PATH}"}
# Then nghttp3
echo "Building nghttp3..."
@@ -197,7 +195,7 @@ git submodule update --init
autoreconf -if
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${BORINGSSL_LIB_PATH}/pkgconfig \
CFLAGS="${CFLAGS}" \
CXXFLAGS="${CXXFLAGS}" \
LDFLAGS="${LDFLAGS}" \
@@ -214,9 +212,12 @@ cd ngtcp2
autoreconf -if
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
+ --with-boringssl \
+ BORINGSSL_CFLAGS="-I${BORINGSSL_PATH}/include" \
+ BORINGSSL_LIBS="-L${BORINGSSL_LIB_PATH} -lssl -lcrypto" \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig \
+ CFLAGS="${CFLAGS} -fPIC" \
+ CXXFLAGS="${CXXFLAGS} -fPIC" \
LDFLAGS="${LDFLAGS}" \
--enable-lib-only
${MAKE} -j ${num_threads}
@@ -241,11 +242,13 @@ fi
# Note for FreeBSD: This will not build h2load. h2load can be run on a remote
machine.
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS} -L${OPENSSL_LIB}" \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig \
+ CFLAGS="${CFLAGS} -I${BORINGSSL_PATH}/include" \
+ CXXFLAGS="${CXXFLAGS} -I${BORINGSSL_PATH}/include" \
+ LDFLAGS="${LDFLAGS}" \
+ OPENSSL_LIBS="-lcrypto -lssl -L${BORINGSSL_LIB_PATH}" \
--enable-http3 \
+ --disable-examples \
${ENABLE_APP}
${MAKE} -j ${num_threads}
${MAKE} install
@@ -261,13 +264,13 @@ cd curl
autoreconf -fi || autoreconf -fi
./configure \
--prefix=${BASE} \
- --with-ssl=${OPENSSL_PREFIX} \
+ --with-openssl="${BORINGSSL_PATH}" \
--with-nghttp2=${BASE} \
--with-nghttp3=${BASE} \
--with-ngtcp2=${BASE} \
+ LDFLAGS="${LDFLAGS} -L${BORINGSSL_LIB_PATH}
-Wl,-rpath,${BORINGSSL_LIB_PATH}" \
CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS}"
+ CXXFLAGS="${CXXFLAGS}"
${MAKE} -j ${num_threads}
${MAKE} install
chmod -R a+rX ${BASE}
diff --git a/docker/fedora40/build_h3_tools.sh
b/docker/fedora40/build_openssl_h3_tools.sh
old mode 100644
new mode 100755
similarity index 79%
rename from docker/fedora40/build_h3_tools.sh
rename to docker/fedora40/build_openssl_h3_tools.sh
index c4d2f8e..beeadee
--- a/docker/fedora40/build_h3_tools.sh
+++ b/docker/fedora40/build_openssl_h3_tools.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env bash
#
-# Simple script to build OpenSSL and various tools with H3 and QUIC support.
+# Simple script to build OpenSSL and various tools with H3 and QUIC support
+# including quiche+openssl-quictls.
# This probably needs to be modified based on platform.
#
# Licensed to the Apache Software Foundation (ASF) under one
@@ -21,37 +22,35 @@
set -e
-
# This is a slightly modified version of:
-#
https://github.com/apache/trafficserver/blob/19dfdd4753232d0b77ca555f7ef5f5ba3d2ccae1/tools/build_h3_tools.sh
+#
https://github.com/apache/trafficserver/blob/master/tools/build_openssl_h3_tools.sh
#
# This present script been modified from the latter in the following ways:
#
-# * This version checks out specific commits of the repos so that people
-# creating images from the corresponding Dockerfile do not get different
-# versions of these over time.
-#
-# * It also doesn't run sudo since the Dockerfile will run this as root.
+# * It doesn't run sudo since the Dockerfile will run this as root.
#
-# * It also doesn't use a mktemp since the caller sets up a temporary directory
+# * It doesn't use a mktemp since the caller sets up a temporary directory
# that it later removes.
+WORKDIR="$(pwd)"
+
# Update this as the draft we support updates.
OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"}
# Set these, if desired, to change these to your preferred installation
# directory
-BASE=${BASE:-"/opt"}
+BASE=${BASE:-"/opt/h3-tools-openssl"}
OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"}
OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"}
MAKE="make"
+echo "Building openssl/quictls H3 dependencies in ${WORKDIR}. Installation
will be done in ${BASE}"
+
CFLAGS=${CFLAGS:-"-O3 -g"}
CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
if [ -e /etc/redhat-release ]; then
MAKE="gmake"
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64"
echo
"+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your
system: |"
echo "|
|"
@@ -64,7 +63,6 @@ if [ -e /etc/redhat-release ]; then
echo
echo
elif [ -e /etc/debian_version ]; then
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib"
echo
"+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your
system: |"
echo "|
|"
@@ -86,10 +84,6 @@ if [ `uname -s` = "Darwin" ]; then
echo
"+-------------------------------------------------------------------------+"
fi
-if [ -z ${QUICHE_BSSL_PATH+x} ]; then
- QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
-fi
-
set -x
if [ `uname -s` = "Linux" ]
then
@@ -102,68 +96,6 @@ else
num_threads=$(sysctl -n hw.logicalcpu)
fi
-# boringssl
-echo "Building boringssl..."
-
-# We need this go version.
-mkdir -p ${BASE}/go
-
-if [ `uname -m` = "arm64" -o `uname -m` = "aarch64" ]; then
- ARCH="arm64"
-else
- ARCH="amd64"
-fi
-
-if [ `uname -s` = "Darwin" ]; then
- OS="darwin"
-elif [ `uname -s` = "FreeBSD" ]; then
- OS="freebsd"
-else
- OS="linux"
-fi
-
-wget https://go.dev/dl/go1.21.6.${OS}-${ARCH}.tar.gz
-rm -rf ${BASE}/go && tar -C ${BASE} -xf go1.21.6.${OS}-${ARCH}.tar.gz
-rm go1.21.6.${OS}-${ARCH}.tar.gz
-chmod -R a+rX ${BASE}
-
-GO_BINARY_PATH=${BASE}/go/bin/go
-if [ ! -d boringssl ]; then
- git clone https://boringssl.googlesource.com/boringssl
- cd boringssl
- git checkout a1843d660b47116207877614af53defa767be46a
- cd ..
-fi
-cd boringssl
-cmake \
- -B build \
- -DGO_EXECUTABLE=${GO_BINARY_PATH} \
- -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
- -DBUILD_SHARED_LIBS=1
-cmake --build build -j ${num_threads}
-cmake --install build
-chmod -R a+rX ${BASE}
-cd ..
-
-# Build quiche
-# Steps borrowed from:
https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
-echo "Building quiche"
-QUICHE_BASE="${BASE:-/opt}/quiche"
-[ ! -d quiche ] && git clone --recursive
https://github.com/cloudflare/quiche.git
-cd quiche
-git checkout 0.20.1
-QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build
-j4 --package quiche --release --features ffi,pkg-config-meta,qlog
-mkdir -p ${QUICHE_BASE}/lib/pkgconfig
-mkdir -p ${QUICHE_BASE}/include
-cp target/release/libquiche.a ${QUICHE_BASE}/lib/
-[ -f target/release/libquiche.so ] && cp target/release/libquiche.so
${QUICHE_BASE}/lib/
-cp quiche/include/quiche.h ${QUICHE_BASE}/include/
-cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
-chmod -R a+rX ${BASE}
-cd ..
-
echo "Building OpenSSL with QUIC support"
[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1
https://github.com/quictls/openssl.git openssl-quic
cd openssl-quic
@@ -189,6 +121,27 @@ else
fi
LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"}
+# Build quiche
+# Steps borrowed from:
https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
+echo "Building quiche"
+QUICHE_BASE="${BASE:-/opt}/quiche"
+[ ! -d quiche ] && git clone https://github.com/cloudflare/quiche.git
+cd quiche
+git checkout 0.21.0
+
+PKG_CONFIG_PATH="$OPENSSL_LIB"/pkgconfig LD_LIBRARY_PATH="$OPENSSL_LIB" \
+ cargo build -j4 --package quiche --release --features
ffi,pkg-config-meta,qlog,openssl
+
+mkdir -p ${QUICHE_BASE}/lib/pkgconfig
+mkdir -p ${QUICHE_BASE}/include
+cp target/release/libquiche.a ${QUICHE_BASE}/lib/
+[ -f target/release/libquiche.so ] && cp target/release/libquiche.so
${QUICHE_BASE}/lib/
+cp quiche/include/quiche.h ${QUICHE_BASE}/include/
+cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
+chmod -R a+rX ${BASE}
+cd ..
+
+
# Then nghttp3
echo "Building nghttp3..."
[ ! -d nghttp3 ] && git clone --depth 1 -b v1.2.0
https://github.com/ngtcp2/nghttp3.git
