From f1f76bf501eedc5e8334313b033459107e0b0f33 Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Wed, 6 Sep 2023 03:51:44 +0000 Subject: [PATCH] feat: add boringcrypto builds for linux This reverts commit da0ef92f771f68ecb63a280b36d94f76a023847d. --- buildinfo/boring.go | 7 +++++++ buildinfo/buildinfo.go | 4 ++++ buildinfo/notboring.go | 5 +++++ cli/version.go | 25 +++++++++++++++---------- cli/version_test.go | 3 ++- scripts/build_go.sh | 22 +++++++++++++++++++--- 6 files changed, 52 insertions(+), 14 deletions(-) create mode 100644 buildinfo/boring.go create mode 100644 buildinfo/notboring.go diff --git a/buildinfo/boring.go b/buildinfo/boring.go new file mode 100644 index 0000000000000..ec2f0b4e3c286 --- /dev/null +++ b/buildinfo/boring.go @@ -0,0 +1,7 @@ +//go:build boringcrypto + +package buildinfo + +import "crypto/boring" + +var boringcrypto = boring.Enabled() diff --git a/buildinfo/buildinfo.go b/buildinfo/buildinfo.go index bafd3a916bcf2..bf35d4eca5143 100644 --- a/buildinfo/buildinfo.go +++ b/buildinfo/buildinfo.go @@ -87,6 +87,10 @@ func IsAGPL() bool { return strings.Contains(agpl, "t") } +func IsBoringCrypto() bool { + return boringcrypto +} + // ExternalURL returns a URL referencing the current Coder version. // For production builds, this will link directly to a release. // For development builds, this will link to a commit. diff --git a/buildinfo/notboring.go b/buildinfo/notboring.go new file mode 100644 index 0000000000000..70799b2c8d1eb --- /dev/null +++ b/buildinfo/notboring.go @@ -0,0 +1,5 @@ +//go:build !boringcrypto + +package buildinfo + +var boringcrypto = false diff --git a/cli/version.go b/cli/version.go index 84e45fb74fe22..70cac4f78d8e6 100644 --- a/cli/version.go +++ b/cli/version.go @@ -13,11 +13,12 @@ import ( // versionInfo wraps the stuff we get from buildinfo so that it's // easier to emit in different formats. type versionInfo struct { - Version string `json:"version"` - BuildTime time.Time `json:"build_time"` - ExternalURL string `json:"external_url"` - Slim bool `json:"slim"` - AGPL bool `json:"agpl"` + Version string `json:"version"` + BuildTime time.Time `json:"build_time"` + ExternalURL string `json:"external_url"` + Slim bool `json:"slim"` + AGPL bool `json:"agpl"` + BoringCrypto bool `json:"boring_crypto"` } // String() implements Stringer @@ -28,6 +29,9 @@ func (vi versionInfo) String() string { _, _ = str.WriteString("(AGPL) ") } _, _ = str.WriteString(vi.Version) + if vi.BoringCrypto { + _, _ = str.WriteString(" BoringCrypto") + } if !vi.BuildTime.IsZero() { _, _ = str.WriteString(" " + vi.BuildTime.Format(time.UnixDate)) @@ -45,11 +49,12 @@ func (vi versionInfo) String() string { func defaultVersionInfo() *versionInfo { buildTime, _ := buildinfo.Time() return &versionInfo{ - Version: buildinfo.Version(), - BuildTime: buildTime, - ExternalURL: buildinfo.ExternalURL(), - Slim: buildinfo.IsSlim(), - AGPL: buildinfo.IsAGPL(), + Version: buildinfo.Version(), + BuildTime: buildTime, + ExternalURL: buildinfo.ExternalURL(), + Slim: buildinfo.IsSlim(), + AGPL: buildinfo.IsAGPL(), + BoringCrypto: buildinfo.IsBoringCrypto(), } } diff --git a/cli/version_test.go b/cli/version_test.go index 20068d29bf124..76c4f4392fbd7 100644 --- a/cli/version_test.go +++ b/cli/version_test.go @@ -34,7 +34,8 @@ Full build of Coder, supports the  server  subcomm "build_time": "0001-01-01T00:00:00Z", "external_url": "https://github.com/coder/coder", "slim": false, - "agpl": false + "agpl": false, + "boring_crypto": false } ` for _, tt := range []struct { diff --git a/scripts/build_go.sh b/scripts/build_go.sh index df5ea96085242..bf435477fcb3e 100755 --- a/scripts/build_go.sh +++ b/scripts/build_go.sh @@ -2,7 +2,7 @@ # This script builds a single Go binary of Coder with the given parameters. # -# Usage: ./build_go.sh [--version 1.2.3-devel+abcdef] [--os linux] [--arch amd64] [--output path/to/output] [--slim] [--agpl] +# Usage: ./build_go.sh [--version 1.2.3-devel+abcdef] [--os linux] [--arch amd64] [--output path/to/output] [--slim] [--agpl] [--boringcrypto] # # Defaults to linux:amd64 with slim disabled, but can be controlled with GOOS, # GOARCH and CODER_SLIM_BUILD=1. If no version is specified, defaults to the @@ -22,6 +22,9 @@ # # If the --agpl parameter is specified, builds only the AGPL-licensed code (no # Coder enterprise features). +# +# If the --boringcrypto parameter is specified, builds use boringcrypto instead of +# the standard go crypto libraries. set -euo pipefail # shellcheck source=scripts/lib.sh @@ -34,8 +37,9 @@ slim="${CODER_SLIM_BUILD:-0}" sign_darwin="${CODER_SIGN_DARWIN:-0}" output_path="" agpl="${CODER_BUILD_AGPL:-0}" +boringcrypto=${CODER_BUILD_BORINGCRYPTO:-0} -args="$(getopt -o "" -l version:,os:,arch:,output:,slim,agpl,sign-darwin -- "$@")" +args="$(getopt -o "" -l version:,os:,arch:,output:,slim,agpl,sign-darwin,boringcrypto -- "$@")" eval set -- "$args" while true; do case "$1" in @@ -68,6 +72,10 @@ while true; do sign_darwin=1 shift ;; + --boringcrypto) + boringcrypto=1 + shift + ;; --) shift break @@ -140,7 +148,15 @@ cmd_path="./enterprise/cmd/coder" if [[ "$agpl" == 1 ]]; then cmd_path="./cmd/coder" fi -CGO_ENABLED=0 GOOS="$os" GOARCH="$arch" GOARM="$arm_version" go build \ + +cgo=0 +goexp="" +if [[ "$boringcrypto" == 1 ]]; then + cgo=1 + goexp="boringcrypto" +fi + +GOEXPERIMENT="$goexp" CGO_ENABLED="$cgo" GOOS="$os" GOARCH="$arch" GOARM="$arm_version" go build \ "${build_args[@]}" \ "$cmd_path" 1>&2