# Copyright Materialize, Inc. and contributors. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License in the LICENSE file at the # root of this repository, or online at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """ A build file for OpenSSL that is compatible with the Rust crate openssl-sys. Adapted from the OpenSSL build file in the `rules_rust` examples: https://github.com/bazelbuild/rules_rust/blob/21eed19188c0359d72f9a508a0c0e7040ff20070/examples/crate_universe/multi_package/3rdparty/BUILD.openssl.bazel """ load("@aspect_bazel_lib//lib:copy_file.bzl", "copy_file") load("@aspect_bazel_lib//lib:copy_to_directory.bzl", "copy_to_directory") load("@bazel_skylib//rules:select_file.bzl", "select_file") load("@rules_foreign_cc//foreign_cc:defs.bzl", "configure_make") # Read https://wiki.openssl.org/index.php/Compilation_and_Installation filegroup( name = "all_srcs", srcs = glob( include = ["**"], exclude = ["*.bazel"], ), ) # Copied from `openssl-src-rs` # # See https://github.com/alexcrichton/openssl-src-rs/blob/599f48490e62bcd03ba02d8c9357c9a1fed1c255/src/lib.rs#L179 # # TODO(parkmycar): Lint that these options are the same ones enabled by `openssl-src`. CONFIGURE_OPTIONS = [ # No shared objects, only static libraries. "no-dso", "no-shared", # Should be off by default, but let's be extra sure. "no-ssl3", # No need to build tests, we don't run them. "no-tests", # Nothing related to zlib. "no-comp", "no-zlib", "no-zlib-dynamic", # Avoid multilib-postfix for build targets that specify it "--libdir=lib", # No weak crypto. "no-md2", "no-rc5", "no-weak-ssl-ciphers", # Additional flags. "no-camellia", "no-idea", "no-seed", ] LIB_NAME = "openssl" MAKE_TARGETS = [ "build_libs", "install_dev", ] configure_make( name = "openssl", # TODO(parkmycar): Figure out how to dynamically provide a number of jobs to foreign_cc rules. args = ["-j8"], # darwin/macOS defaults to using libtool but openSSL3 fails linking with # the generated archive, so we switch to `llvm-ar`. build_data = select({ "@platforms//os:macos": ["@llvm_toolchain_llvm//:ar"], "//conditions:default": {}, }), configure_command = "config", configure_in_place = True, configure_options = CONFIGURE_OPTIONS + select( { "@//misc/bazel/platforms:linux_arm": ["linux-aarch64"], "@//misc/bazel/platforms:linux_x86_64": ["linux-x86_64"], "@//misc/bazel/platforms:macos_arm": ["darwin64-arm64-cc"], "@//misc/bazel/platforms:macos_x86_64": ["darwin64-x86_64-cc"], }, no_match_error = "The specified platform is not supported.", ) + select({ "@platforms//os:macos": ["ARFLAGS=r"], "//conditions:default": [], }) + select( { "@//misc/bazel/platforms:sanitizer_none": [], "@//misc/bazel/platforms:sanitizer_address": [], # When we build with the hardware assisted address sanitizer # linking fails with some ASM instructions being out of range. "@//misc/bazel/platforms:sanitizer_hwaddress": ["no-asm"], }, no_match_error = "Please configure OpenSSL to build with this sanitizer.", ), env = select({ "@platforms//os:macos": {"AR": "$(execpath @llvm_toolchain_llvm//:ar)"}, "//conditions:default": {}, }), lib_name = LIB_NAME, lib_source = ":all_srcs", # Note that for Linux builds, libssl must come before libcrypto on the linker command-line. # As such, libssl must be listed before libcrypto out_static_libs = [ "libssl.a", "libcrypto.a", ], targets = MAKE_TARGETS, visibility = ["//visibility:public"], ) # Captures all of the outputs of the "openssl" rule into a single group. filegroup( name = "out_dir", srcs = [":openssl"], visibility = ["//visibility:public"], ) # There are two nuances here we're accounting for: # # 1. The Rust crate openssl-sys expects the static libs to be in a single # directory, specified with `OPENSSL_LIB_DIR`. We use `copy_to_directory` to # group everything together. # 2. `rustc` (or the linker?) can't find the static libs through a symlink, so # we explicitly copy the files into the aforementioned directory. # `copy_file` + `copy_to_directory` forces bazel to produce real files in # the right place, not just symlinks. # select_file( name = "libssl", srcs = ":out_dir", subpath = "libssl.a", ) copy_file( name = "libssl_copy", src = ":libssl", out = "libssl.a", allow_symlink = False, ) select_file( name = "libcrypto", srcs = ":out_dir", subpath = "libcrypto.a", ) copy_file( name = "libcrypto_copy", src = ":libcrypto", out = "libcrypto.a", allow_symlink = False, ) copy_to_directory( name = "openssl_lib", srcs = [ ":libcrypto_copy", ":libssl_copy", ], visibility = ["//visibility:public"], ) # Select the include folder so we can specify `OPENSSL_INCLUDE_DIR` select_file( name = "openssl_include", srcs = ":out_dir", subpath = "include", visibility = ["//visibility:public"], ) copy_to_directory( name = "openssl_root", srcs = [ ":libcrypto_copy", ":libssl_copy", ":openssl_include", ], root_paths = [ ".", "openssl", ], visibility = ["//visibility:public"], )