Materialize/misc/bazel/c_deps/BUILD.openssl.bazel

# Copyright Materialize, Inc. and contributors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License in the LICENSE file at the
# root of this repository, or online at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""
A build file for OpenSSL that is compatible with the Rust crate openssl-sys.

Adapted from the OpenSSL build file in the `rules_rust` examples:
https://github.com/bazelbuild/rules_rust/blob/21eed19188c0359d72f9a508a0c0e7040ff20070/examples/crate_universe/multi_package/3rdparty/BUILD.openssl.bazel
"""

load("@aspect_bazel_lib//lib:copy_file.bzl", "copy_file")
load("@aspect_bazel_lib//lib:copy_to_directory.bzl", "copy_to_directory")
load("@bazel_skylib//rules:select_file.bzl", "select_file")
load("@rules_foreign_cc//foreign_cc:defs.bzl", "configure_make")

# Read https://wiki.openssl.org/index.php/Compilation_and_Installation

filegroup(
    name = "all_srcs",
    srcs = glob(
        include = ["**"],
        exclude = ["*.bazel"],
    ),
)

# Copied from `openssl-src-rs`
#
# See https://github.com/alexcrichton/openssl-src-rs/blob/599f48490e62bcd03ba02d8c9357c9a1fed1c255/src/lib.rs#L179
#
# TODO(parkmycar): Lint that these options are the same ones enabled by `openssl-src`.
CONFIGURE_OPTIONS = [
    # No shared objects, only static libraries.
    "no-dso",
    "no-shared",
    # Should be off by default, but let's be extra sure.
    "no-ssl3",
    # No need to build tests, we don't run them.
    "no-tests",
    # Nothing related to zlib.
    "no-comp",
    "no-zlib",
    "no-zlib-dynamic",
    # Avoid multilib-postfix for build targets that specify it
    "--libdir=lib",
    # No weak crypto.
    "no-md2",
    "no-rc5",
    "no-weak-ssl-ciphers",
    # Additional flags.
    "no-camellia",
    "no-idea",
    "no-seed",
]

LIB_NAME = "openssl"

MAKE_TARGETS = [
    "build_libs",
    "install_dev",
]

configure_make(
    name = "openssl",
    # TODO(parkmycar): Figure out how to dynamically provide a number of jobs to foreign_cc rules.
    args = ["-j8"],
    # darwin/macOS defaults to using libtool but openSSL3 fails linking with
    # the generated archive, so we switch to `llvm-ar`.
    build_data = select({
        "@platforms//os:macos": ["@llvm_toolchain_llvm//:ar"],
        "//conditions:default": {},
    }),
    configure_command = "config",
    configure_in_place = True,
    configure_options = CONFIGURE_OPTIONS + select(
        {
            "@//misc/bazel/platforms:linux_arm": ["linux-aarch64"],
            "@//misc/bazel/platforms:linux_x86_64": ["linux-x86_64"],
            "@//misc/bazel/platforms:macos_arm": ["darwin64-arm64-cc"],
            "@//misc/bazel/platforms:macos_x86_64": ["darwin64-x86_64-cc"],
        },
        no_match_error = "The specified platform is not supported.",
    ) + select({
        "@platforms//os:macos": ["ARFLAGS=r"],
        "//conditions:default": [],
    }) + select(
        {
            "@//misc/bazel/platforms:sanitizer_none": [],
            "@//misc/bazel/platforms:sanitizer_address": [],
            # When we build with the hardware assisted address sanitizer
            # linking fails with some ASM instructions being out of range.
            "@//misc/bazel/platforms:sanitizer_hwaddress": ["no-asm"],
        },
        no_match_error = "Please configure OpenSSL to build with this sanitizer.",
    ),
    env = select({
        "@platforms//os:macos": {"AR": "$(execpath @llvm_toolchain_llvm//:ar)"},
        "//conditions:default": {},
    }),
    lib_name = LIB_NAME,
    lib_source = ":all_srcs",
    # Note that for Linux builds, libssl must come before libcrypto on the linker command-line.
    # As such, libssl must be listed before libcrypto
    out_static_libs = [
        "libssl.a",
        "libcrypto.a",
    ],
    targets = MAKE_TARGETS,
    visibility = ["//visibility:public"],
)

# Captures all of the outputs of the "openssl" rule into a single group.
filegroup(
    name = "out_dir",
    srcs = [":openssl"],
    visibility = ["//visibility:public"],
)

# There are two nuances here we're accounting for:
#
# 1. The Rust crate openssl-sys expects the static libs to be in a single
#    directory, specified with `OPENSSL_LIB_DIR`. We use `copy_to_directory` to
#    group everything together.
# 2. `rustc` (or the linker?) can't find the static libs through a symlink, so
#    we explicitly copy the files into the aforementioned directory.
#    `copy_file` + `copy_to_directory` forces bazel to produce real files in
#    the right place, not just symlinks.
#
select_file(
    name = "libssl",
    srcs = ":out_dir",
    subpath = "libssl.a",
)

copy_file(
    name = "libssl_copy",
    src = ":libssl",
    out = "libssl.a",
    allow_symlink = False,
)

select_file(
    name = "libcrypto",
    srcs = ":out_dir",
    subpath = "libcrypto.a",
)

copy_file(
    name = "libcrypto_copy",
    src = ":libcrypto",
    out = "libcrypto.a",
    allow_symlink = False,
)

copy_to_directory(
    name = "openssl_lib",
    srcs = [
        ":libcrypto_copy",
        ":libssl_copy",
    ],
    visibility = ["//visibility:public"],
)

# Select the include folder so we can specify `OPENSSL_INCLUDE_DIR`
select_file(
    name = "openssl_include",
    srcs = ":out_dir",
    subpath = "include",
    visibility = ["//visibility:public"],
)

copy_to_directory(
    name = "openssl_root",
    srcs = [
        ":libcrypto_copy",
        ":libssl_copy",
        ":openssl_include",
    ],
    root_paths = [
        ".",
        "openssl",
    ],
    visibility = ["//visibility:public"],
)