diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 0000000..6b23bce --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,8 @@ +[target.powerpc-wrs-vxworks] +#linker = "lld" +rustflags = [ + "-Ctarget-cpu=e500", + "-Crelocation-model=static", + "-Ctarget-feature=-crt-static", + "-Zdwarf-version=2", +] diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml new file mode 100644 index 0000000..1488b02 --- /dev/null +++ b/.github/actions/setup/action.yml @@ -0,0 +1,92 @@ +name: 'Setup build tools' +description: 'Action for setting up build tools' +inputs: + gh-token: + description: 'GitHub Access Token' + required: true + go-version: + description: 'Go version' + required: true + default: 'stable' + target: + description: 'OS-arch target being compiled for (e.g., linux-arm64)' +runs: + using: "composite" + steps: + - name: Install system dependencies + run: | + set -x + + lsb_release -a + + sudo apt-get update -y + sudo apt-get install -y --no-install-recommends \ + build-essential \ + clang-12 \ + clang-tools-12 \ + cmake \ + libc++-12-dev \ + libc++abi-12-dev \ + libclang-12-dev \ + libclang1-12 \ + llvm-12 \ + llvm-12-dev \ + lld-12 \ + ninja-build + + echo "CC=$(which clang-12)" >> $GITHUB_ENV + echo "CXX=$GITHUB_WORKSPACE/clang++12" >> $GITHUB_ENV + echo "LD=$(which lld-12)" >> $GITHUB_ENV + shell: bash + if: ${{ matrix.os == 'self-hosted-linux-arm64' }} + + - name: Set up git + run: | + git config --global url."https://${{ inputs.gh-token }}@github.com/".insteadOf https://github.com/ + echo "CARGO_NET_GIT_FETCH_WITH_CLI=true" >> $GITHUB_ENV + shell: bash + + - name: Cache Rust + uses: actions/cache@v3 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + if: ${{ matrix.os != 'self-hosted-linux-arm64' }} + + - name: Install Rustup + uses: spideroak-inc/setup-rust@fork + # Various runners have a 64-bit kernel with a 32-bit userspace. + # Setting rustup's default host to armv7 allows using the 32-bit executables. + - name: Set rustup's host + shell: bash + run: rustup set default-host armv7-unknown-linux-gnueabihf + if: ${{ matrix.os == 'self-hosted-linux-arm' }} + - name: Verify toolchain + shell: bash + run: rustup show active-toolchain + if: ${{ matrix.os == 'self-hosted-linux-arm' }} + - name: cargo version + shell: bash + run: cargo --version --verbose + - name: glibc version + shell: bash + run: ldd --version + if: ${{ matrix.os == 'self-hosted-linux-arm' }} + - name: Intall cargo-all-features + run: cargo install --force cargo-all-features + shell: bash + if: ${{ inputs.target != 'vxworks-ppc' }} + + - name: Setup VxWorks Environment + run: | + rustup toolchain install nightly --component rust-src + echo "RUSTUP_TOOLCHAIN=nightly" >> "$GITHUB_ENV" + echo "CARGO_UNSTABLE_BUILD_STD=core,alloc" >> "$GITHUB_ENV" + echo "CARGO_BUILD_TARGET=powerpc-wrs-vxworks" >> "$GITHUB_ENV" + shell: bash + if: ${{ inputs.target == 'vxworks-ppc' }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..4f9276f --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,63 @@ +name: "Test and Build" + +on: + push: + branches: ["main"] + pull_request: + types: [opened, synchronize, reopened] + workflow_dispatch: + +env: + REV: ${{ github.run_id }} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lint-code: + strategy: + matrix: + os: [ + "macos-latest", + "self-hosted-linux-arm", + "self-hosted-linux-arm64", + "ubuntu-latest", + ] + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - name: Clean temp files + run: rm -rf ${{ github.workspace }}/_temp + if: ${{ matrix.os == 'self-hosted-linux-arm' }} + - uses: ./.github/actions/setup + with: + gh-token: ${{ secrets.CC_BUILD_TOKEN }} + - name: Check formatting + run: cargo fmt --all -- --check + - name: Check code + run: cargo check-all-features + - name: Clippy + run: cargo clippy -- -D warnings + + build: + strategy: + matrix: + os: [ + "macos-latest", + "self-hosted-linux-arm", + "self-hosted-linux-arm64", + "ubuntu-latest", + ] + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v3 + - name: Clean temp files + run: rm -rf ${{ github.workspace }}/_temp + if: ${{ matrix.os == 'self-hosted-linux-arm' }} + - uses: ./.github/actions/setup + with: + gh-token: ${{ secrets.CC_BUILD_TOKEN }} + os: ${{ matrix.os }} + - name: Build code + run: cargo build --verbose --release diff --git a/.github/workflows/vxworks.yml b/.github/workflows/vxworks.yml new file mode 100644 index 0000000..0dfffae --- /dev/null +++ b/.github/workflows/vxworks.yml @@ -0,0 +1,61 @@ +name: "Build for VxWorks" + +on: + push: + branches: ["main"] + pull_request: + types: [opened, synchronize, reopened] + workflow_dispatch: + +env: + REV: ${{ github.run_id }} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + build: + strategy: + matrix: + os: [ + "self-hosted-build-lin-1", + ] + runs-on: ${{ matrix.os }} + env: + PPC: powerpc-wrs-vxworks + PPC_LIB: ${{ github.workspace }}/powerpc-wrs-vxworks/14.0.0/powerpc-wrs-vxworks/lib/msoft-float + PPC_BIN: ${{ github.workspace }}/powerpc-wrs-vxworks/14.0.0/bin + X86: x86_64-linux-gnu + X86_BIN: ${{ github.workspace }}/x86_64-linux-gnu/14.0.0/bin + steps: + - uses: actions/checkout@v3 + - uses: ./.github/actions/setup + with: + gh-token: ${{ secrets.CC_BUILD_TOKEN }} + target: "vxworks-ppc" + # TODO: cache the toolchain + - name: Download gccgo-vxworks + uses: spideroak-inc/action-download-artifact@v2.26.0 + with: + workflow: main.yml + workflow_conclusion: success + check_artifacts: true + search_artifacts: true + branch: libtool + name: ${{ env.PPC }}.tar.gz + repo: spideroak-inc/gccgo-vxworks + github_token: ${{ secrets.CC_BUILD_TOKEN }} + - name: Extract gccgo-vxworks toolchain + run: | + tar -xzf ${{ env.PPC }}.tar.gz + - name: Build + env: + TARGET_AR: ${{ env.PPC_BIN }}/${{ env.PPC }}-ar + TARGET_CC: ${{ env.PPC_BIN }}/${{ env.PPC }}-gcc + TARGET_CXX: ${{ env.PPC_BIN }}/${{ env.PPC }}-g++ + TARGET_LD_LIBRARY_PATH: ${{ env.PPC_LIB }} + TARGET_NM: ${{ env.PPC_BIN }}/${{ env.PPC }}-nm + TARGET_RANLIB: ${{ env.PPC_BIN }}/${{ env.PPC }}-ranlib + TARGET_STRIP: ${{ env.PPC_BIN }}/${{ env.PPC }}-strip + run: cargo build --verbose --release diff --git a/README.md b/README.md index 9d4837b..60df9b1 100644 --- a/README.md +++ b/README.md @@ -17,5 +17,5 @@ Other options include: can be found. (Note: make sure this stays up-to-date with the source files!) -Note that `BEARSSL_GIT_HASH`, `BEArSSL_PRECOMPILED_PATH`, and +Note that `BEARSSL_GIT_HASH`, `BEARSSL_PRECOMPILED_PATH`, and `BEARSSL_SOURCE_PATH` are mutually exclusive. diff --git a/build.rs b/build.rs index bc0a4c4..e4ae6f4 100644 --- a/build.rs +++ b/build.rs @@ -121,12 +121,38 @@ fn main() -> Result<()> { Sources::Raw(dir) => { println!("cargo:warning=compiling BearSSL at {:?}", dir); - cc::Build::new() + let mut build = cc::Build::new(); + build .include(dir.join("inc")) .include(dir.join("src")) .files(find(&dir, "src/**/*.c")?) - .opt_level_str("s") - .compile("bearssl"); + .opt_level_str("s"); + + match std::env::var("CARGO_CFG_TARGET_OS")?.as_str() { + "linux" => { + build + .flag("-Wstack-protector") + .flag("-fstack-protector-all"); + } + "vxworks" => { + build + .static_flag(true) + .flag("-mrtp") + .flag("-msoft-float") + .flag("-mstrict-align") + .flag("-mregnames") + .flag("-fno-split-stack") + .flag("-fno-strict-aliasing") + .flag("-Wstack-protector") + .flag("-fstack-protector-all") + .flag("-gdwarf-2") + .define("_C99", None) + .define("_HAS_C9X", None); + } + _ => {} + } + + build.compile("bearssl"); dir } diff --git a/rust-toolchain.toml b/rust-toolchain.toml new file mode 100644 index 0000000..85f3606 --- /dev/null +++ b/rust-toolchain.toml @@ -0,0 +1,4 @@ +[toolchain] +channel = "stable" +components = ["rustfmt", "clippy"] +profile = "minimal"