aboutsummaryrefslogtreecommitdiffhomepage
path: root/tools
diff options
context:
space:
mode:
authorGravatar Muxi Yan <muxi@users.noreply.github.com>2018-08-24 09:34:58 -0700
committerGravatar GitHub <noreply@github.com>2018-08-24 09:34:58 -0700
commit35479b8a80c9c47937dbda2dfe173fc2c3b91873 (patch)
tree7452b6a53fb47fa8b392f9e990667d0806c31d64 /tools
parent088454b0b16894c90416d5d5ec6e202aaf73a3c7 (diff)
parent571109e40030548a17ea10ff208a1dec6b79f8a3 (diff)
Merge pull request #16358 from muxi/privatize-boringssl
Make symbols of BoringSSL private
Diffstat (limited to 'tools')
-rw-r--r--tools/buildgen/plugins/grpc_shadow_boringssl.py32
-rwxr-xr-xtools/distrib/check_shadow_boringssl_symbol_list.sh32
-rwxr-xr-xtools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh45
-rwxr-xr-xtools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh2
-rw-r--r--tools/doxygen/Doxyfile.core.internal1
-rw-r--r--tools/run_tests/generated/sources_and_headers.json17
-rw-r--r--tools/run_tests/sanity/sanity_tests.yaml1
7 files changed, 129 insertions, 1 deletions
diff --git a/tools/buildgen/plugins/grpc_shadow_boringssl.py b/tools/buildgen/plugins/grpc_shadow_boringssl.py
new file mode 100644
index 0000000000..da4d8c12af
--- /dev/null
+++ b/tools/buildgen/plugins/grpc_shadow_boringssl.py
@@ -0,0 +1,32 @@
+# Copyright 2018 gRPC authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Buldigen generate grpc_shadow_boringssl headers
+This script takes the list of symbols from
+src/objective-c/grpc_shadow_boringssl_symbols and populate them in
+settings.grpc_shadow_boringssl_symbols
+"""
+
+
+def mako_plugin(dictionary):
+ with open('src/objective-c/grpc_shadow_boringssl_symbol_list') as f:
+ symbols = f.readlines()
+ # Remove trailing '\n'
+ symbols = [s.strip() for s in symbols]
+ # Remove comments
+ symbols = [s for s in symbols if s[0] != '#']
+ # Remove the commit number
+ del symbols[0]
+
+ settings = dictionary['settings']
+ settings['grpc_shadow_boringssl_symbols'] = symbols
diff --git a/tools/distrib/check_shadow_boringssl_symbol_list.sh b/tools/distrib/check_shadow_boringssl_symbol_list.sh
new file mode 100755
index 0000000000..34ba09e07d
--- /dev/null
+++ b/tools/distrib/check_shadow_boringssl_symbol_list.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Copyright 2018 gRPC authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Check if the commit version of BoringSSL podspec, BoringSSL submodule, and
+# the shadowed symbol list are all based on the same BoringSSL commit.
+set -e
+
+cd $(dirname $0)
+
+boringssl_podspec_original="../../src/objective-c/BoringSSL-GRPC.podspec"
+symbol_list="../../src/objective-c/grpc_shadow_boringssl_symbol_list"
+
+# Check BoringSSL version matches
+ver1=$(git submodule |grep "boringssl " | awk '{print $1}' | head -n 1)
+ver2=$(cat $boringssl_podspec_original | grep ':commit =>' | sed -E 's/.*"(.*)".*/\1/g')
+ver3=$(cat $symbol_list | sed -n '2 p')
+[ $ver1 == $ver2 ] && [ $ver1 == $ver3 ] || { echo "BoringSSL podspec (src/objective-c/BoringSSL.podspec), BoringSSL submodule (third_party/boringssl), and BoringSSL symbol list (src/objective-c/grpc_shadow_boringssl_symbol_list) commit do not match." ; echo "BoringSSL podspec: $ver1" ; echo "BoringSSL submodule: $ver2" ; echo "BoringSSL symbol list: $ver3" ; exit 1 ; }
+
+exit 0
diff --git a/tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh b/tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh
new file mode 100755
index 0000000000..2e5bb44548
--- /dev/null
+++ b/tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+# Copyright 2018 gRPC authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Generate the list of boringssl symbols that need to be shadowed based on the
+# current boringssl submodule. Requires local toolchain to build boringssl.
+set -e
+
+cd $(dirname $0)
+
+symbol_list="../../src/objective-c/grpc_shadow_boringssl_symbol_list"
+
+ssl_lib='../../third_party/boringssl/build/ssl/libssl.a'
+crypto_lib='../../third_party/boringssl/build/crypto/libcrypto.a'
+
+# Generate boringssl archives
+( cd ../../third_party/boringssl ; mkdir -p build ; cd build ; cmake .. ; make )
+
+# Generate shadow_boringssl.h
+outputs="$(nm -C $ssl_lib)"$'\n'"$(nm -C $crypto_lib)"
+symbols=$(echo "$outputs" |
+ grep '^[0-9a-f]* [A-Z] ' | # Only public symbols
+ grep -v ' bssl::' | # Filter BoringSSL symbols since they are already namespaced
+ sed 's/(.*//g' | # Remove parenthesis from C++ symbols
+ grep '^[0-9a-f]* [A-Z] _' | # Filter symbols that is not prefixed with '_'
+ sed 's/[0-9a-f]* [A-Z] _\(.*\)/\1/g') # Extract the symbol names
+
+commit=$(git submodule | grep "boringssl " | awk '{print $1}' | head -n 1)
+
+echo "# Automatically generated by tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh" > $symbol_list
+echo $commit >> $symbol_list
+echo "$symbols" >> $symbol_list
+
+exit 0
diff --git a/tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh b/tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh
index 3b901ae4bf..0c8ecc21a0 100755
--- a/tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh
+++ b/tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh
@@ -29,7 +29,7 @@ for dir in $DIRS
do
for glob in $GLOB
do
- files="$files `find ${CLANG_FORMAT_ROOT}/$dir -name $glob -and -not -name '*.generated.*' -and -not -name '*.pb.h' -and -not -name '*.pb.c' -and -not -name '*.pb.cc' -and -not -name '*.pbobjc.h' -and -not -name '*.pbobjc.m' -and -not -name '*.pbrpc.h' -and -not -name '*.pbrpc.m' -and -not -name end2end_tests.cc -and -not -name end2end_nosec_tests.cc -and -not -name public_headers_must_be_c89.c`"
+ files="$files `find ${CLANG_FORMAT_ROOT}/$dir -name $glob -and -not -name '*.generated.*' -and -not -name '*.pb.h' -and -not -name '*.pb.c' -and -not -name '*.pb.cc' -and -not -name '*.pbobjc.h' -and -not -name '*.pbobjc.m' -and -not -name '*.pbrpc.h' -and -not -name '*.pbrpc.m' -and -not -name end2end_tests.cc -and -not -name end2end_nosec_tests.cc -and -not -name public_headers_must_be_c89.c -and -not -name grpc_shadow_boringssl.h`"
done
done
diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal
index a08ce0b9ff..c1706fd070 100644
--- a/tools/doxygen/Doxyfile.core.internal
+++ b/tools/doxygen/Doxyfile.core.internal
@@ -1508,6 +1508,7 @@ src/core/tsi/alts_transport_security.cc \
src/core/tsi/alts_transport_security.h \
src/core/tsi/fake_transport_security.cc \
src/core/tsi/fake_transport_security.h \
+src/core/tsi/grpc_shadow_boringssl.h \
src/core/tsi/local_transport_security.cc \
src/core/tsi/local_transport_security.h \
src/core/tsi/ssl/session_cache/ssl_session.h \
diff --git a/tools/run_tests/generated/sources_and_headers.json b/tools/run_tests/generated/sources_and_headers.json
index bff045f786..3cb3fe20da 100644
--- a/tools/run_tests/generated/sources_and_headers.json
+++ b/tools/run_tests/generated/sources_and_headers.json
@@ -9068,6 +9068,7 @@
"alts_util",
"gpr",
"grpc_base",
+ "grpc_shadow_boringssl",
"grpc_transport_chttp2_client_insecure",
"tsi",
"tsi_interface"
@@ -10357,6 +10358,7 @@
"alts_tsi",
"gpr",
"grpc_base",
+ "grpc_shadow_boringssl",
"grpc_transport_chttp2_alpn",
"tsi"
],
@@ -10473,6 +10475,20 @@
"type": "filegroup"
},
{
+ "deps": [],
+ "headers": [
+ "src/core/tsi/grpc_shadow_boringssl.h"
+ ],
+ "is_filegroup": true,
+ "language": "c",
+ "name": "grpc_shadow_boringssl",
+ "src": [
+ "src/core/tsi/grpc_shadow_boringssl.h"
+ ],
+ "third_party": false,
+ "type": "filegroup"
+ },
+ {
"deps": [
"cmdline",
"gpr",
@@ -10923,6 +10939,7 @@
"deps": [
"gpr",
"grpc_base",
+ "grpc_shadow_boringssl",
"grpc_trace",
"tsi_interface"
],
diff --git a/tools/run_tests/sanity/sanity_tests.yaml b/tools/run_tests/sanity/sanity_tests.yaml
index 91b53eb38d..fd9b34a198 100644
--- a/tools/run_tests/sanity/sanity_tests.yaml
+++ b/tools/run_tests/sanity/sanity_tests.yaml
@@ -22,4 +22,5 @@
- script: tools/distrib/pylint_code.sh
- script: tools/distrib/yapf_code.sh
- script: tools/distrib/python/check_grpcio_tools.py
+- script: tools/distrib/check_shadow_boringssl_symbol_list.sh
cpu_cost: 1000