From b24b212ee585d376c618235905757b2445ac6461 Mon Sep 17 00:00:00 2001 From: Muxi Yan Date: Tue, 14 Aug 2018 10:21:27 -0700 Subject: Make symbols of BoringSSL private to gRPC --- tools/buildgen/plugins/grpc_shadow_boringssl.py | 32 +++++++++++++++ .../distrib/check_shadow_boringssl_symbol_list.sh | 32 +++++++++++++++ .../generate_grpc_shadow_boringssl_symbol_list.sh | 45 ++++++++++++++++++++++ .../clang_format_all_the_things.sh | 2 +- tools/doxygen/Doxyfile.core.internal | 1 + tools/run_tests/generated/sources_and_headers.json | 17 ++++++++ tools/run_tests/sanity/sanity_tests.yaml | 1 + 7 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 tools/buildgen/plugins/grpc_shadow_boringssl.py create mode 100755 tools/distrib/check_shadow_boringssl_symbol_list.sh create mode 100755 tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh (limited to 'tools') diff --git a/tools/buildgen/plugins/grpc_shadow_boringssl.py b/tools/buildgen/plugins/grpc_shadow_boringssl.py new file mode 100644 index 0000000000..da4d8c12af --- /dev/null +++ b/tools/buildgen/plugins/grpc_shadow_boringssl.py @@ -0,0 +1,32 @@ +# Copyright 2018 gRPC authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Buldigen generate grpc_shadow_boringssl headers +This script takes the list of symbols from +src/objective-c/grpc_shadow_boringssl_symbols and populate them in +settings.grpc_shadow_boringssl_symbols +""" + + +def mako_plugin(dictionary): + with open('src/objective-c/grpc_shadow_boringssl_symbol_list') as f: + symbols = f.readlines() + # Remove trailing '\n' + symbols = [s.strip() for s in symbols] + # Remove comments + symbols = [s for s in symbols if s[0] != '#'] + # Remove the commit number + del symbols[0] + + settings = dictionary['settings'] + settings['grpc_shadow_boringssl_symbols'] = symbols diff --git a/tools/distrib/check_shadow_boringssl_symbol_list.sh b/tools/distrib/check_shadow_boringssl_symbol_list.sh new file mode 100755 index 0000000000..34ba09e07d --- /dev/null +++ b/tools/distrib/check_shadow_boringssl_symbol_list.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright 2018 gRPC authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# Check if the commit version of BoringSSL podspec, BoringSSL submodule, and +# the shadowed symbol list are all based on the same BoringSSL commit. +set -e + +cd $(dirname $0) + +boringssl_podspec_original="../../src/objective-c/BoringSSL-GRPC.podspec" +symbol_list="../../src/objective-c/grpc_shadow_boringssl_symbol_list" + +# Check BoringSSL version matches +ver1=$(git submodule |grep "boringssl " | awk '{print $1}' | head -n 1) +ver2=$(cat $boringssl_podspec_original | grep ':commit =>' | sed -E 's/.*"(.*)".*/\1/g') +ver3=$(cat $symbol_list | sed -n '2 p') +[ $ver1 == $ver2 ] && [ $ver1 == $ver3 ] || { echo "BoringSSL podspec (src/objective-c/BoringSSL.podspec), BoringSSL submodule (third_party/boringssl), and BoringSSL symbol list (src/objective-c/grpc_shadow_boringssl_symbol_list) commit do not match." ; echo "BoringSSL podspec: $ver1" ; echo "BoringSSL submodule: $ver2" ; echo "BoringSSL symbol list: $ver3" ; exit 1 ; } + +exit 0 diff --git a/tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh b/tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh new file mode 100755 index 0000000000..2e5bb44548 --- /dev/null +++ b/tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# Copyright 2018 gRPC authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Generate the list of boringssl symbols that need to be shadowed based on the +# current boringssl submodule. Requires local toolchain to build boringssl. +set -e + +cd $(dirname $0) + +symbol_list="../../src/objective-c/grpc_shadow_boringssl_symbol_list" + +ssl_lib='../../third_party/boringssl/build/ssl/libssl.a' +crypto_lib='../../third_party/boringssl/build/crypto/libcrypto.a' + +# Generate boringssl archives +( cd ../../third_party/boringssl ; mkdir -p build ; cd build ; cmake .. ; make ) + +# Generate shadow_boringssl.h +outputs="$(nm -C $ssl_lib)"$'\n'"$(nm -C $crypto_lib)" +symbols=$(echo "$outputs" | + grep '^[0-9a-f]* [A-Z] ' | # Only public symbols + grep -v ' bssl::' | # Filter BoringSSL symbols since they are already namespaced + sed 's/(.*//g' | # Remove parenthesis from C++ symbols + grep '^[0-9a-f]* [A-Z] _' | # Filter symbols that is not prefixed with '_' + sed 's/[0-9a-f]* [A-Z] _\(.*\)/\1/g') # Extract the symbol names + +commit=$(git submodule | grep "boringssl " | awk '{print $1}' | head -n 1) + +echo "# Automatically generated by tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh" > $symbol_list +echo $commit >> $symbol_list +echo "$symbols" >> $symbol_list + +exit 0 diff --git a/tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh b/tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh index 3b901ae4bf..0c8ecc21a0 100755 --- a/tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh +++ b/tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh @@ -29,7 +29,7 @@ for dir in $DIRS do for glob in $GLOB do - files="$files `find ${CLANG_FORMAT_ROOT}/$dir -name $glob -and -not -name '*.generated.*' -and -not -name '*.pb.h' -and -not -name '*.pb.c' -and -not -name '*.pb.cc' -and -not -name '*.pbobjc.h' -and -not -name '*.pbobjc.m' -and -not -name '*.pbrpc.h' -and -not -name '*.pbrpc.m' -and -not -name end2end_tests.cc -and -not -name end2end_nosec_tests.cc -and -not -name public_headers_must_be_c89.c`" + files="$files `find ${CLANG_FORMAT_ROOT}/$dir -name $glob -and -not -name '*.generated.*' -and -not -name '*.pb.h' -and -not -name '*.pb.c' -and -not -name '*.pb.cc' -and -not -name '*.pbobjc.h' -and -not -name '*.pbobjc.m' -and -not -name '*.pbrpc.h' -and -not -name '*.pbrpc.m' -and -not -name end2end_tests.cc -and -not -name end2end_nosec_tests.cc -and -not -name public_headers_must_be_c89.c -and -not -name grpc_shadow_boringssl.h`" done done diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index 18f56984fe..a2b7e4fce1 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1501,6 +1501,7 @@ src/core/tsi/alts_transport_security.cc \ src/core/tsi/alts_transport_security.h \ src/core/tsi/fake_transport_security.cc \ src/core/tsi/fake_transport_security.h \ +src/core/tsi/grpc_shadow_boringssl.h \ src/core/tsi/local_transport_security.cc \ src/core/tsi/local_transport_security.h \ src/core/tsi/ssl/session_cache/ssl_session.h \ diff --git a/tools/run_tests/generated/sources_and_headers.json b/tools/run_tests/generated/sources_and_headers.json index a686dae8b4..2e1acc61f4 100644 --- a/tools/run_tests/generated/sources_and_headers.json +++ b/tools/run_tests/generated/sources_and_headers.json @@ -9051,6 +9051,7 @@ "alts_util", "gpr", "grpc_base", + "grpc_shadow_boringssl", "grpc_transport_chttp2_client_insecure", "tsi", "tsi_interface" @@ -10337,6 +10338,7 @@ "alts_tsi", "gpr", "grpc_base", + "grpc_shadow_boringssl", "grpc_transport_chttp2_alpn", "tsi" ], @@ -10446,6 +10448,20 @@ "third_party": false, "type": "filegroup" }, + { + "deps": [], + "headers": [ + "src/core/tsi/grpc_shadow_boringssl.h" + ], + "is_filegroup": true, + "language": "c", + "name": "grpc_shadow_boringssl", + "src": [ + "src/core/tsi/grpc_shadow_boringssl.h" + ], + "third_party": false, + "type": "filegroup" + }, { "deps": [ "cmdline", @@ -10897,6 +10913,7 @@ "deps": [ "gpr", "grpc_base", + "grpc_shadow_boringssl", "grpc_trace", "tsi_interface" ], diff --git a/tools/run_tests/sanity/sanity_tests.yaml b/tools/run_tests/sanity/sanity_tests.yaml index ac0d4c70e5..72bfad90bc 100644 --- a/tools/run_tests/sanity/sanity_tests.yaml +++ b/tools/run_tests/sanity/sanity_tests.yaml @@ -22,4 +22,5 @@ - script: tools/distrib/pylint_code.sh - script: tools/distrib/yapf_code.sh - script: tools/distrib/python/check_grpcio_tools.py +- script: tools/distrib/check_shadow_boringssl_symbol_list.sh cpu_cost: 1000 -- cgit v1.2.3