Skip to content

Commit

Permalink
build: drop configuring external mbedtls
Browse files Browse the repository at this point in the history
This also fixes a possible header mismatch, as the interface feature was
wanting an external mbedtls header file to build against, but would
generate the bindings and compile the shim library against the local
vendored mbedtls. On an ABI change, things would have been broken.

To fix this, and not require the vendored package, use the externally
supplied mbedtls found through the env var or pkg-config.

Signed-off-by: Bill Roberts <bill.roberts@arm.com>
  • Loading branch information
billatarm authored and tgonzalezorlandoarm committed Feb 2, 2024
1 parent d763203 commit 7695a58
Showing 1 changed file with 42 additions and 44 deletions.
86 changes: 42 additions & 44 deletions psa-crypto-sys/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ mod common {

use std::env;
use std::io::{Error, ErrorKind, Result};
use std::path::{Path, PathBuf};
use std::path::PathBuf;

#[cfg(any(feature = "prefix", feature = "operations"))]
pub fn get_external_mbedtls() -> Option<Result<(String, String)>> {
Expand Down Expand Up @@ -133,41 +133,6 @@ mod common {
))
}

pub fn configure_mbed_crypto() -> Result<()> {
let mbedtls_dir = String::from("./vendor");
let mbedtls_config = mbedtls_dir + "/scripts/config.py";

println!("cargo:rerun-if-changed=src/c/shim.c");
println!("cargo:rerun-if-changed=src/c/shim.h");

let out_dir = env::var("OUT_DIR").unwrap();

// Check for Mbed TLS sources
if !Path::new(&mbedtls_config).exists() {
return Err(Error::new(
ErrorKind::Other,
"MbedTLS config.py is missing. Have you run 'git submodule update --init'?",
));
}

// Configure the MbedTLS build for making Mbed Crypto
if !::std::process::Command::new(mbedtls_config)
.arg("--write")
.arg(&(out_dir + "/" + CONFIG_FILE))
.arg("crypto")
.status()
.map_err(|_| Error::new(ErrorKind::Other, "configuring mbedtls failed"))?
.success()
{
return Err(Error::new(
ErrorKind::Other,
"config.py returned an error status",
));
}

Ok(())
}

#[cfg(feature = "prefix")]
// Cargo provides the crate version from Cargo.toml in the environment.
const VERSION: &str = env!("CARGO_PKG_VERSION");
Expand Down Expand Up @@ -282,10 +247,8 @@ mod interface {
pub fn script_interface() -> Result<()> {
let include_dir = common::get_external_mbedtls_include_only()?;

// TODO: Does interface need the vendored mbedtls?
common::configure_mbed_crypto()?;
common::generate_mbed_crypto_bindings(include_dir.clone(), false)?;
let _ = common::compile_shim_library(include_dir, true, false)?;
common::generate_mbed_crypto_bindings(include_dir.clone(), true)?;
let _ = common::compile_shim_library(include_dir, true, true)?;
Ok(())
}
}
Expand All @@ -297,12 +260,47 @@ mod operations {
use super::common::prefix;
use cmake::Config;
use std::env;
use std::io::Result;
#[cfg(feature = "prefix")]
use std::io::Write;
use std::path::PathBuf;
use std::io::{Error, ErrorKind, Result};
use std::path::{Path, PathBuf};
use walkdir::WalkDir;

pub fn configure_mbed_crypto() -> Result<()> {
let mbedtls_dir = String::from("./vendor");
let mbedtls_config = mbedtls_dir + "/scripts/config.py";

println!("cargo:rerun-if-changed=src/c/shim.c");
println!("cargo:rerun-if-changed=src/c/shim.h");

let out_dir = env::var("OUT_DIR").unwrap();

// Check for Mbed TLS sources
if !Path::new(&mbedtls_config).exists() {
return Err(Error::new(
ErrorKind::Other,
"MbedTLS config.py is missing. Have you run 'git submodule update --init'?",
));
}

// Configure the MbedTLS build for making Mbed Crypto
if !::std::process::Command::new(mbedtls_config)

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification

Check failure on line 287 in psa-crypto-sys/build.rs

View workflow job for this annotation

GitHub Actions / Check for unused dependencies

unnecessary qualification
.arg("--write")
.arg(&(out_dir + "/" + common::CONFIG_FILE))
.arg("crypto")
.status()
.map_err(|_| Error::new(ErrorKind::Other, "configuring mbedtls failed"))?
.success()
{
return Err(Error::new(
ErrorKind::Other,
"config.py returned an error status",
));
}

Ok(())
}

fn compile_mbed_crypto() -> Result<PathBuf> {
let mbedtls_dir = String::from("./vendor");
let out_dir = env::var("OUT_DIR").unwrap();
Expand Down Expand Up @@ -360,7 +358,7 @@ mod operations {
}
None => {
println!("Did not find external MBEDTLS, building MbedTLS!");
common::configure_mbed_crypto()?;
configure_mbed_crypto()?;
let mut mbed_lib_dir = compile_mbed_crypto()?;
let mut mbed_include_dir = mbed_lib_dir.clone();
mbed_lib_dir.push("lib");
Expand Down Expand Up @@ -407,7 +405,7 @@ mod operations {
}
None => {
println!("Did not find environment variables, building MbedTLS!");
common::configure_mbed_crypto()?;
configure_mbed_crypto()?;
let mut mbed_lib_dir = compile_mbed_crypto()?;
let mut mbed_include_dir = mbed_lib_dir.clone();
mbed_lib_dir.push("lib");
Expand Down

0 comments on commit 7695a58

Please sign in to comment.