I've kept the LLVM things back for now because Chrome seems to be in
some weird halfway point where libc++abi depends on a macro that libc++
doesn't have yet? I'm not really sure what's going on there and why it's
building for Chrome, but hopefully next time it will have settled.
I've also, for now, kept bazel at 7.5.0. We probably shouldn't update to
8.x on CI until that's our minimum version. There is a 7.6.1, but CIPD's
Bazel packages seem to only make a build for a version if newer than the
latest one, so all 7.x versions after 8.0.0's release are missing.
We may need to do something about this later, but ignoring the problem
for now.
Change-Id: Id17a3b394f68659e91a6dc563aaa40cd6912c1db
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/79327
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Notably Go and rules_cc, but also pick up the rest while I'm here.
Updating libc++ once again required reworking the config. They seem to
change it every couple of weeks.
Bug: 396087264
Change-Id: Ied0f6fa11cd8c34fe9f0f87e63fd6283a699a22c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/76167
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
We use the standard Apache 2.0 file header, described in "APPENDIX: How
to apply the Apache License to your work."
This was primarily automated by running:
git ls-tree -r --name-only HEAD | xargs go run ./util/relicense.go
See go/boringssl-relicensing-triage for the results of triaging the
output of the tool.
As part of this, switch from taking fiat-crypto under MIT license to
Apache 2.0. (It is licensed under MIT OR Apache-2.0 OR BSD-1-Clause.)
The copyright_summary tool can also be used to confirm we didn't
accidentally drop any copyright lines:
# Run before the CL
git grep -l Copyright | xargs go run ./util/copyright_summary.go -out /tmp/old.json
# Run after the CL
git grep -l Copyright | xargs go run ./util/copyright_summary.go -compare /tmp/old.json
Bug: 364634028
Change-Id: I17c50e761e9d077a1f92e25969e50ed35e320c59
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/75852
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Following the guidance in
https://opensource.google/documentation/reference/releasing/authors,
start maintaining an AUTHORS file.
Update all existing Google copyright lines to 'The BoringSSL Authors'
per the document. This CL also changes the styling to match the new
guidance: removed the '(c)' and the comma.
All other existing copyright lines are left unmodified. Going forward,
our preference will be that new contributions to BoringSSL use 'The
BoringSSL Authors', optionally adding to the AUTHORS file if the
contributor desires.
To avoid being presumptuous, this CL does *not* proactively list every
past contributor in the BoringSSL half of the AUTHORS file. Past
contributors are welcome to send us a patch to be added, or request that
we add you. (Listed or not, the commit log continues to be a more
accurate record, and any existing non-Google copyright lines were left
unmodified.)
The OpenSSL half of the AUTHORS file is seeded with the contents of the
current OpenSSL AUTHORS file, as of writing. The current contents in the
latest revision of the 1.1.1 branch
(b372b1f76450acdfed1e2301a39810146e28b02c) and master
(d992e8729ee38b082482dc010e090bb20d1c7bd5) are identical, just formatted
in text vs Markdown.
Note when reviewing: CONTRIBUTING.md and AUTHORS contain non-mechanical
changes.
Bug: 364634028
Change-Id: I319d0ee63ec021ad85e248e8e3304b9cf9566681
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74149
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
BoringSSL is a "live at head" project and does not make release
branches and thus releases.
However, some systems cannot consume git revisions and expect git tags.
In Bazel Central Registry's case, the toolchain is suspicious of
non-"release" archives of
https://github.blog/open-source/git/update-on-the-future-stability-of-source-code-archives-and-hashes/
To accommodate such systems, let's start periodically tagging snapshots
as "releases". These versions do not represent any kind of stability or
development milestone. BoringSSL does not branch at these releases and
will not cherry-pick bugfixes to them. Unless there is a technical
constraint to use one of these revisions, projects should simply use the
latest revision when updating.
Also, so that cutting such revisions is less tedious, probably the
simplest is to set MODULE.bazel's version field in HEAD to whatever the
last revision was. The process will then be:
1. Bump MODULE.bazel's version
2. Create a git tag
3. Create a GitHub "release"
4. Kick off a BCR update
All that mess will ideally be automated, but for now we'll drive that
manually. Update INCORPORATING.md to explain these tags, and also to
discuss the new pregenerated build files.
Versioning scheme is chosen as 0.YYYYMMDD.N so that:
- It is deterministic from the date
- It begins with zero lest anyone misinterpret these as semver versions
- We have a digit at the end to bump when we need to cut two revisions
in one day
Change-Id: Ie256a5f0f7eaac5928b537c75f82402c934f9fc3
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71227
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Apparently Bazel has deprecated the built-in licenses() command and now
expects you to pull in an external package. I think I've gotten this
right?
Since our new BUILD.bazel file is actually referenced by the old
-with-bazel branch, this new dependency also needs to work there. That
is still using the legacy WORKSPACE system, but I got that working there
too, I think. However, as the legacy WORKSPACE system does not consider
recursive dependencies, anyone using it and updating BoringSSL will need
to, in turn, update their WORKSPACE file on update.
Fixed: 365824757
Change-Id: I7b49f33d628cec2ec07a47f0e31f16765d0f532a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71147
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Ben Lawson <benlawson@google.com>
Reviewed-by: Adam Langley <agl@google.com>
In principle, googletest is only needed for tests and could be a
dev_dependency. But it would then be impossible for downstream modules
to run BoringSSL's tests. The downstream module provides the toolchain,
so we may need to request they run tests when triaging issues. If
https://github.com/bazelbuild/bazel/issues/22187 is ever fixed, we can
change this.
With this change, the following works:
cd util/bazel-example
bazelisk test @boringssl//:crypto_test
Change-Id: Ied2276047de134883d6b61b0789f3c7bfcaad669
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68127
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Now that we can generate build files, we can actually maintain a Bazel
build in HEAD, without synthesizing a separate "-with-bazel" branch.
(Though we'll still need both for a transition, and until all the other
build modes have migrated.) Note this has a slightly different directory
structure than the old -with-bazel branch. But the targets are the same
and #include <openssl/whatever.h> still works, so hopefully it's
compatible.
For now, I'm only setting this up with the new bzlmod scheme. Also since
pulling in googletest is much less tedious with bzlmod, I've wired up
tests and everything.
https://bazel.build/external/overview#bzlmod
To build, run commands like:
bazelisk build ...
bazelisk test ...
bazelisk run :bssl
The thinking is we can also go add this to CI and whatnot.
This is also intended to replace the boringssl module in the
bazel-central-registry which someone else set up already. To ease the
transition, I've seeded the compatibility_level value with theirs. (I
think we want to never bump it. Although we don't do SemVer, I think
bzlmod's MVS version selection scheme is generally reasonable. Bumping
it just introduces hiccups into the update process where projects need
to coordinate updates, and we do not want that.)
I wasn't clear on what to put in the version field in the tree, so I
just went with 0.0.0-dev so we don't have to change it, but it's still
vaguely analogous to the versions already in there.
As part of this, I've added support for Bazel's runfiles mechanism in
crypto/test/test_data.cc. This is completely undocumented and I had to
figure out how it works by guessing, but I believe this is the
officially supported way to make cc_test(data = ...) work? The official
documentation says to use devtools_build::GetDataDependencyFilepath, but
that API does not exist in the first place. I've also made it build with
C++17 for now, so we can build libpki, but C++14 consumers should still
be able to use this module, just not build libpki.
To that end, one difference between this and the old module is that we
no longer specify the C++ version in the build. From what I can tell,
Bazel does *not* want libraries to set the C/C++ version and prefers it
only come from the root. Unfortunately, they provide zero tools to
effectively manage this. I've followed this pattern for C++ versions, as
we can assume that Bazel projects are very aware of their C++ version,
but I've explicitly ignored it for the C version. Projects tend not to
change ABIs by C version, so it should be fine to set it internally.
For context when reviewing, the unreadable MODULE.bazel.lock is
automatically generated. I think the idea is that subsequent diffs will
be more readable??
Bug: 542
Change-Id: I88f68b2602a75f58cc6d18832a956f01dc054f58
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67301
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
