diff --git a/docker/Dockerfile b/docker/Dockerfile index b4bed0b..550a8d5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -32,11 +32,16 @@ RUN apt-get update && \ m4 \ libpcre3 \ libpcre3-dev \ - libyaml-dev + libyaml-dev \ + cmake \ + clang \ + ninja-build \ + libunwind-dev # LuaRocks - OpenSSL - OpenResty ARG LUAROCKS ARG OPENSSL +ARG BORINGSSL ARG OPENRESTY ARG KONG_NGX_MODULE ARG KONG_BUILD_TOOLS @@ -58,13 +63,36 @@ ENV LIBGMP_INSTALL=${BUILD_PREFIX}/libgmp ENV LIBNETTLE_INSTALL=${BUILD_PREFIX}/libnettle ENV LIBJQ_INSTALL=${BUILD_PREFIX}/libjq +# Go and go-pluginserver +ENV GO_VERSION=${GO_VERSION} +ENV GOROOT=${BUILD_PREFIX}/go +ENV GOPATH=${BUILD_PREFIX}/gopath +ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH +RUN mkdir -p ${GOROOT} ${GOPATH} + +RUN bash -c '[[ ! -z "${GO_VERSION}" ]]' && echo https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz && ( \ + curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \ + tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \ + rm /tmp/go.tar.gz ) || \ + echo "go is not required" + RUN mkdir -p ${BUILD_PREFIX} COPY build.sh ${BUILD_PREFIX} COPY silent ${BUILD_PREFIX}/silent RUN ${BUILD_PREFIX}/build.sh -ENV OPENSSL_DIR=${OPENSSL_INSTALL} -ENV OPENSSL_LIBDIR=${OPENSSL_INSTALL} +# if it's normal openssl +ENV OPENSSL_DIR=${BORINGSSL:-${OPENSSL_INSTALL}} +ENV OPENSSL_LIBDIR=${BORINGSSL:-${OPENSSL_INSTALL}} +ENV OPENSSL_INCDIR=${BORINGSSL:-${OPENSSL_INSTALL}/include} + +# if it's boringssl then +ENV OPENSSL_INSTALL=${BORINGSSL:+/work/boringssl-${BORINGSSL}/.openssl} +# unset OPENSSL_* env vars to use system libraries to build lua modules +# openresty is already built at this point, boringssl libs are correctly linked +ENV OPENSSL_DIR=${BORINGSSL:+/usr} +ENV OPENSSL_LIBDIR=${BORINGSSL:+} +ENV OPENSSL_INCDIR=${BORINGSSL:+} ENV PATH=$PATH:${OPENRESTY_INSTALL}/nginx/sbin:${OPENRESTY_INSTALL}/bin:${LUAROCKS_INSTALL}/bin ENV PATH=${OPENSSL_INSTALL}/bin:$PATH @@ -81,19 +109,6 @@ RUN apt-get update --fix-missing && \ iproute2 \ net-tools -# Go and go-pluginserver -ENV GO_VERSION=${GO_VERSION} -ENV GOROOT=${BUILD_PREFIX}/go -ENV GOPATH=${BUILD_PREFIX}/gopath -ENV PATH=$GOPATH/bin:${GOROOT}/bin:$PATH -RUN mkdir -p ${GOROOT} ${GOPATH} - -RUN [ ! -z ${GO_VERSION} ] && ( \ - curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o /tmp/go.tar.gz && \ - tar -xf /tmp/go.tar.gz -C ${GOROOT} --strip-components=1 && \ - rm /tmp/go.tar.gz ) || \ - echo "go is not required" - ENV KONG_GO_PLUGINSERVER_INSTALL=${BUILD_PREFIX}/gps ENV KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER} @@ -113,7 +128,7 @@ RUN [ ! -z ${KONG_GO_PLUGINSERVER} ] && ( \ # Test Enablement # --------------- # Add vegeta HTTP load testing tool for executing stress tests -RUN [ ! -z ${GO_VERSION} ] && ( \ +RUN [ ! -z "${GO_VERSION}" ] && ( \ go get -u github.com/tsenart/vegeta && \ vegeta -version ) || \ echo "go has not been installed; vegeta requires golang" @@ -121,6 +136,10 @@ RUN [ ! -z ${GO_VERSION} ] && ( \ RUN cpanm --notest Test::Nginx RUN cpanm --notest local::lib +RUN export + +RUN echo '###############' + COPY 42-kong-envs.sh /etc/profile.d/ WORKDIR /kong diff --git a/docker/build.sh b/docker/build.sh index fc2c696..7e0df11 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -95,7 +95,6 @@ function build { local flags=( "--prefix ${BUILD_PREFIX}" "--openresty ${OPENRESTY}" - "--openssl ${OPENSSL}" "--luarocks ${LUAROCKS}" ) @@ -115,6 +114,12 @@ function build { flags+=("--atc-router ${ATC_ROUTER}") fi + if [[ ! -z "${BORINGSSL}" ]]; then + flags+=("--ssl-provider boringssl") + flags+=("--boringssl ${BORINGSSL}") + fi + flags+=("--openssl ${OPENSSL}") + local after=() if version_lte $OPENSSL 1.0; then diff --git a/gojira.sh b/gojira.sh index 97262ff..ef72461 100755 --- a/gojira.sh +++ b/gojira.sh @@ -545,7 +545,7 @@ function image_name { if [[ -n $GOJIRA_IMAGE ]]; then return; fi # No supplied dependency versions - if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS ]] || [[ -z "${OPENSSL}${BORINGSSL}" ]] || [[ -z $OPENRESTY ]]; then # No supplied local kong path and kong prefix does not exist if [[ -z "$GOJIRA_LOC_PATH" && ! -d "$GOJIRA_KONGS/$PREFIX" ]]; then create_kong @@ -561,8 +561,9 @@ function image_name { LUAROCKS=${LUAROCKS:-$(req_find $req_file RESTY_LUAROCKS_VERSION)} OPENSSL=${OPENSSL:-$(req_find $req_file RESTY_OPENSSL_VERSION)} RESTY_EVENTS=${RESTY_EVENTS:-$(req_find $req_file RESTY_EVENTS_VERSION)} + BORINGSSL=${BORINGSSL:-$(req_find $req_file RESTY_BORINGSSL_VERSION)} KONG_NGX_MODULE=${KONG_NGX_MODULE:-$(req_find $req_file KONG_NGINX_MODULE_BRANCH)} - KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS_BRANCH)} + KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS_BRANCH:-$(req_find $req_file KONG_BUILD_TOOLS)} KONG_GO_PLUGINSERVER=${KONG_GO_PLUGINSERVER_VERSION:-$(req_find $req_file KONG_GO_PLUGINSERVER_VERSION)} KONG_LIBGMP=${GMP_VERSION:-$(req_find $req_file KONG_GMP_VERSION)} KONG_LIBNETTLE=${NETTLE_VERSION:-$(req_find $req_file KONG_DEP_NETTLE_VERSION)} @@ -580,28 +581,39 @@ function image_name { RESTY_EVENTS=${RESTY_EVENTS:-$(yaml_find $yaml_file RESTY_EVENTS_VERSION)} RESTY_WEBSOCKET=${RESTY_WEBSOCKET:-$(yaml_find $yaml_file RESTY_WEBSOCKET_VERSION)} ATC_ROUTER=${ATC_ROUTER:-$(yaml_find $yaml_file ATC_ROUTER_VERSION)} + BORINGSSL=${BORINGSSL:-$(yaml_find $yaml_file BORINGSSL)} fi - if [[ -z $LUAROCKS || -z $OPENSSL || -z $OPENRESTY ]]; then + if [[ -z $LUAROCKS || -z "${OPENSSL}${BORINGSSL}" || -z $OPENRESTY ]]; then err "${GOJIRA}: Could not guess version dependencies in" \ "$req_file or $yaml_file. " \ - "Specify versions as LUAROCKS, OPENSSL, and OPENRESTY envs" + "Specify versions as LUAROCKS, OPENSSL/BORINGSSL, and OPENRESTY envs" fi KONG_NGX_MODULE=${KONG_NGX_MODULE:-master} KONG_BUILD_TOOLS=${KONG_BUILD_TOOLS:-master} + ssl_provider="openssl-$OPENSSL" + if [[ -n $BORINGSSL ]]; then + ssl_provider="boringssl-$BORINGSSL" + fi + local components=( "luarocks-$LUAROCKS" "openresty-${OPENRESTY}" - "openssl-$OPENSSL" + "$ssl_provider" "knm-$KONG_NGX_MODULE" "kbt-$KONG_BUILD_TOOLS" ) + if [[ -n "$KONG_GO_PLUGINSERVER" ]] || [[ -n "$BORINGSSL" ]]; then + GO_VERSION=${GO_VERSION:-1.13.12} + components+=( + "go-$GO_VERSION" + ) + fi if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then GO_VERSION=${GO_VERSION:-1.13.12} components+=( - "go-$GO_VERSION" "gps-$KONG_GO_PLUGINSERVER" ) fi @@ -640,6 +652,11 @@ function image_name { "atc-router-${ATC_ROUTER}" ) fi + if [[ -n "$BORINGSSL" ]]; then + components+=( + "boring-ssl-${BORINGSSL}" + ) + fi read -r components_sha rest <<<"$(IFS="-" ; echo -n "${components[*]}" | sha1sum)" GOJIRA_IMAGE=gojira:$components_sha @@ -654,6 +671,8 @@ function build { "--label LUAROCKS=$LUAROCKS" "--build-arg OPENSSL=$OPENSSL" "--label OPENSSL=$OPENSSL" + "--build-arg BORINGSSL=$BORINGSSL" + "--label BORINGSSL=$BORINGSSL" "--build-arg OPENRESTY=$OPENRESTY" "--label OPENRESTY=$OPENRESTY" "--build-arg KONG_NGX_MODULE=$KONG_NGX_MODULE" @@ -663,11 +682,16 @@ function build { "--build-arg APT_MIRROR=$GOJIRA_APT_MIRROR" ) + ssl_provider=" * OpenSSL: $OPENSSL " + if [[ -n $BORINGSSL ]]; then + ssl_provider=" * BoringSSL: $BORINGSSL " + fi + >&2 echo "Building $GOJIRA_IMAGE" >&2 echo "" >&2 echo " Version info" >&2 echo "==========================" - >&2 echo " * OpenSSL: $OPENSSL " + >&2 echo "$ssl_provider" >&2 echo " * OpenResty: $OPENRESTY" >&2 echo " * LuaRocks: $LUAROCKS " >&2 echo " * Kong NM: $KONG_NGX_MODULE" @@ -701,14 +725,19 @@ function build { ) >&2 echo " * Resty Events: $RESTY_EVENTS" fi - if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then + + if [[ -n "$KONG_GO_PLUGINSERVER" ]] || [[ -n "$BORINGSSL" ]]; then BUILD_ARGS+=( "--build-arg GO_VERSION=$GO_VERSION" "--label GO_VERSION=$GO_VERSION" + ) + >&2 echo " * Go: $GO_VERSION" + fi + if [[ -n "$KONG_GO_PLUGINSERVER" ]]; then + BUILD_ARGS+=( "--build-arg KONG_GO_PLUGINSERVER=$KONG_GO_PLUGINSERVER" "--label KONG_GO_PLUGINSERVER=$KONG_GO_PLUGINSERVER" ) - >&2 echo " * Go: $GO_VERSION" >&2 echo " * Kong GPS: $KONG_GO_PLUGINSERVER" fi if [[ -n "$KONG_LIBGMP" ]]; then