FIPS (#267)

awslabs · Mar 12, 2024 · 36ef287 · 36ef287
1 parent decf7aa
commit 36ef287
Show file tree

Hide file tree

Showing 8 changed files with 120 additions and 8 deletions.
diff --git a/.github/docker-images/alpine-3.16-arm64/Dockerfile b/.github/docker-images/alpine-3.16-arm64/Dockerfile
@@ -18,7 +18,8 @@ RUN apk add \
     ca-certificates \
     cmake \
     bash \
-    aws-cli
+    aws-cli \
+    perl-strictures
 
 WORKDIR /tmp
 

diff --git a/.github/docker-images/alpine-3.16-x64/Dockerfile b/.github/docker-images/alpine-3.16-x64/Dockerfile
@@ -18,7 +18,8 @@ RUN apk add \
     ca-certificates \
     cmake \
     bash \
-    aws-cli
+    aws-cli \
+    perl-strictures
 
 WORKDIR /tmp
 

diff --git a/.github/docker-images/openwrt-x64-openjdk8/Dockerfile b/.github/docker-images/openwrt-x64-openjdk8/Dockerfile
@@ -7,7 +7,7 @@ RUN mkdir -p /usr/local/bin
 RUN opkg update
 
 # packages in openwrt
-RUN opkg install git-http ca-bundle curl python3 python3-pip gcc make bash sudo
+RUN opkg install git-http ca-bundle curl python3 python3-pip gcc make bash sudo perl
 
 # packages we have to get from alpine
 
@@ -27,7 +27,7 @@ RUN tar -xzf apk-tools-static-2.12.9-r3.apk
 RUN ./sbin/apk.static -X http://dl-cdn.alpinelinux.org/alpine/v3.16/main -X http://dl-cdn.alpinelinux.org/alpine/v3.16/community -U --allow-untrusted --initdb add cmake openjdk8 maven aws-cli
 
 # stub libraries for stuff we unconditionally link; functionality is all actually in musl already
-# long term we might want to make our recognition better, but this is a blocker for the s2n build 
+# long term we might want to make our recognition better, but this is a blocker for the s2n build
 RUN ar -rc /usr/lib/libpthread.a
 RUN ar -rc /usr/lib/libdl.a
 RUN ar -rc /usr/lib/librt.a

diff --git a/.github/docker-images/ubuntu-18-x64/Dockerfile b/.github/docker-images/ubuntu-18-x64/Dockerfile
@@ -24,6 +24,12 @@ RUN apt-get update -qq \
     ca-certificates \
     && apt-get clean
 
+# Add the longsleep/golang-backports PPA
+RUN apt-get update && apt-get install -y software-properties-common && add-apt-repository ppa:longsleep/golang-backports && apt-get update
+
+# Install Go from the PPA
+RUN apt-get install -y golang-go
+
 ###############################################################################
 # Python/AWS CLI
 ###############################################################################

diff --git a/.github/docker-images/ubuntu-20-x64/Dockerfile b/.github/docker-images/ubuntu-20-x64/Dockerfile
@@ -20,6 +20,12 @@ RUN apt-get update -qq \
     ca-certificates \
     && apt-get clean
 
+# Add the longsleep/golang-backports PPA
+RUN apt-get update && apt-get install -y software-properties-common && add-apt-repository ppa:longsleep/golang-backports && apt-get update
+
+# Install Go from the PPA
+RUN apt-get install -y golang-go
+
 ###############################################################################
 # Python/AWS CLI
 ###############################################################################

diff --git a/.github/docker-images/ubuntu-22-x64/Dockerfile b/.github/docker-images/ubuntu-22-x64/Dockerfile
@@ -18,6 +18,7 @@ RUN apt-get update -qq \
     software-properties-common \
     apt-transport-https \
     ca-certificates \
+    golang-go \
     && apt-get clean
 
 ###############################################################################

diff --git a/builder/actions/cmake.py b/builder/actions/cmake.py
@@ -103,7 +103,12 @@ def _project_dirs(env, project):
 def _build_project(env, project, cmake_extra, build_tests=False, args_transformer=None, coverage=False):
     sh = env.shell
     config = project.get_config(env.spec)
+    build_env = []
     toolchain = env.toolchain
+    if toolchain.cross_compile and 'go_path' in env.variables:
+        # We need to set the envrionment variable of GO_PATH for cross compile
+        build_env = ["GO_PATH={}\n".format(env.variables['go_path'])]
+
     # build dependencies first, let cmake decide what needs doing
     for dep in project.get_dependencies(env.spec):
         _build_project(env, dep, cmake_extra)
@@ -178,13 +183,11 @@ def _build_project(env, project, cmake_extra, build_tests=False, args_transforme
         cmake_args = args_transformer(env, project, cmake_args)
 
     # When cross compiling, we must inject the build_env into the cross compile container
-    build_env = []
     if toolchain.cross_compile:
-        build_env = ['{}={}\n'.format(key, val)
-                     for key, val in config.get('build_env', {}).items()]
+        build_env = build_env + ['{}={}\n'.format(key, val)
+                                 for key, val in config.get('build_env', {}).items()]
         with open(toolchain.env_file, 'a') as f:
             f.writelines(build_env)
-
     # set parallism via env var (cmake's --parallel CLI option doesn't exist until 3.12)
     if os.environ.get('CMAKE_BUILD_PARALLEL_LEVEL') is None:
         sh.setenv('CMAKE_BUILD_PARALLEL_LEVEL', str(os.cpu_count()))

diff --git a/builder/imports/golang.py b/builder/imports/golang.py
@@ -0,0 +1,94 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0.
+
+import os
+from pathlib import Path
+
+from builder.core.fetch import fetch_and_extract, mirror_package
+from builder.core.project import Import
+import builder.core.util as util
+from builder.core.host import current_platform
+
+URLs = {
+    'linux-armv6': 'https://go.dev/dl/go1.21.5.linux-armv6l.tar.gz',
+    'linux-armv7': 'https://go.dev/dl/go1.21.5.linux-armv6l.tar.gz',
+    'linux-armv8': 'https://go.dev/dl/go1.21.5.linux-arm64.tar.gz',
+    'linux-x86': 'https://go.dev/dl/go1.21.5.linux-386.tar.gz',
+    'linux-x64': 'https://go.dev/dl/go1.21.5.linux-amd64.tar.gz',
+    'openbsd-x64': 'https://go.dev/dl/go1.21.5.linux-amd64.tar.gz',
+    'windows-x64': 'https://go.dev/dl/go1.21.5.windows-amd64.zip',
+    'windows-x86': 'https://go.dev/dl/go1.21.5.windows-386.zip',
+    'macos-x64': 'https://go.dev/dl/go1.21.5.darwin-amd64.tar.gz',
+}
+
+
+class GOLANG(Import):
+    def __init__(self, **kwargs):
+        super().__init__(
+            config={},
+            **kwargs)
+        self.path = None
+        self.installed = False
+
+    def resolved(self):
+        return True
+
+    def install(self, env):
+        if self.installed:
+            return
+
+        sh = env.shell
+
+        target = '{}-{}'.format(env.spec.target, env.spec.arch)
+
+        cross_compile = util.deep_get(env, 'toolchain.cross_compile', False)
+
+        # If this is a local build, check the local machine
+        if not cross_compile or target not in URLs:
+            # run `go version`
+            result = util.run_command('go', 'version')
+            if result.returncode == 0:
+                # check the version, we need version >=1.18
+                version_str = result.output.split(" ")[2][2:]
+                version_numbers = list(map(int, version_str.split('.')))
+                compare_version_numbers = list(map(int, "1.18.0".split('.')))
+                if version_numbers >= compare_version_numbers:
+                    return
+
+        if target not in URLs:
+            raise EnvironmentError(
+                'No pre-built binaries for {} are available, please install golang greater than 1.18'.format(target))
+
+        install_dir = os.path.join(env.deps_dir, self.name.lower())
+        # If path is going to be relative, it has to be relative to the source directory
+        self.path = str(Path(install_dir).relative_to(env.root_dir))
+        print('Installing pre-built golang binaries for {} to {}'.format(
+            target, install_dir))
+
+        sh.mkdir(install_dir)
+        if cross_compile:
+            # If cross compile using the go execuble for current platform instead to codegen
+            url = URLs[current_platform()]
+        else:
+            url = URLs[target]
+        ext = '.tar.gz' if url.endswith('.tar.gz') else '.zip'
+        filename = '{}/golang{}'.format(install_dir, ext)
+        print('Downloading {}'.format(url))
+        fetch_and_extract(url, filename, install_dir)
+        os.remove(filename)
+
+        # Set PATH
+        if cross_compile:
+            # Path to go binary
+            env.variables['go_path'] = "/work/"+str(Path(os.path.join(install_dir, 'go/bin')
+                                                         ).relative_to(env.root_dir))
+        else:
+            # export the PATH directly if not cross compile.
+            # env.variables['go_path'] = '{}/go/bin'.format(install_dir)
+            sh.setenv('PATH', '{}{}{}'.format('{}/go/bin'.format(install_dir), os.pathsep, sh.getenv('PATH')))
+
+        self.installed = True
+
+    def mirror(self, env):
+        for src_url in URLs.values():
+            mirror_package(self.name, src_url)