unplugged-system/external/rust/beto-rust/nearby/scripts/build-script.sh

# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This script contains common functions which can be used to help when building
# specific components of the beto-rust repo. To load these into your environment
# run `source ./scripts/build-script.sh` Then run the functions from root
# This can also be sourced to help when writing further build scripts

export SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

# Use to generate headers for new source code files
gen_headers() {
  set -e
  $HOME/go/bin/addlicense -c "Google LLC" -l apache -ignore=**/android/build/** -ignore=target/** -ignore=**/target/** -ignore=".idea/*" -ignore=**/cmake-build/** -ignore="**/java/build/**" .
}

# Checks the workspace 3rd party crates and makes sure they have a valid license
check_crate_licenses(){
    set -e
    cd $SCRIPT_DIR/..
    cargo deny --workspace check
}

# Checks everything in beto-rust
check_everything(){
  set -e
  cd $SCRIPT_DIR/..
  check_license_headers
  check_workspace
  check_boringssl
  check_ldt_ffi
  build_fuzzers
}

# Checks everything included in the top level workspace
check_workspace(){
  set -e
  cd $SCRIPT_DIR/..
  # ensure formatting is correct (Check for it first because it is fast compared to running tests)
  cargo fmt --check
  # make sure everything compiles
  cargo check --workspace --all-targets
  # run all the tests
  cargo test --workspace --quiet
  # ensure the docs are valid (cross-references to other code, etc)
  cargo doc --workspace --no-deps
  cargo clippy --all-targets
  cargo deny --workspace check
  # Check the build for targets without using RustCrypto dependencies
  cargo check --features=openssl --no-default-features
}

# Checks that the license auditing tool is installed and that all source files in the project contain the needed headers
check_license_headers() {
  set -e
  cd $SCRIPT_DIR/..
  # install location for those following the default instructions
  ADDLICENSE="$HOME/go/bin/addlicense"
  if [ ! -x "$ADDLICENSE" ]; then
    # if not in the default place, assume it's in PATH
    ADDLICENSE="addlicense"
  fi

  # see README for instructions on setting up addlicense tool
  if ($ADDLICENSE -h >/dev/null 2>&1); then
    echo "Add license is already installed"
  else
    echo "ERROR: addlicense tool is not installed, see instructions in README"
    exit 1
  fi

  if $ADDLICENSE -check \
      -ignore="**/android/build/**" \
      -ignore="target/**" \
      -ignore="**/target/**" \
      -ignore="**/.idea/**" \
      -ignore="**/cmake-build/**" \
      -ignore="**/java/build/**" \
      -ignore="**/java/*/build/**" \
      .; then
    echo "License header check succeeded!"
  else
    echo "ERROR: License header missing for above files"
    exit 1
  fi
}

# Build all fuzz targets
build_fuzzers() {
  set -e
  cd $SCRIPT_DIR/..
  # rust fuzzers
  for fuzzed_crate in presence/xts_aes presence/ldt presence/ldt_np_adv connections/ukey2/ukey2_connections; do
    (cd "$fuzzed_crate" && cargo +nightly fuzz build)
  done

  # ffi fuzzers
  rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build
  (cd presence/ldt_np_adv_ffi_fuzz && mkdir -p cmake-build && cd cmake-build && cmake ../.. -DENABLE_FUZZ=true && make)
  rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build
}

# Builds and runs all tests for all combinations of features for the LDT FFI
check_ldt_ffi() {
  set -e
  cd $SCRIPT_DIR/..
  # We need to handle ldt_np_adv_ffi separately since it requires the nightly toolchain
  cd presence/ldt_np_adv_ffi
  cargo fmt --check
  cargo check
  # Default build, RustCrypto + no_std
  cargo build --release
  # Turn on std, still using RustCrypto
  cargo build --features=std
  # Turn off default features and try to build with std
  cargo build --no-default-features --features=std
  # Turn off RustCrypto and use openssl
  cargo build --no-default-features --features=openssl
  # Turn off RustCrypto and use boringssl
  cargo build --no-default-features --features=boringssl
  cargo doc --no-deps
  cargo clippy --release
  cargo clippy --features=std
  cargo clippy --no-default-features --features=openssl
  cargo clippy --no-default-features --features=boringssl
  cargo clippy --no-default-features --features=std
  cargo deny check
  cd ../

  # build C/C++ samples, tests, and benches
  mkdir -p cmake-build && cd cmake-build
  cmake .. -DENABLE_TESTS=true
  make

  # test with default build settings (rustcrypto, no_std)
  echo "Testing default features (no_std + rustcrypto)"
  (cd ../ldt_np_adv_ffi && cargo build --release)
  (cd ldt_np_c_sample/tests && ctest)

  # test with std
  echo "Testing std feature flag"
  (cd ../ldt_np_adv_ffi && cargo build --features std --release)
  (cd ldt_np_c_sample/tests && make && ctest)

  # test with boringssl crypto feature flag
  echo "Testing boringssl"
  (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features boringssl --release)
  (cd ldt_np_c_sample/tests && make && ctest)

  # test with openssl feature flag
  echo "Testing openssl"
  (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features openssl --release)
  (cd ldt_np_c_sample/tests && make && ctest)

  # test with std feature flag
  echo "Testing std with no default features"
  (cd ../ldt_np_adv_ffi && cargo build --no-default-features --features std --release)
  (cd ldt_np_c_sample/tests && make && ctest)
  cd ../
}

# Clones boringssl and uses bindgen to generate the rust crate, applies AOSP
# specific patches to the 3p `openssl` crate so that it can use a bssl backend
prepare_boringssl() {
  set -e
  cd $SCRIPT_DIR/../..
  projectroot=$PWD
  mkdir -p boringssl-build && cd boringssl-build

  if ! git -C boringssl pull origin master; then
    git clone https://boringssl.googlesource.com/boringssl
  fi
  cd boringssl && mkdir -p build && cd build
  target=$(rustc -vV | awk '/host/ { print $2 }')
  cmake -G Ninja .. -DRUST_BINDINGS="$target" && ninja
  # A valid Rust crate is built under `boringssl-build/boringssl/build/rust/bssl-sys`

  cd $projectroot/boringssl-build
  rm -Rf rust-openssl
  git clone https://github.com/sfackler/rust-openssl.git
  git -C rust-openssl checkout 11797d9ecb73e94b7f55a49274318abc9dc074d2
  git -C rust-openssl branch -f BASE_COMMIT
  git -C rust-openssl am $projectroot/nearby/scripts/openssl-patches/*.patch

  cd $projectroot/nearby

  cat <<'EOF' >&2
==========
Preparation complete. The required repositories are downloaded to `beto-rust/boringssl-build`. If
you need to go back to a clean state, you can remove that directory and rerun this script.

You can now build and test with boringssl using the following command
  `cargo --config .cargo/config-boringssl.toml test -p crypto_provider* --features=boringssl,std`
==========
EOF
  echo
}

# Checks the build and tests for all boringssl related deps
# crypto_provider_openssl is used on AOSP
# crypto_provider_boringssl is used on Chromium
# And we want to verify that both of these are tested in our own repo
check_boringssl() {
  set -e
  cd $SCRIPT_DIR/../..
  # clones boringssl and uses bindgen to generate the sys bindings
  prepare_boringssl

  # test the openssl crate with the boringssl feature
  cargo --config .cargo/config-boringssl.toml test -p crypto_provider_openssl --features=boringssl

  # test the crypto_provider built on the new bssl crate
  cd crypto/crypto_provider_boringssl
  cargo check
  cargo fmt --check
  cargo clippy --all-targets
  cargo test
  cargo doc --no-deps
  cd ../../
}

# Helper for setting up dependencies on the build machine
setup_kokoro_macos () {
  set -e
  go install github.com/google/addlicense@latest
  curl https://sh.rustup.rs -sSf | sh -s -- -y --no-modify-path --default-toolchain 1.68.0
  cargo install --locked cargo-deny --color never 2>&1
  source "$HOME/.cargo/env"
  rustup install nightly
  brew install rapidjson google-benchmark ninja bindgen

  # Unfortunately CMake is not smart enough to find this on its own, even though
  # it is in fact there by default on the build machines
  export OPENSSL_ROOT_DIR="/usr/local/opt/openssl@3"
}
Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00			`# Copyright 2022 Google LLC`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`# This script contains common functions which can be used to help when building`
			`# specific components of the beto-rust repo. To load these into your environment`
			# run `source ./scripts/build-script.sh` Then run the functions from root
			`# This can also be sourced to help when writing further build scripts`

			`export SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )`

			`# Use to generate headers for new source code files`
			`gen_headers() {`
			`set -e`
			`$HOME/go/bin/addlicense -c "Google LLC" -l apache -ignore=/android/build/ -ignore=target/ -ignore=/target/** -ignore=".idea/" -ignore=/cmake-build/* -ignore="/java/build/" .`
			`}`

			`# Checks the workspace 3rd party crates and makes sure they have a valid license`
			`check_crate_licenses(){`
			`set -e`
			`cd $SCRIPT_DIR/..`
			`cargo deny --workspace check`
			`}`

			`# Checks everything in beto-rust`
			`check_everything(){`
			`set -e`
			`cd $SCRIPT_DIR/..`
			`check_license_headers`
			`check_workspace`
			`check_boringssl`
			`check_ldt_ffi`
			`build_fuzzers`
			`}`

			`# Checks everything included in the top level workspace`
			`check_workspace(){`
			`set -e`
			`cd $SCRIPT_DIR/..`
			`# ensure formatting is correct (Check for it first because it is fast compared to running tests)`
			`cargo fmt --check`
			`# make sure everything compiles`
			`cargo check --workspace --all-targets`
			`# run all the tests`
			`cargo test --workspace --quiet`
			`# ensure the docs are valid (cross-references to other code, etc)`
			`cargo doc --workspace --no-deps`
			`cargo clippy --all-targets`
			`cargo deny --workspace check`
			`# Check the build for targets without using RustCrypto dependencies`
			`cargo check --features=openssl --no-default-features`
			`}`

			`# Checks that the license auditing tool is installed and that all source files in the project contain the needed headers`
			`check_license_headers() {`
			`set -e`
			`cd $SCRIPT_DIR/..`
			`# install location for those following the default instructions`
			`ADDLICENSE="$HOME/go/bin/addlicense"`
			`if [ ! -x "$ADDLICENSE" ]; then`
			`# if not in the default place, assume it's in PATH`
			`ADDLICENSE="addlicense"`
			`fi`

			`# see README for instructions on setting up addlicense tool`
			`if ($ADDLICENSE -h >/dev/null 2>&1); then`
			`echo "Add license is already installed"`
			`else`
			`echo "ERROR: addlicense tool is not installed, see instructions in README"`
			`exit 1`
			`fi`

			`if $ADDLICENSE -check \`
			`-ignore="/android/build/" \`
			`-ignore="target/**" \`
			`-ignore="/target/" \`
			`-ignore="/.idea/" \`
			`-ignore="/cmake-build/" \`
			`-ignore="/java/build/" \`
			`-ignore="*/java//build/**" \`
			`.; then`
			`echo "License header check succeeded!"`
			`else`
			`echo "ERROR: License header missing for above files"`
			`exit 1`
			`fi`
			`}`

			`# Build all fuzz targets`
			`build_fuzzers() {`
			`set -e`
			`cd $SCRIPT_DIR/..`
			`# rust fuzzers`
			`for fuzzed_crate in presence/xts_aes presence/ldt presence/ldt_np_adv connections/ukey2/ukey2_connections; do`
			`(cd "$fuzzed_crate" && cargo +nightly fuzz build)`
			`done`

			`# ffi fuzzers`
			`rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build`
			`(cd presence/ldt_np_adv_ffi_fuzz && mkdir -p cmake-build && cd cmake-build && cmake ../.. -DENABLE_FUZZ=true && make)`
			`rm -Rf presence/ldt_np_adv_ffi_fuzz/cmake-build`
			`}`

			`# Builds and runs all tests for all combinations of features for the LDT FFI`
			`check_ldt_ffi() {`
			`set -e`
			`cd $SCRIPT_DIR/..`
			`# We need to handle ldt_np_adv_ffi separately since it requires the nightly toolchain`
			`cd presence/ldt_np_adv_ffi`
			`cargo fmt --check`
			`cargo check`
			`# Default build, RustCrypto + no_std`
			`cargo build --release`
			`# Turn on std, still using RustCrypto`
			`cargo build --features=std`
			`# Turn off default features and try to build with std`
			`cargo build --no-default-features --features=std`
			`# Turn off RustCrypto and use openssl`
			`cargo build --no-default-features --features=openssl`
			`# Turn off RustCrypto and use boringssl`
			`cargo build --no-default-features --features=boringssl`
			`cargo doc --no-deps`
			`cargo clippy --release`
			`cargo clippy --features=std`
			`cargo clippy --no-default-features --features=openssl`
			`cargo clippy --no-default-features --features=boringssl`
			`cargo clippy --no-default-features --features=std`
			`cargo deny check`
			`cd ../`

			`# build C/C++ samples, tests, and benches`
			`mkdir -p cmake-build && cd cmake-build`
			`cmake .. -DENABLE_TESTS=true`
			`make`

			`# test with default build settings (rustcrypto, no_std)`
			`echo "Testing default features (no_std + rustcrypto)"`
			`(cd ../ldt_np_adv_ffi && cargo build --release)`
			`(cd ldt_np_c_sample/tests && ctest)`

			`# test with std`
			`echo "Testing std feature flag"`
			`(cd ../ldt_np_adv_ffi && cargo build --features std --release)`
			`(cd ldt_np_c_sample/tests && make && ctest)`

			`# test with boringssl crypto feature flag`
			`echo "Testing boringssl"`
			`(cd ../ldt_np_adv_ffi && cargo build --no-default-features --features boringssl --release)`
			`(cd ldt_np_c_sample/tests && make && ctest)`

			`# test with openssl feature flag`
			`echo "Testing openssl"`
			`(cd ../ldt_np_adv_ffi && cargo build --no-default-features --features openssl --release)`
			`(cd ldt_np_c_sample/tests && make && ctest)`

			`# test with std feature flag`
			`echo "Testing std with no default features"`
			`(cd ../ldt_np_adv_ffi && cargo build --no-default-features --features std --release)`
			`(cd ldt_np_c_sample/tests && make && ctest)`
			`cd ../`
			`}`

			`# Clones boringssl and uses bindgen to generate the rust crate, applies AOSP`
			# specific patches to the 3p `openssl` crate so that it can use a bssl backend
			`prepare_boringssl() {`
			`set -e`
			`cd $SCRIPT_DIR/../..`
			`projectroot=$PWD`
			`mkdir -p boringssl-build && cd boringssl-build`

			`if ! git -C boringssl pull origin master; then`
			`git clone https://boringssl.googlesource.com/boringssl`
			`fi`
			`cd boringssl && mkdir -p build && cd build`
			`target=$(rustc -vV \| awk '/host/ { print $2 }')`
			`cmake -G Ninja .. -DRUST_BINDINGS="$target" && ninja`
			# A valid Rust crate is built under `boringssl-build/boringssl/build/rust/bssl-sys`

			`cd $projectroot/boringssl-build`
			`rm -Rf rust-openssl`
			`git clone https://github.com/sfackler/rust-openssl.git`
			`git -C rust-openssl checkout 11797d9ecb73e94b7f55a49274318abc9dc074d2`
			`git -C rust-openssl branch -f BASE_COMMIT`
			`git -C rust-openssl am $projectroot/nearby/scripts/openssl-patches/*.patch`

			`cd $projectroot/nearby`

			`cat <<'EOF' >&2`
			`==========`
			Preparation complete. The required repositories are downloaded to `beto-rust/boringssl-build`. If
			`you need to go back to a clean state, you can remove that directory and rerun this script.`

			`You can now build and test with boringssl using the following command`
			`cargo --config .cargo/config-boringssl.toml test -p crypto_provider* --features=boringssl,std`
			`==========`
			`EOF`
			`echo`
			`}`

			`# Checks the build and tests for all boringssl related deps`
			`# crypto_provider_openssl is used on AOSP`
			`# crypto_provider_boringssl is used on Chromium`
			`# And we want to verify that both of these are tested in our own repo`
			`check_boringssl() {`
			`set -e`
			`cd $SCRIPT_DIR/../..`
			`# clones boringssl and uses bindgen to generate the sys bindings`
			`prepare_boringssl`

			`# test the openssl crate with the boringssl feature`
			`cargo --config .cargo/config-boringssl.toml test -p crypto_provider_openssl --features=boringssl`

			`# test the crypto_provider built on the new bssl crate`
			`cd crypto/crypto_provider_boringssl`
			`cargo check`
			`cargo fmt --check`
			`cargo clippy --all-targets`
			`cargo test`
			`cargo doc --no-deps`
			`cd ../../`
			`}`

			`# Helper for setting up dependencies on the build machine`
			`setup_kokoro_macos () {`
			`set -e`
			`go install github.com/google/addlicense@latest`
			`curl https://sh.rustup.rs -sSf \| sh -s -- -y --no-modify-path --default-toolchain 1.68.0`
			`cargo install --locked cargo-deny --color never 2>&1`
			`source "$HOME/.cargo/env"`
			`rustup install nightly`
			`brew install rapidjson google-benchmark ninja bindgen`

			`# Unfortunately CMake is not smart enough to find this on its own, even though`
			`# it is in fact there by default on the build machines`
			`export OPENSSL_ROOT_DIR="/usr/local/opt/openssl@3"`
			`}`