-
Notifications
You must be signed in to change notification settings - Fork 68
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit adds cross-compilation for the TPM provider and moves all the cross-compilation into a dedicated Docker container. Signed-off-by: Ionut Mihalcea <[email protected]>
- Loading branch information
Showing
8 changed files
with
144 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| # Copyright 2021 Contributors to the Parsec project. | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| # Cross compile the tpm2-tss library (and its dependencies) for a given target | ||
| # In order to cross-compile the TSS library we need to also cross-compile OpenSSL | ||
|
|
||
| set -xeuf -o pipefail | ||
|
|
||
| # Prepare directory for cross-compiled OpenSSL files | ||
| mkdir -p /tmp/$1 | ||
| export INSTALL_DIR=/tmp/$1 | ||
|
|
||
| pushd /tmp/openssl | ||
| # Compile and copy files over | ||
| ./Configure $2 shared --prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl --cross-compile-prefix=$1- | ||
| make clean | ||
| make depend | ||
| make -j$(nproc) | ||
| make install | ||
| popd | ||
|
|
||
| unset INSTALL_DIR | ||
|
|
||
| # Prepare directory for cross-compiled TSS lib | ||
| # `DESTDIR` is used in `make install` below to set the root of the installation paths. | ||
| # The `./configure` script accepts a `--prefix` input variable which sets the same root, | ||
| # but also adds it to the paths in `.pc` files used by `pkg-config`. This prevents the | ||
| # use of `PKG_CONFIG_SYSROOT_DIR`. | ||
| export DESTDIR=/tmp/$1 | ||
|
|
||
| pushd /tmp/tpm2-tss | ||
| # Compile and copy files over | ||
| ./bootstrap | ||
| ./configure --build=x86_64-pc-linux-gnu --host=$1 CC=$1-gcc \ | ||
| LIBCRYPTO_CFLAGS="-I/tmp/$1/include" LIBCRYPTO_LIBS="-L/tmp/$1/lib -lcrypto" | ||
| make clean | ||
| make -j$(nproc) | ||
| make install | ||
| popd | ||
|
|
||
| unset DESTDIR |
2 changes: 2 additions & 0 deletions
2
e2e_tests/docker_image/Dockerfile → ..._image/parsec-service-test-all.Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
e2e_tests/docker_image/parsec-service-test-cross-compile.Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # Copyright 2021 Contributors to the Parsec project. | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| FROM ghcr.io/parallaxsecond/parsec-service-test-all | ||
|
|
||
| # Install cross-compilers | ||
| RUN apt install -y gcc-multilib | ||
| RUN apt install -y gcc-arm-linux-gnueabihf | ||
| RUN apt install -y gcc-aarch64-linux-gnu | ||
| RUN apt install -y gcc-i686-linux-gnu libc6-dev-i386 | ||
|
|
||
| WORKDIR /tmp | ||
|
|
||
| # Get OpenSSL source code | ||
| ENV OPENSSL_VERSION="OpenSSL_1_1_1j" | ||
| RUN git clone https://github.com/openssl/openssl.git --branch $OPENSSL_VERSION | ||
|
|
||
| # Get TPM2 TSS source code | ||
| ENV TPM2_TSS_VERSION="2.3.3" | ||
| RUN git clone https://github.com/tpm2-software/tpm2-tss --branch $TPM2_TSS_VERSION | ||
|
|
||
| # Copy TSS cross-compilation script | ||
| COPY cross-compile-tss.sh /tmp/ | ||
| # Cross-compile TPM2 TSS and OpenSSL for Linux on aarch64 | ||
| RUN ./cross-compile-tss.sh aarch64-linux-gnu linux-generic64 | ||
| # Cross-compile TPM2 TSS and OpenSSL for Linux on armv7 | ||
| RUN ./cross-compile-tss.sh arm-linux-gnueabihf linux-generic32 | ||
| # Cross-compile TPM2 TSS and OpenSSL for Linux on i686 | ||
| RUN ./cross-compile-tss.sh i686-linux-gnu linux-generic32 | ||
|
|
||
| RUN rustup target add armv7-unknown-linux-gnueabihf | ||
| RUN rustup target add aarch64-unknown-linux-gnu | ||
| RUN rustup target add i686-unknown-linux-gnu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| # Copyright 2021 Contributors to the Parsec project. | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| set -xeuf -o pipefail | ||
|
|
||
| # Allow the `pkg-config` crate to cross-compile | ||
| export PKG_CONFIG_ALLOW_CROSS=1 | ||
| # Make the `pkg-config` crate use our wrapper | ||
| export PKG_CONFIG=$(pwd)/test/pkg-config | ||
|
|
||
| # Set the SYSROOT used by pkg-config | ||
| export SYSROOT=/tmp/arm-linux-gnueabihf | ||
| # Add the correct libcrypto to the linking process | ||
| export RUSTFLAGS="-lcrypto -L/tmp/arm-linux-gnueabihf/lib" | ||
| cargo build --features "pkcs11-provider, mbed-crypto-provider, tpm-provider, all-authenticators" --target armv7-unknown-linux-gnueabihf | ||
|
|
||
| export SYSROOT=/tmp/aarch64-linux-gnu | ||
| export RUSTFLAGS="-lcrypto -L/tmp/aarch64-linux-gnu/lib" | ||
| cargo build --features "pkcs11-provider, mbed-crypto-provider, tpm-provider, all-authenticators" --target aarch64-unknown-linux-gnu | ||
|
|
||
| # This is needed because for some reason the i686/i386 libs aren't picked up if we don't toss them around just before... | ||
| apt install libc6-dev-i386-amd64-cross | ||
| export SYSROOT=/tmp/i686-linux-gnu | ||
| export RUSTFLAGS="-lcrypto -L/tmp/i686-linux-gnu/lib" | ||
| cargo build --features "pkcs11-provider, mbed-crypto-provider, tpm-provider, all-authenticators, tss-esapi/generate-bindings" --target i686-unknown-linux-gnu |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| #!/bin/sh | ||
|
|
||
| export PKG_CONFIG_PATH= | ||
| export PKG_CONFIG_LIBDIR=$(SYSROOT)/lib/pkgconfig:${SYSROOT}/usr/lib/pkgconfig:${SYSROOT}/usr/share/pkgconfig:$(SYSROOT)/usr/local/lib/pkgconfig | ||
| export PKG_CONFIG_SYSROOT_DIR=${SYSROOT} | ||
|
|
||
| exec pkg-config "$@" |