Closed howardjohn closed 1 year ago
I have an M2 Mac and could work on this
Isn't this a dupe of #1 ?
Could be. I have an intel mac I can try to confirm if its MacOS or M1/ARM that's the issue.
ARM could also be for something like graviton support not just m1/macos as well
Allow developers using arm machines to contribute. May also be required in some production environments.
we can also consider an approach similar to github.com/cloudflare/quiche, where we embed boring in this crate, so we don't need to set env vars for dependant crates (so that users won't need to remove the env vars manually, as specified in the readme) https://github.com/cloudflare/quiche/blob/master/quiche/src/build.rs
@yuval-k Thx for the hint - quiche's strategy unfortunately doesn't work with boring 2.1.0
- only with 2.0.0
, due to changes in build.rs
for boring-sys
which seem to break the ability to conditionally vendor binaries: https://github.com/cloudflare/boring/blob/master/boring-sys/build.rs#L330
Additionally, the build.rs
mechanism boring-sys
is using to auto-build boringssl
doesn't seem to work if you install boring-sys
as a normal Cargo dep - only as a Gitref dep.
Seems as if realistically we either
clang
versions in their env by default.Neither option is particularly compelling.
Third option is we write a build.sh
wrapper, I guess.
Adding this as a ref - https://github.com/cloudflare/boring/pull/97
A clang environmental dep in our build-tools
might be a reasonable workaround once that is in upstream - our current build-tools
image is too new for clang-7
, which is what the pinned version of boringssl
that boring-sys
tries to autobuild (when installed as a Gitref dep via cargo) currently requires.
When that merges we should be good with
Installing clang-12
in our build-tools
image - clang 12 is available for both arm64 and amd64 in our current build image distro, at least.
Adding boring-sys
as a Gitref patch dep in cargo.toml
:
[patch.crates-io]
boring-sys = { git = "https://github.com/cloudflare/boring", tag = "v2.1.0" }
Letting boring-sys
build the fips/non-fips binaries itself, respecting the host arch.
EDIT: Oh right, that's what this is: https://github.com/istio/ztunnel/blob/master/vendor/boringssl-fips/linux_x86_64/Dockerfile.v1 - because the Ubuntu clang is v12, but the minor version is different, so it's not a blessed FIPS version.
Currently, the build fails since we use the FIPS boringssl which only works on amd64.
Even with the FIPS disabled though, still getting issues around
poly_rq_mul.S
that we will need to resolve