From bdd136bbf3baf5aa566c6916f30ab807bb0d46d6 Mon Sep 17 00:00:00 2001 From: Wangchong Zhou Date: Fri, 19 Apr 2024 08:21:05 +0800 Subject: [PATCH 1/4] fix(build): hermetic install of files after build --- BUILD.bazel | 37 +- build/BUILD.bazel | 362 ++++++++++-------- build/build_system.bzl | 156 +++++++- build/libexpat/BUILD.libexpat.bazel | 3 +- build/luarocks/BUILD.luarocks.bazel | 2 +- build/luarocks/templates/luarocks_exec.sh | 2 +- build/openresty/BUILD.openresty.bazel | 21 +- .../atc_router/atc_router_repositories.bzl | 1 - .../openresty/brotli/brotli_repositories.bzl | 1 - build/openresty/openssl/openssl.bzl | 11 +- build/openresty/repositories.bzl | 8 +- build/openresty/wasmx/filters/BUILD.bazel | 14 - .../openresty/wasmx/filters/repositories.bzl | 1 + build/openresty/wasmx/wasmx_repositories.bzl | 4 +- build/package/nfpm.yaml | 6 + build/repositories.bzl | 17 +- .../fixtures/amazonlinux-2-amd64.txt | 23 +- .../fixtures/amazonlinux-2023-amd64.txt | 16 +- .../fixtures/amazonlinux-2023-arm64.txt | 10 +- .../fixtures/debian-10-amd64.txt | 22 +- .../fixtures/debian-11-amd64.txt | 20 +- .../fixtures/debian-12-amd64.txt | 16 +- .../explain_manifest/fixtures/el7-amd64.txt | 22 +- .../explain_manifest/fixtures/el8-amd64.txt | 20 +- .../explain_manifest/fixtures/el9-amd64.txt | 16 +- .../explain_manifest/fixtures/el9-arm64.txt | 10 +- .../fixtures/ubuntu-20.04-amd64.txt | 20 +- .../fixtures/ubuntu-22.04-amd64.txt | 16 +- .../fixtures/ubuntu-22.04-arm64.txt | 10 +- scripts/explain_manifest/suites.py | 2 +- 30 files changed, 530 insertions(+), 339 deletions(-) diff --git a/BUILD.bazel b/BUILD.bazel index d777e9ce443b..aac3609fcb95 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -123,6 +123,18 @@ config_setting( visibility = ["//visibility:public"], ) +config_setting( + name = "debug_linux_flag", + constraint_values = [ + "@platforms//os:linux", + ], + flag_values = { + ":debug": "true", + }, + visibility = ["//visibility:public"], +) + +# --//:brotli=true bool_flag( name = "brotli", build_setting_default = True, @@ -136,17 +148,6 @@ config_setting( visibility = ["//visibility:public"], ) -config_setting( - name = "debug_linux_flag", - constraint_values = [ - "@platforms//os:linux", - ], - flag_values = { - ":debug": "true", - }, - visibility = ["//visibility:public"], -) - # --//:licensing=false bool_flag( name = "licensing", @@ -258,6 +259,20 @@ config_setting( visibility = ["//visibility:public"], ) +# --//:skip_tools=false +bool_flag( + name = "skip_tools", + build_setting_default = False, +) + +config_setting( + name = "skip_tools_flag", + flag_values = { + ":skip_tools": "true", + }, + visibility = ["//visibility:public"], +) + ##### constraints, platforms and config_settings for cross-compile constraint_setting(name = "cross_build_setting") diff --git a/build/BUILD.bazel b/build/BUILD.bazel index bd9e7cacfa0f..8549d6d18158 100644 --- a/build/BUILD.bazel +++ b/build/BUILD.bazel @@ -1,208 +1,232 @@ load("@kong_bindings//:variables.bzl", "KONG_VAR") load("@bazel_skylib//lib:selects.bzl", "selects") -load("//build:build_system.bzl", "kong_directory_genrule", "kong_rules_group", "kong_template_file") +load("//build:build_system.bzl", "get_workspace_name", "kong_genrule", "kong_install", "kong_rules_group", "kong_template_file") load("@kong//build/openresty/wasmx/filters:variables.bzl", "WASM_FILTERS_TARGETS") exports_files([ "package/nfpm.yaml", ]) -lib_deps = [ - "@openssl", #TODO: select over fips (but select doesn't work in list comprehension) +# C libraries + +clib_deps = [ + "@openssl", "@libexpat", + "@snappy", ] -install_lib_deps_cmd = "\n".join([ - """ - DEP=${WORKSPACE_PATH}/$(echo $(locations %s) | awk '{print $1}') - # use tar magic to exclude files and create with correct permission - copy_with_filter ${DEP} ${BUILD_DESTDIR}/kong -""" % dep - for dep in lib_deps -]) +[ + kong_install( + name = "install-%s" % get_workspace_name(k), + src = k, + prefix = "kong/lib" if k == "@passwdqc" else "kong", + ) + for k in clib_deps +] + +kong_rules_group( + name = "install-clibs", + propagates = [ + ":install-%s" % get_workspace_name(k) + for k in clib_deps + ], + visibility = ["//visibility:public"], +) + +# OpenResty + +kong_install( + name = "install-openresty-luajit", + src = "@openresty//:luajit", + prefix = "openresty/luajit", +) + +kong_install( + name = "install-openresty", + src = "@openresty", + prefix = "openresty", + deps = [ + ":install-openresty-luajit", + ":install-openssl", + ], +) + +# Lua Libraries lualib_deps = [ - "@lua-kong-nginx-module//:all_srcs", - "@lua-resty-lmdb//:all_srcs", - "@lua-resty-events//:all_srcs", - "@lua-resty-websocket//:all_srcs", + "@lua-kong-nginx-module//:lualib_srcs", + "@lua-resty-lmdb//:lualib_srcs", + "@lua-resty-events//:lualib_srcs", + "@lua-resty-websocket//:lualib_srcs", + "@atc_router//:lualib_srcs", +] + +[ + kong_install( + name = "install-%s-lualib" % get_workspace_name(k), + src = k, + prefix = "openresty/site/lualib", + strip_path = get_workspace_name(k) + ( + "/lualib" if k in [ + "@lua-kong-nginx-module//:lualib_srcs", + "@lua-resty-events//:lualib_srcs", + ] else "/lib" + ), + ) + for k in lualib_deps +] + +luaclib_deps = [ "@atc_router", ] -install_lualib_deps_cmd = "\n".join([ - """ - DEP=$(pwd)/external/%s - if [[ ${DEP} == */atc_router ]]; then - INSTALL=/usr/bin/install make --silent -C ${DEP} LUA_LIB_DIR=${BUILD_DESTDIR}/openresty/lualib install-lualib - else - INSTALL=/usr/bin/install make --silent -C ${DEP} LUA_LIB_DIR=${BUILD_DESTDIR}/openresty/lualib install - fi -""" % dep.lstrip("@").split("/")[0] - for dep in lualib_deps -]) +[ + kong_install( + name = "install-%s-luaclib" % get_workspace_name(k), + src = k, + prefix = "openresty/site/lualib", + strip_path = get_workspace_name(k), + ) + for k in luaclib_deps +] -install_webui_cmd = select({ - "//conditions:default": """ - cp -r $(location @kong_admin_gui//:dist_files) ${BUILD_DESTDIR}/kong/gui - """, - "@kong//:skip_webui_flags": "\n", -}) - -install_wasm_filters_cmd = select({ - "@kong//:wasmx_flag": """ - mkdir -pv ${BUILD_DESTDIR}/kong/wasm - """ + " ".join([""" - tpath="$(locations %s)" - fname="$(echo "${tpath}" | cut -d'/' -f2)" - - cp -v "$tpath" "${BUILD_DESTDIR}/kong/wasm/${fname}" - """ % t for t in WASM_FILTERS_TARGETS]), - "//conditions:default": "\n", -}) - -install_wasm_deps_cmd = select({ - "@kong//:wasmx_flag": """ - for fname in $(locations @ngx_wasmx_module//:lua_libs); do - base=${fname##*/ngx_wasmx_module/lib/} - dest="${BUILD_DESTDIR}/openresty/lualib/$base" - mkdir -p "$(dirname "$dest")" - cp -v "$fname" "$dest" - done - - if [[ -d ${BUILD_DESTDIR}/openresty/nginx/lib ]]; then - # both v8 and wasmer currently depend on openresty/nginx/lib/libngx_wasm_rs.so, - # but in the case of wasmtime it is statically linked and thus not needed in - # the final package - if [[ -e ${BUILD_DESTDIR}/openresty/nginx/lib/libngx_wasm_rs.so ]]; then - copy_with_filter ${BUILD_DESTDIR}/openresty/nginx/lib ${BUILD_DESTDIR}/kong/lib - fi - rm -rf ${BUILD_DESTDIR}/openresty/nginx/lib - fi -""", - "//conditions:default": "\n", -}) - -##### dynamic modules -selects.config_setting_group( - name = "nginx_dynamic_module_support", - match_any = ["@kong//:wasmx_dynamic_mod"], -) - -link_modules_dir = select({ - ":nginx_dynamic_module_support": """ - LN ${BUILD_DESTDIR}/openresty/nginx/modules ${BUILD_DESTDIR}/kong/modules -""", - "//conditions:default": "", -}) - -kong_directory_genrule( - name = "kong", - srcs = [ - "@luarocks//:luarocks_make", - "@luarocks//:luarocks_target", - "@openresty", - "@openresty//:luajit", - "@protoc//:all_srcs", - "@snappy//:snappy-lib", - ] + select({ - "@kong//:skip_webui_flags": [], - "//conditions:default": [ - "@kong_admin_gui//:dist_files", - ], - }) + select({ +kong_rules_group( + name = "install-lualibs", + propagates = [ + "install-%s-lualib" % get_workspace_name(k) + for k in lualib_deps + ] + [ + "install-%s-luaclib" % get_workspace_name(k) + for k in luaclib_deps + ], +) + +# WasmX + +kong_install( + name = "install-ngx-wasmx-module-lualib", + src = "@ngx_wasmx_module//:lualib_srcs", + prefix = "openresty/site/lualib", + strip_path = "ngx_wasmx_module/lib", +) + +[ + kong_install( + name = "install-wasm-filters-%s" % get_workspace_name(k), + src = k, + prefix = "kong/wasm", + ) + for k in WASM_FILTERS_TARGETS +] + +kong_rules_group( + name = "install-wasmx", + propagates = select({ "@kong//:wasmx_flag": [ - "@ngx_wasmx_module//:lua_libs", - "@openresty//:wasm_runtime", - ] + WASM_FILTERS_TARGETS, + ":install-ngx-wasmx-module-lualib", + ] + [ + "install-wasm-filters-%s" % get_workspace_name(k) + for k in WASM_FILTERS_TARGETS + ], "//conditions:default": [], - }) + lib_deps + lualib_deps, - cmd = - """ set -e - function copy_with_filter { - mkdir -p $2 - tar -cC $1 --exclude="*.a" --exclude="*.la" \ - --exclude="*/share/*" --exclude="*/bin/*" \ - --exclude="*.log" . | tar -xC $2/. - chmod -R "+rw" $2 - } - function LN { - if [[ "$OSTYPE" == "darwin"* ]]; then - # TODO: support relative path links once we start to cross compile on macOS - ln -sf $@ - else - ln -srf $@ - fi - } - rm -rf ${BUILD_DESTDIR} - mkdir -p ${BUILD_DESTDIR}/kong/lib ${BUILD_DESTDIR}/openresty ${BUILD_DESTDIR}/bin - - if [[ "$OSTYPE" == "darwin"* ]]; then - libext="dylib" - else # assume linux - libext="so" - fi + }), +) + +# Tools + +kong_rules_group( + name = "install-tools", + propagates = selects.with_or({ + "//conditions:default": [], + ( + "@kong//:skip_tools_flag", + "@platforms//os:macos", + ): [], + }), +) - OPENRESTY=${WORKSPACE_PATH}/$(echo '$(locations @openresty//:openresty)' | awk '{print $1}') - cp -r ${OPENRESTY}/. ${BUILD_DESTDIR}/openresty/. - LN ${BUILD_DESTDIR}/openresty/bin/resty ${BUILD_DESTDIR}/bin/resty - chmod -R "+rw" ${BUILD_DESTDIR}/openresty +# Static Files - LUAJIT=${WORKSPACE_PATH}/$(echo '$(locations @openresty//:luajit)' | awk '{print $1}') - copy_with_filter ${LUAJIT} ${BUILD_DESTDIR}/openresty/luajit - cp ${LUAJIT}/bin/luajit ${BUILD_DESTDIR}/openresty/luajit/bin/luajit - tar -cC ${LUAJIT}/share . | tar -xC ${BUILD_DESTDIR}/openresty/luajit/share - chmod -R "+rw" ${BUILD_DESTDIR}/openresty/luajit +kong_install( + name = "install-webui-dists", + src = "@kong_admin_gui//:dist", + prefix = "kong/gui", +) - SNAPPY=${WORKSPACE_PATH}/$(dirname $(echo '$(locations @snappy//:snappy-lib)' | awk '{print $1}')) - cp ${SNAPPY}/libsnappy.${libext} ${BUILD_DESTDIR}/kong/lib +kong_install( + name = "install-protobuf-headers", + src = "@protoc//:include", + prefix = "kong/include", +) - LUAROCKS=${WORKSPACE_PATH}/$(dirname '$(location @luarocks//:luarocks_make)')/luarocks_tree - cp -r ${LUAROCKS}/. ${BUILD_DESTDIR}/. +kong_rules_group( + name = "install-static-assets", + propagates = [ + ":install-protobuf-headers", + ] + select({ + "//conditions:default": [ + ":install-webui-dists", + ], + "@kong//:skip_webui_flags": [], + }), + visibility = ["//visibility:public"], +) + +# Wrap up : ) + +kong_rules_group( + name = "install", + propagates = [ + ":install-clibs", + ":install-lualibs", + ":install-wasmx", + ":install-openresty", + ":install-static-assets", + ":install-tools", + ], + visibility = ["//visibility:public"], +) - ATC_ROUTER=${WORKSPACE_PATH}/$(location @atc_router) - cp $ATC_ROUTER ${BUILD_DESTDIR}/openresty/lualib/. +kong_genrule( + name = "kong", + srcs = [ + ":install", + "@luarocks//:luarocks_make", + "@luarocks//:luarocks_target", + ], + outs = [ + "bin/luarocks", + "etc/kong/kong.conf.default", + "etc/luarocks", + "lib", + "share", + ], + cmd = + """ set -e + chmod -R "u+rw" ${BUILD_DESTDIR}/openresty - cp -r $(locations @protoc//:all_srcs) ${BUILD_DESTDIR}/kong/. + rm -rf ${BUILD_DESTDIR}/share ${BUILD_DESTDIR}/lib ${BUILD_DESTDIR}/etc + LUAROCKS=${WORKSPACE_PATH}/$(dirname '$(location @luarocks//:luarocks_make)')/luarocks_tree + cp -r ${LUAROCKS}/share ${LUAROCKS}/lib ${LUAROCKS}/etc ${BUILD_DESTDIR}/. + cp ${LUAROCKS}/bin/luarocks ${BUILD_DESTDIR}/bin/. + chmod -R "u+rw" ${BUILD_DESTDIR}/share/lua - """ + - install_lib_deps_cmd + - install_lualib_deps_cmd + - install_webui_cmd + - link_modules_dir + - install_wasm_filters_cmd + - install_wasm_deps_cmd + - """ - mkdir -p ${BUILD_DESTDIR}/etc/kong - cp kong.conf.default ${BUILD_DESTDIR}/etc/kong/kong.conf.default + mkdir -p ${BUILD_DESTDIR}/etc/kong/ + cp ${WORKSPACE_PATH}/kong.conf.default ${BUILD_DESTDIR}/etc/kong/kong.conf.default # housecleaning - mv ${BUILD_DESTDIR}/kong/*.${libext}* ${BUILD_DESTDIR}/kong/lib 2>/dev/null || true if [[ -d ${BUILD_DESTDIR}/kong/lib64 ]]; then - copy_with_filter ${BUILD_DESTDIR}/kong/lib64 ${BUILD_DESTDIR}/kong/lib + cp -r ${BUILD_DESTDIR}/kong/lib64/* ${BUILD_DESTDIR}/kong/lib/. rm -rf ${BUILD_DESTDIR}/kong/lib64 fi - # remove pkgconfig since they are invalid anyway - find ${BUILD_DESTDIR} -name "*.pc" -delete - # clean empty directory find ${BUILD_DESTDIR} -empty -type d -delete - # foreign_cc rule dereferences symlink, we will dedup them here - # TODO: patch https://github.com/bazelbuild/rules_foreign_cc/blob/main/foreign_cc/private/framework.bzl#L450 to not remove symlink - for f in $(find ${BUILD_DESTDIR}/kong/lib ${BUILD_DESTDIR}/openresty/luajit/lib -type f -name "*.${libext}*" ); do - if [[ -L "$f" ]]; then continue; fi # already a symlink - target=$(ls -r1 $f.* 2>/dev/null | head -n1) - if [[ ! -z "$target" && "$f" != "$target" ]]; then - LN "$target" "$f" - fi - done - LN ${BUILD_DESTDIR}/openresty/nginx/sbin/nginx ${BUILD_DESTDIR}/openresty/bin/openresty + # create empty folder to make nfpm happy when skip_tools is set to True + mkdir -p ${BUILD_DESTDIR}/kong-tools + chmod -R "u+rw" ${BUILD_DESTDIR}/kong-tools """, - # XXX: bazel forces 0555 as artifact permission, which is not correct for packagin - # here we deliberately use a different directory so file permission is preserved - # see also https://github.com/bazelbuild/bazel/issues/5588 - output_dir = KONG_VAR["BUILD_NAME"] + ".nop", visibility = ["//visibility:public"], ) diff --git a/build/build_system.bzl b/build/build_system.bzl index 695c99cebc52..99796a0c030d 100644 --- a/build/build_system.bzl +++ b/build/build_system.bzl @@ -3,16 +3,15 @@ Load this file for all Kong-specific build macros and rules that you'd like to use in your BUILD files. """ -load("@bazel_skylib//lib:dicts.bzl", "dicts") load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository", "new_git_repository") load("@kong_bindings//:variables.bzl", "KONG_VAR") -# A genrule variant that can output a directory. -def _kong_directory_genrule_impl(ctx): - tree = ctx.actions.declare_directory(ctx.attr.output_dir) - env = dicts.add(KONG_VAR, ctx.configuration.default_shell_env, { - "GENRULE_OUTPUT_DIR": tree.path, - }) +def _kong_genrule_impl(ctx): + outputs = [] + for f in ctx.attr.outs: + outputs.append(ctx.actions.declare_file(KONG_VAR["BUILD_NAME"] + "/" + f)) + + env = dict(KONG_VAR) # XXX: remove the "env" from KONG_VAR which is a list env["OPENRESTY_PATCHES"] = "" @@ -20,28 +19,29 @@ def _kong_directory_genrule_impl(ctx): ctx.actions.run_shell( inputs = ctx.files.srcs, tools = ctx.files.tools, - outputs = [tree], - command = "mkdir -p " + tree.path + " && " + ctx.expand_location(ctx.attr.cmd), + outputs = outputs, + command = ctx.expand_location(ctx.attr.cmd), env = env, ) - return [DefaultInfo(files = depset([tree]))] + return [DefaultInfo(files = depset(outputs))] -kong_directory_genrule = rule( - implementation = _kong_directory_genrule_impl, +kong_genrule = rule( + implementation = _kong_genrule_impl, + doc = "A genrule that prefixes output files with BUILD_NAME", attrs = { "srcs": attr.label_list(), "cmd": attr.string(), "tools": attr.label_list(), - "output_dir": attr.string(), + "outs": attr.string_list(), }, ) -# A rule that can be used as a meta rule that propagates multiple other rules def _kong_rules_group_impl(ctx): return [DefaultInfo(files = depset(ctx.files.propagates))] kong_rules_group = rule( implementation = _kong_rules_group_impl, + doc = "A rule that can be used as a meta rule that propagates multiple other rules", attrs = { "propagates": attr.label_list(), }, @@ -68,11 +68,14 @@ _kong_template_attrs = { def _render_template(ctx, output): substitutions = dict(ctx.attr.substitutions) for l in ctx.attr.srcs + ctx.attr.tools: - files = l.files.to_list() - if len(files) == 1: + if OutputGroupInfo in l and "gen_dir" in l[OutputGroupInfo]: # usualy it's foreign_cc target + p = l[OutputGroupInfo].gen_dir.to_list()[0].path + else: # otherwise it's usually output from gen_rule, file_group etc + files = l.files.to_list() p = files[0].path - else: - p = "/".join(files[0].path.split("/")[:-1]) # get the directory + for file in files: # get the one with shorted path, that will be the directory + if len(file.path) < len(p): + p = file.path substitutions["{{%s}}" % l.label] = p substitutions["{{CC}}"] = ctx.attr._cc_toolchain[cc_common.CcToolchainInfo].compiler_executable @@ -96,6 +99,7 @@ def _kong_template_file_impl(ctx): kong_template_file = rule( implementation = _kong_template_file_impl, + doc = "A rule that expands a template file", attrs = _kong_template_attrs, ) @@ -117,6 +121,7 @@ def _kong_template_genrule_impl(ctx): kong_template_genrule = rule( implementation = _kong_template_genrule_impl, + doc = "A genrule that expands a template file and execute it", attrs = _kong_template_attrs | { "progress_message": attr.string(doc = "Message to display when running the command"), }, @@ -198,6 +203,7 @@ def _github_release_impl(ctx): github_release = repository_rule( implementation = _github_release_impl, + doc = "Use `gh` CLI to download a github release and optionally add license headers", attrs = { "tag": attr.string(mandatory = True), "pattern": attr.string(mandatory = False), @@ -211,6 +217,14 @@ github_release = repository_rule( ) def git_or_local_repository(name, branch, **kwargs): + """A macro creates git_repository or local_repository based on the value of "branch". + + Args: + name: the name of target + branch: if starts with "." or "/", treat it as local_repository; otherwise git branch pr commit hash + **kwargs: if build_file or build_file_content is set, the macros uses new_* variants. + """ + new_repo = "build_file" in kwargs or "build_file_content" in kwargs if branch.startswith("/") or branch.startswith("."): print("Note @%s is initialized as a local repository from path %s" % (name, branch)) @@ -235,3 +249,109 @@ def git_or_local_repository(name, branch, **kwargs): branch = branch, **kwargs ) + +def _kong_install_impl(ctx): + outputs = [] + strip_path = ctx.attr.strip_path + + # TODO: `label.workspace_name` has been deprecated in the Bazel v7.1.0, + # we should replace it with `label.repo_name` after upgrading + # to the Bazel v7. + # https://bazel.build/versions/7.1.0/rules/lib/builtins/Label + label_path = ctx.attr.src.label.workspace_name + "/" + ctx.attr.src.label.name + if not strip_path: + strip_path = label_path + prefix = ctx.attr.prefix + if prefix: + prefix = prefix + "/" + + for file in ctx.files.src: + # skip top level directory + if file.short_path.endswith(label_path) or file.short_path.endswith(strip_path): + continue + + # strip ../ from the path + path = file.short_path + if file.short_path.startswith("../"): + path = "/".join(file.short_path.split("/")[1:]) + + # skip foreign_cc generated copy_* targets + if path.startswith(ctx.attr.src.label.workspace_name + "/copy_" + ctx.attr.src.label.name): + continue + + # only replace the first one + target_path = path.replace(strip_path + "/", "", 1) + full_path = "%s/%s%s" % (KONG_VAR["BUILD_NAME"], prefix, target_path) + + # use a fake output, if we are writing a directory that may collide with others + # nop_path = "%s-nop-farms/%s/%s/%s" % (KONG_VAR["BUILD_NAME"], strip_path, prefix, target_path) + # output = ctx.actions.declare_file(nop_path) + # ctx.actions.run_shell( + # outputs = [output], + # inputs = [file], + # command = "(mkdir -p {t} && chmod -R +rw {t} && cp -r {s} {t}) >{f}".format( + # t = full_path, + # s = file.path, + # f = output.path, + # ), + # ) + output = ctx.actions.declare_file(full_path) + ctx.actions.run_shell( + outputs = [output], + inputs = [file], + command = "cp -r %s %s" % (file.path, output.path), + ) + + outputs.append(output) + + if full_path.find(".so.") >= 0 and ctx.attr.create_dynamic_library_symlink: + el = full_path.split(".") + si = el.index("so") + sym_paths = [] + if len(el) > si + 2: # has more than one part after .so like libX.so.2.3.4 + sym_paths.append(".".join(el[:si + 2])) # libX.so.2 + sym_paths.append(".".join(el[:si + 1])) # libX.so + + for sym_path in sym_paths: + sym_output = ctx.actions.declare_symlink(sym_path) + ctx.actions.symlink(output = sym_output, target_path = file.basename) + outputs.append(sym_output) + + return [DefaultInfo(files = depset(outputs + ctx.files.deps))] + +kong_install = rule( + implementation = _kong_install_impl, + doc = "Install files from the `src` label output to BUILD_DESTDIR", + attrs = { + "prefix": attr.string( + mandatory = False, + doc = "The relative prefix to add to target files, after KONG_VAR['BUILD_DESTDIR'], default to 'kong'", + default = "kong", + ), + "strip_path": attr.string( + mandatory = False, + doc = "The leading path to strip from input, default to the ./", + default = "", + ), + # "include": attr.string_list( + # mandatory = False, + # doc = "List of files to explictly install, take effect after exclude; full name, or exactly one '*' at beginning or end as wildcard are supported", + # default = [], + # ), + # "exclude": attr.string_list( + # mandatory = False, + # doc = "List of directories to exclude from installation", + # default = [], + # ), + "create_dynamic_library_symlink": attr.bool( + mandatory = False, + doc = "Create non versioned symlinks to the versioned so, e.g. libfoo.so -> libfoo.so.1.2.3", + default = True, + ), + "deps": attr.label_list(allow_files = True, doc = "Labels to declare as dependency"), + "src": attr.label(allow_files = True, doc = "Label to install files for"), + }, +) + +def get_workspace_name(label): + return label.replace("@", "").split("/")[0] diff --git a/build/libexpat/BUILD.libexpat.bazel b/build/libexpat/BUILD.libexpat.bazel index 4db19caed6fb..c6e14a17ef3d 100644 --- a/build/libexpat/BUILD.libexpat.bazel +++ b/build/libexpat/BUILD.libexpat.bazel @@ -41,13 +41,14 @@ configure_make( "//conditions:default": {}, }), lib_source = ":all_srcs", + out_include_dir = "include/libexpat", # don't install headers # out_lib_dir = "lib", out_shared_libs = select({ "@platforms//os:macos": [ "libexpat.1.dylib", ], "//conditions:default": [ - "libexpat.so.1", + "libexpat.so.1.9.2", ], }), targets = [ diff --git a/build/luarocks/BUILD.luarocks.bazel b/build/luarocks/BUILD.luarocks.bazel index 9a57517779ed..d4d5c67c4d4b 100644 --- a/build/luarocks/BUILD.luarocks.bazel +++ b/build/luarocks/BUILD.luarocks.bazel @@ -90,7 +90,7 @@ kong_template_genrule( }), is_executable = True, output = "luarocks_target.log", - progress_message = "Luarocks: Install luarocks on target system", + progress_message = "Luarocks: Install luarocks with target configuration", substitutions = { "{{build_destdir}}": KONG_VAR["BUILD_DESTDIR"], "{{install_destdir}}": KONG_VAR["INSTALL_DESTDIR"], diff --git a/build/luarocks/templates/luarocks_exec.sh b/build/luarocks/templates/luarocks_exec.sh index b622c56b6c64..ad146f240131 100644 --- a/build/luarocks/templates/luarocks_exec.sh +++ b/build/luarocks/templates/luarocks_exec.sh @@ -94,4 +94,4 @@ $host_luajit $root_path/$LUAROCKS_HOST/bin/luarocks \$private_rocks_args \$@ \\ EXPAT_DIR=$EXPAT_DIR \\ LIBXML2_DIR=$LIBXML2_DIR \\ YAML_DIR=$YAML_DIR -EOF \ No newline at end of file +EOF diff --git a/build/openresty/BUILD.openresty.bazel b/build/openresty/BUILD.openresty.bazel index d134bd6aeb84..2d7fa54ce887 100644 --- a/build/openresty/BUILD.openresty.bazel +++ b/build/openresty/BUILD.openresty.bazel @@ -87,6 +87,7 @@ make( out_binaries = [ "luajit", ], + out_data_dirs = ["share"], out_shared_libs = select({ "@platforms//os:macos": [ "libluajit-5.1.2.dylib", @@ -268,7 +269,6 @@ configure_make( "@lua-resty-events//:all_srcs", "@lua-resty-lmdb//:all_srcs", "@ngx_brotli//:all_srcs", - "@openresty_binding//:all_srcs", ] + select({ "@kong//:wasmx_flag": [ "@ngx_wasmx_module//:all_srcs", @@ -284,6 +284,25 @@ configure_make( out_binaries = [ "nginx/sbin/nginx", ], + out_data_dirs = [ + "pod", + "bin", + "nginx/conf", + "nginx/html", + "lualib", + ], + out_lib_dir = "", + out_shared_libs = select({ + "@kong//:wasmx_flag": [ + "nginx/modules/ngx_wasmx_module.so", + ], + "//conditions:default": [], + }), + postfix_script = select({ + # macOS ln doesn't support -r/relative path + "@platforms//os:macos": "ln -sf openresty/nginx/sbin/nginx openresty/bin/openresty", + "//conditions:default": "ln -srf openresty/nginx/sbin/nginx openresty/bin/openresty", + }), targets = [ "-j" + KONG_VAR["NPROC"], "install -j" + KONG_VAR["NPROC"], diff --git a/build/openresty/atc_router/atc_router_repositories.bzl b/build/openresty/atc_router/atc_router_repositories.bzl index ed6bc0ca38cb..ce71993b7543 100644 --- a/build/openresty/atc_router/atc_router_repositories.bzl +++ b/build/openresty/atc_router/atc_router_repositories.bzl @@ -8,5 +8,4 @@ def atc_router_repositories(): name = "atc_router", branch = KONG_VAR["ATC_ROUTER"], remote = "https://github.com/Kong/atc-router", - visibility = ["//visibility:public"], # let this to be referenced by openresty build ) diff --git a/build/openresty/brotli/brotli_repositories.bzl b/build/openresty/brotli/brotli_repositories.bzl index c058a954f1ba..d3e020039f38 100644 --- a/build/openresty/brotli/brotli_repositories.bzl +++ b/build/openresty/brotli/brotli_repositories.bzl @@ -10,5 +10,4 @@ def brotli_repositories(): name = "brotli", branch = KONG_VAR["BROTLI"], remote = "https://github.com/google/brotli", - visibility = ["//visibility:public"], # let this to be referenced by openresty build ) diff --git a/build/openresty/openssl/openssl.bzl b/build/openresty/openssl/openssl.bzl index 2d5a4d48db3a..a9bf1a8de4d4 100644 --- a/build/openresty/openssl/openssl.bzl +++ b/build/openresty/openssl/openssl.bzl @@ -57,19 +57,28 @@ def build_openssl( "//conditions:default": {}, }), lib_source = ":%s-all_srcs" % name, - out_binaries = ["openssl"], # Note that for Linux builds, libssl must come before libcrypto on the linker command-line. # As such, libssl must be listed before libcrypto out_shared_libs = select({ "@platforms//os:macos": [ "libssl.3.dylib", "libcrypto.3.dylib", + "ossl-modules/legacy.dylib", + "engines-3/capi.dylib", + "engines-3/loader_attic.dylib", + "engines-3/padlock.dylib", ], "//conditions:default": [ "libssl.so.3", "libcrypto.so.3", + "ossl-modules/legacy.so", + "engines-3/afalg.so", + "engines-3/capi.so", + "engines-3/loader_attic.so", + "engines-3/padlock.so", ], }), + out_include_dir = "include/openssl", targets = [ "-j" + KONG_VAR["NPROC"], # don't set the prefix by --prefix switch, but only override the install destdir using INSTALLTOP diff --git a/build/openresty/repositories.bzl b/build/openresty/repositories.bzl index dbcb9515830e..cf64a97ed3fc 100644 --- a/build/openresty/repositories.bzl +++ b/build/openresty/repositories.bzl @@ -19,6 +19,12 @@ filegroup( srcs = glob(["**"]), visibility = ["//visibility:public"], ) + +filegroup( + name = "lualib_srcs", + srcs = glob(["lualib/**/*.lua", "lib/**/*.lua"]), + visibility = ["//visibility:public"], +) """ def openresty_repositories(): @@ -85,7 +91,7 @@ def openresty_repositories(): ) def _openresty_binding_impl(ctx): - ctx.file("BUILD.bazel", _NGINX_MODULE_DUMMY_FILE) + ctx.file("BUILD.bazel", "") ctx.file("WORKSPACE", "workspace(name = \"openresty_patch\")") version = "LuaJIT\\\\ 2.1.0-" diff --git a/build/openresty/wasmx/filters/BUILD.bazel b/build/openresty/wasmx/filters/BUILD.bazel index e2357a30e522..e69de29bb2d1 100644 --- a/build/openresty/wasmx/filters/BUILD.bazel +++ b/build/openresty/wasmx/filters/BUILD.bazel @@ -1,14 +0,0 @@ -load("@kong//build/openresty/wasmx/filters:variables.bzl", "WASM_FILTERS_TARGETS") - -filegroup( - name = "all_srcs", - srcs = glob( - include = ["**"], - exclude = ["*.bazel"], - ), -) - -exports_files( - WASM_FILTERS_TARGETS, - visibility = ["//visibility:public"], -) diff --git a/build/openresty/wasmx/filters/repositories.bzl b/build/openresty/wasmx/filters/repositories.bzl index 12770719c15c..12f0779993fd 100644 --- a/build/openresty/wasmx/filters/repositories.bzl +++ b/build/openresty/wasmx/filters/repositories.bzl @@ -10,6 +10,7 @@ def wasm_filters_repositories(): maybe( http_file, name = renamed_file, + downloaded_file_path = renamed_file, url = "https://github.com/%s/releases/download/%s/%s" % ( filter["repo"], filter["tag"], diff --git a/build/openresty/wasmx/wasmx_repositories.bzl b/build/openresty/wasmx/wasmx_repositories.bzl index 76a03e340767..42c571f710c2 100644 --- a/build/openresty/wasmx/wasmx_repositories.bzl +++ b/build/openresty/wasmx/wasmx_repositories.bzl @@ -69,8 +69,8 @@ filegroup( ) filegroup( - name = "lua_libs", - srcs = glob(["lib/resty/**"]), + name = "lualib_srcs", + srcs = glob(["lib/**/*.lua"]), visibility = ["//visibility:public"] ) diff --git a/build/package/nfpm.yaml b/build/package/nfpm.yaml index 2e0bbf0c6911..65117228bb7d 100644 --- a/build/package/nfpm.yaml +++ b/build/package/nfpm.yaml @@ -44,6 +44,12 @@ contents: dst: /etc/kong/kong.logrotate file_info: mode: 0644 +- src: /usr/local/openresty/bin/resty + dst: /usr/local/bin/resty + type: symlink +- src: /usr/local/openresty/nginx/modules + dst: /usr/local/kong/modules + type: symlink scripts: postinstall: ./build/package/postinstall.sh diff --git a/build/repositories.bzl b/build/repositories.bzl index b216e569d770..c86dfec2f37d 100644 --- a/build/repositories.bzl +++ b/build/repositories.bzl @@ -2,11 +2,10 @@ load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe") load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") -load("//build:build_system.bzl", "git_or_local_repository") +load("//build:build_system.bzl", "git_or_local_repository", "github_release") load("//build/luarocks:luarocks_repositories.bzl", "luarocks_repositories") load("//build/cross_deps:repositories.bzl", "cross_deps_repositories") load("//build/libexpat:repositories.bzl", "libexpat_repositories") -load("//build:build_system.bzl", "github_release") load("@kong_bindings//:variables.bzl", "KONG_VAR") load("//build/toolchain:bindings.bzl", "load_bindings") @@ -16,12 +15,18 @@ filegroup( srcs = glob(["**"]), visibility = ["//visibility:public"], ) + +filegroup( + name = "lualib_srcs", + srcs = glob(["lualib/**/*.lua", "lib/**/*.lua"]), + visibility = ["//visibility:public"], +) """ _DIST_BUILD_FILE_CONTENT = """ filegroup( - name = "dist_files", - srcs = ["dist"], + name = "dist", + srcs = glob(["dist/**"]), visibility = ["//visibility:public"], ) """ @@ -61,8 +66,8 @@ def protoc_repositories(): sha256 = "2994b7256f7416b90ad831dbf76a27c0934386deb514587109f39141f2636f37", build_file_content = """ filegroup( - name = "all_srcs", - srcs = ["include"], + name = "include", + srcs = glob(["include/google/**"]), visibility = ["//visibility:public"], )""", ) diff --git a/scripts/explain_manifest/fixtures/amazonlinux-2-amd64.txt b/scripts/explain_manifest/fixtures/amazonlinux-2-amd64.txt index 83e403555d10..b5e263650957 100644 --- a/scripts/explain_manifest/fixtures/amazonlinux-2-amd64.txt +++ b/scripts/explain_manifest/fixtures/amazonlinux-2-amd64.txt @@ -158,17 +158,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - librt.so.1 - - libpthread.so.0 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so Needed : - libc.so.6 @@ -213,3 +202,15 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - librt.so.1 + - libpthread.so.0 + - libm.so.6 + - libdl.so.2 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 + diff --git a/scripts/explain_manifest/fixtures/amazonlinux-2023-amd64.txt b/scripts/explain_manifest/fixtures/amazonlinux-2023-amd64.txt index b962f79b5ed7..b940c8e8889f 100644 --- a/scripts/explain_manifest/fixtures/amazonlinux-2023-amd64.txt +++ b/scripts/explain_manifest/fixtures/amazonlinux-2023-amd64.txt @@ -151,14 +151,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - libm.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so Needed : - libc.so.6 @@ -199,3 +191,11 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 + - libm.so.6 diff --git a/scripts/explain_manifest/fixtures/amazonlinux-2023-arm64.txt b/scripts/explain_manifest/fixtures/amazonlinux-2023-arm64.txt index 57e21512d51b..193dd354ecd7 100644 --- a/scripts/explain_manifest/fixtures/amazonlinux-2023-arm64.txt +++ b/scripts/explain_manifest/fixtures/amazonlinux-2023-arm64.txt @@ -158,11 +158,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libc.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so Needed : - libc.so.6 @@ -203,3 +198,8 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libc.so.6 diff --git a/scripts/explain_manifest/fixtures/debian-10-amd64.txt b/scripts/explain_manifest/fixtures/debian-10-amd64.txt index 48f6dda84757..15367259a797 100644 --- a/scripts/explain_manifest/fixtures/debian-10-amd64.txt +++ b/scripts/explain_manifest/fixtures/debian-10-amd64.txt @@ -158,17 +158,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - librt.so.1 - - libpthread.so.0 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so Needed : - libc.so.6 @@ -213,3 +202,14 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - librt.so.1 + - libpthread.so.0 + - libm.so.6 + - libdl.so.2 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/debian-11-amd64.txt b/scripts/explain_manifest/fixtures/debian-11-amd64.txt index 672c184e10cb..846b95ad5a6d 100644 --- a/scripts/explain_manifest/fixtures/debian-11-amd64.txt +++ b/scripts/explain_manifest/fixtures/debian-11-amd64.txt @@ -152,16 +152,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libpthread.so.0 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so - Path : /usr/local/openresty/lualib/rds/parser.so @@ -202,3 +192,13 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libpthread.so.0 + - libm.so.6 + - libdl.so.2 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/debian-12-amd64.txt b/scripts/explain_manifest/fixtures/debian-12-amd64.txt index 2ec1965787d4..1ab0eabe5b16 100644 --- a/scripts/explain_manifest/fixtures/debian-12-amd64.txt +++ b/scripts/explain_manifest/fixtures/debian-12-amd64.txt @@ -145,14 +145,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libm.so.6 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so - Path : /usr/local/openresty/lualib/rds/parser.so @@ -189,3 +181,11 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libm.so.6 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/el7-amd64.txt b/scripts/explain_manifest/fixtures/el7-amd64.txt index 95397a5fd0ef..2d8ff671eddd 100644 --- a/scripts/explain_manifest/fixtures/el7-amd64.txt +++ b/scripts/explain_manifest/fixtures/el7-amd64.txt @@ -158,17 +158,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - librt.so.1 - - libpthread.so.0 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so Needed : - libc.so.6 @@ -212,3 +201,14 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - librt.so.1 + - libpthread.so.0 + - libm.so.6 + - libdl.so.2 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/el8-amd64.txt b/scripts/explain_manifest/fixtures/el8-amd64.txt index fe385e2cb6f1..ca3351b3a11a 100644 --- a/scripts/explain_manifest/fixtures/el8-amd64.txt +++ b/scripts/explain_manifest/fixtures/el8-amd64.txt @@ -158,16 +158,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libpthread.so.0 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so Needed : - libc.so.6 @@ -212,3 +202,13 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libpthread.so.0 + - libm.so.6 + - libdl.so.2 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/el9-amd64.txt b/scripts/explain_manifest/fixtures/el9-amd64.txt index 977c13d06eea..7457649228b5 100644 --- a/scripts/explain_manifest/fixtures/el9-amd64.txt +++ b/scripts/explain_manifest/fixtures/el9-amd64.txt @@ -151,14 +151,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libm.so.6 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so Needed : - libc.so.6 @@ -199,3 +191,11 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libm.so.6 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/el9-arm64.txt b/scripts/explain_manifest/fixtures/el9-arm64.txt index 57e21512d51b..193dd354ecd7 100644 --- a/scripts/explain_manifest/fixtures/el9-arm64.txt +++ b/scripts/explain_manifest/fixtures/el9-arm64.txt @@ -158,11 +158,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libc.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so Needed : - libc.so.6 @@ -203,3 +198,8 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libc.so.6 diff --git a/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt index 646e70445e96..41172c077810 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt @@ -154,16 +154,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libpthread.so.0 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so - Path : /usr/local/openresty/lualib/rds/parser.so @@ -206,3 +196,13 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libpthread.so.0 + - libm.so.6 + - libdl.so.2 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt index cb1dca234d03..bee32048e1f7 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt @@ -147,14 +147,6 @@ Needed : - libc.so.6 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libm.so.6 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so - Path : /usr/local/openresty/lualib/rds/parser.so @@ -193,3 +185,11 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libm.so.6 + - libc.so.6 + - ld-linux-x86-64.so.2 + - libstdc++.so.6 diff --git a/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt b/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt index f5966d758f00..916b90bf1d39 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt @@ -145,11 +145,6 @@ - libc.so.6 - ld-linux-aarch64.so.1 -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libc.so.6 - - Path : /usr/local/openresty/lualib/librestysignal.so - Path : /usr/local/openresty/lualib/rds/parser.so @@ -191,3 +186,8 @@ OpenSSL : OpenSSL 3.2.1 30 Jan 2024 DWARF : True DWARF - ngx_http_request_t related DWARF DIEs: True + +- Path : /usr/local/openresty/site/lualib/libatc_router.so + Needed : + - libgcc_s.so.1 + - libc.so.6 diff --git a/scripts/explain_manifest/suites.py b/scripts/explain_manifest/suites.py index daed30299395..2624459024bd 100644 --- a/scripts/explain_manifest/suites.py +++ b/scripts/explain_manifest/suites.py @@ -65,7 +65,7 @@ def common_suites(expect, libxcrypt_no_obsolete_api: bool = False): .contain("ngx_http_lua_kong_ffi_var_set_by_index") \ .contain("ngx_http_lua_kong_ffi_var_load_indexes") - expect("/usr/local/openresty/lualib/libatc_router.so", "ATC router so should have ffi module compiled") \ + expect("/usr/local/openresty/site/lualib/libatc_router.so", "ATC router so should have ffi module compiled") \ .functions \ .contain("router_execute") From 5ef1386569b3e2cdf03f22e5bfab361b78e692d9 Mon Sep 17 00:00:00 2001 From: Wangchong Zhou Date: Fri, 19 Apr 2024 11:17:00 +0800 Subject: [PATCH 2/4] feat(dev): add //build:dev-make-openresty target to invoke make directory for openresty build for development --- build/BUILD.bazel | 19 +++++++++++++++++++ build/openresty/BUILD.openresty.bazel | 27 +++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/build/BUILD.bazel b/build/BUILD.bazel index 8549d6d18158..17a65fa46092 100644 --- a/build/BUILD.bazel +++ b/build/BUILD.bazel @@ -51,6 +51,25 @@ kong_install( ], ) +# Use this target when developing with nginx modules and want to +# avoid rebuilding a clean OpenResty every time. +kong_genrule( + name = "dev-make-openresty", + srcs = [ + "@openresty//:dev-just-make", + ], + outs = [ + "openresty.dev.nop", + ], + cmd = """ + rm -rf ${BUILD_DESTDIR}/openresty + cp -r $(location @openresty//:dev-just-make) ${BUILD_DESTDIR}/openresty + chmod -R "u+rw" ${BUILD_DESTDIR}/openresty + touch ${BUILD_DESTDIR}/openresty.dev.nop + """, + visibility = ["//visibility:public"], +) + # Lua Libraries lualib_deps = [ diff --git a/build/openresty/BUILD.openresty.bazel b/build/openresty/BUILD.openresty.bazel index 2d7fa54ce887..9b86a74a25e5 100644 --- a/build/openresty/BUILD.openresty.bazel +++ b/build/openresty/BUILD.openresty.bazel @@ -332,3 +332,30 @@ configure_make( "//conditions:default": [], }), ) + +genrule( + name = "dev-just-make", + srcs = [ + "@lua-kong-nginx-module//:all_srcs", + "@lua-resty-events//:all_srcs", + "@lua-resty-lmdb//:all_srcs", + "@ngx_brotli//:all_srcs", + ] + select({ + "@kong//:wasmx_flag": [ + "@ngx_wasmx_module//:all_srcs", + # wasm_runtime has to be a "data" (target) instead of "build_data" (exec) + # to be able to lookup by its path (relative to INSTALLDIR) + ":wasm_runtime", + ], + "//conditions:default": [], + }), + outs = ["dev-builddir"], + cmd = """ + pushd $(RULEDIR)/openresty.build_tmpdir >/dev/null + make -j%s + make install + popd >/dev/null + cp -r $(RULEDIR)/openresty.build_tmpdir/openresty $@ + """ % KONG_VAR["NPROC"], + visibility = ["//visibility:public"], +) From 5dd14cb9f923f75c13e6e69f9c903c6a51ec94ff Mon Sep 17 00:00:00 2001 From: Wangchong Zhou Date: Mon, 6 May 2024 14:19:46 +0800 Subject: [PATCH 3/4] fix(build): snappy to always use cc_shared_library --- .bazelrc | 2 +- build/BUILD.bazel | 3 ++- build/openresty/snappy/BUILD.bazel | 17 ++++------------- 3 files changed, 7 insertions(+), 15 deletions(-) diff --git a/.bazelrc b/.bazelrc index 11c2d33dfbb5..7a1625ac970f 100644 --- a/.bazelrc +++ b/.bazelrc @@ -14,7 +14,7 @@ common --color=yes common --curses=auto build --experimental_ui_max_stdouterr_bytes=10485760 -# required to build shared library on macOS +# TODO: remove after bump to bazel >= 7 build --experimental_cc_shared_library build --show_progress_rate_limit=0 diff --git a/build/BUILD.bazel b/build/BUILD.bazel index 17a65fa46092..ef2718d6ee44 100644 --- a/build/BUILD.bazel +++ b/build/BUILD.bazel @@ -19,7 +19,8 @@ clib_deps = [ kong_install( name = "install-%s" % get_workspace_name(k), src = k, - prefix = "kong/lib" if k == "@passwdqc" else "kong", + prefix = "kong/lib" if k in ("@passwdqc", "@snappy") else "kong", + strip_path = "snappy" if k == "@snappy" else "", ) for k in clib_deps ] diff --git a/build/openresty/snappy/BUILD.bazel b/build/openresty/snappy/BUILD.bazel index 3f534e9b52ed..499e4fb293aa 100644 --- a/build/openresty/snappy/BUILD.bazel +++ b/build/openresty/snappy/BUILD.bazel @@ -59,7 +59,7 @@ cc_library( ) cc_library( - name = "snappy", + name = "snappy-lib", srcs = [ "snappy.cc", "snappy-c.cc", @@ -77,6 +77,7 @@ cc_library( "-Wno-sign-compare", ], }), + linkstatic = True, deps = [ ":config", ":snappy-stubs-internal", @@ -84,19 +85,9 @@ cc_library( ], ) -# workaround for apple_cc_toolchain doesn't support dynamic linker feature cc_shared_library( - name = "snappy-macos-lib", - shared_lib_name = "libsnappy.dylib", - deps = [":snappy"], -) - -alias( - name = "snappy-lib", - actual = select({ - "@platforms//os:osx": ":snappy-macos-lib", - "//conditions:default": ":snappy", - }), + name = "snappy", + deps = [":snappy-lib"], ) filegroup( From f21da41a74cbc72a0f2b392d2eed4d7f205b83b9 Mon Sep 17 00:00:00 2001 From: Wangchong Zhou Date: Wed, 24 Apr 2024 14:51:00 +0800 Subject: [PATCH 4/4] chore(deps): bump rules_foreign_cc from 0.9.0 to 0.10.1 --- WORKSPACE | 6 +++--- build/README.md | 2 -- build/kong_bindings.bzl | 7 ------- build/luarocks/BUILD.luarocks.bazel | 4 ++-- build/openresty/BUILD.openresty.bazel | 28 +++++++++++++-------------- 5 files changed, 19 insertions(+), 28 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index ae97c320d94e..fa4c08a33491 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -17,9 +17,9 @@ load_bindings(name = "kong_bindings") http_archive( name = "rules_foreign_cc", - sha256 = "2a4d07cd64b0719b39a7c12218a3e507672b82a97b98c6a89d38565894cf7c51", - strip_prefix = "rules_foreign_cc-0.9.0", - url = "https://github.com/bazelbuild/rules_foreign_cc/archive/refs/tags/0.9.0.tar.gz", + sha256 = "476303bd0f1b04cc311fc258f1708a5f6ef82d3091e53fd1977fa20383425a6a", + strip_prefix = "rules_foreign_cc-0.10.1", + url = "https://github.com/bazelbuild/rules_foreign_cc/archive/refs/tags/0.10.1.tar.gz", ) load("@rules_foreign_cc//foreign_cc:repositories.bzl", "rules_foreign_cc_dependencies") diff --git a/build/README.md b/build/README.md index 7e795dff7774..0540a5d2df77 100644 --- a/build/README.md +++ b/build/README.md @@ -24,8 +24,6 @@ The build system requires the following tools to be installed: # check bazel version bazel version ``` -- [Python](https://www.python.org/), Python 3 is used to build some of the dependencies. Note: build system relies on `python` - in the PATH; if you have `python3` you need to create a symlink from `python` to `python3` - [Build dependencies](https://github.com/Kong/kong/blob/master/DEVELOPER.md#build-and-install-from-source) **Note**: Bazel relies on logged user to create the temporary file system; however if your username contains `@` diff --git a/build/kong_bindings.bzl b/build/kong_bindings.bzl index fa23119d2704..c05e98242c6c 100644 --- a/build/kong_bindings.bzl +++ b/build/kong_bindings.bzl @@ -80,13 +80,6 @@ def _check_sanity(ctx): "The following command is useful to check if Xcode is picked up by Bazel:\n" + "eval `find /private/var/tmp/_bazel_*/|grep xcode-locator|head -n1`") - python = ctx.execute(["which", "python"]).stdout.strip() - if not python: - fail("rules_foreign_cc hasn't migrated to python3 on macOS yet, and your system doens't \n" + - "have a `python` binary. Consider create a symlink to `python3` and include in PATH:\n" + - "ln -s `which python3` /usr/local/bin/python\n" + - "export PATH=/usr/local/bin:$PATH bazel build \n") - user = ctx.os.environ.get("USER", "") if "@" in user: fail("Bazel uses $USER in cache and rule_foreign_cc uses `@` in its sed command.\n" + diff --git a/build/luarocks/BUILD.luarocks.bazel b/build/luarocks/BUILD.luarocks.bazel index d4d5c67c4d4b..d5159513189a 100644 --- a/build/luarocks/BUILD.luarocks.bazel +++ b/build/luarocks/BUILD.luarocks.bazel @@ -19,8 +19,8 @@ configure_make( configure_in_place = True, configure_options = [ "--lua-suffix=jit", - "--with-lua=$$EXT_BUILD_DEPS$$/luajit", - "--with-lua-include=$$EXT_BUILD_DEPS$$/luajit/include/luajit-2.1", + "--with-lua=$$EXT_BUILD_DEPS/luajit", + "--with-lua-include=$$EXT_BUILD_DEPS/luajit/include/luajit-2.1", ], lib_source = ":all_srcs", out_bin_dir = "", diff --git a/build/openresty/BUILD.openresty.bazel b/build/openresty/BUILD.openresty.bazel index 9b86a74a25e5..c6b531d02ab7 100644 --- a/build/openresty/BUILD.openresty.bazel +++ b/build/openresty/BUILD.openresty.bazel @@ -144,14 +144,14 @@ CONFIGURE_OPTIONS = [ "--without-http_redis_module", "--without-http_rds_json_module", "--without-http_rds_csv_module", - "--with-luajit=$$EXT_BUILD_DEPS$$/luajit", - "--with-cc-opt=\"-I$$EXT_BUILD_DEPS$$/pcre/include\"", - "--with-cc-opt=\"-I$$EXT_BUILD_DEPS$$/openssl/include\"", - "--with-cc-opt=\"-I$$EXT_BUILD_DEPS$$/luajit/include\"", - "--with-ld-opt=\"-L$$EXT_BUILD_DEPS$$/pcre/lib\"", - "--with-ld-opt=\"-L$$EXT_BUILD_DEPS$$/openssl/lib\"", - "--with-ld-opt=\"-L$$EXT_BUILD_DEPS$$/luajit/lib\"", - "--with-ld-opt=\"-L$$EXT_BUILD_DEPS$$/lib\"", + "--with-luajit=$$EXT_BUILD_DEPS/luajit", + "--with-cc-opt=\"-I$$EXT_BUILD_DEPS/pcre/include\"", + "--with-cc-opt=\"-I$$EXT_BUILD_DEPS/openssl/include\"", + "--with-cc-opt=\"-I$$EXT_BUILD_DEPS/luajit/include\"", + "--with-ld-opt=\"-L$$EXT_BUILD_DEPS/pcre/lib\"", + "--with-ld-opt=\"-L$$EXT_BUILD_DEPS/openssl/lib\"", + "--with-ld-opt=\"-L$$EXT_BUILD_DEPS/luajit/lib\"", + "--with-ld-opt=\"-L$$EXT_BUILD_DEPS/lib\"", # Here let's try not having --disable-new-dtags; --disable-new-dtags creates rpath instead of runpath # note rpath can't handle indirect dependency (nginx -> luajit -> dlopen("other")), so each indirect # dependency should have its rpath set (luajit, libxslt etc); on the other side, rpath is not @@ -201,16 +201,16 @@ CONFIGURE_OPTIONS = [ "//conditions:default": [], }) + select({ "@kong//:any-cross": [ - "--with-cc-opt=\"-I$$EXT_BUILD_DEPS$$/zlib/include\"", - "--with-ld-opt=\"-L$$EXT_BUILD_DEPS$$/zlib/lib\"", + "--with-cc-opt=\"-I$$EXT_BUILD_DEPS/zlib/include\"", + "--with-ld-opt=\"-L$$EXT_BUILD_DEPS/zlib/lib\"", ], "//conditions:default": [], }) + select({ # any cross build that migrated to use libxcrypt needs those flags # alpine uses different libc so doesn't need it ":needs-xcrypt2": [ - "--with-cc-opt=\"-I$$EXT_BUILD_DEPS$$/libxcrypt/include\"", - "--with-ld-opt=\"-L$$EXT_BUILD_DEPS$$/libxcrypt/lib\"", + "--with-cc-opt=\"-I$$EXT_BUILD_DEPS/libxcrypt/include\"", + "--with-ld-opt=\"-L$$EXT_BUILD_DEPS/libxcrypt/lib\"", ], "//conditions:default": [], }) + select({ @@ -222,8 +222,8 @@ CONFIGURE_OPTIONS = [ "//conditions:default": [], }) + select({ "@kong//:fips_flag": [ - "--with-cc-opt=\"-I$$EXT_BUILD_DEPS$$/include\"", - "--with-ld-opt=\"-L$$EXT_BUILD_DEPS$$/lib -Wl,-Bsymbolic-functions -Wl,-z,relro\"", + "--with-cc-opt=\"-I$$EXT_BUILD_DEPS/include\"", + "--with-ld-opt=\"-L$$EXT_BUILD_DEPS/lib -Wl,-Bsymbolic-functions -Wl,-z,relro\"", ], "//conditions:default": [], }) + select({