Skip to content

Commit

Permalink
bazel: update target for openssl executable
Browse files Browse the repository at this point in the history
Previous solutions was a workaround and would potentially
use system's openssl libraries and config data. Replacing
it with foreign_cc:runnable_binary which is properly aware
of the executable dependencies.
  • Loading branch information
IoannisRP committed Dec 9, 2024
1 parent 8d90667 commit a235e0a
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 15 deletions.
23 changes: 20 additions & 3 deletions bazel/cert.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,19 @@ This module contains functions to generate a simple CA

load("@bazel_skylib//rules:run_binary.bzl", "run_binary")

openssl_env = {
"OPENSSL_CONF": "$(execpath @openssl//:openssl_data)/openssl.cnf",
}

# buildifier: disable=function-docstring-args
def _redpanda_private_key(name, certificate):
private_key = certificate + ".key"

run_binary(
name = name + "_key_gen",
srcs = [],
srcs = [
"@openssl//:openssl_data",
],
outs = [private_key],
args = [
"ecparam",
Expand All @@ -21,6 +27,7 @@ def _redpanda_private_key(name, certificate):
"-out",
"$(execpath :{})".format(private_key),
],
env = openssl_env,
tool = "@openssl//:openssl_exe",
)

Expand All @@ -44,7 +51,10 @@ def redpanda_selfsigned_cert(name, certificate, common_name, visibility = None):

run_binary(
name = name + "_crt_gen",
srcs = [private_key],
srcs = [
private_key,
"@openssl//:openssl_data",
],
outs = [cert],
args = [
"req",
Expand All @@ -60,6 +70,7 @@ def redpanda_selfsigned_cert(name, certificate, common_name, visibility = None):
"-addext",
"subjectAltName = IP:127.0.0.1",
],
env = openssl_env,
tool = "@openssl//:openssl_exe",
)

Expand Down Expand Up @@ -90,7 +101,10 @@ def redpanda_signed_cert(name, certificate, common_name, ca, serial_number, visi

run_binary(
name = name + "_csr_gen",
srcs = [private_key],
srcs = [
private_key,
"@openssl//:openssl_data",
],
outs = [csr],
args = [
"req",
Expand All @@ -103,6 +117,7 @@ def redpanda_signed_cert(name, certificate, common_name, ca, serial_number, visi
"-subj",
subj,
],
env = openssl_env,
tool = "@openssl//:openssl_exe",
)

Expand All @@ -115,6 +130,7 @@ def redpanda_signed_cert(name, certificate, common_name, ca, serial_number, visi
ca_cert,
ca_private_key,
csr,
"@openssl//:openssl_data",
],
outs = [cert],
args = [
Expand All @@ -134,6 +150,7 @@ def redpanda_signed_cert(name, certificate, common_name, ca, serial_number, visi
"-out",
"$(execpath :{})".format(cert),
],
env = openssl_env,
tool = "@openssl//:openssl_exe",
)

Expand Down
25 changes: 13 additions & 12 deletions bazel/thirdparty/openssl.BUILD
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
load("@bazel_skylib//rules:common_settings.bzl", "int_flag", "string_flag")
load("@bazel_skylib//rules:copy_file.bzl", "copy_file")
load("@bazel_skylib//rules:select_file.bzl", "select_file")
load("@rules_foreign_cc//foreign_cc:defs.bzl", "configure_make")
load("@rules_foreign_cc//foreign_cc:defs.bzl", "configure_make", "runnable_binary")

# Make this build faster by setting `build --@openssl//:build_jobs=16` in user.bazelrc
# if you have the cores to spare.
Expand Down Expand Up @@ -60,6 +59,9 @@ configure_make(
out_binaries = [
"openssl",
],
out_data_dirs = [
"ssl",
],
out_shared_libs = [
"libssl.so.3",
"libcrypto.so.3",
Expand All @@ -77,18 +79,17 @@ filegroup(
)

select_file(
name = "openssl_exe_file",
name = "openssl_data",
srcs = ":openssl",
subpath = "bin/openssl",
)

copy_file(
name = "openssl_exe",
src = ":openssl_exe_file",
out = "openssl.exe",
allow_symlink = True,
is_executable = True,
subpath = "ssl",
visibility = [
"//visibility:public",
],
)

runnable_binary(
name = "openssl_exe",
binary = "openssl",
foreign_cc_target = ":openssl",
visibility = ["//visibility:public"],
)

0 comments on commit a235e0a

Please sign in to comment.