diff options
Diffstat (limited to 'src/crypto/internal/boring/build/build.sh')
-rwxr-xr-x | src/crypto/internal/boring/build/build.sh | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/src/crypto/internal/boring/build/build.sh b/src/crypto/internal/boring/build/build.sh new file mode 100755 index 0000000000..7c50327c2f --- /dev/null +++ b/src/crypto/internal/boring/build/build.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# Copyright 2017 The Go Authors. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +# Run on Ubuntu system set up with: +# sudo apt-get install debootstrap +# sudo apt-get install squid-deb-proxy +# +# The script sets up an Ubuntu chroot and then runs the build +# in that chroot, to make sure we know exactly what software +# is being used for the build. To repeat the script reusing the +# chroot installation, run build.sh -quick. This mode is useful +# if all you've modified is goboringcrypto.c and ../goboringcrypto.h +# (or some of the setup scripts in this directory). + +# Comment this setting out if not using squid-deb-proxy, +# but it will be much slower to repeat the script. +http_proxy=http://127.0.0.1:8000 + +chroot=/var/tmp/boringssl + +sudo umount -f $chroot/proc +sudo umount -f $chroot/sys +sudo umount -f $chroot/dev/pts +sudo umount -f $chroot/dev + +set -e +if [ "$1" != "-quick" ]; then + sudo rm -rf $chroot + sudo http_proxy=$http_proxy debootstrap --variant=minbase zesty $chroot +fi + +sudo chown $USER $chroot +sudo chmod u+w $chroot + +sudo mount -t proc proc $chroot/proc +sudo mount -t sysfs sys $chroot/sys +sudo mount -o bind /dev $chroot/dev +sudo mount -t devpts devpts $chroot/dev/pts + +sudo cp sources.list $chroot/etc/apt/sources.list + +cp *chroot.sh $chroot + +# Following http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2964.pdf page 18. +if [ ! -e $chroot/boringssl-24e5886c0edfc409c8083d10f9f1120111efd6f5.tar.xz ]; then + wget -O $chroot/boringssl-24e5886c0edfc409c8083d10f9f1120111efd6f5.tar.xz https://commondatastorage.googleapis.com/chromium-boringssl-docs/fips/boringssl-24e5886c0edfc409c8083d10f9f1120111efd6f5.tar.xz +fi +if [ "$(sha256sum $chroot/boringssl-24e5886c0edfc409c8083d10f9f1120111efd6f5.tar.xz | awk '{print $1}')" != 15a65d676eeae27618e231183a1ce9804fc9c91bcc3abf5f6ca35216c02bf4da ]; then + echo WRONG SHA256SUM + exit 2 +fi + +rm -rf $chroot/godriver +mkdir $chroot/godriver +cp ../goboringcrypto.h $chroot/godriver + +sudo http_proxy=$http_proxy chroot $chroot /root_setup_in_chroot.sh +sudo chroot --userspec=$(id -u):$(id -g) $chroot /build_in_chroot.sh +cp $chroot/godriver/goboringcrypto_linux_amd64.syso .. +sha256sum ../goboringcrypto_linux_amd64.syso +echo DONE |