1# Copyright 2021 The Pigweed Authors 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); you may not 4# use this file except in compliance with the License. You may obtain a copy of 5# the License at 6# 7# https://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12# License for the specific language governing permissions and limitations under 13# the License. 14"""Install and check status of BoringSSL + Chromium verifier.""" 15 16import pathlib 17from typing import Sequence 18import pw_package.git_repo 19import pw_package.package_manager 20 21# List of sources to checkout for chromium verifier. 22# The list is hand-picked. It is currently only tested locally (i.e. the list 23# compiles and can run certificate chain verification). Unittest will be added 24# in pw_tls_client that uses the this package, so that it can be used as a 25# criterion for rolling. 26CHROMIUM_VERIFIER_LIBRARY_SOURCES = [ 27 'base/*', 28 '!base/check.h', 29 '!base/check_op.h', 30 '!base/logging.h', 31 'build/buildflag.h', 32 'build/write_buildflag_header.py', 33 'crypto', 34 'net/base', 35 'net/cert', 36 'net/data', 37 'net/der', 38 'testing/gtest/include', 39 'testing/gmock/include', 40 'third_party/abseil-cpp', 41 'third_party/boringssl', 42 'third_party/googletest', 43 'time/internal/cctz/include/cctz/civil_time_detail.h', 44 'url/gurl.h', 45 'url/third_party/mozilla/url_parse.h', 46 'url/url_canon.h', 47 'url/url_canon_ip.h', 48 'url/url_canon_stdstring.h', 49 'url/url_constants.h', 50 'net/test/test_certificate_data.h', 51 'net/cert/internal/path_builder_unittest.cc', 52 'third_party/modp_b64', 53] 54 55CHROMIUM_VERIFIER_UNITTEST_SOURCES = [ 56 # TODO(pwbug/394): Look into in necessary unittests to port. 57 'net/cert/internal/path_builder_unittest.cc', 58] 59 60CHROMIUM_VERIFIER_SOURCES = ( 61 CHROMIUM_VERIFIER_LIBRARY_SOURCES + CHROMIUM_VERIFIER_UNITTEST_SOURCES 62) 63 64 65def chromium_verifier_repo_path( 66 chromium_verifier_install: pathlib.Path, 67) -> pathlib.Path: 68 """Return the sub-path for repo checkout of chromium verifier""" 69 return chromium_verifier_install / 'src' 70 71 72def chromium_third_party_boringssl_repo_path( 73 chromium_verifier_repo: pathlib.Path, 74) -> pathlib.Path: 75 """Returns the path of third_party/boringssl library in chromium repo""" 76 return chromium_verifier_repo / 'third_party' / 'boringssl' / 'src' 77 78 79def chromium_third_party_googletest_repo_path( 80 chromium_verifier_repo: pathlib.Path, 81) -> pathlib.Path: 82 """Returns the path of third_party/googletest in chromium repo""" 83 return chromium_verifier_repo / 'third_party' / 'googletest' / 'src' 84 85 86class ChromiumVerifier(pw_package.package_manager.Package): 87 """Install and check status of Chromium Verifier""" 88 89 def __init__(self, *args, **kwargs): 90 super().__init__(*args, name='chromium_verifier', **kwargs) 91 self._chromium_verifier = pw_package.git_repo.GitRepo( 92 name='chromium_verifier', 93 url='https://chromium.googlesource.com/chromium/src', 94 commit='04ebce24d98339954fb1d2a67e68da7ca81ca47c', 95 sparse_list=CHROMIUM_VERIFIER_SOURCES, 96 ) 97 98 # The following is for checking out necessary headers of 99 # boringssl and googletest third party libraries that chromium verifier 100 # depends on. The actual complete libraries will be separate packages. 101 102 self._boringssl = pw_package.git_repo.GitRepo( 103 name='boringssl', 104 url=''.join( 105 [ 106 'https://pigweed.googlesource.com', 107 '/third_party/boringssl/boringssl', 108 ] 109 ), 110 commit='9f55d972854d0b34dae39c7cd3679d6ada3dfd5b', 111 sparse_list=['include'], 112 ) 113 114 self._googletest = pw_package.git_repo.GitRepo( 115 name='googletest', 116 url=''.join( 117 [ 118 'https://chromium.googlesource.com/', 119 'external/github.com/google/googletest.git', 120 ] 121 ), 122 commit='53495a2a7d6ba7e0691a7f3602e9a5324bba6e45', 123 sparse_list=[ 124 'googletest/include', 125 'googlemock/include', 126 ], 127 ) 128 129 def install(self, path: pathlib.Path) -> None: 130 # Checkout chromium verifier 131 chromium_repo = chromium_verifier_repo_path(path) 132 self._chromium_verifier.install(chromium_repo) 133 134 # Checkout third party boringssl headers 135 boringssl_repo = chromium_third_party_boringssl_repo_path(chromium_repo) 136 self._boringssl.install(boringssl_repo) 137 138 # Checkout third party googletest headers 139 googletest_repo = chromium_third_party_googletest_repo_path( 140 chromium_repo 141 ) 142 self._googletest.install(googletest_repo) 143 144 def status(self, path: pathlib.Path) -> bool: 145 chromium_repo = chromium_verifier_repo_path(path) 146 if not self._chromium_verifier.status(chromium_repo): 147 return False 148 149 boringssl_repo = chromium_third_party_boringssl_repo_path(chromium_repo) 150 if not self._boringssl.status(boringssl_repo): 151 return False 152 153 googletest_repo = chromium_third_party_googletest_repo_path( 154 chromium_repo 155 ) 156 if not self._googletest.status(googletest_repo): 157 return False 158 159 return True 160 161 def info(self, path: pathlib.Path) -> Sequence[str]: 162 return ( 163 f'{self.name} installed in: {path}', 164 'Enable by running "gn args out" and adding this line:', 165 f' dir_pw_third_party_chromium_verifier = {path}', 166 ) 167 168 169pw_package.package_manager.register(ChromiumVerifier) 170