Package Openssl into tar archive using 'The Bazel way'

Change-Id: I3f575f17257ceaf8cbb4896f2aaa43ec44f31a49
Checkmk · Sep 19, 2024 · c242748 · c242748
1 parent ae1612d
commit c242748
Show file tree

Hide file tree

Showing 4 changed files with 186 additions and 16 deletions.
diff --git a/omd/BUILD b/omd/BUILD
@@ -5,14 +5,14 @@
 PACKAGES_EXT = [
     "freetds",
     "net-snmp",
-    "openssl",
-    "python",
     "rrdtool",
 ]
 
 PACKAGES_EXT_LABEL = ["@%s//:%s" % (p, p) for p in PACKAGES_EXT]
 
 PACKAGES_INT = [
+    "//omd/packages/Python:python_tar_with_prefix",
+    "//omd/packages/openssl:openssl_with_prefix_tar",
     "//omd/packages/perl-modules:perl-modules.tar",
     "//omd/packages/python3-modules:python3-modules.tar",
     "//packages/cmk-agent-based:pkg_tar",

diff --git a/omd/packages/openssl/BUILD b/omd/packages/openssl/BUILD
@@ -0,0 +1,184 @@
+load("@rules_pkg//pkg:mappings.bzl", "filter_directory", "pkg_attributes", "pkg_filegroup", "pkg_files", "pkg_mkdirs", "pkg_mklink", "strip_prefix")
+load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
+
+bin_paths = [
+    "bin/c_rehash",
+    "bin/openssl",
+]
+
+lib_symlinks = [
+    ("libcrypto.so", "libcrypto.so.3"),
+    ("libssl.so", "libssl.so.3"),
+]
+
+# skel/etc/ssl/misc/
+skel_symlinks = [
+    ("tsget", "tsget.pl"),
+]
+
+symlinks = lib_symlinks + skel_symlinks
+
+executable_paths = [
+    "skel/etc/ssl/misc/CA.pl",
+    "skel/etc/ssl/misc/tsget.pl",
+]
+
+lib_with_rpath_paths = [
+    "lib/libssl.so",
+    "lib/libssl.so.3",
+    "lib/libcrypto.so",
+    "lib/libcrypto.so.3",
+]
+
+genrule(
+    name = "openssl_bin_deployable",
+    srcs = ["@openssl//:gen_dir"],
+    outs = bin_paths + lib_with_rpath_paths,
+    cmd = """
+        for F in $(OUTS); do
+            cp -L $(location @openssl//:gen_dir)/$${F#$(RULEDIR)/} $$F
+        done
+
+        chmod u+w $(OUTS)
+
+        # set RPATH for all ELF binaries we find
+        file -L $(OUTS) \\
+            | grep ELF | cut -d ':' -f1 \\
+            | xargs patchelf --force-rpath --set-rpath "\\$$ORIGIN/../lib"
+    """,
+)
+
+genrule(
+    name = "openssl_executables_deployable",
+    srcs = ["@openssl//:gen_dir"],
+    outs = executable_paths,
+    cmd = """
+        for F in $(OUTS); do
+            cp -L $(location @openssl//:gen_dir)/$${F#$(RULEDIR)/} $$F
+        done
+    """,
+)
+
+pkg_files(
+    name = "openssl_bin_pkg",
+    srcs = bin_paths,
+    attributes = pkg_attributes(
+        mode = "0755",
+    ),
+    prefix = "bin",
+)
+
+pkg_files(
+    name = "openssl_lib_with_rpath_pkg",
+    srcs = lib_with_rpath_paths,
+    prefix = "lib",
+)
+
+[pkg_mklink(
+    name = link_name,
+    link_name = link_name,
+    target = target,
+) for link_name, target in symlinks]
+
+pkg_filegroup(
+    name = "openssl_lib_symlinks_pkg",
+    srcs = [
+        ":%s" % link_name
+        for link_name, target in lib_symlinks
+    ],
+    prefix = "lib",
+)
+
+pkg_filegroup(
+    name = "openssl_skel_symlinks_pkg",
+    srcs = [
+        ":%s" % link_name
+        for link_name, target in skel_symlinks
+    ],
+    prefix = "skel/etc/ssl/misc",
+)
+
+# empty dir:
+pkg_mkdirs(
+    name = "openssl_empty_dirs",
+    dirs = [
+        "lib/engines-3",
+        "lib/ossl-modules",
+        "skel/etc/ssl/certs",
+        "skel/etc/ssl/private",
+    ],
+)
+
+pkg_files(
+    name = "openssl_executables_pkg",
+    srcs = [
+        ":openssl_executables_deployable",
+    ],
+    attributes = pkg_attributes(
+        mode = "0755",
+    ),
+    strip_prefix = strip_prefix.from_pkg(""),
+)
+
+filter_directory(
+    name = "openssl_filtered",
+    src = "@openssl//:gen_dir",
+    excludes = bin_paths +
+               ["lib/%s" % i[0] for i in lib_symlinks] +
+               ["skel/etc/ssl/misc/%s" % i[0] for i in skel_symlinks] +
+               executable_paths,
+)
+
+# This target should contain all files that are not referenced
+# explicitly somewhere else (see filter).
+pkg_files(
+    name = "openssl_rest_pkg",
+    srcs = [
+        ":openssl_filtered",
+    ],
+    strip_prefix = "openssl_filtered",
+)
+
+pkg_filegroup(
+    name = "openssl_files_pkg",
+    srcs = [
+        ":openssl_bin_pkg",
+        ":openssl_empty_dirs",
+        ":openssl_executables_pkg",
+        ":openssl_lib_symlinks_pkg",
+        ":openssl_lib_with_rpath_pkg",
+        ":openssl_rest_pkg",
+        ":openssl_skel_symlinks_pkg",
+    ],
+    visibility = ["//visibility:public"],
+)
+
+pkg_tar(
+    name = "openssl_tar",
+    srcs = [":openssl_files_pkg"],
+    package_file_name = "openssl.tar",
+    visibility = ["//visibility:public"],
+)
+
+# The prefixed version will be obsolete as soon as we remove
+# intermediate install (protobuf still depends on it)
+pkg_filegroup(
+    name = "openssl_files_with_prefix_pkg",
+    srcs = [
+        ":openssl_bin_pkg",
+        ":openssl_empty_dirs",
+        ":openssl_executables_pkg",
+        ":openssl_lib_symlinks_pkg",
+        ":openssl_rest_pkg",
+        ":openssl_skel_symlinks_pkg",
+    ],
+    prefix = "openssl",
+    visibility = ["//visibility:public"],
+)
+
+pkg_tar(
+    name = "openssl_with_prefix_tar",
+    srcs = [":openssl_files_with_prefix_pkg"],
+    package_file_name = "openssl_with_prefix.tar",
+    visibility = ["//visibility:public"],
+)
diff --git a/omd/packages/openssl/BUILD.openssl.bazel b/omd/packages/openssl/BUILD.openssl.bazel
@@ -28,7 +28,6 @@ configure_make(
         "-O2",
     ],
     copts = ["-Wl,--rpath,$ORIGIN_VAR/../lib"],
-
     # This is a nasty workaround for Bazel's inability to escape `$ORIGIN`
     # combined with foreign_cc/configure_make's RPATH agnosticness
     #   see https://github.com/bazelbuild/rules_foreign_cc/issues/940
@@ -51,7 +50,6 @@ configure_make(
     ],
     out_data_dirs = [
         "skel",
-        "tar",
         "lib/pkgconfig",
         "lib/engines-3",
     ],
@@ -67,12 +65,6 @@ configure_make(
         "libssl.a",
         "libcrypto.a",
     ],
-    postfix_script = """
-        tar -C ${INSTALLDIR}/../ \
-            --exclude="openssl/tar" \
-            -cf ${INSTALLDIR}/tar/openssl.tar \
-            openssl
-    """,
     targets = [
         "build_programs",
         "install_sw",

diff --git a/omd/packages/openssl/openssl.make b/omd/packages/openssl/openssl.make
@@ -18,9 +18,3 @@ PACKAGE_OPENSSL_INCLUDE_PATH := $(PACKAGE_OPENSSL_DESTDIR)/include
 .PHONY: $(OPENSSL_INSTALL)
 $(OPENSSL_INSTALL): $(INTERMEDIATE_INSTALL_BAZEL)
 	$(RSYNC) --recursive --links --perms "$(OPENSSL_INSTALL_DIR)/" "$(DESTDIR)$(OMD_ROOT)/"
-	patchelf --set-rpath "\$$ORIGIN/../lib" \
-	    "$(DESTDIR)$(OMD_ROOT)/bin/openssl" \
-	    "$(DESTDIR)$(OMD_ROOT)/lib/libssl.so" \
-	    "$(DESTDIR)$(OMD_ROOT)/lib/libssl.so.3" \
-	    "$(DESTDIR)$(OMD_ROOT)/lib/libcrypto.so" \
-	    "$(DESTDIR)$(OMD_ROOT)/lib/libcrypto.so.3"