From 344a35aaf63c24a56f7a021ce18ecab090584da3 Mon Sep 17 00:00:00 2001 From: Russell Hancox Date: Thu, 11 Apr 2024 17:19:30 -0400 Subject: [PATCH] Project: Migrate to bazel modules (#1324) This includes updating to rules_apple 3.5.1 and protobuf 26.1, as well as updating several tests to no longer use the data attribute to pass in testdata. --- .bazelversion | 2 +- .gitignore | 2 +- MODULE.bazel | 58 +++++++ Source/santad/BUILD | 4 +- .../Serializers/ProtobufTest.mm | 37 ++--- Source/santad/SantadTest.mm | 4 +- WORKSPACE | 154 ------------------ helper.bzl | 2 - non_module_deps.bzl | 49 ++++++ 9 files changed, 129 insertions(+), 183 deletions(-) create mode 100644 MODULE.bazel create mode 100644 non_module_deps.bzl diff --git a/.bazelversion b/.bazelversion index 91e4a9f26..66ce77b7e 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -6.3.2 +7.0.0 diff --git a/.gitignore b/.gitignore index 3d0d3b001..ac2ade7fe 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ *.profraw *.provisionprofile bazel-* -Pods +MODULE.bazel.lock Santa.xcodeproj/* Santa.xcworkspace/* CoverageData/* diff --git a/MODULE.bazel b/MODULE.bazel new file mode 100644 index 000000000..159309500 --- /dev/null +++ b/MODULE.bazel @@ -0,0 +1,58 @@ +module(name = "santa") + +bazel_dep(name = "apple_support", version = "1.15.1", repo_name = "build_bazel_apple_support") +bazel_dep(name = "abseil-cpp", version = "20230802.1", repo_name = "com_google_absl") + +bazel_dep(name = "rules_python", version = "0.31.0") +bazel_dep(name = "rules_cc", version = "0.0.9") +bazel_dep(name = "rules_apple", version = "3.5.0", repo_name = "build_bazel_rules_apple") +bazel_dep(name = "rules_swift", version = "1.18.0", repo_name = "build_bazel_rules_swift") + +bazel_dep(name = "protobuf", version = "main", repo_name = "com_google_protobuf") +git_override( + module_name = "protobuf", + remote = "https://github.com/protocolbuffers/protobuf.git", + commit = "21d75f861cdbc03b0a6b235a9ccf3ba0e1f09b32", +) + +bazel_dep(name = "googletest", version = "1.14.0.bcr.1", repo_name = "com_google_googletest") + +bazel_dep(name = "molcertificate", version = "2.1", repo_name = "MOLCertificate") +git_override( + module_name = "molcertificate", + remote = "https://github.com/google/macops-molcertificate.git", + commit = "34f0ccf68a34a07cc636ada89057c529f90bec3a", +) + +bazel_dep(name = "molauthenticatingurlsession", version = "3.0", repo_name = "MOLAuthenticatingURLSession") +git_override( + module_name = "molauthenticatingurlsession", + remote = "https://github.com/google/macops-molauthenticatingurlsession.git", + commit = "0a50a67f29d635a4012981714c1dedef9ac25fe6", +) + +bazel_dep(name = "molcodesignchecker", version = "3.0", repo_name = "MOLCodesignChecker") +git_override( + module_name = "molcodesignchecker", + remote = "https://github.com/google/macops-molcodesignchecker.git", + commit = "5060bcc8baa90bae3b0ca705d14850328bbbec53", +) + +bazel_dep(name = "molxpcconnection", version = "2.1", repo_name = "MOLXPCConnection") +git_override( + module_name = "molxpcconnection", + remote = "https://github.com/russellhancox/macops-molxpcconnection.git", + commit = "da816dc49becac96d941ef6a5c4153ed39d1fe7c", +) + +non_module_deps = use_extension("//:non_module_deps.bzl", "non_module_deps") +use_repo(non_module_deps, "FMDB") +use_repo(non_module_deps, "OCMock") + +bazel_dep(name = "hedron_compile_commands", dev_dependency = True) +git_override( + module_name = "hedron_compile_commands", + remote = "https://github.com/hedronvision/bazel-compile-commands-extractor.git", + commit = "0e990032f3c5a866e72615cf67e5ce22186dcb97", +) + diff --git a/Source/santad/BUILD b/Source/santad/BUILD index b1f27dbf2..7d3f3fe65 100644 --- a/Source/santad/BUILD +++ b/Source/santad/BUILD @@ -913,7 +913,7 @@ santa_unit_test( santa_unit_test( name = "SantadTest", srcs = ["SantadTest.mm"], - data = [ + structured_resources = [ "//Source/santad/testdata:binaryrules_testdata", ], minimum_os_version = "11.0", @@ -1015,7 +1015,7 @@ santa_unit_test( santa_unit_test( name = "EndpointSecuritySerializerProtobufTest", srcs = ["Logs/EndpointSecurity/Serializers/ProtobufTest.mm"], - data = [ + structured_resources = [ "//Source/santad/testdata:protobuf_json_testdata", ], deps = [ diff --git a/Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm b/Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm index 1fbc6a5af..2264f0c27 100644 --- a/Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm +++ b/Source/santad/Logs/EndpointSecurity/Serializers/ProtobufTest.mm @@ -78,6 +78,12 @@ using santa::santad::logs::endpoint_security::serializers::GetPolicyDecision; using santa::santad::logs::endpoint_security::serializers::GetReasonEnum; +@interface ProtobufTest : XCTestCase +@property id mockConfigurator; +@property id mockDecisionCache; +@property SNTCachedDecision *testCachedDecision; +@end + JsonPrintOptions DefaultJsonPrintOptions() { JsonPrintOptions options; options.always_print_enums_as_ints = false; @@ -87,21 +93,6 @@ JsonPrintOptions DefaultJsonPrintOptions() { return options; } -NSString *TestJsonPath(NSString *jsonFileName, uint32_t version) { - static dispatch_once_t onceToken; - static NSString *testPath; - static NSString *testDataRepoPath = @"santa/Source/santad/testdata/protobuf"; - NSString *testDataRepoVersionPath = [NSString stringWithFormat:@"v%u", version]; - - dispatch_once(&onceToken, ^{ - testPath = [NSString pathWithComponents:@[ - [[[NSProcessInfo processInfo] environment] objectForKey:@"TEST_SRCDIR"], testDataRepoPath - ]]; - }); - - return [NSString pathWithComponents:@[ testPath, testDataRepoVersionPath, jsonFileName ]]; -} - NSString *EventTypeToFilename(es_event_type_t eventType) { switch (eventType) { case ES_EVENT_TYPE_NOTIFY_CLOSE: return @"close.json"; @@ -117,6 +108,16 @@ JsonPrintOptions DefaultJsonPrintOptions() { } } +NSString *TestJsonPath(NSString *jsonFileName, uint32_t version) { + NSString *p = [NSString pathWithComponents:@[ + [[NSBundle bundleForClass:[ProtobufTest class]] resourcePath], + @"protobuf", + [NSString stringWithFormat:@"v%u", version], + jsonFileName, + ]]; + return p; +} + NSString *LoadTestJson(NSString *jsonFileName, uint32_t version) { NSError *err = nil; NSString *jsonData = [NSString stringWithContentsOfFile:TestJsonPath(jsonFileName, version) @@ -325,12 +326,6 @@ void SerializeAndCheckNonESEvents( XCTBubbleMockVerifyAndClearExpectations(mockESApi.get()); } -@interface ProtobufTest : XCTestCase -@property id mockConfigurator; -@property id mockDecisionCache; -@property SNTCachedDecision *testCachedDecision; -@end - @implementation ProtobufTest - (void)setUp { diff --git a/Source/santad/SantadTest.mm b/Source/santad/SantadTest.mm index a41ed4043..a8c667821 100644 --- a/Source/santad/SantadTest.mm +++ b/Source/santad/SantadTest.mm @@ -71,7 +71,6 @@ static void SetBinaryDataFromHexString(const char *hexStr, uint8_t *buf, size_t } } -static NSString *const testBinariesPath = @"santa/Source/santad/testdata/binaryrules"; static const char *kAllowedSigningID = "com.google.allowed_signing_id"; static const char *kBlockedSigningID = "com.google.blocked_signing_id"; static const char *kNoRuleMatchSigningID = "com.google.no_rule_match_signing_id"; @@ -127,7 +126,8 @@ - (BOOL)checkBinaryExecution:(NSString *)binaryName OCMStub([mockConfigurator fileAccessPolicyUpdateIntervalSec]).andReturn(600); NSString *testPath = [NSString pathWithComponents:@[ - [[[NSProcessInfo processInfo] environment] objectForKey:@"TEST_SRCDIR"], testBinariesPath + [[NSBundle bundleForClass:[self class]] resourcePath], + @"binaryrules", ]]; OCMStub([self.mockSNTDatabaseController databasePath]).andReturn(testPath); diff --git a/WORKSPACE b/WORKSPACE index d480c9850..62795ae8e 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -7,160 +7,6 @@ load( ) load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") -# Abseil LTS branch, Aug 2023 -http_archive( - name = "com_google_absl", - sha256 = "59d2976af9d6ecf001a81a35749a6e551a335b949d34918cfade07737b9d93c5", - strip_prefix = "abseil-cpp-20230802.0", - urls = ["https://github.com/abseil/abseil-cpp/archive/refs/tags/20230802.0.tar.gz"], -) - -http_archive( - name = "com_google_protobuf", - sha256 = "4fc5ff1b2c339fb86cd3a25f0b5311478ab081e65ad258c6789359cd84d421f8", - strip_prefix = "protobuf-26.1", - urls = ["https://github.com/protocolbuffers/protobuf/archive/v26.1.tar.gz"], -) - -# We don't directly use rules_python but several dependencies do and they disagree -# about which version to use, so we force the latest. -http_archive( - name = "rules_python", - sha256 = "48a838a6e1983e4884b26812b2c748a35ad284fd339eb8e2a6f3adf95307fbcd", - strip_prefix = "rules_python-0.16.2", - url = "https://github.com/bazelbuild/rules_python/archive/refs/tags/0.16.2.tar.gz", -) - -http_archive( - name = "build_bazel_rules_apple", - sha256 = "8ac4c7997d863f3c4347ba996e831b5ec8f7af885ee8d4fe36f1c3c8f0092b2c", - url = "https://github.com/bazelbuild/rules_apple/releases/download/2.5.0/rules_apple.2.5.0.tar.gz", -) - -load("@build_bazel_rules_apple//apple:repositories.bzl", "apple_rules_dependencies") - -apple_rules_dependencies() - -load("@build_bazel_rules_swift//swift:repositories.bzl", "swift_rules_dependencies") - -swift_rules_dependencies() - -load( - "@build_bazel_rules_swift//swift:extras.bzl", - "swift_rules_extra_dependencies", -) - -swift_rules_extra_dependencies() - -load("@build_bazel_apple_support//lib:repositories.bzl", "apple_support_dependencies") - -apple_support_dependencies() - -# Hedron Bazel Compile Commands Extractor -# Allows integrating with clangd -# https://github.com/hedronvision/bazel-compile-commands-extractor -git_repository( - name = "hedron_compile_commands", - commit = "ac6411f8f347e5525038cb7858db4969db9e74f2", - remote = "https://github.com/hedronvision/bazel-compile-commands-extractor.git", - shallow_since = "1696885905 +0000", -) - -load("@hedron_compile_commands//:workspace_setup.bzl", "hedron_compile_commands_setup") - -hedron_compile_commands_setup() - -# Googletest - tag: release-1.12.1 -http_archive( - name = "com_google_googletest", - sha256 = "ab78fa3f912d44d38b785ec011a25f26512aaedc5291f51f3807c592b506d33a", - strip_prefix = "googletest-58d77fa8070e8cec2dc1ed015d66b454c8d78850", - urls = ["https://github.com/google/googletest/archive/58d77fa8070e8cec2dc1ed015d66b454c8d78850.zip"], -) - -# Note: Protobuf deps must be loaded after defining the ABSL archive since -# protobuf repo would pull an in earlier version of ABSL. -load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") - -protobuf_deps() - -# Macops MOL* dependencies - -git_repository( - name = "MOLAuthenticatingURLSession", - commit = "38b5ee46edb262481b16f950266a11d8cb77127c", # tag = v3.1 - remote = "https://github.com/google/macops-molauthenticatingurlsession.git", - shallow_since = "1671479898 -0500", -) - -git_repository( - name = "MOLCertificate", - commit = "288553b8ac75d7dd68159ef5b57652a506b8217c", # tag = "v2.1", - remote = "https://github.com/google/macops-molcertificate.git", - shallow_since = "1561303966 -0400", -) - -git_repository( - name = "MOLCodesignChecker", - commit = "567eca847003b36f61fff61472809c39dcf31ef6", # tag = "v3.0", - remote = "https://github.com/google/macops-molcodesignchecker.git", - shallow_since = "1561303990 -0400", -) - -git_repository( - name = "MOLXPCConnection", - commit = "2c67c925c2b57fea9af551295d2b6711b38bb224", # tag = v2.1 - remote = "https://github.com/google/macops-molxpcconnection.git", - shallow_since = "1564684202 -0400", -) - -# FMDB - -new_git_repository( - name = "FMDB", - build_file_content = """ -objc_library( - name = "FMDB", - srcs = glob(["src/fmdb/*.m"], exclude=["src/fmdb.m"]), - hdrs = glob(["src/fmdb/*.h"]), - includes = ["src"], - sdk_dylibs = ["sqlite3"], - visibility = ["//visibility:public"], -) -""", - commit = "61e51fde7f7aab6554f30ab061cc588b28a97d04", # tag = 2.7.7 - remote = "https://github.com/ccgus/fmdb.git", - shallow_since = "1589301502 -0700", -) - -# OCMock - -new_git_repository( - name = "OCMock", - build_file_content = """ -objc_library( - name = "OCMock", - testonly = 1, - hdrs = glob(["Source/OCMock/*.h"]), - copts = [ - "-Wno-vla", - ], - includes = [ - "Source", - "Source/OCMock", - ], - non_arc_srcs = glob(["Source/OCMock/*.m"]), - pch = "Source/OCMock/OCMock-Prefix.pch", - visibility = ["//visibility:public"], -) -""", - commit = "afd2c6924e8a36cb872bc475248b978f743c6050", # tag = v3.9.1 - patch_args = ["-p1"], - patches = ["//external_patches/OCMock:503.patch"], - remote = "https://github.com/erikdoe/ocmock", - shallow_since = "1635703064 +0100", -) - # Moroz (for testing) http_archive( diff --git a/helper.bzl b/helper.bzl index 00fa3bd6d..9f4cd13e6 100644 --- a/helper.bzl +++ b/helper.bzl @@ -26,7 +26,6 @@ def santa_unit_test( resources = [], structured_resources = [], copts = [], - data = [], **kwargs): apple_resource_group( name = "%s_resources" % name, @@ -50,6 +49,5 @@ def santa_unit_test( minimum_os_version = minimum_os_version, deps = [":%s_lib" % name], size = size, - data = data, visibility = ["//:__subpackages__"], ) diff --git a/non_module_deps.bzl b/non_module_deps.bzl new file mode 100644 index 000000000..fa157a62b --- /dev/null +++ b/non_module_deps.bzl @@ -0,0 +1,49 @@ +load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository") + +def _non_module_deps_impl(ctx): + # FMDB is used to access SQLite from Objective-C(++) code. + git_repository( + name = "FMDB", + remote = "https://github.com/ccgus/fmdb.git", + commit = "61e51fde7f7aab6554f30ab061cc588b28a97d04", + shallow_since = "1589301502 -0700", + build_file_content = """ +objc_library( + name = "FMDB", + srcs = glob(["src/fmdb/*.m"], exclude=["src/fmdb.m"]), + hdrs = glob(["src/fmdb/*.h"]), + includes = ["src"], + sdk_dylibs = ["sqlite3"], + visibility = ["//visibility:public"], +) +""", + ) + + # OCMock is used in several tests. + git_repository( + name = "OCMock", + build_file_content = """ +objc_library( + name = "OCMock", + testonly = 1, + hdrs = glob(["Source/OCMock/*.h"]), + copts = [ + "-Wno-vla", + ], + includes = [ + "Source", + "Source/OCMock", + ], + non_arc_srcs = glob(["Source/OCMock/*.m"]), + pch = "Source/OCMock/OCMock-Prefix.pch", + visibility = ["//visibility:public"], +) +""", + commit = "afd2c6924e8a36cb872bc475248b978f743c6050", # tag = v3.9.1 + patch_args = ["-p1"], + patches = ["//external_patches/OCMock:503.patch"], + remote = "https://github.com/erikdoe/ocmock", + shallow_since = "1635703064 +0100", +) + +non_module_deps = module_extension(implementation = _non_module_deps_impl)