Add FIREBASE_USE_BORINGSSL option, off by default but on for standalone desktop builds via build_desktop.py.

jonsimantov · jonsimantov · commit 1f8dfd32ce44 · 2020-12-11T10:56:48.000-08:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -66,6 +66,8 @@ option(FIREBASE_CPP_BUILD_PACKAGE
        "Bundle the Firebase C++ libraries into a zip file." OFF)
 option(FIREBASE_CPP_USE_PRIOR_GRADLE_BUILD
         "When building with Gradle, use the previously built libraries." OFF)
+option(FIREBASE_USE_BORINGSSL
+        "Build against BoringSSL instead of using your system's OpenSSL." OFF)
 
 set(FIREBASE_ANDROID_STL "" CACHE STRING "STL implementation to use.")
 if (NOT FIREBASE_ANDROID_STL STREQUAL "")
@@ -194,24 +196,26 @@ if(DESKTOP)
     endif()
   endif()
 
-  # Use BoringSSL instead of OpenSSL.
-  set(BORINGSSL_ROOT_DIR ${CMAKE_BINARY_DIR}/external/src/boringssl/src CACHE STRING "" FORCE)
-  set(BORINGSSL_BINARY_DIR ${CMAKE_BINARY_DIR}/external/src/boringssl-build CACHE STRING "" FORCE)
-  set(OPENSSL_ROOT_DIR ${BORINGSSL_ROOT_DIR} CACHE STRING "" FORCE)
-
-  # The call below to build_external_dependencies will make sure that these
-  # libraries exist before the libraries are imported via add_library.
-  if (MSVC)
-    if (CMAKE_BUILD_TYPE)
-      set(BORINGSSL_LIB_SUBDIR "${CMAKE_BUILD_TYPE}")
+  if(FIREBASE_USE_BORINGSSL)
+    # Use BoringSSL instead of OpenSSL.
+    set(BORINGSSL_ROOT_DIR ${CMAKE_BINARY_DIR}/external/src/boringssl/src CACHE STRING "" FORCE)
+    set(BORINGSSL_BINARY_DIR ${CMAKE_BINARY_DIR}/external/src/boringssl-build CACHE STRING "" FORCE)
+    set(OPENSSL_ROOT_DIR ${BORINGSSL_ROOT_DIR} CACHE STRING "" FORCE)
+
+    # The call below to build_external_dependencies will make sure that these
+    # libraries exist before the libraries are imported via add_library.
+    if (MSVC)
+      if (CMAKE_BUILD_TYPE)
+        set(BORINGSSL_LIB_SUBDIR "${CMAKE_BUILD_TYPE}")
+      else()
+        set(BORINGSSL_LIB_SUBDIR "Debug")
+      endif()
+      set(OPENSSL_SSL_LIBRARY ${BORINGSSL_BINARY_DIR}/ssl/${BORINGSSL_LIB_SUBDIR}/ssl.lib CACHE FILEPATH "" FORCE)
+      set(OPENSSL_CRYPTO_LIBRARY ${BORINGSSL_BINARY_DIR}/crypto/${BORINGSSL_LIB_SUBDIR}/crypto.lib CACHE FILEPATH "" FORCE)
     else()
-      set(BORINGSSL_LIB_SUBDIR "Debug")
+      set(OPENSSL_SSL_LIBRARY ${BORINGSSL_BINARY_DIR}/ssl/libssl.a CACHE FILEPATH "" FORCE)
+      set(OPENSSL_CRYPTO_LIBRARY ${BORINGSSL_BINARY_DIR}/crypto/libcrypto.a CACHE FILEPATH "" FORCE)
     endif()
-    set(OPENSSL_SSL_LIBRARY ${BORINGSSL_BINARY_DIR}/ssl/${BORINGSSL_LIB_SUBDIR}/ssl.lib CACHE FILEPATH "" FORCE)
-    set(OPENSSL_CRYPTO_LIBRARY ${BORINGSSL_BINARY_DIR}/crypto/${BORINGSSL_LIB_SUBDIR}/crypto.lib CACHE FILEPATH "" FORCE)
-  else()
-    set(OPENSSL_SSL_LIBRARY ${BORINGSSL_BINARY_DIR}/ssl/libssl.a CACHE FILEPATH "" FORCE)
-    set(OPENSSL_CRYPTO_LIBRARY ${BORINGSSL_BINARY_DIR}/crypto/libcrypto.a CACHE FILEPATH "" FORCE)
   endif()
 endif()
 
@@ -221,33 +225,42 @@ if(DESKTOP)
   build_external_dependencies()
   message(STATUS "Build of external project dependencies complete.")
   
-  set(OPENSSL_FOUND TRUE CACHE BOOL "" FORCE)
-  set(OPENSSL_NO_ASM TRUE)  # Force cross-platform BoringSSL, no ASM.
-  set(OPENSSL_INCLUDE_DIR ${BORINGSSL_ROOT_DIR}/include CACHE PATH "" FORCE)
-  set(OPENSSL_CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
-  set(OPENSSL_SSL_LIBRARIES ${OPENSSL_SSL_LIBRARY})
-  set(OPENSSL_LIBRARIES ${OPENSSL_SSL_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARIES})
-  set(OPENSSL_VERSION '1.1.0' CACHE STRING "" FORCE)
-
-  add_library(OpenSSL::SSL STATIC IMPORTED)
-  add_library(OpenSSL::Crypto STATIC IMPORTED)
-  set_target_properties(OpenSSL::SSL PROPERTIES
-    IMPORTED_LOCATION "${OPENSSL_SSL_LIBRARY}"
-    INTERFACE_INCLUDE_DIRECTORIES "${OPENSSL_INCLUDE_DIR}"
-    INTERFACE_LINK_LIBRARIES OpenSSL::Crypto
-  )
-
-  set_target_properties(OpenSSL::Crypto PROPERTIES
-    IMPORTED_LOCATION "${OPENSSL_CRYPTO_LIBRARY}"
-    INTERFACE_INCLUDE_DIRECTORIES "${OPENSSL_INCLUDE_DIR}"
-  )
-  # Now if we do find_package(OpenSSL) it should give us BoringSSL.
-  find_package(OpenSSL)
-
-  if(NOT "${OPENSSL_INCLUDE_DIR}" MATCHES boringssl OR
-     NOT "${OPENSSL_SSL_LIBRARY}" MATCHES boringssl OR
-     NOT "${OPENSSL_CRYPTO_LIBRARY}" MATCHES boringssl)
-    message(FATAL_ERROR "BoringSSL was not configured correctly.\nINCLUDE_DIR=${OPENSSL_INCLUDE_DIR}\nSSL_LIBRARY=${OPENSSL_SSL_LIBRARY}\nCRYPTO_LIBRARY=${OPENSSL_CRYPTO_LIBRARY}")
+  if(FIREBASE_USE_BORINGSSL)
+    set(OPENSSL_FOUND TRUE CACHE BOOL "" FORCE)
+    set(OPENSSL_NO_ASM TRUE)  # Force cross-platform BoringSSL, no ASM.
+    set(OPENSSL_INCLUDE_DIR ${BORINGSSL_ROOT_DIR}/include CACHE PATH "" FORCE)
+    set(OPENSSL_CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+    set(OPENSSL_SSL_LIBRARIES ${OPENSSL_SSL_LIBRARY})
+    set(OPENSSL_LIBRARIES ${OPENSSL_SSL_LIBRARIES} ${OPENSSL_CRYPTO_LIBRARIES})
+    set(OPENSSL_VERSION '1.1.0' CACHE STRING "" FORCE)
+  
+    add_library(OpenSSL::SSL STATIC IMPORTED)
+    add_library(OpenSSL::Crypto STATIC IMPORTED)
+    set_target_properties(OpenSSL::SSL PROPERTIES
+      IMPORTED_LOCATION "${OPENSSL_SSL_LIBRARY}"
+      INTERFACE_INCLUDE_DIRECTORIES "${OPENSSL_INCLUDE_DIR}"
+      INTERFACE_LINK_LIBRARIES OpenSSL::Crypto
+    )
+  
+    set_target_properties(OpenSSL::Crypto PROPERTIES
+      IMPORTED_LOCATION "${OPENSSL_CRYPTO_LIBRARY}"
+      INTERFACE_INCLUDE_DIRECTORIES "${OPENSSL_INCLUDE_DIR}"
+    )
+    # Now if we do find_package(OpenSSL) it should give us BoringSSL.
+    find_package(OpenSSL)
+  
+    if(NOT "${OPENSSL_INCLUDE_DIR}" MATCHES boringssl OR
+       NOT "${OPENSSL_SSL_LIBRARY}" MATCHES boringssl OR
+       NOT "${OPENSSL_CRYPTO_LIBRARY}" MATCHES boringssl)
+      message(FATAL_ERROR "BoringSSL was not configured correctly.\nINCLUDE_DIR=${OPENSSL_INCLUDE_DIR}\nSSL_LIBRARY=${OPENSSL_SSL_LIBRARY}\nCRYPTO_LIBRARY=${OPENSSL_CRYPTO_LIBRARY}")
+    endif()
+  else()
+    # Don't use BoringSSL, use OpenSSL. If you are linking against the libraries directly
+    # from source, you probably want this instead.
+    #
+    # If the find_package fails to find OpenSSL, set OPENSSL_ROOT_DIR to OpenSSL'S install
+    # location on your system.
+    find_package(OpenSSL REQUIRED)
   endif()
 endif()
 
diff --git a/cmake/external_rules.cmake b/cmake/external_rules.cmake
@@ -95,20 +95,22 @@ function(download_external_sources)
 
   # On desktop, make a few tweaks to the downloaded files.
   if(NOT ANDROID AND NOT IOS)
-    # CMake's find_package(OpenSSL) doesn't quite work right with BoringSSL
-    # unless the header file contains OPENSSL_VERSION_NUMBER.
-    file(READ ${PROJECT_BINARY_DIR}/external/src/boringssl/src/include/openssl/opensslv.h TMP_HEADER_CONTENTS)
-    if (NOT TMP_HEADER_CONTENTS MATCHES OPENSSL_VERSION_NUMBER)
-      file(APPEND ${PROJECT_BINARY_DIR}/external/src/boringssl/src/include/openssl/opensslv.h
-      "\n#ifndef OPENSSL_VERSION_NUMBER\n# define OPENSSL_VERSION_NUMBER  0x10010107L\n#endif\n")
-    endif()
-    # Also add an #include <stdlib.h> since openssl has it and boringssl
-    # doesn't, and some of our code depends on the transitive dependency (this
-    # is a bug).
-    file(READ ${PROJECT_BINARY_DIR}/external/src/boringssl/src/include/openssl/rand.h TMP_HEADER2_CONTENTS)
-    if (NOT TMP_HEADER2_CONTENTS MATCHES "<stdlib.h>")
-      file(APPEND ${PROJECT_BINARY_DIR}/external/src/boringssl/src/include/openssl/rand.h
-      "\n#include <stdlib.h>\n")
+    if (FIREBASE_USE_BORINGSSL)
+      # CMake's find_package(OpenSSL) doesn't quite work right with BoringSSL
+      # unless the header file contains OPENSSL_VERSION_NUMBER.
+      file(READ ${PROJECT_BINARY_DIR}/external/src/boringssl/src/include/openssl/opensslv.h TMP_HEADER_CONTENTS)
+      if (NOT TMP_HEADER_CONTENTS MATCHES OPENSSL_VERSION_NUMBER)
+        file(APPEND ${PROJECT_BINARY_DIR}/external/src/boringssl/src/include/openssl/opensslv.h
+        "\n#ifndef OPENSSL_VERSION_NUMBER\n# define OPENSSL_VERSION_NUMBER  0x10010107L\n#endif\n")
+      endif()
+      # Also add an #include <stdlib.h> since openssl has it and boringssl
+      # doesn't, and some of our code depends on the transitive dependency (this
+      # is a bug).
+      file(READ ${PROJECT_BINARY_DIR}/external/src/boringssl/src/include/openssl/rand.h TMP_HEADER2_CONTENTS)
+      if (NOT TMP_HEADER2_CONTENTS MATCHES "<stdlib.h>")
+        file(APPEND ${PROJECT_BINARY_DIR}/external/src/boringssl/src/include/openssl/rand.h
+        "\n#include <stdlib.h>\n")
+      endif()
     endif()
   endif()
 endfunction()
@@ -212,33 +214,35 @@ function(build_external_dependencies)
   message(STATUS "Sub-build options: ${CMAKE_SUB_BUILD_OPTIONS}")
 
   if(NOT ANDROID AND NOT IOS)
-    execute_process(
-      COMMAND ${ENV_COMMAND} cmake -DOPENSSL_NO_ASM=TRUE ${CMAKE_SUB_CONFIGURE_OPTIONS} ../boringssl/src
-      WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/external/src/boringssl-build
-      RESULT_VARIABLE boringssl_configure_status
-    )
-    if (boringssl_configure_status AND NOT boringssl_configure_status EQUAL 0)
-      message(FATAL_ERROR "BoringSSL configure failed: ${boringssl_configure_status}")
-    endif()
-  
-    # Run builds in parallel if we know how
-    if(CMAKE_GENERATOR STREQUAL "Unix Makefiles")
-      set(cmake_build_args -j)
-    endif()
+    if (FIREBASE_USE_BORINGSSL)
+      execute_process(
+        COMMAND ${ENV_COMMAND} cmake -DOPENSSL_NO_ASM=TRUE ${CMAKE_SUB_CONFIGURE_OPTIONS} ../boringssl/src
+        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/external/src/boringssl-build
+        RESULT_VARIABLE boringssl_configure_status
+      )
+      if (boringssl_configure_status AND NOT boringssl_configure_status EQUAL 0)
+        message(FATAL_ERROR "BoringSSL configure failed: ${boringssl_configure_status}")
+      endif()
+    
+      # Run builds in parallel if we know how
+      if(CMAKE_GENERATOR STREQUAL "Unix Makefiles")
+        set(cmake_build_args -j)
+      endif()
+    
+      execute_process(
+        COMMAND ${ENV_COMMAND} cmake --build . ${CMAKE_SUB_BUILD_OPTIONS} --target ssl crypto -- ${cmake_build_args}
+        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/external/src/boringssl-build
+        RESULT_VARIABLE boringssl_build_status
+      )
+      if (boringssl_build_status AND NOT boringssl_build_status EQUAL 0)
+        message(FATAL_ERROR "BoringSSL build failed: ${boringssl_build_status}")
+      endif()
   
-    execute_process(
-      COMMAND ${ENV_COMMAND} cmake --build . ${CMAKE_SUB_BUILD_OPTIONS} --target ssl crypto -- ${cmake_build_args}
-      WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/external/src/boringssl-build
-      RESULT_VARIABLE boringssl_build_status
-    )
-    if (boringssl_build_status AND NOT boringssl_build_status EQUAL 0)
-      message(FATAL_ERROR "BoringSSL build failed: ${boringssl_build_status}")
+      # Also copy the built files into OPENSSL_ROOT_DIR to handle misconfigured
+      # subprojects.
+      file(INSTALL "${OPENSSL_CRYPTO_LIBRARY}" DESTINATION "${OPENSSL_ROOT_DIR}")
+      file(INSTALL "${OPENSSL_SSL_LIBRARY}" DESTINATION "${OPENSSL_ROOT_DIR}")
     endif()
-
-    # Also copy the built files into OPENSSL_ROOT_DIR to handle misconfigured
-    # subprojects.
-    file(INSTALL "${OPENSSL_CRYPTO_LIBRARY}" DESTINATION "${OPENSSL_ROOT_DIR}")
-    file(INSTALL "${OPENSSL_SSL_LIBRARY}" DESTINATION "${OPENSSL_ROOT_DIR}")
   endif()
 endfunction()
 
diff --git a/scripts/gha/build_desktop.py b/scripts/gha/build_desktop.py
@@ -194,6 +194,8 @@ def cmake_configure(build_dir, arch, msvc_runtime_library='static',
 
   if (target_format):
     cmd.append('-DFIREBASE_XCODE_TARGET_FORMAT={0}'.format(target_format))
+
+  cmd.append('-DFIREBASE_USE_BORINGSSL=ON')
   utils.run_command(cmd)
 
 def main():
