in aws-lc-fips-sys/builder/cmake_builder.rs [95:271]
fn prepare_cmake_build(&self) -> cmake::Config {
env::set_var(
"GOCACHE",
self.out_dir.join(Self::GOCACHE_DIR_NAME).as_os_str(),
);
let mut cmake_cfg = self.get_cmake_config();
if OutputLibType::default() == OutputLibType::Dynamic {
cmake_cfg.define("BUILD_SHARED_LIBS", "1");
} else {
cmake_cfg.define("BUILD_SHARED_LIBS", "0");
}
if is_cpu_jitter_entropy() {
cmake_cfg.define("ENABLE_FIPS_ENTROPY_CPU_JITTER", "ON");
emit_rustc_cfg("cpu_jitter_entropy");
}
if let Some(cc) = option_env!("AWS_LC_FIPS_SYS_CC") {
env::set_var("CC", cc);
emit_warning(&format!("Setting CC: {cc}"));
}
if let Some(cxx) = option_env!("AWS_LC_FIPS_SYS_CXX") {
env::set_var("CXX", cxx);
emit_warning(&format!("Setting CXX: {cxx}"));
}
let cc_build = cc::Build::new();
let opt_level = cargo_env("OPT_LEVEL");
if opt_level.ne("0") {
if opt_level.eq("1") || opt_level.eq("2") {
cmake_cfg.define("CMAKE_BUILD_TYPE", "relwithdebinfo");
} else {
if opt_level.eq("s") || opt_level.eq("z") {
cmake_cfg.define("CMAKE_BUILD_TYPE", "minsizerel");
} else {
cmake_cfg.define("CMAKE_BUILD_TYPE", "release");
}
// TODO: Due to the nature of the FIPS build (e.g., its dynamic generation of
// assembly files and its custom compilation commands within CMake), not all
// source paths are stripped from the resulting binary.
emit_warning(
"NOTICE: Build environment source paths might be visible in release binary.",
);
let parent_dir = self.manifest_dir.parent();
if parent_dir.is_some() && (target_family() == "unix" || target_env() == "gnu") {
let parent_dir = parent_dir.unwrap();
let flag = format!("\"-ffile-prefix-map={}=\"", parent_dir.display());
if let Ok(true) = cc_build.is_flag_supported(&flag) {
emit_warning(&format!("Using flag: {}", &flag));
cmake_cfg.asmflag(&flag);
cmake_cfg.cflag(&flag);
} else {
let flag = format!("\"-fdebug-prefix-map={}=\"", parent_dir.display());
if let Ok(true) = cc_build.is_flag_supported(&flag) {
emit_warning(&format!("Using flag: {}", &flag));
cmake_cfg.asmflag(&flag);
cmake_cfg.cflag(&flag);
}
}
}
}
} else if target_os() == "windows" {
// The Windows/FIPS build rejects "debug" profile
// https://github.com/aws/aws-lc/blob/main/CMakeLists.txt#L656
cmake_cfg.define("CMAKE_BUILD_TYPE", "relwithdebinfo");
} else {
cmake_cfg.define("CMAKE_BUILD_TYPE", "debug");
}
Self::verify_compiler_support(&cc_build.get_compiler());
if let Some(prefix) = &self.build_prefix {
cmake_cfg.define("BORINGSSL_PREFIX", format!("{prefix}_"));
let include_path = self.manifest_dir.join("generated-include");
cmake_cfg.define(
"BORINGSSL_PREFIX_HEADERS",
include_path.display().to_string(),
);
}
// Build flags that minimize our crate size.
cmake_cfg.define("BUILD_TESTING", "OFF");
cmake_cfg.define("BUILD_TOOL", "OFF");
if cfg!(feature = "ssl") {
cmake_cfg.define("BUILD_LIBSSL", "ON");
} else {
cmake_cfg.define("BUILD_LIBSSL", "OFF");
}
cmake_cfg.define("FIPS", "1");
if is_no_asm() {
let opt_level = cargo_env("OPT_LEVEL");
if opt_level == "0" {
cmake_cfg.define("OPENSSL_NO_ASM", "1");
} else {
panic!("AWS_LC_SYS_NO_ASM only allowed for debug builds!")
}
} else if !has_target_cpu_optimization() {
emit_warning(&format!(
"Assembly optimizations not available for target arch: {}.",
target_arch()
));
// TODO: This should not be needed once resolved upstream
// See: https://github.com/aws/aws-lc-rs/issues/655
cmake_cfg.define("OPENSSL_NO_ASM", "1");
}
if cfg!(feature = "asan") {
env::set_var("CC", "clang");
env::set_var("CXX", "clang++");
env::set_var("ASM", "clang");
cmake_cfg.define("ASAN", "1");
}
// Allow environment to specify CMake toolchain.
if let Some(toolchain) = option_env("CMAKE_TOOLCHAIN_FILE").or(option_env(format!(
"CMAKE_TOOLCHAIN_FILE_{}",
target_underscored()
))) {
emit_warning(&format!(
"CMAKE_TOOLCHAIN_FILE environment variable set: {toolchain}"
));
return cmake_cfg;
}
if target_vendor() == "apple" {
let disable_warnings: [&str; 2] =
["-Wno-overriding-t-option", "-Wno-overriding-option"];
for disabler in disable_warnings {
if let Ok(true) = cc_build.is_flag_supported(disabler) {
cmake_cfg.cflag(disabler);
}
}
if target_arch() == "aarch64" {
cmake_cfg.define("CMAKE_OSX_ARCHITECTURES", "arm64");
cmake_cfg.define("CMAKE_SYSTEM_PROCESSOR", "arm64");
}
if target_arch() == "x86_64" {
cmake_cfg.define("CMAKE_OSX_ARCHITECTURES", "x86_64");
cmake_cfg.define("CMAKE_SYSTEM_PROCESSOR", "x86_64");
}
if target_os().trim() == "ios" {
cmake_cfg.define("CMAKE_SYSTEM_NAME", "iOS");
if effective_target().ends_with("-ios-sim") || target_arch() == "x86_64" {
cmake_cfg.define("CMAKE_OSX_SYSROOT", "iphonesimulator");
} else {
cmake_cfg.define("CMAKE_OSX_SYSROOT", "iphoneos");
}
cmake_cfg.define("CMAKE_THREAD_LIBS_INIT", "-lpthread");
}
if target_os().trim() == "macos" {
cmake_cfg.define("CMAKE_SYSTEM_NAME", "Darwin");
cmake_cfg.define("CMAKE_OSX_SYSROOT", "macosx");
}
}
if target_os() == "windows" {
cmake_cfg.generator("Ninja");
let env_map = self
.collect_vcvarsall_bat()
.map_err(|x| panic!("{}", x))
.unwrap();
for (key, value) in env_map {
cmake_cfg.env(key, value);
}
}
if target_env() == "ohos" {
Self::configure_open_harmony(&mut cmake_cfg);
}
cmake_cfg
}