forked from NordSecurity/libtelio
-
Notifications
You must be signed in to change notification settings - Fork 0
/
build.rs
154 lines (139 loc) · 4.86 KB
/
build.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
use anyhow::{bail, Context, Result};
use std::env;
use std::path::PathBuf;
use std::process::Command;
fn check_git_secrets() -> Result<()> {
match Command::new("git").args(["secrets", "--list"]).output() {
Ok(output) => match output.status.code() {
Some(0) => {
let output = String::from_utf8(output.stdout)?;
for line in output.lines() {
if line.ends_with("llt-secrets/secrets")
|| line.ends_with("llt-secrets\\secrets")
{
return Ok(());
}
}
bail!("llt-secrets not found in git-secrets providers list!")
}
Some(1) => {
let stderr = String::from_utf8(output.stderr)?;
if let Some(true) = stderr
.lines()
.next()
.map(|line| line.starts_with("git: 'secrets' is not a git command."))
{
bail!("git-secrets not installed!")
}
bail!("llt-secrets not found in git-secrets providers list!")
}
_ => {
bail!(
"git-secrets failed with status code: {}\nstdout:\n{}\nstderr:\n{}\n",
output.status,
String::from_utf8(output.stdout).unwrap_or_default(),
String::from_utf8(output.stderr).unwrap_or_default(),
)
}
},
Err(error) => {
bail!("git failed with unexpected error: {error}")
}
}
}
fn get_git_path() -> Result<PathBuf> {
match Command::new("git")
.args(["rev-parse", "--git-dir"])
.output()
{
Ok(output) => Ok(String::from_utf8(output.stdout)?.trim().into()),
Err(_) => {
bail!("Failed to get git directory. git rev-parse --git-dir failed.")
}
}
}
fn check_git_hooks() -> Result<()> {
let hooks_path = get_git_path()
.context("Checking git hooks failed")?
.join("hooks");
let hooks = vec![
hooks_path.join("commit-msg"),
hooks_path.join("pre-commit"),
hooks_path.join("prepare-commit-msg"),
];
for hook in hooks {
if !hook.exists() {
bail!("Hook {:?} not installed", hook)
}
}
Ok(())
}
fn verify_llt_secrets() {
println!("cargo:rerun-if-changed=./crates");
println!("cargo:rerun-if-changed=./src");
if !env::var("GITLAB_CI")
.or(env::var("GITHUB_ACTIONS"))
.is_ok_and(|value| value == "true")
{
if env::var("BYPASS_LLT_SECRETS").is_ok() {
println!("cargo:warning=BYPASS_LLT_SECRETS IS SET, COMMIT CAREFULLY!!");
return;
}
#[allow(clippy::panic)]
match check_git_secrets().and_then(|_| check_git_hooks()) {
Ok(_) => {}
Err(err) => {
panic!(
"Secrets scanning seems to be missing or misconfigured. Either run checkout scripts \
or run with BYPASS_LLT_SECRETS environment variable set\nError: {:#}",
err
);
}
}
}
}
fn build() -> Result<cc::Build> {
let target_os = env::var("CARGO_CFG_TARGET_OS")?;
let mut build = cc::Build::new();
if target_os == "windows" {
// -lssp is required when source fortification is enabled for Windows. Since -lssp is a
// dynamic library, its very undesirable and right now I'm not in the mood to try and
// find a proper solution. So just skip source fortification for Windows for now.
// https://github.com/msys2/MINGW-packages/issues/5868
} else {
build.flag("-D_FORTIFY_SOURCE=2");
build.flag("-fstack-protector-strong");
}
Ok(build)
}
fn main() -> Result<()> {
uniffi::generate_scaffolding("./src/libtelio.udl")?;
verify_llt_secrets();
let path = "suppress_source_fortification_check.c";
println!("cargo:rerun-if-changed={}", &path);
// The culprit for breaking the MSVC build is "-Werror", because cl.exe requires a numeric parameter.
if cfg!(target_env = "msvc") {
build()?
.file(path)
.compile("suppressSourceFortificationCheck");
} else {
build()?
.file(path)
.flag("-Werror")
.flag("-O3")
.compile("suppressSourceFortificationCheck");
}
let target_os = env::var("CARGO_CFG_TARGET_OS")?;
if target_os == "android" {
let pkg_name = env!("CARGO_PKG_NAME");
let soname = format!("lib{}.so", pkg_name);
println!("cargo:rustc-cdylib-link-arg=-Wl,-soname,{}", soname);
}
#[cfg(windows)]
if target_os == "windows" {
winres::WindowsResource::new()
.set("LegalCopyright", "Nord Security")
.compile()?;
}
Ok(())
}