Add two more Android FIPS builders
We support armv7 with FIPS in the shared library build, but this is
never tested in CI. We also support (though not I think for Android?)
delocate with aarch64. Since our only Linux aarch64 builders are
Android, add a statically linked Android builder.
Also update builders to use the properties added in
https://chromium-review.googlesource.com/c/chromium/tools/build/+/4296193,
which removes the last of the dependency on name-parsing.
Change-Id: Ic403c02a6fbd4ce65f4c3a24cf6cc6572686226a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57690
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/generated/commit-queue.cfg b/generated/commit-queue.cfg
index 31a0581..5c5b76a 100644
--- a/generated/commit-queue.cfg
+++ b/generated/commit-queue.cfg
@@ -41,6 +41,13 @@
name: "boringssl/try/android_aarch64_fips_compile"
}
builders {
+ name: "boringssl/try/android_aarch64_fips_static"
+ includable_only: true
+ }
+ builders {
+ name: "boringssl/try/android_aarch64_fips_static_compile"
+ }
+ builders {
name: "boringssl/try/android_aarch64_rel"
includable_only: true
}
@@ -63,6 +70,13 @@
name: "boringssl/try/android_arm_compile"
}
builders {
+ name: "boringssl/try/android_arm_fips"
+ includable_only: true
+ }
+ builders {
+ name: "boringssl/try/android_arm_fips_compile"
+ }
+ builders {
name: "boringssl/try/android_arm_rel"
includable_only: true
}
diff --git a/generated/cr-buildbucket.cfg b/generated/cr-buildbucket.cfg
index 1392f03..5d33d56 100644
--- a/generated/cr-buildbucket.cfg
+++ b/generated/cr-buildbucket.cfg
@@ -25,6 +25,7 @@
' "$gatekeeper": {'
' "group": "client.boringssl"'
' },'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21"'
@@ -61,6 +62,7 @@
' "$gatekeeper": {'
' "group": "client.boringssl"'
' },'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21",'
@@ -85,6 +87,44 @@
}
}
builders {
+ name: "android_aarch64_fips_static"
+ swarming_host: "chromium-swarm.appspot.com"
+ dimensions: "device_type:walleye"
+ dimensions: "pool:luci.flex.ci"
+ exe {
+ cipd_package: "infra/recipe_bundles/chromium.googlesource.com/chromium/tools/build"
+ cipd_version: "refs/heads/main"
+ cmd: "luciexe"
+ }
+ properties:
+ '{'
+ ' "$gatekeeper": {'
+ ' "group": "client.boringssl"'
+ ' },'
+ ' "android": true,'
+ ' "cmake_args": {'
+ ' "ANDROID_ABI": "arm64-v8a",'
+ ' "ANDROID_PLATFORM": "android-21",'
+ ' "FIPS": "1"'
+ ' },'
+ ' "recipe": "boringssl"'
+ '}'
+ execution_timeout_secs: 3600
+ caches {
+ name: "gocache"
+ path: "gocache"
+ }
+ caches {
+ name: "gopath"
+ path: "gopath"
+ }
+ service_account: "boringssl-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
+ experiments {
+ key: "luci.recipes.use_python3"
+ value: 100
+ }
+ }
+ builders {
name: "android_aarch64_rel"
swarming_host: "chromium-swarm.appspot.com"
dimensions: "device_type:bullhead"
@@ -99,6 +139,7 @@
' "$gatekeeper": {'
' "group": "client.boringssl"'
' },'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21",'
@@ -136,6 +177,7 @@
' "$gatekeeper": {'
' "group": "client.boringssl"'
' },'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_NEON": "FALSE",'
@@ -173,6 +215,7 @@
' "$gatekeeper": {'
' "group": "client.boringssl"'
' },'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_MODE": "arm",'
@@ -198,6 +241,45 @@
}
}
builders {
+ name: "android_arm_fips"
+ swarming_host: "chromium-swarm.appspot.com"
+ dimensions: "device_type:walleye"
+ dimensions: "pool:luci.flex.ci"
+ exe {
+ cipd_package: "infra/recipe_bundles/chromium.googlesource.com/chromium/tools/build"
+ cipd_version: "refs/heads/main"
+ cmd: "luciexe"
+ }
+ properties:
+ '{'
+ ' "$gatekeeper": {'
+ ' "group": "client.boringssl"'
+ ' },'
+ ' "android": true,'
+ ' "cmake_args": {'
+ ' "ANDROID_ABI": "armeabi-v7a",'
+ ' "ANDROID_PLATFORM": "android-21",'
+ ' "BUILD_SHARED_LIBS": "1",'
+ ' "FIPS": "1"'
+ ' },'
+ ' "recipe": "boringssl"'
+ '}'
+ execution_timeout_secs: 3600
+ caches {
+ name: "gocache"
+ path: "gocache"
+ }
+ caches {
+ name: "gopath"
+ path: "gopath"
+ }
+ service_account: "boringssl-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
+ experiments {
+ key: "luci.recipes.use_python3"
+ value: 100
+ }
+ }
+ builders {
name: "android_arm_rel"
swarming_host: "chromium-swarm.appspot.com"
dimensions: "device_type:bullhead"
@@ -212,6 +294,7 @@
' "$gatekeeper": {'
' "group": "client.boringssl"'
' },'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_NEON": "FALSE",'
@@ -540,7 +623,8 @@
' "CMAKE_SYSTEM_PROCESSOR": "x86"'
' },'
' "recipe": "boringssl",'
- ' "run_ssl_tests": false'
+ ' "run_ssl_tests": false,'
+ ' "sde": true'
'}'
execution_timeout_secs: 3600
caches {
@@ -1150,7 +1234,8 @@
' "CMAKE_BUILD_TYPE": "RelWithAsserts"'
' },'
' "recipe": "boringssl",'
- ' "run_ssl_tests": false'
+ ' "run_ssl_tests": false,'
+ ' "sde": true'
'}'
execution_timeout_secs: 3600
caches {
@@ -1183,6 +1268,7 @@
' "$gatekeeper": {'
' "group": "client.boringssl"'
' },'
+ ' "check_imported_libraries": true,'
' "cmake_args": {'
' "BUILD_SHARED_LIBS": "1"'
' },'
@@ -1541,7 +1627,8 @@
' },'
' "msvc_target": "x86",'
' "recipe": "boringssl",'
- ' "run_ssl_tests": false'
+ ' "run_ssl_tests": false,'
+ ' "sde": true'
'}'
execution_timeout_secs: 3600
caches {
@@ -1784,7 +1871,8 @@
' },'
' "msvc_target": "x64",'
' "recipe": "boringssl",'
- ' "run_ssl_tests": false'
+ ' "run_ssl_tests": false,'
+ ' "sde": true'
'}'
execution_timeout_secs: 3600
caches {
@@ -1967,6 +2055,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21"'
@@ -1993,6 +2082,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21"'
@@ -2020,6 +2110,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21",'
@@ -2048,6 +2139,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21",'
@@ -2066,6 +2158,63 @@
}
}
builders {
+ name: "android_aarch64_fips_static"
+ swarming_host: "chromium-swarm.appspot.com"
+ dimensions: "device_type:walleye"
+ dimensions: "pool:luci.flex.try"
+ exe {
+ cipd_package: "infra/recipe_bundles/chromium.googlesource.com/chromium/tools/build"
+ cipd_version: "refs/heads/main"
+ cmd: "luciexe"
+ }
+ properties:
+ '{'
+ ' "android": true,'
+ ' "cmake_args": {'
+ ' "ANDROID_ABI": "arm64-v8a",'
+ ' "ANDROID_PLATFORM": "android-21",'
+ ' "FIPS": "1"'
+ ' },'
+ ' "recipe": "boringssl"'
+ '}'
+ execution_timeout_secs: 3600
+ service_account: "boringssl-try-builder@chops-service-accounts.iam.gserviceaccount.com"
+ experiments {
+ key: "luci.recipes.use_python3"
+ value: 100
+ }
+ }
+ builders {
+ name: "android_aarch64_fips_static_compile"
+ swarming_host: "chromium-swarm.appspot.com"
+ dimensions: "cpu:x86-64"
+ dimensions: "os:Ubuntu-18.04"
+ dimensions: "pool:luci.flex.try"
+ exe {
+ cipd_package: "infra/recipe_bundles/chromium.googlesource.com/chromium/tools/build"
+ cipd_version: "refs/heads/main"
+ cmd: "luciexe"
+ }
+ properties:
+ '{'
+ ' "android": true,'
+ ' "cmake_args": {'
+ ' "ANDROID_ABI": "arm64-v8a",'
+ ' "ANDROID_PLATFORM": "android-21",'
+ ' "FIPS": "1"'
+ ' },'
+ ' "recipe": "boringssl",'
+ ' "run_ssl_tests": false,'
+ ' "run_unit_tests": false'
+ '}'
+ execution_timeout_secs: 1800
+ service_account: "boringssl-try-builder@chops-service-accounts.iam.gserviceaccount.com"
+ experiments {
+ key: "luci.recipes.use_python3"
+ value: 100
+ }
+ }
+ builders {
name: "android_aarch64_rel"
swarming_host: "chromium-swarm.appspot.com"
dimensions: "device_type:bullhead"
@@ -2077,6 +2226,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21",'
@@ -2104,6 +2254,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "arm64-v8a",'
' "ANDROID_PLATFORM": "android-21",'
@@ -2132,6 +2283,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_NEON": "FALSE",'
@@ -2158,6 +2310,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_MODE": "arm",'
@@ -2187,6 +2340,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_MODE": "arm",'
@@ -2218,6 +2372,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_NEON": "FALSE",'
@@ -2235,6 +2390,65 @@
}
}
builders {
+ name: "android_arm_fips"
+ swarming_host: "chromium-swarm.appspot.com"
+ dimensions: "device_type:walleye"
+ dimensions: "pool:luci.flex.try"
+ exe {
+ cipd_package: "infra/recipe_bundles/chromium.googlesource.com/chromium/tools/build"
+ cipd_version: "refs/heads/main"
+ cmd: "luciexe"
+ }
+ properties:
+ '{'
+ ' "android": true,'
+ ' "cmake_args": {'
+ ' "ANDROID_ABI": "armeabi-v7a",'
+ ' "ANDROID_PLATFORM": "android-21",'
+ ' "BUILD_SHARED_LIBS": "1",'
+ ' "FIPS": "1"'
+ ' },'
+ ' "recipe": "boringssl"'
+ '}'
+ execution_timeout_secs: 3600
+ service_account: "boringssl-try-builder@chops-service-accounts.iam.gserviceaccount.com"
+ experiments {
+ key: "luci.recipes.use_python3"
+ value: 100
+ }
+ }
+ builders {
+ name: "android_arm_fips_compile"
+ swarming_host: "chromium-swarm.appspot.com"
+ dimensions: "cpu:x86-64"
+ dimensions: "os:Ubuntu-18.04"
+ dimensions: "pool:luci.flex.try"
+ exe {
+ cipd_package: "infra/recipe_bundles/chromium.googlesource.com/chromium/tools/build"
+ cipd_version: "refs/heads/main"
+ cmd: "luciexe"
+ }
+ properties:
+ '{'
+ ' "android": true,'
+ ' "cmake_args": {'
+ ' "ANDROID_ABI": "armeabi-v7a",'
+ ' "ANDROID_PLATFORM": "android-21",'
+ ' "BUILD_SHARED_LIBS": "1",'
+ ' "FIPS": "1"'
+ ' },'
+ ' "recipe": "boringssl",'
+ ' "run_ssl_tests": false,'
+ ' "run_unit_tests": false'
+ '}'
+ execution_timeout_secs: 1800
+ service_account: "boringssl-try-builder@chops-service-accounts.iam.gserviceaccount.com"
+ experiments {
+ key: "luci.recipes.use_python3"
+ value: 100
+ }
+ }
+ builders {
name: "android_arm_rel"
swarming_host: "chromium-swarm.appspot.com"
dimensions: "device_type:bullhead"
@@ -2246,6 +2460,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_NEON": "FALSE",'
@@ -2274,6 +2489,7 @@
}
properties:
'{'
+ ' "android": true,'
' "cmake_args": {'
' "ANDROID_ABI": "armeabi-v7a",'
' "ANDROID_ARM_NEON": "FALSE",'
@@ -2915,6 +3131,7 @@
}
properties:
'{'
+ ' "check_imported_libraries": true,'
' "cmake_args": {'
' "BUILD_SHARED_LIBS": "1"'
' },'
diff --git a/generated/luci-milo.cfg b/generated/luci-milo.cfg
index 81c02e4..545d19f 100644
--- a/generated/luci-milo.cfg
+++ b/generated/luci-milo.cfg
@@ -26,6 +26,11 @@
short_name: "fips"
}
builders {
+ name: "buildbucket/luci.boringssl.ci/android_aarch64_fips_static"
+ category: "android|aarch64"
+ short_name: "fips2"
+ }
+ builders {
name: "buildbucket/luci.boringssl.ci/android_arm"
category: "android|thumb"
short_name: "dbg"
@@ -36,6 +41,11 @@
short_name: "rel"
}
builders {
+ name: "buildbucket/luci.boringssl.ci/android_arm_fips"
+ category: "android|thumb"
+ short_name: "fips"
+ }
+ builders {
name: "buildbucket/luci.boringssl.ci/android_arm_armmode_rel"
category: "android|arm"
short_name: "rel"
diff --git a/generated/luci-notify.cfg b/generated/luci-notify.cfg
index daa26f0..9019408 100644
--- a/generated/luci-notify.cfg
+++ b/generated/luci-notify.cfg
@@ -45,6 +45,21 @@
}
builders {
bucket: "ci"
+ name: "android_aarch64_fips_static"
+ repository: "https://boringssl.googlesource.com/boringssl"
+ }
+}
+notifiers {
+ notifications {
+ on_occurrence: FAILURE
+ on_occurrence: INFRA_FAILURE
+ on_new_status: SUCCESS
+ email {
+ recipients: "boringssl@google.com"
+ }
+ }
+ builders {
+ bucket: "ci"
name: "android_aarch64_rel"
repository: "https://boringssl.googlesource.com/boringssl"
}
@@ -90,6 +105,21 @@
}
builders {
bucket: "ci"
+ name: "android_arm_fips"
+ repository: "https://boringssl.googlesource.com/boringssl"
+ }
+}
+notifiers {
+ notifications {
+ on_occurrence: FAILURE
+ on_occurrence: INFRA_FAILURE
+ on_new_status: SUCCESS
+ email {
+ recipients: "boringssl@google.com"
+ }
+ }
+ builders {
+ bucket: "ci"
name: "android_arm_rel"
repository: "https://boringssl.googlesource.com/boringssl"
}
diff --git a/generated/luci-scheduler.cfg b/generated/luci-scheduler.cfg
index 12fa431..0003bdf 100644
--- a/generated/luci-scheduler.cfg
+++ b/generated/luci-scheduler.cfg
@@ -25,6 +25,16 @@
}
}
job {
+ id: "android_aarch64_fips_static"
+ realm: "ci"
+ acl_sets: "ci"
+ buildbucket {
+ server: "cr-buildbucket.appspot.com"
+ bucket: "ci"
+ builder: "android_aarch64_fips_static"
+ }
+}
+job {
id: "android_aarch64_rel"
realm: "ci"
acl_sets: "ci"
@@ -55,6 +65,16 @@
}
}
job {
+ id: "android_arm_fips"
+ realm: "ci"
+ acl_sets: "ci"
+ buildbucket {
+ server: "cr-buildbucket.appspot.com"
+ bucket: "ci"
+ builder: "android_arm_fips"
+ }
+}
+job {
id: "android_arm_rel"
realm: "ci"
acl_sets: "ci"
@@ -500,9 +520,11 @@
acl_sets: "ci"
triggers: "android_aarch64"
triggers: "android_aarch64_fips"
+ triggers: "android_aarch64_fips_static"
triggers: "android_aarch64_rel"
triggers: "android_arm"
triggers: "android_arm_armmode_rel"
+ triggers: "android_arm_fips"
triggers: "android_arm_rel"
triggers: "docs"
triggers: "ios64_compile"
diff --git a/main.star b/main.star
index 48a81c3..f5070c2 100755
--- a/main.star
+++ b/main.star
@@ -291,6 +291,7 @@
short_name = "dbg",
cq_compile_only = LINUX_HOST,
properties = {
+ "android": True,
"cmake_args": {
"ANDROID_ABI": "arm64-v8a",
"ANDROID_PLATFORM": "android-21",
@@ -305,6 +306,7 @@
cq_compile_only = LINUX_HOST,
cq_enabled = False,
properties = {
+ "android": True,
"cmake_args": {
"ANDROID_ABI": "arm64-v8a",
"ANDROID_PLATFORM": "android-21",
@@ -320,6 +322,7 @@
short_name = "fips",
cq_compile_only = LINUX_HOST,
properties = {
+ "android": True,
"cmake_args": {
"ANDROID_ABI": "arm64-v8a",
"ANDROID_PLATFORM": "android-21",
@@ -329,6 +332,27 @@
},
},
)
+
+# delocate works on aarch64. Test this by also building the static library mode
+# for android_aarch64_fips. Additionally, urandom_test doesn't work in shared
+# library builds, so this gives Android FIPS coverage for urandom_test.
+both_builders(
+ "android_aarch64_fips_static",
+ # The Android FIPS configuration requires a newer device.
+ WALLEYE_HOST,
+ category = "android|aarch64",
+ short_name = "fips2",
+ cq_compile_only = LINUX_HOST,
+ properties = {
+ "android": True,
+ "cmake_args": {
+ "ANDROID_ABI": "arm64-v8a",
+ "ANDROID_PLATFORM": "android-21",
+ "FIPS": "1",
+ },
+ },
+)
+
both_builders(
"android_arm",
BULLHEAD_HOST,
@@ -336,6 +360,7 @@
short_name = "dbg",
cq_compile_only = LINUX_HOST,
properties = {
+ "android": True,
"cmake_args": {
"ANDROID_ABI": "armeabi-v7a",
# Newer versions of the Android NDK make NEON-only builds by
@@ -354,6 +379,7 @@
cq_compile_only = LINUX_HOST,
cq_enabled = False,
properties = {
+ "android": True,
"cmake_args": {
"ANDROID_ABI": "armeabi-v7a",
# Newer versions of the Android NDK make NEON-only builds by
@@ -366,12 +392,31 @@
},
)
both_builders(
+ "android_arm_fips",
+ # The Android FIPS configuration requires a newer device.
+ WALLEYE_HOST,
+ category = "android|thumb",
+ short_name = "fips",
+ cq_compile_only = LINUX_HOST,
+ properties = {
+ "android": True,
+ "cmake_args": {
+ "ANDROID_ABI": "armeabi-v7a",
+ "ANDROID_PLATFORM": "android-21",
+ # FIPS mode on Android uses shared libraries.
+ "BUILD_SHARED_LIBS": "1",
+ "FIPS": "1",
+ },
+ },
+)
+both_builders(
"android_arm_armmode_rel",
BULLHEAD_HOST,
category = "android|arm",
short_name = "rel",
cq_compile_only = LINUX_HOST,
properties = {
+ "android": True,
"cmake_args": {
"ANDROID_ABI": "armeabi-v7a",
"ANDROID_ARM_MODE": "arm",
@@ -494,6 +539,7 @@
"CMAKE_CXX_FLAGS": "-m32 -msse2",
},
"run_ssl_tests": False,
+ "sde": True,
},
)
both_builders(
@@ -708,6 +754,7 @@
"CMAKE_BUILD_TYPE": "RelWithAsserts",
},
"run_ssl_tests": False,
+ "sde": True,
},
)
both_builders(
@@ -719,6 +766,9 @@
"cmake_args": {
"BUILD_SHARED_LIBS": "1",
},
+ # The default Linux build may not depend on the C++ runtime. This is
+ # easy to check when building shared libraries.
+ "check_imported_libraries": True,
},
)
both_builders(
@@ -803,6 +853,7 @@
},
"msvc_target": "x86",
"run_ssl_tests": False,
+ "sde": True,
},
)
both_builders(
@@ -884,6 +935,7 @@
},
"msvc_target": "x64",
"run_ssl_tests": False,
+ "sde": True,
},
)
both_builders(
