envoyproxy/envoy-openssl

setting up a proper build environment

thekief opened this issue · 2 comments

thekief commented

The last few days I looked into the project and tried to build locally. I initally tried to build it on my local system but noticed that there were some problems that are probably much easier in a separate environment.

After trying a custom container and building envoyproxy/envoy-build-ubuntu referenced in the envoy documentation, I still have not succeeded in building the reverse proxy with OpenSSL support. I managed to bypass errors, such as envoyproxy/envoy-build-ubuntu not having exported the path to clang and some "missing" folders but I always end up with bssl not building.

What is the proper build environment/container for this project?

thekief commented

Happy new year :D

Over the last couple days I looked into the Github Actions and build a Docker Image and the build continued a bit further. I stumbled on additional problems:

  • the Google JWT Verify library needs an additional #include<memory> as uniqe_ptr causes problems otherwise, due to the missing import
  • envoy fails to build, as bssl cannot be found. Resulting in following error
root@4776654fe982:/build# CC=clang CXX=clang++ bazel build --config=clang :envoy
INFO: Analyzed target //:envoy (0 packages loaded, 0 targets configured).
INFO: Found 1 target...
ERROR: /root/.cache/bazel/_bazel_root/7b7747ec045ae606eb720a1222f56098/external/com_github_google_jwt_verify/BUILD:7:11: Compiling src/verif
y.cc failed: (Exit 1): clang-14 failed: error executing command (from target @com_github_google_jwt_verify//:jwt_verify_lib) /opt/llvm/bin/c
lang-14 -U_FORTIFY_SOURCE -fstack-protector -Wall -Wthread-safety -Wself-assign -Wunused-but-set-parameter -Wno-free-nonheap-object -fcolor-
diagnostics -fno-omit-frame-pointer '-std=c++0x' ... (remaining 40 arguments skipped)

Use --sandbox_debug to see verbose messages from the sandbox
In file included from external/com_github_google_jwt_verify/src/verify.cc:15:
In file included from external/com_github_google_jwt_verify/jwt_verify_lib/verify.h:17:
external/com_github_google_jwt_verify/jwt_verify_lib/jwks.h:61:5: error: use of undeclared identifier 'bssl'
    bssl::UniquePtr<RSA> rsa_;
    ^
external/com_github_google_jwt_verify/jwt_verify_lib/jwks.h:62:5: error: use of undeclared identifier 'bssl'
    bssl::UniquePtr<EC_KEY> ec_key_;
    ^
external/com_github_google_jwt_verify/jwt_verify_lib/jwks.h:64:5: error: use of undeclared identifier 'bssl'
    bssl::UniquePtr<BIO> bio_;
    ^
external/com_github_google_jwt_verify/jwt_verify_lib/jwks.h:65:5: error: use of undeclared identifier 'bssl'
    bssl::UniquePtr<X509> x509_;
    ^
external/com_github_google_jwt_verify/src/verify.cc:21:10: fatal error: 'openssl/curve25519.h' file not found
#include "openssl/curve25519.h"
         ^~~~~~~~~~~~~~~~~~~~~~
5 errors generated.
Target //:envoy failed to build
Use --verbose_failures to see the command lines of failed build steps.
INFO: Elapsed time: 2.152s, Critical Path: 1.88s
INFO: 24 processes: 22 internal, 2 processwrapper-sandbox.
FAILED: Build did NOT complete successfully

Before installing any additional dependencies I was wondering, which version of BoringSSL to install. Is something linked in one of the submodules? Should I just grab the version from Google?

thekief commented

After some time I finally got back to this and I am still stuck building the project in a local build environment.

Similar to #53 I also would ask you to provide some more details on the building process, as the readme does not properly build. I tried to follow the steps specified in the Github workflow files but it still fails.

Right now I got following issue, when trying to build the image in a local Debian/Ubuntu container:

n file included from /build/bssl-compat/source/cipher.c:1:
In file included from /build/bssl-compat/include/openssl/cipher.h:60:
/build/bssl-compat/include/openssl/base.h:83:10: fatal error: 'ossl/openssl/types.h' file not found
#include <ossl/openssl/types.h>
         ^~~~~~~~~~~~~~~~~~~~~~
In file included from /build/bssl-compat/source/digest.c:1:
In file included from /build/bssl-compat/include/openssl/digest.h:60:
/build/bssl-compat/include/openssl/base.h:83:10: fatal error: 'ossl/openssl/types.h' file not found
#include <ossl/openssl/types.h>
         ^~~~~~~~~~~~~~~~~~~~~~
In file included from /build/bssl-compat/source/crypto.c:1:
In file included from /build/bssl-compat/include/openssl/crypto.h:18:
/build/bssl-compat/include/openssl/base.h:83:10: fatal error: 'ossl/openssl/types.h' file not found
#include <ossl/openssl/types.h>

Any tips and hints would be appreciated.