roll_boringssl.go - third_party/boringssl - Git at Google

 // Copyright 2017 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This script updates //third_party/boringssl/src to point to the current revision at:
 //   https://boringssl.googlesource.com/boringssl/+/master
 //
 // It then updates the generated build files and jiri manifest accordingly. It can optionally also
 // update the root certificates used by BoringSSL on Fuchsia.

 package main

 import (
 	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
 	"time"
 )

 const BundleURL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt"

 var (
 	fuchsia = flag.String("fuchsia", os.Getenv("FUCHSIA_DIR"), "Fuchsia root directory")
 	boring  = flag.String("boring", "third_party/boringssl", "Path to repository")
 	commit  = flag.String("commit", "origin/upstream/master", "Upstream commit-ish to check out")
 	bundle  = flag.String("bundle", BundleURL, "URL to retrieve certificates from")

 	skipBoring = flag.Bool("skip-boring", false, "Don't update upstream sources or build files")
 	skipBundle = flag.Bool("skip-bundle", false, "Don't update the root certificate bundle")
 )

 func run(cwd string, name string, args ...string) (string, error) {
 	cmd := exec.Command(name, args...)
 	if len(cwd) > 0 {
 		cmd.Dir = filepath.Join(*fuchsia, cwd)
 		fmt.Printf("> cd %s\n", cmd.Dir)
 	}
 	fmt.Printf("> %s %s\n", name, strings.Join(args, " "))
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return "", err
 	}
 	return string(out), nil
 }

 func checkoutUpstream() error {
 	_, err := run(filepath.Join(*boring, "src"), "git", "fetch")
 	if err != nil {
 		return err
 	}
 	_, err = run(filepath.Join(*boring, "src"), "git", "checkout", *commit)
 	if err != nil {
 		return err
 	}
 	return nil
 }

 func generateBuildFiles() error {
 	_, err := run(*boring, "python", filepath.Join("src", "util", "generate_build_files.py"), "gn")
 	return err
 }

 func getGitRevision() (string, error) {
 	out, err := run(filepath.Join(*boring, "src"), "git", "rev-list", "HEAD", "--max-count=1")
 	return strings.TrimSpace(string(out)), err
 }

 func updateManifest() error {
 	revision, err := getGitRevision()
 	if err != nil {
 		return err
 	}
 	_, err = run(*boring, "jiri", "edit", "-project=third_party/boringssl/src="+revision, "manifest")
 	return err
 }

 func getCertData(url string) ([]byte, error) {
 	response, err := http.Get(url)
 	if err != nil {
 		return nil, err
 	}
 	defer response.Body.Close()
 	return ioutil.ReadAll(response.Body)
 }

 func stampCertData(url string, certdata []byte) error {
 	digest := sha256.Sum256(certdata)
 	hexdigest := hex.EncodeToString(digest[:])

 	stamp := "URL:    " + url + "\n"
 	stamp += "SHA256: " + hexdigest + "\n"
 	stamp += "Time:   " + time.Now().String() + "\n"

 	stampfile, err := os.Create("certdata.stamp")
 	if err != nil {
 		return err
 	}
 	defer stampfile.Close()
 	_, err = stampfile.WriteString(stamp)
 	return err
 }

 func convertToPEM(certdata []byte) error {
 	if err := ioutil.WriteFile("certdata.txt", certdata, 0644); err != nil {
 		return err
 	}
 	out, err := run(*boring, "go", "run", "convert_mozilla_certdata.go")
 	if err != nil {
 		return err
 	}
 	return ioutil.WriteFile("certdata.pem", []byte(out), 0644)
 }

 func updateBoring() error {
 	if *skipBoring {
 		return nil
 	}
 	if err := checkoutUpstream(); err != nil {
 		return err
 	}
 	if err := updateManifest(); err != nil {
 		return err
 	}
 	if err := generateBuildFiles(); err != nil {
 		return err
 	}
 	return nil
 }

 func updateBundle() error {
 	if *skipBundle {
 		return nil
 	}
 	certdata, err := getCertData(*bundle)
 	if err != nil {
 		return err
 	}
 	if err := stampCertData(*bundle, certdata); err != nil {
 		return err
 	}
 	if err := convertToPEM(certdata); err != nil {
 		return err
 	}
 	return nil
 }

 func main() {
 	flag.Parse()
 	if len(*fuchsia) == 0 {
 		log.Fatal(errors.New("FUCHSIA_DIR not set and --fuchsia not specified"))
 	}
 	if err := updateBoring(); err != nil {
 		log.Fatal(err)
 	}
 	if err := updateBundle(); err != nil {
 		log.Fatal(err)
 	}
 }
	// Copyright 2017 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.
	//
	// This script updates //third_party/boringssl/src to point to the current revision at:
	// https://boringssl.googlesource.com/boringssl/+/master
	//
	// It then updates the generated build files and jiri manifest accordingly. It can optionally also
	// update the root certificates used by BoringSSL on Fuchsia.

	package main

	import (
	"crypto/sha256"
	"encoding/hex"
	"errors"
	"flag"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"os"
	"os/exec"
	"path/filepath"
	"strings"
	"time"
	)

	const BundleURL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt"

	var (
	fuchsia = flag.String("fuchsia", os.Getenv("FUCHSIA_DIR"), "Fuchsia root directory")
	boring = flag.String("boring", "third_party/boringssl", "Path to repository")
	commit = flag.String("commit", "origin/upstream/master", "Upstream commit-ish to check out")
	bundle = flag.String("bundle", BundleURL, "URL to retrieve certificates from")

	skipBoring = flag.Bool("skip-boring", false, "Don't update upstream sources or build files")
	skipBundle = flag.Bool("skip-bundle", false, "Don't update the root certificate bundle")
	)

	func run(cwd string, name string, args ...string) (string, error) {
	cmd := exec.Command(name, args...)
	if len(cwd) > 0 {
	cmd.Dir = filepath.Join(*fuchsia, cwd)
	fmt.Printf("> cd %s\n", cmd.Dir)
	}
	fmt.Printf("> %s %s\n", name, strings.Join(args, " "))
	out, err := cmd.CombinedOutput()
	if err != nil {
	return "", err
	}
	return string(out), nil
	}

	func checkoutUpstream() error {
	_, err := run(filepath.Join(*boring, "src"), "git", "fetch")
	if err != nil {
	return err
	}
	_, err = run(filepath.Join(boring, "src"), "git", "checkout", commit)
	if err != nil {
	return err
	}
	return nil
	}

	func generateBuildFiles() error {
	_, err := run(*boring, "python", filepath.Join("src", "util", "generate_build_files.py"), "gn")
	return err
	}

	func getGitRevision() (string, error) {
	out, err := run(filepath.Join(*boring, "src"), "git", "rev-list", "HEAD", "--max-count=1")
	return strings.TrimSpace(string(out)), err
	}

	func updateManifest() error {
	revision, err := getGitRevision()
	if err != nil {
	return err
	}
	_, err = run(*boring, "jiri", "edit", "-project=third_party/boringssl/src="+revision, "manifest")
	return err
	}

	func getCertData(url string) ([]byte, error) {
	response, err := http.Get(url)
	if err != nil {
	return nil, err
	}
	defer response.Body.Close()
	return ioutil.ReadAll(response.Body)
	}

	func stampCertData(url string, certdata []byte) error {
	digest := sha256.Sum256(certdata)
	hexdigest := hex.EncodeToString(digest[:])

	stamp := "URL: " + url + "\n"
	stamp += "SHA256: " + hexdigest + "\n"
	stamp += "Time: " + time.Now().String() + "\n"

	stampfile, err := os.Create("certdata.stamp")
	if err != nil {
	return err
	}
	defer stampfile.Close()
	_, err = stampfile.WriteString(stamp)
	return err
	}

	func convertToPEM(certdata []byte) error {
	if err := ioutil.WriteFile("certdata.txt", certdata, 0644); err != nil {
	return err
	}
	out, err := run(*boring, "go", "run", "convert_mozilla_certdata.go")
	if err != nil {
	return err
	}
	return ioutil.WriteFile("certdata.pem", []byte(out), 0644)
	}

	func updateBoring() error {
	if *skipBoring {
	return nil
	}
	if err := checkoutUpstream(); err != nil {
	return err
	}
	if err := updateManifest(); err != nil {
	return err
	}
	if err := generateBuildFiles(); err != nil {
	return err
	}
	return nil
	}

	func updateBundle() error {
	if *skipBundle {
	return nil
	}
	certdata, err := getCertData(*bundle)
	if err != nil {
	return err
	}
	if err := stampCertData(*bundle, certdata); err != nil {
	return err
	}
	if err := convertToPEM(certdata); err != nil {
	return err
	}
	return nil
	}

	func main() {
	flag.Parse()
	if len(*fuchsia) == 0 {
	log.Fatal(errors.New("FUCHSIA_DIR not set and --fuchsia not specified"))
	}
	if err := updateBoring(); err != nil {
	log.Fatal(err)
	}
	if err := updateBundle(); err != nil {
	log.Fatal(err)
	}
	}