[KeyManager]: (build) boringssl auto-build using cmake crate#646
Merged
atulpatildbz merged 3 commits intogoogle:mainfrom Feb 10, 2026
Merged
[KeyManager]: (build) boringssl auto-build using cmake crate#646atulpatildbz merged 3 commits intogoogle:mainfrom
atulpatildbz merged 3 commits intogoogle:mainfrom
Conversation
atulpatildbz
changed the title
NilanjanDaw
reviewed
Feb 8, 2026
Collaborator
NilanjanDaw
left a comment
NilanjanDaw
left a comment
There was a problem hiding this comment.
Thanks for working this. Some minor comments.
This was referenced Feb 9, 2026
NilanjanDaw
approved these changes
Feb 9, 2026
Integrates BoringSSL into the Cargo build process by adding a custom `build.rs` to `third_party/bssl-sys`. Implementation Details: 1. uses the `cmake` crate in `build.rs` to automatically configure and build BoringSSL from git submodule. 2. Sets `RUST_BINDINGS` to ensure BoringSSL generates the necessary Rust targets. 3. Preserves upstream bindgen logic to generate platform-specific bindings during the build. 4. Enables standard `cargo build` workflows without requiring external scripts or manual pre-build steps.
- Auto-init boringssl git submodule when source is missing (curl-sys / libgit2-sys pattern: attempt silently, discard errors) - Add cargo:rerun-if-changed for the boringssl source directory so Cargo rebuilds when the submodule is updated - Add assert on build_dir existence after cmake build for clarity - Document why no cmake pre-check is needed (cmake crate handles it) - Remove unused PathBuf import
atulpatildbz
force-pushed
the
boringssl-build-integration
branch
from
a1c31db to
49cbf3e
Compare
Collaborator
Author
|
/gcbrun |
clundin25
approved these changes
Feb 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Integrates BoringSSL into the keymanager build lifecycle by introducing
build.rsfor orchestration.We've adopted
sys-cratepattern for handling C/C++ dependencies.Instead of relying on external shell scripts, we used the
cmakebuild dependency to compile the native library (boringssl) as a static artifact during the cargo build step.The
RUST_BINDINGSCMake definition is injected to ensure BoringSSL generates the exact rust_wrapper symbols required by thebssl-cryptoRust crateThe resulting artifacts (
libcrypto.a,libssl.a) are statically linked into the final binary, simplifying deployment.Implementation Details
bssl-sys/build.rs: Implemented a custom build script that usescmake::Configto drive the BoringSSL compilation.cmakebuild process, handling platform detection and toolchain selection.crypto,ssl,rust_wrapper) and propagates the search paths viacargo:rustc-link-searchVerification
cargo test -p km_common and cargo test -p bssl-crypto. All 131 tests passed (including 93 bssl-crypto unit tests and 15 km_common tests), confirming that the underlying crypto symbols were correctly linked and callablecargo buildsucceeds from a fresh clone without needing manualcmakeinvocation in the terminal