Add windows build for boring crypto (#6535)

* Add windows build for boring crypto * add changelog * add details on cngcrypto and fips * put some jsonnet into a function Signed-off-by: erikbaranowski <[email protected]> --------- Signed-off-by: erikbaranowski <[email protected]> Co-authored-by: erikbaranowski <[email protected]>
grafana · Feb 28, 2024 · 92d888e · 92d888e
1 parent 04295c4
commit 92d888e
Show file tree

Hide file tree

Showing 13 changed files with 151 additions and 116 deletions.
diff --git a/.drone/drone.yml b/.drone/drone.yml
diff --git a/.drone/pipelines/crosscompile.jsonnet b/.drone/pipelines/crosscompile.jsonnet
@@ -22,6 +22,7 @@ local os_arch_tuples = [
   // Windows
   { name: 'Windows amd64', os: 'windows', arch: 'amd64' },
 
+
   // FreeBSD
   { name: 'FreeBSD amd64', os: 'freebsd', arch: 'amd64' },
 ];
@@ -37,15 +38,22 @@ local targets = [
 local targets_boringcrypto = [
   'agent-boringcrypto',
 ];
+local targets_boringcrypto_windows = [
+  'agent-flow-windows-boringcrypto',
+];
+
 
 local os_arch_types_boringcrypto = [
   // Linux boringcrypto
   { name: 'Linux amd64 boringcrypto', os: 'linux', arch: 'amd64', experiment: 'boringcrypto' },
   { name: 'Linux arm64 boringcrypto', os: 'linux', arch: 'arm64', experiment: 'boringcrypto' },
 ];
+local windows_os_arch_types_boringcrypto = [
+  // Windows boringcrypto
+  { name: 'Windows amd64', os: 'windows', arch: 'amd64', experiment: 'cngcrypto' },
+];
 
-
-std.flatMap(function(target) (
+local build_environments(targets, tuples, image) = std.flatMap(function(target) (
   std.map(function(platform) (
     pipelines.linux('Build %s (%s)' % [target, platform.name]) {
       local env = {
@@ -56,47 +64,26 @@ std.flatMap(function(target) (
         target: target,
 
         tags: go_tags[platform.os],
-      },
+      } + (if 'experiment' in platform then { GOEXPERIMENT: platform.experiment } else { }),
 
       trigger: {
         event: ['pull_request'],
       },
-      steps: [{
-        name: 'Build',
-        image: build_image.linux,
-        commands: [
-          'make generate-ui',
-          'GO_TAGS="%(tags)s" GOOS=%(GOOS)s GOARCH=%(GOARCH)s GOARM=%(GOARM)s make %(target)s' % env,
-        ],
-      }],
-    }
-  ), os_arch_tuples)
-), targets) +
-std.flatMap(function(target) (
-  std.map(function(platform) (
-    pipelines.linux('Build %s (%s)' % [target, platform.name]) {
-      local env = {
-        GOOS: platform.os,
-        GOARCH: platform.arch,
-        GOARM: if 'arm' in platform then platform.arm else '',
-        GOEXPERIMENT: platform.experiment,
-
-        target: target,
-
-        tags: go_tags[platform.os],
-      },
 
-      trigger: {
-        event: ['pull_request'],
-      },
       steps: [{
         name: 'Build',
-        image: build_image.linux,
+        image: image,
         commands: [
           'make generate-ui',
-          'GO_TAGS="%(tags)s" GOOS=%(GOOS)s GOARCH=%(GOARCH)s GOARM=%(GOARM)s GOEXPERIMENT=%(GOEXPERIMENT)s make %(target)s' % env,
+          (if 'GOEXPERIMENT' in env 
+           then 'GO_TAGS="%(tags)s" GOOS=%(GOOS)s GOARCH=%(GOARCH)s GOARM=%(GOARM)s GOEXPERIMENT=%(GOEXPERIMENT)s make %(target)s' % env
+           else 'GO_TAGS="%(tags)s" GOOS=%(GOOS)s GOARCH=%(GOARCH)s GOARM=%(GOARM)s make %(target)s') % env,
         ],
       }],
     }
-  ), os_arch_types_boringcrypto)
-), targets_boringcrypto)
+  ), tuples)
+), targets);
+
+build_environments(targets, os_arch_tuples, build_image.linux) +
+build_environments(targets_boringcrypto, os_arch_types_boringcrypto, build_image.linux) +
+build_environments(targets_boringcrypto_windows, windows_os_arch_types_boringcrypto, build_image.boringcrypto)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -51,6 +51,8 @@ v0.40.0 (2024-02-27)
 
 - Add `otelcol.connector.host_info` component to gather usage metrics for cloud users. (@rlankfo, @jcreixell)
 
+- Add Windows boringcrypto build and executable. (@mattdurham)
+
 ### Enhancements
 
 - Include line numbers in profiles produced by `pyrsocope.java` component. (@korniltsev)

diff --git a/Makefile b/Makefile
@@ -21,13 +21,14 @@
 ##
 ## Targets for building binaries:
 ##
-##   binaries                Compiles all binaries.
-##   agent                   Compiles cmd/grafana-agent to $(AGENT_BINARY)
-##   agent-boringcrypto      Compiles cmd/grafana-agent with GOEXPERIMENT=boringcrypto to $(AGENT_BORINGCRYPTO_BINARY)
-##   agent-flow              Compiles cmd/grafana-agent-flow to $(FLOW_BINARY)
-##   agent-service           Compiles cmd/grafana-agent-service to $(SERVICE_BINARY)
-##   agentctl                Compiles cmd/grafana-agentctl to $(AGENTCTL_BINARY)
-##   operator                Compiles cmd/grafana-agent-operator to $(OPERATOR_BINARY)
+##   binaries                        Compiles all binaries.
+##   agent                           Compiles cmd/grafana-agent to $(AGENT_BINARY)
+##   agent-boringcrypto              Compiles cmd/grafana-agent with GOEXPERIMENT=boringcrypto to $(AGENT_BORINGCRYPTO_BINARY)
+##   agent-flow                      Compiles cmd/grafana-agent-flow to $(FLOW_BINARY)
+##   agent-flow-windows-boringcrypto Compiles cmd/grafana-agent-flow to $(FLOW_BINARY)-windows-boringcrypto
+##   agent-service                   Compiles cmd/grafana-agent-service to $(SERVICE_BINARY)
+##   agentctl                        Compiles cmd/grafana-agentctl to $(AGENTCTL_BINARY)
+##   operator                        Compiles cmd/grafana-agent-operator to $(OPERATOR_BINARY)
 ##
 ## Targets for building Docker images:
 ##
@@ -98,6 +99,7 @@ AGENTCTL_IMAGE                          ?= grafana/agentctl:latest
 OPERATOR_IMAGE                          ?= grafana/agent-operator:latest
 AGENT_BINARY                            ?= build/grafana-agent
 AGENT_BORINGCRYPTO_BINARY               ?= build/grafana-agent-boringcrypto
+AGENT_BORINGCRYPTO_WINDOWS_BINARY       ?= build/agent-flow-windows-boringcrypto.exe
 FLOW_BINARY                             ?= build/grafana-agent-flow
 SERVICE_BINARY                          ?= build/grafana-agent-service
 AGENTCTL_BINARY                         ?= build/grafana-agentctl
@@ -192,6 +194,13 @@ else
 	GOEXPERIMENT=boringcrypto $(GO_ENV) go build $(GO_FLAGS) -o $(AGENT_BORINGCRYPTO_BINARY) ./cmd/grafana-agent
 endif
 
+agent-flow-windows-boringcrypto:
+ifeq ($(USE_CONTAINER),1)
+	$(RERUN_IN_CONTAINER)
+else
+	GOEXPERIMENT=cngcrypto $(GO_ENV) go build $(GO_FLAGS) -tags cngcrypto -o $(AGENT_BORINGCRYPTO_WINDOWS_BINARY) ./cmd/grafana-agent-flow
+endif
+
 
 agent-flow:
 ifeq ($(USE_CONTAINER),1)

diff --git a/cmd/grafana-agent-operator/Dockerfile b/cmd/grafana-agent-operator/Dockerfile
@@ -4,7 +4,7 @@
 # default when running `docker buildx build` or when DOCKER_BUILDKIT=1 is set
 # in environment variables.
 
-FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.30.4 as build
+FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.32.0 as build
 ARG BUILDPLATFORM
 ARG TARGETPLATFORM
 ARG TARGETOS

diff --git a/cmd/grafana-agent/Dockerfile b/cmd/grafana-agent/Dockerfile
@@ -4,7 +4,7 @@
 # default when running `docker buildx build` or when DOCKER_BUILDKIT=1 is set
 # in environment variables.
 
-FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.30.4 as build
+FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.32.0 as build
 ARG BUILDPLATFORM
 ARG TARGETPLATFORM
 ARG TARGETOS

diff --git a/cmd/grafana-agent/Dockerfile.windows b/cmd/grafana-agent/Dockerfile.windows
@@ -1,4 +1,4 @@
-FROM grafana/agent-build-image:0.30.4-windows as builder
+FROM grafana/agent-build-image:0.32.0-windows as builder
 ARG VERSION
 ARG RELEASE_BUILD=1
 

diff --git a/cmd/grafana-agentctl/Dockerfile b/cmd/grafana-agentctl/Dockerfile
@@ -4,7 +4,7 @@
 # default when running `docker buildx build` or when DOCKER_BUILDKIT=1 is set
 # in environment variables.
 
-FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.30.4 as build
+FROM --platform=$BUILDPLATFORM grafana/agent-build-image:0.32.0 as build
 ARG BUILDPLATFORM
 ARG TARGETPLATFORM
 ARG TARGETOS

diff --git a/cmd/grafana-agentctl/Dockerfile.windows b/cmd/grafana-agentctl/Dockerfile.windows
@@ -1,4 +1,4 @@
-FROM grafana/agent-build-image:0.30.4-windows as builder
+FROM grafana/agent-build-image:0.32.0-windows as builder
 ARG VERSION
 ARG RELEASE_BUILD=1
 

diff --git a/pkg/boringcrypto/disabled.go b/pkg/boringcrypto/disabled.go
@@ -1,4 +1,8 @@
-//go:build !(fips || boringcrypto)
+//go:build !(fips || boringcrypto || cngcrypto)
+
+// fips https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md
+// fips and boringcrytpo are for enabling via linux experiment using the goexperiment=boringcrytpo flag
+// cngcrypto is used for windows builds that use https://github.com/microsoft/go fork, and is passed has a tag and experiment.
 
 package boringcrypto
 

diff --git a/pkg/boringcrypto/enabled.go b/pkg/boringcrypto/enabled.go
@@ -1,4 +1,8 @@
-//go:build fips || boringcrypto
+//go:build fips || boringcrypto || cngcrypto
+
+// fips https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md
+// fips and boringcrytpo are for enabling via linux experiment using the goexperiment=boringcrytpo flag
+// cngcrypto is used for windows builds that use https://github.com/microsoft/go fork, and is passed has a tag and experiment.
 
 package boringcrypto
 

diff --git a/tools/make/build-container.mk b/tools/make/build-container.mk
@@ -34,7 +34,7 @@
 # variable names should be passed through to the container.
 
 USE_CONTAINER       ?= 0
-BUILD_IMAGE_VERSION ?= 0.31.0
+BUILD_IMAGE_VERSION ?= 0.32.0
 BUILD_IMAGE         ?= grafana/agent-build-image:$(BUILD_IMAGE_VERSION)
 DOCKER_OPTS         ?= -it
 

diff --git a/tools/make/packaging.mk b/tools/make/packaging.mk
@@ -20,15 +20,15 @@ PACKAGING_VARS = RELEASE_BUILD=1 GO_TAGS="$(GO_TAGS)" GOOS=$(GOOS) GOARCH=$(GOAR
 # agent release binaries
 #
 
-dist-agent-binaries: dist/grafana-agent-linux-amd64       \
-                     dist/grafana-agent-linux-arm64       \
-                     dist/grafana-agent-linux-ppc64le     \
-                     dist/grafana-agent-linux-s390x       \
-                     dist/grafana-agent-darwin-amd64      \
-                     dist/grafana-agent-darwin-arm64      \
-                     dist/grafana-agent-windows-amd64.exe \
-                     dist/grafana-agent-freebsd-amd64     \
-                     dist/grafana-agent-linux-amd64-boringcrypto  \
+dist-agent-binaries: dist/grafana-agent-linux-amd64                    \
+                     dist/grafana-agent-linux-arm64                    \
+                     dist/grafana-agent-linux-ppc64le                  \
+                     dist/grafana-agent-linux-s390x                    \
+                     dist/grafana-agent-darwin-amd64                   \
+                     dist/grafana-agent-darwin-arm64                   \
+                     dist/grafana-agent-windows-amd64.exe              \
+                     dist/grafana-agent-windows-boringcrypto-amd64.exe \
+                     dist/grafana-agent-freebsd-amd64                  \
                      dist/grafana-agent-linux-arm64-boringcrypto
 
 dist/grafana-agent-linux-amd64: GO_TAGS += netgo builtinassets promtail_journal_enabled
@@ -78,6 +78,18 @@ dist/grafana-agent-windows-amd64.exe: GOARCH  := amd64
 dist/grafana-agent-windows-amd64.exe: generate-ui
 	$(PACKAGING_VARS) AGENT_BINARY=$@ "$(MAKE)" -f $(PARENT_MAKEFILE) agent
 
+# NOTE(rfratto): do not use netgo when building Windows binaries, which
+# prevents DNS short names from being resovable. See grafana/agent#4665.
+#
+# TODO(rfratto): add netgo back to Windows builds if a version of Go is
+# released which natively supports resolving DNS short names on Windows.
+dist/grafana-agent-windows-boringcrypto-amd64.exe: GO_TAGS += builtinassets
+dist/grafana-agent-windows-boringcrypto-amd64.exe: GOOS    := windows
+dist/grafana-agent-windows-boringcrypto-amd64.exe: GOARCH  := amd64
+dist/grafana-agent-windows-boringcrypto-amd64.exe: generate-ui
+	$(PACKAGING_VARS) AGENT_BINARY=$@ "$(MAKE)" -f $(PARENT_MAKEFILE) agent
+
+
 dist/grafana-agent-freebsd-amd64: GO_TAGS += netgo builtinassets
 dist/grafana-agent-freebsd-amd64: GOOS    := freebsd
 dist/grafana-agent-freebsd-amd64: GOARCH  := amd64