Skip to content

Add initial recipe for boringssl #28672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add initial recipe for boringssl #28672

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d013496
Add initial recipe for boringssl
bringhurst Oct 18, 2025
3c9278f
Disabled shared builds on Windows until safety of C4251 is determined
bringhurst Oct 23, 2025
33d2282
Merge branch 'conan-io:master' into boringssl/0.20251002.0
bringhurst Oct 29, 2025
1d27b1b
Simplify and remove most options
bringhurst Oct 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions recipes/boringssl/all/conandata.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
sources:
"0.20251002.0":
url: "https://github.com/google/boringssl/releases/download/0.20251002.0/boringssl-0.20251002.0.tar.gz"
sha256: "f96733fc3df03d4195db656d1b7b8c174c33f95d052f811f0ecc8f4e4e3db332"
118 changes: 118 additions & 0 deletions recipes/boringssl/all/conanfile.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
from conan import ConanFile
from conan.tools.build import check_min_cppstd
from conan.tools.cmake import CMake, CMakeDeps, CMakeToolchain, cmake_layout
from conan.tools.files import (
apply_conandata_patches,
copy,
export_conandata_patches,
get,
)
import os

required_conan_version = ">=2.0.9"


class BoringSSLConan(ConanFile):
name = "boringssl"
description = "BoringSSL is a fork of OpenSSL aimed at Google needs."
license = "Apache-2.0"
url = "https://github.com/conan-io/conan-center-index"
homepage = "https://boringssl.googlesource.com/boringssl/"
topics = ("tls", "ssl", "crypto", "openssl", "boringssl")
package_type = "library"
settings = "os", "arch", "compiler", "build_type"

options = {
"shared": [True, False],
"fPIC": [True, False],
"openssl_no_asm": [True, False],
"openssl_small": [True, False],
}

default_options = {
"shared": False,
"fPIC": True,
"openssl_no_asm": False,
"openssl_small": False,
}

# Remove fPIC when shared=True
Comment on lines +38 to +39
Copy link
Member

@uilianries uilianries Oct 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Remove fPIC when shared=True
provides = "openssl"

As it will collide with regular OpenSSL, we should avoid both in the same graph. https://docs.conan.io/2/reference/conanfile/attributes.html#provides

implements = ["auto_shared_fpic"]

def export_sources(self):
export_conandata_patches(self)

def layout(self):
cmake_layout(self)

def build_requirements(self):
self.tool_requires("cmake/[>=3.22 <4]")

# On Windows x86/x64, NASM is needed when assembly is enabled (default).
# Set -o boringssl:openssl_no_asm=True to avoid NASM.
if (
self.settings.os == "Windows"
and str(self.settings.arch) in ("x86", "x86_64")
and not self.options.openssl_no_asm
):
self.tool_requires("nasm/2.16.01")

def validate(self):
check_min_cppstd(self, 17)

def source(self):
get(self, **self.conan_data["sources"][str(self.version)], strip_root=True)
apply_conandata_patches(self)

def generate(self):
tc = CMakeToolchain(self)
tc.cache_variables["CMAKE_FIND_PACKAGE_PREFER_CONFIG"] = True
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
tc.cache_variables["CMAKE_FIND_PACKAGE_PREFER_CONFIG"] = True

That's a good catch by informing CMake to prefer Config, but it's managed already by Conan CMakeToolchain: https://docs.conan.io/2/reference/tools/cmake/cmaketoolchain.html#extending-and-advanced-customization


Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
tc.cache_variables["BUILD_TESTING"] = False

It's currently building unit tests, increasing by around +200 files

tc.cache_variables["OPENSSL_NO_ASM"] = bool(self.options.openssl_no_asm)
tc.cache_variables["OPENSSL_SMALL"] = bool(self.options.openssl_small)
Comment on lines +71 to +72
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
tc.cache_variables["OPENSSL_NO_ASM"] = bool(self.options.openssl_no_asm)
tc.cache_variables["OPENSSL_SMALL"] = bool(self.options.openssl_small)
tc.cache_variables["OPENSSL_NO_ASM"] = self.options.openssl_no_asm
tc.cache_variables["OPENSSL_SMALL"] = self.options.openssl_small

Just to let you know, options are converted to boolean automatically, so you don't need to use bool(). Just an information for a future PR, don't need to change these lines :)


tc.generate()

deps = CMakeDeps(self)
deps.generate()

def build(self):
cmake = CMake(self)
cmake.configure()
cmake.build()

def package(self):
copy(
self,
"LICENSE",
self.source_folder,
os.path.join(self.package_folder, "licenses"),
)

cmake = CMake(self)
cmake.install()

# Intentionally DO NOT remove lib/cmake to preserve the upstream OpenSSL
# config package so consumers can use: find_package(OpenSSL CONFIG)
Comment on lines +94 to +96
Copy link
Member

@uilianries uilianries Oct 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Intentionally DO NOT remove lib/cmake to preserve the upstream OpenSSL
# config package so consumers can use: find_package(OpenSSL CONFIG)
rmdir(self, os.path.join(self.package_folder, "lib", "cmake"))

By the opposite, consumers should use the Conan generator CMakeDeps that will provide proper CMake files using the same name and targets.


def package_info(self):
# So consumers can use: find_package(OpenSSL CONFIG)
self.cpp_info.set_property("cmake_file_name", "OpenSSL")

# OpenSSL::Crypto
crypto = self.cpp_info.components["crypto"]
crypto.set_property("cmake_target_name", "OpenSSL::Crypto")
crypto.libs = ["crypto"]

if self.settings.os == "Windows":
# Upstream adds ws2_32 on Windows
crypto.system_libs.append("ws2_32")
elif str(self.settings.os) not in ("Android", "Generic"):
# Upstream links Threads::Threads on most non-Android/embedded platforms
crypto.system_libs.append("pthread")
Comment on lines +110 to +112
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
elif str(self.settings.os) not in ("Android", "Generic"):
# Upstream links Threads::Threads on most non-Android/embedded platforms
crypto.system_libs.append("pthread")
elif self.settings.os in ["Linux", "FreeBSD"]:
crypto.system_libs = ["pthread"]

This is largely used in ConanCenterIndex. At least we are on safe ground when restricting to these OS, so it may avoid future issues.


# OpenSSL::SSL
ssl = self.cpp_info.components["ssl"]
ssl.set_property("cmake_target_name", "OpenSSL::SSL")
ssl.libs = ["ssl"]
ssl.requires = ["crypto"]
11 changes: 11 additions & 0 deletions recipes/boringssl/all/test_package/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
cmake_minimum_required(VERSION 3.15)
project(test_package LANGUAGES C CXX)

set(CMAKE_FIND_PACKAGE_PREFER_CONFIG ON)

# Use the OpenSSL config package installed by BoringSSL
Comment on lines +4 to +6
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
set(CMAKE_FIND_PACKAGE_PREFER_CONFIG ON)
# Use the OpenSSL config package installed by BoringSSL

Let Conan CMakeToolchain manage it.

find_package(OpenSSL REQUIRED CONFIG)

add_executable(test_package test_package.cpp)
target_link_libraries(test_package PRIVATE OpenSSL::SSL OpenSSL::Crypto)
target_compile_features(test_package PRIVATE cxx_std_17)
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dont need to remove, just for a future PR: Conan injects the CMAKE_CXX_STANDARD always, based on the settings.compiler.cppstd, so you do not need to configure it in the test package.

25 changes: 25 additions & 0 deletions recipes/boringssl/all/test_package/conanfile.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
from conan import ConanFile
from conan.tools.cmake import CMake, cmake_layout
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
from conan.tools.cmake import CMake, cmake_layout
from conan.tools.cmake import CMake, cmake_layout
from conan.tools.build import can_run

import os


class TestPackage(ConanFile):
settings = "os", "arch", "compiler", "build_type"
generators = ("CMakeToolchain", "CMakeDeps")
test_type = "explicit"
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
test_type = "explicit"

Do not need to remove, but to let you know, explicit is only useful in Conan 1.x. For Conan 2.x, it has no effect.


def requirements(self):
self.requires(self.tested_reference_str)

def layout(self):
cmake_layout(self)

def build(self):
cmake = CMake(self)
cmake.configure()
cmake.build()

def test(self):
if not self.conf.get("tools.build:skip_test", default=False):
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if not self.conf.get("tools.build:skip_test", default=False):
if can_run(self):

The conf tools.build:skip_test is mainly directed to unit test, but regarding the project itself, not the test package. The test package, as the name indicates, validates if the package is all in order.

exe = os.path.join(self.cpp.build.bindirs[0], "test_package")
self.run(exe, env="conanrun")
31 changes: 31 additions & 0 deletions recipes/boringssl/all/test_package/test_package.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#include <openssl/base.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>

#include <cassert>
#include <cstring>
#include <iostream>

int main() {
#if !defined(OPENSSL_IS_BORINGSSL)
#error \
"This test must be compiled against BoringSSL headers (OPENSSL_IS_BORINGSSL not defined)."
#endif

// Runtime verification that we linked against BoringSSL.
const char *version = OpenSSL_version(OPENSSL_VERSION);
std::cout << "OpenSSL_version: " << version << "\n";
if (!version || std::strstr(version, "BoringSSL") == nullptr) {
std::cerr << "ERROR: The loaded libcrypto/libssl does not appear to be "
"BoringSSL.\n";
return 1;
}

// Basic sanity to ensure libssl is usable.
SSL_CTX *ctx = SSL_CTX_new(TLS_method());
assert(ctx != nullptr);
SSL_CTX_free(ctx);

std::cout << "BoringSSL test executable linked and ran.\n";
return 0;
}
Comment on lines +1 to +31
Copy link
Member

@uilianries uilianries Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#include <openssl/base.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <cassert>
#include <cstring>
#include <iostream>
int main() {
#if !defined(OPENSSL_IS_BORINGSSL)
#error \
"This test must be compiled against BoringSSL headers (OPENSSL_IS_BORINGSSL not defined)."
#endif
// Runtime verification that we linked against BoringSSL.
const char *version = OpenSSL_version(OPENSSL_VERSION);
std::cout << "OpenSSL_version: " << version << "\n";
if (!version || std::strstr(version, "BoringSSL") == nullptr) {
std::cerr << "ERROR: The loaded libcrypto/libssl does not appear to be "
"BoringSSL.\n";
return 1;
}
// Basic sanity to ensure libssl is usable.
SSL_CTX *ctx = SSL_CTX_new(TLS_method());
assert(ctx != nullptr);
SSL_CTX_free(ctx);
std::cout << "BoringSSL test executable linked and ran.\n";
return 0;
}
#include <cstdlib>
#include <openssl/ssl.h>
#include <iostream>
int main() {
OPENSSL_init_ssl(0, NULL);
std::cout << "OpenSSL version: " << OpenSSL_version(OPENSSL_VERSION) << "\n";
return EXIT_SUCCESS;
}

Let's simplify it as much as possible, as the test package only needs to validate the package itself. Plus, it will only be used for this package, not for regular OpenSSL, so mixing them is not something that will happen.

3 changes: 3 additions & 0 deletions recipes/boringssl/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
versions:
"0.20251002.0":
folder: all