Skip to content

cmake: add option to build and link BoringSSL #17062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

cmake: add option to build and link BoringSSL #17062

wants to merge 4 commits into from
+77 −11

Conversation

@angt
Copy link
Collaborator

@angt angt commented Nov 6, 2025
edited
Loading

This commit adds an easy way to fetch, build, and statically link the BoringSSL library when LLAMA_BUILD_BORINGSSL is enabled.

The version can be set via the LLAMA_BORINGSSL_VERSION cache variable.

@angt
cmake: add option to build and link BoringSSL
0014ce6 
This commit adds an easy way to fetch, build, and statically link the
BoringSSL library when LLAMA_BUILD_BORINGSSL is enabled.

The version can be set via the LLAMA_BORINGSSL_VERSION cache variable.

Signed-off-by: Adrien Gallouët <[email protected]>
@angt angt requested a review from ggerganov as a code owner November 6, 2025 20:11
@github-actions github-actions bot added the build Compilation issues label Nov 6, 2025
@DajanaV DajanaV mentioned this pull request Nov 6, 2025
Open
@ggerganov
Copy link
Member

ggerganov commented Nov 7, 2025

Few observations:

  • On Mac builds, there are quite a lot of compile warnings when building BoringSSL. Need to disable those
  • The SSL stuff is now embedded in all tools and examples increasing their binary size. We should build a shared libllama-common library
  • Do we need to create some CI workflows to make sure BSSL builds are succssful?

@angt
Copy link
Collaborator Author

angt commented Nov 7, 2025

  • The SSL stuff is now embedded in all tools and examples increasing their binary size. We should build a shared libllama-common library

As a quick fix, I can support BUILD_SHARED_LIBS=ON by just renaming our libssl to libllama-ssl to avoid conflicts:

build/bin/llama-server:
        @rpath/libmtmd.dylib (compatibility version 0.0.0, current version 0.0.0)
        @rpath/libllama-ssl.dylib (compatibility version 0.0.0, current version 0.0.0)
        @rpath/libllama-crypto.dylib (compatibility version 0.0.0, current version 0.0.0)
        /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 4040.1.255)
        /System/Library/Frameworks/Security.framework/Versions/A/Security (compatibility version 1.0.0, current version 61901.0.87)
        @rpath/libllama.dylib (compatibility version 0.0.0, current version 0.0.0)
        @rpath/libggml.dylib (compatibility version 0.0.0, current version 0.0.0)
        @rpath/libggml-cpu.dylib (compatibility version 0.0.0, current version 0.0.0)
        @rpath/libggml-blas.dylib (compatibility version 0.0.0, current version 0.0.0)
        @rpath/libggml-metal.dylib (compatibility version 0.0.0, current version 0.0.0)
        @rpath/libggml-base.dylib (compatibility version 0.0.0, current version 0.0.0)
        /usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 2000.63.0)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1356.0.0)
  • Do we need to create some CI workflows to make sure BSSL builds are succssful?

Yes, my plan is to progressively remove curl in the CI, step by step, until it’s completely gone.
Also I don’t expect most users to actually use the BoringSSL build, for almost everyone LLAMA_OPENSSL should be enough.

@angt
boringssl: set -Wno-cast-qual
0950a4e 
Signed-off-by: Adrien Gallouët <[email protected]>
ggerganov
ggerganov reviewed Nov 7, 2025
View reviewed changes
CMakeLists.txt
option(LLAMA_LLGUIDANCE "llama-common: include LLGuidance library for structured output in common utils" OFF)
option(LLAMA_CURL "llama: use libcurl to download model from an URL" ON)
option(LLAMA_OPENSSL "llama: use openssl to support HTTPS" OFF)
option(LLAMA_BUILD_BORINGSSL "llama: build and statically link BoringSSL" OFF)
Copy link
Member

@ggerganov ggerganov Nov 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason to call this LLAMA_BUILD_BORINGSSL instead of the more consistent LLAMA_BORINGSSL?

Copy link
Collaborator Author

@angt angt Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to emphasize that we don’t just use BoringSSL (like we use OpenSSL with LLAMA_OPENSSL), but actually build it. But we can definitely use LLAMA_BORINGSSL.

Also, I think we can simply use BORINGSSL_VERSION to specify the version?

@taronaeo
Copy link
Collaborator

taronaeo commented Nov 8, 2025

Quick heads up, BoringSSL does not support the s390x platform due to endianness issues. So if possible for CI tests, exclude s390x from the BoringSSL tests.

@angt
boringssl: set -Wno-pedantic
c709655 
Signed-off-by: Adrien Gallouët <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ggerganov ggerganov ggerganov left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

build Compilation issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@angt @ggerganov @taronaeo