Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MacOS specific compilation options #31

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add MacOS specific compilation options #31

wants to merge 1 commit into from

Conversation

hongkongkiwi
Copy link
Contributor

@hongkongkiwi hongkongkiwi commented Jun 3, 2024
edited
Loading

  • Adds additional compilation options for MacOS
  • Add dylib building for MacOS

Here's how I got it compiling for MacOS:

Install depeencies

brew install json-c p11-kit openssl@3 libp11 zlib

Install AWS SDK

git clone --recurse-submodules "https://github.com/aws/aws-sdk-cpp" "aws-sdk-cpp"
cd "aws-sdk-cpp"
./prefetch_crt_dependency.sh
mkdir -p ./build
cd ./build
cmake \
  -DCMAKE_PREFIX_PATH="/opt/homebrew/opt/curl/" \
  -DBUILD_ONLY="kms;acm-pca" \
  -DCMAKE_BUILD_TYPE=Release  \
  -DENABLE_TESTING=OFF \
  -DAUTORUN_UNIT_TESTS=OFF \
  -DBUILD_SHARED_LIBS=OFF \
  -DCMAKE_INSTALL_PREFIX="$HOME/aws-sdk-cpp"
  ..
cmake --build build -j $(nproc)
make install

We need to fix up the SDK so it builds s2n which is doesn't seem to do by default in latest versoins.

cd ../crt/aws-crt-cpp/crt/s2n
mkdir -p build
cd build
cmake .. -Bbuild \
    -DCMAKE_BUILD_TYPE=Release \
    -DCMAKE_INSTALL_PREFIX="$HOME/aws-sdk-cpp"
cmake --build build -j $(nproc)
cmake --install build

Compile AWS PKCS11

AWS_SDK_PATH="$HOME/aws-sdk-cpp" make

Using on MacOS

mkdir -p ~/.config/aws-kms-pkcs11
touch ~/.config/aws-kms-pkcs11/config

Setup OpenSSL Config

cat >openssl_config.conf <<EOF
openssl_conf = openssl_init

[openssl_init]
engines = engine_section

[engine_section]
pkcs11 = pkcs11_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /opt/homebrew/opt/libp11/lib/engines-3/libpkcs11.dylib
MODULE_PATH = /Users/andy/.config/aws-kms-pkcs11/aws_kms_pkcs11.dylib
init = 0

[req]
distinguished_name=dn
[ dn ]
EOF

OPENSSL_CONF=openssl_config.conf openssl req -config <(echo "$CONFIG") -x509 -key pkcs11:token=my-signing-key -keyform engine -engine pkcs11 -out mycert.pem -subj '/CN=mycert' -days 366 -addext basicConstraints=critical,CA:FALSE

@hongkongkiwi
Add MacOS specific compilation options
6e0f1a6 
Add dylib building for MacOS
@hongkongkiwi hongkongkiwi mentioned this pull request Jun 3, 2024
Open
@JackOfMostTrades JackOfMostTrades self-assigned this Jun 4, 2024
@hongkongkiwi
Copy link
Contributor Author

This has been working well for me, but it looks like it might be out of date now. Be great to get it into main.

JackOfMostTrades
JackOfMostTrades requested changes Jan 24, 2025
View reviewed changes
Makefile
# Try to locate OpenSSL if not specified with OPENSSL_INC and OPENSSL_LIB
ifeq ($(OPENSSL_INC),)
OPENSSL_INC := $(shell pkg-config --cflags openssl 2>/dev/null)
ifeq ($(OPENSSL_INC),)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pkg-config --cflags openssl will actually be empty on an Ubuntu system (this is why CI is failing) because header files are in the standard include path. If the make will fail if pkg-config has non-zero exit code then you can probably skip this check? A stack overflow post leads me to think ifneq ($(.SHELLSTATUS),0) might be the right alternative here.

Makefile
MACOSX_FRAMEWORKS := -framework CoreFoundation -framework Security
endif

all: aws_kms_pkcs11.so aws_kms_pkcs11.dylib
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if it makes sense to target the dylib on Linux systems (and vice-versa)? Can/should all: be defined based on UNAME_S?

@JackOfMostTrades
Copy link
Owner

Sorry, apparently my review comments were saved as a draft rather than posted. Please check the above comments; the PR as it was was causing the CI build to fail, so it needs some tweaks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JackOfMostTrades JackOfMostTrades JackOfMostTrades requested changes

Assignees

@JackOfMostTrades JackOfMostTrades

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hongkongkiwi @JackOfMostTrades