Skip to content

Commit

Permalink
fix: rename Cargo.toml -> Cargo.toml.hidden to fix cargo behavior
Browse files Browse the repository at this point in the history
  • Loading branch information
@SanjoDeundiak
SanjoDeundiak committed Dec 4, 2024
1 parent 21e4dc2 commit 5058347
Show file tree
Hide file tree
Showing 7 changed files with 117 additions and 63 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,4 @@ vendor
# nix build
/result*
.home
/ockam_ebpf_impl/Cargo.toml
7 changes: 7 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,12 @@ eBPF program used by Ockam Privileged Portals
[features]
default = []
# Build eBPF instead of downloading from artifacts
build = []
build = ["fs_extra"]
logging = []

[build-dependencies]
reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "blocking"] }
url = { version = "2.5.2" }
fs_extra = { version = "1.3.0", optional = true }

[lib]
64 changes: 63 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -1 +1,63 @@
# ockam-ebpf
# ockam_ebpf

[![crate][crate-image]][crate-link]
[![docs][docs-image]][docs-link]
[![license][license-image]][license-link]
[![discuss][discuss-image]][discuss-link]

Ockam is a library for building devices that communicate securely, privately
and trustfully with cloud services and other devices.

This crate contains the eBPF part of Ockam Reliable TCP Portals.

### Build

This crate exposes eBPF binary through the `EBPF_BINARY` static constant in the root of the crate. That binary can be
used to attach Ockam eBPF to network devices.

### Features

By default, this crate ships a prebuilt eBPF binary downloaded from the corresponding GitHub release artifacts. This
allows to build Ockam without all the dependencies that are required to build eBPF.

* build - build the eBPF locally instead of downloading the prebuilt binary. This might be useful during development and debugging.
* logging - this will enable logs for eBPF. Note that eBPF sends logs to the user space using `AsyncPerfEventArray`, therefore it implies performance penalty.

```bash
cargo build
```

### Requirements to build eBPF

Please refer to [ockam_ebpf_impl/README.md](ockam_ebpf_impl/README.md)

### Requirements to use eBPF

Using ockam with eBPFs requires:
- Linux
- root (CAP_BPF, CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN)

## Usage

Add this to your `Cargo.toml`:

```
[dependencies]
ockam_ebpf = "0.5.0"
```

## License

This code is licensed under the terms of the [Apache License 2.0][license-link].

[crate-image]: https://img.shields.io/crates/v/ockam_ebpf.svg
[crate-link]: https://crates.io/crates/ockam_ebpf

[docs-image]: https://docs.rs/ockam_ebpf/badge.svg
[docs-link]: https://docs.rs/ockam_ebpf

[license-image]: https://img.shields.io/badge/License-Apache%202.0-green.svg
[license-link]: https://github.com/build-trust/ockam/blob/HEAD/LICENSE

[discuss-image]: https://img.shields.io/badge/Discuss-Github%20Discussions-ff70b4.svg
[discuss-link]: https://github.com/build-trust/ockam/discussions
35 changes: 28 additions & 7 deletions build.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,35 @@ fn build_ebpf() {
use std::env;
use std::process::Command;

use fs_extra::dir::CopyOptions;

let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
let output_file = out_dir.join("ockam_ebpf");
let ebpf_subdir = out_dir.join("ebpf");

let target_dir = out_dir.join("ebpf");
let ockam_ebpf_impl_subdir = ebpf_subdir.join("ockam_ebpf_impl");
let ockam_ebpf_impl_target_subdir = ebpf_subdir.join("target");
let cargo_toml_hidden = ockam_ebpf_impl_subdir.join("Cargo.toml.hidden");
let cargo_toml = ockam_ebpf_impl_subdir.join("Cargo.toml");

// Delete the target dir for eBPF crate otherwise it doesn't want to recompile after files are
// Delete the directories for eBPF crate otherwise it doesn't want to recompile after files are
// updated
_ = std::fs::remove_dir_all(&target_dir);
std::fs::create_dir(&target_dir).unwrap();
_ = std::fs::remove_dir_all(&ebpf_subdir);

std::fs::create_dir(&ebpf_subdir).unwrap();
std::fs::create_dir(&ockam_ebpf_impl_subdir).unwrap();
std::fs::create_dir(&ockam_ebpf_impl_target_subdir).unwrap();

// Copy the impl crate contents to build it
fs_extra::copy_items(
&[PathBuf::from("./ockam_ebpf_impl")],
&ebpf_subdir,
&CopyOptions::new(),
)
.unwrap();

// Copy Cargo.toml.hidden to Cargo.toml
std::fs::copy(&cargo_toml_hidden, &cargo_toml).unwrap();

#[allow(unused_mut)]
let mut args = vec!["build", "--release"];
Expand All @@ -24,11 +44,11 @@ fn build_ebpf() {
args.extend_from_slice(&["-F", "logging"]);

let output = Command::new("cargo")
.current_dir(PathBuf::from("./ockam_ebpf_impl"))
.current_dir(&ockam_ebpf_impl_subdir)
.env_remove("RUSTUP_TOOLCHAIN")
.env_remove("RUSTC")
.args(&args)
.env("CARGO_TARGET_DIR", &target_dir)
.env("CARGO_TARGET_DIR", &ockam_ebpf_impl_target_subdir)
.output();

let output = match output {
Expand All @@ -42,7 +62,8 @@ fn build_ebpf() {
panic!("Couldn't compile eBPF");
}

let build_output_file = target_dir.join("bpfel-unknown-none/release/ockam_ebpf");
let build_output_file =
ockam_ebpf_impl_target_subdir.join("bpfel-unknown-none/release/ockam_ebpf");
std::fs::copy(build_output_file, output_file).expect("Couldn't copy ockam_ebpf file");
}

Expand Down
5 changes: 3 additions & 2 deletions ockam_ebpf_impl/Cargo.toml → ockam_ebpf_impl/Cargo.toml.hidden
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
[workspace]
[package]
name = "ockam_ebpf_impl"
version = "0.1.0"
Expand All @@ -7,9 +8,9 @@ edition = "2021"
homepage = "https://github.com/build-trust/ockam"
keywords = ["ockam", "crypto", "p2p", "cryptography", "encryption"]
license = "Apache-2.0"
publish = true
publish = false
readme = "README.md"
repository = "https://github.com/build-trust/ockam/implementations/rust/ockam/ockam_ebpf"
repository = "https://github.com/build-trust/ockam-ebpf/ockam_ebpf_impl"
rust-version = "1.70.0"
description = """
eBPF program used by Ockam Privileged Portals
Expand Down
65 changes: 13 additions & 52 deletions ockam_ebpf_impl/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,64 +1,25 @@
# ockam_ebpf
# ockam_ebpf_impl

[![crate][crate-image]][crate-link]
[![docs][docs-image]][docs-link]
[![license][license-image]][license-link]
[![discuss][discuss-image]][discuss-link]

Ockam is a library for building devices that communicate securely, privately
and trustfully with cloud services and other devices.

This crate contains the eBPF part of Ockam Reliable TCP Portals.
This crate is shipped as a part of `ockam_ebpf` crate rather than a stand-alone crate. Please refer to the ../README.md
for more information.

### Build

In order to build the crate it's required to copy `Cargo.toml.hidden` file and rename it to `Cargo.toml`. Note, that
`Cargo.toml` file is added to `.gitignore` and shouldn't be commited, instead all changes should be inside
`Cargo.toml.hidden` file. The reason for that is special cargo behaviour that doesn't allow including other crates as
part of a crate. Therefore, if `ockam_ebpf_impl` subdirectory has `Cargo.toml` file, that directory will be completely
ignored during `ockam_ebpf` crate release even if it's added to `include` field of root `Cargo.toml`.

```bash
cargo build-ebpf
cargo build
```
### Requirements

Building eBPFs have roughly following requirements:
- Linux
- Rust nightly
- Some dependencies to be installed

Because of that crate with the eBPF code is kept out of the workspace.
Example of a virtual machine to build it can be found in `ubuntu_x86.yaml`.

Using ockam with eBPFs requires:
- Linux
- root (CAP_BPF, CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN)

Example of a virtual machine to run ockam with eBPF can be found in `ubuntu_arm.yaml`.

eBPF is a small architecture-independent object file that is small enough,
to include it in the repo.

The built eBPF object should be copied to `/implementations/rust/ockam/ockam_ebpf/ockam_ebpf`,
from where it will be grabbed by `ockam_transport_tcp` crate.

## Usage

Add this to your `Cargo.toml`:

```
[dependencies]
ockam_ebpf = "0.1.0"
```

## License

This code is licensed under the terms of the [Apache License 2.0][license-link].

[main-ockam-crate-link]: https://crates.io/crates/ockam

[crate-image]: https://img.shields.io/crates/v/ockam_ebpf.svg
[crate-link]: https://crates.io/crates/ockam_ebpf

[docs-image]: https://docs.rs/ockam_ebpf/badge.svg
[docs-link]: https://docs.rs/ockam_ebpf

[license-image]: https://img.shields.io/badge/License-Apache%202.0-green.svg
[license-link]: https://github.com/build-trust/ockam/blob/HEAD/LICENSE

[discuss-image]: https://img.shields.io/badge/Discuss-Github%20Discussions-ff70b4.svg
[discuss-link]: https://github.com/build-trust/ockam/discussions
Because of that, crate with the eBPF code is kept out of the workspace.
Example of a virtual machine to build and run eBPF can be found in [ubuntu_arm.yaml](../vm/ubuntu_arm.yaml)

0 comments on commit 5058347

Please sign in to comment.