Conversation
…e OpenSSL header conflicts.
The recent change to add `-no-canonical-prefixes` to the macOS Bazel build exposed a missing dependency in gRPC. The `jwt_verifier` component of gRPC uses OpenSSL, but does not explicitly depend on it. The `-no-canonical-prefixes` flag makes the compiler stricter about include paths, which caused the build to fail. This change fixes the build by adding an explicit dependency on OpenSSL to the `jwt_verifier` component of gRPC. The change is implemented as a patch that is applied to the gRPC source code during the build. The patch is applied using both `http_archive` in `workspace0.bzl` for non-bzlmod builds, and `archive_override` in `MODULE.bazel` for bzlmod builds. This ensures that the fix works for both build configurations.
The gRPC archive at v1.69.0 seems to have been updated, as the checksum of the downloaded file no longer matches the value in the WORKSPACE and MODULE.bazel files. This change updates the sha256 and integrity values to match the new checksum of the gRPC archive. This fixes the checksum mismatch error for both bzlmod and non-bzlmod builds.
The CI builds are failing with a patch failure when trying to patch the gRPC archive. This is because the CI machines are using a cached version of the archive that is either corrupted or outdated. This change forces Bazel to re-download the gRPC archive by adding a dummy query parameter to the URL. This will bypass the cache and ensure that the correct version of the archive is used.
The macOS Bazel build is failing with an error indicating that the `grpc_jwt_credentials` target does not have a dependency on a module exporting OpenSSL headers. This is because the `-no-canonical-prefixes` flag, which is needed to avoid OpenSSL header conflicts on macOS, is preventing gRPCs build system from correctly resolving its `libcrypto` and `libssl` external dependencies. This change fixes the build by using `native.bind` to create global aliases for `libcrypto` and `libssl`, pointing them to the `//:crypto` and `//:ssl` targets in the `boringssl` repository. This allows gRPCs build system to correctly resolve these dependencies.
jinseopkim0
temporarily deployed
to
internal
GitHub Actions
Inactive
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #15472 +/- ##
==========================================
- Coverage 93.04% 93.04% -0.01%
==========================================
Files 2403 2403
Lines 219626 219626
==========================================
- Hits 204356 204353 -3
- Misses 15270 15273 +3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| # disables C++14 features, even if the compilers defaults to C++ >= 14 | ||
| build:linux --cxxopt=-std=c++14 | ||
| build:macos --cxxopt=-std=c++14 | ||
| build:macos --cxxopt=-std=c++14 --copt=-no-canonical-prefixes |
There was a problem hiding this comment.
build:macos --copt=-no-canonical-prefixes should go in a separate section describing why its needed. It seems to have nothing to do with "The project requires C++ >= 14."
There was a problem hiding this comment.
Hi Bradley! I'm trying to fix the failing kokoro test kokoro/macos/bazel, and I'm trying experiments to see what would happen with these changes. Once I get a good grasp of the errors and the solution, I'll clean up the PR and send it out for review. If you have ideas to fix kokoro/macos/bazel tests, please let me know!
There was a problem hiding this comment.
I'm trying to fix the failing kokoro test kokoro/macos/bazel, and I'm trying experiments to see what would happen with these changes. Once I get a good grasp of the errors and the solution, I'll clean up the PR and send it out for review.
OK.
But may I suggest that a single, "do not review" PR should be sufficient for experimenting on any one feature.
Might I also suggest that you cleanup the branches your workflow seems to leave behind. It looks like there are currently around 83 remnant branches.
| bazel_dep(name = "protobuf", version = "29.4", repo_name = "com_google_protobuf") | ||
| bazel_dep(name = "boringssl", version = "0.0.0-20230215-5c22014") | ||
| bazel_dep(name = "grpc", version = "1.69.0", repo_name = "com_github_grpc_grpc") | ||
|
|
| # This is a placeholder, if we ever need more phases the function already | ||
| # exists. |
There was a problem hiding this comment.
Is this comment now obsolete?
2 participants
This change is