feat: include csfle shared library COMPASS-5618 (#3052)

Author: addaleax

configs/webpack-config-compass/src/index.ts

@@ -19,6 +19,7 @@ import {
   lessLoader,
   assetsLoader,
   resourceLoader,
+  sharedObjectLoader,
 } from './loaders';
 import {
   entriesToNamedEntries,
@@ -58,6 +59,7 @@ export function createElectronMainConfig(
         javascriptLoader(opts),
         nodeLoader(opts),
         resourceLoader(opts),
+        sharedObjectLoader(opts),
         sourceLoader(opts),
       ],
     },
@@ -124,6 +126,7 @@ export function createElectronRendererConfig(
         cssLoader(opts),
         lessLoader(opts),
         assetsLoader(opts),
+        sharedObjectLoader(opts),
         sourceLoader(opts),
       ],
     },

configs/webpack-config-compass/src/loaders.ts

@@ -162,13 +162,23 @@ export const resourceLoader = (_args: ConfigArgs) => ({
   type: 'asset/resource',
 });
 
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+export const sharedObjectLoader = (_args: ConfigArgs) => ({
+  test: /\.(dylib|so|dll)(\?.+?)?$/,
+  // asset/resource always compiles imports to paths to files, this is a good
+  // strategy for electron main (node.js) process where handling data uris might
+  // be more work than handling files
+  type: 'asset/resource',
+});
+
 export const sourceLoader = (args: ConfigArgs) => ({
   exclude: [
     javascriptLoader(args).test,
     nodeLoader(args).test,
     cssLoader(args).test,
     lessLoader(args).test,
     assetsLoader(args).test,
+    sharedObjectLoader(args).test,
     // Produced by html-webpack-plugin and should not be handled
     /\.(ejs|html)$/,
     // Handled nicely by Webpack by default, no need to load it as raw source

packages/compass-e2e-tests/tests/logging.test.ts

@@ -135,6 +135,17 @@ describe('Logging and Telemetry integration', function () {
             expect(actual.arch).to.equal(process.arch);
           },
         },
+        {
+          s: 'I',
+          c: 'COMPASS-MAIN',
+          id: 1_001_000_125,
+          ctx: 'CSFLE',
+          msg: 'Found CSFLE library',
+          attr: (actual: any) => {
+            expect(actual.csfleLibraryPath).to.be.a('string');
+            expect(actual.csfleLibraryPath).to.include('mongo_csfle_v1');
+          },
+        },
         {
           s: 'I',
           c: 'COMPASS-TELEMETRY',

packages/compass/LICENSE

@@ -553,5 +553,8 @@
   waiver of all civil liability in connection with the Program, unless a
   warranty or assumption of liability accompanies a copy of the Program in
   return for a fee.
-  
-                        END OF TERMS AND CONDITIONS
+
+                        END OF TERMS AND CONDITIONS
+
+This product also includes the MongoDB Client-Side Field-Level Encryption library
+(mongodb_csfle_v1) which is covered by the MongoDB Enterprise Agreement.

packages/compass/package.json

@@ -106,7 +106,8 @@
           "**/node-addon-api/**",
           "**/win-export-certificate-and-key/**",
           "**/macos-export-certificate-and-key/**",
-          "**/system-ca/**"
+          "**/system-ca/**",
+          "**/mongo_csfle_v1.*"
         ]
       },
       "rebuild": {
@@ -123,7 +124,7 @@
     }
   },
   "scripts": {
-    "install": "node scripts/download-akzidenz.js",
+    "install": "node scripts/download-akzidenz.js && node scripts/download-csfle.js",
     "electron-rebuild": "electron-rebuild --only kerberos,keytar,interruptor,os-dns-native,win-export-certificate-and-key,macos-export-certificate-and-key --force --prebuild-tag-prefix not-real-prefix-to-force-rebuild",
     "prestart": "npm run electron-rebuild",
     "start": "npm run webpack serve -- --mode development",
@@ -221,6 +222,7 @@
     "darkreader": "^4.9.40",
     "debug": "4.3.0",
     "debug-menu": "^0.3.0",
+    "decompress": "^4.2.1",
     "depcheck": "^1.4.1",
     "electron": "^13.5.1",
     "electron-devtools-installer": "^3.2.0",
@@ -246,6 +248,7 @@
     "mongodb": "^4.4.0",
     "mongodb-connection-model": "^21.16.0",
     "mongodb-data-service": "^21.20.0",
+    "mongodb-download-url": "^1.2.0",
     "mongodb-instance-model": "^11.22.0",
     "mongodb-log-writer": "^1.1.4",
     "mongodb-url": "^3.0.3",
@@ -261,6 +264,7 @@
     "sinon": "^8.1.1",
     "sinon-chai": "^3.7.0",
     "storage-mixin": "^4.14.0",
+    "tar": "^6.1.11",
     "uuid": "^3.0.0",
     "web-vitals": "^2.1.2"
   },

packages/compass/scripts/download-akzidenz.js

@@ -7,7 +7,9 @@
 /* eslint-disable no-console */
 const os = require('os');
 const path = require('path');
-const { promises: fs } = require('fs');
+const { promises: fs, createWriteStream } = require('fs');
+const { pipeline } = require('stream');
+const { promisify } = require('util');
 
 const PACKAGE_ROOT = process.cwd();
 
@@ -76,7 +78,7 @@ const download = async(url, destDir) => {
   }
 
   if (!UPDATE_CACHE) {
-    await fs.writeFile(destFilePath, await res.buffer());
+    await promisify(pipeline)(res.body, createWriteStream(destFilePath));
   }
 };
 
@@ -105,9 +107,10 @@ const download = async(url, destDir) => {
     } catch (e) { /* ignore */ }
   } else {
     console.log(
-      'Downloading %d fonts for package %s',
+      'Downloading %d fonts for package %s to %s',
       AKZIDENZ_CDN_URLS.length,
-      packageJson.name
+      packageJson.name,
+      FONTS_DIRECTORY
     );
   }
 

packages/compass/scripts/download-csfle.js

@@ -0,0 +1,112 @@
+/* eslint-disable no-console */
+const os = require('os');
+const path = require('path');
+const { promises: fs, createWriteStream, createReadStream } = require('fs');
+const { getDownloadURL } = require('mongodb-download-url');
+const { pipeline } = require('stream');
+const { promisify } = require('util');
+const decompress = require('decompress');
+const tar = require('tar');
+
+const PACKAGE_ROOT = process.cwd();
+
+// const MONOREPO_ROOT = path.resolve(__dirname, '..');
+
+const CACHE_DIR = path.join(os.tmpdir(), '.compass-csfle-library-cache');
+
+const fetch = require('make-fetch-happen').defaults({
+  cacheManager: CACHE_DIR
+});
+
+const UPDATE_CACHE = process.argv.includes('--update-cache');
+
+const CSFLE_DIRECTORY = path.resolve(
+  PACKAGE_ROOT,
+  'src',
+  'deps',
+  'csfle'
+);
+
+const download = async(url, destDir) => {
+  const destFileName = path.basename(url);
+  const destFilePath = path.join(destDir, destFileName);
+
+  const res = await fetch(url);
+
+  // If cache item stored by `make-fetch-happen` is stale, it will check if
+  // resource was not modified with the remote and can return a 304 with a body
+  // present. In that case we don't want to throw an error, but rather proceed
+  // with the normal flow
+  if (!res.ok && res.status !== 304) {
+    throw new Error(`Failed to fetch ${url}: ${res.statusText}`);
+  }
+
+  if (!UPDATE_CACHE) {
+    await promisify(pipeline)(res.body, createWriteStream(destFilePath));
+  }
+
+  return destFilePath;
+};
+
+(async() => {
+  const packageJson = require(path.join(PACKAGE_ROOT, 'package.json'));
+
+  if (UPDATE_CACHE) {
+    console.log('Re-populating csfle library cache at %s', CACHE_DIR);
+
+    try {
+      await fs.rmdir(CACHE_DIR, { recursive: true });
+    } catch (e) { /* ignore */ }
+  } else {
+    console.log(
+      'Downloading csfle library for package %s',
+      packageJson.name
+    );
+  }
+
+  const downloadOptions = {
+    enterprise: true,
+    csfle: true
+  };
+  if (process.platform === 'linux') {
+    // The CSFLE shared library is built for different distros,
+    // but since it only depends on glibc, we can just download
+    // a CSFLE library from a distro with a low glibc version
+    // such as RHEL7.
+    downloadOptions.distro = 'rhel70';
+  }
+  let artifactInfo;
+  // Try getting the latest stable csfle library, if none exists
+  // (which is the case at the time of writing), fall back to
+  // a 6.0 rc candidate. We can remove this try/catch after 6.0.0.
+  try {
+    artifactInfo = await getDownloadURL(downloadOptions);
+  } catch {
+    artifactInfo = await getDownloadURL({
+      ...downloadOptions,
+      version: '>= 6.0.0-rc4'
+    });
+  }
+
+  console.log('Downloading csfle artifact', artifactInfo, 'to', CSFLE_DIRECTORY);
+  await fs.mkdir(CSFLE_DIRECTORY, { recursive: true });
+  const artifactPath = await download(artifactInfo.url, CSFLE_DIRECTORY);
+
+  if (artifactInfo.ext === 'zip') {
+    // For .zip files, use `decompress`
+    await decompress(artifactPath, CSFLE_DIRECTORY);
+  } else {
+    // For .tar files, `decompress` is buggy, so we use `tar` instead
+    await promisify(pipeline)(
+      createReadStream(artifactPath),
+      tar.x({
+        C: CSFLE_DIRECTORY
+      }));
+  }
+})().catch((err) => {
+  if (err) {
+    console.error(err);
+  }
+
+  process.exit(1);
+});

packages/compass/src/deps/csfle/.gitignore

@@ -0,0 +1,3 @@
+# This folder only contains files downloaded via scripts/download-csfle
+*
+!.*

packages/compass/src/main/application.ts

@@ -8,6 +8,7 @@ import { CompassLogging } from './logging';
 import { CompassTelemetry } from './telemetry';
 import { CompassWindowManager } from './window-manager';
 import { CompassMenu } from './menu';
+import { setupCSFLELibrary } from './setup-csfle-library';
 
 const debug = createDebug('mongodb-compass:main:application');
 
@@ -37,6 +38,7 @@ class CompassApplication {
       this.setupTelemetry(),
     ]);
 
+    await setupCSFLELibrary();
     this.setupJavaScriptArguments();
     this.setupLifecycleListeners();
     this.setupApplicationMenu();

packages/compass/src/main/index.ts

@@ -1,4 +1,5 @@
 import '../setup-hadron-distribution';
+import './setup-csfle-library';
 import { app } from 'electron';
 import { handleUncaughtException } from './handle-uncaught-exception';