yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(build): avoid reading secret keys repeatedly

This commit is contained in:
Zaiming Shi 2021-03-18 19:37:04 +01:00 committed by Zaiming (Stone) Shi
parent 01149bf687
commit 8828c48352
1 changed files with 29 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
rebar.config.erl
View File

@ -101,17 +101,25 @@ common_compile_opts() ->
| [{d, 'EMQX_ENTERPRISE'} || is_enterprise()] | [{d, 'EMQX_ENTERPRISE'} || is_enterprise()]
]. ].
make_debug_info_key_fun() ->
case os:getenv("EMQX_COMPILE_SECRET_FILE") of
false -> false;
"" -> false;
Fn ->
io:format("===< using debug_info encryption key from file ~p!~n", [Fn]),
SecretText = get_compile_secret(Fn),
F = fun(init) -> ok;
(clear) -> ok;
({debug_info, _Mode, _Module, _Filename}) -> SecretText
end,
beam_lib:crypto_key_fun(F),
F
end.
prod_compile_opts(false) -> prod_compile_opts(false) ->
prod_compile_opts(); prod_compile_opts();
prod_compile_opts(SecretFile) -> prod_compile_opts(KeyFun) ->
SecretText = get_compile_secret(SecretFile), [{debug_info_key, KeyFun({debug_info, "", "", ""})} | prod_compile_opts()].
beam_lib:crypto_key_fun(
fun(init) -> ok;
(clear) -> ok;
({debug_info, _Mode, _Module, _Filename}) -> SecretText
end
),
[{debug_info_key, SecretText} | prod_compile_opts()].
prod_compile_opts() -> prod_compile_opts() ->
[ compressed [ compressed
@ -126,18 +134,17 @@ test_compile_opts() ->
profiles() -> profiles() ->
Vsn = get_vsn(), Vsn = get_vsn(),
SecretFile = os:getenv("EMQX_COMPILE_SECRET_FILE"), KeyFun = make_debug_info_key_fun(),
SecretFile =/= false andalso io:format("debug_info encryption enabled !~n"), [ {'emqx', [ {erl_opts, prod_compile_opts(KeyFun)}
[ {'emqx', [ {erl_opts, prod_compile_opts(SecretFile)}
, {relx, relx(Vsn, cloud, bin)} , {relx, relx(Vsn, cloud, bin)}
]} ]}
, {'emqx-pkg', [ {erl_opts, prod_compile_opts(SecretFile)} , {'emqx-pkg', [ {erl_opts, prod_compile_opts(KeyFun)}
, {relx, relx(Vsn, cloud, pkg)} , {relx, relx(Vsn, cloud, pkg)}
]} ]}
, {'emqx-edge', [ {erl_opts, prod_compile_opts(SecretFile)} , {'emqx-edge', [ {erl_opts, prod_compile_opts(KeyFun)}
, {relx, relx(Vsn, edge, bin)} , {relx, relx(Vsn, edge, bin)}
]} ]}
, {'emqx-edge-pkg', [ {erl_opts, prod_compile_opts(SecretFile)} , {'emqx-edge-pkg', [ {erl_opts, prod_compile_opts(KeyFun)}
, {relx, relx(Vsn, edge, pkg)} , {relx, relx(Vsn, edge, pkg)}
]} ]}
, {check, [ {erl_opts, test_compile_opts()} , {check, [ {erl_opts, test_compile_opts()}
@ -471,8 +478,13 @@ list_dir(Dir) ->
[list_to_atom(Name) || Name <- Names, filelib:is_dir(filename:join([Dir, Name]))]. [list_to_atom(Name) || Name <- Names, filelib:is_dir(filename:join([Dir, Name]))].
get_compile_secret(SecretFile) -> get_compile_secret(SecretFile) ->
{ok, Secret} = file:read_file(SecretFile), case file:read_file(SecretFile) of
string:trim(binary_to_list(Secret)). {ok, Secret} ->
string:trim(binary_to_list(Secret));
{error, Reason} ->
io:format("===< Failed to read debug_info encryption key file ~s: ~p~n", [SecretFile, Reason]),
exit(Reason)
end.
%% ==== Enterprise supports below ================================================================== %% ==== Enterprise supports below ==================================================================