Patch cel-cpp, fixing cilium-proxy build

We're hitting this cel-cpp issue while buildig cilium-proxy: * envoyproxy/envoy#34368 Bumping cel-cpp to 0.10.0 has been suggested, however that would require bumping other dependencies as well (e.g. com_google_absl). Instead, we'll apply the fix that moves the offending cel-cpp header definitions: google/cel-cpp@18cf568 Applying this patch is not straight forward because the build process is based on bazel and heavily nested: the rockcraft script will patch the cilium-proxy build scripts, which in turn need to patch the envoy proxy build scripts to patch the cel-cpp dependency.
canonical · Jan 16, 2025 · a67a1b1 · a67a1b1
1 parent 1ff4141
commit a67a1b1
Show file tree

Hide file tree

Showing 2 changed files with 273 additions and 9 deletions.
diff --git a/1.16.5/cilium/envoy-fixes.patch b/1.16.5/cilium/envoy-fixes.patch
@@ -0,0 +1,271 @@
+From 285945d3fa51456d81f2d7af98fc38940c74a996 Mon Sep 17 00:00:00 2001
+From: root <[email protected]>
+Date: Thu, 16 Jan 2025 08:08:14 +0000
+Subject: [PATCH] move cel-cpp header definitions, fixing libstdc++-12
+
+---
+ WORKSPACE                                     |   3 +-
+ ...header-definitions-fixing-libstdc-12.patch | 121 ++++++++++++++++++
+ ...0006-cel-cpp-move-header-definitions.patch | 102 +++++++++++++++
+ 3 files changed, 225 insertions(+), 1 deletion(-)
+ create mode 100644 patches/0001-move-cel-cpp-header-definitions-fixing-libstdc-12.patch
+ create mode 100644 patches/0006-cel-cpp-move-header-definitions.patch
+
+diff --git a/WORKSPACE b/WORKSPACE
+index 2868aba..3dd0ddc 100644
+--- a/WORKSPACE
++++ b/WORKSPACE
+@@ -39,6 +39,7 @@ git_repository(
+         # https://github.com/envoyproxy/envoy/pull/31894
+         "@//patches:0004-Patch-cel-cpp-to-not-break-build.patch",
+         "@//patches:0005-original_dst_cluster-Avoid-multiple-hosts-for-the-sa.patch",
++        "@//patches:0006-cel-cpp-move-header-definitions.patch",
+     ],
+     # // clang-format off: Envoy's format check: Only repository_locations.bzl may contains URL references
+     remote = "https://github.com/envoyproxy/envoy.git",
+@@ -68,7 +69,7 @@ envoy_dependencies()
+
+ load("@envoy//bazel:repositories_extra.bzl", "envoy_dependencies_extra")
+
+-envoy_dependencies_extra()
++envoy_dependencies_extra(ignore_root_user_error=True)
+
+ load("@envoy//bazel:python_dependencies.bzl", "envoy_python_dependencies")
+
+diff --git a/patches/0001-move-cel-cpp-header-definitions-fixing-libstdc-12.patch b/patches/0001-move-cel-cpp-header-definitions-fixing-libstdc-12.patch
+new file mode 100644
+index 0000000..5c182c2
+--- /dev/null
++++ b/patches/0001-move-cel-cpp-header-definitions-fixing-libstdc-12.patch
+@@ -0,0 +1,121 @@
++From f8d60039e2ed0879697f0ac014907daab30dc2b5 Mon Sep 17 00:00:00 2001
++From: root <[email protected]>
++Date: Thu, 16 Jan 2025 08:08:14 +0000
++Subject: [PATCH] move cel-cpp header definitions, fixing libstdc++-12
++
++---
++ ...0006-cel-cpp-move-header-definitions.patch | 102 ++++++++++++++++++
++ 1 file changed, 102 insertions(+)
++ create mode 100644 patches/0006-cel-cpp-move-header-definitions.patch
++
++diff --git a/patches/0006-cel-cpp-move-header-definitions.patch b/patches/0006-cel-cpp-move-header-definitions.patch
++new file mode 100644
++index 0000000..924b97f
++--- /dev/null
+++++ b/patches/0006-cel-cpp-move-header-definitions.patch
++@@ -0,0 +1,102 @@
+++From 1d85e06a309d457010797aadc72bc7141c16b070 Mon Sep 17 00:00:00 2001
+++From: root <[email protected]>
+++Date: Thu, 16 Jan 2025 08:05:50 +0000
+++Subject: [PATCH] cel-cpp: move header definitions
+++
+++---
+++ bazel/cel-cpp-header-defs.patch | 70 +++++++++++++++++++++++++++++++++
+++ bazel/repositories.bzl          |  1 +
+++ 2 files changed, 71 insertions(+)
+++ create mode 100644 bazel/cel-cpp-header-defs.patch
+++
+++diff --git a/bazel/cel-cpp-header-defs.patch b/bazel/cel-cpp-header-defs.patch
+++new file mode 100644
+++index 0000000..bab38c2
+++--- /dev/null
++++++ b/bazel/cel-cpp-header-defs.patch
+++@@ -0,0 +1,70 @@
++++From 18cf5685e93fb8c07c807d913fabe9d1b54db87f Mon Sep 17 00:00:00 2001
++++From: CEL Dev Team <[email protected]>
++++Date: Thu, 7 Mar 2024 08:13:00 -0800
++++Subject: [PATCH] Move implementations from the header file.
++++
++++PiperOrigin-RevId: 613588519
++++---
++++ common/json.cc | 11 +++++++++++
++++ common/json.h  | 11 +++--------
++++ 2 files changed, 14 insertions(+), 8 deletions(-)
++++
++++diff --git a/common/json.cc b/common/json.cc
++++index 630a267ca..7946019bc 100644
++++--- a/common/json.cc
+++++++ b/common/json.cc
++++@@ -68,6 +68,17 @@ Json JsonBytes(const absl::Cord& value) {
++++   return JsonBytes(absl::string_view(static_cast<std::string>(value)));
++++ }
++++
+++++bool JsonArrayBuilder::empty() const { return impl_.get().empty(); }
+++++
+++++bool JsonArray::empty() const { return impl_.get().empty(); }
+++++
+++++JsonArray::JsonArray(internal::CopyOnWrite<Container> impl)
+++++    : impl_(std::move(impl)) {
+++++  if (impl_.get().empty()) {
+++++    impl_ = Empty();
+++++  }
+++++}
+++++
++++ namespace {
++++
++++ using internal::ProtoWireEncoder;
++++diff --git a/common/json.h b/common/json.h
++++index fe72492ce..77f0bd29d 100644
++++--- a/common/json.h
+++++++ b/common/json.h
++++@@ -124,7 +124,7 @@ class JsonArrayBuilder {
++++   JsonArrayBuilder& operator=(const JsonArrayBuilder&) = delete;
++++   JsonArrayBuilder& operator=(JsonArrayBuilder&&) = default;
++++
++++-  bool empty() const { return impl_.get().empty(); }
+++++  bool empty() const;
++++
++++   size_type size() const;
++++
++++@@ -187,7 +187,7 @@ class ABSL_ATTRIBUTE_TRIVIAL_ABI JsonArray final {
++++   JsonArray& operator=(const JsonArray&) = default;
++++   JsonArray& operator=(JsonArray&&) = default;
++++
++++-  bool empty() const { return impl_.get().empty(); }
+++++  bool empty() const;
++++
++++   size_type size() const;
++++
++++@@ -223,12 +223,7 @@ class ABSL_ATTRIBUTE_TRIVIAL_ABI JsonArray final {
++++
++++   static internal::CopyOnWrite<Container> Empty();
++++
++++-  explicit JsonArray(internal::CopyOnWrite<Container> impl)
++++-      : impl_(std::move(impl)) {
++++-    if (impl_.get().empty()) {
++++-      impl_ = Empty();
++++-    }
++++-  }
+++++  explicit JsonArray(internal::CopyOnWrite<Container> impl);
++++
++++   internal::CopyOnWrite<Container> impl_;
++++ };
++++
+++diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl
+++index 3a82f6c..3d70304 100644
+++--- a/bazel/repositories.bzl
++++++ b/bazel/repositories.bzl
+++@@ -710,6 +710,7 @@ def _com_google_cel_cpp():
+++         patches = [
+++             "@envoy//bazel:cel-cpp.patch",
+++             "@envoy//bazel:cel-cpp-memory.patch",
++++            "@envoy//bazel:cel-cpp-header-defs.patch",
+++         ],
+++         patch_args = ["-p1"],
+++     )
+++--
+++2.43.0
+++
++--
++2.43.0
++
+diff --git a/patches/0006-cel-cpp-move-header-definitions.patch b/patches/0006-cel-cpp-move-header-definitions.patch
+new file mode 100644
+index 0000000..924b97f
+--- /dev/null
++++ b/patches/0006-cel-cpp-move-header-definitions.patch
+@@ -0,0 +1,102 @@
++From 1d85e06a309d457010797aadc72bc7141c16b070 Mon Sep 17 00:00:00 2001
++From: root <[email protected]>
++Date: Thu, 16 Jan 2025 08:05:50 +0000
++Subject: [PATCH] cel-cpp: move header definitions
++
++---
++ bazel/cel-cpp-header-defs.patch | 70 +++++++++++++++++++++++++++++++++
++ bazel/repositories.bzl          |  1 +
++ 2 files changed, 71 insertions(+)
++ create mode 100644 bazel/cel-cpp-header-defs.patch
++
++diff --git a/bazel/cel-cpp-header-defs.patch b/bazel/cel-cpp-header-defs.patch
++new file mode 100644
++index 0000000..bab38c2
++--- /dev/null
+++++ b/bazel/cel-cpp-header-defs.patch
++@@ -0,0 +1,70 @@
+++From 18cf5685e93fb8c07c807d913fabe9d1b54db87f Mon Sep 17 00:00:00 2001
+++From: CEL Dev Team <[email protected]>
+++Date: Thu, 7 Mar 2024 08:13:00 -0800
+++Subject: [PATCH] Move implementations from the header file.
+++
+++PiperOrigin-RevId: 613588519
+++---
+++ common/json.cc | 11 +++++++++++
+++ common/json.h  | 11 +++--------
+++ 2 files changed, 14 insertions(+), 8 deletions(-)
+++
+++diff --git a/common/json.cc b/common/json.cc
+++index 630a267ca..7946019bc 100644
+++--- a/common/json.cc
++++++ b/common/json.cc
+++@@ -68,6 +68,17 @@ Json JsonBytes(const absl::Cord& value) {
+++   return JsonBytes(absl::string_view(static_cast<std::string>(value)));
+++ }
+++
++++bool JsonArrayBuilder::empty() const { return impl_.get().empty(); }
++++
++++bool JsonArray::empty() const { return impl_.get().empty(); }
++++
++++JsonArray::JsonArray(internal::CopyOnWrite<Container> impl)
++++    : impl_(std::move(impl)) {
++++  if (impl_.get().empty()) {
++++    impl_ = Empty();
++++  }
++++}
++++
+++ namespace {
+++
+++ using internal::ProtoWireEncoder;
+++diff --git a/common/json.h b/common/json.h
+++index fe72492ce..77f0bd29d 100644
+++--- a/common/json.h
++++++ b/common/json.h
+++@@ -124,7 +124,7 @@ class JsonArrayBuilder {
+++   JsonArrayBuilder& operator=(const JsonArrayBuilder&) = delete;
+++   JsonArrayBuilder& operator=(JsonArrayBuilder&&) = default;
+++
+++-  bool empty() const { return impl_.get().empty(); }
++++  bool empty() const;
+++
+++   size_type size() const;
+++
+++@@ -187,7 +187,7 @@ class ABSL_ATTRIBUTE_TRIVIAL_ABI JsonArray final {
+++   JsonArray& operator=(const JsonArray&) = default;
+++   JsonArray& operator=(JsonArray&&) = default;
+++
+++-  bool empty() const { return impl_.get().empty(); }
++++  bool empty() const;
+++
+++   size_type size() const;
+++
+++@@ -223,12 +223,7 @@ class ABSL_ATTRIBUTE_TRIVIAL_ABI JsonArray final {
+++
+++   static internal::CopyOnWrite<Container> Empty();
+++
+++-  explicit JsonArray(internal::CopyOnWrite<Container> impl)
+++-      : impl_(std::move(impl)) {
+++-    if (impl_.get().empty()) {
+++-      impl_ = Empty();
+++-    }
+++-  }
++++  explicit JsonArray(internal::CopyOnWrite<Container> impl);
+++
+++   internal::CopyOnWrite<Container> impl_;
+++ };
+++
++diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl
++index 3a82f6c..3d70304 100644
++--- a/bazel/repositories.bzl
+++++ b/bazel/repositories.bzl
++@@ -710,6 +710,7 @@ def _com_google_cel_cpp():
++         patches = [
++             "@envoy//bazel:cel-cpp.patch",
++             "@envoy//bazel:cel-cpp-memory.patch",
+++            "@envoy//bazel:cel-cpp-header-defs.patch",
++         ],
++         patch_args = ["-p1"],
++     )
++--
++2.43.0
++
+--
+2.43.0
diff --git a/1.16.5/cilium/rockcraft.yaml b/1.16.5/cilium/rockcraft.yaml
@@ -81,15 +81,8 @@ parts:
     override-build: |
       export PKG_BUILD=1
       export DESTDIR=$CRAFT_PART_INSTALL
-      # Workaround for bazel python plugin/bits to ignore running as root
-      sed -i -e 's/envoy_dependencies_extra()/envoy_dependencies_extra(ignore_root_user_error=True)/g' WORKSPACE
-
-      # HACK(aznashwan): there was a known bug in `google/cel-cpp`.
-      # cel-cpp is imported by `envoyproxy` itself, which is imported by `cilium/proxy`.
-      # https://github.com/envoyproxy/envoy/issues/34368
-      # https://github.com/envoyproxy/envoy/pull/36940
-      # https://github.com/envoyproxy/envoy/commit/c7d0d5a340abb34916eaea3833cf5bf85c99b31f
-      sed -i -e 's/ENVOY_SHA = ".*"/ENVOY_SHA = "c7d0d5a340abb34916eaea3833cf5bf85c99b31f"/' WORKSPACE
+      export EMAIL=root@localhost
+      git am --ignore-whitespace $CRAFT_PROJECT_DIR/envoy-fixes.patch
 
       make -C proxylib all
       mkdir -p $CRAFT_PART_INSTALL/usr/lib/