emo
/
haproxy
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Global cleanup for fully reproducible local build

This commit is contained in:
Tristan 2022-06-06 05:46:20 +01:00
parent 8cc1d4e0db
commit 5971388de4
No known key found for this signature in database
GPG Key ID: BDDFC4A0651ACDE4
15 changed files with 208 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,2 +1,3 @@
build/
**/dist
**/src
**/*.tar.gz

45
.gitlab-ci.yml
View File

@ -1,5 +1,48 @@
stages:
- build
- quictls
- haproxy
.default-vars: &default-vars
TZ: "UTC"
GIT_DEPTH: "1"
QUICTLS_VERSION: "3.0.3"
QUICTLS_ARCHIVE: "$CI_PROJECT_DIR/quictls/quictls.tar.gz"
quictls:build:
image: docker.io/library/debian:bullseye
stage: quictls
needs: [ ]
before_script:
- apt -qq update
- apt install -y --no-install-recommends -qq build-essential ca-certificates curl tar
script:
- cd quictls || exit 1
- make clone
- make dist
- make archive
variables:
<<: *default-vars
BUILDDIR: "$CI_PROJECT_DIR/quictls/build"
DESTDIR: "$CI_PROJECT_DIR/quictls/dist"
artifacts:
expire_in: 14 days
paths: [ "$QUICTLS_ARCHIVE" ]
quictls:upload:
image: docker.io/curlimages/curl:latest
stage: quictls
needs:
- job: quictls:build
artifacts: true
script: |
set -eu
curl \
-H"JOB-TOKEN: $CI_JOB_TOKEN" \
--upload-file "$QUICTLS_ARCHIVE" \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/quictls/$QUICTLS_VERSION/quictls.tar.gz"
variables:
<<: *default-vars
GIT_STRATEGY: none
.docker-build: &docker-build
stage: build

52
Dockerfile
View File

@ -1,52 +0,0 @@
ARG DEBIAN_CODENAME
FROM docker.io/library/debian:${DEBIAN_CODENAME} as base
FROM base as builder
RUN apt -qq update && \
apt install --no-install-recommends -qq -y build-essential
ENV QUICTLS_PREFIX "/opt/quictls"
ENV HAPROXY_PREFIX "/opt/haproxy"
FROM builder as quictls-build
COPY --chown=root:root scripts/quictls* /scripts/
ENV QUICTLS_BUILD_DIR "/tmp/quictls"
ENV QUICTLS_MAKE_INSTALL "true"
ARG QUICTLS_SOURCE
RUN /scripts/quictls-clone.sh ${QUICTLS_SOURCE} "${QUICTLS_BUILD_DIR}"
RUN /scripts/quictls-build.sh "${QUICTLS_BUILD_DIR}" "${QUICTLS_PREFIX}"
RUN ls -1 "${QUICTLS_PREFIX}/include" "${QUICTLS_PREFIX}/lib" && "${QUICTLS_PREFIX}/bin/openssl" version
FROM builder as haproxy-build
COPY --from=quictls-build /opt/quictls /opt/quictls
COPY --chown=root:root scripts/haproxy* /scripts/
ENV HAPROXY_BUILD_DIR "/tmp/haproxy"
ENV HAPROXY_MAKE_INSTALL "true"
ARG HAPROXY_SOURCE_REPO
ARG HAPROXY_SOURCE_BRANCH
RUN /scripts/haproxy-clone.sh "${HAPROXY_SOURCE_REPO}" "${HAPROXY_SOURCE_BRANCH}" "${HAPROXY_BUILD_DIR}"
RUN /scripts/haproxy-build.sh "${HAPROXY_BUILD_DIR}" "${QUICTLS_PREFIX}" "${HAPROXY_PREFIX}"
RUN "${HAPROXY_PREFIX}/usr/local/sbin/haproxy" -vv
ARG DEBIAN_CODENAME
FROM docker.io/library/debian:${DEBIAN_CODENAME}-slim
RUN apt -qq update && \
apt -qq -y --no-install-recommends install \
ca-certificates \
liblua5.3-0 \
libpcre2-8-0 \
socat && \
apt -qq -y --purge autoremove && \
apt -qq -y clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/*
COPY --from=quictls-build /opt/quictls /opt/quictls
COPY --from=haproxy-build /opt/haproxy /

17
Makefile Normal file
View File

@ -0,0 +1,17 @@
all: deps haproxy
deps: deps/lua deps/pcre2 deps/quictls
deps/lua:
$(MAKE) -C "deps/lua"
deps/pcre2:
$(MAKE) -C "deps/pcre2"
deps/quictls:
$(MAKE) -C "deps/quictls"
haproxy:
$(MAKE) -C "haproxy"
.PHONY: deps/* haproxy

2
common.config
View File

@ -1,2 +0,0 @@
DEBIAN_CODENAME=bullseye
QUICTLS_SOURCE=https://codeload.github.com/quictls/openssl/tar.gz/openssl-3.0.3+quic

27
deps/lua/Makefile vendored Normal file
View File

@ -0,0 +1,27 @@
LUA_VERSION = 5.3.6
LUA_SOURCES = https://www.lua.org/ftp/lua-$(LUA_VERSION).tar.gz
LUA_TARBALL = lua-$(LUA_VERSION).tar.gz
LUA_DESTDIR = dist
LUA_DESTDIR_ABS = $(shell realpath $(LUA_DESTDIR))
all: build $(LUA_DESTDIR)
src:
if ! [ -d "src" ]; then mkdir -v "src"; fi
src/lua-$(LUA_VERSION).tar.gz: src
curl -sSL -o "$(LUA_TARBALL)" "$(LUA_SOURCES)"
build: src/lua-$(LUA_VERSION).tar.gz
tar -C src --strip-components=1 -xf "$(LUA_TARBALL)"
$(MAKE) -C src -j$(shell nproc) linux
$(LUA_DESTDIR): build
if ! [ -d "$(LUA_DESTDIR)" ]; then mkdir -v "$(LUA_DESTDIR)"; fi
$(MAKE) -C src -j$(shell nproc) install INSTALL_TOP="$(LUA_DESTDIR_ABS)"
clean:
rm -rf "src"
rm -rf "$(LUA_DESTDIR)"
.PHONY: clean build

28
deps/pcre2/Makefile vendored Normal file
View File

@ -0,0 +1,28 @@
PCRE2_VERSION = 10.40
PCRE2_SOURCES = https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$(PCRE2_VERSION)/pcre2-$(PCRE2_VERSION).tar.gz
PCRE2_TARBALL = pcre2-$(PCRE2_VERSION).tar.gz
PCRE2_DESTDIR = dist
PCRE2_DESTDIR_ABS = $(shell realpath $(PCRE2_DESTDIR))
all: build dist
src:
if ! [ -d "src" ]; then mkdir -v "src"; fi
src/pcre2-$(PCRE2_VERSION).tar.gz: src
curl -sSL -o "$(PCRE2_TARBALL)" "$(PCRE2_SOURCES)"
build: src/pcre2-$(PCRE2_VERSION).tar.gz
tar -C src --strip-components=1 -xf "$(PCRE2_TARBALL)"
if [ -f "src/CmakeCache.txt" ]; then rm -v "src/CmakeCache.txt"; fi
cd "src" && cmake -DPCRE2_STATIC_PIC=ON -DPCRE2_SUPPORT_JIT=ON -DCMAKE_INSTALL_PREFIX="$(PCRE2_DESTDIR_ABS)" . && make
dist: build
if ! [ -d "$(PCRE2_DESTDIR)" ]; then mkdir -v "$(PCRE2_DESTDIR)"; fi
cd "src" && make install
clean:
rm -rf "src"
.PHONY: clean build dist

37
deps/quictls/Makefile vendored Normal file
View File

@ -0,0 +1,37 @@
QUICTLS_VERSION = OpenSSL_1_1_1o
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_VERSION)+quic
QUICTLS_TARBALL = quictls-$(QUICTLS_VERSION).tar.gz
QUICTLS_DESTDIR = dist
QUICTLS_DESTDIR_ABS = $(shell realpath $(QUICTLS_DESTDIR))
QUICTLS_ARCHIVE = quictls-$(QUICTLS_VERSION)-dist.tar.gz
all: build $(QUICTLS_DESTDIR) archive
src:
if ! [ -d "src" ]; then mkdir -v "src"; fi
src/quictls-$(QUICTLS_VERSION).tar.gz: src
curl -sSL -o "$(QUICTLS_TARBALL)" "$(QUICTLS_SOURCES)"
build: src/quictls-$(QUICTLS_VERSION).tar.gz
tar -C src --strip-components=1 -xf "$(QUICTLS_TARBALL)"
cd "src" && ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" no-shared
$(MAKE) -C "src" -j "$(shell nproc)"
ldd "src/apps/openssl" || true
src/apps/openssl version
$(QUICTLS_DESTDIR):
if ! [ -d "$(QUICTLS_DESTDIR)" ]; then mkdir -v "$(QUICTLS_DESTDIR)"; fi
$(MAKE) -C "src" -j "$(shell nproc)" DESTDIR="$(QUICTLS_DESTDIR_ABS)" install_sw
# Take a moment to hate on how fucking shit the `tar` CLI is with me, especially regarding the awkward dance of path prefixes. Press S.
archive: $(QUICTLS_DESTDIR)
tar -C "$(QUICTLS_DESTDIR)" -cjf "$(QUICTLS_ARCHIVE)" "opt"
clean:
@rm -rf "src" || true
@rm -rf "$(QUICTLS_TARBALL)" || true
@rm -rf "$(QUICTLS_DESTDIR)" || true
@rm -v "$(QUICTLS_ARCHIVE)" || true
.PHONY: clean build $(QUICTLS_DESTDIR) dist archive

52
haproxy/Makefile Normal file
View File

@ -0,0 +1,52 @@
HAPROXY_REPO_SRC = http://git.haproxy.org/git/haproxy-2.6.git
HAPROXY_DESTDIR = dist
HAPROXY_DESTDIR_ABS = $(shell realpath $(HAPROXY_DESTDIR))
DEP_ROOT_LUA = ../deps/lua
DEP_ROOT_PCRE2 = ../deps/pcre2
DEP_ROOT_QUICTLS = ../deps/quictls
HAPROXY_MAKE_ARGS := DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
TARGET="linux-glibc" \
EXTRAVERSION="+mangadex" \
VERDATE="$$(date -u -I'minutes')" \
USE_DL=1 \
USE_GETADDRINFO=1 \
USE_LINUX_TPROXY=1 \
USE_LUA=1 \
LUA_INC="../$(DEP_ROOT_LUA)/dist/include" \
LUA_LIB="../$(DEP_ROOT_LUA)/dist/lib" \
LUA_LIB_NAME="lua" \
USE_OPENSSL=1 \
SSL_INC="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/include" \
SSL_LIB="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/lib" \
USE_PCRE2=1 \
USE_PCRE2_JIT=1 \
USE_STATIC_PCRE2=1 \
PCRE2_INC="../$(DEP_ROOT_PCRE2)/dist/include" \
PCRE2_LIB="../$(DEP_ROOT_PCRE2)/dist/lib64" \
USE_PROMEX=1 \
USE_QUIC=1 \
USE_SLZ=1 \
USE_TFO=1 \
USE_SYSTEMD=1
all: build $(HAPROXY_DESTDIR)
src:
git clone "$(HAPROXY_REPO_SRC)" src
git -C "src" checkout "master"
build: src
make -C "src" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS) opts
make -C "src" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS)
$(HAPROXY_DESTDIR):
if ! [ -d "$(HAPROXY_DESTDIR)" ]; then mkdir -v "$(HAPROXY_DESTDIR)"; fi
$(MAKE) -C "src" -j "$(shell nproc)" DESTDIR="$(HAPROXY_DESTDIR_ABS)" install
clean:
git -C "src" clean -fdx
.PHONY: clean build $(HAPROXY_DESTDIR)

3
mainline.config
View File

@ -1,3 +0,0 @@
HAPROXY_VER=2.6
HAPROXY_SOURCE_REPO=http://git.haproxy.org/git/haproxy-2.6.git
HAPROXY_SOURCE_BRANCH=master

3
nightly.config
View File

@ -1,3 +0,0 @@
HAPROXY_VER=nightly
HAPROXY_SOURCE_REPO=https://github.com/haproxy/haproxy.git
HAPROXY_SOURCE_BRANCH=master

45
scripts/haproxy-build.sh
View File

@ -1,45 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_DIR=$1
QUICTLS_PREFIX=$2
HAPROXY_PREFIX=$3
if ! [ -d "$QUICTLS_PREFIX/include" ]; then
echo "No include dir in $QUICTLS_PREFIX"
fi
if ! [ -d "$QUICTLS_PREFIX/lib" ]; then
echo "No lib dir in $QUICTLS_PREFIX"
fi
apt -qq update && apt -qq -y --no-install-recommends install \
liblua5.3-dev \
libpcre2-dev \
libsystemd-dev
pushd "$SRC_DIR"
# HAProxy build flags
make -j "$(nproc)" \
DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
LDFLAGS="-Wl,-rpath,${QUICTLS_PREFIX}/lib" \
SSL_INC="${QUICTLS_PREFIX}/include" \
SSL_LIB="${QUICTLS_PREFIX}/lib" \
TARGET="linux-glibc" \
EXTRAVERSION="+mangadex" \
VERDATE="$(date -u -I'minutes')" \
USE_DL=1 \
USE_GETADDRINFO=1 \
USE_LINUX_TPROXY=1 \
USE_LUA=1 \
USE_OPENSSL=1 \
USE_PCRE2=1 \
USE_PCRE2_JIT=1 \
USE_PROMEX=1 \
USE_QUIC=1 \
USE_SLZ=1 \
USE_TFO=1 \
USE_SYSTEMD=1
[ "${HAPROXY_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" DESTDIR="${HAPROXY_PREFIX}" install

15
scripts/haproxy-clone.sh
View File

@ -1,15 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_REPO=$1
SRC_BRANCH=$2
OUT_DIR=$3
PARENT_DIR=$(dirname "$OUT_DIR")
[ -d "$PARENT_DIR" ] || mkdir -pv "$(dirname "$PARENT_DIR")"
apt -qq update && apt -qq -y --no-install-recommends install git
git clone "$SRC_REPO" "$OUT_DIR"
git -C "$OUT_DIR" checkout "$SRC_BRANCH"

18
scripts/quictls-build.sh
View File

@ -1,18 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_DIR=$1
OUT_DIR=$2
[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
pushd "$SRC_DIR"
echo "Ensuring dependencies"
apt -qq update && apt -qq -y --no-install-recommends install \
build-essential
./Configure --libdir=lib -static --prefix="$OUT_DIR" --openssldir="$OUT_DIR"
make -j "$(nproc)"
[ "${QUICTLS_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" install

20
scripts/quictls-clone.sh
View File

@ -1,20 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
SRC_TARBALL=$1
OUT_DIR=$2
[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
pushd "$OUT_DIR"
echo "Ensuring dependencies"
apt -qq update && apt -qq -y --no-install-recommends install \
ca-certificates \
curl \
tar
echo "Cloning QuicTLS from $SRC_TARBALL in $OUT_DIR..."
curl -sSL -o quictls.tar.gz "$SRC_TARBALL"
tar --strip-components=1 -xf quictls.tar.gz
rm -v quictls.tar.gz