From 5971388de4fd85272acb97005e874b66f1a4cec8 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 6 Jun 2022 05:46:20 +0100 Subject: [PATCH] Global cleanup for fully reproducible local build --- .gitignore | 5 ++-- .gitlab-ci.yml | 45 +++++++++++++++++++++++++++++++++- Dockerfile | 52 ---------------------------------------- Makefile | 17 +++++++++++++ common.config | 2 -- deps/lua/Makefile | 27 +++++++++++++++++++++ deps/pcre2/Makefile | 28 ++++++++++++++++++++++ deps/quictls/Makefile | 37 ++++++++++++++++++++++++++++ haproxy/Makefile | 52 ++++++++++++++++++++++++++++++++++++++++ mainline.config | 3 --- nightly.config | 3 --- scripts/haproxy-build.sh | 45 ---------------------------------- scripts/haproxy-clone.sh | 15 ------------ scripts/quictls-build.sh | 18 -------------- scripts/quictls-clone.sh | 20 ---------------- 15 files changed, 208 insertions(+), 161 deletions(-) delete mode 100644 Dockerfile create mode 100644 Makefile delete mode 100644 common.config create mode 100644 deps/lua/Makefile create mode 100644 deps/pcre2/Makefile create mode 100644 deps/quictls/Makefile create mode 100644 haproxy/Makefile delete mode 100644 mainline.config delete mode 100644 nightly.config delete mode 100755 scripts/haproxy-build.sh delete mode 100755 scripts/haproxy-clone.sh delete mode 100755 scripts/quictls-build.sh delete mode 100755 scripts/quictls-clone.sh diff --git a/.gitignore b/.gitignore index dc84959..fe19c3f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -build/ - +**/dist +**/src +**/*.tar.gz diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6ffe57b..50aa028 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,48 @@ stages: - - build + - quictls + - haproxy + +.default-vars: &default-vars + TZ: "UTC" + GIT_DEPTH: "1" + QUICTLS_VERSION: "3.0.3" + QUICTLS_ARCHIVE: "$CI_PROJECT_DIR/quictls/quictls.tar.gz" + +quictls:build: + image: docker.io/library/debian:bullseye + stage: quictls + needs: [ ] + before_script: + - apt -qq update + - apt install -y --no-install-recommends -qq build-essential ca-certificates curl tar + script: + - cd quictls || exit 1 + - make clone + - make dist + - make archive + variables: + <<: *default-vars + BUILDDIR: "$CI_PROJECT_DIR/quictls/build" + DESTDIR: "$CI_PROJECT_DIR/quictls/dist" + artifacts: + expire_in: 14 days + paths: [ "$QUICTLS_ARCHIVE" ] + +quictls:upload: + image: docker.io/curlimages/curl:latest + stage: quictls + needs: + - job: quictls:build + artifacts: true + script: | + set -eu + curl \ + -H"JOB-TOKEN: $CI_JOB_TOKEN" \ + --upload-file "$QUICTLS_ARCHIVE" \ + "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/quictls/$QUICTLS_VERSION/quictls.tar.gz" + variables: + <<: *default-vars + GIT_STRATEGY: none .docker-build: &docker-build stage: build diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 3ac2139..0000000 --- a/Dockerfile +++ /dev/null @@ -1,52 +0,0 @@ -ARG DEBIAN_CODENAME -FROM docker.io/library/debian:${DEBIAN_CODENAME} as base - -FROM base as builder - -RUN apt -qq update && \ - apt install --no-install-recommends -qq -y build-essential - -ENV QUICTLS_PREFIX "/opt/quictls" -ENV HAPROXY_PREFIX "/opt/haproxy" - -FROM builder as quictls-build - -COPY --chown=root:root scripts/quictls* /scripts/ - -ENV QUICTLS_BUILD_DIR "/tmp/quictls" -ENV QUICTLS_MAKE_INSTALL "true" -ARG QUICTLS_SOURCE - -RUN /scripts/quictls-clone.sh ${QUICTLS_SOURCE} "${QUICTLS_BUILD_DIR}" -RUN /scripts/quictls-build.sh "${QUICTLS_BUILD_DIR}" "${QUICTLS_PREFIX}" -RUN ls -1 "${QUICTLS_PREFIX}/include" "${QUICTLS_PREFIX}/lib" && "${QUICTLS_PREFIX}/bin/openssl" version - -FROM builder as haproxy-build - -COPY --from=quictls-build /opt/quictls /opt/quictls -COPY --chown=root:root scripts/haproxy* /scripts/ - -ENV HAPROXY_BUILD_DIR "/tmp/haproxy" -ENV HAPROXY_MAKE_INSTALL "true" -ARG HAPROXY_SOURCE_REPO -ARG HAPROXY_SOURCE_BRANCH - -RUN /scripts/haproxy-clone.sh "${HAPROXY_SOURCE_REPO}" "${HAPROXY_SOURCE_BRANCH}" "${HAPROXY_BUILD_DIR}" -RUN /scripts/haproxy-build.sh "${HAPROXY_BUILD_DIR}" "${QUICTLS_PREFIX}" "${HAPROXY_PREFIX}" -RUN "${HAPROXY_PREFIX}/usr/local/sbin/haproxy" -vv - -ARG DEBIAN_CODENAME -FROM docker.io/library/debian:${DEBIAN_CODENAME}-slim - -RUN apt -qq update && \ - apt -qq -y --no-install-recommends install \ - ca-certificates \ - liblua5.3-0 \ - libpcre2-8-0 \ - socat && \ - apt -qq -y --purge autoremove && \ - apt -qq -y clean && \ - rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/* - -COPY --from=quictls-build /opt/quictls /opt/quictls -COPY --from=haproxy-build /opt/haproxy / diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..415e935 --- /dev/null +++ b/Makefile @@ -0,0 +1,17 @@ +all: deps haproxy + +deps: deps/lua deps/pcre2 deps/quictls + +deps/lua: + $(MAKE) -C "deps/lua" + +deps/pcre2: + $(MAKE) -C "deps/pcre2" + +deps/quictls: + $(MAKE) -C "deps/quictls" + +haproxy: + $(MAKE) -C "haproxy" + +.PHONY: deps/* haproxy diff --git a/common.config b/common.config deleted file mode 100644 index a14bed9..0000000 --- a/common.config +++ /dev/null @@ -1,2 +0,0 @@ -DEBIAN_CODENAME=bullseye -QUICTLS_SOURCE=https://codeload.github.com/quictls/openssl/tar.gz/openssl-3.0.3+quic diff --git a/deps/lua/Makefile b/deps/lua/Makefile new file mode 100644 index 0000000..b90d29c --- /dev/null +++ b/deps/lua/Makefile @@ -0,0 +1,27 @@ +LUA_VERSION = 5.3.6 +LUA_SOURCES = https://www.lua.org/ftp/lua-$(LUA_VERSION).tar.gz +LUA_TARBALL = lua-$(LUA_VERSION).tar.gz +LUA_DESTDIR = dist +LUA_DESTDIR_ABS = $(shell realpath $(LUA_DESTDIR)) + +all: build $(LUA_DESTDIR) + +src: + if ! [ -d "src" ]; then mkdir -v "src"; fi + +src/lua-$(LUA_VERSION).tar.gz: src + curl -sSL -o "$(LUA_TARBALL)" "$(LUA_SOURCES)" + +build: src/lua-$(LUA_VERSION).tar.gz + tar -C src --strip-components=1 -xf "$(LUA_TARBALL)" + $(MAKE) -C src -j$(shell nproc) linux + +$(LUA_DESTDIR): build + if ! [ -d "$(LUA_DESTDIR)" ]; then mkdir -v "$(LUA_DESTDIR)"; fi + $(MAKE) -C src -j$(shell nproc) install INSTALL_TOP="$(LUA_DESTDIR_ABS)" + +clean: + rm -rf "src" + rm -rf "$(LUA_DESTDIR)" + +.PHONY: clean build diff --git a/deps/pcre2/Makefile b/deps/pcre2/Makefile new file mode 100644 index 0000000..fa224e5 --- /dev/null +++ b/deps/pcre2/Makefile @@ -0,0 +1,28 @@ +PCRE2_VERSION = 10.40 +PCRE2_SOURCES = https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$(PCRE2_VERSION)/pcre2-$(PCRE2_VERSION).tar.gz +PCRE2_TARBALL = pcre2-$(PCRE2_VERSION).tar.gz + +PCRE2_DESTDIR = dist +PCRE2_DESTDIR_ABS = $(shell realpath $(PCRE2_DESTDIR)) + +all: build dist + +src: + if ! [ -d "src" ]; then mkdir -v "src"; fi + +src/pcre2-$(PCRE2_VERSION).tar.gz: src + curl -sSL -o "$(PCRE2_TARBALL)" "$(PCRE2_SOURCES)" + +build: src/pcre2-$(PCRE2_VERSION).tar.gz + tar -C src --strip-components=1 -xf "$(PCRE2_TARBALL)" + if [ -f "src/CmakeCache.txt" ]; then rm -v "src/CmakeCache.txt"; fi + cd "src" && cmake -DPCRE2_STATIC_PIC=ON -DPCRE2_SUPPORT_JIT=ON -DCMAKE_INSTALL_PREFIX="$(PCRE2_DESTDIR_ABS)" . && make + +dist: build + if ! [ -d "$(PCRE2_DESTDIR)" ]; then mkdir -v "$(PCRE2_DESTDIR)"; fi + cd "src" && make install + +clean: + rm -rf "src" + +.PHONY: clean build dist diff --git a/deps/quictls/Makefile b/deps/quictls/Makefile new file mode 100644 index 0000000..8a959ac --- /dev/null +++ b/deps/quictls/Makefile @@ -0,0 +1,37 @@ +QUICTLS_VERSION = OpenSSL_1_1_1o +QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_VERSION)+quic +QUICTLS_TARBALL = quictls-$(QUICTLS_VERSION).tar.gz +QUICTLS_DESTDIR = dist +QUICTLS_DESTDIR_ABS = $(shell realpath $(QUICTLS_DESTDIR)) +QUICTLS_ARCHIVE = quictls-$(QUICTLS_VERSION)-dist.tar.gz + +all: build $(QUICTLS_DESTDIR) archive + +src: + if ! [ -d "src" ]; then mkdir -v "src"; fi + +src/quictls-$(QUICTLS_VERSION).tar.gz: src + curl -sSL -o "$(QUICTLS_TARBALL)" "$(QUICTLS_SOURCES)" + +build: src/quictls-$(QUICTLS_VERSION).tar.gz + tar -C src --strip-components=1 -xf "$(QUICTLS_TARBALL)" + cd "src" && ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" no-shared + $(MAKE) -C "src" -j "$(shell nproc)" + ldd "src/apps/openssl" || true + src/apps/openssl version + +$(QUICTLS_DESTDIR): + if ! [ -d "$(QUICTLS_DESTDIR)" ]; then mkdir -v "$(QUICTLS_DESTDIR)"; fi + $(MAKE) -C "src" -j "$(shell nproc)" DESTDIR="$(QUICTLS_DESTDIR_ABS)" install_sw + +# Take a moment to hate on how fucking shit the `tar` CLI is with me, especially regarding the awkward dance of path prefixes. Press S. +archive: $(QUICTLS_DESTDIR) + tar -C "$(QUICTLS_DESTDIR)" -cjf "$(QUICTLS_ARCHIVE)" "opt" + +clean: + @rm -rf "src" || true + @rm -rf "$(QUICTLS_TARBALL)" || true + @rm -rf "$(QUICTLS_DESTDIR)" || true + @rm -v "$(QUICTLS_ARCHIVE)" || true + +.PHONY: clean build $(QUICTLS_DESTDIR) dist archive diff --git a/haproxy/Makefile b/haproxy/Makefile new file mode 100644 index 0000000..e51e3d2 --- /dev/null +++ b/haproxy/Makefile @@ -0,0 +1,52 @@ +HAPROXY_REPO_SRC = http://git.haproxy.org/git/haproxy-2.6.git +HAPROXY_DESTDIR = dist +HAPROXY_DESTDIR_ABS = $(shell realpath $(HAPROXY_DESTDIR)) + +DEP_ROOT_LUA = ../deps/lua +DEP_ROOT_PCRE2 = ../deps/pcre2 +DEP_ROOT_QUICTLS = ../deps/quictls + +HAPROXY_MAKE_ARGS := DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \ + LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \ + TARGET="linux-glibc" \ + EXTRAVERSION="+mangadex" \ + VERDATE="$$(date -u -I'minutes')" \ + USE_DL=1 \ + USE_GETADDRINFO=1 \ + USE_LINUX_TPROXY=1 \ + USE_LUA=1 \ + LUA_INC="../$(DEP_ROOT_LUA)/dist/include" \ + LUA_LIB="../$(DEP_ROOT_LUA)/dist/lib" \ + LUA_LIB_NAME="lua" \ + USE_OPENSSL=1 \ + SSL_INC="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/include" \ + SSL_LIB="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/lib" \ + USE_PCRE2=1 \ + USE_PCRE2_JIT=1 \ + USE_STATIC_PCRE2=1 \ + PCRE2_INC="../$(DEP_ROOT_PCRE2)/dist/include" \ + PCRE2_LIB="../$(DEP_ROOT_PCRE2)/dist/lib64" \ + USE_PROMEX=1 \ + USE_QUIC=1 \ + USE_SLZ=1 \ + USE_TFO=1 \ + USE_SYSTEMD=1 + +all: build $(HAPROXY_DESTDIR) + +src: + git clone "$(HAPROXY_REPO_SRC)" src + git -C "src" checkout "master" + +build: src + make -C "src" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS) opts + make -C "src" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS) + +$(HAPROXY_DESTDIR): + if ! [ -d "$(HAPROXY_DESTDIR)" ]; then mkdir -v "$(HAPROXY_DESTDIR)"; fi + $(MAKE) -C "src" -j "$(shell nproc)" DESTDIR="$(HAPROXY_DESTDIR_ABS)" install + +clean: + git -C "src" clean -fdx + +.PHONY: clean build $(HAPROXY_DESTDIR) diff --git a/mainline.config b/mainline.config deleted file mode 100644 index a12a3ff..0000000 --- a/mainline.config +++ /dev/null @@ -1,3 +0,0 @@ -HAPROXY_VER=2.6 -HAPROXY_SOURCE_REPO=http://git.haproxy.org/git/haproxy-2.6.git -HAPROXY_SOURCE_BRANCH=master diff --git a/nightly.config b/nightly.config deleted file mode 100644 index 5900e86..0000000 --- a/nightly.config +++ /dev/null @@ -1,3 +0,0 @@ -HAPROXY_VER=nightly -HAPROXY_SOURCE_REPO=https://github.com/haproxy/haproxy.git -HAPROXY_SOURCE_BRANCH=master diff --git a/scripts/haproxy-build.sh b/scripts/haproxy-build.sh deleted file mode 100755 index 477fee5..0000000 --- a/scripts/haproxy-build.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -SRC_DIR=$1 -QUICTLS_PREFIX=$2 -HAPROXY_PREFIX=$3 - -if ! [ -d "$QUICTLS_PREFIX/include" ]; then - echo "No include dir in $QUICTLS_PREFIX" -fi -if ! [ -d "$QUICTLS_PREFIX/lib" ]; then - echo "No lib dir in $QUICTLS_PREFIX" -fi - -apt -qq update && apt -qq -y --no-install-recommends install \ - liblua5.3-dev \ - libpcre2-dev \ - libsystemd-dev - -pushd "$SRC_DIR" - -# HAProxy build flags -make -j "$(nproc)" \ - DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \ - LDFLAGS="-Wl,-rpath,${QUICTLS_PREFIX}/lib" \ - SSL_INC="${QUICTLS_PREFIX}/include" \ - SSL_LIB="${QUICTLS_PREFIX}/lib" \ - TARGET="linux-glibc" \ - EXTRAVERSION="+mangadex" \ - VERDATE="$(date -u -I'minutes')" \ - USE_DL=1 \ - USE_GETADDRINFO=1 \ - USE_LINUX_TPROXY=1 \ - USE_LUA=1 \ - USE_OPENSSL=1 \ - USE_PCRE2=1 \ - USE_PCRE2_JIT=1 \ - USE_PROMEX=1 \ - USE_QUIC=1 \ - USE_SLZ=1 \ - USE_TFO=1 \ - USE_SYSTEMD=1 - -[ "${HAPROXY_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" DESTDIR="${HAPROXY_PREFIX}" install diff --git a/scripts/haproxy-clone.sh b/scripts/haproxy-clone.sh deleted file mode 100755 index b185fb2..0000000 --- a/scripts/haproxy-clone.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -SRC_REPO=$1 -SRC_BRANCH=$2 -OUT_DIR=$3 - -PARENT_DIR=$(dirname "$OUT_DIR") -[ -d "$PARENT_DIR" ] || mkdir -pv "$(dirname "$PARENT_DIR")" - -apt -qq update && apt -qq -y --no-install-recommends install git - -git clone "$SRC_REPO" "$OUT_DIR" -git -C "$OUT_DIR" checkout "$SRC_BRANCH" diff --git a/scripts/quictls-build.sh b/scripts/quictls-build.sh deleted file mode 100755 index 1c4f207..0000000 --- a/scripts/quictls-build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -SRC_DIR=$1 -OUT_DIR=$2 - -[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR" -pushd "$SRC_DIR" - -echo "Ensuring dependencies" -apt -qq update && apt -qq -y --no-install-recommends install \ - build-essential - -./Configure --libdir=lib -static --prefix="$OUT_DIR" --openssldir="$OUT_DIR" -make -j "$(nproc)" - -[ "${QUICTLS_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" install diff --git a/scripts/quictls-clone.sh b/scripts/quictls-clone.sh deleted file mode 100755 index 412ccf8..0000000 --- a/scripts/quictls-clone.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -SRC_TARBALL=$1 -OUT_DIR=$2 - -[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR" -pushd "$OUT_DIR" - -echo "Ensuring dependencies" -apt -qq update && apt -qq -y --no-install-recommends install \ - ca-certificates \ - curl \ - tar - -echo "Cloning QuicTLS from $SRC_TARBALL in $OUT_DIR..." -curl -sSL -o quictls.tar.gz "$SRC_TARBALL" -tar --strip-components=1 -xf quictls.tar.gz -rm -v quictls.tar.gz