From 34c6fcf982be904e14544dccd1ac003af8af0101 Mon Sep 17 00:00:00 2001 From: Tristan Date: Thu, 9 Jun 2022 12:59:28 +0100 Subject: [PATCH 1/3] Build against OpenSSL/QuicTLS 3.0.3+quic --- .gitlab-ci.yml | 21 +++++++++++++-------- deps/quictls/Makefile | 12 ++++++------ haproxy/Makefile | 22 ++++++++++++---------- haproxy/debian/changelog | 6 ++++++ haproxy/debian/rules | 4 ++-- haproxy/patches/.gitkeep | 0 6 files changed, 39 insertions(+), 26 deletions(-) create mode 100644 haproxy/patches/.gitkeep diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e0b42b9..3709063 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,9 +3,10 @@ stages: - build - publish -variables: +variables: &default-variables TZ: "UTC" GIT_DEPTH: "1" + HAPROXY_VERSION: "2.6.0" .build-job: &build-job image: docker.io/library/debian:buster @@ -69,25 +70,26 @@ docker: script: | set -eu - export HAPROXY_VER="2.6" export DEBIAN_CODENAME="bullseye" - export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S%Z' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')" + export HAPROXY_SHORTVER="$(echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2)" echo "Building image with" - echo " -> haproxy version: $HAPROXY_VER" + echo " -> haproxy version: $HAPROXY_VERSION ($HAPROXY_SHORTVER)" echo " -> debian codename: $DEBIAN_CODENAME" echo " -> git commit hash: $CI_COMMIT_SHORT_SHA" echo " -> build timestamp: $JOB_TIMESTAMP" - export IMAGE_TAG_UNIQUE="$HAPROXY_VER-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP" + export IMAGE_TAG_UNIQUE="$HAPROXY_VERSION-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP" export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA" export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG" - export IMAGE_TAG_VERSIONS="$HAPROXY_VER-$DEBIAN_CODENAME" + export IMAGE_TAG_VERSIONS="$HAPROXY_VERSION-$DEBIAN_CODENAME" + export IMAGE_TAG_SHORTVER="$HAPROXY_SHORTVER-$DEBIAN_CODENAME" if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS" - echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS" + export IMAGE_TAG_SHORTVER="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_SHORTVER" + echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS / $IMAGE_TAG_SHORTVER" fi echo "***" @@ -96,6 +98,7 @@ docker: echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" + echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" echo "***" ( @@ -108,6 +111,7 @@ docker: --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" \ --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" \ --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" \ + --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" \ --single-snapshot ) needs: @@ -147,7 +151,7 @@ pkg:haproxy: script: | set -eu - PKG_VER=2.6.0 + PKG_VER=$HAPROXY_VERSION if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then export PKG_VER="branch-$CI_COMMIT_REF_SLUG" echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER" @@ -158,6 +162,7 @@ pkg:haproxy: --upload-file "haproxy/haproxy-dist.tar.gz" \ "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/$PKG_VER/haproxy.tar.gz" variables: + <<: *default-variables GIT_STRATEGY: none deb:haproxy: diff --git a/deps/quictls/Makefile b/deps/quictls/Makefile index 00493a5..e9a3a60 100644 --- a/deps/quictls/Makefile +++ b/deps/quictls/Makefile @@ -1,9 +1,8 @@ -OPENSSL_VERSION = 1.1.1o +OPENSSL_VERSION = 3.0.3 BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) -QUICTLS_BRANCH = OpenSSL_$(subst .,_,$(OPENSSL_VERSION)) -QUICTLS_BUILD_VERSION = $(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA) +QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA) -QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_BRANCH)+quic +QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/openssl-$(OPENSSL_VERSION)+quic QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).tar.gz QUICTLS_BUILDIR = src QUICTLS_DESTDIR = dist @@ -20,8 +19,9 @@ $(QUICTLS_BUILDIR): $(QUICTLS_TARBALL) tar -C $(QUICTLS_BUILDIR) --strip-components=1 -xf "$(QUICTLS_TARBALL)" build: $(QUICTLS_BUILDIR) - cd "$(QUICTLS_BUILDIR)" && sed -i 's/^# define OPENSSL_VERSION_TEXT.*$\/# define OPENSSL_VERSION_TEXT "OpenSSL $(subst +,\+,$(QUICTLS_BUILD_VERSION)) $(shell date -u +'%e %b %Y')"/g' "include/openssl/opensslv.h" - cd "$(QUICTLS_BUILDIR)" && ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" no-shared + cd "$(QUICTLS_BUILDIR)" && sed -i 's/^BUILD_METADATA.*/BUILD_METADATA=$(QUICTLS_BUILD_VERSION)/g' "VERSION.dat" + cd "$(QUICTLS_BUILDIR)" && sed -i 's/^RELEASE_DATE.*/RELEASE_DATE="$(shell date -u +'%e %b %Y')"/g' "VERSION.dat" + cd "$(QUICTLS_BUILDIR)" && ./Configure --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" --release -static no-deprecated no-shared $(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA) ldd "$(QUICTLS_BUILDIR)/apps/openssl" || true "$(QUICTLS_BUILDIR)/apps/openssl" version diff --git a/haproxy/Makefile b/haproxy/Makefile index 1690550..0c42a7e 100644 --- a/haproxy/Makefile +++ b/haproxy/Makefile @@ -1,9 +1,11 @@ HAPROXY_VERSION = 2.6.0 +HAPROXY_GITREF = a1efc048bf8a5e14466dbe7317e73117e8d66176 +HAPROXY_SHORTSHA = $(shell echo "$(HAPROXY_GITREF)" | grep -Eo '^.{7}' || exit 1) HAPROXY_VERSION_MINOR = $(shell echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2) -HAPROXY_SOURCES = https://www.haproxy.org/download/$(HAPROXY_VERSION_MINOR)/src/haproxy-$(HAPROXY_VERSION).tar.gz -HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION).tar.gz -HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION).orig.tar.gz +HAPROXY_SOURCES = https://git.haproxy.org/?p=haproxy.git;a=snapshot;h=$(HAPROXY_GITREF);sf=tgz +HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).tar.gz +HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).orig.tar.gz HAPROXY_BUILDIR = src HAPROXY_DESTDIR = dist HAPROXY_DESTDIR_ABS = $(shell realpath $(HAPROXY_DESTDIR)) @@ -19,8 +21,8 @@ BUILD_PATCHES_DIR = $(shell realpath patches) BUILD_PATCHES_FILES = $(shell ls -1 $(BUILD_PATCHES_DIR)) DEBIAN_PATCHES_DIR = "$(HAPROXY_BUILDIR)/debian/patches" -MAKEARGS = DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \ - DEFINE="-DMAX_SESS_STKCTR=5" \ +MAKEARGS = DEBUG="-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT" \ + DEFINE="-DMAX_SESS_STKCTR=5 -DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" \ IGNOREGIT=true \ LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \ TARGET="linux-glibc" \ @@ -62,7 +64,7 @@ $(HAPROXY_BUILDIR): $(HAPROXY_TARBALL) tar -C "$(HAPROXY_BUILDIR)" --strip-components=1 -xf "$(HAPROXY_TARBALL)" patches: $(HAPROXY_BUILDIR) - cd "$(HAPROXY_BUILDIR)" && for patch in $(BUILD_PATCHES_FILES); do patch -p1 --forward < "$(BUILD_PATCHES_DIR)/$${patch}" || true; done + @cd "$(HAPROXY_BUILDIR)" && for patch in $(BUILD_PATCHES_FILES); do patch -p1 --forward < "$(BUILD_PATCHES_DIR)/$${patch}" || true; done build: $(HAPROXY_BUILDIR) patches $(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(MAKEARGS) opts @@ -80,8 +82,8 @@ $(HAPROXY_DEBORIG): $(HAPROXY_TARBALL) build-deb: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR) cp -rf debian $(HAPROXY_BUILDIR)/ - for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done - for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done + @for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done + @for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done cd $(HAPROXY_BUILDIR) && debuild -us -uc rm -fv $(HAPROXY_TARBALL) rm -rf $(HAPROXY_BUILDIR) @@ -92,7 +94,7 @@ clean: rm -rf "$(HAPROXY_BUILDIR)" rm -rf "$(HAPROXY_DESTDIR)" rm -fv "$(HAPROXY_ARCHIVE)" - rm -fv "haproxy_$(HAPROXY_VERSION)"* - rm -fv "haproxy-dbgsym_$(HAPROXY_VERSION)"* + rm -fv "haproxy_"* + rm -fv "haproxy-dbgsym_"* .PHONY: clean build patches diff --git a/haproxy/debian/changelog b/haproxy/debian/changelog index 91d38ad..3b5aa66 100644 --- a/haproxy/debian/changelog +++ b/haproxy/debian/changelog @@ -1,3 +1,9 @@ +haproxy (2.6.0-a1efc04-1~mangadex+1) experimental; urgency=medium + + * Upgrade to OpenSSL 3.0.3 (QuicTLS 3.0.3+quic) + + -- MangaDex Tue, 11 Jun 2022 08:30:00 +0200 + haproxy (2.6.0-100~mangadex+1) experimental; urgency=medium * Initial release. Packaging version is set to N+100 to ensure it's higher priority diff --git a/haproxy/debian/rules b/haproxy/debian/rules index 37f40d8..2d77c79 100755 --- a/haproxy/debian/rules +++ b/haproxy/debian/rules @@ -6,8 +6,8 @@ DEP_DIST_ROOT_QUICTLS = $(shell realpath ../../deps/quictls/dist) BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) -MAKEARGS = DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \ - DEFINE="-DMAX_SESS_STKCTR=5" \ +MAKEARGS = DEBUG="-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT" \ + DEFINE="-DMAX_SESS_STKCTR=5 -DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" \ IGNOREGIT=true \ LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \ TARGET="linux-glibc" \ diff --git a/haproxy/patches/.gitkeep b/haproxy/patches/.gitkeep new file mode 100644 index 0000000..e69de29 From 41494f6b92d320efa75e8e13d7a6c316b8f1c294 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 11 Jun 2022 10:51:37 +0100 Subject: [PATCH 2/3] Dynamically resolve HAProxy and QuicTLS versions from makefiles --- .gitlab-ci.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3709063..2e1329d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,10 +3,9 @@ stages: - build - publish -variables: &default-variables +variables: TZ: "UTC" GIT_DEPTH: "1" - HAPROXY_VERSION: "2.6.0" .build-job: &build-job image: docker.io/library/debian:buster @@ -73,6 +72,7 @@ docker: export DEBIAN_CODENAME="bullseye" export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S%Z' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')" + export HAPROXY_VERSION="$(cat haproxy/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')" export HAPROXY_SHORTVER="$(echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2)" echo "Building image with" echo " -> haproxy version: $HAPROXY_VERSION ($HAPROXY_SHORTVER)" @@ -129,7 +129,7 @@ pkg:quictls: script: | set -eu - PKG_VER=1.1.1o + PKG_VER="$(cat deps/quictls/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')" if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then export PKG_VER="branch-$CI_COMMIT_REF_SLUG" echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER" @@ -139,8 +139,6 @@ pkg:quictls: -H"JOB-TOKEN: $CI_JOB_TOKEN" \ --upload-file "deps/quictls/quictls-dist.tar.gz" \ "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/quictls/$PKG_VER/quictls.tar.gz" - variables: - GIT_STRATEGY: none pkg:haproxy: image: docker.io/curlimages/curl:latest @@ -151,7 +149,7 @@ pkg:haproxy: script: | set -eu - PKG_VER=$HAPROXY_VERSION + PKG_VER="$(cat haproxy/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')" if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then export PKG_VER="branch-$CI_COMMIT_REF_SLUG" echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER" @@ -161,9 +159,6 @@ pkg:haproxy: -H"JOB-TOKEN: $CI_JOB_TOKEN" \ --upload-file "haproxy/haproxy-dist.tar.gz" \ "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/$PKG_VER/haproxy.tar.gz" - variables: - <<: *default-variables - GIT_STRATEGY: none deb:haproxy: <<: *build-job From cd15a8e3240d4f3389f79a6bce4773b2ee1afb6f Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 11 Jun 2022 11:34:33 +0100 Subject: [PATCH 3/3] Use DEBuilder base image to speed up CI --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2e1329d..a03e82a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,7 +8,7 @@ variables: GIT_DEPTH: "1" .build-job: &build-job - image: docker.io/library/debian:buster + image: registry.gitlab.com/mangadex-pub/debuilder/buster:main needs: [ ] before_script: - apt -qq update