Merge branch 'openssl303' into 'main'
Build against OpenSSL/QuicTLS 3.0.3+quic See merge request mangadex-pub/haproxy!2
This commit is contained in:
commit
e181760ecb
@ -8,7 +8,7 @@ variables:
|
||||
GIT_DEPTH: "1"
|
||||
|
||||
.build-job: &build-job
|
||||
image: docker.io/library/debian:buster
|
||||
image: registry.gitlab.com/mangadex-pub/debuilder/buster:main
|
||||
needs: [ ]
|
||||
before_script:
|
||||
- apt -qq update
|
||||
@ -69,25 +69,27 @@ docker:
|
||||
script: |
|
||||
set -eu
|
||||
|
||||
export HAPROXY_VER="2.6"
|
||||
export DEBIAN_CODENAME="bullseye"
|
||||
|
||||
export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S%Z' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')"
|
||||
|
||||
export HAPROXY_VERSION="$(cat haproxy/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')"
|
||||
export HAPROXY_SHORTVER="$(echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2)"
|
||||
echo "Building image with"
|
||||
echo " -> haproxy version: $HAPROXY_VER"
|
||||
echo " -> haproxy version: $HAPROXY_VERSION ($HAPROXY_SHORTVER)"
|
||||
echo " -> debian codename: $DEBIAN_CODENAME"
|
||||
echo " -> git commit hash: $CI_COMMIT_SHORT_SHA"
|
||||
echo " -> build timestamp: $JOB_TIMESTAMP"
|
||||
|
||||
export IMAGE_TAG_UNIQUE="$HAPROXY_VER-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP"
|
||||
export IMAGE_TAG_UNIQUE="$HAPROXY_VERSION-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP"
|
||||
export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA"
|
||||
export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG"
|
||||
|
||||
export IMAGE_TAG_VERSIONS="$HAPROXY_VER-$DEBIAN_CODENAME"
|
||||
export IMAGE_TAG_VERSIONS="$HAPROXY_VERSION-$DEBIAN_CODENAME"
|
||||
export IMAGE_TAG_SHORTVER="$HAPROXY_SHORTVER-$DEBIAN_CODENAME"
|
||||
if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
|
||||
export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS"
|
||||
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS"
|
||||
export IMAGE_TAG_SHORTVER="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_SHORTVER"
|
||||
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS / $IMAGE_TAG_SHORTVER"
|
||||
fi
|
||||
|
||||
echo "***"
|
||||
@ -96,6 +98,7 @@ docker:
|
||||
echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT"
|
||||
echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF"
|
||||
echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS"
|
||||
echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER"
|
||||
echo "***"
|
||||
|
||||
(
|
||||
@ -108,6 +111,7 @@ docker:
|
||||
--destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" \
|
||||
--destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" \
|
||||
--destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" \
|
||||
--destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" \
|
||||
--single-snapshot
|
||||
)
|
||||
needs:
|
||||
@ -125,7 +129,7 @@ pkg:quictls:
|
||||
script: |
|
||||
set -eu
|
||||
|
||||
PKG_VER=1.1.1o
|
||||
PKG_VER="$(cat deps/quictls/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')"
|
||||
if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
|
||||
export PKG_VER="branch-$CI_COMMIT_REF_SLUG"
|
||||
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER"
|
||||
@ -135,8 +139,6 @@ pkg:quictls:
|
||||
-H"JOB-TOKEN: $CI_JOB_TOKEN" \
|
||||
--upload-file "deps/quictls/quictls-dist.tar.gz" \
|
||||
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/quictls/$PKG_VER/quictls.tar.gz"
|
||||
variables:
|
||||
GIT_STRATEGY: none
|
||||
|
||||
pkg:haproxy:
|
||||
image: docker.io/curlimages/curl:latest
|
||||
@ -147,7 +149,7 @@ pkg:haproxy:
|
||||
script: |
|
||||
set -eu
|
||||
|
||||
PKG_VER=2.6.0
|
||||
PKG_VER="$(cat haproxy/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')"
|
||||
if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
|
||||
export PKG_VER="branch-$CI_COMMIT_REF_SLUG"
|
||||
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER"
|
||||
@ -157,8 +159,6 @@ pkg:haproxy:
|
||||
-H"JOB-TOKEN: $CI_JOB_TOKEN" \
|
||||
--upload-file "haproxy/haproxy-dist.tar.gz" \
|
||||
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/$PKG_VER/haproxy.tar.gz"
|
||||
variables:
|
||||
GIT_STRATEGY: none
|
||||
|
||||
deb:haproxy:
|
||||
<<: *build-job
|
||||
|
12
deps/quictls/Makefile
vendored
12
deps/quictls/Makefile
vendored
@ -1,9 +1,8 @@
|
||||
OPENSSL_VERSION = 1.1.1o
|
||||
OPENSSL_VERSION = 3.0.3
|
||||
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
|
||||
QUICTLS_BRANCH = OpenSSL_$(subst .,_,$(OPENSSL_VERSION))
|
||||
QUICTLS_BUILD_VERSION = $(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA)
|
||||
QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA)
|
||||
|
||||
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_BRANCH)+quic
|
||||
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/openssl-$(OPENSSL_VERSION)+quic
|
||||
QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).tar.gz
|
||||
QUICTLS_BUILDIR = src
|
||||
QUICTLS_DESTDIR = dist
|
||||
@ -20,8 +19,9 @@ $(QUICTLS_BUILDIR): $(QUICTLS_TARBALL)
|
||||
tar -C $(QUICTLS_BUILDIR) --strip-components=1 -xf "$(QUICTLS_TARBALL)"
|
||||
|
||||
build: $(QUICTLS_BUILDIR)
|
||||
cd "$(QUICTLS_BUILDIR)" && sed -i 's/^# define OPENSSL_VERSION_TEXT.*$\/# define OPENSSL_VERSION_TEXT "OpenSSL $(subst +,\+,$(QUICTLS_BUILD_VERSION)) $(shell date -u +'%e %b %Y')"/g' "include/openssl/opensslv.h"
|
||||
cd "$(QUICTLS_BUILDIR)" && ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" no-shared
|
||||
cd "$(QUICTLS_BUILDIR)" && sed -i 's/^BUILD_METADATA.*/BUILD_METADATA=$(QUICTLS_BUILD_VERSION)/g' "VERSION.dat"
|
||||
cd "$(QUICTLS_BUILDIR)" && sed -i 's/^RELEASE_DATE.*/RELEASE_DATE="$(shell date -u +'%e %b %Y')"/g' "VERSION.dat"
|
||||
cd "$(QUICTLS_BUILDIR)" && ./Configure --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" --release -static no-deprecated no-shared
|
||||
$(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA)
|
||||
ldd "$(QUICTLS_BUILDIR)/apps/openssl" || true
|
||||
"$(QUICTLS_BUILDIR)/apps/openssl" version
|
||||
|
@ -1,9 +1,11 @@
|
||||
HAPROXY_VERSION = 2.6.0
|
||||
HAPROXY_GITREF = a1efc048bf8a5e14466dbe7317e73117e8d66176
|
||||
HAPROXY_SHORTSHA = $(shell echo "$(HAPROXY_GITREF)" | grep -Eo '^.{7}' || exit 1)
|
||||
HAPROXY_VERSION_MINOR = $(shell echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2)
|
||||
|
||||
HAPROXY_SOURCES = https://www.haproxy.org/download/$(HAPROXY_VERSION_MINOR)/src/haproxy-$(HAPROXY_VERSION).tar.gz
|
||||
HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION).tar.gz
|
||||
HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION).orig.tar.gz
|
||||
HAPROXY_SOURCES = https://git.haproxy.org/?p=haproxy.git;a=snapshot;h=$(HAPROXY_GITREF);sf=tgz
|
||||
HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).tar.gz
|
||||
HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).orig.tar.gz
|
||||
HAPROXY_BUILDIR = src
|
||||
HAPROXY_DESTDIR = dist
|
||||
HAPROXY_DESTDIR_ABS = $(shell realpath $(HAPROXY_DESTDIR))
|
||||
@ -19,8 +21,8 @@ BUILD_PATCHES_DIR = $(shell realpath patches)
|
||||
BUILD_PATCHES_FILES = $(shell ls -1 $(BUILD_PATCHES_DIR))
|
||||
DEBIAN_PATCHES_DIR = "$(HAPROXY_BUILDIR)/debian/patches"
|
||||
|
||||
MAKEARGS = DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
|
||||
DEFINE="-DMAX_SESS_STKCTR=5" \
|
||||
MAKEARGS = DEBUG="-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT" \
|
||||
DEFINE="-DMAX_SESS_STKCTR=5 -DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" \
|
||||
IGNOREGIT=true \
|
||||
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
|
||||
TARGET="linux-glibc" \
|
||||
@ -62,7 +64,7 @@ $(HAPROXY_BUILDIR): $(HAPROXY_TARBALL)
|
||||
tar -C "$(HAPROXY_BUILDIR)" --strip-components=1 -xf "$(HAPROXY_TARBALL)"
|
||||
|
||||
patches: $(HAPROXY_BUILDIR)
|
||||
cd "$(HAPROXY_BUILDIR)" && for patch in $(BUILD_PATCHES_FILES); do patch -p1 --forward < "$(BUILD_PATCHES_DIR)/$${patch}" || true; done
|
||||
@cd "$(HAPROXY_BUILDIR)" && for patch in $(BUILD_PATCHES_FILES); do patch -p1 --forward < "$(BUILD_PATCHES_DIR)/$${patch}" || true; done
|
||||
|
||||
build: $(HAPROXY_BUILDIR) patches
|
||||
$(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(MAKEARGS) opts
|
||||
@ -80,8 +82,8 @@ $(HAPROXY_DEBORIG): $(HAPROXY_TARBALL)
|
||||
|
||||
build-deb: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR)
|
||||
cp -rf debian $(HAPROXY_BUILDIR)/
|
||||
for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done
|
||||
for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done
|
||||
@for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done
|
||||
@for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done
|
||||
cd $(HAPROXY_BUILDIR) && debuild -us -uc
|
||||
rm -fv $(HAPROXY_TARBALL)
|
||||
rm -rf $(HAPROXY_BUILDIR)
|
||||
@ -92,7 +94,7 @@ clean:
|
||||
rm -rf "$(HAPROXY_BUILDIR)"
|
||||
rm -rf "$(HAPROXY_DESTDIR)"
|
||||
rm -fv "$(HAPROXY_ARCHIVE)"
|
||||
rm -fv "haproxy_$(HAPROXY_VERSION)"*
|
||||
rm -fv "haproxy-dbgsym_$(HAPROXY_VERSION)"*
|
||||
rm -fv "haproxy_"*
|
||||
rm -fv "haproxy-dbgsym_"*
|
||||
|
||||
.PHONY: clean build patches
|
||||
|
@ -1,3 +1,9 @@
|
||||
haproxy (2.6.0-a1efc04-1~mangadex+1) experimental; urgency=medium
|
||||
|
||||
* Upgrade to OpenSSL 3.0.3 (QuicTLS 3.0.3+quic)
|
||||
|
||||
-- MangaDex <opensource@mangadex.org> Tue, 11 Jun 2022 08:30:00 +0200
|
||||
|
||||
haproxy (2.6.0-100~mangadex+1) experimental; urgency=medium
|
||||
|
||||
* Initial release. Packaging version is set to N+100 to ensure it's higher priority
|
||||
|
@ -6,8 +6,8 @@ DEP_DIST_ROOT_QUICTLS = $(shell realpath ../../deps/quictls/dist)
|
||||
|
||||
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
|
||||
|
||||
MAKEARGS = DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
|
||||
DEFINE="-DMAX_SESS_STKCTR=5" \
|
||||
MAKEARGS = DEBUG="-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT" \
|
||||
DEFINE="-DMAX_SESS_STKCTR=5 -DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" \
|
||||
IGNOREGIT=true \
|
||||
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
|
||||
TARGET="linux-glibc" \
|
||||
|
0
haproxy/patches/.gitkeep
Normal file
0
haproxy/patches/.gitkeep
Normal file
Loading…
x
Reference in New Issue
Block a user