Global cleanup for fully reproducible local build

.gitignore

@@ -1,2 +1,3 @@
-build/
+**/dist
-
+**/src
+**/*.tar.gz

.gitlab-ci.yml

@@ -1,5 +1,48 @@
 stages:
-  - build
+  - quictls
+  - haproxy
+
+.default-vars: &default-vars
+  TZ: "UTC"
+  GIT_DEPTH: "1"
+  QUICTLS_VERSION: "3.0.3"
+  QUICTLS_ARCHIVE: "$CI_PROJECT_DIR/quictls/quictls.tar.gz"
+
+quictls:build:
+  image: docker.io/library/debian:bullseye
+  stage: quictls
+  needs: [ ]
+  before_script:
+    - apt -qq update
+    - apt install -y --no-install-recommends -qq build-essential ca-certificates curl tar
+  script:
+    - cd quictls || exit 1
+    - make clone
+    - make dist
+    - make archive
+  variables:
+    <<: *default-vars
+    BUILDDIR: "$CI_PROJECT_DIR/quictls/build"
+    DESTDIR: "$CI_PROJECT_DIR/quictls/dist"
+  artifacts:
+    expire_in: 14 days
+    paths: [ "$QUICTLS_ARCHIVE" ]
+
+quictls:upload:
+  image: docker.io/curlimages/curl:latest
+  stage: quictls
+  needs:
+    - job: quictls:build
+      artifacts: true
+  script: |
+    set -eu
+    curl \
+      -H"JOB-TOKEN: $CI_JOB_TOKEN" \
+      --upload-file "$QUICTLS_ARCHIVE" \
+      "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/quictls/$QUICTLS_VERSION/quictls.tar.gz"
+  variables:
+    <<: *default-vars
+    GIT_STRATEGY: none
 
 .docker-build: &docker-build
   stage: build

Dockerfile

@@ -1,52 +0,0 @@
-ARG DEBIAN_CODENAME
-FROM docker.io/library/debian:${DEBIAN_CODENAME} as base
-
-FROM base as builder
-
-RUN apt -qq update && \
-    apt install --no-install-recommends -qq -y build-essential
-
-ENV QUICTLS_PREFIX "/opt/quictls"
-ENV HAPROXY_PREFIX "/opt/haproxy"
-
-FROM builder as quictls-build
-
-COPY --chown=root:root scripts/quictls* /scripts/
-
-ENV QUICTLS_BUILD_DIR "/tmp/quictls"
-ENV QUICTLS_MAKE_INSTALL "true"
-ARG QUICTLS_SOURCE
-
-RUN /scripts/quictls-clone.sh ${QUICTLS_SOURCE} "${QUICTLS_BUILD_DIR}"
-RUN /scripts/quictls-build.sh "${QUICTLS_BUILD_DIR}" "${QUICTLS_PREFIX}"
-RUN ls -1 "${QUICTLS_PREFIX}/include" "${QUICTLS_PREFIX}/lib" && "${QUICTLS_PREFIX}/bin/openssl" version
-
-FROM builder as haproxy-build
-
-COPY --from=quictls-build /opt/quictls /opt/quictls
-COPY --chown=root:root scripts/haproxy* /scripts/
-
-ENV HAPROXY_BUILD_DIR "/tmp/haproxy"
-ENV HAPROXY_MAKE_INSTALL "true"
-ARG HAPROXY_SOURCE_REPO
-ARG HAPROXY_SOURCE_BRANCH
-
-RUN /scripts/haproxy-clone.sh "${HAPROXY_SOURCE_REPO}" "${HAPROXY_SOURCE_BRANCH}" "${HAPROXY_BUILD_DIR}"
-RUN /scripts/haproxy-build.sh "${HAPROXY_BUILD_DIR}" "${QUICTLS_PREFIX}" "${HAPROXY_PREFIX}"
-RUN "${HAPROXY_PREFIX}/usr/local/sbin/haproxy" -vv
-
-ARG DEBIAN_CODENAME
-FROM docker.io/library/debian:${DEBIAN_CODENAME}-slim
-
-RUN apt -qq update && \
-    apt -qq -y --no-install-recommends install \
-      ca-certificates \
-      liblua5.3-0 \
-      libpcre2-8-0 \
-      socat && \
-    apt -qq -y --purge autoremove && \
-    apt -qq -y clean && \
-    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/*
-
-COPY --from=quictls-build /opt/quictls /opt/quictls
-COPY --from=haproxy-build /opt/haproxy /

Makefile

@@ -0,0 +1,17 @@
+all: deps haproxy
+
+deps: deps/lua deps/pcre2 deps/quictls
+
+deps/lua:
+	$(MAKE) -C "deps/lua"
+
+deps/pcre2:
+	$(MAKE) -C "deps/pcre2"
+
+deps/quictls:
+	$(MAKE) -C "deps/quictls"
+
+haproxy:
+	$(MAKE) -C "haproxy"
+
+.PHONY: deps/* haproxy

common.config

@@ -1,2 +0,0 @@
-DEBIAN_CODENAME=bullseye
-QUICTLS_SOURCE=https://codeload.github.com/quictls/openssl/tar.gz/openssl-3.0.3+quic

deps/lua/Makefile

@@ -0,0 +1,27 @@
+LUA_VERSION = 5.3.6
+LUA_SOURCES = https://www.lua.org/ftp/lua-$(LUA_VERSION).tar.gz
+LUA_TARBALL = lua-$(LUA_VERSION).tar.gz
+LUA_DESTDIR = dist
+LUA_DESTDIR_ABS = $(shell realpath $(LUA_DESTDIR))
+
+all: build $(LUA_DESTDIR)
+
+src:
+	if ! [ -d "src" ]; then mkdir -v "src"; fi
+
+src/lua-$(LUA_VERSION).tar.gz: src
+	curl -sSL -o "$(LUA_TARBALL)" "$(LUA_SOURCES)"
+
+build: src/lua-$(LUA_VERSION).tar.gz
+	tar -C src --strip-components=1 -xf "$(LUA_TARBALL)"
+	$(MAKE) -C src -j$(shell nproc) linux
+
+$(LUA_DESTDIR): build
+	if ! [ -d "$(LUA_DESTDIR)" ]; then mkdir -v "$(LUA_DESTDIR)"; fi
+	$(MAKE) -C src -j$(shell nproc) install	INSTALL_TOP="$(LUA_DESTDIR_ABS)"
+
+clean:
+	rm -rf "src"
+	rm -rf "$(LUA_DESTDIR)"
+
+.PHONY: clean build

deps/pcre2/Makefile

@@ -0,0 +1,28 @@
+PCRE2_VERSION = 10.40
+PCRE2_SOURCES = https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$(PCRE2_VERSION)/pcre2-$(PCRE2_VERSION).tar.gz
+PCRE2_TARBALL = pcre2-$(PCRE2_VERSION).tar.gz
+
+PCRE2_DESTDIR = dist
+PCRE2_DESTDIR_ABS = $(shell realpath $(PCRE2_DESTDIR))
+
+all: build dist
+
+src:
+	if ! [ -d "src" ]; then mkdir -v "src"; fi
+
+src/pcre2-$(PCRE2_VERSION).tar.gz: src
+	curl -sSL -o "$(PCRE2_TARBALL)" "$(PCRE2_SOURCES)"
+
+build: src/pcre2-$(PCRE2_VERSION).tar.gz
+	tar -C src --strip-components=1 -xf "$(PCRE2_TARBALL)"
+	if [ -f "src/CmakeCache.txt" ]; then rm -v "src/CmakeCache.txt"; fi
+	cd "src" && cmake -DPCRE2_STATIC_PIC=ON -DPCRE2_SUPPORT_JIT=ON -DCMAKE_INSTALL_PREFIX="$(PCRE2_DESTDIR_ABS)" . && make
+
+dist: build
+	if ! [ -d "$(PCRE2_DESTDIR)" ]; then mkdir -v "$(PCRE2_DESTDIR)"; fi
+	cd "src" && make install
+
+clean:
+	rm -rf "src"
+
+.PHONY: clean build dist

deps/quictls/Makefile

@@ -0,0 +1,37 @@
+QUICTLS_VERSION = OpenSSL_1_1_1o
+QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_VERSION)+quic
+QUICTLS_TARBALL = quictls-$(QUICTLS_VERSION).tar.gz
+QUICTLS_DESTDIR = dist
+QUICTLS_DESTDIR_ABS = $(shell realpath $(QUICTLS_DESTDIR))
+QUICTLS_ARCHIVE = quictls-$(QUICTLS_VERSION)-dist.tar.gz
+
+all: build $(QUICTLS_DESTDIR) archive
+
+src:
+	if ! [ -d "src" ]; then mkdir -v "src"; fi
+
+src/quictls-$(QUICTLS_VERSION).tar.gz: src
+	curl -sSL -o "$(QUICTLS_TARBALL)" "$(QUICTLS_SOURCES)"
+
+build: src/quictls-$(QUICTLS_VERSION).tar.gz
+	tar -C src --strip-components=1 -xf "$(QUICTLS_TARBALL)"
+	cd "src" && ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" no-shared
+	$(MAKE) -C "src" -j "$(shell nproc)"
+	ldd "src/apps/openssl" || true
+	src/apps/openssl version
+
+$(QUICTLS_DESTDIR):
+	if ! [ -d "$(QUICTLS_DESTDIR)" ]; then mkdir -v "$(QUICTLS_DESTDIR)"; fi
+	$(MAKE) -C "src" -j "$(shell nproc)" DESTDIR="$(QUICTLS_DESTDIR_ABS)" install_sw
+
+# Take a moment to hate on how fucking shit the `tar` CLI is with me, especially regarding the awkward dance of path prefixes. Press S.
+archive: $(QUICTLS_DESTDIR)
+	tar -C "$(QUICTLS_DESTDIR)" -cjf "$(QUICTLS_ARCHIVE)" "opt"
+
+clean:
+	@rm -rf "src" || true
+	@rm -rf "$(QUICTLS_TARBALL)" || true
+	@rm -rf "$(QUICTLS_DESTDIR)" || true
+	@rm -v "$(QUICTLS_ARCHIVE)" || true
+
+.PHONY: clean build $(QUICTLS_DESTDIR) dist archive

haproxy/Makefile

@@ -0,0 +1,52 @@
+HAPROXY_REPO_SRC = http://git.haproxy.org/git/haproxy-2.6.git
+HAPROXY_DESTDIR = dist
+HAPROXY_DESTDIR_ABS = $(shell realpath $(HAPROXY_DESTDIR))
+
+DEP_ROOT_LUA = ../deps/lua
+DEP_ROOT_PCRE2 = ../deps/pcre2
+DEP_ROOT_QUICTLS = ../deps/quictls
+
+HAPROXY_MAKE_ARGS := DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
+                     LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
+                     TARGET="linux-glibc" \
+                     EXTRAVERSION="+mangadex" \
+                     VERDATE="$$(date -u -I'minutes')" \
+                     USE_DL=1 \
+                     USE_GETADDRINFO=1 \
+                     USE_LINUX_TPROXY=1 \
+                     USE_LUA=1 \
+                     LUA_INC="../$(DEP_ROOT_LUA)/dist/include" \
+                     LUA_LIB="../$(DEP_ROOT_LUA)/dist/lib" \
+                     LUA_LIB_NAME="lua" \
+                     USE_OPENSSL=1 \
+                     SSL_INC="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/include" \
+                     SSL_LIB="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/lib" \
+                     USE_PCRE2=1 \
+                     USE_PCRE2_JIT=1 \
+                     USE_STATIC_PCRE2=1 \
+                     PCRE2_INC="../$(DEP_ROOT_PCRE2)/dist/include" \
+                     PCRE2_LIB="../$(DEP_ROOT_PCRE2)/dist/lib64" \
+                     USE_PROMEX=1 \
+                     USE_QUIC=1 \
+                     USE_SLZ=1 \
+                     USE_TFO=1 \
+                     USE_SYSTEMD=1
+
+all: build $(HAPROXY_DESTDIR)
+
+src:
+	git clone "$(HAPROXY_REPO_SRC)" src
+	git -C "src" checkout "master"
+
+build: src
+	make -C "src" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS) opts
+	make -C "src" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS)
+
+$(HAPROXY_DESTDIR):
+	if ! [ -d "$(HAPROXY_DESTDIR)" ]; then mkdir -v "$(HAPROXY_DESTDIR)"; fi
+	$(MAKE) -C "src" -j "$(shell nproc)" DESTDIR="$(HAPROXY_DESTDIR_ABS)" install
+
+clean:
+	git -C "src" clean -fdx
+
+.PHONY: clean build $(HAPROXY_DESTDIR)

mainline.config

@@ -1,3 +0,0 @@
-HAPROXY_VER=2.6
-HAPROXY_SOURCE_REPO=http://git.haproxy.org/git/haproxy-2.6.git
-HAPROXY_SOURCE_BRANCH=master

nightly.config

@@ -1,3 +0,0 @@
-HAPROXY_VER=nightly
-HAPROXY_SOURCE_REPO=https://github.com/haproxy/haproxy.git
-HAPROXY_SOURCE_BRANCH=master

scripts/haproxy-build.sh

@@ -1,45 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-SRC_DIR=$1
-QUICTLS_PREFIX=$2
-HAPROXY_PREFIX=$3
-
-if ! [ -d "$QUICTLS_PREFIX/include" ]; then
-  echo "No include dir in $QUICTLS_PREFIX"
-fi
-if ! [ -d "$QUICTLS_PREFIX/lib" ]; then
-  echo "No lib dir in $QUICTLS_PREFIX"
-fi
-
-apt -qq update && apt -qq -y --no-install-recommends install \
-  liblua5.3-dev \
-  libpcre2-dev \
-  libsystemd-dev
-
-pushd "$SRC_DIR"
-
-# HAProxy build flags
-make -j "$(nproc)" \
-  DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
-  LDFLAGS="-Wl,-rpath,${QUICTLS_PREFIX}/lib" \
-  SSL_INC="${QUICTLS_PREFIX}/include" \
-  SSL_LIB="${QUICTLS_PREFIX}/lib" \
-  TARGET="linux-glibc" \
-  EXTRAVERSION="+mangadex" \
-  VERDATE="$(date -u -I'minutes')" \
-  USE_DL=1 \
-  USE_GETADDRINFO=1 \
-  USE_LINUX_TPROXY=1 \
-  USE_LUA=1 \
-  USE_OPENSSL=1 \
-  USE_PCRE2=1 \
-  USE_PCRE2_JIT=1 \
-  USE_PROMEX=1 \
-  USE_QUIC=1 \
-  USE_SLZ=1 \
-  USE_TFO=1 \
-  USE_SYSTEMD=1
-
-[ "${HAPROXY_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" DESTDIR="${HAPROXY_PREFIX}" install

scripts/haproxy-clone.sh

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-SRC_REPO=$1
-SRC_BRANCH=$2
-OUT_DIR=$3
-
-PARENT_DIR=$(dirname "$OUT_DIR")
-[ -d "$PARENT_DIR" ] || mkdir -pv "$(dirname "$PARENT_DIR")"
-
-apt -qq update && apt -qq -y --no-install-recommends install git
-
-git clone "$SRC_REPO" "$OUT_DIR"
-git -C "$OUT_DIR" checkout "$SRC_BRANCH"

scripts/quictls-build.sh

@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-SRC_DIR=$1
-OUT_DIR=$2
-
-[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
-pushd "$SRC_DIR"
-
-echo "Ensuring dependencies"
-apt -qq update && apt -qq -y --no-install-recommends install \
-  build-essential
-
-./Configure --libdir=lib -static --prefix="$OUT_DIR" --openssldir="$OUT_DIR"
-make -j "$(nproc)"
-
-[ "${QUICTLS_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" install

scripts/quictls-clone.sh

@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-SRC_TARBALL=$1
-OUT_DIR=$2
-
-[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
-pushd "$OUT_DIR"
-
-echo "Ensuring dependencies"
-apt -qq update && apt -qq -y --no-install-recommends install \
-  ca-certificates \
-  curl \
-  tar
-
-echo "Cloning QuicTLS from $SRC_TARBALL in $OUT_DIR..."
-curl -sSL -o quictls.tar.gz "$SRC_TARBALL"
-tar --strip-components=1 -xf quictls.tar.gz
-rm -v quictls.tar.gz