Global cleanup for fully reproducible local build
This commit is contained in:
parent
8cc1d4e0db
commit
5971388de4
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
build/
|
||||
|
||||
**/dist
|
||||
**/src
|
||||
**/*.tar.gz
|
||||
|
@ -1,5 +1,48 @@
|
||||
stages:
|
||||
- build
|
||||
- quictls
|
||||
- haproxy
|
||||
|
||||
.default-vars: &default-vars
|
||||
TZ: "UTC"
|
||||
GIT_DEPTH: "1"
|
||||
QUICTLS_VERSION: "3.0.3"
|
||||
QUICTLS_ARCHIVE: "$CI_PROJECT_DIR/quictls/quictls.tar.gz"
|
||||
|
||||
quictls:build:
|
||||
image: docker.io/library/debian:bullseye
|
||||
stage: quictls
|
||||
needs: [ ]
|
||||
before_script:
|
||||
- apt -qq update
|
||||
- apt install -y --no-install-recommends -qq build-essential ca-certificates curl tar
|
||||
script:
|
||||
- cd quictls || exit 1
|
||||
- make clone
|
||||
- make dist
|
||||
- make archive
|
||||
variables:
|
||||
<<: *default-vars
|
||||
BUILDDIR: "$CI_PROJECT_DIR/quictls/build"
|
||||
DESTDIR: "$CI_PROJECT_DIR/quictls/dist"
|
||||
artifacts:
|
||||
expire_in: 14 days
|
||||
paths: [ "$QUICTLS_ARCHIVE" ]
|
||||
|
||||
quictls:upload:
|
||||
image: docker.io/curlimages/curl:latest
|
||||
stage: quictls
|
||||
needs:
|
||||
- job: quictls:build
|
||||
artifacts: true
|
||||
script: |
|
||||
set -eu
|
||||
curl \
|
||||
-H"JOB-TOKEN: $CI_JOB_TOKEN" \
|
||||
--upload-file "$QUICTLS_ARCHIVE" \
|
||||
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/quictls/$QUICTLS_VERSION/quictls.tar.gz"
|
||||
variables:
|
||||
<<: *default-vars
|
||||
GIT_STRATEGY: none
|
||||
|
||||
.docker-build: &docker-build
|
||||
stage: build
|
||||
|
52
Dockerfile
52
Dockerfile
@ -1,52 +0,0 @@
|
||||
ARG DEBIAN_CODENAME
|
||||
FROM docker.io/library/debian:${DEBIAN_CODENAME} as base
|
||||
|
||||
FROM base as builder
|
||||
|
||||
RUN apt -qq update && \
|
||||
apt install --no-install-recommends -qq -y build-essential
|
||||
|
||||
ENV QUICTLS_PREFIX "/opt/quictls"
|
||||
ENV HAPROXY_PREFIX "/opt/haproxy"
|
||||
|
||||
FROM builder as quictls-build
|
||||
|
||||
COPY --chown=root:root scripts/quictls* /scripts/
|
||||
|
||||
ENV QUICTLS_BUILD_DIR "/tmp/quictls"
|
||||
ENV QUICTLS_MAKE_INSTALL "true"
|
||||
ARG QUICTLS_SOURCE
|
||||
|
||||
RUN /scripts/quictls-clone.sh ${QUICTLS_SOURCE} "${QUICTLS_BUILD_DIR}"
|
||||
RUN /scripts/quictls-build.sh "${QUICTLS_BUILD_DIR}" "${QUICTLS_PREFIX}"
|
||||
RUN ls -1 "${QUICTLS_PREFIX}/include" "${QUICTLS_PREFIX}/lib" && "${QUICTLS_PREFIX}/bin/openssl" version
|
||||
|
||||
FROM builder as haproxy-build
|
||||
|
||||
COPY --from=quictls-build /opt/quictls /opt/quictls
|
||||
COPY --chown=root:root scripts/haproxy* /scripts/
|
||||
|
||||
ENV HAPROXY_BUILD_DIR "/tmp/haproxy"
|
||||
ENV HAPROXY_MAKE_INSTALL "true"
|
||||
ARG HAPROXY_SOURCE_REPO
|
||||
ARG HAPROXY_SOURCE_BRANCH
|
||||
|
||||
RUN /scripts/haproxy-clone.sh "${HAPROXY_SOURCE_REPO}" "${HAPROXY_SOURCE_BRANCH}" "${HAPROXY_BUILD_DIR}"
|
||||
RUN /scripts/haproxy-build.sh "${HAPROXY_BUILD_DIR}" "${QUICTLS_PREFIX}" "${HAPROXY_PREFIX}"
|
||||
RUN "${HAPROXY_PREFIX}/usr/local/sbin/haproxy" -vv
|
||||
|
||||
ARG DEBIAN_CODENAME
|
||||
FROM docker.io/library/debian:${DEBIAN_CODENAME}-slim
|
||||
|
||||
RUN apt -qq update && \
|
||||
apt -qq -y --no-install-recommends install \
|
||||
ca-certificates \
|
||||
liblua5.3-0 \
|
||||
libpcre2-8-0 \
|
||||
socat && \
|
||||
apt -qq -y --purge autoremove && \
|
||||
apt -qq -y clean && \
|
||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/*
|
||||
|
||||
COPY --from=quictls-build /opt/quictls /opt/quictls
|
||||
COPY --from=haproxy-build /opt/haproxy /
|
17
Makefile
Normal file
17
Makefile
Normal file
@ -0,0 +1,17 @@
|
||||
all: deps haproxy
|
||||
|
||||
deps: deps/lua deps/pcre2 deps/quictls
|
||||
|
||||
deps/lua:
|
||||
$(MAKE) -C "deps/lua"
|
||||
|
||||
deps/pcre2:
|
||||
$(MAKE) -C "deps/pcre2"
|
||||
|
||||
deps/quictls:
|
||||
$(MAKE) -C "deps/quictls"
|
||||
|
||||
haproxy:
|
||||
$(MAKE) -C "haproxy"
|
||||
|
||||
.PHONY: deps/* haproxy
|
@ -1,2 +0,0 @@
|
||||
DEBIAN_CODENAME=bullseye
|
||||
QUICTLS_SOURCE=https://codeload.github.com/quictls/openssl/tar.gz/openssl-3.0.3+quic
|
27
deps/lua/Makefile
vendored
Normal file
27
deps/lua/Makefile
vendored
Normal file
@ -0,0 +1,27 @@
|
||||
LUA_VERSION = 5.3.6
|
||||
LUA_SOURCES = https://www.lua.org/ftp/lua-$(LUA_VERSION).tar.gz
|
||||
LUA_TARBALL = lua-$(LUA_VERSION).tar.gz
|
||||
LUA_DESTDIR = dist
|
||||
LUA_DESTDIR_ABS = $(shell realpath $(LUA_DESTDIR))
|
||||
|
||||
all: build $(LUA_DESTDIR)
|
||||
|
||||
src:
|
||||
if ! [ -d "src" ]; then mkdir -v "src"; fi
|
||||
|
||||
src/lua-$(LUA_VERSION).tar.gz: src
|
||||
curl -sSL -o "$(LUA_TARBALL)" "$(LUA_SOURCES)"
|
||||
|
||||
build: src/lua-$(LUA_VERSION).tar.gz
|
||||
tar -C src --strip-components=1 -xf "$(LUA_TARBALL)"
|
||||
$(MAKE) -C src -j$(shell nproc) linux
|
||||
|
||||
$(LUA_DESTDIR): build
|
||||
if ! [ -d "$(LUA_DESTDIR)" ]; then mkdir -v "$(LUA_DESTDIR)"; fi
|
||||
$(MAKE) -C src -j$(shell nproc) install INSTALL_TOP="$(LUA_DESTDIR_ABS)"
|
||||
|
||||
clean:
|
||||
rm -rf "src"
|
||||
rm -rf "$(LUA_DESTDIR)"
|
||||
|
||||
.PHONY: clean build
|
28
deps/pcre2/Makefile
vendored
Normal file
28
deps/pcre2/Makefile
vendored
Normal file
@ -0,0 +1,28 @@
|
||||
PCRE2_VERSION = 10.40
|
||||
PCRE2_SOURCES = https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$(PCRE2_VERSION)/pcre2-$(PCRE2_VERSION).tar.gz
|
||||
PCRE2_TARBALL = pcre2-$(PCRE2_VERSION).tar.gz
|
||||
|
||||
PCRE2_DESTDIR = dist
|
||||
PCRE2_DESTDIR_ABS = $(shell realpath $(PCRE2_DESTDIR))
|
||||
|
||||
all: build dist
|
||||
|
||||
src:
|
||||
if ! [ -d "src" ]; then mkdir -v "src"; fi
|
||||
|
||||
src/pcre2-$(PCRE2_VERSION).tar.gz: src
|
||||
curl -sSL -o "$(PCRE2_TARBALL)" "$(PCRE2_SOURCES)"
|
||||
|
||||
build: src/pcre2-$(PCRE2_VERSION).tar.gz
|
||||
tar -C src --strip-components=1 -xf "$(PCRE2_TARBALL)"
|
||||
if [ -f "src/CmakeCache.txt" ]; then rm -v "src/CmakeCache.txt"; fi
|
||||
cd "src" && cmake -DPCRE2_STATIC_PIC=ON -DPCRE2_SUPPORT_JIT=ON -DCMAKE_INSTALL_PREFIX="$(PCRE2_DESTDIR_ABS)" . && make
|
||||
|
||||
dist: build
|
||||
if ! [ -d "$(PCRE2_DESTDIR)" ]; then mkdir -v "$(PCRE2_DESTDIR)"; fi
|
||||
cd "src" && make install
|
||||
|
||||
clean:
|
||||
rm -rf "src"
|
||||
|
||||
.PHONY: clean build dist
|
37
deps/quictls/Makefile
vendored
Normal file
37
deps/quictls/Makefile
vendored
Normal file
@ -0,0 +1,37 @@
|
||||
QUICTLS_VERSION = OpenSSL_1_1_1o
|
||||
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_VERSION)+quic
|
||||
QUICTLS_TARBALL = quictls-$(QUICTLS_VERSION).tar.gz
|
||||
QUICTLS_DESTDIR = dist
|
||||
QUICTLS_DESTDIR_ABS = $(shell realpath $(QUICTLS_DESTDIR))
|
||||
QUICTLS_ARCHIVE = quictls-$(QUICTLS_VERSION)-dist.tar.gz
|
||||
|
||||
all: build $(QUICTLS_DESTDIR) archive
|
||||
|
||||
src:
|
||||
if ! [ -d "src" ]; then mkdir -v "src"; fi
|
||||
|
||||
src/quictls-$(QUICTLS_VERSION).tar.gz: src
|
||||
curl -sSL -o "$(QUICTLS_TARBALL)" "$(QUICTLS_SOURCES)"
|
||||
|
||||
build: src/quictls-$(QUICTLS_VERSION).tar.gz
|
||||
tar -C src --strip-components=1 -xf "$(QUICTLS_TARBALL)"
|
||||
cd "src" && ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" no-shared
|
||||
$(MAKE) -C "src" -j "$(shell nproc)"
|
||||
ldd "src/apps/openssl" || true
|
||||
src/apps/openssl version
|
||||
|
||||
$(QUICTLS_DESTDIR):
|
||||
if ! [ -d "$(QUICTLS_DESTDIR)" ]; then mkdir -v "$(QUICTLS_DESTDIR)"; fi
|
||||
$(MAKE) -C "src" -j "$(shell nproc)" DESTDIR="$(QUICTLS_DESTDIR_ABS)" install_sw
|
||||
|
||||
# Take a moment to hate on how fucking shit the `tar` CLI is with me, especially regarding the awkward dance of path prefixes. Press S.
|
||||
archive: $(QUICTLS_DESTDIR)
|
||||
tar -C "$(QUICTLS_DESTDIR)" -cjf "$(QUICTLS_ARCHIVE)" "opt"
|
||||
|
||||
clean:
|
||||
@rm -rf "src" || true
|
||||
@rm -rf "$(QUICTLS_TARBALL)" || true
|
||||
@rm -rf "$(QUICTLS_DESTDIR)" || true
|
||||
@rm -v "$(QUICTLS_ARCHIVE)" || true
|
||||
|
||||
.PHONY: clean build $(QUICTLS_DESTDIR) dist archive
|
52
haproxy/Makefile
Normal file
52
haproxy/Makefile
Normal file
@ -0,0 +1,52 @@
|
||||
HAPROXY_REPO_SRC = http://git.haproxy.org/git/haproxy-2.6.git
|
||||
HAPROXY_DESTDIR = dist
|
||||
HAPROXY_DESTDIR_ABS = $(shell realpath $(HAPROXY_DESTDIR))
|
||||
|
||||
DEP_ROOT_LUA = ../deps/lua
|
||||
DEP_ROOT_PCRE2 = ../deps/pcre2
|
||||
DEP_ROOT_QUICTLS = ../deps/quictls
|
||||
|
||||
HAPROXY_MAKE_ARGS := DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
|
||||
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
|
||||
TARGET="linux-glibc" \
|
||||
EXTRAVERSION="+mangadex" \
|
||||
VERDATE="$$(date -u -I'minutes')" \
|
||||
USE_DL=1 \
|
||||
USE_GETADDRINFO=1 \
|
||||
USE_LINUX_TPROXY=1 \
|
||||
USE_LUA=1 \
|
||||
LUA_INC="../$(DEP_ROOT_LUA)/dist/include" \
|
||||
LUA_LIB="../$(DEP_ROOT_LUA)/dist/lib" \
|
||||
LUA_LIB_NAME="lua" \
|
||||
USE_OPENSSL=1 \
|
||||
SSL_INC="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/include" \
|
||||
SSL_LIB="../$(DEP_ROOT_QUICTLS)/dist/opt/quictls/lib" \
|
||||
USE_PCRE2=1 \
|
||||
USE_PCRE2_JIT=1 \
|
||||
USE_STATIC_PCRE2=1 \
|
||||
PCRE2_INC="../$(DEP_ROOT_PCRE2)/dist/include" \
|
||||
PCRE2_LIB="../$(DEP_ROOT_PCRE2)/dist/lib64" \
|
||||
USE_PROMEX=1 \
|
||||
USE_QUIC=1 \
|
||||
USE_SLZ=1 \
|
||||
USE_TFO=1 \
|
||||
USE_SYSTEMD=1
|
||||
|
||||
all: build $(HAPROXY_DESTDIR)
|
||||
|
||||
src:
|
||||
git clone "$(HAPROXY_REPO_SRC)" src
|
||||
git -C "src" checkout "master"
|
||||
|
||||
build: src
|
||||
make -C "src" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS) opts
|
||||
make -C "src" -j "$(shell nproc)" $(HAPROXY_MAKE_ARGS)
|
||||
|
||||
$(HAPROXY_DESTDIR):
|
||||
if ! [ -d "$(HAPROXY_DESTDIR)" ]; then mkdir -v "$(HAPROXY_DESTDIR)"; fi
|
||||
$(MAKE) -C "src" -j "$(shell nproc)" DESTDIR="$(HAPROXY_DESTDIR_ABS)" install
|
||||
|
||||
clean:
|
||||
git -C "src" clean -fdx
|
||||
|
||||
.PHONY: clean build $(HAPROXY_DESTDIR)
|
@ -1,3 +0,0 @@
|
||||
HAPROXY_VER=2.6
|
||||
HAPROXY_SOURCE_REPO=http://git.haproxy.org/git/haproxy-2.6.git
|
||||
HAPROXY_SOURCE_BRANCH=master
|
@ -1,3 +0,0 @@
|
||||
HAPROXY_VER=nightly
|
||||
HAPROXY_SOURCE_REPO=https://github.com/haproxy/haproxy.git
|
||||
HAPROXY_SOURCE_BRANCH=master
|
@ -1,45 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_DIR=$1
|
||||
QUICTLS_PREFIX=$2
|
||||
HAPROXY_PREFIX=$3
|
||||
|
||||
if ! [ -d "$QUICTLS_PREFIX/include" ]; then
|
||||
echo "No include dir in $QUICTLS_PREFIX"
|
||||
fi
|
||||
if ! [ -d "$QUICTLS_PREFIX/lib" ]; then
|
||||
echo "No lib dir in $QUICTLS_PREFIX"
|
||||
fi
|
||||
|
||||
apt -qq update && apt -qq -y --no-install-recommends install \
|
||||
liblua5.3-dev \
|
||||
libpcre2-dev \
|
||||
libsystemd-dev
|
||||
|
||||
pushd "$SRC_DIR"
|
||||
|
||||
# HAProxy build flags
|
||||
make -j "$(nproc)" \
|
||||
DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
|
||||
LDFLAGS="-Wl,-rpath,${QUICTLS_PREFIX}/lib" \
|
||||
SSL_INC="${QUICTLS_PREFIX}/include" \
|
||||
SSL_LIB="${QUICTLS_PREFIX}/lib" \
|
||||
TARGET="linux-glibc" \
|
||||
EXTRAVERSION="+mangadex" \
|
||||
VERDATE="$(date -u -I'minutes')" \
|
||||
USE_DL=1 \
|
||||
USE_GETADDRINFO=1 \
|
||||
USE_LINUX_TPROXY=1 \
|
||||
USE_LUA=1 \
|
||||
USE_OPENSSL=1 \
|
||||
USE_PCRE2=1 \
|
||||
USE_PCRE2_JIT=1 \
|
||||
USE_PROMEX=1 \
|
||||
USE_QUIC=1 \
|
||||
USE_SLZ=1 \
|
||||
USE_TFO=1 \
|
||||
USE_SYSTEMD=1
|
||||
|
||||
[ "${HAPROXY_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" DESTDIR="${HAPROXY_PREFIX}" install
|
@ -1,15 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_REPO=$1
|
||||
SRC_BRANCH=$2
|
||||
OUT_DIR=$3
|
||||
|
||||
PARENT_DIR=$(dirname "$OUT_DIR")
|
||||
[ -d "$PARENT_DIR" ] || mkdir -pv "$(dirname "$PARENT_DIR")"
|
||||
|
||||
apt -qq update && apt -qq -y --no-install-recommends install git
|
||||
|
||||
git clone "$SRC_REPO" "$OUT_DIR"
|
||||
git -C "$OUT_DIR" checkout "$SRC_BRANCH"
|
@ -1,18 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_DIR=$1
|
||||
OUT_DIR=$2
|
||||
|
||||
[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
|
||||
pushd "$SRC_DIR"
|
||||
|
||||
echo "Ensuring dependencies"
|
||||
apt -qq update && apt -qq -y --no-install-recommends install \
|
||||
build-essential
|
||||
|
||||
./Configure --libdir=lib -static --prefix="$OUT_DIR" --openssldir="$OUT_DIR"
|
||||
make -j "$(nproc)"
|
||||
|
||||
[ "${QUICTLS_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" install
|
@ -1,20 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
SRC_TARBALL=$1
|
||||
OUT_DIR=$2
|
||||
|
||||
[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
|
||||
pushd "$OUT_DIR"
|
||||
|
||||
echo "Ensuring dependencies"
|
||||
apt -qq update && apt -qq -y --no-install-recommends install \
|
||||
ca-certificates \
|
||||
curl \
|
||||
tar
|
||||
|
||||
echo "Cloning QuicTLS from $SRC_TARBALL in $OUT_DIR..."
|
||||
curl -sSL -o quictls.tar.gz "$SRC_TARBALL"
|
||||
tar --strip-components=1 -xf quictls.tar.gz
|
||||
rm -v quictls.tar.gz
|
Loading…
Reference in New Issue
Block a user