Initial commit

.gitignore

@@ -0,0 +1,2 @@
+build/
+

.gitlab-ci.yml

@@ -0,0 +1,74 @@
+stages:
+  - build
+
+.docker-build: &docker-build
+  stage: Build
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [ "" ]
+  needs: [ ]
+  variables:
+    GIT_DEPTH: "1"
+    TZ: "UTC"
+  before_script:
+    - mkdir -p /kaniko/.docker
+    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"gitlab-ci-token\",\"password\":\"$CI_JOB_TOKEN\"}}}" > /kaniko/.docker/config.json
+  script: |
+    set -eu
+
+    source "common.config"
+    source "$BUILD_TYPE.config"
+    
+    export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S%Z' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')"
+
+    echo "Building image with"
+    echo "  -> haproxy version: $HAPROXY_VER"
+    echo "  -> debian codename: $DEBIAN_CODENAME"
+    echo "  -> git commit hash: $CI_COMMIT_SHORT_SHA"
+    echo "  -> build timestamp: $JOB_TIMESTAMP"
+
+    export IMAGE_TAG_UNIQUE="$HAPROXY_VER-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP"
+    export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA"
+    export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG"
+
+    export IMAGE_TAG_VERSIONS="$HAPROXY_VER-$DEBIAN_CODENAME"
+    if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
+      export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS"
+      echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS"
+    fi
+
+    export IMAGE_PATH="$CI_REGISTRY_IMAGE/$BUILD_TYPE"
+    
+    echo "***"
+    echo "Will build and push image as:"
+    echo "- $IMAGE_PATH:$IMAGE_TAG_UNIQUE"
+    echo "- $IMAGE_PATH:$IMAGE_TAG_ROLLING_COMMIT"
+    echo "- $IMAGE_PATH:$IMAGE_TAG_ROLLING_GITREF"
+    echo "- $IMAGE_PATH:$IMAGE_TAG_VERSIONS"
+    echo "***"
+
+    (
+      set -x;
+      /kaniko/executor \
+        --single-snapshot \
+        --context     . \
+        --dockerfile  Dockerfile \
+        --build-arg   "DEBIAN_CODENAME=$DEBIAN_CODENAME" \
+        --build-arg   "QUICTLS_SOURCE=$QUICTLS_SOURCE" \
+        --build-arg   "HAPROXY_SOURCE_REPO=$HAPROXY_SOURCE_REPO" \
+        --build-arg   "HAPROXY_SOURCE_BRANCH=$HAPROXY_SOURCE_BRANCH" \
+        --destination "$IMAGE_PATH:$IMAGE_TAG_UNIQUE" \
+        --destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_COMMIT" \
+        --destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_GITREF" \
+        --destination "$IMAGE_PATH:$IMAGE_TAG_ROLLING_DEB"
+    )
+
+mainline:
+  <<: *docker-build
+  variables:
+    BUILD_TYPE: mainline
+
+nightly:
+  <<: *docker-build
+  variables:
+    BUILD_TYPE: nightly

Dockerfile

@@ -0,0 +1,52 @@
+ARG DEBIAN_CODENAME
+FROM docker.io/library/debian:${DEBIAN_CODENAME} as base
+
+FROM base as builder
+
+RUN apt -qq update && \
+    apt install --no-install-recommends -qq -y build-essential
+
+ENV QUICTLS_PREFIX "/opt/quictls"
+ENV HAPROXY_PREFIX "/opt/haproxy"
+
+FROM builder as quictls-build
+
+COPY --chown=root:root scripts/quictls* /scripts/
+
+ENV QUICTLS_BUILD_DIR "/tmp/quictls"
+ENV QUICTLS_MAKE_INSTALL "true"
+ARG QUICTLS_SOURCE
+
+RUN /scripts/quictls-clone.sh ${QUICTLS_SOURCE} "${QUICTLS_BUILD_DIR}"
+RUN /scripts/quictls-build.sh "${QUICTLS_BUILD_DIR}" "${QUICTLS_PREFIX}"
+RUN ls -1 "${QUICTLS_PREFIX}/include" "${QUICTLS_PREFIX}/lib" && "${QUICTLS_PREFIX}/bin/openssl" version
+
+FROM builder as haproxy-build
+
+COPY --from=quictls-build /opt/quictls /opt/quictls
+COPY --chown=root:root scripts/haproxy* /scripts/
+
+ENV HAPROXY_BUILD_DIR "/tmp/haproxy"
+ENV HAPROXY_MAKE_INSTALL "true"
+ARG HAPROXY_SOURCE_REPO
+ARG HAPROXY_SOURCE_BRANCH
+
+RUN /scripts/haproxy-clone.sh "${HAPROXY_SOURCE_REPO}" "${HAPROXY_SOURCE_BRANCH}" "${HAPROXY_BUILD_DIR}"
+RUN /scripts/haproxy-build.sh "${HAPROXY_BUILD_DIR}" "${QUICTLS_PREFIX}" "${HAPROXY_PREFIX}"
+RUN "${HAPROXY_PREFIX}/usr/local/sbin/haproxy" -vv
+
+ARG DEBIAN_CODENAME
+FROM docker.io/library/debian:${DEBIAN_CODENAME}-slim
+
+RUN apt -qq update && \
+    apt -qq -y --no-install-recommends install \
+      ca-certificates \
+      liblua5.3-0 \
+      libpcre2-8-0 \
+      socat && \
+    apt -qq -y --purge autoremove && \
+    apt -qq -y clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/*
+
+COPY --from=quictls-build /opt/quictls /opt/quictls
+COPY --from=haproxy-build /opt/haproxy /

common.config

@@ -0,0 +1,2 @@
+DEBIAN_CODENAME=bullseye
+QUICTLS_SOURCE=https://codeload.github.com/quictls/openssl/tar.gz/openssl-3.0.3+quic

mainline.config

@@ -0,0 +1,3 @@
+HAPROXY_VER=2.6
+HAPROXY_MAINLINE_REPO=http://git.haproxy.org/git/haproxy-2.6.git
+HAPROXY_MAINLINE_BRANCH=master

nightly.config

@@ -0,0 +1,3 @@
+HAPROXY_VER=nightly
+HAPROXY_NIGHTLY_REPO=https://github.com/haproxy/haproxy.git
+HAPROXY_NIGHTLY_BRANCH=master

scripts/haproxy-build.sh

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+SRC_DIR=$1
+QUICTLS_PREFIX=$2
+HAPROXY_PREFIX=$3
+
+if ! [ -d "$QUICTLS_PREFIX/include" ]; then
+  echo "No include dir in $QUICTLS_PREFIX"
+fi
+if ! [ -d "$QUICTLS_PREFIX/lib" ]; then
+  echo "No lib dir in $QUICTLS_PREFIX"
+fi
+
+apt -qq update && apt -qq -y --no-install-recommends install \
+  liblua5.3-dev \
+  libpcre2-dev \
+  libsystemd-dev
+
+pushd "$SRC_DIR"
+
+# HAProxy build flags
+make -j "$(nproc)" \
+  DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
+  LDFLAGS="-Wl,-rpath,${QUICTLS_PREFIX}/lib" \
+  SSL_INC="${QUICTLS_PREFIX}/include" \
+  SSL_LIB="${QUICTLS_PREFIX}/lib" \
+  TARGET="linux-glibc" \
+  EXTRAVERSION="+mangadex" \
+  VERDATE="$(date -u -I'minutes')" \
+  USE_DL=1 \
+  USE_GETADDRINFO=1 \
+  USE_LINUX_TPROXY=1 \
+  USE_LUA=1 \
+  USE_OPENSSL=1 \
+  USE_PCRE2=1 \
+  USE_PCRE2_JIT=1 \
+  USE_PROMEX=1 \
+  USE_QUIC=1 \
+  USE_SLZ=1 \
+  USE_TFO=1 \
+  USE_SYSTEMD=1
+
+[ "${HAPROXY_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" DESTDIR="${HAPROXY_PREFIX}" install

scripts/haproxy-clone.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+SRC_REPO=$1
+SRC_BRANCH=$2
+OUT_DIR=$3
+
+PARENT_DIR=$(dirname "$OUT_DIR")
+[ -d "$PARENT_DIR" ] || mkdir -pv "$(dirname "$PARENT_DIR")"
+
+apt -qq update && apt -qq -y --no-install-recommends install git
+
+git clone "$SRC_REPO" "$OUT_DIR"
+git -C "$OUT_DIR" checkout "$SRC_BRANCH"

scripts/quictls-build.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+SRC_DIR=$1
+OUT_DIR=$2
+
+[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
+pushd "$SRC_DIR"
+
+echo "Ensuring dependencies"
+apt -qq update && apt -qq -y --no-install-recommends install \
+  build-essential
+
+./Configure --libdir=lib -static --prefix="$OUT_DIR" --openssldir="$OUT_DIR"
+make -j "$(nproc)"
+
+[ "${QUICTLS_MAKE_INSTALL:-'false'}" == "true" ] && make -j"$(nproc)" install

scripts/quictls-clone.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+SRC_TARBALL=$1
+OUT_DIR=$2
+
+[ -d "$OUT_DIR" ] || mkdir -pv "$OUT_DIR"
+pushd "$OUT_DIR"
+
+echo "Ensuring dependencies"
+apt -qq update && apt -qq -y --no-install-recommends install \
+  ca-certificates \
+  curl \
+  tar
+
+echo "Cloning QuicTLS from $SRC_TARBALL in $OUT_DIR..."
+curl -sSL -o quictls.tar.gz "$SRC_TARBALL"
+tar --strip-components=1 -xf quictls.tar.gz
+rm -v quictls.tar.gz