Merge branch 'openssl303' into 'main'

Build against OpenSSL/QuicTLS 3.0.3+quic

See merge request mangadex-pub/haproxy!2
This commit is contained in:
Tristan 2022-06-11 10:51:11 +00:00
commit e181760ecb
6 changed files with 39 additions and 31 deletions

View File

@ -8,7 +8,7 @@ variables:
GIT_DEPTH: "1"
.build-job: &build-job
image: docker.io/library/debian:buster
image: registry.gitlab.com/mangadex-pub/debuilder/buster:main
needs: [ ]
before_script:
- apt -qq update
@ -69,25 +69,27 @@ docker:
script: |
set -eu
export HAPROXY_VER="2.6"
export DEBIAN_CODENAME="bullseye"
export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S%Z' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')"
export HAPROXY_VERSION="$(cat haproxy/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')"
export HAPROXY_SHORTVER="$(echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2)"
echo "Building image with"
echo " -> haproxy version: $HAPROXY_VER"
echo " -> haproxy version: $HAPROXY_VERSION ($HAPROXY_SHORTVER)"
echo " -> debian codename: $DEBIAN_CODENAME"
echo " -> git commit hash: $CI_COMMIT_SHORT_SHA"
echo " -> build timestamp: $JOB_TIMESTAMP"
export IMAGE_TAG_UNIQUE="$HAPROXY_VER-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP"
export IMAGE_TAG_UNIQUE="$HAPROXY_VERSION-$DEBIAN_CODENAME-$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP"
export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA"
export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG"
export IMAGE_TAG_VERSIONS="$HAPROXY_VER-$DEBIAN_CODENAME"
export IMAGE_TAG_VERSIONS="$HAPROXY_VERSION-$DEBIAN_CODENAME"
export IMAGE_TAG_SHORTVER="$HAPROXY_SHORTVER-$DEBIAN_CODENAME"
if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS"
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS"
export IMAGE_TAG_SHORTVER="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_SHORTVER"
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS / $IMAGE_TAG_SHORTVER"
fi
echo "***"
@ -96,6 +98,7 @@ docker:
echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT"
echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF"
echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS"
echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER"
echo "***"
(
@ -108,6 +111,7 @@ docker:
--destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" \
--destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" \
--destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" \
--destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" \
--single-snapshot
)
needs:
@ -125,7 +129,7 @@ pkg:quictls:
script: |
set -eu
PKG_VER=1.1.1o
PKG_VER="$(cat deps/quictls/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')"
if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
export PKG_VER="branch-$CI_COMMIT_REF_SLUG"
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER"
@ -135,8 +139,6 @@ pkg:quictls:
-H"JOB-TOKEN: $CI_JOB_TOKEN" \
--upload-file "deps/quictls/quictls-dist.tar.gz" \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/quictls/$PKG_VER/quictls.tar.gz"
variables:
GIT_STRATEGY: none
pkg:haproxy:
image: docker.io/curlimages/curl:latest
@ -147,7 +149,7 @@ pkg:haproxy:
script: |
set -eu
PKG_VER=2.6.0
PKG_VER="$(cat haproxy/Makefile | head -n1 | cut -d'=' -f2 | tr -d ' ')"
if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then
export PKG_VER="branch-$CI_COMMIT_REF_SLUG"
echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER"
@ -157,8 +159,6 @@ pkg:haproxy:
-H"JOB-TOKEN: $CI_JOB_TOKEN" \
--upload-file "haproxy/haproxy-dist.tar.gz" \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/$PKG_VER/haproxy.tar.gz"
variables:
GIT_STRATEGY: none
deb:haproxy:
<<: *build-job

12
deps/quictls/Makefile vendored
View File

@ -1,9 +1,8 @@
OPENSSL_VERSION = 1.1.1o
OPENSSL_VERSION = 3.0.3
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
QUICTLS_BRANCH = OpenSSL_$(subst .,_,$(OPENSSL_VERSION))
QUICTLS_BUILD_VERSION = $(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA)
QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA)
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_BRANCH)+quic
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/openssl-$(OPENSSL_VERSION)+quic
QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).tar.gz
QUICTLS_BUILDIR = src
QUICTLS_DESTDIR = dist
@ -20,8 +19,9 @@ $(QUICTLS_BUILDIR): $(QUICTLS_TARBALL)
tar -C $(QUICTLS_BUILDIR) --strip-components=1 -xf "$(QUICTLS_TARBALL)"
build: $(QUICTLS_BUILDIR)
cd "$(QUICTLS_BUILDIR)" && sed -i 's/^# define OPENSSL_VERSION_TEXT.*$\/# define OPENSSL_VERSION_TEXT "OpenSSL $(subst +,\+,$(QUICTLS_BUILD_VERSION)) $(shell date -u +'%e %b %Y')"/g' "include/openssl/opensslv.h"
cd "$(QUICTLS_BUILDIR)" && ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" no-shared
cd "$(QUICTLS_BUILDIR)" && sed -i 's/^BUILD_METADATA.*/BUILD_METADATA=$(QUICTLS_BUILD_VERSION)/g' "VERSION.dat"
cd "$(QUICTLS_BUILDIR)" && sed -i 's/^RELEASE_DATE.*/RELEASE_DATE="$(shell date -u +'%e %b %Y')"/g' "VERSION.dat"
cd "$(QUICTLS_BUILDIR)" && ./Configure --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" --release -static no-deprecated no-shared
$(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA)
ldd "$(QUICTLS_BUILDIR)/apps/openssl" || true
"$(QUICTLS_BUILDIR)/apps/openssl" version

View File

@ -1,9 +1,11 @@
HAPROXY_VERSION = 2.6.0
HAPROXY_GITREF = a1efc048bf8a5e14466dbe7317e73117e8d66176
HAPROXY_SHORTSHA = $(shell echo "$(HAPROXY_GITREF)" | grep -Eo '^.{7}' || exit 1)
HAPROXY_VERSION_MINOR = $(shell echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2)
HAPROXY_SOURCES = https://www.haproxy.org/download/$(HAPROXY_VERSION_MINOR)/src/haproxy-$(HAPROXY_VERSION).tar.gz
HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION).tar.gz
HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION).orig.tar.gz
HAPROXY_SOURCES = https://git.haproxy.org/?p=haproxy.git;a=snapshot;h=$(HAPROXY_GITREF);sf=tgz
HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).tar.gz
HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).orig.tar.gz
HAPROXY_BUILDIR = src
HAPROXY_DESTDIR = dist
HAPROXY_DESTDIR_ABS = $(shell realpath $(HAPROXY_DESTDIR))
@ -19,8 +21,8 @@ BUILD_PATCHES_DIR = $(shell realpath patches)
BUILD_PATCHES_FILES = $(shell ls -1 $(BUILD_PATCHES_DIR))
DEBIAN_PATCHES_DIR = "$(HAPROXY_BUILDIR)/debian/patches"
MAKEARGS = DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
DEFINE="-DMAX_SESS_STKCTR=5" \
MAKEARGS = DEBUG="-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT" \
DEFINE="-DMAX_SESS_STKCTR=5 -DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" \
IGNOREGIT=true \
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
TARGET="linux-glibc" \
@ -62,7 +64,7 @@ $(HAPROXY_BUILDIR): $(HAPROXY_TARBALL)
tar -C "$(HAPROXY_BUILDIR)" --strip-components=1 -xf "$(HAPROXY_TARBALL)"
patches: $(HAPROXY_BUILDIR)
cd "$(HAPROXY_BUILDIR)" && for patch in $(BUILD_PATCHES_FILES); do patch -p1 --forward < "$(BUILD_PATCHES_DIR)/$${patch}" || true; done
@cd "$(HAPROXY_BUILDIR)" && for patch in $(BUILD_PATCHES_FILES); do patch -p1 --forward < "$(BUILD_PATCHES_DIR)/$${patch}" || true; done
build: $(HAPROXY_BUILDIR) patches
$(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" $(MAKEARGS) opts
@ -80,8 +82,8 @@ $(HAPROXY_DEBORIG): $(HAPROXY_TARBALL)
build-deb: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR)
cp -rf debian $(HAPROXY_BUILDIR)/
for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done
for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done
@for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done
@for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done
cd $(HAPROXY_BUILDIR) && debuild -us -uc
rm -fv $(HAPROXY_TARBALL)
rm -rf $(HAPROXY_BUILDIR)
@ -92,7 +94,7 @@ clean:
rm -rf "$(HAPROXY_BUILDIR)"
rm -rf "$(HAPROXY_DESTDIR)"
rm -fv "$(HAPROXY_ARCHIVE)"
rm -fv "haproxy_$(HAPROXY_VERSION)"*
rm -fv "haproxy-dbgsym_$(HAPROXY_VERSION)"*
rm -fv "haproxy_"*
rm -fv "haproxy-dbgsym_"*
.PHONY: clean build patches

View File

@ -1,3 +1,9 @@
haproxy (2.6.0-a1efc04-1~mangadex+1) experimental; urgency=medium
* Upgrade to OpenSSL 3.0.3 (QuicTLS 3.0.3+quic)
-- MangaDex <opensource@mangadex.org> Tue, 11 Jun 2022 08:30:00 +0200
haproxy (2.6.0-100~mangadex+1) experimental; urgency=medium
* Initial release. Packaging version is set to N+100 to ensure it's higher priority

View File

@ -6,8 +6,8 @@ DEP_DIST_ROOT_QUICTLS = $(shell realpath ../../deps/quictls/dist)
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
MAKEARGS = DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS" \
DEFINE="-DMAX_SESS_STKCTR=5" \
MAKEARGS = DEBUG="-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT" \
DEFINE="-DMAX_SESS_STKCTR=5 -DOPENSSL_API_COMPAT=0x10100000L -DOPENSSL_NO_DEPRECATED" \
IGNOREGIT=true \
LDFLAGS="-Wl,-rpath,/opt/quictls/lib" \
TARGET="linux-glibc" \

0
haproxy/patches/.gitkeep Normal file
View File