diff --git a/.github/actions/openziti-tunnel-build-action/README.md b/.github/actions/openziti-tunnel-build-action/README.md index 5b645c751..da4af3aa1 100644 --- a/.github/actions/openziti-tunnel-build-action/README.md +++ b/.github/actions/openziti-tunnel-build-action/README.md @@ -21,11 +21,11 @@ - name: redhat version: "7" type: rpm - container: quay.io/centos/centos:7 + container: docker.io/library/centos:7 - name: redhat version: "8" type: rpm - container: quay.io/rockylinux/rockylinux:8 + container: docker.io/library/rockylinux:8 - name: configure build action for distro version env: diff --git a/.github/actions/openziti-tunnel-build-action/action.yml b/.github/actions/openziti-tunnel-build-action/action.yml index 503a97b34..d8c3d1a59 100644 --- a/.github/actions/openziti-tunnel-build-action/action.yml +++ b/.github/actions/openziti-tunnel-build-action/action.yml @@ -1,9 +1,12 @@ name: 'OpenZiti Tunneler Build Action' description: 'Builds ziti-edge-tunnel binary and install package for Linux' author: 'NetFoundry' -outputs: - package_type: - description: lowercase filename suffix of the install package built by this action +inputs: + arch: + description: 'The architecture string used by entrypoint.sh to select CMAKE_TOOLCHAIN_FILE' + required: false runs: using: 'docker' image: 'Dockerfile' + args: + - ${{ inputs.arch }} diff --git a/.github/actions/openziti-tunnel-build-action/redhat-7/Dockerfile b/.github/actions/openziti-tunnel-build-action/redhat-7/Dockerfile index 1e5513c0d..1027216ff 100644 --- a/.github/actions/openziti-tunnel-build-action/redhat-7/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/redhat-7/Dockerfile @@ -1,10 +1,10 @@ ARG CMAKE_VERSION="3.22.3" -FROM quay.io/centos/centos:7 +FROM docker.io/library/centos:7 ARG CMAKE_VERSION -LABEL org.opencontainers.image.authors="steven.broderick@netfoundry.io,kenneth.bingham@netfoundry.io" +LABEL org.opencontainers.image.authors="support@netfoundry.io" USER root WORKDIR /root/ @@ -25,7 +25,7 @@ RUN yum -y install \ devtoolset-11-libatomic-devel \ && yum clean all -RUN curl -L https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-x86_64.sh -o cmake.sh \ +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ && (bash cmake.sh --skip-license --prefix=/usr/local) \ && rm cmake.sh diff --git a/.github/actions/openziti-tunnel-build-action/redhat-7/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/redhat-7/entrypoint.sh index c8e11740f..cc2349326 100755 --- a/.github/actions/openziti-tunnel-build-action/redhat-7/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/redhat-7/entrypoint.sh @@ -10,6 +10,25 @@ echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" echo "INFO: WORKDIR=${PWD}" echo "INFO: $(git --version)" +# if first positional is an expected arch string then set toolchain file, else default toolchain +if (( ${#} )); then + case ${1} in + amd64) CMAKE_TOOLCHAIN_FILE="default.cmake" + shift + ;; + arm64) CMAKE_TOOLCHAIN_FILE="Linux-arm64.cmake" + shift + ;; + arm) CMAKE_TOOLCHAIN_FILE="Linux-arm.cmake" + shift + ;; + *) CMAKE_TOOLCHAIN_FILE="default.cmake" + ;; + esac +else + CMAKE_TOOLCHAIN_FILE="default.cmake" +fi + # workspace dir for each build env is added to "safe" dirs in global config e.g. # ~/.gitconfig so both runner and builder containers trust these dirs # owned by different UIDs from that of Git's EUID. This is made necessary @@ -24,13 +43,14 @@ done cmake -E make_directory ./build ( + [[ -d ./build ]] && rm -r ./build + cmake -E make_directory ./build # allow unset for scl_source scripts set +u - cmake -E make_directory ./build source scl_source enable devtoolset-11 \ && cmake \ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + -DCMAKE_TOOLCHAIN_FILE=./toolchains/${CMAKE_TOOLCHAIN_FILE} \ -DBUILD_DIST_PACKAGES=ON \ -DDISABLE_LIBSYSTEMD_FEATURE=ON \ -S . \ diff --git a/.github/actions/openziti-tunnel-build-action/redhat-8/Dockerfile b/.github/actions/openziti-tunnel-build-action/redhat-8/Dockerfile index 925d7a4e7..3dd74e7cf 100644 --- a/.github/actions/openziti-tunnel-build-action/redhat-8/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/redhat-8/Dockerfile @@ -1,6 +1,10 @@ -FROM quay.io/rockylinux/rockylinux:8 +ARG CMAKE_VERSION="3.22.3" -LABEL org.opencontainers.image.authors="steven.broderick@netfoundry.io,kenneth.bingham@netfoundry.io" +FROM rockylinux:8 + +ARG CMAKE_VERSION + +LABEL org.opencontainers.image.authors="support@netfoundry.io" USER root WORKDIR /root/ @@ -11,7 +15,6 @@ ENV TZ=UTC RUN dnf install -y \ "@Development Tools" \ - cmake \ dnf-plugins-core \ gcc-toolset-10 \ gcc-toolset-10-libatomic-devel \ @@ -29,7 +32,10 @@ RUN dnf install -y \ git \ && dnf clean all - +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ + && (bash cmake.sh --skip-license --prefix=/usr/local) \ + && rm cmake.sh + WORKDIR /github/workspace COPY ./entrypoint.sh /root/ ENTRYPOINT [ "/root/entrypoint.sh" ] diff --git a/.github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh index 70344a2e1..34592914e 100755 --- a/.github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh @@ -10,6 +10,25 @@ echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" echo "INFO: WORKDIR=${PWD}" echo "INFO: $(git --version)" +# if first positional is an expected arch string then set toolchain file, else default toolchain +if (( ${#} )); then + case ${1} in + amd64) CMAKE_TOOLCHAIN_FILE="default.cmake" + shift + ;; + arm64) CMAKE_TOOLCHAIN_FILE="Linux-arm64.cmake" + shift + ;; + arm) CMAKE_TOOLCHAIN_FILE="Linux-arm.cmake" + shift + ;; + *) CMAKE_TOOLCHAIN_FILE="default.cmake" + ;; + esac +else + CMAKE_TOOLCHAIN_FILE="default.cmake" +fi + # workspace dir for each build env is added to "safe" dirs in global config e.g. # ~/.gitconfig so both runner and builder containers trust these dirs # owned by different UIDs from that of Git's EUID. This is made necessary @@ -24,12 +43,14 @@ done cmake -E make_directory ./build ( + [[ -d ./build ]] && rm -r ./build + cmake -E make_directory ./build # allow unset for scl_source scripts set +u source scl_source enable gcc-toolset-10 \ && cmake \ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + -DCMAKE_TOOLCHAIN_FILE=./toolchains/${CMAKE_TOOLCHAIN_FILE} \ -DBUILD_DIST_PACKAGES=ON \ -DUSE_OPENSSL=ON \ -S . \ diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-14.04/Dockerfile b/.github/actions/openziti-tunnel-build-action/ubuntu-14.04/Dockerfile index 932fb6ea3..cd59ead0c 100644 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-14.04/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-14.04/Dockerfile @@ -4,7 +4,7 @@ FROM ubuntu:trusty ARG CMAKE_VERSION -LABEL org.opencontainers.image.authors="steven.broderick@netfoundry.io,kenneth.bingham@netfoundry.io" +LABEL org.opencontainers.image.authors="support@netfoundry.io" ENV DEBIAN_FRONTEND=noninteractive ENV GIT_DISCOVERY_ACROSS_FILESYSTEM=1 @@ -39,7 +39,7 @@ RUN update-alternatives \ --slave /usr/bin/g++ g++ /usr/bin/g++-9 \ --slave /usr/bin/gcov gcov /usr/bin/gcov-9 -RUN curl -L https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-x86_64.sh -o cmake.sh \ +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ && (bash cmake.sh --skip-license --prefix=/usr/local) \ && rm cmake.sh diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-14.04/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/ubuntu-14.04/entrypoint.sh index 91a111554..199cacf29 100755 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-14.04/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-14.04/entrypoint.sh @@ -10,6 +10,25 @@ echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" echo "INFO: WORKDIR=${PWD}" echo "INFO: $(git --version)" +# if first positional is an expected arch string then set toolchain file, else default toolchain +if (( ${#} )); then + case ${1} in + amd64) CMAKE_TOOLCHAIN_FILE="default.cmake" + shift + ;; + arm64) CMAKE_TOOLCHAIN_FILE="Linux-arm64.cmake" + shift + ;; + arm) CMAKE_TOOLCHAIN_FILE="Linux-arm.cmake" + shift + ;; + *) CMAKE_TOOLCHAIN_FILE="default.cmake" + ;; + esac +else + CMAKE_TOOLCHAIN_FILE="default.cmake" +fi + # workspace dir for each build env is added to "safe" dirs in global config e.g. # ~/.gitconfig so both runner and builder containers trust these dirs # owned by different UIDs from that of Git's EUID. This is made necessary @@ -22,10 +41,11 @@ for SAFE in \ git config --global --add safe.directory ${SAFE} done +[[ -d ./build ]] && rm -r ./build cmake -E make_directory ./build cmake \ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + -DCMAKE_TOOLCHAIN_FILE=./toolchains/${CMAKE_TOOLCHAIN_FILE} \ -DBUILD_DIST_PACKAGES=ON \ -DDISABLE_LIBSYSTEMD_FEATURE=ON \ -S . \ diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/Dockerfile b/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/Dockerfile index 47c74072d..f5e901be6 100644 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/Dockerfile @@ -4,7 +4,7 @@ FROM ubuntu:xenial ARG CMAKE_VERSION -LABEL org.opencontainers.image.authors="steven.broderick@netfoundry.io,kenneth.bingham@netfoundry.io" +LABEL org.opencontainers.image.authors="support@netfoundry.io" ENV DEBIAN_FRONTEND=noninteractive ENV GIT_DISCOVERY_ACROSS_FILESYSTEM=1 @@ -28,7 +28,7 @@ RUN apt-get -y update \ zlib1g-dev \ && rm -rf /var/lib/apt/lists/* -RUN curl -L https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-x86_64.sh -o cmake.sh \ +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ && (bash cmake.sh --skip-license --prefix=/usr/local) \ && rm cmake.sh diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/entrypoint.sh index 9f1a82dac..e85efb53f 100755 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-16.04/entrypoint.sh @@ -10,6 +10,25 @@ echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" echo "INFO: WORKDIR=${PWD}" echo "INFO: $(git --version)" +# if first positional is an expected arch string then set toolchain file, else default toolchain +if (( ${#} )); then + case ${1} in + amd64) CMAKE_TOOLCHAIN_FILE="default.cmake" + shift + ;; + arm64) CMAKE_TOOLCHAIN_FILE="Linux-arm64.cmake" + shift + ;; + arm) CMAKE_TOOLCHAIN_FILE="Linux-arm.cmake" + shift + ;; + *) CMAKE_TOOLCHAIN_FILE="default.cmake" + ;; + esac +else + CMAKE_TOOLCHAIN_FILE="default.cmake" +fi + # workspace dir for each build env is added to "safe" dirs in global config e.g. # ~/.gitconfig so both runner and builder containers trust these dirs # owned by different UIDs from that of Git's EUID. This is made necessary @@ -22,12 +41,13 @@ for SAFE in \ git config --global --add safe.directory ${SAFE} done +[[ -d ./build ]] && rm -r ./build cmake \ -E make_directory \ ./build cmake \ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + -DCMAKE_TOOLCHAIN_FILE=./toolchains/${CMAKE_TOOLCHAIN_FILE} \ -DBUILD_DIST_PACKAGES=ON \ -DDISABLE_LIBSYSTEMD_FEATURE=ON \ -S . \ diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/Dockerfile b/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/Dockerfile index 7068c039e..8df96c6c1 100644 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/Dockerfile @@ -1,10 +1,11 @@ ARG CMAKE_VERSION="3.22.3" +# Ubuntu Bionic 18.04 LTS FROM ubuntu:bionic ARG CMAKE_VERSION -LABEL org.opencontainers.image.authors="steven.broderick@netfoundry.io,kenneth.bingham@netfoundry.io" +LABEL org.opencontainers.image.authors="support@netfoundry.io" ENV DEBIAN_FRONTEND=noninteractive ENV GIT_DISCOVERY_ACROSS_FILESYSTEM=1 @@ -15,22 +16,22 @@ WORKDIR /root/ ENV PATH="/usr/local/:${PATH}" -RUN apt-get -y update \ +RUN apt-get update \ && apt-get -y install \ build-essential \ curl \ doxygen \ git \ graphviz \ + libsystemd-dev \ iproute2 \ pkg-config \ python3 \ - libsystemd-dev \ zlib1g-dev \ libssl-dev \ && rm -rf /var/lib/apt/lists/* -RUN curl -L https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-x86_64.sh -o cmake.sh \ +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ && (bash cmake.sh --skip-license --prefix=/usr/local) \ && rm cmake.sh diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/entrypoint.sh index afe020580..3cfdb4459 100755 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-18.04/entrypoint.sh @@ -10,6 +10,25 @@ echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" echo "INFO: WORKDIR=${PWD}" echo "INFO: $(git --version)" +# if first positional is an expected arch string then set toolchain file, else default toolchain +if (( ${#} )); then + case ${1} in + amd64) CMAKE_TOOLCHAIN_FILE="default.cmake" + shift + ;; + arm64) CMAKE_TOOLCHAIN_FILE="Linux-arm64.cmake" + shift + ;; + arm) CMAKE_TOOLCHAIN_FILE="Linux-arm.cmake" + shift + ;; + *) CMAKE_TOOLCHAIN_FILE="default.cmake" + ;; + esac +else + CMAKE_TOOLCHAIN_FILE="default.cmake" +fi + # workspace dir for each build env is added to "safe" dirs in global config e.g. # ~/.gitconfig so both runner and builder containers trust these dirs # owned by different UIDs from that of Git's EUID. This is made necessary @@ -22,12 +41,13 @@ for SAFE in \ git config --global --add safe.directory ${SAFE} done +[[ -d ./build ]] && rm -r ./build cmake \ -E make_directory \ ./build cmake \ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + -DCMAKE_TOOLCHAIN_FILE=./toolchains/${CMAKE_TOOLCHAIN_FILE} \ -DBUILD_DIST_PACKAGES=ON \ -DUSE_OPENSSL=ON \ -S . \ diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-20.04/Dockerfile b/.github/actions/openziti-tunnel-build-action/ubuntu-20.04/Dockerfile index 95b8553bc..e05464006 100644 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-20.04/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-20.04/Dockerfile @@ -1,6 +1,11 @@ -FROM ubuntu:focal +ARG CMAKE_VERSION="3.22.3" -LABEL org.opencontainers.image.authors="steven.broderick@netfoundry.io,kenneth.bingham@netfoundry.io" +# upstream of Ubuntu Focal 20.04 LTS +FROM debian:bullseye + +ARG CMAKE_VERSION + +LABEL org.opencontainers.image.authors="support@netfoundry.io" ENV DEBIAN_FRONTEND=noninteractive ENV GIT_DISCOVERY_ACROSS_FILESYSTEM=1 @@ -9,10 +14,14 @@ ENV TZ=UTC USER root WORKDIR /root/ -RUN apt-get -y update \ +RUN apt-get update \ && apt-get -y install \ + gcc-arm-linux-gnueabihf \ + g++-arm-linux-gnueabihf \ + gcc-aarch64-linux-gnu \ + crossbuild-essential-arm64 \ + crossbuild-essential-armhf \ build-essential \ - cmake \ curl \ doxygen \ git \ @@ -25,5 +34,16 @@ RUN apt-get -y update \ libssl-dev \ && rm -rf /var/lib/apt/lists/* +RUN dpkg --add-architecture arm64 && dpkg --add-architecture armhf +RUN apt-get update \ + && apt-get -y install \ + libssl-dev:arm64 \ + libssl-dev:armhf \ + && rm -rf /var/lib/apt/lists/* + +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ + && (bash cmake.sh --skip-license --prefix=/usr/local) \ + && rm cmake.sh + COPY ./entrypoint.sh /root/ -ENTRYPOINT [ "/root/entrypoint.sh" ] \ No newline at end of file +ENTRYPOINT [ "/root/entrypoint.sh" ] diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-20.04/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/ubuntu-20.04/entrypoint.sh index 2e3b4df55..88a334c66 100755 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-20.04/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-20.04/entrypoint.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Ubuntu Focal 20.04 +# Debian Bullseye/Ubuntu Focal 20.04 # set -euo pipefail @@ -10,6 +10,25 @@ echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" echo "INFO: WORKDIR=${PWD}" echo "INFO: $(git --version)" +# if first positional is an expected arch string then set toolchain file, else default toolchain +if (( ${#} )); then + case ${1} in + amd64) CMAKE_TOOLCHAIN_FILE="default.cmake" + shift + ;; + arm64) CMAKE_TOOLCHAIN_FILE="Linux-arm64.cmake" + shift + ;; + arm) CMAKE_TOOLCHAIN_FILE="Linux-arm.cmake" + shift + ;; + *) CMAKE_TOOLCHAIN_FILE="default.cmake" + ;; + esac +else + CMAKE_TOOLCHAIN_FILE="default.cmake" +fi + # workspace dir for each build env is added to "safe" dirs in global config e.g. # ~/.gitconfig so both runner and builder containers trust these dirs # owned by different UIDs from that of Git's EUID. This is made necessary @@ -22,18 +41,19 @@ for SAFE in \ git config --global --add safe.directory ${SAFE} done +[[ -d ./build ]] && rm -r ./build cmake \ -E make_directory \ - ./build + ./build/ cmake \ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + -DCMAKE_TOOLCHAIN_FILE=./toolchains/${CMAKE_TOOLCHAIN_FILE} \ -DBUILD_DIST_PACKAGES=ON \ -DUSE_OPENSSL=ON \ - -S . \ - -B ./build + -S "${PWD}/" \ + -B ./build/ cmake \ - --build ./build \ + --build ./build/ \ --target package \ --verbose diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-22.04/Dockerfile b/.github/actions/openziti-tunnel-build-action/ubuntu-22.04/Dockerfile index 92a10fb26..c516e7ea8 100644 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-22.04/Dockerfile +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-22.04/Dockerfile @@ -1,6 +1,11 @@ -FROM ubuntu:jammy +ARG CMAKE_VERSION="3.22.3" -LABEL org.opencontainers.image.authors="netfoundry.io" +# upstream of Ubuntu Jammy 22.04 LTS +FROM debian:bookworm + +ARG CMAKE_VERSION + +LABEL org.opencontainers.image.authors="support@netfoundry.io" ENV DEBIAN_FRONTEND=noninteractive ENV GIT_DISCOVERY_ACROSS_FILESYSTEM=1 @@ -9,10 +14,14 @@ ENV TZ=UTC USER root WORKDIR /root/ -RUN apt-get -y update \ +RUN apt-get update \ && apt-get -y install \ + gcc-arm-linux-gnueabihf \ + g++-arm-linux-gnueabihf \ + gcc-aarch64-linux-gnu \ + crossbuild-essential-arm64 \ + crossbuild-essential-armhf \ build-essential \ - cmake \ curl \ doxygen \ git \ @@ -25,5 +34,16 @@ RUN apt-get -y update \ libssl-dev \ && rm -rf /var/lib/apt/lists/* +RUN dpkg --add-architecture arm64 && dpkg --add-architecture armhf +RUN apt-get update \ + && apt-get -y install \ + libssl-dev:arm64 \ + libssl-dev:armhf \ + && rm -rf /var/lib/apt/lists/* + +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ + && (bash cmake.sh --skip-license --prefix=/usr/local) \ + && rm cmake.sh + COPY ./entrypoint.sh /root/ -ENTRYPOINT [ "/root/entrypoint.sh" ] \ No newline at end of file +ENTRYPOINT [ "/root/entrypoint.sh" ] diff --git a/.github/actions/openziti-tunnel-build-action/ubuntu-22.04/entrypoint.sh b/.github/actions/openziti-tunnel-build-action/ubuntu-22.04/entrypoint.sh index cb397212b..de7ebaf9c 100755 --- a/.github/actions/openziti-tunnel-build-action/ubuntu-22.04/entrypoint.sh +++ b/.github/actions/openziti-tunnel-build-action/ubuntu-22.04/entrypoint.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # -# Ubuntu Jammy 22.04 +# Debian Bookworm/Ubuntu Jammy 22.04 # set -euo pipefail @@ -10,6 +10,25 @@ echo "INFO: GIT_DISCOVERY_ACROSS_FILESYSTEM=${GIT_DISCOVERY_ACROSS_FILESYSTEM}" echo "INFO: WORKDIR=${PWD}" echo "INFO: $(git --version)" +# if first positional is an expected arch string then set toolchain file, else default toolchain +if (( ${#} )); then + case ${1} in + amd64) CMAKE_TOOLCHAIN_FILE="default.cmake" + shift + ;; + arm64) CMAKE_TOOLCHAIN_FILE="Linux-arm64.cmake" + shift + ;; + arm) CMAKE_TOOLCHAIN_FILE="Linux-arm.cmake" + shift + ;; + *) CMAKE_TOOLCHAIN_FILE="default.cmake" + ;; + esac +else + CMAKE_TOOLCHAIN_FILE="default.cmake" +fi + # workspace dir for each build env is added to "safe" dirs in global config e.g. # ~/.gitconfig so both runner and builder containers trust these dirs # owned by different UIDs from that of Git's EUID. This is made necessary @@ -22,12 +41,13 @@ for SAFE in \ git config --global --add safe.directory ${SAFE} done +[[ -d ./build ]] && rm -r ./build cmake \ -E make_directory \ ./build cmake \ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_TOOLCHAIN_FILE=./toolchains/default.cmake \ + -DCMAKE_TOOLCHAIN_FILE=./toolchains/${CMAKE_TOOLCHAIN_FILE} \ -DBUILD_DIST_PACKAGES=ON \ -DUSE_OPENSSL=ON \ -S . \ diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index cac50e178..7140fe886 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -25,6 +25,11 @@ jobs: arch: x86_64 toolchain: default.cmake + - os: macOS-11 + name: macOS arm64 + arch: arm64 + toolchain: macOS-arm64.cmake + - os: windows-latest name: Windows x86_64 arch: x86_64 diff --git a/.github/workflows/cpack.yml b/.github/workflows/cpack.yml index f59824bee..58a5d0788 100644 --- a/.github/workflows/cpack.yml +++ b/.github/workflows/cpack.yml @@ -22,8 +22,15 @@ jobs: fail-fast: false matrix: arch: - - rpm: x86_64 # this value matches yum var $basearch - deb: amd64 # this value matches debian arch + - cmake: amd64 # selects CMAKE_TOOLCHAIN_FILE + rpm: x86_64 # yum $basearch + deb: amd64 # dpkg --print-architecture + - cmake: arm + rpm: armhfp + deb: armhf + - cmake: arm64 + rpm: aarch64 + deb: arm64 distro: - name: ubuntu version: "22.04" @@ -49,17 +56,57 @@ jobs: version: "7" release_name: ${{ null }} type: rpm - container: quay.io/centos/centos:7 + container: docker.io/library/centos:7 - name: redhat version: "8" release_name: ${{ null }} type: rpm - container: quay.io/rockylinux/rockylinux:8 + container: docker.io/library/rockylinux:8 - name: redhat version: "9" release_name: ${{ null }} type: rpm - container: quay.io/rockylinux/rockylinux:9 + container: docker.io/library/rockylinux:9 + exclude: + - distro: + name: ubuntu + release_name: xenial + arch: + cmake: arm + - distro: + name: ubuntu + release_name: xenial + arch: + cmake: arm64 + - distro: + name: ubuntu + release_name: trusty + arch: + cmake: arm + - distro: + name: ubuntu + release_name: trusty + arch: + cmake: arm64 + - distro: + name: ubuntu + release_name: bionic + arch: + cmake: arm + - distro: + name: ubuntu + release_name: bionic + arch: + cmake: arm64 + - distro: + name: redhat + arch: + cmake: arm + - distro: + name: redhat + arch: + cmake: arm64 + steps: # only focal-20.04 has >= 2.18, which is required by actions/checkout to clone # which enables cmake version discovery @@ -109,8 +156,11 @@ jobs: ./.github/actions/openziti-tunnel-build-action/${FILE} done + # entrypoint.sh uses the value of arch to lookup the cmake toolchain file - name: build binary and package uses: ./.github/actions/openziti-tunnel-build-action + with: + arch: ${{ matrix.arch.cmake }} - name: list build artifacts run: | @@ -128,17 +178,18 @@ jobs: yes|dpkg --install ./build/ziti-edge-tunnel-*.deb || apt-get --yes --fix-broken install - name: install package artifact in runner container if Ubuntu >= 16.04 - if: ${{ matrix.distro.name == 'ubuntu' && matrix.distro.version != '14.04' }} + if: ${{ matrix.arch.cmake == 'amd64' && matrix.distro.name == 'ubuntu' && matrix.distro.version != '14.04' }} run: | apt -y install ./build/ziti-edge-tunnel-*.deb - name: install package artifact in runner container if RedHat - if: ${{ matrix.distro.name == 'redhat' }} + if: ${{ matrix.arch.cmake == 'amd64' && matrix.distro.name == 'redhat' }} run: | set -x yum -y install ./build/ziti-edge-tunnel-*.rpm - name: run binary artifact + if: ${{ matrix.arch.cmake == 'amd64' }} run: | set -x cat /etc/*-release @@ -154,7 +205,7 @@ jobs: - name: Configure jFrog CLI if: ${{ github.event_name == 'release' && startsWith(github.ref, 'refs/tags/v') }} - uses: jfrog/setup-jfrog-cli@v2 + uses: jfrog/setup-jfrog-cli@v3 env: JF_ENV_1: ${{ secrets.ZITI_ARTIFACTORY_CLI_CONFIG_PACKAGE_UPLOAD }} @@ -172,7 +223,7 @@ jobs: run: > jf rt upload ./build/ziti-edge-tunnel-*.${{ matrix.distro.type }} - /zitipax-openziti-deb-stable/pool/ziti-edge-tunnel/${{ matrix.distro.release_name }}/ + /zitipax-openziti-deb-stable/pool/ziti-edge-tunnel/${{ matrix.distro.release_name }}/${{ matrix.arch.deb }}/ --deb=${{ matrix.distro.release_name }}/main/${{ matrix.arch.deb }} --recursive=false --flat=true diff --git a/CMakeLists.txt b/CMakeLists.txt index 1cb058ce8..85c9da3a5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,7 @@ -cmake_minimum_required(VERSION 3.14) +cmake_minimum_required(VERSION 3.20) if(NOT ZITI_SDK_C_BRANCH) #allow using a different branch of the CSDK easily - set(ZITI_SDK_C_BRANCH "0.30.2") + set(ZITI_SDK_C_BRANCH "0.30.8") endif() # if TUNNEL_SDK_ONLY then don't descend into programs/ziti-edge-tunnel diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f9b98ebcc..6e2411779 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,6 @@ # Contributing NetFoundry welcomes all and any contributions. All open source projects managed by NetFoundry share a common -[guide for contributions](https://openziti.github.io/policies/CONTRIBUTING.html). +[guide for contributions](https://openziti.github.io/docs/introduction/openziti-is-software/#contributing). If you are eager to contribute to a NetFoundry-managed open source project please read and act accordingly. diff --git a/docker/Dockerfile.linux-build b/docker/Dockerfile.linux-build deleted file mode 100644 index 75ff1353a..000000000 --- a/docker/Dockerfile.linux-build +++ /dev/null @@ -1,42 +0,0 @@ -FROM debian:buster-slim -# -# this file mirrors the build params used in the GitHub Actions and enables -# reproducible crossbuilds for downstream forks for Ziti contributors -# -# usage -# docker run with top-level of tunneler SDK repo mounted as writeable volume on /mnt - -ARG uid=1000 -ARG gid=1000 -ENV TZ=Etc/UTC -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get -y update -# cmake stuff -RUN apt-get install -y software-properties-common wget gpg && \ - apt-get clean all -RUN wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null \ - | gpg --dearmor - > /etc/apt/trusted.gpg.d/kitware.gpg -RUN apt-add-repository "deb https://apt.kitware.com/ubuntu/ bionic main" - -# multi-platform stuff -RUN apt-get -y install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf gcc-aarch64-linux-gnu crossbuild-essential-arm64 -# tunneler SDK stuff -RUN apt-get -y update \ - && apt-get -y install \ - build-essential \ - cmake \ - curl \ - doxygen \ - git \ - graphviz \ - libsystemd-dev \ - iproute2 \ - pkg-config \ - python3 \ - zlib1g-dev \ - libssl-dev \ - && rm -rf /var/lib/apt/lists/* - -USER ${uid}:${gid} -WORKDIR /mnt/ -ENTRYPOINT ["/mnt/docker/linux-build.sh"] diff --git a/docker/Dockerfile.linux-cross-build b/docker/Dockerfile.linux-cross-build new file mode 100644 index 000000000..6617a3fa9 --- /dev/null +++ b/docker/Dockerfile.linux-cross-build @@ -0,0 +1,45 @@ +ARG CMAKE_VERSION="3.22.3" +FROM debian:buster-slim +# +# usage +# docker run with top-level of tunneler SDK repo mounted as writeable volume on /mnt + +ARG CMAKE_VERSION +ARG uid=1000 +ARG gid=1000 +ENV TZ=Etc/UTC +ENV DEBIAN_FRONTEND=noninteractive +RUN apt-get update \ + && apt-get -y install \ + gcc-arm-linux-gnueabihf \ + g++-arm-linux-gnueabihf \ + gcc-aarch64-linux-gnu \ + crossbuild-essential-arm64 \ + crossbuild-essential-armhf \ + build-essential \ + curl \ + doxygen \ + git \ + graphviz \ + libsystemd-dev \ + iproute2 \ + pkg-config \ + python3 \ + zlib1g-dev \ + libssl-dev \ + && rm -rf /var/lib/apt/lists/* + +RUN dpkg --add-architecture arm64 && dpkg --add-architecture armhf +RUN apt-get update \ + && apt-get -y install \ + libssl-dev:arm64 \ + libssl-dev:armhf \ + && rm -rf /var/lib/apt/lists/* + +RUN curl -sSfL https://cmake.org/files/v${CMAKE_VERSION%.*}/cmake-${CMAKE_VERSION}-linux-$(uname -m).sh -o cmake.sh \ + && (bash cmake.sh --skip-license --prefix=/usr/local) \ + && rm cmake.sh + +USER ${uid}:${gid} +WORKDIR /mnt/ +ENTRYPOINT ["/mnt/docker/linux-cross-build.sh"] diff --git a/docker/Dockerfile.linux-native-build b/docker/Dockerfile.linux-native-build new file mode 100644 index 000000000..d27db2be2 --- /dev/null +++ b/docker/Dockerfile.linux-native-build @@ -0,0 +1,39 @@ +ARG CMAKE_VERSION="3.22.3" +FROM debian:jessie-slim +# +# (cd ./docker; DOCKER_BUILDKIT=1 docker build --platform arm --file Dockerfile.linux-native-build -t openziti/ziti-edge-tunnel-builder:debian-jessie-arm ./;) +# docker run --rm -it --volume "${PWD}:/mnt" --platform arm openziti/ziti-edge-tunnel-builder:debian-jessie-arm + + +ARG CMAKE_VERSION +ARG uid=1000 +ARG gid=0 +ENV TZ=Etc/UTC +ENV DEBIAN_FRONTEND=noninteractive +RUN apt-get update \ + && apt-get -y install \ + build-essential \ + curl \ + doxygen \ + git \ + graphviz \ + libsystemd-dev \ + iproute2 \ + pkg-config \ + python3 \ + zlib1g-dev \ + libssl-dev \ + && rm -rf /var/lib/apt/lists/* + +# binary releases are available for x86_64, arm64 +RUN curl -sSfL https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.tar.gz -o cmake.tgz \ + && tar xf cmake.tgz \ + && (cd ./cmake-${CMAKE_VERSION} && ./bootstrap && make && make install) \ + && rm -r ./cmake-${CMAKE_VERSION} + +# the purpose of the uid:gid is to avoid root-owned build output folder +RUN getent group ${gid} &>/dev/null || groupadd --gid ${gid} ziggy +RUN getent passwd ${uid} &>/dev/null || useradd --system --home-dir /mnt --gid ${gid} --uid ${uid} ziggy +USER ${uid}:${gid} +WORKDIR /mnt +ENTRYPOINT ["/mnt/docker/linux-native-build.sh"] diff --git a/docker/README.md b/docker/README.md index ada65fbda..6c08aa6f4 100644 --- a/docker/README.md +++ b/docker/README.md @@ -20,8 +20,6 @@ You may bind a host directory to the container filesystem in `/ziti-edge-tunnel` This image runs `ziti-edge-tunnel run-host` on the Red Hat 8 Universal Base Image to optimize deployability within the Red Hat ecosystem e.g. OpenShift. The `ziti-edge-tunnel run-host` hosting-only mode of the Linux tunneler is useful as a sidecar for publishing containerized servers located in a Docker bridge network (use network mode `bridge`) or any other server running in the Docker host's network (use network mode `host`). -This image is used by [the eponymous Helm chart, `ziti-host`](https://openziti.github.io/helm-charts/). - See the [the Linux tunneler doc](https://openziti.github.io/ziti/clients/linux.html) for general info about the Linux tunneler that is installed in this container image. ### Image Tags for `openziti/ziti-host` @@ -32,7 +30,7 @@ The `openziti/ziti-host` image is published in Docker Hub and manually updated f The Dockerfile for `openziti/ziti-host` is [./Dockerfile.ziti-host](./Dockerfile.ziti-host). There's no build or test automation for this image yet. -### Examples using `openziti/ziti-host` +### Hosting a Ziti Service with `openziti/ziti-host` Publish servers that are reachable on the Docker host's network e.g. `tcp:localhost:54321`: @@ -59,7 +57,7 @@ docker run \ openziti/ziti-host ``` -This example uses the included Docker Compose project to illustrate publishing a server container to your OpenZiti Network. +This example uses [the included Docker Compose project](./docker-compose.yml) to illustrate publishing a server container to your OpenZiti Network. 1. Create an OpenZiti Config with type `intercept.v1`. @@ -111,7 +109,71 @@ This example uses the included Docker Compose project to illustrate publishing a 1. Access the demo server via your OpenZiti Network: [http://hello-docker.ziti](http://hello-docker.ziti) -Please reference [the included Compose project](docker-compose.yml) for examples that exercise the various container images, options, and run modes. +### Docker Compose Examples for `openziti/ziti-host` + +Get a single, enrolled identity configuration from an environment variable. You could define the value of the variable with an `.env` file in the same directory as `docker-compose.yml`. + +```yaml +version: "3.9" +services: + ziti-host: + image: openziti/ziti-host + environment: + - ZITI_IDENTITY_JSON +``` + +Configure a single, enrolled identity from the host filesystem directory where `docker-compose.yml` file is located. + +In this example, the file `ziti_id.jwt` exists and is used to enroll on the first run, producing `ziti_id.json`, the identity configuration file. Subsequent runs will use only the enrolled identity's JSON configuration file. + +```yaml +version: "3.9" +services: + ziti-host: + image: openziti/ziti-host + volumes: + - .:/ziti-edge-tunnel + environment: + - ZITI_IDENTITY_BASENAME=ziti_id +``` + +Configure all enrolled identities from a named volume. + +In this example, all of the files named like *.json in the volume are loaded. + +```yaml +version: "3.9" +services: + ziti-host: + image: openziti/ziti-host + volumes: + - ziti-identities:/ziti-edge-tunnel +volumes: + ziti-identities: +``` + +Enroll a single identity with a token from an environment variable and store in a named volume. + +```yaml +version: "3.9" +services: + ziti-host: + image: openziti/ziti-host + volumes: + - ziti-identity:/ziti-edge-tunnel + environment: + - ZITI_IDENTITY_BASENAME=ziti_id + - ZITI_ENROLL_TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dCIsImV4cCI6MTY3MDAwEFQ2NywiaXNzIjoiaHR0cHM6Ly83Y2U3ZTQyNC02YTkyLTRmZjItOTQ1OS1lYmJiYTMyMzQ2ZmEucHJvZHVjdGlvbi5uZXRmb3VuZHJ5LmlvOjQ0MyIsImp0aSI6ImQ0YjczZjFlLTRkOWEtNDk0ZC04NGQxLTQ2OWE1MGQyYzhmMCIsInN1YiI6ImdXdkQwaTd5RDkifQ.R5t2hoH0W1vJUn78_O8azoJ05FWLLSh6J3Q1XaDOidaYgDOWcLm7YiV99rymnjSjRC86IjNsAyZK678_D2dqyefR3VBI8LepamZ5jVSAcDFCF3Swk_jszcHDqcYs2YCucr6qrwsv8NTqEdUAJ8NVOiRaZbGhSuBvXTmWilCkCLcL7R4tXpIHakM_2WA4_tmwdbN8i7SGPPAB6pZOK_xDW10nBjg5Fe3Of_-53Gd-3swm9D3Yms1iIPBfMIQUWNzYaOCBa8UvGo8d9JjvJKgTlkMwZHL3hayzAuVEXoR1-LbA1t1Nhd8FgjvuL-YxN0XLaA3koL-FijL7ehWZoyUYPuO3xi63SQpbO-oDtX89jvGLMVercZBscXQsmCkDcj8OAnTb3Czb8HmsHgfydqvT6epUNFxFe_fSGz-CuGIuFBQwygfpBriGBnwVk8dnIJt7Wl75jPR8v-NImIIv1dKCI_ZajlsJ5l8D4OGnj76pBs3Wu7Hq1zxAbJ8HPJmi_ywTHAHVJVghifRTIR6_SyfeZGsHDY9s8YH5ErYvarBvMxwPCmjMMY3SKM_YOPG0u1c-KKByS3m7x7qia6P1ShWwGkbMmY722iFeVvoGN7SD51CkZiqWHClhBtdDv6_1K7y62KEmiX0D4YHXoikNqMCoPwa4yKyDRzoO8DKcAzaVRRg +volumes: + ziti-identity: +``` + +### Kubernetes Deployments for `openziti/ziti-host` + +You can use the this container in a Kubernetes pod network in the same way that it's used with a Docker network, to publish cluster services, internal node IPs, etc. to the Ziti network. + +- [Helm Chart `openziti/ziti-host`](https://openziti.github.io/helm-charts/#ziti-host) +- [Deployment manifest](./ziti-host-deployment.yaml) ## Container Image `openziti/ziti-edge-tunnel` @@ -132,7 +194,7 @@ The container image `openziti/ziti-edge-tunnel` is published in Docker Hub and f The main Dockerfile for `openziti/ziti-edge-tunnel` is [./Dockerfile](./Dockerfile). This image is typically built with the BuildKit wrapper script [./buildx.sh](./buildx.sh) and there is not yet any build or test automation for this image. -### Examples using `openziti/ziti-edge-tunnel` +### Accessing Ziti Services with `openziti/ziti-edge-tunnel` Transparent Proxy `run` mode configures an OpenZiti nameserver running on the local device and captures any layer 4 traffic that matches an authorized service destination. @@ -149,9 +211,63 @@ docker run \ openziti/ziti-edge-tunnel ``` -This example uses the Docker Compose project included in this repo. +### Docker Compose Examples for `openziti/ziti-edge-tunnel` + +This example uses [the Docker Compose project](./docker-compose.yml) included in this repo. ```bash # enrolled identity file ziti_id.json is in the same directory as docker-compose.yml ZITI_IDENTITY_BASENAME=ziti_id docker-compose run ziti-tun ``` + +This example uses a single, enrolled identity configuration file `ziti_id.json` in the same directory as `docker-compose.yml`. + +```yaml +version: "3.9" +services: + ziti-tun: + image: openziti/ziti-edge-tunnel + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - .:/ziti-edge-tunnel + - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket + environment: + - ZITI_IDENTITY_BASENAME=ziti_id + - PFXLOG_NO_JSON=true # suppress JSON logging + network_mode: host + privileged: true +``` + +### Kubernetes Deployments for `openziti/ziti-edge-tunnel` + +[Daemonset manifest](./ziti-tun-daemonset.yaml): provides a nameserver `100.64.0.2`, but containers don't automatically use it until you configure cluster DNS. CoreDNS doesn't currently have a fallthrough mechanism, but you can use conventional names for your Ziti services' like `*.ziti` and configure CoreDNS to forward queries that match that namespace to the Ziti nameserver. + +```yaml +apiVersion: v1 +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance + } + ziti { + forward . 100.64.0.2 + } +``` diff --git a/docker/buildx.sh b/docker/buildx.sh index 42d909aaa..1d7d1f836 100755 --- a/docker/buildx.sh +++ b/docker/buildx.sh @@ -50,7 +50,7 @@ EOF DIRNAME=$(dirname "$0") || exit $? EXIT=0 -while getopts :r:chlf OPT;do +while getopts :r:chlfP OPT;do case $OPT in r) CONTAINER_REPO=$OPTARG ;; @@ -60,7 +60,9 @@ while getopts :r:chlf OPT;do ;; l) FLAGS+=$OPT # also tag and push latest ;; - f) FLAGS+=$OPT + f) FLAGS+=$OPT # clobber existing tag(s) in Hub + ;; + P) FLAGS+=$OPT # don't push container image to Hub ;; \?|*) _usage 1 # error ;; @@ -91,6 +93,14 @@ if [[ ${FLAGS:-} =~ l ]]; then TAG_PARAMS+=" --tag=\"${CONTAINER_REPO}:latest\"" fi +if [[ ${FLAGS:-} =~ P ]]; then + # if no push then load in image cache + BUILDX_OUTPUT="" +else + # default is push to Hub + BUILDX_OUTPUT="--push" +fi + docker run --rm --privileged tonistiigi/binfmt:qemu-v6.2.0 grep -E -q 'enabled' /proc/sys/fs/binfmt_misc/qemu-arm docker run --rm --platform linux/arm64/v8 arm64v8/alpine uname -a | grep -Eq 'aarch64 Linux' @@ -98,12 +108,12 @@ docker run --rm --platform linux/arm/v7 arm32v7/alpine uname -a | grep -Eq 'armv docker buildx create --use --name=ziti-builder 2>/dev/null || docker buildx use --default ziti-builder # if -if [[ ${FLAGS:-} =~ f ]] || ! curl -sSLf https://registry.hub.docker.com/v2/repositories/${CONTAINER_REPO}/tags/${ZITI_VERSION} &>/dev/null; then +if [[ ${FLAGS:-} =~ P ]] || [[ ${FLAGS:-} =~ f ]] || ! curl -sSLf https://registry.hub.docker.com/v2/repositories/${CONTAINER_REPO}/tags/${ZITI_VERSION} &>/dev/null; then eval docker buildx build "${DIRNAME}" \ --platform="linux/amd64,linux/arm/v7,linux/arm64" \ --build-arg=ZITI_VERSION="${ZITI_VERSION}" \ "${TAG_PARAMS}" \ - --push + "${BUILDX_OUTPUT}" else echo "ERROR: Docker tag ziti-edge-tunnel:${ZITI_VERSION} already exists. Carefully send option -f to clobber Docker image tag." >&2 EXIT=1 diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 8ea208897..f72cb6681 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -22,7 +22,6 @@ function alldone() { # if successfully sent to background then send SIGTERM to trigger a cleanup # of resolver config, tun devices and associated routes [[ "${ZITI_EDGE_TUNNEL_PID:-}" =~ ^[0-9]+$ ]] && { - ps -fww "$ZITI_EDGE_TUNNEL_PID" kill -TERM "$ZITI_EDGE_TUNNEL_PID" # let entrypoint script exit after ziti-tunnel PID wait "$ZITI_EDGE_TUNNEL_PID" diff --git a/docker/fetch-github-releases.sh b/docker/fetch-github-releases.sh index ea162b94e..724c6bba4 100755 --- a/docker/fetch-github-releases.sh +++ b/docker/fetch-github-releases.sh @@ -43,7 +43,8 @@ fi host_arch=$(uname -m) case "${host_arch}" in "x86_64") artifact_arch="x86_64";; -"armv7l"|"aarch64") artifact_arch="arm";; +"armv7l") artifact_arch="arm";; +"aarch64") artifact_arch="arm64";; *) echo "ERROR: Ziti binaries do not exist for architecture ${host_arch}"; exit 1;; esac diff --git a/docker/linux-build.sh b/docker/linux-cross-build.sh similarity index 60% rename from docker/linux-build.sh rename to docker/linux-cross-build.sh index af101b6cb..a69805e8f 100755 --- a/docker/linux-build.sh +++ b/docker/linux-cross-build.sh @@ -1,9 +1,6 @@ #!/usr/bin/env bash # -# build the Linux artifacts for amd64, arm64 -# -# runs one background job per desired architecture unless there are too few CPUs -# +# cross-compile the Linux artifacts for the target architecture on amd64 # set -o pipefail -e -u @@ -11,12 +8,30 @@ set -x DIRNAME=$(dirname $0) REPO_DIR=${DIRNAME}/.. # parent of the top-level dir where this script lives +: ${USE_OPENSSL:="OFF"} +: ${TARGET:="bundle"} +: ${BUILD_DIST_PACKAGES:="OFF"} +: ${DISABLE_LIBSYSTEMD_FEATURE:="OFF"} -if (( ${#} )) && [[ $1 == --use-openssl ]]; then - shift - USE_OPENSSL="ON" -else - USE_OPENSSL="OFF" +if (( ${#} )); then + for OPT in ${*}; do + case $OPT in + --openssl) + USE_OPENSSL="ON" + shift + ;; + --package) + USE_OPENSSL="ON" + TARGET="package" + BUILD_DIST_PACKAGES="ON" + shift + ;; + --no-systemd) + DISABLE_LIBSYSTEMD_FEATURE="ON" + shift + ;; + esac + done fi # if no architectures supplied then default list of three @@ -26,8 +41,6 @@ else typeset -a JOBS=(amd64 arm64 arm) fi -typeset -A BUILDS - for ARCH in ${JOBS[@]}; do CMAKE_BUILD_DIR=${REPO_DIR}/build-${ARCH} # adjacent the top-level dir where this script lives [[ -d ${CMAKE_BUILD_DIR} ]] && rm -rf ${CMAKE_BUILD_DIR} @@ -35,13 +48,16 @@ for ARCH in ${JOBS[@]}; do # cd ${CMAKE_BUILD_DIR} case ${ARCH} in amd64) { cmake \ + -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/default.cmake \ -DUSE_OPENSSL=${USE_OPENSSL} \ + -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ + -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ -S ${REPO_DIR} \ -B ${CMAKE_BUILD_DIR} \ && cmake \ --build ${CMAKE_BUILD_DIR} \ - --target bundle \ + --target ${TARGET} \ --verbose; } ;; @@ -49,11 +65,13 @@ for ARCH in ${JOBS[@]}; do -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/Linux-arm64.cmake \ -DUSE_OPENSSL=${USE_OPENSSL} \ + -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ + -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ -S ${REPO_DIR} \ -B ${CMAKE_BUILD_DIR} \ && cmake \ --build ${CMAKE_BUILD_DIR} \ - --target bundle \ + --target ${TARGET} \ --verbose; } ;; @@ -61,11 +79,13 @@ for ARCH in ${JOBS[@]}; do -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/Linux-arm.cmake \ -DUSE_OPENSSL=${USE_OPENSSL} \ + -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ + -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ -S ${REPO_DIR} \ -B ${CMAKE_BUILD_DIR} \ && cmake \ --build ${CMAKE_BUILD_DIR} \ - --target bundle \ + --target ${TARGET} \ --verbose; } ;; diff --git a/docker/linux-native-build.sh b/docker/linux-native-build.sh new file mode 100755 index 000000000..dfbb04eb7 --- /dev/null +++ b/docker/linux-native-build.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +# +# build the Linux artifacts for the native architecture +# + +set -o pipefail -e -u +set -x + +DIRNAME=$(dirname $0) +REPO_DIR=${DIRNAME}/.. # parent of the top-level dir where this script lives +: ${USE_OPENSSL:="OFF"} +: ${TARGET:="bundle"} +: ${BUILD_DIST_PACKAGES:="OFF"} +: ${DISABLE_LIBSYSTEMD_FEATURE:="OFF"} + +if (( ${#} )); then + for OPT in ${*}; do + case $OPT in + --openssl) + USE_OPENSSL="ON" + shift + ;; + --package) + USE_OPENSSL="ON" + TARGET="package" + BUILD_DIST_PACKAGES="ON" + shift + ;; + --no-systemd) + DISABLE_LIBSYSTEMD_FEATURE="ON" + shift + ;; + esac + done +fi + +ARCH=$(dpkg --print-architecture) +CMAKE_BUILD_DIR=${REPO_DIR}/build-${ARCH} # adjacent the top-level dir where this script lives +[[ -d ${CMAKE_BUILD_DIR} ]] && rm -rf ${CMAKE_BUILD_DIR} +mkdir ${CMAKE_BUILD_DIR} +cmake \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_TOOLCHAIN_FILE=${REPO_DIR}/toolchains/default.cmake \ + -DUSE_OPENSSL=${USE_OPENSSL} \ + -DBUILD_DIST_PACKAGES=${BUILD_DIST_PACKAGES} \ + -DDISABLE_LIBSYSTEMD_FEATURE=${DISABLE_LIBSYSTEMD_FEATURE} \ + -S ${REPO_DIR} \ + -B ${CMAKE_BUILD_DIR} \ +&& cmake \ + --build ${CMAKE_BUILD_DIR} \ + --target ${TARGET} \ + --verbose; diff --git a/docker/ziti-host-deployment.yaml b/docker/ziti-host-deployment.yaml new file mode 100644 index 000000000..8051c1df8 --- /dev/null +++ b/docker/ziti-host-deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ziti-host + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ziti-host + template: + metadata: + labels: + app.kubernetes.io/name: ziti-host + spec: + containers: + - env: + - name: ZITI_IDENTITY_BASENAME + value: ziti-host-identity + image: openziti/ziti-host + name: ziti-host + volumeMounts: + - mountPath: /ziti-edge-tunnel + name: persisted-identity + readOnly: true + volumes: + - name: persisted-identity + secret: + defaultMode: 256 + items: + - key: persisted-identity + path: ziti-host-identity.json + secretName: ziti-host-identity diff --git a/docker/ziti-tun-daemonset.yaml b/docker/ziti-tun-daemonset.yaml new file mode 100644 index 000000000..06f63a930 --- /dev/null +++ b/docker/ziti-tun-daemonset.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: ziti-run-node +spec: + selector: + matchLabels: + app: ziti-edge-tunnel + template: + metadata: + labels: + app: ziti-edge-tunnel + spec: + containers: + - image: openziti/ziti-edge-tunnel + name: ziti-edge-tunnel + env: + - name: ZITI_IDENTITY_BASENAME + value: ziti-identity + volumeMounts: + - name: ziti-enrolled-identity + mountPath: /ziti-edge-tunnel + readOnly: true + - name: system-bus-socket + mountPath: /var/run/dbus/system_bus_socket + securityContext: + privileged: true + args: # [] + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + node-role.kubernetes.io/node: worker + restartPolicy: Always + volumes: + - name: ziti-enrolled-identity + secret: # kubectl create secret generic ziti-enrolled-identity --from-file=ziti-enrolled-identity=./myZitiIdentityFile.json + secretName: ziti-enrolled-identity + defaultMode: 0400 + items: + - key: ziti-enrolled-identity + path: ziti-identity.json + - name: system-bus-socket + hostPath: + path: /var/run/dbus/system_bus_socket \ No newline at end of file diff --git a/lib/ziti-tunnel-cbs/ziti_dns.c b/lib/ziti-tunnel-cbs/ziti_dns.c index 4d4ac8545..8638ee8b1 100644 --- a/lib/ziti-tunnel-cbs/ziti_dns.c +++ b/lib/ziti-tunnel-cbs/ziti_dns.c @@ -259,12 +259,12 @@ static bool check_name(const char *name, char clean_name[MAX_DNS_NAME], bool *is char *p = clean_name; if (*hp == '*' && *(hp + 1) == '.') { - *is_domain = true; + if (is_domain) *is_domain = true; *p++ = '*'; *p++ = '.'; hp += 2; } else { - *is_domain = false; + if (is_domain) *is_domain = false; } bool need_alphanum = true; @@ -686,7 +686,10 @@ ssize_t on_dns_req(void *ziti_io_ctx, void *write_ctx, const void *q_packet, siz if (q->type == NS_T_A || q->type == NS_T_AAAA) { process_host_req(req); } else { - dns_domain_t *domain = find_domain(q->name); + // find domain requires normalized name + char reqname[MAX_DNS_NAME]; + check_name(q->name, reqname, NULL); + dns_domain_t *domain = find_domain(reqname); if (domain) { proxy_domain_req(req, domain); } else { diff --git a/lib/ziti-tunnel/CMakeLists.txt b/lib/ziti-tunnel/CMakeLists.txt index 9adb3d285..a34f80def 100644 --- a/lib/ziti-tunnel/CMakeLists.txt +++ b/lib/ziti-tunnel/CMakeLists.txt @@ -35,6 +35,7 @@ set (LWIP_INCLUDE_DIRS include(${LWIP_DIR}/src/Filelists.cmake) target_sources(lwipcore PRIVATE ${lwip_sys_srcs} lwip/lwiphooks_ip6.c lwip/lwiphooks_ip4.c lwip/lwip_cloned_fns.c) +target_compile_definitions(lwipcore PUBLIC CMAKE_C_BYTE_ORDER=${CMAKE_C_BYTE_ORDER}) target_include_directories(ziti-tunnel-sdk-c PUBLIC ${LWIP_INCLUDE_DIRS} diff --git a/lib/ziti-tunnel/intercept.c b/lib/ziti-tunnel/intercept.c index 01eba6f72..c681253ec 100644 --- a/lib/ziti-tunnel/intercept.c +++ b/lib/ziti-tunnel/intercept.c @@ -108,7 +108,6 @@ const ziti_address *address_match(const ziti_address *addr, const address_list_t STAILQ_FOREACH(a, addresses, entries) { score = ziti_address_match(addr, &a->za); - TNL_LOG(VERBOSE, "ziti_address_match score %d", score); if (score < 0) continue; if (best_score == -1 || score < best_score) { best_score = score; diff --git a/lib/ziti-tunnel/lwip/lwipopts.h b/lib/ziti-tunnel/lwip/lwipopts.h index 06c1be933..4b4952c4f 100644 --- a/lib/ziti-tunnel/lwip/lwipopts.h +++ b/lib/ziti-tunnel/lwip/lwipopts.h @@ -60,6 +60,16 @@ #define LWIP_NO_UNISTD_H 1 #endif +#ifndef BYTE_ORDER +// make sure BYTE_ORDER is defined early, otherwise lwip sources will be compiled with inconsistent values. +#define BYTE_ORDER CMAKE_C_BYTE_ORDER // define BYTE_ORDER before including arch.h. the default is dumb. +#include "lwip/arch.h" // defines BIG_ENDIAN, etc + +#if (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) +#error "BYTE_ORDER is not defined" +#endif +#endif + // hooks #define LWIP_HOOK_FILENAME "lwiphooks.h" #define LWIP_HOOK_IP4_INPUT(pbuf, input_netif) ip4_input_hook((pbuf),(input_netif)) diff --git a/programs/ziti-edge-tunnel/include/model/dtos.h b/programs/ziti-edge-tunnel/include/model/dtos.h index cfdfccc71..d42f81388 100644 --- a/programs/ziti-edge-tunnel/include/model/dtos.h +++ b/programs/ziti-edge-tunnel/include/model/dtos.h @@ -73,6 +73,10 @@ XX(Id, string, none, Id, __VA_ARGS__) \ XX(Timeout, int, none, Timeout, __VA_ARGS__) \ XX(TimeoutRemaining, int, none, TimeoutRemaining, __VA_ARGS__) +#define TUNNEL_SERVICE_PERMISSIONS(XX,...) \ +XX(Bind, bool, none, Bind, __VA_ARGS__) \ +XX(Dial, bool, none, Dial, __VA_ARGS__) + #define TUNNEL_SERVICE(XX, ...) \ XX(Id, string, none, Id, __VA_ARGS__) \ XX(Name, string, none, Name, __VA_ARGS__) \ @@ -83,7 +87,8 @@ XX(OwnsIntercept, bool, none, OwnsIntercept, __VA_ARGS__) \ XX(PostureChecks, tunnel_posture_check, array, PostureChecks, __VA_ARGS__) \ XX(IsAccessible, bool, none, IsAccessible, __VA_ARGS__) \ XX(Timeout, int, none, Timeout, __VA_ARGS__) \ -XX(TimeoutRemaining, int, none, TimeoutRemaining, __VA_ARGS__) +XX(TimeoutRemaining, int, none, TimeoutRemaining, __VA_ARGS__) \ +XX(Permissions, tunnel_service_permissions , none, Permissions, __VA_ARGS__) #define TUNNEL_STATUS(XX, ...) \ XX(Active, bool, none, Active, __VA_ARGS__) \ @@ -114,6 +119,7 @@ DECLARE_MODEL(tunnel_metrics, TUNNEL_METRICS) DECLARE_MODEL(tunnel_address, TUNNEL_ADDRESS) DECLARE_MODEL(tunnel_port_range, TUNNEL_PORT_RANGE) DECLARE_MODEL(tunnel_posture_check, TUNNEL_POSTURE_CHECK) +DECLARE_MODEL(tunnel_service_permissions, TUNNEL_SERVICE_PERMISSIONS) DECLARE_MODEL(tunnel_service, TUNNEL_SERVICE) DECLARE_MODEL(tunnel_identity, TUNNEL_IDENTITY) DECLARE_MODEL(ip_info, IP_INFO) diff --git a/programs/ziti-edge-tunnel/instance.c b/programs/ziti-edge-tunnel/instance.c index 06b685a82..9cde3652b 100644 --- a/programs/ziti-edge-tunnel/instance.c +++ b/programs/ziti-edge-tunnel/instance.c @@ -15,6 +15,7 @@ */ #include "model/dtos.h" +#include #include #include #include @@ -376,6 +377,8 @@ tunnel_service *get_tunnel_service(tunnel_identity* id, ziti_service* zs) { svc->Name = strdup(zs->name); svc->PostureChecks = NULL; svc->OwnsIntercept = true; + svc->Permissions.Bind = ziti_service_has_permission(zs, ziti_session_type_Bind); + svc->Permissions.Dial = ziti_service_has_permission(zs, ziti_session_type_Dial); setTunnelPostureDataTimeout(svc, zs); setTunnelServiceAddress(svc, zs); return svc; @@ -815,6 +818,7 @@ IMPL_MODEL(tunnel_metrics, TUNNEL_METRICS) IMPL_MODEL(tunnel_address, TUNNEL_ADDRESS) IMPL_MODEL(tunnel_port_range, TUNNEL_PORT_RANGE) IMPL_MODEL(tunnel_posture_check, TUNNEL_POSTURE_CHECK) +IMPL_MODEL(tunnel_service_permissions, TUNNEL_SERVICE_PERMISSIONS) IMPL_MODEL(tunnel_service, TUNNEL_SERVICE) IMPL_MODEL(tunnel_status, TUNNEL_STATUS) IMPL_MODEL(ip_info, IP_INFO) diff --git a/programs/ziti-edge-tunnel/netif_driver/linux/resolvers.c b/programs/ziti-edge-tunnel/netif_driver/linux/resolvers.c index 688efae08..66a98a5c8 100644 --- a/programs/ziti-edge-tunnel/netif_driver/linux/resolvers.c +++ b/programs/ziti-edge-tunnel/netif_driver/linux/resolvers.c @@ -49,6 +49,7 @@ static int (*sd_booted_f)(void); static int (*sd_bus_call_f)(sd_bus *bus, sd_bus_message *m, uint64_t usec, sd_bus_error *ret_error, sd_bus_message **reply); static int (*sd_bus_call_method_f)(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, sd_bus_message **reply, const char *types, ...); static void (*sd_bus_error_free_f)(sd_bus_error *e); +static int (*sd_bus_error_has_name_f)(const sd_bus_error *e, const char *name); static int (*sd_bus_error_set_errno_f)(sd_bus_error *e, int error); static sd_bus *(*sd_bus_flush_close_unref_f)(sd_bus *bus); static int (*sd_bus_get_property_f)(sd_bus *bus, const char *destination, const char *path, const char *interface, const char *member, sd_bus_error *ret_error, sd_bus_message **reply, const char *type); @@ -69,6 +70,7 @@ static void init_libsystemd() { TRY_DL(uv_dlsym(&libsystemd_h, "sd_bus_call", (void **) &sd_bus_call_f)); TRY_DL(uv_dlsym(&libsystemd_h, "sd_bus_call_method", (void **) &sd_bus_call_method_f)); TRY_DL(uv_dlsym(&libsystemd_h, "sd_bus_error_free", (void **) &sd_bus_error_free_f)); + TRY_DL(uv_dlsym(&libsystemd_h, "sd_bus_error_has_name", (void **) &sd_bus_error_has_name_f)); TRY_DL(uv_dlsym(&libsystemd_h, "sd_bus_error_set_errno", (void **) &sd_bus_error_set_errno_f)); TRY_DL(uv_dlsym(&libsystemd_h, "sd_bus_flush_close_unref", (void **) &sd_bus_flush_close_unref_f)); TRY_DL(uv_dlsym(&libsystemd_h, "sd_bus_get_property", (void **) &sd_bus_get_property_f)); @@ -217,7 +219,7 @@ static int sd_bus_is_acquired_name(sd_bus *bus, const char* bus_name) { } if (found != 0) { - ZITI_LOG(TRACE, "systemd-resolved DBus name is NOT acquired"); + ZITI_LOG(DEBUG, "systemd-resolved DBus name is NOT acquired"); } return found; @@ -309,12 +311,18 @@ static bool set_systemd_resolved_link_setting(sd_bus *bus, const char* tun, cons va_end(ap); if (r < 0) { - ZITI_LOG(ERROR, "Failure in method invocation: %s for link: (%s): (%s, %s)", + if (sd_bus_error_has_name_f(&error, SD_BUS_ERROR_UNKNOWN_METHOD)) { + ZITI_LOG(WARN, "Attempted to call unknown method: %s for link: (%s)", + method, tun); + return true; + } + + ZITI_LOG(ERROR, "Failure calling method: %s for link: (%s): (%s, %s)", method, tun, error.name, error.message); return false; } - ZITI_LOG(DEBUG, "Success in method invocation: %s for link: (%s)", method, tun); + ZITI_LOG(DEBUG, "Success calling method: %s for link: (%s)", method, tun); return true; } @@ -339,8 +347,8 @@ bool try_libsystemd_resolver(void) { if ((r >= 0) && (sd_bus_is_bus_client_f(bus) > 0)) { ZITI_LOG(DEBUG, "Connected to system DBus"); r = sd_bus_is_acquired_name(bus, RESOLVED_DBUS_NAME); - if (r < 0) { - ZITI_LOG(ERROR, "Did not find DBus acquired bus name: %s. Falling back to legacy resolvers", RESOLVED_DBUS_NAME); + if (r != 0) { + ZITI_LOG(WARN, "libsystemd resolver unsuccessful. Falling back to legacy resolvers"); return false; } if (r == 0) { diff --git a/programs/ziti-edge-tunnel/netif_driver/linux/tun.c b/programs/ziti-edge-tunnel/netif_driver/linux/tun.c index 03adb3f23..bc86489a0 100644 --- a/programs/ziti-edge-tunnel/netif_driver/linux/tun.c +++ b/programs/ziti-edge-tunnel/netif_driver/linux/tun.c @@ -228,7 +228,7 @@ static void find_dns_updater() { } #endif if (is_executable(BUSCTL)) { - if (run_command_ex(false, BUSCTL " status %s &> /dev/null", RESOLVED_DBUS_NAME) == 0) { + if (run_command_ex(false, BUSCTL " status %s > /dev/null 2>&1", RESOLVED_DBUS_NAME) == 0) { if (is_executable(RESOLVECTL)) { dns_updater = dns_update_resolvectl; return; diff --git a/programs/ziti-edge-tunnel/windows/log_utils.c b/programs/ziti-edge-tunnel/windows/log_utils.c index 343932630..977fbaa6e 100644 --- a/programs/ziti-edge-tunnel/windows/log_utils.c +++ b/programs/ziti-edge-tunnel/windows/log_utils.c @@ -109,7 +109,7 @@ void flush_log(uv_check_t *handle) { if (handle->data) { struct tm *orig_time = handle->data; - if (orig_time->tm_mday < tm->tm_mday) { + if (orig_time->tm_mday < tm->tm_mday || orig_time->tm_mon < tm->tm_mon || orig_time->tm_year < tm->tm_year) { if (rotate_log()) { uv_async_t *ar = calloc(1, sizeof(uv_async_t)); uv_async_init(handle->loop, ar, update_symlink_async); diff --git a/programs/ziti-edge-tunnel/ziti-edge-tunnel.c b/programs/ziti-edge-tunnel/ziti-edge-tunnel.c index 7b0d9cb9a..adb608d3f 100644 --- a/programs/ziti-edge-tunnel/ziti-edge-tunnel.c +++ b/programs/ziti-edge-tunnel/ziti-edge-tunnel.c @@ -2304,7 +2304,7 @@ static int enable_mfa_opts(int argc, char *argv[]) { static int verify_mfa_opts(int argc, char *argv[]) { static struct option opts[] = { {"identity", required_argument, NULL, 'i'}, - {"code", required_argument, NULL, 'c'}, + {"authcode", required_argument, NULL, 'c'}, }; int c, option_index, errors = 0; optind = 0; @@ -2343,7 +2343,7 @@ static int verify_mfa_opts(int argc, char *argv[]) { static int remove_mfa_opts(int argc, char *argv[]) { static struct option opts[] = { {"identity", required_argument, NULL, 'i'}, - {"code", required_argument, NULL, 'c'}, + {"authcode", required_argument, NULL, 'c'}, }; int c, option_index, errors = 0; optind = 0; @@ -2382,7 +2382,7 @@ static int remove_mfa_opts(int argc, char *argv[]) { static int submit_mfa_opts(int argc, char *argv[]) { static struct option opts[] = { {"identity", required_argument, NULL, 'i'}, - {"code", required_argument, NULL, 'c'}, + {"authcode", required_argument, NULL, 'c'}, }; int c, option_index, errors = 0; optind = 0; @@ -2421,7 +2421,7 @@ static int submit_mfa_opts(int argc, char *argv[]) { static int generate_mfa_codes_opts(int argc, char *argv[]) { static struct option opts[] = { {"identity", required_argument, NULL, 'i'}, - {"code", required_argument, NULL, 'c'}, + {"authcode", required_argument, NULL, 'c'}, }; int c, option_index, errors = 0; optind = 0; @@ -2460,7 +2460,7 @@ static int generate_mfa_codes_opts(int argc, char *argv[]) { static int get_mfa_codes_opts(int argc, char *argv[]) { static struct option opts[] = { {"identity", required_argument, NULL, 'i'}, - {"code", required_argument, NULL, 'c'}, + {"authcode", required_argument, NULL, 'c'}, }; int c, option_index, errors = 0; optind = 0; diff --git a/toolchains/Linux-arm.cmake b/toolchains/Linux-arm.cmake index 1934d7c07..80ee2a3b3 100644 --- a/toolchains/Linux-arm.cmake +++ b/toolchains/Linux-arm.cmake @@ -10,3 +10,6 @@ set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY) +set(OPENSSL_ROOT_DIR /usr/lib/${triple}) +set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE arm) +set(CPACK_RPM_PACKAGE_ARCHITECTURE armv7l) diff --git a/toolchains/Linux-arm64.cmake b/toolchains/Linux-arm64.cmake index 6f8c9fb9b..055545c66 100644 --- a/toolchains/Linux-arm64.cmake +++ b/toolchains/Linux-arm64.cmake @@ -10,3 +10,6 @@ set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY) +set(OPENSSL_ROOT_DIR /usr/lib/${triple}) +set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE arm64) +set(CPACK_RPM_PACKAGE_ARCHITECTURE aarch64) diff --git a/toolchains/macOS-arm64.cmake b/toolchains/macOS-arm64.cmake new file mode 100644 index 000000000..962e4aaf5 --- /dev/null +++ b/toolchains/macOS-arm64.cmake @@ -0,0 +1,23 @@ +# build-macOS-arm64 + +set(CMAKE_SYSTEM_NAME Darwin) +set(CMAKE_SYSTEM_PROCESSOR arm64) + +set(ZITI_BUILD_TESTS OFF CACHE BOOL "" FORCE) + +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -arch arm64") +SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -arch arm64") + +# for libsodium +set(triple arm64-apple-macos11) +execute_process(COMMAND /usr/bin/xcrun -sdk macosx --show-sdk-path + OUTPUT_VARIABLE CMAKE_OSX_SYSROOT + OUTPUT_STRIP_TRAILING_WHITESPACE) + +set(ENV{CFLAGS} "-arch arm64 -isysroot ${CMAKE_OSX_SYSROOT}") +set(ENV{LDFLAGS} "-arch arm64 -isysroot ${CMAKE_OSX_SYSROOT}") + +set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) +set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) +set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) +set(CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY) \ No newline at end of file