diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 6ce3298..1eedf56 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -22,20 +22,15 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 - - name: Test build script for darwin-amd64 + - name: Test build script for darwin-amd64 - libgit2-all run: | - TARGET_DIR=${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64 \ - BUILD_ROOT_DIR=${GITHUB_WORKSPACE}/libgit2/build/amd \ - ./hack/static.sh all + make dev-test + rm -rf ${GITHUB_WORKSPACE}/build rm -rf ${GITHUB_WORKSPACE}/libgit2 env: MACOSX_DEPLOYMENT_TARGET: 10.15 - - name: Test cross compile script for darwin-arm64 + - name: Test build script for darwin-amd64 - libgit2-only run: | - TARGET_DIR=${GITHUB_WORKSPACE}/build/libgit2-darwin-arm64 \ - BUILD_ROOT_DIR=${GITHUB_WORKSPACE}/libgit2/build/arm \ - TARGET_ARCH=arm64 \ - CMAKE_APPLE_SILICON_PROCESSOR=arm64 \ - ./hack/static.sh all + LIBGIT2_ONLY=true make dev-test env: MACOSX_DEPLOYMENT_TARGET: 10.15 @@ -83,24 +78,37 @@ jobs: restore-keys: | ${{ runner.os }}-buildx-ghcache- - run: cat ./hack/static.sh - - name: Build candidate image - id: build_candidate + - name: Build candidate image - libgit2 compiled with libssh2 and openssl + id: build_candidate_libgit2_all uses: docker/build-push-action@v2 with: context: . file: Dockerfile platforms: ${{ env.PLATFORMS }} push: true - tags: localhost:5000/${{ github.repository_owner }}/golang-with-libgit2:latest + tags: localhost:5000/${{ github.repository_owner }}/golang-with-libgit2-all:latest cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max - - name: Inspect candidate image + - name: Build candidate image - libgit2 only + id: build_candidate_libgti2_only + uses: docker/build-push-action@v2 + with: + context: . + file: Dockerfile.libgit2-only + platforms: ${{ env.PLATFORMS }} + push: true + tags: localhost:5000/${{ github.repository_owner }}/golang-with-libgit2-only:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + - name: Inspect candidate images run: | - docker buildx imagetools inspect localhost:5000/${{ github.repository_owner }}/golang-with-libgit2:latest - - name: Test candidate image + docker buildx imagetools inspect localhost:5000/${{ github.repository_owner }}/golang-with-libgit2-all:latest + docker buildx imagetools inspect localhost:5000/${{ github.repository_owner }}/golang-with-libgit2-only:latest + - name: Test candidate images id: test_candidate run: | - IMG=localhost:5000/${{ github.repository_owner }}/golang-with-libgit2 make test + IMG=localhost:5000/${{ github.repository_owner }}/golang-with-libgit2-all make test + IMG=localhost:5000/${{ github.repository_owner }}/golang-with-libgit2-only LIBGIT2_ONLY=true make test - # Temp fix # https://github.com/docker/build-push-action/issues/252 # https://github.com/moby/buildkit/issues/1896 @@ -115,21 +123,21 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Compose release candidate metadata - id: meta + - name: Compose release candidate metadata - golang-with-libgit2-all + id: meta_libgit2_all uses: docker/metadata-action@v3 if: github.event_name != 'pull_request' with: images: | - ghcr.io/${{ github.repository_owner }}/golang-with-libgit2 + ghcr.io/${{ github.repository_owner }}/golang-with-libgit2-all tags: | type=schedule type=ref,event=branch type=ref,event=tag type=sha type=sha,format=long - - name: Release candidate image - id: release_candidate + - name: Release candidate image - golang-with-libgit2-all + id: release_candidate_libgit2_all if: github.event_name != 'pull_request' uses: docker/build-push-action@v2 with: @@ -140,3 +148,29 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache + + - name: Compose release candidate metadata - golang-with-libgit2-only + id: meta_libgit2_only + uses: docker/metadata-action@v3 + if: github.event_name != 'pull_request' + with: + images: | + ghcr.io/${{ github.repository_owner }}/golang-with-libgit2-only + tags: | + type=schedule + type=ref,event=branch + type=ref,event=tag + type=sha + type=sha,format=long + - name: Release candidate image - golang-with-libgit2-only + id: release_candidate_libgit2_only + if: github.event_name != 'pull_request' + uses: docker/build-push-action@v2 + with: + context: . + file: Dockerfile.libgit2-only + platforms: ${{ env.PLATFORMS }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b23c5ba..4ea8ac4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -48,28 +48,52 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 - - name: Build static libraries + - name: Build static libraries - libgit2 compiled with libssh2 and openssl run: | TARGET_DIR=${GITHUB_WORKSPACE}/build/libgit2-linux \ BUILD_ROOT_DIR=${GITHUB_WORKSPACE}/libgit2/build/amd \ ./hack/static.sh all - mkdir -p ./libgit2-linux/ - mv ${GITHUB_WORKSPACE}/build/libgit2-linux/include ./libgit2-linux/ - mv ${GITHUB_WORKSPACE}/build/libgit2-linux/share ./libgit2-linux/ - mv ${GITHUB_WORKSPACE}/build/libgit2-linux/lib ./libgit2-linux/ - mv ${GITHUB_WORKSPACE}/build/libgit2-linux/lib64 ./libgit2-linux/ + mkdir -p ./libgit2-linux-libgit2-all/ + mv ${GITHUB_WORKSPACE}/build/libgit2-linux/include ./libgit2-linux-libgit2-all/ + mv ${GITHUB_WORKSPACE}/build/libgit2-linux/share ./libgit2-linux-libgit2-all/ + mv ${GITHUB_WORKSPACE}/build/libgit2-linux/lib ./libgit2-linux-libgit2-all/ + mv ${GITHUB_WORKSPACE}/build/libgit2-linux/lib64 ./libgit2-linux-libgit2-all/ - tar -zcvf linux-x86_64-libs.tar.gz libgit2-linux + tar -zcvf linux-x86_64-libgit2-all-libs.tar.gz libgit2-linux-libgit2-all + rm -rf ${GITHUB_WORKSPACE}/build ${GITHUB_WORKSPACE}/libgit2 - name: Upload Release Asset - id: upload-release-asset + id: upload-release-asset-libgit2-all uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ github.token }} with: upload_url: ${{ needs.github_release.outputs.release_upload_url }} - asset_path: ./linux-x86_64-libs.tar.gz - asset_name: linux-x86_64-libs.tar.gz + asset_path: ./linux-x86_64-libgit2-all-libs.tar.gz + asset_name: linux-x86_64-libgit2-all-libs.tar.gz + asset_content_type: application/gzip + + - name: Build static libraries - libgit2 only + run: | + TARGET_DIR=${GITHUB_WORKSPACE}/build/libgit2-linux \ + BUILD_ROOT_DIR=${GITHUB_WORKSPACE}/libgit2/build/amd \ + ./hack/static.sh build_libgit2_only + + mkdir -p ./libgit2-linux-libgit2-only/ + mv ${GITHUB_WORKSPACE}/build/libgit2-linux/include ./libgit2-linux-libgit2-only/ + mv ${GITHUB_WORKSPACE}/build/libgit2-linux/lib ./libgit2-linux-libgit2-only/ + + tar -zcvf linux-x86_64-libgit2-only-lib.tar.gz libgit2-linux-libgit2-only + rm -rf ${GITHUB_WORKSPACE}/build ${GITHUB_WORKSPACE}/libgit2 + - name: Upload Release Asset + id: upload-release-asset-libgit2-only + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + upload_url: ${{ needs.github_release.outputs.release_upload_url }} + asset_path: ./linux-x86_64-libgit2-only-lib.tar.gz + asset_name: linux-x86_64-libgit2-only-lib.tar.gz asset_content_type: application/gzip darwin-release: @@ -88,7 +112,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 - - name: Build universal static libraries for Darwin + - name: Build universal static libraries for Darwin - libgit2 compiled with libssh2 and openssl run: | TARGET_DIR=${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64 \ BUILD_ROOT_DIR=${GITHUB_WORKSPACE}/libgit2/build/amd \ @@ -100,40 +124,80 @@ jobs: CMAKE_APPLE_SILICON_PROCESSOR=arm64 \ ./hack/static.sh all - mkdir -p ./libgit2-darwin/lib - mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/include ./libgit2-darwin/ - mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/share ./libgit2-darwin/ - mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/cmake ./libgit2-darwin/lib/ - mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/engines-3 ./libgit2-darwin/lib/ - mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/ossl-modules ./libgit2-darwin/lib/ - mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/pkgconfig ./libgit2-darwin/lib/ + mkdir -p ./libgit2-darwin-libgit2-all/lib + mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/include ./libgit2-darwin-libgit2-all/ + mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/share ./libgit2-darwin-libgit2-all/ + mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/cmake ./libgit2-darwin-libgt2-all/lib/ + mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/engines-3 ./libgit2-darwin-libgit2-all/lib/ + mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/ossl-modules ./libgit2-darwin-libgit2-all/lib/ + mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/pkgconfig ./libgit2-darwin-libgit2-all/lib/ - libtool -static -o ./libgit2-darwin/lib/libcrypto.a \ + libtool -static -o ./libgit2-darwin-libgit2-all/lib/libcrypto.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/libcrypto.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-arm64/lib/libcrypto.a - libtool -static -o ./libgit2-darwin/lib/libgit2.a \ + + libtool -static -o ./libgit2-darwin-libgit2-all/lib/libgit2.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/libgit2.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-arm64/lib/libgit2.a - libtool -static -o ./libgit2-darwin/lib/libssh2.a \ + + libtool -static -o ./libgit2-darwin-libgit2-all/lib/libssh2.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/libssh2.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-arm64/lib/libssh2.a - libtool -static -o ./libgit2-darwin/lib/libssl.a \ + + libtool -static -o ./libgit2-darwin-libgit2-all/lib/libssl.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/libssl.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-arm64/lib/libssl.a - libtool -static -o ./libgit2-darwin/lib/libz.a \ + + libtool -static -o ./libgit2-darwin-libgit2-all/lib/libz.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/libz.a \ ${GITHUB_WORKSPACE}/build/libgit2-darwin-arm64/lib/libz.a - tar -zcvf darwin-libs.tar.gz libgit2-darwin + tar -zcvf darwin-libgit2-all-libs.tar.gz libgit2-darwin-libgit2-all + rm -rf ${GITHUB_WORKSPACE}/build ${GITHUB_WORKSPACE}/libgit2 + env: + MACOSX_DEPLOYMENT_TARGET: 10.15 + - name: Upload Release Asset + id: upload-release-asset-libgit2-all + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + upload_url: ${{ needs.github_release.outputs.release_upload_url }} + asset_path: ./darwin-libgit2-all-libs.tar.gz + asset_name: darwin-libgit2-all-libs.tar.gz + asset_content_type: application/gzip + + - name: Build universal static libraries for Darwin - libgit2 only + run: | + TARGET_DIR=${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64 \ + BUILD_ROOT_DIR=${GITHUB_WORKSPACE}/libgit2/build/amd \ + ./hack/static.sh build_libgit2_only + + TARGET_DIR=${GITHUB_WORKSPACE}/build/libgit2-darwin-arm64 \ + BUILD_ROOT_DIR=${GITHUB_WORKSPACE}/libgit2/build/arm \ + TARGET_ARCH=arm64 \ + CMAKE_APPLE_SILICON_PROCESSOR=arm64 \ + ./hack/static.sh build_libgit2_only + + mkdir -p ./libgit2-darwin-libgit2-only + mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/include ./libgit2-darwin-libgit2-only/ + mv ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib ./libgit2-darwin-libgit2-only/ + + libtool -static -o ./libgit2-darwin-libgit2-only/lib/libgit2.a \ + ${GITHUB_WORKSPACE}/build/libgit2-darwin-amd64/lib/libgit2.a \ + ${GITHUB_WORKSPACE}/build/libgit2-darwin-arm64/lib/libgit2.a + + tar -zcvf darwin-libs-libgit2-only.tar.gz libgit2-darwin-libgit2-only + rm -rf ${GITHUB_WORKSPACE}/build ${GITHUB_WORKSPACE}/libgit2 env: MACOSX_DEPLOYMENT_TARGET: 10.15 - name: Upload Release Asset - id: upload-release-asset + id: upload-release-asset-libgit2-only uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ github.token }} with: upload_url: ${{ needs.github_release.outputs.release_upload_url }} - asset_path: ./darwin-libs.tar.gz - asset_name: darwin-libs.tar.gz + asset_path: ./darwin-libs-libgit2-only.tar.gz + asset_name: darwin-libs-libgit2-only.tar.gz asset_content_type: application/gzip diff --git a/Dockerfile.libgit2-only b/Dockerfile.libgit2-only new file mode 100644 index 0000000..8491430 --- /dev/null +++ b/Dockerfile.libgit2-only @@ -0,0 +1,66 @@ +# This Dockerfile tests the hack/Makefile output against git2go. +ARG BASE_VARIANT=alpine +ARG GO_VERSION=1.17 +ARG XX_VERSION=1.1.0 + +FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx + +FROM --platform=$BUILDPLATFORM ${BASE_VARIANT} AS build-base + +RUN apk add --no-cache \ + bash \ + curl \ + build-base \ + linux-headers \ + perl \ + cmake \ + pkgconfig \ + gcc \ + musl-dev \ + clang \ + lld + +COPY --from=xx / / + +FROM build-base AS build-cross + +ARG TARGETPLATFORM + +RUN xx-apk add --no-cache \ + build-base \ + pkgconfig \ + gcc \ + musl-dev \ + clang \ + lld \ + llvm \ + linux-headers + +WORKDIR /build +COPY hack/static.sh . + +ENV CC=xx-clang +ENV CXX=xx-clang++ + +RUN ./static.sh build_libgit2_only + +# trimmed removes all non necessary files (i.e. openssl binary). +FROM build-cross AS trimmed + +ARG TARGETPLATFORM +RUN mkdir -p /trimmed/usr/local/$(xx-info triple)/ && \ + mkdir -p /trimmed/usr/local/$(xx-info triple)/share + +RUN cp -r /usr/local/$(xx-info triple)/lib/ /trimmed/usr/local/$(xx-info triple)/ && \ + cp -r /usr/local/$(xx-info triple)/include/ /trimmed/usr/local/$(xx-info triple)/ + +FROM scratch as libs-arm64 +COPY --from=trimmed /trimmed/ / + +FROM scratch as libs-amd64 +COPY --from=trimmed /trimmed/ / + +FROM scratch as libs-armv7 +COPY --from=trimmed /trimmed/ / + +FROM libs-$TARGETARCH$TARGETVARIANT as libs diff --git a/Dockerfile.test b/Dockerfile.test index 23fb2b7..1c62fab 100644 --- a/Dockerfile.test +++ b/Dockerfile.test @@ -57,7 +57,6 @@ RUN export LIBRARY_PATH="/usr/local/$(xx-info triple)/lib:/usr/local/$(xx-info t RUN ./static.sh build_libssh2 RUN ./static.sh build_libgit2 - # trimmed removes all non necessary files (i.e. openssl binary). FROM build-cross AS trimmed diff --git a/Dockerfile.test-libgit2-only b/Dockerfile.test-libgit2-only new file mode 100644 index 0000000..abf4e9f --- /dev/null +++ b/Dockerfile.test-libgit2-only @@ -0,0 +1,132 @@ +# This Dockerfile tests the hack/Makefile output against git2go. +ARG BASE_VARIANT=alpine +ARG GO_VERSION=1.17 +ARG XX_VERSION=1.1.0 + +FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx + +FROM --platform=$BUILDPLATFORM ${BASE_VARIANT} AS build-base + +RUN apk add --no-cache \ + bash \ + curl \ + build-base \ + linux-headers \ + perl \ + cmake \ + pkgconfig \ + gcc \ + musl-dev \ + clang \ + lld + +COPY --from=xx / / + +FROM build-base AS build-cross + +ARG TARGETPLATFORM + +RUN xx-apk add --no-cache \ + build-base \ + pkgconfig \ + gcc \ + musl-dev \ + clang \ + lld \ + llvm \ + linux-headers + +WORKDIR /build +COPY hack/static.sh . + +ENV CC=xx-clang +ENV CXX=xx-clang++ + +RUN ./static.sh build_libgit2_only + +# trimmed removes all non necessary files (i.e. openssl binary). +FROM build-cross AS trimmed + +ARG TARGETPLATFORM +RUN mkdir -p /trimmed/usr/local/$(xx-info triple)/ && \ + mkdir -p /trimmed/usr/local/$(xx-info triple)/share + +RUN cp -r /usr/local/$(xx-info triple)/lib/ /trimmed/usr/local/$(xx-info triple)/ && \ + cp -r /usr/local/$(xx-info triple)/include/ /trimmed/usr/local/$(xx-info triple)/ + +FROM scratch as libs-arm64 +COPY --from=trimmed /trimmed/ / + +FROM scratch as libs-amd64 +COPY --from=trimmed /trimmed/ / + +FROM scratch as libs-armv7 +COPY --from=trimmed /trimmed/ / + +FROM libs-$TARGETARCH$TARGETVARIANT as libs + +# Everything above this line is a copy from Dockefile. + +FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} as gostable + +FROM gostable AS go-linux + +# Build-base consists of build platform dependencies and xx. +# These will be used at current arch to yield execute the cross compilations. +FROM go-${TARGETOS} AS go-base + +RUN apk add clang lld pkgconfig + +COPY --from=xx / / + +# build-go-mod can still be cached at build platform architecture. +FROM go-base as build-go-mod + +WORKDIR /root/smoketest +COPY tests/smoketest/go.mod . +COPY tests/smoketest/go.sum . +RUN go mod download + +# Build stage install per target platform +# dependency and effectively cross compile the application. +FROM build-go-mod as build + +ARG TARGETPLATFORM + +# Some dependencies have to installed +# for the target platform: https://github.com/tonistiigi/xx#go--cgo +RUN xx-apk add musl-dev gcc clang lld + +WORKDIR /root/smoketest + +COPY tests/smoketest/main.go . +COPY --from=libs /usr/local/ /usr/local/ + +ENV CGO_ENABLED=1 +RUN export LIBRARY_PATH="/usr/local/$(xx-info triple)" && \ + export PKG_CONFIG_PATH="/usr/local/$(xx-info triple)/lib/pkgconfig" && \ + export FLAGS="$(pkg-config --static --libs --cflags libgit2)" && \ + export CGO_LDFLAGS="${FLAGS} -static" && \ + xx-go build \ + -ldflags "-s -w" \ + -tags 'netgo,osusergo,static_build' \ + -o static-test-runner -trimpath main.go + + +# Ensure that the generated binary is valid for the target platform +RUN xx-verify --static static-test-runner + +# This can be deployed into a gcr.io/distroless/static, however +# the alpine has been chosen so it can run the static application +# using the `RUN` statement. +FROM ${BASE_VARIANT} + +RUN apk add git + +WORKDIR /root/smoketest +COPY --from=build \ + /root/smoketest/static-test-runner . + +ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt + +RUN /root/smoketest/static-test-runner diff --git a/Makefile b/Makefile index d99ede8..e70884b 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,13 @@ -IMG ?= ghcr.io/fluxcd/golang-with-libgit2 TAG ?= latest +ifeq ($(LIBGIT2_ONLY),true) + IMG ?= ghcr.io/fluxcd/golang-with-libgit2-only + DOCKERFILE ?= Dockerfile.libgit2-only +else + IMG ?= ghcr.io/fluxcd/golang-with-libgit2-all + DOCKERFILE ?= Dockerfile +endif + PLATFORMS ?= linux/amd64,linux/arm/v7,linux/arm64 BUILD_ARGS ?= @@ -13,17 +20,17 @@ LIBGIT2_LIB_PATH := $(LIBGIT2_PATH)/lib LIBGIT2_LIB64_PATH := $(LIBGIT2_PATH)/lib64 LIBGIT2 := $(LIBGIT2_LIB_PATH)/libgit2.a MUSL-CC = +LIBGIT2_ONLY ?= export CGO_ENABLED=1 export LIBRARY_PATH=$(LIBGIT2_LIB_PATH):$(LIBGIT2_LIB64_PATH) export PKG_CONFIG_PATH=$(LIBGIT2_LIB_PATH)/pkgconfig:$(LIBGIT2_LIB64_PATH)/pkgconfig export CGO_CFLAGS=-I$(LIBGIT2_PATH)/include - ifeq ($(shell uname -s),Linux) export CGO_LDFLAGS=$(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) pkg-config --libs --static --cflags libssh2 openssl libgit2) -static else - export CGO_LDFLAGS=$(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) pkg-config --libs --static --cflags libssh2 openssl libgit2) -Wl,--unresolved-symbols=ignore-in-object-files -Wl,-allow-shlib-undefined -static + export CGO_LDFLAGS=$(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) pkg-config --libs --static --cflags libgit2) endif ifeq ($(shell uname -s),Linux) @@ -36,13 +43,12 @@ endif GO_STATIC_FLAGS=-tags 'netgo,osusergo,static_build' - .PHONY: build build: docker buildx build \ --platform=$(PLATFORMS) \ --tag $(IMG):$(TAG) \ - --file Dockerfile \ + --file $(DOCKERFILE) \ $(BUILD_ARGS) . .PHONY: test @@ -52,12 +58,12 @@ test: --tag $(IMG):$(TAG)-test \ --build-arg LIBGIT2_IMG=$(IMG) \ --build-arg LIBGIT2_TAG=$(TAG) \ - --file Dockerfile.test \ + --file $(DOCKERFILE) \ $(BUILD_ARGS) . .PHONY: builder builder: -# create local builder + # create local builder docker buildx create --name local-builder \ --platform $(PLATFORMS) \ --driver-opt network=host \ @@ -65,14 +71,18 @@ builder: --driver-opt env.BUILDKIT_STEP_LOG_MAX_SPEED=5000000000000 \ --buildkitd-flags '--allow-insecure-entitlement security.insecure' \ --use -# install qemu emulators + # install qemu emulators docker run -it --rm --privileged tonistiigi/binfmt --install all - $(LIBGIT2): $(MUSL-CC) ifeq ($(shell uname -s),Darwin) +ifeq ($(LIBGIT2_ONLY),true) + TARGET_DIR=$(TARGET_DIR) BUILD_ROOT_DIR=$(BUILD_ROOT_DIR) \ + ./hack/static.sh build_libgit2_only +else TARGET_DIR=$(TARGET_DIR) BUILD_ROOT_DIR=$(BUILD_ROOT_DIR) \ ./hack/static.sh all +endif else IMG_TAG=$(IMG):$(TAG) ./hack/extract-libraries.sh endif diff --git a/hack/static.sh b/hack/static.sh index 3d90e63..a5492a7 100755 --- a/hack/static.sh +++ b/hack/static.sh @@ -188,6 +188,44 @@ function build_libgit2(){ popd } +function build_libgit2_only(){ + download_source "${LIBGIT2_URL}" "${SRC_DIR}/libgit2" + + pushd "${SRC_DIR}/libgit2" + + mkdir -p build + + pushd build + + # Set osx arch only when cross compiling on darwin + if [[ $OSTYPE == darwin* ]] && [ ! "${TARGET_ARCH}" = "$(uname -m)" ]; then + CMAKE_PARAMS=-DCMAKE_OSX_ARCHITECTURES="${TARGET_ARCH}" + fi + + cmake "${CMAKE_PARAMS}" \ + -DCMAKE_C_COMPILER="${C_COMPILER}" \ + -DCMAKE_INSTALL_PREFIX="${TARGET_DIR}" \ + -DTHREADSAFE:BOOL=ON \ + -DBUILD_CLAR:BOOL=OFF \ + -DBUILD_SHARED_LIBS=OFF \ + -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=ON \ + -DCMAKE_C_FLAGS=-fPIC \ + -DUSE_SSH:BOOL=OFF \ + -DHAVE_LIBSSH2_MEMORY_CREDENTIALS:BOOL=OFF \ + -DDEPRECATE_HARD:BOOL=ON \ + -DUSE_BUNDLED_ZLIB:BOOL=ON \ + -DUSE_HTTPS:STRING:BOOL=OFF \ + -DREGEX_BACKEND:STRING=builtin \ + -DCMAKE_BUILD_TYPE="RelWithDebInfo" \ + .. + + + cmake --build . --target install + + popd + popd +} + function all(){ build_libz build_openssl diff --git a/tests/smoketest/main.go b/tests/smoketest/main.go index b69389f..1badf0f 100644 --- a/tests/smoketest/main.go +++ b/tests/smoketest/main.go @@ -12,6 +12,10 @@ import ( "os" "path/filepath" "strings" + + "bytes" + "crypto/sha256" + "hash" "time" // git2go must be aligned with libgit2 version: @@ -25,6 +29,11 @@ import ( "golang.org/x/crypto/ssh/knownhosts" ) +const ( + TestUser = "test-user" + TestPass = "test-pass" +) + func main() { fmt.Println("Running tests...") testsDir, err := filepath.Abs("./build/tests") @@ -45,7 +54,16 @@ func main() { test("HTTPS clone with no options", filepath.Join(testsDir, "/https-clone-no-options"), httpRepoURL, - &git2go.CloneOptions{Bare: true}) + &git2go.CloneOptions{ + Bare: true, + FetchOptions: git2go.FetchOptions{ + RemoteCallbacks: git2go.RemoteCallbacks{ + CredentialsCallback: func(url string, username string, allowedTypes git2go.CredentialType) (*git2go.Credential, error) { + return git2go.NewCredentialUserpassPlaintext(TestUser, TestPass) + }, + }, + }, + }) if err := server.ListenSSH(); err != nil { panic(fmt.Errorf("listenSSH: %w", err)) @@ -80,7 +98,11 @@ func main() { FetchOptions: git2go.FetchOptions{ RemoteCallbacks: git2go.RemoteCallbacks{ CredentialsCallback: func(url string, username string, allowedTypes git2go.CredentialType) (*git2go.Credential, error) { - return git2go.NewCredentialSSHKeyFromMemory("git", string(rsa.PublicKey), string(rsa.PrivateKey), "") + signer, err := cryptossh.ParsePrivateKey(rsa.PrivateKey) + if err != nil { + return nil, err + } + return git2go.NewCredentialSSHKeyFromSigner("git", signer) }, CertificateCheckCallback: knownHostsCallback(u.Host, knownHosts), }, @@ -99,7 +121,11 @@ func main() { FetchOptions: git2go.FetchOptions{ RemoteCallbacks: git2go.RemoteCallbacks{ CredentialsCallback: func(url string, username string, allowedTypes git2go.CredentialType) (*git2go.Credential, error) { - return git2go.NewCredentialSSHKeyFromMemory("git", string(ed25519.PublicKey), string(ed25519.PrivateKey), "") + signer, err := cryptossh.ParsePrivateKey(ed25519.PrivateKey) + if err != nil { + return nil, err + } + return git2go.NewCredentialSSHKeyFromSigner("git", signer) }, CertificateCheckCallback: knownHostsCallback(u.Host, knownHosts), }, @@ -117,7 +143,7 @@ func createTestServer(repoPath string) *gittestserver.GitServer { } defer os.RemoveAll(server.Root()) - server.Auth("test-user", "test-pswd") + server.Auth(TestUser, TestPass) server.AutoCreate() server.KeyDir(filepath.Join(server.Root(), "keys")) @@ -242,20 +268,13 @@ func (k knownKey) matches(host string, hostkey git2go.HostkeyCertificate) bool { return false } - if hostkey.Kind&git2go.HostkeySHA256 > 0 { - knownFingerprint := cryptossh.FingerprintSHA256(k.key) - returnedFingerprint := cryptossh.FingerprintSHA256(hostkey.SSHPublicKey) - - fmt.Printf("known and found fingerprints:\n%q\n%q\n", - knownFingerprint, - returnedFingerprint) - if returnedFingerprint == knownFingerprint { - return true - } - } + var fingerprint []byte + var hasher hash.Hash - fmt.Println("host kind not supported") - return false + fingerprint = hostkey.HashSHA256[:] + hasher = sha256.New() + hasher.Write(k.key.Marshal()) + return bytes.Equal(hasher.Sum(nil), fingerprint) } func containsHost(hosts []string, host string) bool {