diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml new file mode 100644 index 00000000..23228e11 --- /dev/null +++ b/.github/workflows/artifacts.yaml @@ -0,0 +1,267 @@ +name: binary artifacts + +permissions: + contents: read + +on: + push: + pull_request: + +jobs: + windows-binaries: + name: Windows (x86_64 MSVC) + runs-on: windows-2022 # x86_64 + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install stable Rust + uses: dtolnay/rust-toolchain@stable + + - name: Install cargo-c + env: + LINK: https://github.com/lu-zero/cargo-c/releases/latest/download + CARGO_C_FILE: cargo-c-windows-msvc.zip + run: | + curl -L "$env:LINK/$env:CARGO_C_FILE" -o cargo-c-windows-msvc.zip + powershell -Command "Expand-Archive -Path cargo-c-windows-msvc.zip -DestinationPath $env:USERPROFILE\\.cargo\\bin -Force" + + - name: Build rusts-ffi + run: | + cargo cinstall --locked --target x86_64-pc-windows-msvc --features cert_compression --release --prefix dist + + - name: Upload binaries + uses: actions/upload-artifact@v4 + with: + name: rustls-ffi-x86_64-windows + path: dist + + linux-binaries: + name: Linux (x86_64 GNU) + runs-on: ubuntu-20.04 # x86_64. Using older Ubuntu for greater GLIBC compat. + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install stable Rust + uses: dtolnay/rust-toolchain@stable + + - name: Install cargo-c + env: + LINK: https://github.com/lu-zero/cargo-c/releases/latest/download + CARGO_C_FILE: cargo-c-x86_64-unknown-linux-musl.tar.gz + run: | + curl -L $LINK/$CARGO_C_FILE | tar xz -C ~/.cargo/bin + + - name: Build rusts-ffi + # The Ubuntu 20.04 GCC is too old to build aws-lc. + # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189. + env: + CC: clang + CXX: clang + run: | + cargo cinstall --locked --target x86_64-unknown-linux-gnu --features cert_compression --release --prefix dist + + - name: Upload binaries + uses: actions/upload-artifact@v4 + with: + name: rustls-ffi-x86_64-linux-gnu + path: dist + + linux-deb: + name: Linux (x86-64 GNU Deb) + runs-on: ubuntu-20.04 # x86_64. Using older Ubuntu for greater GLIBC compat. + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install stable Rust + uses: dtolnay/rust-toolchain@stable + + - name: Install cargo-c + env: + LINK: https://github.com/lu-zero/cargo-c/releases/latest/download + CARGO_C_FILE: cargo-c-x86_64-unknown-linux-musl.tar.gz + run: | + curl -L $LINK/$CARGO_C_FILE | tar xz -C ~/.cargo/bin + + - name: Build deb + run: ./debian/build.sh + + - name: Upload deb + uses: actions/upload-artifact@v4 + with: + name: librustls_0.15.0_amd64.deb + path: librustls_0.15.0_amd64.deb + + macos-binaries: + name: MacOS (Arm64 and x86_64) + runs-on: macos-14 # arm64. + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install stable Rust + uses: dtolnay/rust-toolchain@stable + with: + # Install both the arm64 and x86_64 targets. + targets: aarch64-apple-darwin, x86_64-apple-darwin + + - name: Install cargo-c + env: + LINK: https://github.com/lu-zero/cargo-c/releases/latest/download + CARGO_C_FILE: cargo-c-macos.zip + run: | + curl -L $LINK/$CARGO_C_FILE -o cargo-c-macos.zip + unzip cargo-c-macos.zip -d ~/.cargo/bin + + - name: Build rusts-ffi (arm64) + run: | + cargo cinstall --target aarch64-apple-darwin --locked --features cert_compression --release --prefix arm64-dist + + - name: Fix rpath (arm64) + run: | + install_name_tool -id @rpath/librustls.dylib arm64-dist/lib/librustls.dylib + + - name: Upload binaries (arm64) + uses: actions/upload-artifact@v4 + with: + name: rustls-ffi-arm64-macos + path: arm64-dist + + - name: Build rusts-ffi (x86_64) + run: | + cargo cinstall --target x86_64-apple-darwin --locked --features cert_compression --release --prefix x86-dist + + - name: Fix rpath (x86_64) + run: | + install_name_tool -id @rpath/librustls.dylib x86-dist/lib/librustls.dylib + + - name: Upload binaries (x86_64) + uses: actions/upload-artifact@v4 + with: + name: rustls-ffi-x86_64-macos + path: x86-dist + + test-archives: + name: "Test (${{ matrix.os }})" + runs-on: ${{ matrix.os }} + needs: [ windows-binaries, linux-binaries, macos-binaries ] + strategy: + matrix: + include: + - os: windows-latest + artifact: rustls-ffi-x86_64-windows + - os: ubuntu-latest + artifact: rustls-ffi-x86_64-linux-gnu + - os: macos-14 + artifact: rustls-ffi-arm64-macos + - os: macos-13 + artifact: rustls-ffi-x86_64-macos + steps: + - name: Checkout rustls-ffi-test sources + uses: actions/checkout@v4 + with: + repository: 'cpu/rustls-ffi-test' + - name: Download rustls-ffi artifact + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.artifact }} + path: ${{ matrix.artifact }} + # .pc files aren't relocatable. We need to update the prefix to point to + # the correct location that we extracted the archive. This seems more reliable + # than using `--define-prefix` - it seems to tack an extra 'lib/' subcomponent + # onto the include path that breaks the build. + - name: Fix pkg-config prefix + # We use bash shell explicitly to avoid PowerShell on Windows and to ensure we have 'sed'. + shell: bash + # For further fun, sed isn't consistent between macOS and Linux. + run: | + case "${{ runner.os }}" in + "macOS") + sed -i '' "s|prefix=.*|prefix=${{ matrix.artifact }}|" ${{ matrix.artifact }}/lib/pkgconfig/rustls.pc + ;; + *) + sed -i "s|prefix=.*|prefix=${{ matrix.artifact }}|" ${{ matrix.artifact }}/lib/pkgconfig/rustls.pc + ;; + esac + # Dump out what pkg-config says about the rustls package. + - name: Debug pkg-config + run: | + pkg-config --cflags rustls + pkg-config --libs rustls + env: + PKG_CONFIG_PATH: ${{ matrix.artifact }}/lib/pkgconfig + # Set up the cmake build, overriding PKG_CONFIG_PATH to + # point to the extracted rustls-ffi archive. + - name: Setup cmake build (UNIX) + if: matrix.os != 'windows-latest' + env: + PKG_CONFIG_PATH: ${{ matrix.artifact }}/lib/pkgconfig + run: cmake -S . -B build -DCMAKE_BUILD_TYPE=Release + # Set up the cmake build, overriding PKG_CONFIG_PATH to + # point to the extracted rustls-ffi archive. + # + # For Windows cmake needs some help finding the strawberry perl pkg-config + # that's installed in the runner's PATH. + - name: Setup cmake build (Windows) + if: matrix.os == 'windows-latest' + env: + PKG_CONFIG_PATH: ${{ matrix.artifact }}/lib/pkgconfig + run: cmake -DPKG_CONFIG_EXECUTABLE=C:\Strawberry\perl\bin\pkg-config.bat -S . -B build + # Build the rustls-ffi-test binary. + - name: Build rustls-ffi-test (UNIX) + if: matrix.os != 'windows-latest' + run: cmake --build build -v + # Build the rustls-ffi-test binary. + # On Windows we need to specify a configuration to avoid a warning about using the default + # debug MSCRT runtime with a lib built with the release MSCRT runtime. + - name: Build rustls-ffi-test (Windows) + if: matrix.os == 'windows-latest' + run: cmake --build build --config Release -v + # Run the rustls-ffi-test binary. + - name: Run rustls-ffi-test (UNIX) + if: matrix.os != 'windows-latest' + run: ./build/rustls-ffi-test + # Run the rustls-ffi-test binary. + # On Windows it's in a different output location under build. + - name: Run rustls-ffi-test (Windows) + if: matrix.os == 'windows-latest' + run: ./build/Release/rustls-ffi-test.exe + + test-deb: + name: "Test Linux Deb (${{ matrix.os }})" + runs-on: ${{ matrix.os }} + needs: [ linux-deb ] + strategy: + matrix: + os: [ ubuntu-latest, ubuntu-20.04 ] + steps: + - name: Checkout rustls-ffi-test sources + uses: actions/checkout@v4 + with: + repository: 'cpu/rustls-ffi-test' + - name: Download rustls-ffi deb artifact + uses: actions/download-artifact@v4 + with: + name: librustls_0.15.0_amd64.deb + - name: Install deb + run: sudo dpkg --install ./librustls_0.15.0_amd64.deb + # Dump out what pkg-config says about the rustls package. + - name: Debug pkg-config + run: | + pkg-config --cflags rustls + pkg-config --libs rustls + # Set up the cmake build, no pkg-config ENV overrides needed. + - name: Setup cmake build + run: cmake -S . -B build -DCMAKE_BUILD_TYPE=Release + # Build the rustls-ffi-test binary. + - name: Build rustls-ffi-test + run: cmake --build build -v + # Run the rustls-ffi-test binary. + - name: Run rustls-ffi-test + run: ./build/rustls-ffi-test diff --git a/.gitignore b/.gitignore index b675f021..cdb92b1e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ librustls/cmake-build* .idea .venv .vs +debian/usr +debian/DEBIAN diff --git a/debian/build.sh b/debian/build.sh new file mode 100755 index 00000000..0ffd12ae --- /dev/null +++ b/debian/build.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +set -eu +set -x + +cd "$(dirname "$0")" + +VERSION=$(sed -n 's/^version = "\(.*\)"$/\1/p' ../librustls/Cargo.toml) +if [ -z "$VERSION" ]; then + echo "Failed to extract version from Cargo.toml" >&2 + exit 1 +fi + +PACKAGE="librustls" +ARCH="amd64" +DIST_DIR="/tmp/dist" +DEB_ROOT="/tmp/deb" + +CC=clang CXX=clang cargo cinstall --locked --features cert_compression --release --prefix "${DIST_DIR}" + +mkdir -p "${DEB_ROOT}/usr/"{lib,include} +mkdir -p "${DEB_ROOT}/DEBIAN" + +cp -r "${DIST_DIR}/lib/"* "${DEB_ROOT}/usr/lib/" +cp -r "${DIST_DIR}/include/"* "${DEB_ROOT}/usr/include/" + +sed -i "s|prefix=.*|prefix=/usr|" "${DEB_ROOT}/usr/lib/x86_64-linux-gnu/pkgconfig/rustls.pc" + +cat > "${DEB_ROOT}/DEBIAN/control" << EOF +Package: ${PACKAGE} +Version: ${VERSION} +Architecture: ${ARCH} +Maintainer: Daniel McCarney +Description: FFI bindings for the Rustls TLS library +Section: libs +Depends: libc6 +Priority: optional +EOF + +cat > "${DEB_ROOT}/DEBIAN/postinst" << EOF +#!/bin/sh +set -e +ldconfig +EOF +chmod 755 "${DEB_ROOT}/DEBIAN/postinst" + +cd .. +dpkg-deb --build ${DEB_ROOT} "${PACKAGE}_${VERSION}_${ARCH}.deb"