Don't trust defaults, compile everything!

I hate yaml, I truely do.
nichtsfrei · Jun 1, 2023 · f70d3d9 · f70d3d9
1 parent 756fb6c
commit f70d3d9
Show file tree

Hide file tree

Showing 6 changed files with 120 additions and 66 deletions.
diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile
@@ -36,13 +36,13 @@ RUN apt-get update && apt-get install --no-install-recommends --no-install-sugge
   libroken18-heimdal \
   libhdb9-heimdal \
   libpopt0 \
-  zlib1g-dev \
+  zlib1g\
   && rm -rf /var/lib/apt/lists/*
 COPY .docker/openvas.conf /etc/openvas/
 # must be pre built within the rust dir and moved to the bin dir
 # usually this image is created within in a ci ensuring that the
 # binary is available.
-COPY bin/nasl-cli/$TARGETPLATFORM/nasl-cli /usr/local/bin/nasl-cli
+COPY assets/nasl-cli-$TARGETPLATFORM /usr/local/bin/nasl-cli
 RUN chmod a+x /usr/local/bin/nasl-cli
 COPY --from=build /install/ /
 COPY --from=openvas-smb /usr/local/lib/ /usr/local/lib/

diff --git a/.github/workflows/build-rust.yml b/.github/workflows/build-rust.yml
@@ -0,0 +1,60 @@
+name: "rs-build"
+
+on: [workflow_call] 
+
+
+# This job builds the targets for x86_64 as well as aarch64. It is intented to 
+# be included in the other jobs by calling:
+# ```
+# jobs:
+#   name:
+#     uses: ./.github/workflows/build-rust.yml
+# ```
+#
+# It saves the binaris:
+# - nasl-cli
+# - feed-verofier
+#
+# as rs-binaries.
+#
+jobs:
+  build:
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: actions/checkout@v3
+      # create branch of version
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            rust/target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+      - run: rustup update stable && rustup default stable
+        # ignore failing install, it may already be installed
+      - run: cargo install cross || true
+      - run: CROSS_CONFIG=Cross.toml cross -v build --release --target aarch64-unknown-linux-gnu
+        working-directory: rust
+      - run: CROSS_CONFIG=Cross.toml cross build --release --target x86_64-unknown-linux-gnu
+        working-directory: rust
+      - name: "patch for debian stable"
+        working-directory: rust
+        run: |
+          find . -type f -name "nasl-cli"
+          patchelf --replace-needed libpcap.so.1 libpcap.so.0.8 target/aarch64-unknown-linux-gnu/release/nasl-cli
+          patchelf --replace-needed libpcap.so.1 libpcap.so.0.8 target/x86_64-unknown-linux-gnu/release/nasl-cli
+          patchelf --replace-needed libz.so libz.so.1 target/aarch64-unknown-linux-gnu/release/nasl-cli
+          patchelf --replace-needed libz.so libz.so.1 target/x86_64-unknown-linux-gnu/release/nasl-cli
+      - run: mkdir assets/
+      - run: mv rust/target/aarch64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-aarch64-unknown-linux-gnu
+      - run: mv rust/target/x86_64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-x86_64-unknown-linux-gnu
+      - run: mv rust/target/aarch64-unknown-linux-gnu/release/feed-verifier assets/feed-verifier-aarch64-unknown-linux-gnu
+      - run: mv rust/target/x86_64-unknown-linux-gnu/release/feed-verifier assets/feed-verifier-x86_64-unknown-linux-gnu
+      - name: archive
+        uses: actions/upload-artifact@v3
+        with:
+          name: rs-binaries
+          path: assets/*
+          retention-days: 1
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
@@ -10,39 +10,13 @@ on:
   repository_dispatch:
 
 jobs:
-  nasl-cli-release:
-    runs-on:
-     - ubuntu-latest
-    defaults:
-      run:
-        working-directory: rust
-    steps:
-      # install rustup
-      - uses: actions/checkout@v3
-      - run: rustup update stable && rustup default stable
-      # This command will attempt to install 'cross', but if it's already
-      # installed due to caching, it will do nothing and proceed without error.
-      - run: cargo install cross || true
-      - run: CROSS_CONFIG=Cross.toml cross -v build --release --target aarch64-unknown-linux-gnu
-      - run: CROSS_CONFIG=Cross.toml cross build --release --target x86_64-unknown-linux-gnu
-      - name: "patch for debian stable"
-        run: |
-          patchelf --replace-needed libpcap.so.1 libpcap.so.0.8 target/aarch64-unknown-linux-gnu/release/nasl-cli
-      - name: archive nasl-cli aarch64-unknown-linux-gnu
-        uses: actions/upload-artifact@v3
-        with:
-          name: nasl-cli-aarch64
-          path: rust/target/aarch64-unknown-linux-gnu/release/nasl-cli
-          retention-days: 1
-      - name: archive nasl-cli x86_64-unknown-linux-gnu
-        uses: actions/upload-artifact@v3
-        with:
-          name: nasl-cli-amd64
-          path: rust/target/x86_64-unknown-linux-gnu/release/nasl-cli
-          retention-days: 1
+  rs-build-binaries:
+    needs: calculate_version
+    uses: ./.github/workflows/build-rust.yml
+
   production-image:
     runs-on: ubuntu-latest
-    needs: [nasl-cli-release]
+    needs: [rs-build-binaries]
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -100,14 +74,13 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - uses: actions/download-artifact@v3
         with:
-          name: nasl-cli-amd64
-          path: bin/nasl-cli/linux/amd64
-      - uses: actions/download-artifact@v3
-        with:
-          name: nasl-cli-aarch64
-          path: bin/nasl-cli/linux/arm64
+          name: rs-binaries
+          path: assets
+      - run: mv assets/nasl-cli-aarch64-unknown-linux-gnu assets/nasl-cli-aarch64
+      - run: mv assets/nasl-cli-x86_64-unknown-linux-gnu assets/nasl-cli-amd64
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -112,10 +112,16 @@ jobs:
           echo "release_ref=$RELEASE_REF" >> "$GITHUB_OUTPUT"
           echo "project=$(echo "${{ github.repository }}" | sed 's/.*\///' )" >> "$GITHUB_OUTPUT"
 
+  build-binaries:
+    needs: calculate_version
+    uses: ./.github/workflows/build-rust.yml
+
 
   release:
     name: release
-    needs: calculate_version
+    needs: 
+      - build-binaries
+      - calculate_version
     runs-on: "ubuntu-latest"
     env:
       RELEASE_KIND: ${{needs.calculate_version.outputs.release_kind}}
@@ -160,32 +166,10 @@ jobs:
             git commit -m "Automated commit: change version from ${{ env.LATEST_VERSION }} -> ${{ env.NEW_VERSION }}"
             git push origin ${{ env.RELEASE_REF }}
           fi
-
-      - uses: actions/cache@v3
+      - uses: actions/download-artifact@v3
         with:
-          path: |
-            ~/.cargo/bin/
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            rust/target/
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - run: rustup update stable && rustup default stable
-        # ignore failing install, it may already be installed
-      - run: cargo install cross || true
-      - run: CROSS_CONFIG=Cross.toml cross -v build --release --target aarch64-unknown-linux-gnu
-        working-directory: rust
-      - run: CROSS_CONFIG=Cross.toml cross build --release --target x86_64-unknown-linux-gnu
-        working-directory: rust
-      - name: "patch for debian stable"
-        working-directory: rust
-        run: |
-          find . -type f -name "nasl-cli"
-          patchelf --replace-needed libpcap.so.1 libpcap.so.0.8 target/aarch64-unknown-linux-gnu/release/nasl-cli
-      - run: mkdir assets/
-      - run: mv rust/target/aarch64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-aarch64-unknown-linux-gnu
-      - run: mv rust/target/x86_64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-x86_64-unknown-linux-gnu
-
+          name: rs-binaries
+          path: assets
       - uses: greenbone/actions/setup-pontos@v2
       - name: release ${{ env.PROJECT }} ${{ env.LATEST_VERSION }} -> ${{ env.NEW_VERSION }}
         run: |

diff --git a/.github/workflows/rustification.yaml b/.github/workflows/rustification.yaml
@@ -72,6 +72,7 @@ jobs:
           - nasl-cli
     steps:
       - uses: actions/checkout@v3
+  # TODO separate those into own job
   releases:
     runs-on:
      - ubuntu-20.04

diff --git a/rust/cross.Dockerfile b/rust/cross.Dockerfile
@@ -1,4 +1,40 @@
 ARG CROSS_BASE_IMAGE
 FROM $CROSS_BASE_IMAGE
 RUN apt-get update && apt-get install -y \
-  libpcap-dev libssh-dev zlib1g-dev
+  bison \
+  flex \
+  curl \
+  zlib1g-dev
+RUN curl -o /tmp/pcap.tar.gz https://www.tcpdump.org/release/libpcap-1.10.3.tar.gz
+WORKDIR /tmp
+RUN tar xvf pcap.tar.gz
+RUN ls -las
+WORKDIR /tmp/libpcap-1.10.3
+ENV CC=x86_64-linux-gnu-gcc
+ENV CFLAGS='-Os'
+RUN ./configure --host=x86_64-unknown-linux-gnu --with-pcap=linux
+RUN cat config.log
+RUN make install
+
+RUN curl --output /tmp/zlib.tar.gz https://www.zlib.net/zlib-1.2.13.tar.gz
+WORKDIR /tmp
+RUN tar xvf zlib.tar.gz
+WORKDIR /tmp/zlib-1.2.13
+ENV CC=x86_64-linux-gnu-gcc
+ENV CHOST=amd64
+RUN ./configure
+RUN make install
+RUN ldconfig
+
+RUN curl -o /tmp/openssl.tar.gz https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz
+WORKDIR /tmp
+RUN tar xvf openssl.tar.gz
+RUN ls -las
+WORKDIR /tmp/openssl-1.1.1
+ENV CC=x86_64-linux-gnu-gcc
+ENV CFLAGS='-Os'
+RUN ./Configure linux-x86_64 --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
+ENV LD_LIBRARY_PATH=/usr/local/ssl/lib:${LD_LIBRARY_PATH}
+RUN ldconfig
+RUN make install
+ENV PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig:${PKG_CONFIG_PATH}