diff --git a/.docker/prod.Dockerfile b/.docker/prod.Dockerfile index e0c859b3b..a092e2cf0 100644 --- a/.docker/prod.Dockerfile +++ b/.docker/prod.Dockerfile @@ -36,13 +36,13 @@ RUN apt-get update && apt-get install --no-install-recommends --no-install-sugge libroken18-heimdal \ libhdb9-heimdal \ libpopt0 \ - zlib1g-dev \ + zlib1g\ && rm -rf /var/lib/apt/lists/* COPY .docker/openvas.conf /etc/openvas/ # must be pre built within the rust dir and moved to the bin dir # usually this image is created within in a ci ensuring that the # binary is available. -COPY bin/nasl-cli/$TARGETPLATFORM/nasl-cli /usr/local/bin/nasl-cli +COPY assets/nasl-cli-$TARGETPLATFORM /usr/local/bin/nasl-cli RUN chmod a+x /usr/local/bin/nasl-cli COPY --from=build /install/ / COPY --from=openvas-smb /usr/local/lib/ /usr/local/lib/ diff --git a/.github/workflows/build-rust.yml b/.github/workflows/build-rust.yml new file mode 100644 index 000000000..2158631d9 --- /dev/null +++ b/.github/workflows/build-rust.yml @@ -0,0 +1,60 @@ +name: "rs-build" + +on: [workflow_call] + + +# This job builds the targets for x86_64 as well as aarch64. It is intented to +# be included in the other jobs by calling: +# ``` +# jobs: +# name: +# uses: ./.github/workflows/build-rust.yml +# ``` +# +# It saves the binaris: +# - nasl-cli +# - feed-verofier +# +# as rs-binaries. +# +jobs: + build: + runs-on: "ubuntu-latest" + steps: + - uses: actions/checkout@v3 + # create branch of version + - uses: actions/cache@v3 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + rust/target/ + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + - run: rustup update stable && rustup default stable + # ignore failing install, it may already be installed + - run: cargo install cross || true + - run: CROSS_CONFIG=Cross.toml cross -v build --release --target aarch64-unknown-linux-gnu + working-directory: rust + - run: CROSS_CONFIG=Cross.toml cross build --release --target x86_64-unknown-linux-gnu + working-directory: rust + - name: "patch for debian stable" + working-directory: rust + run: | + find . -type f -name "nasl-cli" + patchelf --replace-needed libpcap.so.1 libpcap.so.0.8 target/aarch64-unknown-linux-gnu/release/nasl-cli + patchelf --replace-needed libpcap.so.1 libpcap.so.0.8 target/x86_64-unknown-linux-gnu/release/nasl-cli + patchelf --replace-needed libz.so libz.so.1 target/aarch64-unknown-linux-gnu/release/nasl-cli + patchelf --replace-needed libz.so libz.so.1 target/x86_64-unknown-linux-gnu/release/nasl-cli + - run: mkdir assets/ + - run: mv rust/target/aarch64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-aarch64-unknown-linux-gnu + - run: mv rust/target/x86_64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-x86_64-unknown-linux-gnu + - run: mv rust/target/aarch64-unknown-linux-gnu/release/feed-verifier assets/feed-verifier-aarch64-unknown-linux-gnu + - run: mv rust/target/x86_64-unknown-linux-gnu/release/feed-verifier assets/feed-verifier-x86_64-unknown-linux-gnu + - name: archive + uses: actions/upload-artifact@v3 + with: + name: rs-binaries + path: assets/* + retention-days: 1 diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 3da96a280..bd094ab8a 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -10,39 +10,13 @@ on: repository_dispatch: jobs: - nasl-cli-release: - runs-on: - - ubuntu-latest - defaults: - run: - working-directory: rust - steps: - # install rustup - - uses: actions/checkout@v3 - - run: rustup update stable && rustup default stable - # This command will attempt to install 'cross', but if it's already - # installed due to caching, it will do nothing and proceed without error. - - run: cargo install cross || true - - run: CROSS_CONFIG=Cross.toml cross -v build --release --target aarch64-unknown-linux-gnu - - run: CROSS_CONFIG=Cross.toml cross build --release --target x86_64-unknown-linux-gnu - - name: "patch for debian stable" - run: | - patchelf --replace-needed libpcap.so.1 libpcap.so.0.8 target/aarch64-unknown-linux-gnu/release/nasl-cli - - name: archive nasl-cli aarch64-unknown-linux-gnu - uses: actions/upload-artifact@v3 - with: - name: nasl-cli-aarch64 - path: rust/target/aarch64-unknown-linux-gnu/release/nasl-cli - retention-days: 1 - - name: archive nasl-cli x86_64-unknown-linux-gnu - uses: actions/upload-artifact@v3 - with: - name: nasl-cli-amd64 - path: rust/target/x86_64-unknown-linux-gnu/release/nasl-cli - retention-days: 1 + rs-build-binaries: + needs: calculate_version + uses: ./.github/workflows/build-rust.yml + production-image: runs-on: ubuntu-latest - needs: [nasl-cli-release] + needs: [rs-build-binaries] steps: - name: Checkout uses: actions/checkout@v3 @@ -100,14 +74,13 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: actions/download-artifact@v3 with: - name: nasl-cli-amd64 - path: bin/nasl-cli/linux/amd64 - - uses: actions/download-artifact@v3 - with: - name: nasl-cli-aarch64 - path: bin/nasl-cli/linux/arm64 + name: rs-binaries + path: assets + - run: mv assets/nasl-cli-aarch64-unknown-linux-gnu assets/nasl-cli-aarch64 + - run: mv assets/nasl-cli-x86_64-unknown-linux-gnu assets/nasl-cli-amd64 - name: Set up QEMU uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1b657c44d..d8939766a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -112,10 +112,16 @@ jobs: echo "release_ref=$RELEASE_REF" >> "$GITHUB_OUTPUT" echo "project=$(echo "${{ github.repository }}" | sed 's/.*\///' )" >> "$GITHUB_OUTPUT" + build-binaries: + needs: calculate_version + uses: ./.github/workflows/build-rust.yml + release: name: release - needs: calculate_version + needs: + - build-binaries + - calculate_version runs-on: "ubuntu-latest" env: RELEASE_KIND: ${{needs.calculate_version.outputs.release_kind}} @@ -160,32 +166,10 @@ jobs: git commit -m "Automated commit: change version from ${{ env.LATEST_VERSION }} -> ${{ env.NEW_VERSION }}" git push origin ${{ env.RELEASE_REF }} fi - - - uses: actions/cache@v3 + - uses: actions/download-artifact@v3 with: - path: | - ~/.cargo/bin/ - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - rust/target/ - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - - run: rustup update stable && rustup default stable - # ignore failing install, it may already be installed - - run: cargo install cross || true - - run: CROSS_CONFIG=Cross.toml cross -v build --release --target aarch64-unknown-linux-gnu - working-directory: rust - - run: CROSS_CONFIG=Cross.toml cross build --release --target x86_64-unknown-linux-gnu - working-directory: rust - - name: "patch for debian stable" - working-directory: rust - run: | - find . -type f -name "nasl-cli" - patchelf --replace-needed libpcap.so.1 libpcap.so.0.8 target/aarch64-unknown-linux-gnu/release/nasl-cli - - run: mkdir assets/ - - run: mv rust/target/aarch64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-aarch64-unknown-linux-gnu - - run: mv rust/target/x86_64-unknown-linux-gnu/release/nasl-cli assets/nasl-cli-x86_64-unknown-linux-gnu - + name: rs-binaries + path: assets - uses: greenbone/actions/setup-pontos@v2 - name: release ${{ env.PROJECT }} ${{ env.LATEST_VERSION }} -> ${{ env.NEW_VERSION }} run: | diff --git a/.github/workflows/rustification.yaml b/.github/workflows/rustification.yaml index 3afeeb6ce..92a8508de 100644 --- a/.github/workflows/rustification.yaml +++ b/.github/workflows/rustification.yaml @@ -72,6 +72,7 @@ jobs: - nasl-cli steps: - uses: actions/checkout@v3 + # TODO separate those into own job releases: runs-on: - ubuntu-20.04 diff --git a/rust/cross.Dockerfile b/rust/cross.Dockerfile index 5f6cd9204..4c6e068df 100644 --- a/rust/cross.Dockerfile +++ b/rust/cross.Dockerfile @@ -1,4 +1,40 @@ ARG CROSS_BASE_IMAGE FROM $CROSS_BASE_IMAGE RUN apt-get update && apt-get install -y \ - libpcap-dev libssh-dev zlib1g-dev + bison \ + flex \ + curl \ + zlib1g-dev +RUN curl -o /tmp/pcap.tar.gz https://www.tcpdump.org/release/libpcap-1.10.3.tar.gz +WORKDIR /tmp +RUN tar xvf pcap.tar.gz +RUN ls -las +WORKDIR /tmp/libpcap-1.10.3 +ENV CC=x86_64-linux-gnu-gcc +ENV CFLAGS='-Os' +RUN ./configure --host=x86_64-unknown-linux-gnu --with-pcap=linux +RUN cat config.log +RUN make install + +RUN curl --output /tmp/zlib.tar.gz https://www.zlib.net/zlib-1.2.13.tar.gz +WORKDIR /tmp +RUN tar xvf zlib.tar.gz +WORKDIR /tmp/zlib-1.2.13 +ENV CC=x86_64-linux-gnu-gcc +ENV CHOST=amd64 +RUN ./configure +RUN make install +RUN ldconfig + +RUN curl -o /tmp/openssl.tar.gz https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz +WORKDIR /tmp +RUN tar xvf openssl.tar.gz +RUN ls -las +WORKDIR /tmp/openssl-1.1.1 +ENV CC=x86_64-linux-gnu-gcc +ENV CFLAGS='-Os' +RUN ./Configure linux-x86_64 --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib +ENV LD_LIBRARY_PATH=/usr/local/ssl/lib:${LD_LIBRARY_PATH} +RUN ldconfig +RUN make install +ENV PKG_CONFIG_PATH=/usr/local/ssl/lib/pkgconfig:${PKG_CONFIG_PATH}