From: cat æscling <11325618-aescling@users.noreply.gitlab.com>
Date: Sat, 29 Jul 2023 18:15:25 +0000 (-0400)
Subject: Add build script for runtime dependencies
X-Git-Tag: v1.0.0~8
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=33ff31f31b063a3eaf1d7bc99a542d72b12dc373;p=httpd-execline.git

Add build script for runtime dependencies

This eases deployment considerably. CI is much more feasible now

* Fix 9base Makefile
---

diff --git a/dependencies/9base/Makefile b/dependencies/9base/Makefile
deleted file mode 100644
index e62b297..0000000
--- a/dependencies/9base/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-# Minimally edited 9base Makefile for httpd.execline
-
-# config.mk builds static binaries by default
-include config.mk
-
-SUBDIRS  = lib9\
-        read\
-        tr\
-        urlencode
-
-all:
-        @echo 9base build options:
-        @echo "CFLAGS   = ${CFLAGS}"
-        @echo "LDFLAGS  = ${LDFLAGS}"
-        @echo "CC       = ${CC}"
-        @chmod 755 yacc/9yacc
-        @for i in ${SUBDIRS}; do cd $$i; ${MAKE} || exit; cd ..; done;
-
-clean:
-        @for i in ${SUBDIRS}; do cd $$i; ${MAKE} clean || exit; cd ..; done
-        @rm -f 9base-${VERSION}.tar.gz
-        @echo cleaned 9base
-
-install: all
-        @for i in ${SUBDIRS}; do cd $$i; ${MAKE} install || exit; cd ..; done
-        @echo installed 9base to ${DESTDIR}${PREFIX}
-
-uninstall:
-        @for i in ${SUBDIRS}; do cd $$i; ${MAKE} uninstall || exit; cd ..; done
-        @echo uninstalled 9base
-
-dist: clean
-        @mkdir -p 9base-${VERSION}
-        @cp -R Makefile README LICENSE std.mk yacc.mk config.mk ${SUBDIRS} 9base-${VERSION}
-        @tar -cf 9base-${VERSION}.tar 9base-${VERSION}
-        @gzip 9base-${VERSION}.tar
-        @rm -rf 9base-${VERSION}
-        @echo created distribution 9base-${VERSION}.tar.gz
diff --git a/dependencies/README.md b/dependencies/README.md
index 1a734b2..b20f580 100644
--- a/dependencies/README.md
+++ b/dependencies/README.md
@@ -1,10 +1,29 @@
-Build configurations for httpd.execline userland dependencies
-
+Build configurations for httpd.execline userland dependencies, and a build
+script to ease deployment
 ## contents
 
-+ `9base/Makefile`: mimimally necessary plan 9 userland for httpd.execline,
++ `_9base/Makefile`: mimimally necessary plan 9 userland for httpd.execline,
   and also tr(1)
-+ `toybox`: minimal toybox `.config` files for httpd.execline
++ `_toybox`: minimal toybox `.config` files for httpd.execline
     - for a static build, run `LDFLAGS=' -static' make`
     - `toybox/.config`: truly minimal
-    - `toybox.config.with-tr`: also builds tr(1), which is pending
\ No newline at end of file
+    - `toybox.config.with-tr`: also builds tr(1), which is pending
++ `build.sh`: build httpd.execline runtime requirements and a TLS server to run
+    under
+    - installs statically linked binaries into `./_build/bin`
+        - builds latest releases
+            - exepct 9base, which builds at current git
+        - WARNING: toybox build on glibc warns that glibc is needed at runtime
+        - NOTE: s6-applyuidgid is needed before chroot; install accordingly
+        - NOTE: s6-networking binaries are needed before chroot; install
+            accordingly
+            - this build script uses BearSSL for TLS support
+            - WARNING: s6-tlsserver is overly lax with allowed TLS protocols
+                and ciphers
+        - WARNING: the resulting binaries are not particularly hardended
+    - `build-in-musl-chroot.sh`: prepare a musl chroot, and build musl-linked
+        binaries in there
+        - requires linux
+        - if you are not on an x86_64 architecture, supply your architecture as
+            an argument to the script
+        - installs statically-linked binaries in `./xbps/_root/_build/bin`
\ No newline at end of file
diff --git a/dependencies/_9base/Makefile b/dependencies/_9base/Makefile
new file mode 100644
index 0000000..aa23eef
--- /dev/null
+++ b/dependencies/_9base/Makefile
@@ -0,0 +1,38 @@
+# Minimally edited 9base Makefile for httpd.execline
+
+# config.mk builds static binaries by default
+include config.mk
+
+SUBDIRS  = lib9\
+	read\
+	tr\
+	urlencode
+
+all:
+	@echo 9base build options:
+	@echo "CFLAGS   = ${CFLAGS}"
+	@echo "LDFLAGS  = ${LDFLAGS}"
+	@echo "CC       = ${CC}"
+	@chmod 755 yacc/9yacc
+	@for i in ${SUBDIRS}; do cd $$i; ${MAKE} || exit; cd ..; done;
+
+clean:
+	@for i in ${SUBDIRS}; do cd $$i; ${MAKE} clean || exit; cd ..; done
+	@rm -f 9base-${VERSION}.tar.gz
+	@echo cleaned 9base
+
+install: all
+	@for i in ${SUBDIRS}; do cd $$i; ${MAKE} install || exit; cd ..; done
+	@echo installed 9base to ${DESTDIR}${PREFIX}
+
+uninstall:
+	@for i in ${SUBDIRS}; do cd $$i; ${MAKE} uninstall || exit; cd ..; done
+	@echo uninstalled 9base
+
+dist: clean
+	@mkdir -p 9base-${VERSION}
+	@cp -R Makefile README LICENSE std.mk yacc.mk config.mk ${SUBDIRS} 9base-${VERSION}
+	@tar -cf 9base-${VERSION}.tar 9base-${VERSION}
+	@gzip 9base-${VERSION}.tar
+	@rm -rf 9base-${VERSION}
+	@echo created distribution 9base-${VERSION}.tar.gz
diff --git a/dependencies/toybox/.config b/dependencies/_toybox/.config
similarity index 100%
rename from dependencies/toybox/.config
rename to dependencies/_toybox/.config
diff --git a/dependencies/toybox/.config.with-tr b/dependencies/_toybox/.config.with-tr
similarity index 100%
rename from dependencies/toybox/.config.with-tr
rename to dependencies/_toybox/.config.with-tr
diff --git a/dependencies/build-in-musl-chroot.sh b/dependencies/build-in-musl-chroot.sh
new file mode 100644
index 0000000..bb58036
--- /dev/null
+++ b/dependencies/build-in-musl-chroot.sh
@@ -0,0 +1,44 @@
+#!/bin/sh -x
+
+ARCH=${1:-x86_64}
+if [ "x${ARCH}" = aarch64 ]
+then
+	XBPS_REPOSITORY=https://repo-default.voidlinux.org/current/aarch64
+else
+	XBPS_REPOSITORY=https://repo-default.voidlinux.org/current/musl
+fi
+XBPS_STATIC="https://repo-default.voidlinux.org/static/xbps-static-latest.${ARCH}-musl.tar.xz"
+CHROOT=xbps/_root
+
+for D in /var/db/xbps/keys /etc /proc /sys /dev /run;
+do
+	mkdir -p ${CHROOT}${D}
+done
+cp -Lr /etc/hosts /etc/resolv.conf ${CHROOT}/etc
+cp -r build.sh _9base _toybox ${CHROOT}
+
+(
+	cd xbps
+	curl -Ss "${XBPS_STATIC}" | unxz -c | tar -xf -
+)
+XBPS_ARCH=${ARCH}-musl ./xbps/usr/bin/xbps-install -y -S -r ${CHROOT} \
+       	-R ${XBPS_REPOSITORY} \
+		base-voidstrap base-devel git
+
+unmount() {
+	for D in /proc /sys /dev /run
+	do
+		umount ${CHROOT}${D}
+	done
+}
+# TODO: this behavior is strange
+trap unmount INT TERM EXIT
+
+mount -t proc none ${CHROOT}/proc
+mount -t sysfs none ${CHROOT}/sys
+mount --rbind /dev ${CHROOT}/dev
+mount --rbind /run ${CHROOT}/run
+
+chroot ${CHROOT} /build.sh
+
+unmount
diff --git a/dependencies/build.sh b/dependencies/build.sh
new file mode 100644
index 0000000..fac9109
--- /dev/null
+++ b/dependencies/build.sh
@@ -0,0 +1,68 @@
+#!/bin/sh -xe
+
+_PWD="$(pwd)"
+PREFIX=${_PWD}/_build
+[ -d ${PREFIX} ] || mkdir ${PREFIX}
+
+SKARNET=git://git.skarnet.org
+SKALIBS=${SKARNET}/skalibs
+EXECLINE=${SKARNET}/execline
+S6_PORTABLE_UTILS=${SKARNET}/s6-portable-utils
+S6=${SKARNET}/s6 # required for s6-networking; and s6-applyuidgid, which is run BEFORE chrooting
+S6_DNS=${SKARNET}/s6-dns # required for s6-networking
+BEARSSL=https://www.bearssl.org/git/BearSSL # optionally required for TLS support in s6-networking
+S6_NETWORKING=${SKARNET}/s6-networking
+TOYBOX=https://landley.net/toybox/git
+_9BASE=https://git.suckless.org/9base
+
+latest() {
+	git describe --tags --abbrev=0
+}
+
+build() {
+	case "${1}" in
+		"9base")
+			git checkout master # inelegant
+			cp -f ${_PWD}/_9base/Makefile .
+			make PREFIX=${PREFIX} install
+			;;
+		git) # toybox
+			cp -f ${_PWD}/_toybox/.config .
+			LDFLAGS=" -static" PREFIX=${PREFIX}/bin make install_flat
+			;;
+		BearSSL)
+			make
+			;;
+		s6-networking)
+			./configure --enable-static-libc --disable-shared --enable-ssl=bearssl --with-include=${_PWD}/BearSSL/inc --with-lib=${_PWD}/BearSSL/build --prefix=${PREFIX} --with-include=${PREFIX}/include --with-lib=${PREFIX}/lib --with-lib=${PREFIX}/lib/skalibs --with-lib=${PREFIX}/lib/s6-dns --with-lib=${PREFIX}/lib/s6
+			make install
+			;;
+		s6)
+			./configure --enable-static-libc --disable-shared --prefix=${PREFIX} --with-include=${PREFIX}/include --with-lib=${PREFIX}/lib --with-lib=${PREFIX}/lib/skalibs --with-lib=${PREFIX}/lib/execline
+			make install
+			;;
+		*)
+			./configure --enable-static-libc --disable-shared --prefix=${PREFIX} --with-include=${PREFIX}/include --with-lib=${PREFIX}/lib --with-lib=${PREFIX}/lib/skalibs
+			make install
+			;;
+	esac
+}
+
+
+for URL in ${SKALIBS} ${EXECLINE} ${S6} ${S6_PORTABLE_UTILS} ${S6_DNS} ${BEARSSL} ${S6_NETWORKING} ${TOYBOX} ${_9BASE}
+do
+	(
+		PACKAGE="${URL##*/}"
+		if ! git -C ${PACKAGE} status
+		then
+			git clone ${URL}
+			cd ${PACKAGE}
+		else
+			cd ${PACKAGE}
+			git fetch
+		fi
+		git checkout "$(latest)"
+		build ${PACKAGE}
+	)
+
+done