From c13c2c87434b1da6833aff54f09b32d6289cc7c3 Mon Sep 17 00:00:00 2001 From: Marco A L Barbosa Date: Thu, 15 Nov 2018 14:25:44 -0200 Subject: [PATCH 1/3] .travis.yml: build a static version of tectonic --- .travis.yml | 15 +++++++++++-- build-docker-image.sh | 5 +++++ docker/pkg-config-rs.sh | 23 +++++++++++++++++++ docker/x86_64-musl/Dockerfile | 42 +++++++++++++++++++++++++++++++++++ run-docker-image.sh | 5 +++++ 5 files changed, 88 insertions(+), 2 deletions(-) create mode 100755 build-docker-image.sh create mode 100755 docker/pkg-config-rs.sh create mode 100644 docker/x86_64-musl/Dockerfile create mode 100755 run-docker-image.sh diff --git a/.travis.yml b/.travis.yml index f2b1a1545..a2f406ebf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,6 +24,12 @@ matrix: - os: osx osx_image: xcode8.3 rust: stable + # static build + - os: linux + sudo: required + dist: xenial + rust: nightly + env: IMAGE=x86_64-musl allow_failures: - rust: nightly @@ -80,8 +86,13 @@ before_script: script: - | - cargo build --verbose && - cargo test + if [[ -z "$IMAGE" ]]; then + cargo build --verbose && + cargo test + else + ./build-docker-image.sh $IMAGE && + ./run-docker-image.sh $IMAGE + fi after_success: | if [[ "$TRAVIS_OS_NAME" == "linux" && "$TRAVIS_RUST_VERSION" == "stable" ]]; then diff --git a/build-docker-image.sh b/build-docker-image.sh new file mode 100755 index 000000000..1e4b44354 --- /dev/null +++ b/build-docker-image.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +image=$1 + +docker build -t $image docker/ -f docker/$image/Dockerfile diff --git a/docker/pkg-config-rs.sh b/docker/pkg-config-rs.sh new file mode 100755 index 000000000..a0bdd37a9 --- /dev/null +++ b/docker/pkg-config-rs.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +set -ex + +git clone --branch 0.3.14 https://github.com/alexcrichton/pkg-config-rs /pkg-config-rs + +# make pkg-config-rs allows static linking with system libraries +cd /pkg-config-rs +patch -p1 <<'EOF' +diff --git a/src/lib.rs b/src/lib.rs +index 88dd310..ffcd7ae 100644 +--- a/src/lib.rs ++++ b/src/lib.rs +@@ -547,7 +547,7 @@ fn is_static_available(name: &str, dirs: &[PathBuf]) -> bool { + }; + + dirs.iter().any(|dir| { +- !system_roots.iter().any(|sys| dir.starts_with(sys)) && ++ // !system_roots.iter().any(|sys| dir.starts_with(sys)) && + dir.join(&libname).exists() + }) + } +EOF diff --git a/docker/x86_64-musl/Dockerfile b/docker/x86_64-musl/Dockerfile new file mode 100644 index 000000000..62fd83382 --- /dev/null +++ b/docker/x86_64-musl/Dockerfile @@ -0,0 +1,42 @@ +FROM alpine:edge + +RUN apk update && \ + apk add \ + g++ \ + git \ + rust \ + cargo \ + fontconfig-dev \ + freetype-static \ + glib-static \ + graphite2-dev \ + graphite2-static \ + harfbuzz-dev \ + harfbuzz-static \ + icu-dev \ + icu-static \ + openssl-dev \ + zlib-dev + +ADD pkg-config-rs.sh / +RUN /pkg-config-rs.sh + +ENV PKG_CONFIG_ALL_STATIC=1 +ENV OPENSSL_STATIC=1 +ENV OPENSSL_DIR=/usr + +# cc-rs does not support static linking stdc++, +# so we omit linking information on build.rs by setting CXXSTDLIB='' +# and specify static linking in RUSTFLAGS +ENV CXXSTDLIB="" +ENV RUSTFLAGS="-L /usr/lib -l static=stdc++ -C target-feature=+crt-static" + +# use a patched pkg-config-rs to allow static linking with system libraries +# rename AES_cbc_encrypt to avoid name conflict with openssl +CMD cd /tectonic && \ + echo -e "[patch.crates-io]\npkg-config = { path = \"/pkg-config-rs\" }" >> Cargo.toml && \ + sed -i -e 's/AES_cbc_encrypt/AES_cbc_encrypt2/g' \ + ./tectonic/dpx-dpxcrypt.h \ + ./tectonic/dpx-pdfencrypt.c \ + ./tectonic/dpx-dpxcrypt.c && \ + cargo build --release diff --git a/run-docker-image.sh b/run-docker-image.sh new file mode 100755 index 000000000..fffea3e1b --- /dev/null +++ b/run-docker-image.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +image=$1 + +docker run -v $(pwd):/tectonic $image From 69b85c0c859998e1d0ec89d0168f5a4719e74625 Mon Sep 17 00:00:00 2001 From: Peter Williams Date: Tue, 20 Nov 2018 18:21:53 -0500 Subject: [PATCH 2/3] tectonic: rename AES_cbc_encrypt When linking statically on musl targets, this function clashes with a symbol in OpenSSL. So just rename it. --- tectonic/dpx-dpxcrypt.c | 8 ++++---- tectonic/dpx-dpxcrypt.h | 8 ++++---- tectonic/dpx-pdfencrypt.c | 14 +++++++------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/tectonic/dpx-dpxcrypt.c b/tectonic/dpx-dpxcrypt.c index 1d3e9eb89..cc4d357be 100644 --- a/tectonic/dpx-dpxcrypt.c +++ b/tectonic/dpx-dpxcrypt.c @@ -1228,10 +1228,10 @@ AES_ecb_encrypt (const unsigned char *key, size_t key_len, /* NULL iv means here "use random IV". */ void -AES_cbc_encrypt (const unsigned char *key, size_t key_len, - const unsigned char *iv, int padding, - const unsigned char *plain, size_t plain_len, - unsigned char **cipher, size_t *cipher_len) +AES_cbc_encrypt_tectonic (const unsigned char *key, size_t key_len, + const unsigned char *iv, int padding, + const unsigned char *plain, size_t plain_len, + unsigned char **cipher, size_t *cipher_len) { AES_CONTEXT *ctx, aes; const unsigned char *inptr; diff --git a/tectonic/dpx-dpxcrypt.h b/tectonic/dpx-dpxcrypt.h index 9e3985630..ec3916d5b 100644 --- a/tectonic/dpx-dpxcrypt.h +++ b/tectonic/dpx-dpxcrypt.h @@ -86,9 +86,9 @@ void AES_ecb_encrypt (const unsigned char *key, size_t key_len, const unsigned char *plain, size_t plain_len, unsigned char **cipher, size_t *cipher_len); -void AES_cbc_encrypt (const unsigned char *key, size_t key_len, - const unsigned char *iv, int padding, - const unsigned char *plain, size_t plain_len, - unsigned char **cipher, size_t *cipher_len); +void AES_cbc_encrypt_tectonic (const unsigned char *key, size_t key_len, + const unsigned char *iv, int padding, + const unsigned char *plain, size_t plain_len, + unsigned char **cipher, size_t *cipher_len); #endif /* _DPXCRYPT_H_ */ diff --git a/tectonic/dpx-pdfencrypt.c b/tectonic/dpx-pdfencrypt.c index 2d93ba9a8..65a90debb 100644 --- a/tectonic/dpx-pdfencrypt.c +++ b/tectonic/dpx-pdfencrypt.c @@ -325,7 +325,7 @@ compute_hash_V5 (unsigned char *hash, Kr = NEW(K1_len * 64, unsigned char); for (i = 0; i < 64; i++) memcpy(Kr + i * K1_len, K1, K1_len); - AES_cbc_encrypt(K, 16, K + 16, 0, Kr, K1_len * 64, &E, &E_len); + AES_cbc_encrypt_tectonic(K, 16, K + 16, 0, Kr, K1_len * 64, &E, &E_len); free(Kr); for (i = 0; i < 16; i++) @@ -392,7 +392,7 @@ compute_owner_password_V5 (struct pdf_sec *p, const char *oplain) compute_hash_V5(hash, oplain, ksalt, p->U, p->R); memset(iv, 0, AES_BLOCKSIZE); - AES_cbc_encrypt(hash, 32, iv, 0, p->key, p->key_size, &OE, &OE_len); + AES_cbc_encrypt_tectonic(hash, 32, iv, 0, p->key, p->key_size, &OE, &OE_len); memcpy(p->OE, OE, 32); free(OE); } @@ -417,7 +417,7 @@ compute_user_password_V5 (struct pdf_sec *p, const char *uplain) compute_hash_V5(hash, uplain, ksalt, NULL, p->R); memset(iv, 0, AES_BLOCKSIZE); - AES_cbc_encrypt(hash, 32, iv, 0, p->key, p->key_size, &UE, &UE_len); + AES_cbc_encrypt_tectonic(hash, 32, iv, 0, p->key, p->key_size, &UE, &UE_len); memcpy(p->UE, UE, 32); free(UE); } @@ -634,12 +634,12 @@ pdf_encrypt_data (const unsigned char *plain, size_t plain_len, break; case 4: calculate_key(p, key); - AES_cbc_encrypt(key, MIN(16, p->key_size + 5), NULL, 1, - plain, plain_len, cipher, cipher_len); + AES_cbc_encrypt_tectonic(key, MIN(16, p->key_size + 5), NULL, 1, + plain, plain_len, cipher, cipher_len); break; case 5: - AES_cbc_encrypt(p->key, p->key_size, NULL, 1, - plain, plain_len, cipher, cipher_len); + AES_cbc_encrypt_tectonic(p->key, p->key_size, NULL, 1, + plain, plain_len, cipher, cipher_len); break; default: _tt_abort("pdfencrypt: Unexpected V value: %d", p->V); From 4fcb5a3c99d2df57afe815801f0e7e80003f0ea2 Mon Sep 17 00:00:00 2001 From: Peter Williams Date: Tue, 20 Nov 2018 18:21:49 -0500 Subject: [PATCH 3/3] Some futzing with the `static-musl` branch - Don't bother with the Docker shell scripts, which were one-liners - docker/x86_musl => dist/docker/x86-alpine-linux-musl - The rename of AES_cbc_encrypt is now permanently applied - Run the test suite inside the static container - Add copyright/license headers - Move the pkg-config-rs patching script to the specific Docker directory - Add Cargo.toml note about tracking the correct version of pkg-config.rs --- .travis.yml | 6 +++--- Cargo.toml | 2 +- build-docker-image.sh | 5 ----- .../docker/x86_64-alpine-linux-musl}/Dockerfile | 14 +++++++------- .../x86_64-alpine-linux-musl}/pkg-config-rs.sh | 2 ++ run-docker-image.sh | 5 ----- 6 files changed, 13 insertions(+), 21 deletions(-) delete mode 100755 build-docker-image.sh rename {docker/x86_64-musl => dist/docker/x86_64-alpine-linux-musl}/Dockerfile (71%) rename {docker => dist/docker/x86_64-alpine-linux-musl}/pkg-config-rs.sh (89%) delete mode 100755 run-docker-image.sh diff --git a/.travis.yml b/.travis.yml index a2f406ebf..c15e351c8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,7 +29,7 @@ matrix: sudo: required dist: xenial rust: nightly - env: IMAGE=x86_64-musl + env: IMAGE=x86_64-alpine-linux-musl allow_failures: - rust: nightly @@ -90,8 +90,8 @@ script: cargo build --verbose && cargo test else - ./build-docker-image.sh $IMAGE && - ./run-docker-image.sh $IMAGE + docker build -t ttci-$IMAGE dist/docker/$IMAGE/ && + docker run -v $(pwd):/tectonic ttci-$IMAGE fi after_success: | diff --git a/Cargo.toml b/Cargo.toml index bb4b72f7e..c49b88fdd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,7 +33,7 @@ crate-type = ["rlib"] [build-dependencies] cc = "^1.0" -pkg-config = "^0.3" +pkg-config = "^0.3" # note: sync dist/docker/*/pkg-config-rs.sh with the version in Cargo.lock regex = "^1.0" sha2 = "^0.8" diff --git a/build-docker-image.sh b/build-docker-image.sh deleted file mode 100755 index 1e4b44354..000000000 --- a/build-docker-image.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -image=$1 - -docker build -t $image docker/ -f docker/$image/Dockerfile diff --git a/docker/x86_64-musl/Dockerfile b/dist/docker/x86_64-alpine-linux-musl/Dockerfile similarity index 71% rename from docker/x86_64-musl/Dockerfile rename to dist/docker/x86_64-alpine-linux-musl/Dockerfile index 62fd83382..038920cc3 100644 --- a/docker/x86_64-musl/Dockerfile +++ b/dist/docker/x86_64-alpine-linux-musl/Dockerfile @@ -1,3 +1,6 @@ +# Copyright 2018 The Tectonic Project +# Licensed under the MIT License. + FROM alpine:edge RUN apk update && \ @@ -31,12 +34,9 @@ ENV OPENSSL_DIR=/usr ENV CXXSTDLIB="" ENV RUSTFLAGS="-L /usr/lib -l static=stdc++ -C target-feature=+crt-static" -# use a patched pkg-config-rs to allow static linking with system libraries -# rename AES_cbc_encrypt to avoid name conflict with openssl +# Use a patched pkg-config-rs to allow static linking with system libraries. +# The --no-default-features flag removes serde-derive as a dep, which doesn't +# work when linking statically (rust-lang#40147). CMD cd /tectonic && \ echo -e "[patch.crates-io]\npkg-config = { path = \"/pkg-config-rs\" }" >> Cargo.toml && \ - sed -i -e 's/AES_cbc_encrypt/AES_cbc_encrypt2/g' \ - ./tectonic/dpx-dpxcrypt.h \ - ./tectonic/dpx-pdfencrypt.c \ - ./tectonic/dpx-dpxcrypt.c && \ - cargo build --release + cargo test --release --no-default-features diff --git a/docker/pkg-config-rs.sh b/dist/docker/x86_64-alpine-linux-musl/pkg-config-rs.sh similarity index 89% rename from docker/pkg-config-rs.sh rename to dist/docker/x86_64-alpine-linux-musl/pkg-config-rs.sh index a0bdd37a9..6edf7b458 100755 --- a/docker/pkg-config-rs.sh +++ b/dist/docker/x86_64-alpine-linux-musl/pkg-config-rs.sh @@ -1,4 +1,6 @@ #!/bin/sh +# Copyright 2018 The Tectonic Project +# Licensed under the MIT License. set -ex diff --git a/run-docker-image.sh b/run-docker-image.sh deleted file mode 100755 index fffea3e1b..000000000 --- a/run-docker-image.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -image=$1 - -docker run -v $(pwd):/tectonic $image