diff --git a/haproxy-3.3.yaml b/haproxy-3.3.yaml new file mode 100644 index 00000000000..ff0a3633fcb --- /dev/null +++ b/haproxy-3.3.yaml @@ -0,0 +1,186 @@ +package: + name: haproxy-3.3 + version: "3.3.0" + epoch: 0 + description: "A TCP/HTTP reverse proxy for high availability environments" + copyright: + - license: GPL-2.0-or-later + dependencies: + runtime: + - libgcc + - merged-usrsbin + - wolfi-baselayout + provides: + - haproxy=${{package.full-version}} + +var-transforms: + - from: ${{package.version}} + match: ^(\d+\.\d+)\.\d+$ + replace: "$1" + to: major-minor-version + - from: ${{package.version}} + match: ^(\d+).* + replace: $1 + to: major-version + +environment: + contents: + packages: + - build-base + - busybox + - ca-certificates-bundle + - libcap-utils + - linux-headers + - lua5.3-dev + - openssl-dev + - pcre2-dev + accounts: + # Need to run with privilege to be able to do setcap + run-as: root + +pipeline: + - uses: git-checkout + with: + repository: https://git.haproxy.org/git/haproxy-${{vars.major-minor-version}}.git + tag: v${{package.version}} + expected-commit: 7832fb21fe2dd11ce44e996d8e86802731b871b2 + + - uses: autoconf/make + with: + opts: | + TARGET=linux-glibc \ + USE_THREAD=1 \ + USE_PCRE2=1 \ + USE_PCRE2_JIT=1 \ + USE_OPENSSL=1 \ + USE_LUA=1 \ + USE_NS=1 \ + USE_PROMEX=1 \ + LUA_LIB=/usr/lib/lua5.3 \ + LUA_INC=/usr/include/lua5.3 \ + USE_GETADDRINFO=1 \ + SBINDIR=/usr/bin + + - runs: | + make install DESTDIR="${{targets.destdir}}" PREFIX=/usr DOCDIR=/usr/share/doc/haproxy + install -d "${{targets.destdir}}"/var/lib/haproxy + mkdir -p "${{targets.destdir}}"/usr/bin + mv "${{targets.destdir}}"/usr/sbin/* "${{targets.destdir}}"/usr/bin + rmdir "${{targets.destdir}}"/usr/sbin + + - uses: strip + + # This MUST run after strip, which strips capabilities too! + - runs: setcap cap_net_bind_service=+eip "${{targets.destdir}}/usr/bin/haproxy" + +subpackages: + - name: "${{package.name}}-nocaps" + description: "haproxy without cap_net_bind_service capabilities" + pipeline: + - runs: | + mkdir -p ${{targets.contextdir}}/usr/bin + cp /home/build/melange-out/${{package.name}}/usr/bin/haproxy ${{targets.contextdir}}/usr/bin/ + test: + environment: + contents: + packages: + - libcap-utils + pipeline: + - uses: test/tw/help-check + with: + bins: /usr/bin/haproxy + - name: Test there are no capabilities present + runs: | + if [ $(getcap /usr/bin/haproxy | wc -l ) -ne 0 ]; then exit 1; fi + + - name: "${{package.name}}-doc" + description: "haproxy documentation" + pipeline: + - uses: split/manpages + dependencies: + provides: + - haproxy-doc=${{package.full-version}} + runtime: + - merged-usrsbin + - wolfi-baselayout + test: + pipeline: + - uses: test/docs + + - name: ${{package.name}}-oci-entrypoint + description: Entrypoint for using HAProxy in OCI containers + dependencies: + runtime: + - busybox + - merged-usrsbin + - posix-libc-utils # `getent` is required for certain helm chart startups + - wolfi-baselayout + provides: + - haproxy-oci-entrypoint=${{package.full-version}} + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/usr/local/bin/ + cp docker-entrypoint.sh ${{targets.subpkgdir}}/usr/local/bin/ + chmod +x ${{targets.subpkgdir}}/usr/local/bin/docker-entrypoint.sh + test: + pipeline: + - uses: test/virtualpackage + with: + virtual-pkg-name: haproxy-oci-entrypoint + real-pkg-name: ${{subpkg.name}} + + - name: ${{package.name}}-iamguarded-compat + dependencies: + provides: + - haproxy-iamguarded-compat=${{package.full-version}} + runtime: + - ${{package.name}} + pipeline: + - uses: iamguarded/build-compat + with: + package: haproxy + version: ${{vars.major-version}} + - runs: | + mkdir -p /iamguarded/haproxy/conf + + mkdir -p /opt/iamguarded/haproxy/bin + mkdir -p /opt/iamguarded/haproxy-dataplaneapi/bin + mkdir -p /opt/iamguarded/lua/bin + chmod g+rwX /opt/iamguarded + + ln -s /usr/bin/haproxy /opt/iamguarded/haproxy/bin/haproxy + ln -s /usr/bin/dataplaneapi /opt/iamguarded/haproxy-dataplaneapi/bin/dataplaneapi + - uses: iamguarded/finalize-compat + with: + package: haproxy + version: ${{vars.major-version}} + test: + environment: + contents: + packages: + - dataplaneapi + pipeline: + - uses: iamguarded/test-compat + with: + package: haproxy + version: ${{vars.major-version}} + - runs: | + /opt/iamguarded/haproxy/bin/haproxy -v + +update: + enabled: true + git: + strip-prefix: v + tag-filter-prefix: v3.3 + +test: + environment: + contents: + packages: + - libcap-utils + pipeline: + - runs: | + haproxy -v + - name: Test file capabilities + runs: | + getcap /usr/bin/haproxy | cut -d ' ' -f2 | grep -q -E '^cap_net_bind_service=eip$' diff --git a/haproxy-3.3/docker-entrypoint.sh b/haproxy-3.3/docker-entrypoint.sh new file mode 100644 index 00000000000..0d3827f82bb --- /dev/null +++ b/haproxy-3.3/docker-entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +# src: https://github.com/docker-library/haproxy/blob/817555017600e0dac39d93a75ef920adac450958/2.8/alpine/docker-entrypoint.sh + +set -e + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- haproxy "$@" +fi + +if [ "$1" = 'haproxy' ]; then + shift # "haproxy" + # if the user wants "haproxy", let's add a couple useful flags + # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") + # -db -- disables background mode + set -- haproxy -W -db "$@" +fi + +exec "$@"