From 104833d8e3a249226b850f5f1bcad3a50d2b0d12 Mon Sep 17 00:00:00 2001 From: Ryan Tharp Date: Thu, 16 Jan 2020 18:27:35 -0800 Subject: [PATCH 1/6] bring gitlab ci up to date, mhas it make a static linux release tarball --- .gitlab-ci.yml | 56 ++++++++++++++++++++++++++---------------- linux-setup/readme.txt | 4 +++ 2 files changed, 39 insertions(+), 21 deletions(-) create mode 100644 linux-setup/readme.txt diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bf149bf9b..af62db26b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,34 +5,44 @@ stages: - build - test -# disabled because cannot find -luv -lcap when building +# disabled because gcc9 can't build net_if.hpp #build:linux: # image: alpine:latest # tags: # - linux # stage: build # before_script: -# - apk add --update g++ make cmake linux-headers libcap-dev libuv-dev +# - apk add --update g++ make cmake linux-headers libcap-dev libuv-dev curl-dev git # script: -# - make STATIC_LINK=ON +# - make STATIC_LINK=ON DOWNLOAD_SODIUM=ON # artifacts: # paths: # - "lokinet" # we'll just try our travis set up for now -#build:linux_release: -# image: ubuntu:xenial -# tags: -# - linux -# stage: build -# before_script: -# - apt-get update && apt-get install -y binutils-gold build-essential bsdmainutils ca-certificates cmake curl git libcap-dev libcurl4-openssl-dev libsodium-dev libuv1-dev ninja-build -# script: -# - DOWNLOAD_SODIUM=ON STATIC_LINK=OFF make release -# artifacts: -# paths: -# - "build/daemon/lokinet" -# - "build/daemon/lokinetctl" +build:linux_release: + image: ubuntu:xenial + tags: + - linux + stage: build + before_script: + - apt-get update && apt-get install -y binutils-gold build-essential bsdmainutils ca-certificates cmake curl git libcap-dev pkg-config wget xz-utils libuv1-dev libsodium-dev libcurl4-openssl-dev + script: + - make static DOWNLOAD_SODIUM=ON + # alternatively: git describe --tag + - LOKINET_VERSION=$(./lokinet-static --version|sed s/lokinet-//) + - echo lokinet-linux-x64-v$LOKINET_VERSION + - mkdir lokinet-linux-x64-v$LOKINET_VERSION + - cp lokinet-bootstrap lokinet-linux-x64-v$LOKINET_VERSION + - cp build/daemon/lokinet lokinet-linux-x64-v$LOKINET_VERSION + - cp build/daemon/lokinetctl lokinet-linux-x64-v$LOKINET_VERSION + - cp linux-setup/readme.txt lokinet-linux-x64-v$LOKINET_VERSION + - tar cf lokinet-linux-x64-v$LOKINET_VERSION.tar lokinet-linux-x64-v$LOKINET_VERSION + - xz lokinet-linux-x64-v$LOKINET_VERSION.tar + - echo "lokinet-linux-x64-v$LOKINET_VERSION.tar.xz should be ready" + artifacts: + paths: + - lokinet-linux-x64-v*.tar.xz build:linux_debug: image: ubuntu:xenial @@ -45,26 +55,30 @@ build:linux_debug: - DOWNLOAD_SODIUM=ON IS_NOTIFICATION=1 STATIC_LINK=OFF make artifacts: paths: - - "lokinet" - - "lokinetctl" + - build/daemon/lokinet + - build/daemon/lokinetctl -# needs libsodium (probably libuv and libcurl too) +# needs libuv and libcurl #build:freebsd: # tags: # - freebsd # stage: build # script: -# - gmake +# - gmake DOWNLOAD_SODIUM=ON # artifacts: # paths: # - "lokinet" +# need windows runner on lokiproject #build:windows: # tags: # - windows # stage: build # script: -# - make STATIC_LINK=ON AVX2=OFF JSONRPC=OFF CC=gcc CXX=g++ + #- make static CC=gcc CXX=g++ + # can't use STATIC because LTO doesn't work on cross-compiled targets + # -DSTATIC_LINK_RUNTIME=ON -DLIBUV_ROOT=libuv +# - cmake .. -G Ninja -DCMAKE_TOOLCHAIN_FILE=../contrib/cross/mingw[32].cmake -DDOWNLOAD_SODIUM=ON # artifacts: # paths: # - "lokinet.exe" diff --git a/linux-setup/readme.txt b/linux-setup/readme.txt new file mode 100644 index 000000000..000836200 --- /dev/null +++ b/linux-setup/readme.txt @@ -0,0 +1,4 @@ +You'll need to setcap the lokinet to make sure you don't have to run it as root +On debian-based distros, you make sure you have setcap installed first: apt install libcap2-bin +and then you can: +setcap cap_net_admin,cap_net_bind_service=+eip lokinet From c6fa014adc3464307ce6f7e99a646a911d7c35cc Mon Sep 17 00:00:00 2001 From: Ryan Tharp Date: Thu, 16 Jan 2020 19:08:48 -0800 Subject: [PATCH 2/6] Combine tar and xz into one command --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index af62db26b..4c4bf038d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,8 +37,7 @@ build:linux_release: - cp build/daemon/lokinet lokinet-linux-x64-v$LOKINET_VERSION - cp build/daemon/lokinetctl lokinet-linux-x64-v$LOKINET_VERSION - cp linux-setup/readme.txt lokinet-linux-x64-v$LOKINET_VERSION - - tar cf lokinet-linux-x64-v$LOKINET_VERSION.tar lokinet-linux-x64-v$LOKINET_VERSION - - xz lokinet-linux-x64-v$LOKINET_VERSION.tar + - tar cJf lokinet-linux-x64-v$LOKINET_VERSION.tar.xz lokinet-linux-x64-v$LOKINET_VERSION - echo "lokinet-linux-x64-v$LOKINET_VERSION.tar.xz should be ready" artifacts: paths: From 6de463decc556ca436a289bcbf2a96756d7bf6b9 Mon Sep 17 00:00:00 2001 From: Ryan Tharp Date: Thu, 16 Jan 2020 19:33:42 -0800 Subject: [PATCH 3/6] update libsodium requirements --- docker/gcc-trunk.Dockerfile | 2 +- docker/router.Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/gcc-trunk.Dockerfile b/docker/gcc-trunk.Dockerfile index c8028f47e..7de381429 100644 --- a/docker/gcc-trunk.Dockerfile +++ b/docker/gcc-trunk.Dockerfile @@ -9,6 +9,6 @@ COPY . /src/ RUN mkdir build && \ cd build && \ - cmake .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DWARNINGS_AS_ERRORS=ON && \ + cmake .. -G Ninja -DDOWNLOAD_SODIUM=ON -DCMAKE_BUILD_TYPE=Release -DWARNINGS_AS_ERRORS=ON && \ ninja -k0 && \ ./test/testAll diff --git a/docker/router.Dockerfile b/docker/router.Dockerfile index 70ace0850..5ff8685af 100644 --- a/docker/router.Dockerfile +++ b/docker/router.Dockerfile @@ -7,7 +7,7 @@ RUN apk update && \ WORKDIR /src/ COPY . /src/ -RUN make NINJA=ninja STATIC_LINK=ON BUILD_TYPE=Release +RUN make NINJA=ninja STATIC_LINK=ON BUILD_TYPE=Release DOWNLOAD_SODIUM=ON RUN ./lokinet-bootstrap ${bootstrap} FROM alpine:latest From 6eb64392222e72790b905128e1cab10cca20b03d Mon Sep 17 00:00:00 2001 From: Ryan Tharp Date: Thu, 16 Jan 2020 19:50:01 -0800 Subject: [PATCH 4/6] remove unneeded packages --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4c4bf038d..d48e69fcd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,7 +26,7 @@ build:linux_release: - linux stage: build before_script: - - apt-get update && apt-get install -y binutils-gold build-essential bsdmainutils ca-certificates cmake curl git libcap-dev pkg-config wget xz-utils libuv1-dev libsodium-dev libcurl4-openssl-dev + - apt-get update && apt-get install -y build-essential ca-certificates cmake curl git libcap-dev pkg-config wget xz-utils script: - make static DOWNLOAD_SODIUM=ON # alternatively: git describe --tag @@ -49,7 +49,7 @@ build:linux_debug: - linux stage: build before_script: - - apt-get update && apt-get install -y binutils-gold build-essential bsdmainutils ca-certificates cmake curl git libcap-dev libcurl4-openssl-dev libsodium-dev libuv1-dev ninja-build + - apt-get update && apt-get install -y build-essential ca-certificates cmake curl git libcap-dev libcurl4-openssl-dev libuv1-dev ninja-build script: - DOWNLOAD_SODIUM=ON IS_NOTIFICATION=1 STATIC_LINK=OFF make artifacts: From 5cf36360b33b586d84ae4196c2f7971656661d74 Mon Sep 17 00:00:00 2001 From: Ryan Tharp Date: Thu, 16 Jan 2020 20:56:28 -0800 Subject: [PATCH 5/6] include Jason's copy --- linux-setup/readme.txt | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/linux-setup/readme.txt b/linux-setup/readme.txt index 000836200..01b94b3c8 100644 --- a/linux-setup/readme.txt +++ b/linux-setup/readme.txt @@ -1,4 +1,16 @@ -You'll need to setcap the lokinet to make sure you don't have to run it as root -On debian-based distros, you make sure you have setcap installed first: apt install libcap2-bin -and then you can: +Lokinet needs certain capabilities to run to set up a virtual network interface and provide a DNS server. The preferred approach to using this is through the linux capabilities mechanism, which allows assigning limited capabilities without needing to run the entire process as root. + +There are two main ways to do this: + +1. If you are running lokinet via an init system such as systemd, you can specify the capabilities in the service file by adding: + +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE + + into the [Service] section of the systemd service file. This will assign the necessary permissions when running the process and allow lokinet to work while running as a non-root user. + +2. You can set the capabilities on the binary by using the setcap program (if not available you may need to install libcap2-bin on Debian/Ubuntu-based systems) and running: + setcap cap_net_admin,cap_net_bind_service=+eip lokinet + + This grants the permissions whenever the lokinet binary is executed. From dfa92f4602e09cfa8eb2aa86746ffc4002ef9fd6 Mon Sep 17 00:00:00 2001 From: Ryan Tharp Date: Sun, 19 Jan 2020 17:38:36 -0800 Subject: [PATCH 6/6] move linux-setup/readme to docs/ --- .gitlab-ci.yml | 2 +- linux-setup/readme.txt => docs/linux-setcap-readme.txt | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename linux-setup/readme.txt => docs/linux-setcap-readme.txt (100%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d48e69fcd..cd93afa68 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -36,7 +36,7 @@ build:linux_release: - cp lokinet-bootstrap lokinet-linux-x64-v$LOKINET_VERSION - cp build/daemon/lokinet lokinet-linux-x64-v$LOKINET_VERSION - cp build/daemon/lokinetctl lokinet-linux-x64-v$LOKINET_VERSION - - cp linux-setup/readme.txt lokinet-linux-x64-v$LOKINET_VERSION + - cp docs/linux-setcap-readme.txt lokinet-linux-x64-v$LOKINET_VERSION - tar cJf lokinet-linux-x64-v$LOKINET_VERSION.tar.xz lokinet-linux-x64-v$LOKINET_VERSION - echo "lokinet-linux-x64-v$LOKINET_VERSION.tar.xz should be ready" artifacts: diff --git a/linux-setup/readme.txt b/docs/linux-setcap-readme.txt similarity index 100% rename from linux-setup/readme.txt rename to docs/linux-setcap-readme.txt