feate: linux-musl target,docker image,add rc4-md5 cipher (#555)

* feate: linux-musl target,docker image 1. add rc4-md5 cipher * fix: ci * fix: Dockerfile * fix: add aarch64-unknown-linux-musl * fix: Build docker image for release only * fix: delete image-cleaning-action
Watfaq · Aug 26, 2024 · 6a05099 · 6a05099
1 parent dca2830
commit 6a05099
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 28 deletions.
diff --git a/.github/Dockerfile b/.github/Dockerfile
@@ -0,0 +1,9 @@
+FROM alpine:latest
+# Define an ARG for the target architecture
+ARG TARGETARCH
+COPY ./clash-rs/clash-${TARGETARCH} /usr/bin/clash
+# The yq library installed here is used to rewrite the config.yaml configuration file for clash, merge it, and other related operations.
+RUN apk update && apk add --no-cache -f yq && mkdir -p /root/.config/clash/
+WORKDIR /root
+ENTRYPOINT [ "/usr/bin/clash" ]
+CMD [ "-d", "/root/.config/clash/" ]
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,6 +13,9 @@ concurrency:
 
 env:
   PACKAGE: "clash"
+  REGISTRY: "ghcr.io"
+  IMAGE_NAME: "clash-rs"
+
 
 jobs:
   compile:
@@ -52,6 +55,12 @@ jobs:
             cross: true
             extra-args: "--all-features"
             rustflags: "-Ctarget-feature=+crt-static --cfg tokio_unstable"
+          # Linux x86_64-unknown-linux-musl
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-musl
+            release-name: x86_64-unknown-linux-musl
+            cross: true
+            extra-args: "--all-features"
           - os: ubuntu-latest
             target: i686-unknown-linux-gnu
             release-name: i686-unknown-linux-gnu-static-crt
@@ -78,6 +87,11 @@ jobs:
             cross: true
             extra-args: "--all-features"
             rustflags: "-Ctarget-feature=+crt-static --cfg tokio_unstable"
+          - os: ubuntu-latest
+            target: aarch64-unknown-linux-musl
+            release-name: aarch64-unknown-linux-musl
+            cross: true
+            extra-args: "--all-features"
           - os: ubuntu-latest
             target: armv7-unknown-linux-gnueabi
             release-name: armv7-unknown-linux-gnueabi-static-crt
@@ -220,19 +234,19 @@ jobs:
         with:
           name: ${{ matrix.release-name || matrix.target }}
           path: ${{ env.PACKAGE }}-${{ matrix.release-name || matrix.target }}${{ matrix.postfix }}
-          
+
       - name: Setup tmate session
         if: ${{ failure() }}
         uses: mxschmitt/action-tmate@v3
         with:
           detached: true
           timeout-minutes: 15
           limit-access-to-actor: true
-          
+
   release:
     name: Release
 
-    needs: [compile]
+    needs: [ compile ]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -272,3 +286,65 @@ jobs:
           files: |
             packages/*
             LICENSE
+  docker-image:
+    needs: [ compile ]
+    name: Docker Image
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Get the current Git commit hash
+        id: get-info
+        run: |
+          echo "OWNER=${GITHUB_REPOSITORY_OWNER@L}" >> $GITHUB_OUTPUT
+          echo "VERSION=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT"
+          echo "TAG_VERSION=${REGISTRY}/${GITHUB_REPOSITORY_OWNER@L}/${IMAGE_NAME}:${VERSION}" >> $GITHUB_ENV
+          echo "TAG_LATEST=${REGISTRY}/${GITHUB_REPOSITORY_OWNER@L}/${IMAGE_NAME}:latest" >> $GITHUB_ENV
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ steps.get-info.outputs.OWNER }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Download binaries amd64
+        uses: actions/download-artifact@v4
+        with:
+          name: x86_64-unknown-linux-musl
+          path: ./clash-rs
+
+      - name: Download binaries arm64
+        uses: actions/download-artifact@v4
+        with:
+          name: aarch64-unknown-linux-musl
+          path: ./clash-rs
+
+      - name: Rename binary
+        run: |
+          mv ./clash-rs/clash-x86_64-unknown-linux-musl ./clash-rs/clash-amd64
+          mv ./clash-rs/clash-aarch64-unknown-linux-musl ./clash-rs/clash-arm64
+
+      - name: Build and push release
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: .github/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.TAG_VERSION }},${{ env.TAG_LATEST }}
+
+
+
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/clash_lib/Cargo.toml b/clash_lib/Cargo.toml
@@ -105,7 +105,7 @@ tracing-oslog = { branch = "main", git = "https://github.com/Absolucy/tracing-os
 tracing-appender = "0.2.3"
 
 
-shadowsocks = { version = "1.20.2", optional = true, features=["aead-cipher-2022"] }
+shadowsocks = { version = "1.20.2", optional = true, features=["aead-cipher-2022","stream-cipher"] }
 maxminddb = "0.24.0"
 public-suffix = "0.1.0"
 murmur3 = "0.5.2"

diff --git a/clash_lib/src/proxy/shadowsocks/mod.rs b/clash_lib/src/proxy/shadowsocks/mod.rs
@@ -138,13 +138,27 @@ impl Handler {
         };
 
         let ctx = Context::new_shared(ServerType::Local);
+        let cfg = self.server_config()?;
+
+        let stream = ProxyClientStream::from_stream(
+            ctx,
+            stream,
+            &cfg,
+            (sess.destination.host(), sess.destination.port()),
+        );
+
+        Ok(Box::new(ShadowSocksStream(stream)))
+    }
+
+    fn server_config(&self) -> Result<ServerConfig, io::Error> {
         let cfg = ServerConfig::new(
             (self.opts.server.to_owned(), self.opts.port),
             self.opts.password.to_owned(),
             match self.opts.cipher.as_str() {
                 "aes-128-gcm" => CipherKind::AES_128_GCM,
                 "aes-256-gcm" => CipherKind::AES_256_GCM,
                 "chacha20-ietf-poly1305" => CipherKind::CHACHA20_POLY1305,
+                "rc4-md5" => CipherKind::SS_RC4_MD5,
                 _ => {
                     return Err(io::Error::new(
                         io::ErrorKind::Other,
@@ -153,15 +167,7 @@ impl Handler {
                 }
             },
         );
-
-        let stream = ProxyClientStream::from_stream(
-            ctx,
-            stream,
-            &cfg,
-            (sess.destination.host(), sess.destination.port()),
-        );
-
-        Ok(Box::new(ShadowSocksStream(stream)))
+        Ok(cfg)
     }
 }
 
@@ -207,21 +213,8 @@ impl OutboundHandler for Handler {
         resolver: ThreadSafeDNSResolver,
     ) -> io::Result<BoxedChainedDatagram> {
         let ctx = Context::new_shared(ServerType::Local);
-        let cfg = ServerConfig::new(
-            (self.opts.server.to_owned(), self.opts.port),
-            self.opts.password.to_owned(),
-            match self.opts.cipher.as_str() {
-                "aes-128-gcm" => CipherKind::AES_128_GCM,
-                "aes-256-gcm" => CipherKind::AES_256_GCM,
-                "chacha20-ietf-poly1305" => CipherKind::CHACHA20_POLY1305,
-                _ => {
-                    return Err(io::Error::new(
-                        io::ErrorKind::Other,
-                        "unsupported cipher",
-                    ))
-                }
-            },
-        );
+        let cfg = self.server_config()?;
+
         let socket = new_udp_socket(
             None,
             self.opts.common_opts.iface.clone().or(sess.iface.clone()),