From 6a050995e99a05ac9e8e583346900da00568a318 Mon Sep 17 00:00:00 2001 From: litcc Date: Mon, 26 Aug 2024 10:33:20 +0800 Subject: [PATCH] feate: linux-musl target,docker image,add rc4-md5 cipher (#555) * feate: linux-musl target,docker image 1. add rc4-md5 cipher * fix: ci * fix: Dockerfile * fix: add aarch64-unknown-linux-musl * fix: Build docker image for release only * fix: delete image-cleaning-action --- .github/Dockerfile | 9 +++ .github/workflows/ci.yml | 82 +++++++++++++++++++++++++- Cargo.lock | 13 ++++ clash_lib/Cargo.toml | 2 +- clash_lib/src/proxy/shadowsocks/mod.rs | 41 ++++++------- 5 files changed, 119 insertions(+), 28 deletions(-) create mode 100644 .github/Dockerfile diff --git a/.github/Dockerfile b/.github/Dockerfile new file mode 100644 index 000000000..d40aa9db9 --- /dev/null +++ b/.github/Dockerfile @@ -0,0 +1,9 @@ +FROM alpine:latest +# Define an ARG for the target architecture +ARG TARGETARCH +COPY ./clash-rs/clash-${TARGETARCH} /usr/bin/clash +# The yq library installed here is used to rewrite the config.yaml configuration file for clash, merge it, and other related operations. +RUN apk update && apk add --no-cache -f yq && mkdir -p /root/.config/clash/ +WORKDIR /root +ENTRYPOINT [ "/usr/bin/clash" ] +CMD [ "-d", "/root/.config/clash/" ] \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b5dce154..13651fddd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,9 @@ concurrency: env: PACKAGE: "clash" + REGISTRY: "ghcr.io" + IMAGE_NAME: "clash-rs" + jobs: compile: @@ -52,6 +55,12 @@ jobs: cross: true extra-args: "--all-features" rustflags: "-Ctarget-feature=+crt-static --cfg tokio_unstable" + # Linux x86_64-unknown-linux-musl + - os: ubuntu-latest + target: x86_64-unknown-linux-musl + release-name: x86_64-unknown-linux-musl + cross: true + extra-args: "--all-features" - os: ubuntu-latest target: i686-unknown-linux-gnu release-name: i686-unknown-linux-gnu-static-crt @@ -78,6 +87,11 @@ jobs: cross: true extra-args: "--all-features" rustflags: "-Ctarget-feature=+crt-static --cfg tokio_unstable" + - os: ubuntu-latest + target: aarch64-unknown-linux-musl + release-name: aarch64-unknown-linux-musl + cross: true + extra-args: "--all-features" - os: ubuntu-latest target: armv7-unknown-linux-gnueabi release-name: armv7-unknown-linux-gnueabi-static-crt @@ -220,7 +234,7 @@ jobs: with: name: ${{ matrix.release-name || matrix.target }} path: ${{ env.PACKAGE }}-${{ matrix.release-name || matrix.target }}${{ matrix.postfix }} - + - name: Setup tmate session if: ${{ failure() }} uses: mxschmitt/action-tmate@v3 @@ -228,11 +242,11 @@ jobs: detached: true timeout-minutes: 15 limit-access-to-actor: true - + release: name: Release - needs: [compile] + needs: [ compile ] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -272,3 +286,65 @@ jobs: files: | packages/* LICENSE + docker-image: + needs: [ compile ] + name: Docker Image + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/v') + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - name: Get the current Git commit hash + id: get-info + run: | + echo "OWNER=${GITHUB_REPOSITORY_OWNER@L}" >> $GITHUB_OUTPUT + echo "VERSION=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT" + echo "TAG_VERSION=${REGISTRY}/${GITHUB_REPOSITORY_OWNER@L}/${IMAGE_NAME}:${VERSION}" >> $GITHUB_ENV + echo "TAG_LATEST=${REGISTRY}/${GITHUB_REPOSITORY_OWNER@L}/${IMAGE_NAME}:latest" >> $GITHUB_ENV + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ steps.get-info.outputs.OWNER }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Download binaries amd64 + uses: actions/download-artifact@v4 + with: + name: x86_64-unknown-linux-musl + path: ./clash-rs + + - name: Download binaries arm64 + uses: actions/download-artifact@v4 + with: + name: aarch64-unknown-linux-musl + path: ./clash-rs + + - name: Rename binary + run: | + mv ./clash-rs/clash-x86_64-unknown-linux-musl ./clash-rs/clash-amd64 + mv ./clash-rs/clash-aarch64-unknown-linux-musl ./clash-rs/clash-arm64 + + - name: Build and push release + uses: docker/build-push-action@v5 + with: + context: . + file: .github/Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ env.TAG_VERSION }},${{ env.TAG_LATEST }} + + + diff --git a/Cargo.lock b/Cargo.lock index ed0e970f2..dc5d43bb0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -769,6 +769,16 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "camellia" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3264e2574e9ef2b53ce6f536dea83a69ac0bc600b762d1523ff83fe07230ce30" +dependencies = [ + "byteorder", + "cipher", +] + [[package]] name = "caret" version = "0.4.6" @@ -4811,8 +4821,11 @@ dependencies = [ "aes-gcm", "blake3", "bytes", + "camellia", "cfg-if", + "chacha20", "chacha20poly1305", + "ctr", "hkdf", "md-5", "rand", diff --git a/clash_lib/Cargo.toml b/clash_lib/Cargo.toml index 7b9a00fb1..bb6cbf66f 100644 --- a/clash_lib/Cargo.toml +++ b/clash_lib/Cargo.toml @@ -105,7 +105,7 @@ tracing-oslog = { branch = "main", git = "https://github.com/Absolucy/tracing-os tracing-appender = "0.2.3" -shadowsocks = { version = "1.20.2", optional = true, features=["aead-cipher-2022"] } +shadowsocks = { version = "1.20.2", optional = true, features=["aead-cipher-2022","stream-cipher"] } maxminddb = "0.24.0" public-suffix = "0.1.0" murmur3 = "0.5.2" diff --git a/clash_lib/src/proxy/shadowsocks/mod.rs b/clash_lib/src/proxy/shadowsocks/mod.rs index 244c3d473..35bbffe40 100644 --- a/clash_lib/src/proxy/shadowsocks/mod.rs +++ b/clash_lib/src/proxy/shadowsocks/mod.rs @@ -138,6 +138,19 @@ impl Handler { }; let ctx = Context::new_shared(ServerType::Local); + let cfg = self.server_config()?; + + let stream = ProxyClientStream::from_stream( + ctx, + stream, + &cfg, + (sess.destination.host(), sess.destination.port()), + ); + + Ok(Box::new(ShadowSocksStream(stream))) + } + + fn server_config(&self) -> Result { let cfg = ServerConfig::new( (self.opts.server.to_owned(), self.opts.port), self.opts.password.to_owned(), @@ -145,6 +158,7 @@ impl Handler { "aes-128-gcm" => CipherKind::AES_128_GCM, "aes-256-gcm" => CipherKind::AES_256_GCM, "chacha20-ietf-poly1305" => CipherKind::CHACHA20_POLY1305, + "rc4-md5" => CipherKind::SS_RC4_MD5, _ => { return Err(io::Error::new( io::ErrorKind::Other, @@ -153,15 +167,7 @@ impl Handler { } }, ); - - let stream = ProxyClientStream::from_stream( - ctx, - stream, - &cfg, - (sess.destination.host(), sess.destination.port()), - ); - - Ok(Box::new(ShadowSocksStream(stream))) + Ok(cfg) } } @@ -207,21 +213,8 @@ impl OutboundHandler for Handler { resolver: ThreadSafeDNSResolver, ) -> io::Result { let ctx = Context::new_shared(ServerType::Local); - let cfg = ServerConfig::new( - (self.opts.server.to_owned(), self.opts.port), - self.opts.password.to_owned(), - match self.opts.cipher.as_str() { - "aes-128-gcm" => CipherKind::AES_128_GCM, - "aes-256-gcm" => CipherKind::AES_256_GCM, - "chacha20-ietf-poly1305" => CipherKind::CHACHA20_POLY1305, - _ => { - return Err(io::Error::new( - io::ErrorKind::Other, - "unsupported cipher", - )) - } - }, - ); + let cfg = self.server_config()?; + let socket = new_udp_socket( None, self.opts.common_opts.iface.clone().or(sess.iface.clone()),