Compile Linux binaries with Zig

.github/workflows/build-and-test-make.yml

@@ -20,74 +20,72 @@ jobs:
   build-and-test-linux:
     name: (Linux ${{ matrix.arch }}) Build curl-impersonate and run the tests
     runs-on: ubuntu-latest
+    env:
+      CC: ${{ github.workspace }}/zigshim/cc
+      CXX: ${{ github.workspace }}/zigshim/cxx
+      AR: ${{ github.workspace }}/zigshim/ar
+      ZIG_TARGET: ${{ matrix.target }}
+      CFLAGS: ${{ matrix.cflags }}
     strategy:
       fail-fast: false
       matrix:
-        arch: [x86_64]
         include:
           - arch: x86_64
-            go_arch: amd64
-            docker_arch: linux/amd64
+            target: x86_64-linux-gnu.2.17
             host: x86_64-linux-gnu
             capture_interface: eth0
-            image: quay.io/pypa/manylinux2014_x86_64:latest
+            cflags:
           - arch: aarch64
-            go_arch: arm64
-            docker_arch: linux/arm/v8
+            target: aarch64-linux-gnu.2.17
             host: aarch64-linux-gnu
             capture_interface: eth0
-            image: quay.io/pypa/manylinux2014_aarch64:latest
+            cflags:
           - arch: arm
-            go_arch: armv6l
-            docker_arch: linux/arm/v7
-            host: arm-linux-gnu
+            target: arm-linux-gnueabihf.2.17
+            host: arm-linux-gnueabihf
             capture_interface: eth0
-            image: ghcr.io/bjia56/armv7l-wheel-builder:main
+            cflags: "-mfpu=vfp -mfloat-abi=hard -mcpu=arm1176jzf_s"
     steps:
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Set up zig
+        uses: goto-bus-stop/setup-zig@v2
+        with:
+          version: 0.11.0
 
-      - name: Install dependencies
+      - name: Install Ubuntu dependencies
         run: |
-          python_bin_dir=$(docker run ${{ matrix.image }} python3.10 -c 'import sys; import os; print(os.path.dirname(os.path.realpath(sys.executable)))')
-          echo "runner_uid=$(id -u)" >> $GITHUB_ENV
-          echo "runner_gid=$(id -g)" >> $GITHUB_ENV
-          echo "runner_home=$HOME" >> $GITHUB_ENV
-          docker build -t curl-impersonate-builder -f - . <<EOF
-            FROM ${{ matrix.image }}
-            ENV PATH=/usr/local/go/bin:/opt/rh/devtoolset-10/root/usr/bin:$python_bin_dir:\$PATH
-            ENV HOME=$HOME
-            ENV CC=/opt/rh/devtoolset-10/root/usr/bin/gcc
-            ENV CXX=/opt/rh/devtoolset-10/root/usr/bin/g++
-            ENV LD=/usr/bin/ld
-            RUN yum install -y libcurl-devel
-            RUN python3.10 -m pip install ninja cmake gyp-next --extra-index-url https://bjia56.github.io/armv7l-wheels/
-            RUN rm -rf /usr/local/go && \
-                curl -o /tmp/go.tar.gz -L https://go.dev/dl/go1.19.10.linux-${{ matrix.go_arch }}.tar.gz && \
-                tar -C /usr/local -xzf /tmp/go.tar.gz
-            RUN rm -f /usr/local/bin/python3 && \
-                rm -f /usr/local/bin/python && \
-                ln -s /usr/local/bin/python3.10 /usr/local/bin/python3 && \
-                ln -s /usr/local/bin/python3.10 /usr/local/bin/python
-          EOF
+          sudo apt-get update
+          sudo apt-get install build-essential pkg-config cmake ninja-build curl autoconf automake libtool
+          sudo apt-get install gcc-aarch64-linux-gnu gcc-arm-linux-gnueabihf
+          # Chrome version dependencies
+          sudo apt-get install golang-go
+          # Needed to compile 'minicurl'
+          sudo apt-get install libcurl4-openssl-dev
+          # More dependencies for the tests
+          sudo apt-get install tcpdump nghttp2-server libnss3
 
-      - name: Check out the repo
-        uses: actions/checkout@v2
+      - name: Build zlib
+        run: |
+          curl -LO https://zlib.net/fossils/zlib-1.3.tar.gz
+          tar xf zlib-1.3.tar.gz
+          cd zlib-1.3
+          CHOST=${{ matrix.host }} ./configure --prefix=${{ runner.temp }}/zlib
+          make
+          make install
+          # Make sure curl will link with libz.so.1 and not libz.so
+          rm -f ${{ runner.temp }}/zlib/lib/libz.so
 
       - name: Run configure script
-        uses: addnab/docker-run-action@v3
-        with:
-          image: curl-impersonate-builder
-          options: >
-            -v ${{ env.runner_home }}:${{ env.runner_home }}
-            --workdir ${{ github.workspace }}
-            --user ${{ env.runner_uid }}:${{ env.runner_gid }}
-          run: |
-            set -e
-            mkdir ${{ runner.temp }}/install
-            ./configure --prefix=${{ runner.temp }}/install \
-                        --with-ca-path=/etc/ssl/certs \
-                        --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt
+        run: |
+          mkdir ${{ runner.temp }}/install
+          ./configure --prefix=${{ runner.temp }}/install \
+                      --host=${{ matrix.host }} \
+                      --with-zlib=${{ runner.temp }}/zlib \
+                      --with-ca-path=/etc/ssl/certs \
+                      --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
+                      --with-libnssckbi=/usr/lib/${{ matrix.host }}/nss
 
       # Cache the build of BoringSSL, which is the longest part of the build
       # We must cache the .zip as well, otherwise the Makefile will
@@ -116,30 +114,10 @@ jobs:
           find boringssl/build -type f | xargs touch
 
       - name: Build the Chrome version of curl-impersonate
-        uses: addnab/docker-run-action@v3
-        with:
-          image: curl-impersonate-builder
-          options: >
-            -v ${{ env.runner_home }}:${{ env.runner_home }}
-            --workdir ${{ github.workspace }}
-            --user ${{ env.runner_uid }}:${{ env.runner_gid }}
-          run: |
-            set -e
-            make chrome-build
-            make chrome-checkbuild
-            make chrome-install
-
-      - name: Install test dependencies
-        if: matrix.arch == 'x86_64'
         run: |
-          sudo apt-get update
-          sudo apt-get install build-essential pkg-config cmake ninja-build curl autoconf automake libtool
-          # Chrome version dependencies
-          sudo apt-get install golang-go
-          # Needed to compile 'minicurl'
-          sudo apt-get install libcurl4-openssl-dev
-          # More dependencies for the tests
-          sudo apt-get install tcpdump nghttp2-server
+          make chrome-build
+          make chrome-checkbuild
+          make chrome-install
 
       - name: Prepare the tests
         if: matrix.arch == 'x86_64'
@@ -185,45 +163,29 @@ jobs:
           path: ${{ runner.temp }}/libcurl-impersonate*.tar.gz
 
       - name: Clean build
-        uses: addnab/docker-run-action@v3
-        with:
-          image: curl-impersonate-builder
-          options: >
-            -v ${{ env.runner_home }}:${{ env.runner_home }}
-            --workdir ${{ github.workspace }}
-            --user ${{ env.runner_uid }}:${{ env.runner_gid }}
-          run: |
-            set -e
-            make chrome-clean
-            rm -Rf ${{ runner.temp }}/install
-            mkdir ${{ runner.temp }}/install
+        run: |
+          set -e
+          make chrome-clean
+          rm -Rf ${{ runner.temp }}/install
+          mkdir ${{ runner.temp }}/install
 
        # Recompile curl-impersonate statically when doing a release.
       - name: Reconfigure statically
-        uses: addnab/docker-run-action@v3
-        with:
-          image: curl-impersonate-builder
-          options: >
-            -v ${{ env.runner_home }}:${{ env.runner_home }}
-            --workdir ${{ github.workspace }}
-            --user ${{ env.runner_uid }}:${{ env.runner_gid }}
-          run: |
-            set -e
-            ./configure --prefix=${{ runner.temp }}/install --enable-static
+        run: |
+          set -e
+          ./configure --prefix=${{ runner.temp }}/install --enable-static \
+                      --host=${{ matrix.host }} \
+                      --with-zlib=${{ runner.temp }}/zlib \
+                      --with-ca-path=/etc/ssl/certs \
+                      --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
+                      --with-libnssckbi=/usr/lib/${{ matrix.host }}/nss
 
       - name: Rebuild statically
-        uses: addnab/docker-run-action@v3
-        with:
-          image: curl-impersonate-builder
-          options: >
-            -v ${{ env.runner_home }}:${{ env.runner_home }}
-            --workdir ${{ github.workspace }}
-            --user ${{ env.runner_uid }}:${{ env.runner_gid }}
-          run: |
-            set -e
-            make chrome-build
-            make chrome-checkbuild
-            make chrome-install-strip
+        run: |
+          set -e
+          make chrome-build
+          make chrome-checkbuild
+          make chrome-install-strip
 
       - name: Create tar release files for curl-impersonate
         run: |

Makefile.in

@@ -198,6 +198,7 @@ $(brotli_static_libs): brotli-$(BROTLI_VERSION).tar.gz
 	        -DCMAKE_INSTALL_LIBDIR=lib \
 	        -DCMAKE_CXX_COMPILER=$(CXX) \
 	        -DCMAKE_C_COMPILER=$(CC) \
+			-DCMAKE_C_FLAGS="$(CFLAGS)" \
 	        -DCMAKE_SYSTEM_NAME=$$system_name \
 	        -DCMAKE_SYSTEM_PROCESSOR=$(host_cpu) \
 	        ..
@@ -288,7 +289,7 @@ $(boringssl_static_libs): boringssl.zip boringssl/.patched
 	# prevent clang from failing on them.
 	@cmake@ -DCMAKE_BUILD_TYPE=Release \
 			-DCMAKE_POSITION_INDEPENDENT_CODE=on \
-			-DCMAKE_C_FLAGS="-Wno-unknown-warning-option -Wno-stringop-overflow -Wno-array-bounds" \
+			-DCMAKE_C_FLAGS="$(CFLAGS) -Wno-unknown-warning-option -Wno-stringop-overflow -Wno-array-bounds" \
 			-DCMAKE_CXX_COMPILER=$(CXX) \
 			-DCMAKE_C_COMPILER=$(CC) \
 			-DCMAKE_SYSTEM_NAME=$$system_name \
@@ -388,7 +389,7 @@ $(CURL_VERSION)/.firefox: $(firefox_libs) $(CURL_VERSION).tar.xz $(CURL_VERSION)
 
 	echo "Configuring curl with: $$config_flags"
 
-	./configure $$config_flags CFLAGS="$$add_cflags"
+	./configure $$config_flags CFLAGS="$(CFLAGS) $$add_cflags"
 	# Remove possible leftovers from a previous compilation
 	$(MAKE) clean MAKEFLAGS=
 	touch .firefox

chrome/patches/boringssl-old-ciphers.patch

@@ -207,34 +207,3 @@ index 57116cd6c..fa1652832 100644
    }
 
    // Check for invalid algorithms, and filter out |SSL_SIGN_RSA_PKCS1_MD5_SHA1|.
-diff --git a/crypto/fipsmodule/rand/urandom_test.cc b/crypto/fipsmodule/rand/urandom_test.cc
-index 08e4183..d486c01 100644
---- a/crypto/fipsmodule/rand/urandom_test.cc
-+++ b/crypto/fipsmodule/rand/urandom_test.cc
-@@ -38,10 +38,26 @@
- #include "fork_detect.h"
- #include "getrandom_fillin.h"
-
-+#if !defined(NT_ARM_SYSTEM_CALL)
-+// https://elixir.bootlin.com/linux/v6.6.8/source/include/uapi/linux/elf.h#L433
-+#define NT_ARM_SYSTEM_CALL	0x404	/* ARM system call number */
-+#endif
-+
- #if !defined(PTRACE_O_EXITKILL)
- #define PTRACE_O_EXITKILL (1 << 20)
- #endif
-
-+#if defined(OPENSSL_AARCH64) && defined(__linux__)
-+// https://elixir.bootlin.com/glibc/glibc-2.38/source/sysdeps/unix/sysv/linux/aarch64/sys/user.h#L22
-+struct user_regs_struct
-+{
-+  unsigned long long regs[31];
-+  unsigned long long sp;
-+  unsigned long long pc;
-+  unsigned long long pstate;
-+};
-+#endif
-+
- #if defined(OPENSSL_ANDROID)
- static const bool kIsAndroid = true;
- #else

zigshim/ar

@@ -0,0 +1,2 @@
+#!/bin/bash
+zig ar "$@"

zigshim/cc

@@ -0,0 +1,2 @@
+#!/bin/bash
+zig cc -target $ZIG_TARGET "$@"

zigshim/cxx

@@ -0,0 +1,2 @@
+#!/bin/bash
+zig c++ -target $ZIG_TARGET "$@"