Add Https support for host/client

volt-software · Oct 3, 2023 · 03aa56d · 03aa56d
1 parent ad3bb94
commit 03aa56d
Show file tree

Hide file tree

Showing 17 changed files with 618 additions and 95 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -146,7 +146,10 @@ if(ICHOR_USE_BOOST_BEAST)
 endif()
 if(ICHOR_MUSL)
     target_compile_definitions(ichor PUBLIC ICHOR_MUSL)
-    target_link_options(ichor PUBLIC -static-libgcc -static-libstdc++ -static)
+    target_link_options(ichor PUBLIC -static-libgcc -static-libstdc++)
+endif()
+if(ICHOR_AARCH64)
+    target_compile_definitions(ichor PUBLIC ICHOR_AARCH64)
 endif()
 
 if(NOT WIN32)
@@ -381,6 +384,7 @@ if(ICHOR_USE_BOOST_BEAST) #beast
     target_include_directories(ichor PUBLIC ${Boost_INCLUDE_DIRS})
     target_link_directories(ichor PUBLIC ${Boost_LIBRARY_DIRS})
     target_link_libraries(ichor PUBLIC ${Boost_LIBRARIES})
+    target_link_libraries(ichor PUBLIC -lssl -lcrypto)
     #_SILENCE_ALL_CXX23_DEPRECATION_WARNINGS -> MSVC gives warnings on things like std::aligned_storage, which is still valid in C++20.
     target_compile_definitions(ichor PUBLIC BOOST_ASIO_NO_DEPRECATED _SILENCE_ALL_CXX23_DEPRECATION_WARNINGS)
 

diff --git a/Dockerfile b/Dockerfile
@@ -36,4 +36,4 @@ WORKDIR /opt/ichor/build
 
 ENTRYPOINT ["/bin/bash", "-c"]
 
-CMD ["cd /opt/ichor/build && cmake -GNinja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DICHOR_USE_SANITIZERS=0 -DICHOR_USE_HIREDIS=1 -DICHOR_USE_BOOST_BEAST=ON -DICHOR_USE_SPDLOG=ON /opt/ichor/src && ninja"]
+CMD ["cd /opt/ichor/build && cmake -GNinja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DICHOR_USE_SANITIZERS=0 -DICHOR_USE_HIREDIS=1 -DICHOR_USE_BOOST_BEAST=1 -DICHOR_USE_SPDLOG=1 /opt/ichor/src && ninja"]
diff --git a/Dockerfile-asan b/Dockerfile-asan
@@ -7,6 +7,9 @@ RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 60
 RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 60
 RUN update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-12 60
 
+ENV CFLAGS="-Og -fsanitize=address,undefined"
+ENV CXXFLAGS="-Og -fsanitize=address,undefined"
+
 WORKDIR /opt
 
 #Build boost with support for asan
@@ -34,6 +37,9 @@ RUN mkdir -p /opt/ichor/build
 
 WORKDIR /opt/ichor/build
 
+RUN unset CFLAGS
+RUN unset CXXFLAGS
+
 ENTRYPOINT ["/bin/bash", "-c"]
 
-CMD ["cd /opt/ichor/build && cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DICHOR_USE_SANITIZERS=1 -DICHOR_USE_HIREDIS=1 -DICHOR_USE_BOOST_BEAST=ON -DICHOR_USE_SPDLOG=ON /opt/ichor/src && ninja"]
+CMD ["cd /opt/ichor/build && cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DICHOR_USE_SANITIZERS=1 -DICHOR_USE_HIREDIS=1 -DICHOR_USE_BOOST_BEAST=1 -DICHOR_USE_SPDLOG=1 /opt/ichor/src && ninja"]
diff --git a/Dockerfile-musl b/Dockerfile-musl
@@ -1,17 +1,28 @@
 FROM alpine:3.17
 
 RUN apk update
-RUN apk add gcc g++ build-base cmake openssl-dev git wget make nano sed linux-headers
+RUN apk add gcc g++ build-base cmake git wget make nano sed linux-headers perl
 
 # Run all downloads first to be able to use Docker's layers as cache and prevent excessive redownloads
 
 WORKDIR /opt
 RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.81.0/source/boost_1_81_0.tar.bz2
 RUN wget https://github.com/redis/hiredis/archive/refs/tags/v1.2.0.tar.gz
+RUN wget https://www.openssl.org/source/openssl-3.0.11.tar.gz
 
 WORKDIR /opt
 
-#Build a new enough boost, apt only contains 1.74 which is too old.
+ENV LDFLAGS="-static-libgcc -static-libstdc++ -static"
+#Build openssl statically, alpine (and probably most distros) only provide shared libraries. Might be a security thing?
+RUN tar xf openssl-3.0.11.tar.gz
+WORKDIR /opt/openssl-3.0.11
+RUN ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared
+RUN make -j
+RUN make -j install
+
+WORKDIR /opt
+
+#Build boost statically
 RUN tar xf boost_1_81_0.tar.bz2
 
 WORKDIR /opt/boost_1_81_0
@@ -27,7 +38,6 @@ RUN tar xf v1.2.0.tar.gz
 RUN mkdir /opt/hiredis-1.2.0/build
 
 WORKDIR /opt/hiredis-1.2.0/build
-ENV LDFLAGS="-static-libgcc -static-libstdc++ -static"
 RUN cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DDISABLE_TESTS=1 -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_SSL=1 -DBUILD_SHARED_LIBS=0 ..
 RUN make -j && make install
 RUN mkdir -p /opt/ichor/build
@@ -36,4 +46,4 @@ WORKDIR /opt/ichor/build
 
 ENTRYPOINT ["/bin/sh", "-c"]
 
-CMD ["cd /opt/ichor/build && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DICHOR_USE_SANITIZERS=0 -DICHOR_USE_HIREDIS=1 -DICHOR_USE_BOOST_BEAST=1 -DICHOR_USE_SPDLOG=ON -DICHOR_MUSL=1 /opt/ichor/src && make -j"]
+CMD ["cd /opt/ichor/build && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DICHOR_USE_SANITIZERS=0 -DICHOR_USE_HIREDIS=1 -DICHOR_USE_BOOST_BEAST=1 -DICHOR_USE_SPDLOG=1 -DICHOR_MUSL=1 /opt/ichor/src && make -j"]
diff --git a/Dockerfile-musl-aarch64 b/Dockerfile-musl-aarch64
@@ -1,17 +1,28 @@
 FROM arm64v8/alpine:3.17
 
 RUN apk update
-RUN apk add gcc g++ build-base cmake openssl-dev git wget make nano sed linux-headers
+RUN apk add gcc g++ build-base cmake git wget make nano sed linux-headers perl
 
 # Run all downloads first to be able to use Docker's layers as cache and prevent excessive redownloads
 
 WORKDIR /opt
 RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.81.0/source/boost_1_81_0.tar.bz2
 RUN wget https://github.com/redis/hiredis/archive/refs/tags/v1.2.0.tar.gz
+RUN wget https://www.openssl.org/source/openssl-3.0.11.tar.gz
 
 WORKDIR /opt
 
-#Build a new enough boost, apt only contains 1.74 which is too old.
+ENV LDFLAGS="-static-libgcc -static-libstdc++ -static"
+#Build openssl statically, alpine (and probably most distros) only provide shared libraries. Might be a security thing?
+RUN tar xf openssl-3.0.11.tar.gz
+WORKDIR /opt/openssl-3.0.11
+RUN ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared
+RUN make -j
+RUN make -j install
+
+WORKDIR /opt
+
+#Build boost statically
 RUN tar xf boost_1_81_0.tar.bz2
 
 WORKDIR /opt/boost_1_81_0
@@ -27,7 +38,6 @@ RUN tar xf v1.2.0.tar.gz
 RUN mkdir /opt/hiredis-1.2.0/build
 
 WORKDIR /opt/hiredis-1.2.0/build
-ENV LDFLAGS="-static-libgcc -static-libstdc++ -static"
 RUN cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DDISABLE_TESTS=1 -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_SSL=1 -DBUILD_SHARED_LIBS=0 ..
 RUN make -j && make install
 RUN mkdir -p /opt/ichor/build
@@ -36,4 +46,4 @@ WORKDIR /opt/ichor/build
 
 ENTRYPOINT ["/bin/sh", "-c"]
 
-CMD ["cd /opt/ichor/build && cmake -DCMAKE_BUILD_TYPE=Debug -DICHOR_USE_SANITIZERS=0 -DICHOR_USE_HIREDIS=0 -DICHOR_USE_BOOST_BEAST=0 -DICHOR_USE_SPDLOG=ON -DICHOR_MUSL=1 -DICHOR_AARCH64=1 /opt/ichor/src && make -j"]
+CMD ["cd /opt/ichor/build && cmake -DCMAKE_BUILD_TYPE=Debug -DICHOR_USE_SANITIZERS=0 -DICHOR_USE_HIREDIS=1 -DICHOR_USE_BOOST_BEAST=1 -DICHOR_USE_SPDLOG=1 -DICHOR_MUSL=1 -DICHOR_AARCH64=1 /opt/ichor/src && make -j"]
diff --git a/Dockerfile-tsan b/Dockerfile-tsan
@@ -0,0 +1,46 @@
+FROM ubuntu:jammy
+
+RUN apt update
+RUN apt install -y g++-12 gcc-12 build-essential cmake libssl-dev pkg-config git wget ninja-build nano libzip-dev
+
+RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 60
+RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 60
+RUN update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-12 60
+
+ENV CFLAGS="-Og -fsanitize=thread"
+ENV CXXFLAGS="-Og -fsanitize=thread"
+ENV LDFLAGS="-fsanitize=thread -static-libtsan -static-libgcc -static-libstdc++"
+
+WORKDIR /opt
+
+#Build boost with support for asan
+RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.81.0/source/boost_1_81_0.tar.bz2
+RUN tar xf boost_1_81_0.tar.bz2
+
+WORKDIR /opt/boost_1_81_0
+
+RUN ./bootstrap.sh --prefix=/usr
+RUN ./b2 cxxflags="-fsanitize=thread -Og -std=c++17 -DBOOST_USE_TSAN -DBOOST_USE_UCONTEXT"  linkflags="-ltsan -static-libtsan -static-libgcc -static-libstdc++" variant=debug link=static threading=multi context-impl=ucontext
+RUN ./b2 cxxflags="-fsanitize=thread -Og -std=c++17 -DBOOST_USE_TSAN -DBOOST_USE_UCONTEXT"  linkflags="-ltsan -static-libtsan -static-libgcc -static-libstdc++" variant=debug link=static threading=multi context-impl=ucontext install
+
+WORKDIR /opt
+
+#Build latest hiredis containing sdevent support, not available yet in apt
+RUN wget https://github.com/redis/hiredis/archive/refs/tags/v1.2.0.tar.gz
+RUN tar xf v1.2.0.tar.gz
+RUN mkdir /opt/hiredis-1.2.0/build
+
+WORKDIR /opt/hiredis-1.2.0/build
+RUN cmake -GNinja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DDISABLE_TESTS=1 -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_SSL=1 ..
+RUN ninja && ninja install
+
+RUN mkdir -p /opt/ichor/build
+
+WORKDIR /opt/ichor/build
+
+RUN unset CFLAGS
+RUN unset CXXFLAGS
+
+ENTRYPOINT ["/bin/bash", "-c"]
+
+CMD ["cd /opt/ichor/build && cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DICHOR_USE_SANITIZERS=0 -DICHOR_USE_THREAD_SANITIZER=1 -DICHOR_USE_HIREDIS=1 -DICHOR_USE_BOOST_BEAST=1 -DICHOR_USE_SPDLOG=1 /opt/ichor/src && ninja"]
diff --git a/build.sh b/build.sh
@@ -8,6 +8,26 @@ cleanup ()
 
 trap cleanup SIGINT SIGTERM
 
+POSITIONAL_ARGS=()
+DOCKER=1
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --no-docker)
+      DOCKER=0
+      shift # past value
+      ;;
+    -*|--*)
+      echo "Unknown option $1"
+      exit 1
+      ;;
+    *)
+      POSITIONAL_ARGS+=("$1") # save positional arg
+      shift # past argument
+      ;;
+  esac
+done
+
 ccompilers=("clang-14" "clang-16" "gcc-11" "gcc-12")
 cppcompilers=("clang++-14" "clang++-16" "g++-11" "g++-12")
 
@@ -52,26 +72,29 @@ run_benchmarks ()
 }
 
 
-rm -rf ./* ../bin/*
-docker build -f ../Dockerfile -t ichor . || exit 1
-docker run -v $(pwd)/../:/opt/ichor/src -it ichor || exit 1
-run_examples
+if [[ $DOCKER -eq 1 ]]; then
+  rm -rf ./* ../bin/*
+  docker build -f ../Dockerfile -t ichor . || exit 1
+  docker run -v $(pwd)/../:/opt/ichor/src -it ichor || exit 1
+  run_examples
 
-rm -rf ./* ../bin/*
-docker build -f ../Dockerfile-musl -t ichor-musl . || exit 1
-docker run -v $(pwd)/../:/opt/ichor/src -it ichor-musl || exit 1
-run_examples
+  rm -rf ./* ../bin/*
+  docker build -f ../Dockerfile-musl -t ichor-musl . || exit 1
+  docker run -v $(pwd)/../:/opt/ichor/src -it ichor-musl || exit 1
+  run_examples
 
-rm -rf ./* ../bin/*
-docker build -f ../Dockerfile-asan -t ichor-asan . || exit 1
-docker run -v $(pwd)/../:/opt/ichor/src -it ichor-asan || exit 1
-run_examples
+  rm -rf ./* ../bin/*
+  docker build -f ../Dockerfile-asan -t ichor-asan . || exit 1
+  docker run -v $(pwd)/../:/opt/ichor/src -it ichor-asan || exit 1
+  run_examples
+
+  # tsan is purposefully not run automatically, because it usually contains false positives.
 
-rm -rf ./* ../bin/*
-docker run --rm --privileged multiarch/qemu-user-static --reset -p yes || exit 1
-docker build -f ../Dockerfile-musl-aarch64 -t ichor-musl-aarch64 . || exit 1
-docker run -v $(pwd)/../:/opt/ichor/src -it ichor-musl-aarch64 || exit 1
-cat >> ../bin/run_aarch64_examples_and_tests.sh << EOF
+  rm -rf ./* ../bin/*
+  docker run --rm --privileged multiarch/qemu-user-static --reset -p yes || exit 1
+  docker build -f ../Dockerfile-musl-aarch64 -t ichor-musl-aarch64 . || exit 1
+  docker run -v $(pwd)/../:/opt/ichor/src -it ichor-musl-aarch64 || exit 1
+  cat >> ../bin/run_aarch64_examples_and_tests.sh << EOF
 #!/bin/sh
 FILES=/opt/ichor/src/bin/*
 for f in \$FILES; do
@@ -81,8 +104,9 @@ for f in \$FILES; do
   fi
 done
 EOF
-chmod +x ../bin/run_aarch64_examples_and_tests.sh
-docker run -v $(pwd)/../:/opt/ichor/src --privileged -it ichor-musl-aarch64 "sh -c 'ulimit -r unlimited && /opt/ichor/src/bin/run_aarch64_examples_and_tests.sh'" || exit 1
+  chmod +x ../bin/run_aarch64_examples_and_tests.sh
+  docker run -v $(pwd)/../:/opt/ichor/src --privileged -it ichor-musl-aarch64 "sh -c 'ulimit -r unlimited && /opt/ichor/src/bin/run_aarch64_examples_and_tests.sh'" || exit 1
+fi
 
 for i in ${!ccompilers[@]}; do
   rm -rf ./* ../bin/*