diff --git a/.ci/Jenkinsfile b/.ci/Jenkinsfile new file mode 100644 index 0000000..e283bab --- /dev/null +++ b/.ci/Jenkinsfile @@ -0,0 +1,42 @@ +properties( + [ + disableConcurrentBuilds() + ] +) + +node('linux && docker') { + try { + stage('Checkout') { + //branch name from Jenkins environment variables + echo "My branch is: ${env.BRANCH_NAME}" + + // this doesn't grab tags pointing to this branch + //checkout scm + // this hack does... https://issues.jenkins.io/browse/JENKINS-45164 + checkout([ + $class: 'GitSCM', + branches: [[name: 'refs/heads/'+env.BRANCH_NAME]], + extensions: [[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: '']], + userRemoteConfigs: scm.userRemoteConfigs, + ]) + sh ''' + set -euxo pipefail + git checkout "$BRANCH_NAME" -- + git reset --hard "origin/$BRANCH_NAME" + ''' + } + + stage('Build + Deploy') { + sh 'curl --compressed -sL https://code.moparisthebest.com/moparisthebest/self-ci/raw/branch/master/build-ci.sh | bash' + } + + currentBuild.result = 'SUCCESS' + } catch (Exception err) { + currentBuild.result = 'FAILURE' + } finally { + stage('Email') { + step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'admin.jenkins@moparisthebest.com', sendToIndividuals: true]) + } + deleteDir() + } +} diff --git a/.ci/build.sh b/.ci/build.sh new file mode 100755 index 0000000..d6d4376 --- /dev/null +++ b/.ci/build.sh @@ -0,0 +1,64 @@ +#!/bin/bash +set -exo pipefail + +echo "starting build for TARGET $TARGET" + +export CRATE_NAME=wireguard-proxy +export OPENSSL_STATIC=1 +export CARGO_FEATURES=async + +DISABLE_TESTS=${DISABLE_TESTS:-0} + +SUFFIX="" + +# wine blows up in testing with async build +echo "$TARGET" | grep -E '^x86_64-pc-windows-gnu$' >/dev/null && DISABLE_TESTS=1 && SUFFIX=".exe" + +# these only support openssl_vendored, not async +if echo "$TARGET" | grep -E '^(s390x|powerpc|mips)' >/dev/null +then + CARGO_FEATURES=openssl_vendored +fi + +# these don't support any TLS at all +if echo "$TARGET" | grep -E '(^riscv64gc|solaris$)' >/dev/null +then + CARGO_FEATURES=verbose +fi + +cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES +cross rustc --bin udp-test --target $TARGET --release --no-default-features --features $CARGO_FEATURES + +# to check how they are built +file "target/$TARGET/release/wireguard-proxy$SUFFIX" "target/$TARGET/release/udp-test$SUFFIX" + +if [ $DISABLE_TESTS -ne 1 ] +then + + # first make sure udp-test succeeds running against itself + cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test + + # now run udp-test through proxy/proxyd + cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is + + if [ $CARGO_FEATURES != "verbose" ]; then + # run TLS tests then too + cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem + + # now pubkey tests + + # one that should fail (wrong pinnedpubkey lowercase e at end instead of uppercase E) + cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4de= && exit 1 || true + + # and one that should pass + cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4dE= + fi +fi + +# if this commit has a tag, upload artifact to release +strip "target/$TARGET/release/wireguard-proxy$SUFFIX" || true # if strip fails, it's fine +mkdir -p release +mv "target/$TARGET/release/wireguard-proxy$SUFFIX" "release/wireguard-proxy-$TARGET$SUFFIX" + +echo 'build success!' +exit 0 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index b8c6cd0..0000000 --- a/.travis.yml +++ /dev/null @@ -1,143 +0,0 @@ -# Based on the "trust" template v0.1.2 -# https://github.com/japaric/trust/tree/v0.1.2 - -dist: trusty -language: rust -services: docker -sudo: required - -# TODO Rust builds on stable by default, this can be -# overridden on a case by case basis down below. - -env: - global: - # TODO Update this to match the name of your project. - - CRATE_NAME=wireguard-proxy - - OPENSSL_STATIC=1 - - CARGO_FEATURES=async - -matrix: - # TODO These are all the build jobs. Adjust as necessary. Comment out what you - # don't need - include: - # Android - - env: TARGET=aarch64-linux-android - - env: TARGET=arm-linux-androideabi - - env: TARGET=armv7-linux-androideabi - - env: TARGET=i686-linux-android - - env: TARGET=x86_64-linux-android - - # iOS - - env: TARGET=aarch64-apple-ios DISABLE_TESTS=1 - os: osx - - env: TARGET=x86_64-apple-ios DISABLE_TESTS=1 - os: osx - - # Linux - - env: TARGET=aarch64-unknown-linux-gnu - - env: TARGET=aarch64-unknown-linux-musl - - env: TARGET=arm-unknown-linux-gnueabi - - env: TARGET=arm-unknown-linux-gnueabihf - - env: TARGET=arm-unknown-linux-musleabi - - env: TARGET=arm-unknown-linux-musleabihf - - env: TARGET=armv5te-unknown-linux-gnueabi - - env: TARGET=armv5te-unknown-linux-musleabi - - env: TARGET=armv7-unknown-linux-gnueabihf - - env: TARGET=armv7-unknown-linux-musleabihf - - env: TARGET=i586-unknown-linux-gnu - - env: TARGET=i586-unknown-linux-musl - - env: TARGET=i686-unknown-linux-gnu - - env: TARGET=i686-unknown-linux-musl - - env: TARGET=mips-unknown-linux-gnu CARGO_FEATURES=openssl_vendored - - env: TARGET=mips-unknown-linux-musl CARGO_FEATURES=openssl_vendored - - env: TARGET=mips64-unknown-linux-gnuabi64 CARGO_FEATURES=openssl_vendored - - env: TARGET=mips64el-unknown-linux-gnuabi64 CARGO_FEATURES=openssl_vendored - - env: TARGET=mipsel-unknown-linux-gnu CARGO_FEATURES=openssl_vendored - - env: TARGET=mipsel-unknown-linux-musl CARGO_FEATURES=openssl_vendored - - env: TARGET=powerpc-unknown-linux-gnu CARGO_FEATURES=openssl_vendored - - env: TARGET=powerpc64le-unknown-linux-gnu CARGO_FEATURES=openssl_vendored - # neither openssl nor rustls support poor riscv64gc... - - env: TARGET=riscv64gc-unknown-linux-gnu CARGO_FEATURES=verbose - - env: TARGET=s390x-unknown-linux-gnu DISABLE_TESTS=1 CARGO_FEATURES=openssl_vendored - - env: TARGET=x86_64-unknown-linux-gnu - - env: TARGET=x86_64-unknown-linux-musl - - # Solaris, neither openssl nor rustls support poor solaris... - - env: TARGET=sparcv9-sun-solaris DISABLE_TESTS=1 CARGO_FEATURES=verbose - - env: TARGET=x86_64-sun-solaris DISABLE_TESTS=1 CARGO_FEATURES=verbose - - # OSX - - env: TARGET=x86_64-apple-darwin - os: osx - - # *BSD - - env: TARGET=x86_64-unknown-netbsd DISABLE_TESTS=1 - - # Windows - # wine blows up in testing with async build - - env: TARGET=x86_64-pc-windows-gnu DISABLE_TESTS=1 - - # Bare metal - # These targets don't support std and as such are likely not suitable for - # most crates. - # - env: TARGET=thumbv6m-none-eabi - # - env: TARGET=thumbv7em-none-eabi - # - env: TARGET=thumbv7em-none-eabihf - # - env: TARGET=thumbv7m-none-eabi - - # Testing other channels - - env: TARGET=x86_64-unknown-linux-gnu - rust: nightly - - env: TARGET=x86_64-apple-darwin - os: osx - rust: nightly - -before_install: - - set -e - - rustup self update - -install: - - sh ci/install.sh - - source ~/.cargo/env || true - -script: - - bash ci/script.sh - -after_script: set +e - -before_deploy: - - sh ci/before_deploy.sh - -deploy: - # TODO update `api_key.secure` - # - Create a `public_repo` GitHub token. Go to: https://github.com/settings/tokens/new - # - Encrypt it: `travis encrypt 0123456789012345678901234567890123456789 - # - Paste the output down here - api_key: - secure: $GITHUB_OAUTH - file_glob: true - file: $CRATE_NAME-$TRAVIS_TAG-$TARGET* - on: - # TODO Here you can pick which targets will generate binary releases - # In this example, there are some targets that are tested using the stable - # and nightly channels. This condition makes sure there is only one release - # for such targets and that's generated using the stable channel - condition: $TRAVIS_RUST_VERSION = stable - tags: true - provider: releases - skip_cleanup: true - -cache: cargo -before_cache: - # Travis can't cache files that are not readable by "others" - - chmod -R a+r $HOME/.cargo - -branches: - only: - # release tags - - /^v\d+\.\d+\.\d+.*$/ - - master - - travis - - ci - - openssl - diff --git a/README.md b/README.md index e19ddea..84b8029 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # wireguard-proxy -[![Travis-CI Build Status](https://api.travis-ci.org/moparisthebest/wireguard-proxy.svg?branch=master)](https://travis-ci.org/moparisthebest/wireguard-proxy) +[![Build Status](https://ci.moparisthe.best/job/moparisthebest/job/wireguard-proxy/job/master/badge/icon%3Fstyle=plastic)](https://ci.moparisthe.best/job/moparisthebest/job/wireguard-proxy/job/master/) [![Build status](https://ci.appveyor.com/api/projects/status/vl8c9xdhvgn997d2/branch/master?svg=true)](https://ci.appveyor.com/project/moparisthebest/wireguard-proxy) [![crates.io](https://img.shields.io/crates/v/wireguard-proxy.svg)](https://crates.io/crates/wireguard-proxy) @@ -70,7 +70,7 @@ usage: wireguard-proxy [options...] Binaries: -- [releases](https://github.com/moparisthebest/wireguard-proxy/releases) has static builds for most platforms performed by travis-ci and appveyor courtesy of [trust](https://github.com/japaric/trust) +- [releases](https://github.com/moparisthebest/wireguard-proxy/releases) has static builds for most platforms performed by [self-ci](https://github.com/moparisthebest/self-ci) and appveyor courtesy of [trust](https://github.com/japaric/trust) - Arch Linux AUR [wireguard-proxy](https://aur.archlinux.org/packages/wireguard-proxy/) and [wireguard-proxy-git](https://aur.archlinux.org/packages/wireguard-proxy-git/) Building: diff --git a/benchmark.sh b/benchmark.sh new file mode 100755 index 0000000..3229b80 --- /dev/null +++ b/benchmark.sh @@ -0,0 +1,85 @@ +#!/bin/sh +#set -x + +# cert created with: +# cd ci && echo -e '\n\n\n\n\n\n\n' | openssl req -new -x509 -days 3650 -nodes -out cert.pem -keyout cert.key + +export PATH="$(pwd)/target/release:$PATH" + +run_tests() { +client_arg="$1" +shift + +# now run proxyd pointing to nc +wireguard-proxy -th 127.0.0.1:5555 -ut 127.0.0.1:51822 "$@" & +proxyd_pid=$! +# wait for ports to be set up, this is fragile... +sleep 5 +# proxy pointing to proxyd +wireguard-proxy -tt 127.0.0.1:5555 "$client_arg" & +proxy_pid=$! +# wait for ports to be set up, this is fragile... +sleep 1 + +# nc running through wireguard-proxy's above +nc -lup 51822 >/dev/null & +nc_listen_pid=$! + +wireguard-proxy -V + +dd if=/dev/zero bs=128M count=10 | nc -u 127.0.0.1 51820 & +nc_connect_pid=$! + +sleep 5 + +kill $nc_listen_pid $nc_connect_pid $proxyd_pid $proxy_pid + +} + + +# first no-network baseline +dd if=/dev/zero bs=128M count=10 | cat >/dev/null + +# now openbsd netcat for network baseline +nc -lup 51822 >/dev/null & +nc_listen_pid=$! + +dd if=/dev/zero bs=128M count=10 | nc -u 127.0.0.1 51822 & +nc_connect_pid=$! + +sleep 5 + +kill $nc_listen_pid $nc_connect_pid + +# first run without TLS +#cargo clean +cargo build --release --no-default-features 2>/dev/null || exit 1 +run_tests || exit 1 + +# third run with async+rustls +#cargo clean +cargo build --release --no-default-features --features async 2>/dev/null || exit 1 +# first plaintext tests +run_tests || exit 1 +# then TLS tests +run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1 + +exit 0 + +# first run with non-vendored tls +#cargo clean +cargo build --release --no-default-features --features tls 2>/dev/null || exit 1 +# first plaintext tests +run_tests || exit 1 +# then TLS tests +run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1 + +# second run with vendored tls +#cargo clean +cargo build --release --no-default-features --features openssl_vendored 2>/dev/null || exit 1 +# first plaintext tests +run_tests || exit 1 +# then TLS tests +run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1 + +exit 0 diff --git a/ci/before_deploy.ps1 b/ci/before_deploy.ps1 deleted file mode 100644 index ca80bb2..0000000 --- a/ci/before_deploy.ps1 +++ /dev/null @@ -1,21 +0,0 @@ -# This script takes care of packaging the build artifacts that will go in the -# release zipfile - -$SRC_DIR = $PWD.Path -$STAGE = [System.Guid]::NewGuid().ToString() - -Set-Location $ENV:Temp -New-Item -Type Directory -Name $STAGE -Set-Location $STAGE - -$ZIP = "$SRC_DIR\$($Env:CRATE_NAME)-$($Env:APPVEYOR_REPO_TAG_NAME)-$($Env:TARGET).exe" - -# TODO Update this to package the right artifacts -Copy-Item "$SRC_DIR\target\$($Env:TARGET)\release\wireguard-proxy.exe" "$ZIP" - -Push-AppveyorArtifact "$ZIP" - -Remove-Item *.* -Force -Set-Location .. -Remove-Item $STAGE -Set-Location $SRC_DIR diff --git a/ci/before_deploy.sh b/ci/before_deploy.sh deleted file mode 100644 index da69c8d..0000000 --- a/ci/before_deploy.sh +++ /dev/null @@ -1,29 +0,0 @@ -# This script takes care of building your crate and packaging it for release - -set -ex - -main() { - local src=$(pwd) - - test -f Cargo.lock || cargo generate-lockfile - - # TODO Update this to build the artifacts that matter to you - cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES - - # to check how they are built - file target/$TARGET/release/wireguard-proxy* || echo 'file failed' - - # TODO Update this to package the right artifacts, this needs to handle .exe too... - case $TARGET in - x86_64-pc-windows-gnu) - strip target/$TARGET/release/wireguard-proxy.exe || echo 'strip failed, ignoring...' - cp target/$TARGET/release/wireguard-proxy.exe $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET.exe - ;; - *) - strip target/$TARGET/release/wireguard-proxy || echo 'strip failed, ignoring...' - cp target/$TARGET/release/wireguard-proxy $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET - ;; - esac -} - -main diff --git a/ci/install.sh b/ci/install.sh deleted file mode 100644 index 80e18e4..0000000 --- a/ci/install.sh +++ /dev/null @@ -1,47 +0,0 @@ -set -ex - -main() { - local target= - if [ $TRAVIS_OS_NAME = linux ]; then - target=x86_64-unknown-linux-musl - sort=sort - else - target=x86_64-apple-darwin - sort=gsort # for `sort --sort-version`, from brew's coreutils. - fi - - # Builds for iOS are done on OSX, but require the specific target to be - # installed. - case $TARGET in - aarch64-apple-ios) - rustup target install aarch64-apple-ios - ;; - armv7-apple-ios) - rustup target install armv7-apple-ios - ;; - armv7s-apple-ios) - rustup target install armv7s-apple-ios - ;; - i386-apple-ios) - rustup target install i386-apple-ios - ;; - x86_64-apple-ios) - rustup target install x86_64-apple-ios - ;; - esac - - # This fetches latest stable release - local tag=$(git ls-remote --tags --refs --exit-code https://github.com/japaric/cross \ - | cut -d/ -f3 \ - | grep -E '^v[0.1.0-9.]+$' \ - | $sort --version-sort \ - | tail -n1) - curl -LSfs https://japaric.github.io/trust/install.sh | \ - sh -s -- \ - --force \ - --git japaric/cross \ - --tag $tag \ - --target $target -} - -main diff --git a/ci/script.sh b/ci/script.sh deleted file mode 100644 index 6be12d6..0000000 --- a/ci/script.sh +++ /dev/null @@ -1,40 +0,0 @@ -# This script takes care of testing your crate - -set -ex - -# TODO This is the "test phase", tweak it as you see fit -main() { - cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES - cross rustc --bin udp-test --target $TARGET --release --no-default-features --features $CARGO_FEATURES - - # to check how they are built - file target/$TARGET/release/wireguard-proxy* target/$TARGET/release/udp-test* || echo 'file failed' - - if [ ! -z $DISABLE_TESTS ]; then - return - fi - - # first make sure udp-test succeeds running against itself - cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test - - # now run udp-test through proxy/proxyd - cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is - - if [ $CARGO_FEATURES != "verbose" ]; then - # run TLS tests then too - cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem - - # now pubkey tests - - # one that should fail (wrong pinnedpubkey lowercase e at end instead of uppercase E) - cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4de= && exit 1 || true - - # and one that should pass - cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4dE= - fi -} - -# we don't run the "test phase" when doing deploys -if [ -z $TRAVIS_TAG ]; then - main -fi