Merge branch 'trunk' into jt/c-refactors

atsign-foundation · Aug 8, 2024 · e183875 · e183875
2 parents 60d35a1 + 4a476b3
commit e183875
Show file tree

Hide file tree

Showing 19 changed files with 504 additions and 81 deletions.
diff --git a/.github/workflows/c_release.yml b/.github/workflows/c_release.yml
@@ -6,7 +6,7 @@ on:
       - "c*.*.*"
   workflow_dispatch:
     inputs:
-      main_build_only:
+      native_build_only:
         description: "Run non-dockerx builds only"
         required: true
         default: false
@@ -16,7 +16,7 @@ permissions: # added using https://github.com/step-security/secure-repo
   contents: read
 
 jobs:
-  main_build:
+  native_build:
     runs-on: ${{ matrix.os }}
     defaults:
       run:
@@ -25,14 +25,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            output-name: sshnp-linux-x64
-            ext: ""
-            bundle: "shell"
-            compiler: "gcc"
-            flags:
-              "-Wno-error -Wno-calloc-transposed-args -Wno-float-conversion
-              -pthread -lrt"
           - os: macos-13
             output-name: sshnp-macos-x64
             ext: ""
@@ -45,10 +37,10 @@ jobs:
             bundle: "shell"
             compiler: "clang"
             flags: "-Wno-error -pthread"
-    #          - os: windows-latest
-    #            output-name: sshnp-windows-x64
-    #            ext: '.exe'
-    #            bundle: 'windows'
+#          - os: windows-latest
+#            output-name: sshnp-windows-x64
+#            ext: '.exe'
+#            bundle: 'windows'
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       # compile binaries
@@ -58,59 +50,99 @@ jobs:
           mkdir tarball
           mv build/sshnpd .
       # zip the build
-      - if: ${{ matrix.os == 'macos-13' || matrix.os == 'macos-14'}}
-        run:
-          ditto -c -k --keepParent sshnpd tarball/${{ matrix.output-name }}.zip
+      - if: ${{ matrix.os == 'macOS-13' || matrix.os == 'macos-14'}}
+        run: ditto -c -k --keepParent sshnpd tarball/${{ matrix.output-name }}.zip
       - if: ${{ matrix.os == 'ubuntu-latest' }}
         run: tar -cvzf tarball/${{ matrix.output-name }}.tgz sshnpd
       - if: ${{ matrix.os == 'windows-latest' }}
-        run:
-          Compress-Archive -Path sshnpd -Destination tarball/${{
-          matrix.output-name }}.zip
+        run: Compress-Archive -Path sshnpd -Destination tarball/${{ matrix.output-name }}.zip
       # upload the build
       - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name:
-            ${{ matrix.output-name }}_${{ matrix.compiler
-            }}-${{github.ref_name}}-${{github.run_number}}-${{github.run_attempt}}
+            ${{ matrix.output-name }}_${{ matrix.compiler }}-${{  github.ref_name  
+            }}-${{github.run_number}}-${{github.run_attempt}}
           path: ./packages/c/sshnpd/tarball
           if-no-files-found: error
 
-  other_build:
+  docker_build:
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./packages/c
     strategy:
       matrix:
-        platform: [linux/arm/v7, linux/arm64]
-        #        platform: [linux/arm/v7, linux/arm64, linux/riscv64]
         include:
-          - platform: linux/arm/v7
-            output-name: sshnpd-linux-arm
+          - platform: linux/amd64
+            output-name: sshnpd-linux-x64
           - platform: linux/arm64
             output-name: sshnpd-linux-arm64
-    #          - platform: linux/riscv64
-    #            output-name: sshnpd-linux-riscv64
+## 20240806: Clang and CMake that we use aren't packaged for
+## armv7 or riscv64 (also no Debian 10 for RISC-V)
+#          - platform: linux/arm/v7
+#            output-name: sshnpd-linux-arm
+#          - platform: linux/riscv64
+#            output-name: sshnpd-linux-riscv64
     steps:
-      - if: ${{ ! inputs.main_build_only }}
+      - if: ${{ ! inputs.native_build_only }}
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - if: ${{ ! inputs.main_build_only }}
+      - if: ${{ ! inputs.native_build_only }}
         uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
-      - if: ${{ ! inputs.main_build_only }}
+      - if: ${{ ! inputs.native_build_only }}
         uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
-      - if: ${{ ! inputs.main_build_only }}
+      - if: ${{ ! inputs.native_build_only }}
+        run: |
+          docker buildx build -t atsigncompany/sshnpdc -f sshnpd/tools/Dockerfile.package \
+          --platform ${{ matrix.platform }} -o type=tar,dest=bins.tar .
+          mkdir tarballs
+          tar -xvf bins.tar -C tarballs
+      - if: ${{ ! inputs.native_build_only }}
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        with:
+          name:
+            ${{ matrix.output-name  }}-${{  github.ref_name  }}-${{  github.run_number  
+            }}-${{  github.run_attempt  }}
+          path: ./packages/c/tarballs/${{ matrix.output-name }}.tgz
+
+  musl_build:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./packages/c
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: linux/amd64
+            output-name: sshnpd-linux-x64-musl
+          - platform: linux/arm/v7
+            output-name: sshnpd-linux-arm-musl
+## 20240806: arm64 failing due to Mbed TLS error:
+## /sshnpd/sshnpd/build/_deps/mbedtls-src/library/aesce.c:87:10:
+## fatal error: 'asm/hwcap.h' file not found
+#          - platform: linux/arm64
+#            output-name: sshnpd-linux-arm64-musl
+          - platform: linux/riscv64
+            output-name: sshnpd-linux-riscv64-musl
+    steps:
+      - if: ${{ ! inputs.native_build_only }}
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - if: ${{ ! inputs.native_build_only }}
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
+      - if: ${{ ! inputs.native_build_only }}
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+      - if: ${{ ! inputs.native_build_only }}
         run: |
-          docker buildx build -t cpswan/sshnpdc -f sshnpd/tools/Dockerfile.package \
+          docker buildx build -t atsigncompany/sshnpdcmusl -f sshnpd/tools/Dockerfile.musl \
           --platform ${{ matrix.platform }} -o type=tar,dest=bins.tar .
           mkdir tarballs
           tar -xvf bins.tar -C tarballs
       - if: ${{ ! inputs.main_build_only }}
         uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name:
-            ${{ matrix.output-name
-            }}-${{github.ref_name}}-${{github.run_number}}-${{github.run_attempt}}
+            ${{ matrix.output-name  }}-${{  github.ref_name  }}-${{  github.run_number  
+            }}-${{  github.run_attempt  }}
           path: ./packages/c/tarballs/${{ matrix.output-name }}.tgz
 
   source_tarball:
@@ -132,7 +164,7 @@ jobs:
   github-release:
     name: >-
       Upload artifacts and generate checksums for provenance
-    needs: [main_build, other_build, source_tarball]
+    needs: [native_build, docker_build, musl_build, source_tarball]
     runs-on: ubuntu-latest
     outputs:
       hashes: ${{ steps.hash.outputs.hashes }}
@@ -145,11 +177,12 @@ jobs:
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           path: tarballs/
-      #    - name: Generate SBOMs
-      #      run: |
-      #        syft scan file:./packages/dart/sshnoports/pubspec.lock \
-      #          -o 'spdx-json=tarballs/dart_sshnoports_sbom.spdx.json' \
-      #          -o 'cyclonedx-json=tarballs/dart_sshnoports_sbom.cyclonedx.json'
+## 20240806: Need a different approach to SBOMs for C daemon
+#    - name: Generate SBOMs
+#      run: |
+#        syft scan file:./packages/dart/sshnoports/pubspec.lock \
+#          -o 'spdx-json=tarballs/dart_sshnoports_sbom.spdx.json' \
+#          -o 'cyclonedx-json=tarballs/dart_sshnoports_sbom.cyclonedx.json'
       - name: Move packages for signing
         run: |
           cd tarballs
@@ -167,9 +200,6 @@ jobs:
       - name: Upload artifacts to GitHub Release
         env:
           GITHUB_TOKEN: ${{ github.token }}
-        # Upload to GitHub Release using the `gh` CLI.
-        # `dist/` contains the built packages, and the
-        # sigstore-produced signatures and certificates.
         run: >-
           gh release upload '${{ github.ref_name }}' tarballs/** --repo '${{
           github.repository }}'

diff --git a/.github/workflows/dockerhub_sshnpd.yml b/.github/workflows/dockerhub_sshnpd.yml
@@ -45,7 +45,7 @@ jobs:
       - name: Get version
         run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
       - name: Build and push
-        uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
+        uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 # v6.6.1
         with:
           context: .
           file: ${{ matrix.dockerfile }}

diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
@@ -2,9 +2,9 @@
 
 * [Home](README.md)
 * [Installation](installation/README.md)
-  * [Unix Installation Guide](installation/unix/README.md)
-    * [Activating your atSigns](installation/unix/activating-your-atsigns.md)
-    * [Installation Details](installation/unix/installation-details.md)
+  * [Linux & MacOS Installation Guide](installation/linux/README.md)
+    * [Activating your atSigns](installation/linux/activating-your-atsigns.md)
+    * [Installation Details](installation/linux/installation-details.md)
   * [Windows Installation Guide](installation/windows.md)
   * [Manual Installation Guides](installation/advanced-installation-guides/README.md)
     * [Device installation](installation/advanced-installation-guides/device-installation-sshnpd/README.md)

diff --git a/docs/installation/README.md b/docs/installation/README.md
@@ -1,13 +1,13 @@
 ---
-icon: sign-posts-wrench
+icon: desktop-arrow-down
 ---
 
 # Installation
 
 ## Main Installation Guides
 
-{% content-ref url="unix/" %}
-[unix](unix/)
+{% content-ref url="linux/" %}
+[linux](linux/)
 {% endcontent-ref %}
 
 {% content-ref url="windows.md" %}
@@ -20,6 +20,6 @@ icon: sign-posts-wrench
 [advanced-installation-guides](advanced-installation-guides/)
 {% endcontent-ref %}
 
-{% content-ref url="custom-os-device-installs/" %}
-[custom-os-device-installs](custom-os-device-installs/)
+{% content-ref url="custom-os-device-installs/ipfire.md" %}
+[ipfire.md](custom-os-device-installs/ipfire.md)
 {% endcontent-ref %}
diff --git a/docs/installation/unix/README.md → docs/installation/linux/README.md b/docs/installation/unix/README.md → docs/installation/linux/README.md
diff --git a/...tallation/unix/activating-your-atsigns.md → ...allation/linux/activating-your-atsigns.md b/...tallation/unix/activating-your-atsigns.md → ...allation/linux/activating-your-atsigns.md
diff --git a/...installation/unix/installation-details.md → ...nstallation/linux/installation-details.md b/...installation/unix/installation-details.md → ...nstallation/linux/installation-details.md
diff --git a/docs/installation/windows.md b/docs/installation/windows.md
@@ -1,6 +1,6 @@
 ---
-description: SSH No Ports Windows
 icon: windows
+description: SSH No Ports Windows
 ---
 
 # Windows Installation Guide
@@ -71,6 +71,6 @@ Activated this atSign before ? As before if this atSign is already activated els
 
 ### RDP? Check this out.
 
-{% content-ref url="broken-reference" %}
-[Broken link](broken-reference)
+{% content-ref url="../use-cases/rdp.md" %}
+[rdp.md](../use-cases/rdp.md)
 {% endcontent-ref %}
diff --git a/docs/use-cases/be-your-own-vpn.md b/docs/use-cases/be-your-own-vpn.md
@@ -1,11 +1,11 @@
 ---
-description: Using sshuttle and SSH built in SOCKS proxy.
 icon: house-signal
+description: Using sshuttle and SSH built in SOCKS proxy.
 ---
 
 # Be your own VPN
 
-To follow this guide, you will need to set up an SSH No Ports device (`sshnpd)`on your home network. For this, you could use a Raspberry Pi, an old PC running Linux, a virtual machine, or even a docker container—the choice is yours. You can get your No Ports free trial account [here](https://noports.com) and follow the [installation guide](../installation/unix/) to get started.
+To follow this guide, you will need to set up an SSH No Ports device (`sshnpd)`on your home network. For this, you could use a Raspberry Pi, an old PC running Linux, a virtual machine, or even a docker container—the choice is yours. You can get your No Ports free trial account [here](https://noports.com) and follow the [installation guide](../installation/linux/) to get started.
 
 SSH is a hugely versatile tool for command line access, but what if you want a full IP tunnel, like a VPN?
 

diff --git a/packages/c/sshnpd/tools/Dockerfile.musl b/packages/c/sshnpd/tools/Dockerfile.musl
@@ -0,0 +1,24 @@
+# Dockerfile.package
+# A dockerfile for packaging SSH No Ports releases using docker buildx
+
+FROM alpine@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 AS build
+WORKDIR /sshnpd
+COPY . .
+RUN set -eux; \
+  apk add clang cmake coreutils git make; \
+  case "$(uname -m)" in \
+    aarch64) ARCH="arm64";; \
+    armv7l)  ARCH="arm";;\
+    riscv64) ARCH="riscv64";;\
+    x86_64)  ARCH="x64";;\
+  esac; \
+  cd /sshnpd/sshnpd; \
+  cmake -B build -S . -DBUILD_SHARED_LIBS=off -DCMAKE_C_COMPILER=clang \
+    -DCMAKE_C_FLAGS="-Wno-error -pthread" -DCMAKE_EXE_LINKER_FLAGS="-static"; \
+  cmake --build build; \
+  mkdir /tarball; \
+  cd build; \
+  tar -cvzf /tarball/sshnpd-linux-${ARCH}-musl.tgz sshnpd
+
+FROM scratch
+COPY --from=build /tarball/* /
diff --git a/packages/c/sshnpd/tools/Dockerfile.package b/packages/c/sshnpd/tools/Dockerfile.package
@@ -1,21 +1,16 @@
 # Dockerfile.package
 # A dockerfile for packaging SSH No Ports releases using docker buildx
 
-FROM debian:stable-20240722-slim@sha256:57bd74e95092e6d4c0cdb6e36ca3db5bb828c2f592788734d1a707a4b92e7755 AS build
+FROM atsigncompany/cbuildimage:CMake-3.30.2@sha256:fe5604fec2c2b62097717ed71eed4a91657c0cab8c99c425d3f7f957330f5bd8 AS build
 WORKDIR /sshnpd
 COPY . .
 RUN set -eux; \
   case "$(dpkg --print-architecture)" in \
-    amd64)   ARCH="x64";; \
-    armhf)   ARCH="arm";; \
+    amd64)   ARCH="x64";;\
     arm64)   ARCH="arm64";; \
-    riscv64) ARCH="riscv64";; \
   esac; \
-  apt-get update; \
-  apt-get install -y --no-install-recommends \
-    ca-certificates clang cmake git make; \
-  cd sshnpd; \
-  cmake -B build -S . -DBUILD_SHARED_LIBS=off -DCMAKE_C_COMPILER=clang; \
+  cd /sshnpd/sshnpd; \
+  cmake -B build -S . -DBUILD_SHARED_LIBS=off -DCMAKE_C_COMPILER=clang-18 -DCMAKE_C_FLAGS="-Wno-error -pthread"; \
   cmake --build build; \
   mkdir /tarball; \
   cd build; \

diff --git a/packages/dart/noports_core/lib/src/sshnp/util/srvd_channel/srvd_channel.dart b/packages/dart/noports_core/lib/src/sshnp/util/srvd_channel/srvd_channel.dart
@@ -6,9 +6,9 @@ import 'package:meta/meta.dart';
 import 'package:noports_core/src/common/mixins/async_initialization.dart';
 import 'package:noports_core/src/common/mixins/at_client_bindings.dart';
 import 'package:noports_core/src/sshnp/util/srvd_channel/notification_request_message.dart';
-import 'package:noports_core/sshnp.dart';
 import 'package:noports_core/srv.dart';
 import 'package:noports_core/srvd.dart';
+import 'package:noports_core/sshnp.dart';
 import 'package:noports_core/utils.dart';
 
 @visibleForTesting
@@ -129,6 +129,7 @@ abstract class SrvdChannel<T> with AsyncInitialization, AtClientBindings {
   }
 
   @protected
+  @visibleForTesting
   Future<void> getHostAndPortFromSrvd() async {
     srvdAck = SrvdAck.notAcknowledged;
     subscribe(regex: '$sessionId.${Srvd.namespace}@', shouldDecrypt: true)