Various summit updates (#165)
* CI centos:7 updates
* Have centos build with gcc-8
* Have fedora build with -std=20
diff --git a/docker/centos7/Dockerfile b/docker/centos7/Dockerfile
index caf96a5..c257baf 100644
--- a/docker/centos7/Dockerfile
+++ b/docker/centos7/Dockerfile
@@ -1,11 +1,5 @@
FROM centos:7
-# Since CentOS is no longer officially supported, update the mirror lists to
-# vault.centos.org.
-RUN \
- sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Linux-*; \
- sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-Linux-*
-
RUN yum -y install epel-release dnf-plugins-core; yum config-manager --set-enabled powertools; yum repolist; \
yum -y update; \
@@ -23,7 +17,7 @@
openssl11-libs openssl11 openssl11-devel; \
# autest stuff
yum -y install python3 httpd-tools procps-ng nmap-ncat python3-pip \
- python3-gunicorn python3-requests python3-devel python3-psutil telnet golang;
+ python3-gunicorn python3-requests python3-devel python3-psutil telnet;
# Setup openssl11
RUN mkdir /opt/openssl11 \
@@ -32,37 +26,51 @@
RUN pip3 install --upgrade pip
RUN pip3 install pipenv httpbin
-RUN if [ ! -z "$(grep -i centos /etc/redhat-release)" ]; then \
- yum install -y centos-release-scl; \
- yum -y install devtoolset-9 devtoolset-9-libasan-devel; \
- fi
+RUN \
+ yum install -y centos-release-scl; \
+ yum -y install devtoolset-8 devtoolset-11 devtoolset-9-libasan-devel
+
+# We put our custom packages in /opt.
+RUN echo 'PATH=/opt/bin:$PATH' | tee -a /etc/profile.d/opt_bin.sh
+ARG PATH=/opt/bin:$PATH
+
+# Install a recent cmake.
+RUN yum remove -y cmake
+RUN \
+ wget https://github.com/Kitware/CMake/releases/download/v3.26.3/cmake-3.26.3-linux-x86_64.sh; \
+ chmod +x cmake-3.26.3-linux-x86_64.sh; \
+ bash ./cmake-3.26.3-linux-x86_64.sh --skip-license --prefix=/opt
# Install openssl-quic
+RUN yum install -y rh-python38 cargo
RUN yum -y install libev-devel jemalloc-devel libxml2-devel \
c-ares-devel libevent-devel jansson-devel zlib-devel systemd-devel
-# Installing the quic libraries requires Python 3.8.
-RUN wget https://www.python.org/ftp/python/3.8.11/Python-3.8.11.tgz; \
- tar xzf Python-3.8.11.tgz; \
- cd Python-3.8.11; \
- ./configure --enable-optimizations; \
- make altinstall
+
+# go and rust will be installed by build_h3_tools.
+RUN yum remove -y golang rust
ARG h3_tools_dir=/root/build_h3_tools
RUN mkdir -p ${h3_tools_dir}
WORKDIR ${h3_tools_dir}
COPY /build_h3_tools.sh ${h3_tools_dir}/build_h3_tools.sh
# This will install OpenSSL QUIC and related tools in /opt.
-RUN bash ${h3_tools_dir}/build_h3_tools.sh
+RUN \
+ source /opt/rh/devtoolset-11/enable; \
+ source /opt/rh/rh-python38/enable; \
+ export PATH=/opt/bin:${PATH}; \
+ bash ${h3_tools_dir}/build_h3_tools.sh
+
WORKDIR /root
-# Make sure we pick up this built version of curl, which is in /opt/bin.
-RUN echo 'PATH=/opt/bin:$PATH' | tee -a /etc/profile.d/curl_http3.sh
+# Install some of our needed go applications.
+RUN echo 'export PATH=$PATH:/opt/go/bin' | tee -a /etc/profile.d/go.sh
+RUN echo 'export GOBIN=/opt/go/bin' | tee -a /etc/profile.d/go.sh
+RUN \
+ /opt/go/bin/go install github.com/summerwind/h2spec/cmd/h2spec@latest; \
+ cp /root/go/bin/h2spec /opt/go/bin/
-RUN echo 'export GOROOT=/usr/local/go' | tee -a /etc/profile
-RUN echo 'export PATH=$PATH:/usr/local/go/bin' | tee -a /etc/profile
-RUN source /etc/profile
-RUN go get github.com/summerwind/h2spec/cmd/h2spec
-RUN cp /root/go/bin/h2spec /usr/local/bin
-RUN yum clean all
+RUN \
+ /opt/go/bin/go install github.com/mccutchen/go-httpbin/v2/cmd/go-httpbin@v2.6.0; \
+ cp /root/go/bin/go-httpbin /opt/go/bin/
# Add the CI's test user. N.B: 1200 is the uid that our jenkins user is
# configured with, so that has to be used. Otherwise there will be permissions
@@ -84,7 +92,10 @@
ARG lcov_build_dir=/var/tmp/lcov_build_dir
RUN mkdir -p ${lcov_build_dir}
WORKDIR ${lcov_build_dir}
-RUN git clone https://github.com/linux-test-project/lcov.git; \
+RUN \
+ source /opt/rh/devtoolset-11/enable; \
+ source /opt/rh/rh-python38/enable; \
+ git clone https://github.com/linux-test-project/lcov.git; \
cd lcov; \
# v1.15 is required for g++ version 9 compiled files.
git checkout v1.15; \
diff --git a/docker/centos7/build_h3_tools.sh b/docker/centos7/build_h3_tools.sh
index 11b8297..b1b01d8 100644
--- a/docker/centos7/build_h3_tools.sh
+++ b/docker/centos7/build_h3_tools.sh
@@ -36,7 +36,7 @@
set -e
# Update this as the draft we support updates.
-OPENSSL_BRANCH=${OPENSSL_BRANCH:-"OpenSSL_1_1_1q+quic"}
+OPENSSL_BRANCH=${OPENSSL_BRANCH:-"OpenSSL_1_1_1t+quic"}
# Set these, if desired, to change these to your preferred installation
# directory
@@ -48,41 +48,121 @@
# These are for Linux like systems, specially the LDFLAGS, also depends on dirs above
CFLAGS=${CFLAGS:-"-O3 -g"}
CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
-LDFLAGS=${LDFLAGS:-"-Wl,-rpath=${OPENSSL_PREFIX}/lib"}
+LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_PREFIX}/lib"}
if [ -e /etc/redhat-release ]; then
MAKE="gmake"
+ TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64"
echo "+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your system: |"
echo "| |"
echo "| sudo yum -y install libev-devel jemalloc-devel python2-devel |"
echo "| sudo yum -y install libxml2-devel c-ares-devel libevent-devel |"
- echo "| sudo yum -y install jansson-devel zlib-devel systemd-devel |"
+ echo "| sudo yum -y install jansson-devel zlib-devel systemd-devel cargo |"
+ echo "| |"
+ echo "| Rust may be needed too, see https://rustup.rs for the details |"
echo "+-------------------------------------------------------------------------+"
echo
echo
elif [ -e /etc/debian_version ]; then
+ TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib"
echo "+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your system: |"
echo "| |"
echo "| sudo apt -y install libev-dev libjemalloc-dev python2-dev libxml2-dev |"
echo "| sudo apt -y install libpython2-dev libc-ares-dev libsystemd-dev |"
- echo "| sudo apt -y install libevent-dev libjansson-dev zlib1g-dev |"
+ echo "| sudo apt -y install libevent-dev libjansson-dev zlib1g-dev cargo |"
+ echo "| |"
+ echo "| Rust may be needed too, see https://rustup.rs for the details |"
echo "+-------------------------------------------------------------------------+"
echo
echo
fi
+if [ -z ${QUICHE_BSSL_PATH+x} ]; then
+ QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
+fi
+
set -x
+if [ `uname -s` = "Linux" ]
+then
+ num_threads=$(nproc)
+else
+ # MacOS.
+ num_threads=$(sysctl -n hw.logicalcpu)
+fi
+
+# boringssl
+echo "Building boringssl..."
+
+# We need this go version.
+mkdir -p ${BASE}/go
+
+if [ `uname -m` = "arm64" ]; then
+ ARCH="arm64"
+else
+ ARCH="amd64"
+fi
+
+if [ `uname -s` = "Darwin" ]; then
+ OS="darwin"
+else
+ OS="linux"
+fi
+
+wget https://go.dev/dl/go1.20.1.${OS}-${ARCH}.tar.gz
+rm -rf ${BASE}/go && tar -C ${BASE} -xf go1.20.1.${OS}-${ARCH}.tar.gz
+rm go1.20.1.${OS}-${ARCH}.tar.gz
+
+GO_BINARY_PATH=${BASE}/go/bin/go
+if [ ! -d boringssl ]; then
+ git clone https://boringssl.googlesource.com/boringssl
+ cd boringssl
+ git checkout 31bad2514d21f6207f3925ba56754611c462a873
+ cd ..
+fi
+cd boringssl
+mkdir -p build
+cd build
+cmake \
+ -DGO_EXECUTABLE=${GO_BINARY_PATH} \
+ -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DBUILD_SHARED_LIBS=1 ../
+
+${MAKE} -j ${num_threads}
+${MAKE} install
+cd ..
+
+# Build quiche
+# Steps borrowed from: https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
+echo "Building quiche"
+# Install the latest rust.
+mkdir -p src
+wget https://sh.rustup.rs -O src/rustup.sh
+bash src/rustup.sh -y
+source /root/.cargo/env
+QUICHE_BASE="${BASE:-/opt}/quiche"
+[ ! -d quiche ] && git clone --recursive https://github.com/cloudflare/quiche.git
+cd quiche
+git checkout 0b37da1cc564e40749ba650febd40586a4355be4
+QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog
+mkdir -p ${QUICHE_BASE}/lib/pkgconfig
+mkdir -p ${QUICHE_BASE}/include
+cp target/release/libquiche.a ${QUICHE_BASE}/lib/
+[ -f target/release/libquiche.so ] && cp target/release/libquiche.so ${QUICHE_BASE}/lib/
+cp quiche/include/quiche.h ${QUICHE_BASE}/include/
+cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
+cd ..
# OpenSSL needs special hackery ... Only grabbing the branch we need here... Bryan has shit for network.
echo "Building OpenSSL with QUIC support"
-[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} https://github.com/quictls/openssl.git openssl-quic
+[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1 https://github.com/quictls/openssl.git openssl-quic
cd openssl-quic
-git checkout f105ac0bfdae1ce009b8fd86bc6d9f65e5576352
+git checkout c3f5f36f5dadfa334119e940b7576a4abfa428c8
./config enable-tls1_3 --prefix=${OPENSSL_PREFIX}
-${MAKE} -j $(nproc)
-${MAKE} install_sw
+${MAKE} -j ${num_threads}
+${MAKE} -j install
# The symlink target provides a more convenient path for the user while also
# providing, in the symlink source, the precise branch of the OpenSSL build.
@@ -91,9 +171,13 @@
# Then nghttp3
echo "Building nghttp3..."
-[ ! -d nghttp3 ] && git clone https://github.com/ngtcp2/nghttp3.git
+if [ ! -d nghttp3 ]; then
+ git clone https://github.com/ngtcp2/nghttp3.git
+ cd nghttp3
+ git checkout -b v0.9.0 v0.9.0
+ cd ..
+fi
cd nghttp3
-git checkout 635a532c8ff98cdbd6c141f85583632919102912
autoreconf -if
./configure \
--prefix=${BASE} \
@@ -102,15 +186,19 @@
CXXFLAGS="${CXXFLAGS}" \
LDFLAGS="${LDFLAGS}" \
--enable-lib-only
-${MAKE} -j $(nproc)
+${MAKE} -j ${num_threads}
${MAKE} install
cd ..
# Now ngtcp2
echo "Building ngtcp2..."
-[ ! -d ngtcp2 ] && git clone https://github.com/ngtcp2/ngtcp2.git
+if [ ! -d ngtcp2 ]; then
+ git clone https://github.com/ngtcp2/ngtcp2.git
+ cd ngtcp2
+ git checkout -b v0.13.1 v0.13.1
+ cd ..
+fi
cd ngtcp2
-git checkout ee8efbe9aa7f209f483e2fe1e78183e62cd166cb
autoreconf -if
./configure \
--prefix=${BASE} \
@@ -119,46 +207,46 @@
CXXFLAGS="${CXXFLAGS}" \
LDFLAGS="${LDFLAGS}" \
--enable-lib-only
-${MAKE} -j $(nproc)
+${MAKE} -j ${num_threads}
${MAKE} install
cd ..
# Then nghttp2, with support for H3
echo "Building nghttp2 ..."
-[ ! -d nghttp2 ] && git clone https://github.com/tatsuhiro-t/nghttp2.git
+if [ ! -d nghttp2 ]; then
+ git clone https://github.com/tatsuhiro-t/nghttp2.git
+ cd nghttp2
+ git checkout -b v1.52.0 v1.52.0
+ cd ..
+fi
cd nghttp2
-
-# This commit will be removed whenever the nghttp2 author rebases origin/quic.
-# For reference, this commit is currently described as:
-#
-# commit 1340b296dde152fb0771f1eb4e4c221047d37ab7 (HEAD -> master, origin/master, origin/HEAD)
-# Merge: f919cf1a fc5a020b
-# Author: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com>
-# Date: Mon Aug 29 21:22:56 2022 +0900
-#
-# Merge pull request #1787 from heitbaum/patch-1
-#
-# Fix typographic error
-git checkout 1340b296dde152fb0771f1eb4e4c221047d37ab7
-
autoreconf -if
+if [ `uname -s` = "Darwin" ]
+then
+ # --enable-app requires systemd which is not available on Mac.
+ ENABLE_APP=""
+else
+ ENABLE_APP="--enable-app"
+fi
./configure \
--prefix=${BASE} \
PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_PREFIX}/lib/pkgconfig \
CFLAGS="${CFLAGS}" \
CXXFLAGS="${CXXFLAGS}" \
LDFLAGS="${LDFLAGS}" \
- --enable-lib-only
-${MAKE} -j $(nproc)
+ --enable-http3 \
+ ${ENABLE_APP}
+${MAKE} -j ${num_threads}
${MAKE} install
cd ..
-# And finally curl
+# Then curl
echo "Building curl ..."
-[ ! -d curl ] && git clone https://github.com/curl/curl.git
+[ ! -d curl ] && git clone --branch curl-7_88_1 https://github.com/curl/curl.git
cd curl
-git checkout 2fc031d834d488854ffc58bf7dbcef7fa7c1fc28
-autoreconf -i
+# On mac autoreconf fails on the first attempt with an issue finding ltmain.sh.
+# The second runs fine.
+autoreconf -fi || autoreconf -fi
./configure \
--prefix=${BASE} \
--with-ssl=${OPENSSL_PREFIX} \
@@ -168,5 +256,6 @@
CFLAGS="${CFLAGS}" \
CXXFLAGS="${CXXFLAGS}" \
LDFLAGS="${LDFLAGS}"
-${MAKE} -j $(nproc)
+${MAKE} -j ${num_threads}
${MAKE} install
+cd ..
diff --git a/jenkins/github/centos.pipeline b/jenkins/github/centos.pipeline
index 49d3da1..86f359c 100644
--- a/jenkins/github/centos.pipeline
+++ b/jenkins/github/centos.pipeline
@@ -1,7 +1,7 @@
pipeline {
agent {
docker {
- image 'ci.trafficserver.apache.org/ats/centos:8'
+ image 'ci.trafficserver.apache.org/ats/centos:7'
registryUrl 'https://ci.trafficserver.apache.org/'
label 'docker'
args '-v ${HOME}/ccache:/tmp/ccache:rw'
@@ -47,7 +47,7 @@
sh '''#!/bin/bash
set -x
set -e
- source /opt/rh/gcc-toolset-9/enable
+ source /opt/rh/devtoolset-8/enable
autoreconf -fiv
./configure --with-openssl=/opt/openssl-quic --enable-experimental-plugins --enable-example-plugins --prefix=/tmp/ats/ --enable-werror --enable-debug --enable-ccache
make -j4 V=1 Q=
diff --git a/jenkins/github/fedora.pipeline b/jenkins/github/fedora.pipeline
index 4082606..7fb5ce3 100644
--- a/jenkins/github/fedora.pipeline
+++ b/jenkins/github/fedora.pipeline
@@ -48,6 +48,10 @@
set -x
set -e
+ # We don't use c++20 features yet, but we want to make
+ # sure we can build with the flag set.
+ export CXXSTD=20
+
autoreconf -fiv
# Remove the --with-openssl argument when we support OpenSSL 3.x.
./configure --with-openssl=/opt/openssl-quic --enable-experimental-plugins --enable-example-plugins --prefix=/tmp/ats/ --enable-werror --enable-debug --enable-wccp --enable-ccache
