Merge pull request #47 from curityio/feat/master/build-module

added build.sh file that creates dynamic modules for 10 platforms.
curityio · Sep 23, 2020 · 6af64fb · 6af64fb
2 parents a91c7c3 + f450277
commit 6af64fb
Show file tree

Hide file tree

Showing 5 changed files with 273 additions and 35 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,6 @@
 # Prerequisites
 *.d
-
+.DS_Store
 # Object files
 *.o
 *.ko

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,185 @@
+######
+FROM ubuntu:18.04 as ubuntu18-builder
+
+RUN apt-get update && \
+    apt-get install -y build-essential libxslt1-dev
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN ./configure && make
+
+######
+FROM ubuntu:20.04 as ubuntu20-builder
+
+RUN apt-get update && \
+    apt-get install -y build-essential wget
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar xzvf pcre-8.44.tar.gz
+RUN wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz
+RUN CONFIG_OPTS="--with-pcre=../pcre-8.44 --with-zlib=../zlib-1.2.11" ./configure && make
+
+######
+FROM centos:6 as centos6-builder
+
+RUN yum install -y \
+    gcc pcre-devel zlib-devel
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN ./configure && make
+
+######
+FROM centos:7 as centos7-builder
+
+RUN yum install -y \
+     gcc pcre-devel zlib-devel make
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN ./configure && make
+
+######
+FROM centos:8 as centos8-builder
+
+RUN yum install -y \
+     gcc pcre-devel zlib-devel make
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN ./configure && make
+
+######
+FROM debian:stretch as debian9-builder
+
+RUN apt update && apt install -y \
+    wget build-essential git tree software-properties-common dirmngr apt-transport-https ufw
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar xzvf pcre-8.44.tar.gz
+RUN wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz
+RUN CONFIG_OPTS="--with-pcre=../pcre-8.44 --with-zlib=../zlib-1.2.11" ./configure && make
+
+######
+FROM debian:buster as debian10-builder
+
+RUN apt update && apt install -y \
+    wget build-essential git tree software-properties-common dirmngr apt-transport-https ufw
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar xzvf pcre-8.44.tar.gz
+RUN wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz
+RUN CONFIG_OPTS="--with-pcre=../pcre-8.44 --with-zlib=../zlib-1.2.11" ./configure && make
+
+######
+FROM amazonlinux:1 as amzn-builder
+
+RUN yum install -y \
+ gcc pcre-devel zlib-devel make
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN ./configure && make
+
+######
+FROM amazonlinux:2 as amzn2-builder
+
+RUN yum install -y \
+ gcc pcre-devel zlib-devel make
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN ./configure && make
+
+######
+FROM alpine as alpine-builder
+
+RUN apk add --no-cache --virtual .build-deps \
+    gcc libc-dev make openssl-dev pcre-dev zlib-dev linux-headers libxslt-dev \
+    gd-dev geoip-dev perl-dev libedit-dev mercurial bash alpine-sdk findutils bash
+
+COPY configure /tmp
+COPY config /tmp
+COPY Makefile /tmp
+COPY phantom_token.c /tmp
+ARG NGINX_VERSION
+ADD nginx-$NGINX_VERSION.tar.gz /tmp/
+
+WORKDIR /tmp
+RUN ./configure && make
+
+######
+FROM alpine
+
+ARG NGINX_VERSION
+COPY --from=ubuntu18-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/ubuntu.18.04.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=ubuntu20-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/ubuntu.20.04.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=centos6-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/centos.6.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=centos7-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/centos.7.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=centos8-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/centos.8.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=debian9-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/debian.stretch.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=debian10-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/debian.buster.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=amzn-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/amzn.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=amzn2-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/amzn2.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+COPY --from=alpine-builder /tmp/nginx-$NGINX_VERSION/objs/ngx_curity_http_phantom_token_module.so /build/alpine.ngx_curity_http_phantom_token_module_$NGINX_VERSION.so
+
+ENTRYPOINT ["sleep"]
+
+CMD ["300"]
diff --git a/README.md b/README.md
@@ -241,7 +241,7 @@ To build this module, simply do the following:
 make && make install
 ```
 
-This will download the NGINX source code if it is not already local. If it is, the location may be provided when prompted. By default, version 1.15.2 will be downloaded; a different version can be fetched by setting `NGINX_VERSION` before running the `configure` script. Any [additional parameters](http://nginx.org/en/docs/configure.html) (e.g., `--prefix`) that NGINX's `configure` script supports can also be provided. When this module's `configure` script is run, it will pass along `--with-compat` to NGINX's script. It asks if a dynamic module should be created (thus passing along `--add-dynamic-module`) or if the module should be compiled into the NGINX binary (thus passing `--add-module`); by default, it created a dynamically-linked module. It will also ask if debug flags should be enabled; if so, `--with-debug` and certain GCC flags will be passed on to NGINX's `configure` script to make debugging easier. After the script is run, just execute `make && make install`. These too will delegate to NGINX's `Makefile`. After this, the module will be usable and can be configured as described above.
+This will download the NGINX source code if it is not already local. If it is, the location may be provided when prompted. By default, version 1.19.0 will be downloaded; a different version can be fetched by setting `NGINX_VERSION` before running the `configure` script. Any [additional parameters](http://nginx.org/en/docs/configure.html) (e.g., `--prefix`) that NGINX's `configure` script supports can also be provided. When this module's `configure` script is run, it will pass along `--with-compat` to NGINX's script. It asks if a dynamic module should be created (thus passing along `--add-dynamic-module`) or if the module should be compiled into the NGINX binary (thus passing `--add-module`); by default, it created a dynamically-linked module. It will also ask if debug flags should be enabled; if so, `--with-debug` and certain GCC flags will be passed on to NGINX's `configure` script to make debugging easier. After the script is run, just execute `make && make install`. These too will delegate to NGINX's `Makefile`. After this, the module will be usable and can be configured as described above.
 
 > *WARNING* If `--without-pcre`, `--without-http_gzip_module` and potentially other flags are provided to the `configure` script and a module is created, it will _not_ be compatible with NGINX Plus or the pre-compiled open source NGINX binaries; if you include such flags (when building the module), you will only be able to load it into a custom build of NGINX that also excludes the same functionality. If the `configure` script exits with an error about a missing dependency, like [PCRE](https://www.pcre.org/) and [zlib](http://zlib.net/), install those instead of excluding them if compatibility with pre-build NGINX binaries is desired.</p>
 
@@ -264,6 +264,16 @@ sudo -u nginx \
 
 If all certification tests and the phantom-token specific tests (see below) pass, the build can be certified. Also, it should be released on GitHub.
 
+## Building dynamic modules
+
+You can build the module (for all supported platforms) using the `build.sh` script.
+
+This script reuquires docker and builds locally all 10 platforms that are listed below in Releases. You can build for any NGINX release by running it like so:
+
+`NGINX_VERSION=X.X.X ./build.sh`
+
+After running, all 10 `.so` files will be in the `./build` directory.
+
 ## Compatibility
 
 This module is compatible with Curity version >= 2.2. It has been tested with NGINX 1.13.7 (NGINX Plus Release 14) and NGINX 1.13.10 (NGINX Plus Release 15). It is likely to work with other, newish versions of NGINX, but only these have been tested, pre-built and verified.
@@ -272,18 +282,18 @@ This module is compatible with Curity version >= 2.2. It has been tested with NG
 
 Pre-built binaries of this module are provided for the following versions of NGINX on the corresponding operating system distributions:
 
-|                                   | NGINX 1.13.7 / NGINX Plus R14 | NGINX 1.13.10 / NGINX Plus R15    | NGINX 1.15.2 / NGINX Plus R16 |
+|                                   | NGINX 1.17.6 / NGINX Plus R20 | NGINX 1.17.9 / NGINX Plus R21    | NGINX 1.19.0 / NGINX Plus R22 |
 | ----------------------------------|:-----------------------------:|:---------------------------------:|:---------------------------------:|
-| Amazon Linux                      | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/amzn.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/amzn.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/amzn.ngx_curity_http_phantom_token_module_11.15.2so) | 
-| Amazon Linux 2                    | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/amzn2.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/amzn2.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/amzn2.ngx_curity_http_phantom_token_module_1.15.2.so) |
-| CentOS 6.5+                       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/centos.6.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/centos.6.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/centos.6.ngx_curity_http_phantom_token_module_1.15.2.so) |
-| CentOS 7.0+                       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/centos.7.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/centos.7.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/centos.7.ngx_curity_http_phantom_token_module_1.15.2.so) |
-| Debian 8.0 (Jessie)               | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/debian.jessie.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/debian.jessie.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/debian.jessie.ngx_curity_http_phantom_token_module_1.15.2.so) |
-| Debian 9.0 (Stretch)              | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/debian.stretch.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/debian.stretch.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/debian.stretch.ngx_curity_http_phantom_token_module_1.15.2.so) |
-| Ubuntu 14.04 LTS (Trusty Tahr)    | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.14.04.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.14.04.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.14.04.ngx_curity_http_phantom_token_module_1.15.2.so) |
-| Ubuntu 16.04 LTS (Xenial Xerus)   | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.16.04.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.16.04.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.16.04.ngx_curity_http_phantom_token_module_1.15.2.so) |
-| Ubuntu 17.04 (Zesty Zapus)        | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.17.04.ngx_curity_http_phantom_token_module_1.13.7.so) | | |
-| Ubuntu 17.10 (Artful Aardvark)    | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.17.10.ngx_curity_http_phantom_token_module_1.13.7.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.17.10.ngx_curity_http_phantom_token_module_1.13.10.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.0.3/ubuntu.17.10.ngx_curity_http_phantom_token_module_1.15.2.so) |
+| Amazon Linux                      | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/amzn.ngx_curity_http_phantom_token_module_1.17.6.so)           | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/amzn.ngx_curity_http_phantom_token_module_1.17.9.so)           | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/amzn.ngx_curity_http_phantom_token_module_1.19.0.so) | 
+| Amazon Linux 2                    | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/amzn2.ngx_curity_http_phantom_token_module_1.17.6.so)          | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/amzn2.ngx_curity_http_phantom_token_module_1.17.9.so)          | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/amzn2.ngx_curity_http_phantom_token_module_1.19.0.so) |
+| CentOS 6.5+                       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.6.ngx_curity_http_phantom_token_module_1.17.6.so)       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.6.ngx_curity_http_phantom_token_module_1.17.9.so)       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.6.ngx_curity_http_phantom_token_module_1.19.0.so) |
+| CentOS 7.0+                       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.7.ngx_curity_http_phantom_token_module_1.17.6.so)       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.7.ngx_curity_http_phantom_token_module_1.17.9.so)       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.7.ngx_curity_http_phantom_token_module_1.19.0.so) |
+| CentOS 8.0+                       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.8.ngx_curity_http_phantom_token_module_1.17.6.so)       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.8.ngx_curity_http_phantom_token_module_1.17.9.so)       | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/centos.8.ngx_curity_http_phantom_token_module_1.19.0.so) |
+| Debian 9.0 (Stretch)              | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/debian.stretch.ngx_curity_http_phantom_token_module_1.17.6.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/debian.stretch.ngx_curity_http_phantom_token_module_1.17.9.so) | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/debian.stretch.ngx_curity_http_phantom_token_module_1.19.0.so) |
+| Debian 10.0 (Buster)              | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/debian.buster.ngx_curity_http_phantom_token_module_1.17.6.so)  | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/debian.buster.ngx_curity_http_phantom_token_module_1.17.9.so)  | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/debian.buster.ngx_curity_http_phantom_token_module_1.19.0.so) |
+| Alpine                            | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/alpine.ngx_curity_http_phantom_token_module_1.17.6.so)         | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/alpine.ngx_curity_http_phantom_token_module_1.17.9.so)         | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/alpine.ngx_curity_http_phantom_token_module_1.19.0.so) |
+| Ubuntu 18.04 LTS (Bionic Beaver)  | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/ubuntu.18.04.ngx_curity_http_phantom_token_module_1.17.6.so)   | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/ubuntu.18.04.ngx_curity_http_phantom_token_module_1.17.9.so)   | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/ubuntu.18.04.ngx_curity_http_phantom_token_module_1.19.0.so) |
+| Ubuntu 20.04 LTS (Focal Fossa)    | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/ubuntu.20.04.ngx_curity_http_phantom_token_module_1.17.6.so)   | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/ubuntu.20.04.ngx_curity_http_phantom_token_module_1.17.9.so)   | [⇓](https://github.com/curityio/nginx_phantom_token_module/releases/download/1.1.0/ubuntu.20.04.ngx_curity_http_phantom_token_module_1.19.0.so) |
 
 ## Testing