diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fe1eebe..b80bd0f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -7,7 +7,7 @@ jobs: strategy: fail-fast: false matrix: - ARCH: [x86_64, i386] + ARCH: [x86_64, i686, aarch64, armhf] name: AppImage ${{ matrix.ARCH }} runs-on: ubuntu-latest @@ -18,6 +18,8 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive + - name: Set up QEMU integration for Docker + run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - name: Build AppImage in Docker run: bash -ex ci/build-in-docker.sh - name: Archive artifacts diff --git a/ci/Dockerfile b/ci/Dockerfile new file mode 100644 index 0000000..a9b9541 --- /dev/null +++ b/ci/Dockerfile @@ -0,0 +1,49 @@ +# current Debian oldstable as of Dec 2023 +# we use Debian because they still provide i386 builds +# (also, they ship Qt 5.15.2, so we no longer have to rely on third-party builds) +# and it provides a C++17 compatible compiler out of the box! +FROM debian:bullseye + +ARG ARCH +ARG DOCKER_ARCH +ARG CMAKE_ARCH +ENV ARCH=${ARCH} DOCKER_ARCH=${DOCKER_ARCH} CMAKE_ARCH=${CMAKE_ARCH} + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && \ + apt-get install -y qtbase5-dev qttools5-dev-tools qtwayland5-dev-tools qtwayland5-private-dev \ + libgl1 libdrm-dev mesa-common-dev \ + build-essential libssl-dev autoconf automake libtool \ + wget vim-common desktop-file-utils pkgconf libgpgme-dev \ + libglib2.0-dev libcairo2-dev librsvg2-dev libfuse-dev git libcurl4-openssl-dev argagg-dev libgcrypt20-dev libboost-dev \ + liblzma-dev libzstd-dev zlib1g-dev libarchive-dev + +RUN wget -qO- https://artifacts.assassinate-you.net/prebuilt-cmake/cmake-v3.28.0-debian-bullseye-"${CMAKE_ARCH}".tar.gz | \ + tar xzv -C/usr --strip-components=1 + +COPY ./install-gtest.sh / +RUN bash /install-gtest.sh + +COPY pkgconfig/*.pc / +RUN mv /*.pc /usr/lib/*-linux-gnu*/pkgconfig/ + +ENV APPIMAGE_EXTRACT_AND_RUN=1 + +ENV DOCKER=1 + +#RUN git clone https://github.com/nlohmann/json.git -b v3.11.2 --depth=1 && \ +# cd json && \ +# mkdir build && \ +# cd build && \ +# cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local && \ +# make -j "$(nproc --ignore=1)" install && \ +# cd ../.. && \ +# rm -rf json/ + +RUN apt-get update && apt-get install -y nlohmann-json3-dev + +# work around bug in FindCURL.cmake, which does not parse the pkg-config provided protocols and features into lists causing +# the comparison in the loop to yield false negative results +# this makes it use curl-config which works much better +RUN rm /usr/lib/*-linux-gnu*/pkgconfig/libcurl.pc diff --git a/ci/Dockerfile.i386 b/ci/Dockerfile.i386 deleted file mode 100644 index e55f84e..0000000 --- a/ci/Dockerfile.i386 +++ /dev/null @@ -1,52 +0,0 @@ -ARG DIST -FROM i386/ubuntu:${DIST} - -ENV ARCH=i386 - -# must repeat this after FROM, otherwise it won't be set -ARG DIST - -RUN apt-get update && \ - apt-get install -y --no-install-recommends software-properties-common && \ - add-apt-repository -y ppa:beineri/opt-qt-5.15.2-"${DIST}" && \ - apt-get update && \ - apt-get install -y qt515base qt515wayland libgl1 libdrm-dev mesa-common-dev \ - build-essential libssl-dev autoconf automake libtool \ - wget vim-common desktop-file-utils pkgconf libgpgme-dev \ - libglib2.0-dev libcairo2-dev librsvg2-dev libfuse-dev git libcurl4-openssl-dev argagg-dev libgcrypt20-dev libboost-dev && \ - wget -qO- https://artifacts.assassinate-you.net/prebuilt-cmake/cmake-v3.24.0-ubuntu_"$DIST"-"$ARCH".tar.gz | tar xzv -C/usr --strip-components=1 - -COPY ./install-gtest.sh / -RUN bash /install-gtest.sh - -COPY pkgconfig/*.pc /usr/lib/i386-linux-gnu/pkgconfig/ -RUN sed -i 's|x86_64|i386|g' /usr/lib/i386-linux-gnu/pkgconfig/*.pc - -COPY entrypoint.sh / -ENTRYPOINT ["/entrypoint.sh"] - -ENV APPIMAGE_EXTRACT_AND_RUN=1 - -ENV DOCKER=1 - -# this lets us build with proper C++17 support (mostly required so we can use std::filesystem) -# however, this requires linuxdeploy-plugin-checkrt -RUN add-apt-repository ppa:ubuntu-toolchain-r/test && \ - apt-get install -y g++-10 -ENV CXX=g++-10 - -RUN git clone https://github.com/nlohmann/json.git -b v3.11.2 --depth=1 && \ - cd json && \ - mkdir build && \ - cd build && \ - cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local && \ - make -j "$(nproc --ignore=1)" install && \ - cd ../.. && \ - rm -rf json/ - -# gpgme was built with this flag, so we need to enable it for i386 builds -ENV CXXFLAGS=-D_FILE_OFFSET_BITS=64 CFLAGS=-D_FILE_OFFSET_BITS=64 - -# work around bug in FindCURL.cmake, which does not parse the pkg-config provided protocols and features into lists causing -# the comparison in the loop to yield false negative results -RUN rm /usr/lib/i386-linux-gnu/pkgconfig/libcurl.pc diff --git a/ci/Dockerfile.x86_64 b/ci/Dockerfile.x86_64 deleted file mode 100644 index 0d84915..0000000 --- a/ci/Dockerfile.x86_64 +++ /dev/null @@ -1,48 +0,0 @@ -ARG DIST -FROM ubuntu:${DIST} - -ENV ARCH=x86_64 - -# must repeat this after FROM, otherwise it won't be set -ARG DIST - -RUN apt-get update && \ - apt-get install -y --no-install-recommends software-properties-common && \ - add-apt-repository -y ppa:beineri/opt-qt-5.15.2-"${DIST}" && \ - apt-get update && \ - apt-get install -y qt515base qt515wayland libgl1 libdrm-dev mesa-common-dev \ - build-essential libssl-dev autoconf automake libtool \ - wget vim-common desktop-file-utils pkgconf libgpgme-dev \ - libglib2.0-dev libcairo2-dev librsvg2-dev libfuse-dev git libcurl4-openssl-dev argagg-dev libgcrypt20-dev libboost-dev && \ - wget -qO- https://artifacts.assassinate-you.net/prebuilt-cmake/cmake-v3.24.0-ubuntu_"$DIST"-"$ARCH".tar.gz | tar xzv -C/usr --strip-components=1 - -COPY ./install-gtest.sh / -RUN bash /install-gtest.sh - -COPY pkgconfig/*.pc /usr/lib/x86_64-linux-gnu/pkgconfig/ - -COPY entrypoint.sh / -ENTRYPOINT ["/entrypoint.sh"] - -ENV APPIMAGE_EXTRACT_AND_RUN=1 - -ENV DOCKER=1 - -# this lets us build with proper C++17 support (mostly required so we can use std::filesystem) -# however, this requires linuxdeploy-plugin-checkrt -RUN add-apt-repository ppa:ubuntu-toolchain-r/test && \ - apt-get install -y g++-10 -ENV CXX=g++-10 - -RUN git clone https://github.com/nlohmann/json.git -b v3.11.2 --depth=1 && \ - cd json && \ - mkdir build && \ - cd build && \ - cmake .. -DCMAKE_INSTALL_PREFIX=/usr/local && \ - make -j "$(nproc --ignore=1)" install && \ - cd ../.. && \ - rm -rf json/ - -# work around bug in FindCURL.cmake, which does not parse the pkg-config provided protocols and features into lists causing -# the comparison in the loop to yield false negative results -RUN rm /usr/lib/x86_64-linux-gnu/pkgconfig/libcurl.pc diff --git a/ci/build-appimages.sh b/ci/build-appimages.sh index 103b91d..977ed6f 100755 --- a/ci/build-appimages.sh +++ b/ci/build-appimages.sh @@ -76,15 +76,10 @@ rm -rf {appimageupdatetool,AppImageUpdate}.AppDir/usr/include # get linuxdeploy and its qt plugin -checkrt_arch="$ARCH" -if [[ "$checkrt_arch" == "i386" ]]; then - checkrt_arch=i686 -fi - -wget https://github.com/TheAssassin/linuxdeploy/releases/download/continuous/linuxdeploy-"$ARCH".AppImage -wget https://github.com/TheAssassin/linuxdeploy-plugin-qt/releases/download/continuous/linuxdeploy-plugin-qt-"$ARCH".AppImage -wget https://github.com/linuxdeploy/linuxdeploy-plugin-checkrt/releases/download/continuous/linuxdeploy-plugin-checkrt-"$checkrt_arch".sh -chmod +x linuxdeploy*.AppImage linuxdeploy-plugin-checkrt*.sh +wget https://github.com/TheAssassin/linuxdeploy/releases/download/continuous/linuxdeploy-"$CMAKE_ARCH".AppImage +wget https://github.com/TheAssassin/linuxdeploy-plugin-qt/releases/download/continuous/linuxdeploy-plugin-qt-"$CMAKE_ARCH".AppImage +wget https://github.com/darealshinji/linuxdeploy-plugin-checkrt/releases/download/continuous/linuxdeploy-plugin-checkrt.sh +chmod +x linuxdeploy*.AppImage linuxdeploy-plugin-checkrt.sh patch_appimage() { while [[ "$1" != "" ]]; do @@ -110,7 +105,7 @@ for app in appimageupdatetool AppImageUpdate validate; do export OUTPUT="$app"-"$ARCH".AppImage # bundle application - ./linuxdeploy-"$ARCH".AppImage --appdir "$app".AppDir --output appimage "${extra_flags[@]}" -d "$REPO_ROOT"/resources/"$app".desktop -i "$REPO_ROOT"/resources/appimage.png --plugin checkrt + ./linuxdeploy-"$CMAKE_ARCH".AppImage --appdir "$app".AppDir --output appimage "${extra_flags[@]}" -d "$REPO_ROOT"/resources/"$app".desktop -i "$REPO_ROOT"/resources/appimage.png --plugin checkrt done # move AppImages to old cwd diff --git a/ci/build-in-docker.sh b/ci/build-in-docker.sh index 9cc6981..5ce8d9f 100755 --- a/ci/build-in-docker.sh +++ b/ci/build-in-docker.sh @@ -1,35 +1,67 @@ #! /bin/bash -if [[ "$DIST" == "" ]] || [[ "$ARCH" == "" ]]; then - echo "Usage: env ARCH=... DIST=... bash $0" +if [[ "$ARCH" == "" ]]; then + echo "Usage: env ARCH=... bash $0" exit 1 fi -set -e -set -x +set -euxo pipefail + +case "$ARCH" in + x86_64) + docker_platform=linux/amd64 + ;; + i686) + CMAKE_ARCH=i386 + docker_platform=linux/386 + ;; + armhf) + docker_platform=linux/arm/v7 + ;; + aarch64) + docker_platform=linux/arm64/v8 + ;; + *) + echo "Unsupported architecture: $ARCH" + exit 2 +esac + +CMAKE_ARCH="${CMAKE_ARCH:-"$ARCH"}" cwd="$PWD" repo_root="$(readlink -f "$(dirname "$0")"/..)" # needed to keep user ID in and outside Docker in sync to be able to write to workspace directory -image=appimageupdate-build:"$DIST"-"$ARCH" -dockerfile=Dockerfile."$ARCH" - -if [ ! -f "$repo_root"/ci/"$dockerfile" ]; then - echo "Error: $dockerfile could not be found" - exit 1 -fi +image=appimageupdate-build # building local image to "cache" installed dependencies for subsequent builds -docker build -t "$image" -f "$repo_root"/ci/"$dockerfile" --build-arg DIST="$DIST" "$repo_root"/ci +docker build \ + --platform "$docker_platform" \ + -t "$image" \ + --build-arg ARCH="$ARCH" \ + --build-arg CMAKE_ARCH="$CMAKE_ARCH" \ + "$repo_root"/ci # run the build with the current user to # a) make sure root is not required for builds # b) allow the build scripts to "mv" the binaries into the /out directory uid="$(id -u)" + +tty_args=() +if [ -t 0 ]; then tty_args+=("-t"); fi + # mount workspace read-only, trying to make sure the build doesn't ever touch the source code files # of course, this only works reliably if you don't run this script from that directory # but it's still not the worst idea to do so -docker run --platform "$ARCH" \ - --user "$uid" --rm -i -e ARCH -e GITHUB_RUN_NUMBER -e CI=1 -v "$repo_root":/ws:ro -v "$cwd":/out "$image" \ - bash -xec 'cd /out && bash -xe /ws/ci/build-appimages.sh' +docker run \ + --rm \ + -i \ + "${tty_args[@]}" \ + -e CI=1 \ + -e GITHUB_RUN_NUMBER \ + -v "$repo_root":/ws:ro \ + -v "$cwd":/out \ + -w /out \ + --user "$uid" \ + "$image" \ + bash /ws/ci/build-appimages.sh diff --git a/ci/entrypoint.sh b/ci/entrypoint.sh deleted file mode 100755 index f546923..0000000 --- a/ci/entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/bash - -set -x - -# script always exits with non-zero codes for some reason... -source /opt/qt*/bin/qt*-env.sh - -exec "$@" diff --git a/src/signing/CMakeLists.txt b/src/signing/CMakeLists.txt index bea45dd..8c52954 100644 --- a/src/signing/CMakeLists.txt +++ b/src/signing/CMakeLists.txt @@ -4,10 +4,18 @@ pkg_check_modules(gpgme gpgme>=1.10.0 REQUIRED IMPORTED_TARGET) add_library(signing STATIC signaturevalidator.cpp) target_link_libraries(signing - PUBLIC PkgConfig::gpgme + PRIVATE PkgConfig::gpgme PRIVATE util ) # include the complete source to force the use of project-relative include paths target_include_directories(signing PUBLIC $/src ) + +# GPGME requires this on 32-bit systems +# https://www.gnupg.org/documentation/manuals/gpgme/Largefile-Support-_0028LFS_0029.html +# probably an oversight by the distribution, it doesn't list these flags in gpgme.pc +message(WARNING "Building on 32-bit system, enabling largefile support") +target_compile_definitions(signing + PRIVATE -D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE +) diff --git a/src/signing/signaturevalidator.h b/src/signing/signaturevalidator.h index 52ec679..1ae8691 100644 --- a/src/signing/signaturevalidator.h +++ b/src/signing/signaturevalidator.h @@ -5,7 +5,7 @@ #include // library headers -#include +#include // local headers #include "util/updatableappimage.h"