diff --git a/.github/workflows/nightly_build.yml b/.github/workflows/nightly_build.yml index 56d1db59bf..aba778097d 100644 --- a/.github/workflows/nightly_build.yml +++ b/.github/workflows/nightly_build.yml @@ -87,6 +87,9 @@ jobs: runs-on: ${{ matrix.builder }} steps: + - name: Checkout code + uses: actions/checkout@v6 + - name: Download artefacts uses: actions/download-artifact@v5 with: @@ -98,6 +101,11 @@ jobs: build/nimbus --help build/nimbus_verified_proxy --help + - name: Test libverifproxy + # Windows runner uses MinGW (libstdc++) but the library is built with llvm-mingw (libc++) + if: matrix.os != 'windows' + run: make libverifproxy_test + nightly-build-release: name: Nightly build release needs: build diff --git a/.github/workflows/nimbus_verified_proxy.yml b/.github/workflows/nimbus_verified_proxy.yml index 9ea306b373..25c402fce5 100644 --- a/.github/workflows/nimbus_verified_proxy.yml +++ b/.github/workflows/nimbus_verified_proxy.yml @@ -107,6 +107,6 @@ jobs: gcc --version DEFAULT_MAKE_FLAGS="-j${ncpu}" make ${DEFAULT_MAKE_FLAGS} nimbus_verified_proxy - build/nimbus_verified_proxy --help - # "-static" option will not work for osx unless static system libraries are provided - make ${DEFAULT_MAKE_FLAGS} nimbus_verified_proxy_test libverifproxy_test + make ${DEFAULT_MAKE_FLAGS} libverifproxy + make ${DEFAULT_MAKE_FLAGS} nimbus_verified_proxy_test + make ${DEFAULT_MAKE_FLAGS} libverifproxy_test diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8ce3cb6064..6bb101f607 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -74,18 +74,22 @@ jobs: NEC_TAR="nimbus-${OS}-${CPU}-${TAG}-$(git rev-parse --short=8 HEAD).tar.gz" NVP_TAR="nimbus_verified_proxy-${OS}-${CPU}-${TAG}-$(git rev-parse --short=8 HEAD).tar.gz" + LVP_TAR="libverifproxy-${OS}-${CPU}-${TAG}-$(git rev-parse --short=8 HEAD).tar.gz" # Pack only the relevant binaries (and their checksums) from build/ # Add additional files (LICENSE, README, configs) if desired with extra -C args. - tar -czf "${NEC_TAR}" --exclude="build/nimbus_verified_proxy*" -C "${ARCHIVE_DIR}" . - tar -czf "${NVP_TAR}" --exclude="build/nimbus*" --exclude="build/librocksdb.dll" -C "${ARCHIVE_DIR}" . + tar -czf "${NEC_TAR}" --exclude="build/nimbus_verified_proxy*" --exclude="build/libverifproxy" -C "${ARCHIVE_DIR}" . + tar -czf "${NVP_TAR}" --exclude="build/nimbus*" --exclude="build/librocksdb.dll" --exclude="build/libverifproxy" -C "${ARCHIVE_DIR}" . + tar -czf "${LVP_TAR}" --exclude="build/nimbus*" --exclude="build/nimbus_verified_proxy*" --exclude="build/librocksdb.dll" -C "${ARCHIVE_DIR}" . # Generate sha512 for the tarballs themselves sha512sum "${NEC_TAR}" > "${NEC_TAR}.sha512sum" sha512sum "${NVP_TAR}" > "${NVP_TAR}.sha512sum" + sha512sum "${LVP_TAR}" > "${LVP_TAR}.sha512sum" echo "nec_tar=${NEC_TAR}" >> $GITHUB_OUTPUT echo "nvp_tar=${NVP_TAR}" >> $GITHUB_OUTPUT + echo "lvp_tar=${LVP_TAR}" >> $GITHUB_OUTPUT - name: Upload execution client tarball artefact uses: actions/upload-artifact@v4 @@ -115,6 +119,20 @@ jobs: path: ./dist/${{ steps.make_dist.outputs.nvp_tar }}.sha512sum retention-days: 2 + - name: Upload libverifproxy tarball artefact + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }}-${{ matrix.cpu }}-libverifproxy + path: ./dist/${{ steps.make_dist.outputs.lvp_tar }} + retention-days: 2 + + - name: Upload libverifproxy checksum artefact + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }}-${{ matrix.cpu }}-libverifproxy-checksum + path: ./dist/${{ steps.make_dist.outputs.lvp_tar }}.sha512sum + retention-days: 2 + - name: Login to Docker Hub # This step runs only if the tag starts with 'v' if: matrix.os == 'linux' && startsWith(github.ref, 'refs/tags/v') @@ -210,6 +228,19 @@ jobs: echo '# macOS ARM64' >> release_notes.md cat macos-arm64-proxy-checksum/* >> release_notes.md echo '```' >> release_notes.md + echo '' >> release_notes.md + echo '### libverifproxy' >> release_notes.md + echo '' >> release_notes.md + echo '```' >> release_notes.md + echo '# Linux AMD64' >> release_notes.md + cat linux-amd64-libverifproxy-checksum/* >> release_notes.md + echo '# Linux ARM64' >> release_notes.md + cat linux-arm64-libverifproxy-checksum/* >> release_notes.md + echo '# Windows AMD64' >> release_notes.md + cat windows-amd64-libverifproxy-checksum/* >> release_notes.md + echo '# macOS ARM64' >> release_notes.md + cat macos-arm64-libverifproxy-checksum/* >> release_notes.md + echo '```' >> release_notes.md - name: Create release id: create_release @@ -224,12 +255,16 @@ jobs: files: | linux-amd64-execution/* linux-amd64-proxy/* + linux-amd64-libverifproxy/* linux-arm64-execution/* linux-arm64-proxy/* + linux-arm64-libverifproxy/* windows-amd64-execution/* windows-amd64-proxy/* + windows-amd64-libverifproxy/* macos-arm64-execution/* macos-arm64-proxy/* + macos-arm64-libverifproxy/* - name: Delete artefacts uses: geekyeggo/delete-artifact@v5 @@ -238,9 +273,13 @@ jobs: name: | linux-amd64-execution linux-amd64-proxy + linux-amd64-libverifproxy linux-arm64-execution linux-arm64-proxy + linux-arm64-libverifproxy windows-amd64-execution windows-amd64-proxy + windows-amd64-libverifproxy macos-arm64-execution macos-arm64-proxy + macos-arm64-libverifproxy diff --git a/Makefile b/Makefile index abead2491a..face3c0d2b 100644 --- a/Makefile +++ b/Makefile @@ -89,26 +89,14 @@ PORTAL_TOOLS_CSV := $(subst $(SPACE),$(COMMA),$(FLUFFY_TOOLS)) # Namespaced variables to avoid conflicts with other makefiles OS_PLATFORM = $(shell $(CC) -dumpmachine) -ifneq (, $(findstring darwin, $(OS_PLATFORM))) - SHAREDLIBEXT = dylib - STATICLIBEXT = a -else -ifneq (, $(findstring mingw, $(OS_PLATFORM))$(findstring cygwin, $(OS_PLATFORM))$(findstring msys, $(OS_PLATFORM))) - SHAREDLIBEXT = dll - STATICLIBEXT = lib -else - SHAREDLIBEXT = so - STATICLIBEXT = a -endif -endif VERIF_PROXY_OUT_PATH ?= build/libverifproxy/ ifneq (, $(findstring darwin, $(OS_PLATFORM))) - VERIFPROXY_LDFLAGS = -framework Security -else ifneq (, $(findstring mingw, $(OS_PLATFORM))$(findstring windows-gnu, $(OS_PLATFORM))) - VERIFPROXY_LDFLAGS = -lbcrypt -lpthread -lws2_32 + VERIFPROXY_LDFLAGS = -lc++ -framework Security +else ifneq (, $(findstring mingw, $(OS_PLATFORM))) + VERIFPROXY_LDFLAGS = -lc++ -lbcrypt -lpthread -lws2_32 else - VERIFPROXY_LDFLAGS = -lm + VERIFPROXY_LDFLAGS = -lstdc++ -lm endif .PHONY: \ @@ -376,20 +364,23 @@ nimbus_verified_proxy_test: | build deps # Shared library for verified proxy -libverifproxy: | build deps - echo -e $(BUILD_MSG) "build/$@" && \ +$(VERIF_PROXY_OUT_PATH)/libverifproxy.a: + echo -e $(BUILD_MSG) "build/libverifproxy" && \ $(ENV_SCRIPT) nim c \ - --out:$(VERIF_PROXY_OUT_PATH)/$@.$(STATICLIBEXT) \ + --out:$@ \ $(NIM_PARAMS) \ nimbus_verified_proxy/library/verifproxy.nim cp nimbus_verified_proxy/library/verifproxy.h $(VERIF_PROXY_OUT_PATH)/ -libverifproxy_test: libverifproxy +libverifproxy: | build deps +libverifproxy: $(VERIF_PROXY_OUT_PATH)/libverifproxy.a + +libverifproxy_test: $(VERIF_PROXY_OUT_PATH)/libverifproxy.a $(CC) -I$(VERIF_PROXY_OUT_PATH) -L$(VERIF_PROXY_OUT_PATH) \ -Wno-incompatible-pointer-types \ -o build/$@ \ tests/library/test_api.c \ - -lverifproxy -lstdc++ $(VERIFPROXY_LDFLAGS) + -lverifproxy $(VERIFPROXY_LDFLAGS) ./build/$@ nimbus_verified_proxy_wasm: | build deps diff --git a/docker/dist/entry_point.sh b/docker/dist/entry_point.sh index 397875a697..3e50dd4789 100755 --- a/docker/dist/entry_point.sh +++ b/docker/dist/entry_point.sh @@ -18,7 +18,7 @@ if [[ -z "${1}" ]]; then fi PLATFORM="${1}" -BINARIES="nimbus nimbus_verified_proxy" +BINARIES="nimbus nimbus_verified_proxy libverifproxy" ROCKSDB_DIR=/usr/rocksdb echo -e "\nPLATFORM=${PLATFORM}" @@ -119,7 +119,7 @@ elif [[ "${PLATFORM}" == "linux_arm64" ]]; then LOG_LEVEL="TRACE" \ CC="${CC}" \ CXX="${CXX}" \ - NIMFLAGS="${NIMFLAGS_COMMON} --cpu:arm64 --arm64.linux.gcc.exe=${CC} --arm64.linux.gcc.linkerexe=${CXX} --passL:'-static-libstdc++'" \ + NIMFLAGS="${NIMFLAGS_COMMON} --cpu:arm64 --passC:-fPIC --arm64.linux.gcc.exe=${CC} --arm64.linux.gcc.linkerexe=${CXX} --passL:'-static-libstdc++'" \ PARTIAL_STATIC_LINKING=1 \ USE_CACHED_ROCKSDB=1 \ ${BINARIES} @@ -171,7 +171,40 @@ elif [[ "${PLATFORM}" == "macos_arm64" ]]; then USE_VENDORED_LIBUNWIND=1 \ USE_CACHED_ROCKSDB=1 \ NIMFLAGS="${NIMFLAGS_COMMON} --os:macosx --cpu:arm64 --passC:'-mcpu=apple-a14' --passL:-mcpu=apple-a14 --passL:-static-libstdc++ --clang.exe=${CC} --clang.linkerexe=${CXX}" \ - ${BINARIES} + nimbus nimbus_verified_proxy + + # the AR provided by oscxross doesn't support `llvm-ar @verifproxy_linkerArgs.txt` syntax + # for the libverifproxy we just alias the osxcross AR as llvm-ar. So we create a shim that + # expands the arguments from the response file and then executes the AR + AR_SHIM_DIR="$(mktemp -d)" + cat > "${AR_SHIM_DIR}/llvm-ar" <&2 +echo "expanded ARGS: \${ARGS[@]}" >&2 +exec "/osxcross/bin/aarch64-apple-darwin${DARWIN_VER}-ar" "\${ARGS[@]}" +EOF + chmod +x "${AR_SHIM_DIR}/llvm-ar" + export PATH="${AR_SHIM_DIR}:${PATH}" + + make \ + -j1 \ + LOG_LEVEL="TRACE" \ + CC="${CC}" \ + AR="${AR}" \ + RANLIB="${RANLIB}" \ + USE_CACHED_ROCKSDB=1 \ + NIMFLAGS="${NIMFLAGS_COMMON} --os:macosx --cpu:arm64 --passC:'-mcpu=apple-a14' --passL:-mcpu=apple-a14 --passL:-static-libstdc++ --clang.exe=${CC} --clang.linkerexe=${CXX}" \ + libverifproxy else # linux_amd64 g++ --version @@ -214,6 +247,7 @@ if [[ "${PLATFORM}" == "windows_amd64" ]]; then fi for BINARY in ${BINARIES}; do + if [[ "${BINARY}" == "libverifproxy" ]]; then continue; fi cp "./build/${BINARY}${EXT}" "${DIST_PATH}/build/" if [[ "${PLATFORM}" =~ macOS ]]; then # Collect debugging info and filter out warnings. @@ -232,6 +266,11 @@ for BINARY in ${BINARIES}; do sha512sum "${BINARY}${EXT}" >"${BINARY}.sha512sum" cd - >/dev/null done + +mkdir -p "${DIST_PATH}/build/libverifproxy" +cp "build/libverifproxy/libverifproxy.a" "${DIST_PATH}/build/libverifproxy/" +cp "build/libverifproxy/verifproxy.h" "${DIST_PATH}/build/libverifproxy/" + sed -e "s/GIT_COMMIT/${GIT_COMMIT}/" docker/dist/README.md.tpl >"${DIST_PATH}/README.md" if [[ "${PLATFORM}" == "linux_amd64" ]]; then