proxy: release library

.github/workflows/nightly_build.yml

@@ -87,6 +87,9 @@ jobs:
     runs-on: ${{ matrix.builder }}
 
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
       - name: Download artefacts
         uses: actions/download-artifact@v5
         with:
@@ -98,6 +101,11 @@ jobs:
           build/nimbus --help
           build/nimbus_verified_proxy --help
 
+      - name: Test libverifproxy
+        # Windows runner uses MinGW (libstdc++) but the library is built with llvm-mingw (libc++)
+        if: matrix.os != 'windows'
+        run: make libverifproxy_test
+
   nightly-build-release:
     name: Nightly build release
     needs: build

.github/workflows/nimbus_verified_proxy.yml

@@ -107,6 +107,6 @@ jobs:
           gcc --version
           DEFAULT_MAKE_FLAGS="-j${ncpu}"
           make ${DEFAULT_MAKE_FLAGS} nimbus_verified_proxy
-          build/nimbus_verified_proxy --help
-          # "-static" option will not work for osx unless static system libraries are provided
-          make ${DEFAULT_MAKE_FLAGS} nimbus_verified_proxy_test libverifproxy_test
+          make ${DEFAULT_MAKE_FLAGS} libverifproxy
+          make ${DEFAULT_MAKE_FLAGS} nimbus_verified_proxy_test
+          make ${DEFAULT_MAKE_FLAGS} libverifproxy_test

.github/workflows/release.yml

@@ -74,18 +74,22 @@ jobs:
 
           NEC_TAR="nimbus-${OS}-${CPU}-${TAG}-$(git rev-parse --short=8 HEAD).tar.gz"
           NVP_TAR="nimbus_verified_proxy-${OS}-${CPU}-${TAG}-$(git rev-parse --short=8 HEAD).tar.gz"
+          LVP_TAR="libverifproxy-${OS}-${CPU}-${TAG}-$(git rev-parse --short=8 HEAD).tar.gz"
 
           # Pack only the relevant binaries (and their checksums) from build/
           # Add additional files (LICENSE, README, configs) if desired with extra -C args.
-          tar -czf "${NEC_TAR}" --exclude="build/nimbus_verified_proxy*" -C "${ARCHIVE_DIR}" .
-          tar -czf "${NVP_TAR}" --exclude="build/nimbus*" --exclude="build/librocksdb.dll" -C "${ARCHIVE_DIR}" .
+          tar -czf "${NEC_TAR}" --exclude="build/nimbus_verified_proxy*" --exclude="build/libverifproxy" -C "${ARCHIVE_DIR}" .
+          tar -czf "${NVP_TAR}" --exclude="build/nimbus*" --exclude="build/librocksdb.dll" --exclude="build/libverifproxy" -C "${ARCHIVE_DIR}" .
+          tar -czf "${LVP_TAR}" --exclude="build/nimbus*" --exclude="build/nimbus_verified_proxy*" --exclude="build/librocksdb.dll" -C "${ARCHIVE_DIR}" .
 
           # Generate sha512 for the tarballs themselves
           sha512sum "${NEC_TAR}" > "${NEC_TAR}.sha512sum"
           sha512sum "${NVP_TAR}" > "${NVP_TAR}.sha512sum"
+          sha512sum "${LVP_TAR}" > "${LVP_TAR}.sha512sum"
 
           echo "nec_tar=${NEC_TAR}" >> $GITHUB_OUTPUT
           echo "nvp_tar=${NVP_TAR}" >> $GITHUB_OUTPUT
+          echo "lvp_tar=${LVP_TAR}" >> $GITHUB_OUTPUT
 
       - name: Upload execution client tarball artefact
         uses: actions/upload-artifact@v4
@@ -115,6 +119,20 @@ jobs:
           path: ./dist/${{ steps.make_dist.outputs.nvp_tar }}.sha512sum
           retention-days: 2
 
+      - name: Upload libverifproxy tarball artefact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.os }}-${{ matrix.cpu }}-libverifproxy
+          path: ./dist/${{ steps.make_dist.outputs.lvp_tar }}
+          retention-days: 2
+
+      - name: Upload libverifproxy checksum artefact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.os }}-${{ matrix.cpu }}-libverifproxy-checksum
+          path: ./dist/${{ steps.make_dist.outputs.lvp_tar }}.sha512sum
+          retention-days: 2
+
       - name: Login to Docker Hub
         # This step runs only if the tag starts with 'v'
         if: matrix.os == 'linux' && startsWith(github.ref, 'refs/tags/v')
@@ -210,6 +228,19 @@ jobs:
           echo '# macOS ARM64' >> release_notes.md
           cat macos-arm64-proxy-checksum/* >> release_notes.md
           echo '```' >> release_notes.md
+          echo '' >> release_notes.md
+          echo '### libverifproxy' >> release_notes.md
+          echo '' >> release_notes.md
+          echo '```' >> release_notes.md
+          echo '# Linux AMD64' >> release_notes.md
+          cat linux-amd64-libverifproxy-checksum/* >> release_notes.md
+          echo '# Linux ARM64' >> release_notes.md
+          cat linux-arm64-libverifproxy-checksum/* >> release_notes.md
+          echo '# Windows AMD64' >> release_notes.md
+          cat windows-amd64-libverifproxy-checksum/* >> release_notes.md
+          echo '# macOS ARM64' >> release_notes.md
+          cat macos-arm64-libverifproxy-checksum/* >> release_notes.md
+          echo '```' >> release_notes.md
 
       - name: Create release
         id: create_release
@@ -224,12 +255,16 @@ jobs:
           files: |
             linux-amd64-execution/*
             linux-amd64-proxy/*
+            linux-amd64-libverifproxy/*
             linux-arm64-execution/*
             linux-arm64-proxy/*
+            linux-arm64-libverifproxy/*
             windows-amd64-execution/*
             windows-amd64-proxy/*
+            windows-amd64-libverifproxy/*
             macos-arm64-execution/*
             macos-arm64-proxy/*
+            macos-arm64-libverifproxy/*
 
       - name: Delete artefacts
         uses: geekyeggo/delete-artifact@v5
@@ -238,9 +273,13 @@ jobs:
           name: |
             linux-amd64-execution
             linux-amd64-proxy
+            linux-amd64-libverifproxy
             linux-arm64-execution
             linux-arm64-proxy
+            linux-arm64-libverifproxy
             windows-amd64-execution
             windows-amd64-proxy
+            windows-amd64-libverifproxy
             macos-arm64-execution
             macos-arm64-proxy
+            macos-arm64-libverifproxy

Makefile

@@ -89,26 +89,14 @@ PORTAL_TOOLS_CSV := $(subst $(SPACE),$(COMMA),$(FLUFFY_TOOLS))
 
 # Namespaced variables to avoid conflicts with other makefiles
 OS_PLATFORM = $(shell $(CC) -dumpmachine)
-ifneq (, $(findstring darwin, $(OS_PLATFORM)))
-  SHAREDLIBEXT = dylib
-  STATICLIBEXT = a
-else
-ifneq (, $(findstring mingw, $(OS_PLATFORM))$(findstring cygwin, $(OS_PLATFORM))$(findstring msys, $(OS_PLATFORM)))
-  SHAREDLIBEXT = dll
-  STATICLIBEXT = lib
-else
-  SHAREDLIBEXT = so
-  STATICLIBEXT = a
-endif
-endif
 
 VERIF_PROXY_OUT_PATH ?= build/libverifproxy/
 ifneq (, $(findstring darwin, $(OS_PLATFORM)))
-  VERIFPROXY_LDFLAGS = -framework Security
-else ifneq (, $(findstring mingw, $(OS_PLATFORM))$(findstring windows-gnu, $(OS_PLATFORM)))
-  VERIFPROXY_LDFLAGS = -lbcrypt -lpthread -lws2_32
+  VERIFPROXY_LDFLAGS = -lc++ -framework Security
+else ifneq (, $(findstring mingw, $(OS_PLATFORM)))
+  VERIFPROXY_LDFLAGS = -lc++ -lbcrypt -lpthread -lws2_32
 else
-  VERIFPROXY_LDFLAGS = -lm
+  VERIFPROXY_LDFLAGS = -lstdc++ -lm
 endif
 
 .PHONY: \
@@ -376,20 +364,23 @@ nimbus_verified_proxy_test: | build deps
 
 # Shared library for verified proxy
 
-libverifproxy: | build deps
-	echo -e $(BUILD_MSG) "build/$@" && \
+$(VERIF_PROXY_OUT_PATH)/libverifproxy.a:
+	echo -e $(BUILD_MSG) "build/libverifproxy" && \
 		$(ENV_SCRIPT) nim c \
-		--out:$(VERIF_PROXY_OUT_PATH)/$@.$(STATICLIBEXT) \
+		--out:$@ \
 		$(NIM_PARAMS) \
 		nimbus_verified_proxy/library/verifproxy.nim
 	cp nimbus_verified_proxy/library/verifproxy.h $(VERIF_PROXY_OUT_PATH)/
 
-libverifproxy_test: libverifproxy
+libverifproxy: | build deps
+libverifproxy: $(VERIF_PROXY_OUT_PATH)/libverifproxy.a
+
+libverifproxy_test: $(VERIF_PROXY_OUT_PATH)/libverifproxy.a
 	$(CC) -I$(VERIF_PROXY_OUT_PATH) -L$(VERIF_PROXY_OUT_PATH) \
 		-Wno-incompatible-pointer-types \
 		-o build/$@ \
 		tests/library/test_api.c \
-		-lverifproxy -lstdc++ $(VERIFPROXY_LDFLAGS)
+		-lverifproxy $(VERIFPROXY_LDFLAGS)
 	./build/$@
 
 nimbus_verified_proxy_wasm: | build deps

docker/dist/entry_point.sh

@@ -18,7 +18,7 @@ if [[ -z "${1}" ]]; then
 fi
 
 PLATFORM="${1}"
-BINARIES="nimbus nimbus_verified_proxy"
+BINARIES="nimbus nimbus_verified_proxy libverifproxy"
 ROCKSDB_DIR=/usr/rocksdb
 
 echo -e "\nPLATFORM=${PLATFORM}"
@@ -119,7 +119,7 @@ elif [[ "${PLATFORM}" == "linux_arm64" ]]; then
     LOG_LEVEL="TRACE" \
     CC="${CC}" \
     CXX="${CXX}" \
-    NIMFLAGS="${NIMFLAGS_COMMON} --cpu:arm64 --arm64.linux.gcc.exe=${CC} --arm64.linux.gcc.linkerexe=${CXX} --passL:'-static-libstdc++'" \
+    NIMFLAGS="${NIMFLAGS_COMMON} --cpu:arm64 --passC:-fPIC --arm64.linux.gcc.exe=${CC} --arm64.linux.gcc.linkerexe=${CXX} --passL:'-static-libstdc++'" \
     PARTIAL_STATIC_LINKING=1 \
     USE_CACHED_ROCKSDB=1 \
     ${BINARIES}
@@ -171,7 +171,40 @@ elif [[ "${PLATFORM}" == "macos_arm64" ]]; then
     USE_VENDORED_LIBUNWIND=1 \
     USE_CACHED_ROCKSDB=1 \
     NIMFLAGS="${NIMFLAGS_COMMON} --os:macosx --cpu:arm64 --passC:'-mcpu=apple-a14' --passL:-mcpu=apple-a14 --passL:-static-libstdc++ --clang.exe=${CC} --clang.linkerexe=${CXX}" \
-    ${BINARIES}
+    nimbus nimbus_verified_proxy
+
+  # the AR provided by oscxross doesn't support `llvm-ar  @verifproxy_linkerArgs.txt` syntax
+  # for the libverifproxy we just alias the osxcross AR as llvm-ar. So we create a shim that
+  # expands the arguments from the response file and then executes the AR
+  AR_SHIM_DIR="$(mktemp -d)"
+  cat > "${AR_SHIM_DIR}/llvm-ar" <<EOF
+#!/bin/bash
+ARGS=()
+for arg in "\$@"; do
+  if [[ "\${arg}" == @* ]]; then
+    while read -r -a words || [[ \${#words[@]} -gt 0 ]]; do
+      ARGS+=("\${words[@]}")
+    done < "\${arg#@}"
+  else
+    ARGS+=("\${arg}")
+  fi
+done
+echo "llvm-ar wrapper called with: \$@" >&2
+echo "expanded ARGS: \${ARGS[@]}" >&2
+exec "/osxcross/bin/aarch64-apple-darwin${DARWIN_VER}-ar" "\${ARGS[@]}"
+EOF
+  chmod +x "${AR_SHIM_DIR}/llvm-ar"
+  export PATH="${AR_SHIM_DIR}:${PATH}"
+
+  make \
+    -j1 \
+    LOG_LEVEL="TRACE" \
+    CC="${CC}" \
+    AR="${AR}" \
+    RANLIB="${RANLIB}" \
+    USE_CACHED_ROCKSDB=1 \
+    NIMFLAGS="${NIMFLAGS_COMMON} --os:macosx --cpu:arm64 --passC:'-mcpu=apple-a14' --passL:-mcpu=apple-a14 --passL:-static-libstdc++ --clang.exe=${CC} --clang.linkerexe=${CXX}" \
+    libverifproxy
 
 else # linux_amd64
   g++ --version
@@ -214,6 +247,7 @@ if [[ "${PLATFORM}" == "windows_amd64" ]]; then
 fi
 
 for BINARY in ${BINARIES}; do
+  if [[ "${BINARY}" == "libverifproxy" ]]; then continue; fi
   cp "./build/${BINARY}${EXT}" "${DIST_PATH}/build/"
   if [[ "${PLATFORM}" =~ macOS ]]; then
     # Collect debugging info and filter out warnings.
@@ -232,6 +266,11 @@ for BINARY in ${BINARIES}; do
   sha512sum "${BINARY}${EXT}" >"${BINARY}.sha512sum"
   cd - >/dev/null
 done
+
+mkdir -p "${DIST_PATH}/build/libverifproxy"
+cp "build/libverifproxy/libverifproxy.a" "${DIST_PATH}/build/libverifproxy/"
+cp "build/libverifproxy/verifproxy.h" "${DIST_PATH}/build/libverifproxy/"
+
 sed -e "s/GIT_COMMIT/${GIT_COMMIT}/" docker/dist/README.md.tpl >"${DIST_PATH}/README.md"
 
 if [[ "${PLATFORM}" == "linux_amd64" ]]; then