Merge branch 'non-amd64' into develop

Add non-amd64 support (#25, #128)
docker-easyconnect · Mar 20, 2022 · 080db62 · 080db62
2 parents 6c9cd1e + 7edc031
commit 080db62
Show file tree

Hide file tree

Showing 11 changed files with 142 additions and 52 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,31 +1,27 @@
-FROM debian:buster-slim
+FROM debian:bookworm-slim
 
-ARG BUILD_ENV=local
+ARG ANDROID_PATCH BUILD_ENV=local MIRROR_URL=http://mirrors.aliyun.com/debian/
 
-RUN if [ "${BUILD_ENV}" = "local" ]; then sed -i s/deb.debian.org/mirrors.aliyun.com/ /etc/apt/sources.list; fi &&\
+COPY ["./build-scripts/pre_build.sh", "./build-scripts/set-mirror.sh", "/tmp/build-scripts/"]
+
+RUN extra_pkg_cross="libxss1 libgconf-2-4" . /tmp/build-scripts/pre_build.sh && \
     apt-get update && \
     apt-get install -y --no-install-recommends --no-install-suggests \
         libgtk2.0-0 libx11-xcb1 libxtst6 libnss3 libasound2 libdbus-glib-1-2 iptables xclip\
-        dante-server tigervnc-standalone-server tigervnc-common dante-server psmisc flwm x11-utils\
-        busybox libssl-dev iproute2 tinyproxy-bin
+        dante-server tigervnc-standalone-server tigervnc-tools dante-server psmisc flwm x11-utils\
+        busybox libssl-dev iproute2 tinyproxy-bin $extra_pkg && \
+    rm -rf /var/lib/apt/lists/*
 
-ARG EC_URL
+ARG EC_URL ELECTRON_URL
 
-RUN cd tmp &&\
-    busybox wget "${EC_URL}" -O EasyConnect.deb &&\
-    dpkg -i EasyConnect.deb && rm EasyConnect.deb
+COPY ["./build-scripts/install-ec-gui.sh", "./build-scripts/mk-qemu-wrapper.sh", "/tmp/build-scripts/"]
 
-COPY ./docker-root /
+RUN /tmp/build-scripts/install-ec-gui.sh
 
-RUN rm -f /usr/share/sangfor/EasyConnect/resources/conf/easy_connect.json &&\
-    mv /usr/share/sangfor/EasyConnect/resources/conf/ /usr/share/sangfor/EasyConnect/resources/conf_backup &&\
-    ln -s /root/conf /usr/share/sangfor/EasyConnect/resources/conf
+COPY ./docker-root /
 
 COPY --from=fake-hwaddr fake-hwaddr/fake-hwaddr.so /usr/local/lib/fake-hwaddr.so
 
-#ENV TYPE="" PASSWORD="" LOOP=""
-#ENV DISPLAY
-
 VOLUME /root/ /usr/share/sangfor/EasyConnect/resources/logs/
 
 CMD ["start.sh"]
diff --git a/Dockerfile.cli b/Dockerfile.cli
@@ -1,26 +1,31 @@
-FROM debian:buster-slim
+FROM debian:bookworm-slim
 
-ARG BUILD_ENV=local
+ARG ANDROID_PATCH BUILD_ENV=local MIRROR_URL=http://mirrors.aliyun.com/debian/
 
-RUN if [ "${BUILD_ENV}" = "local" ]; then sed -i s/deb.debian.org/mirrors.aliyun.com/ /etc/apt/sources.list; fi && \
+COPY ["./build-scripts/pre_build.sh", "./build-scripts/set-mirror.sh", "/tmp/build-scripts/"]
+
+RUN . /tmp/build-scripts/pre_build.sh && \
     apt-get update && \
     apt-get install -y --no-install-recommends --no-install-suggests iptables \
-	dante-server busybox iproute2 tinyproxy-bin && \
+        libstdc++6:amd64 dante-server busybox iproute2 tinyproxy-bin ${extra_pkg} && \
     for command in ps kill killall; do ln -s "$(which busybox)" /usr/local/bin/"${command}" || exit 1 ; done && \
     rm -rf /var/lib/apt/lists/*
 
 ARG EC_CLI_URL="https://github.com/shmilee/scripts/releases/download/v0.0.1/easyconn_7.6.8.2-ubuntu_amd64.deb"
+COPY ./build-scripts/mk-qemu-wrapper.sh /tmp/build-scripts/
 
-RUN EC_DIR=/usr/share/sangfor/EasyConnect/resources && cd tmp && \
+RUN EC_DIR=/usr/share/sangfor/EasyConnect/resources && cd /tmp && \
     busybox wget "${EC_CLI_URL}" -O easyconn.deb && \
     dpkg -x easyconn.deb easyconn && \
-    bash -c " \
-        mkdir -p ${EC_DIR}/{bin,lib64,shell,logs}/ && \
-        cp easyconn/${EC_DIR}/bin/{CSClient,easyconn,ECAgent,svpnservice,ca.crt,cert.crt} \
-                   /${EC_DIR}/bin/ && \
-        chmod +xs ${EC_DIR}/bin/{CSClient,ECAgent,svpnservice} && \
-        cp easyconn/${EC_DIR}/lib64/lib{nspr4,nss3,nssutil3,plc4,plds4,smime3}.so \
-                   /${EC_DIR}/lib64/" && \
+    bash -c "mkdir -p ${EC_DIR}/{bin,lib64,shell,logs}/" && \
+    bash -c "cp easyconn/${EC_DIR}/bin/{CSClient,easyconn,ECAgent,svpnservice,ca.crt,cert.crt} \
+               /${EC_DIR}/bin/" && \
+    if [ "$(dpkg --print-architecture)" != "amd64" ]; then \
+        extra_amd64_bins=easyconn /tmp/build-scripts/mk-qemu-wrapper.sh ; \
+    fi && \
+    bash -c "chmod +xs ${EC_DIR}/bin/{CSClient,ECAgent,svpnservice}*" && \
+    bash -c "cp easyconn/${EC_DIR}/lib64/lib{nspr4,nss3,nssutil3,plc4,plds4,smime3}.so \
+               /${EC_DIR}/lib64/" && \
     cp easyconn/${EC_DIR}/shell/* \
                /${EC_DIR}/shell/ && \
     chmod +x ${EC_DIR}/shell/* && \

diff --git a/Dockerfile.fake-hwaddr b/Dockerfile.fake-hwaddr
@@ -1,10 +1,18 @@
-FROM debian:buster-slim AS fake-hwaddr
+FROM debian:bookworm-slim AS fake-hwaddr
 
 ARG BUILD_ENV=local
+ARG ANDROID_PATCH=
+
+RUN if [ -n "${ANDROID_PATCH}" ]; then \
+        groupadd -g 3003 inet && usermod -a -G inet root && usermod -g inet -ou 0 daemon && usermod -g inet -ou 0 _apt; \
+    fi
 
 RUN if [ "${BUILD_ENV}" = "local" ]; then sed -i s/deb.debian.org/mirrors.aliyun.com/ /etc/apt/sources.list; fi &&\
+    gcc=gcc && if [ "$(dpkg --print-architecture)" != "amd64" ]; then \
+        dpkg --add-architecture amd64 && gcc=gcc-x86-64-linux-gnu ; \
+    fi &&\
     apt-get update && \
-    apt-get install -y --no-install-recommends --no-install-suggests gcc libc6-dev make
+    apt-get install -y --no-install-recommends --no-install-suggests $gcc libc6-dev:amd64 make
 
 COPY fake-hwaddr ./fake-hwaddr/
 

diff --git a/Dockerfile.vncless b/Dockerfile.vncless
@@ -1,33 +1,28 @@
-FROM debian:buster-slim
+FROM debian:bookworm-slim
 
-ARG BUILD_ENV=local
+ARG ANDROID_PATCH BUILD_ENV=local MIRROR_URL=http://mirrors.aliyun.com/debian/
 
-RUN if [ "${BUILD_ENV}" = "local" ]; then sed -i s/deb.debian.org/mirrors.aliyun.com/ /etc/apt/sources.list; fi &&\
+COPY ["./build-scripts/pre_build.sh", "./build-scripts/set-mirror.sh", "/tmp/build-scripts/"]
+
+RUN extra_pkg_cross="libxss1 libgconf-2-4" . /tmp/build-scripts/pre_build.sh && \
     apt-get update && \
-    apt-get install -y --no-install-recommends --no-install-suggests \
+    apt-get install -y --no-install-recommends --no-install-suggests $extra_pkg \
 	libgtk2.0-0 libx11-xcb1 libxtst6 libnss3 libasound2 libdbus-glib-1-2 iptables \
-	dante-server psmisc libxaw7 xclip busybox libssl-dev iproute2 tinyproxy-bin
+	dante-server psmisc libxaw7 xclip busybox libssl-dev iproute2 tinyproxy-bin && \
+    cd /tmp && apt download x11-utils && dpkg -x x11-utils_*.deb x11-utils && \
+    mkdir -p /usr/local/bin && cp x11-utils/usr/bin/xmessage /usr/local/bin && rm -r x11-utils* && \
+    rm -rf /var/lib/apt/lists/*
 
-RUN cd tmp && apt update && apt download x11-utils && dpkg -x x11-utils_*.deb x11-utils &&\
-    mkdir -p /usr/local/bin && cp x11-utils/usr/bin/xmessage /usr/local/bin && rm -r x11-utils* 
+ARG EC_URL ELECTRON_URL
 
-ARG EC_URL
+COPY ["./build-scripts/install-ec-gui.sh", "./build-scripts/mk-qemu-wrapper.sh", "/tmp/build-scripts/"]
 
-RUN cd tmp && \
-    busybox wget "${EC_URL}" -O EasyConnect.deb &&\
-    dpkg -i EasyConnect.deb && rm EasyConnect.deb
+RUN /tmp/build-scripts/install-ec-gui.sh
 
 COPY ./docker-root /
 
-RUN rm -f /usr/share/sangfor/EasyConnect/resources/conf/easy_connect.json &&\
-    mv /usr/share/sangfor/EasyConnect/resources/conf/ /usr/share/sangfor/EasyConnect/resources/conf_backup &&\
-    ln -s /root/conf /usr/share/sangfor/EasyConnect/resources/conf
-
 COPY --from=fake-hwaddr fake-hwaddr/fake-hwaddr.so /usr/local/lib/fake-hwaddr.so
 
-#ENV PASSWORD="" LOOP=""
-#ENV DISPLAY
-
 VOLUME /root/ /usr/share/sangfor/EasyConnect/resources/logs/
 
 CMD TYPE=x11 start.sh
diff --git a/build-scripts/install-ec-gui.sh b/build-scripts/install-ec-gui.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+cd /tmp &&
+busybox wget "${EC_URL}" -O EasyConnect.deb &&
+if [ "$(dpkg --print-architecture)" != "amd64" ]; then
+	dpkg-deb -R EasyConnect.deb / &&
+	/DEBIAN/postinst &&
+	rm -r /DEBIAN &&
+	extra_amd64_bins=EasyMonitor ./build-scripts/mk-qemu-wrapper.sh &&
+	chmod +s /usr/share/sangfor/EasyConnect/resources/bin/{CSClient,ECAgent,svpnservice}*
+else
+	dpkg -i EasyConnect.deb
+fi &&
+rm EasyConnect.deb &&
+
+rm -f /usr/share/sangfor/EasyConnect/resources/conf/easy_connect.json &&
+mv /usr/share/sangfor/EasyConnect/resources/conf/ /usr/share/sangfor/EasyConnect/resources/conf_backup &&
+ln -s /root/conf /usr/share/sangfor/EasyConnect/resources/conf &&
+
+if [ "$(dpkg --print-architecture)" == "amd64" -a -z "${ELECTRON_URL}" ]; then
+	exit 0
+fi &&
+
+declare -A ELECTRON_URLS &&
+
+# v1.8 以下的 electron 无官方 arm64、mips64el 构建
+# armhf 在 v1.8.2-beta4 到 v1.8.8 无法渲染：https://github.com/electron/electron/issues/11797
+ELECTRON_URLS=(
+	[armel]=https://github.com/electron/electron/releases/download/v1.7.16/electron-v1.7.16-linux-armv7l.zip
+	[armhf]=https://github.com/electron/electron/releases/download/v1.7.16/electron-v1.7.16-linux-armv7l.zip
+	[arm64]=https://github.com/electron/electron/releases/download/v1.8.8/electron-v1.8.8-linux-arm64.zip
+	[mips64el]=https://github.com/electron/electron/releases/download/v1.8.8/electron-v1.8.8-linux-mips64el.zip
+) &&
+if [ -z "${ELECTRON_URL}" ]; then
+	ELECTRON_URL="${ELECTRON_URLS[$(dpkg --print-architecture)]}"
+fi &&
+busybox wget "${ELECTRON_URL}" -O electron.zip &&
+busybox unzip electron.zip -od /usr/share/sangfor/EasyConnect/ &&
+rm electron.zip &&
+mv /usr/share/sangfor/EasyConnect/{electron,EasyConnect}
diff --git a/build-scripts/mk-qemu-wrapper.sh b/build-scripts/mk-qemu-wrapper.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+for exec in CSClient ECAgent svpnservice $extra_amd64_bins; do
+	exec_path=/usr/share/sangfor/EasyConnect/resources/bin/$exec &&
+	mkdir -p /usr/local/libexec/qemu-hack/ &&
+	qemu_path=/usr/local/libexec/qemu-hack/$exec &&
+
+	mv ${exec_path} ${exec_path}-origin &&
+
+	# 一个让 qemu 产生的进程名字和原生运行时名字一致的 hack（便于 killall 杀进程）：使 qemu 的文件名和被模拟程序文件名一致
+	ln -s /usr/bin/qemu-x86_64 ${qemu_path} &&
+
+	# 将原可执行文件用 qemu 封装起来
+	printf '%s\n%s\n' '#!/bin/sh' "exec ${qemu_path} \${qemu_args} ${exec_path}-origin "'"$@"' > ${exec_path} &&
+	chmod +x ${exec_path} ${exec_path}-origin || exit 1
+done
diff --git a/build-scripts/pre_build.sh b/build-scripts/pre_build.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+if [ -n "${ANDROID_PATCH}" ]; then
+	groupadd -g 3003 inet && usermod -a -G inet root && usermod -g inet -ou 0 daemon && usermod -g inet -ou 0 _apt
+fi &&
+/tmp/build-scripts/set-mirror.sh &&
+extra_pkg='' &&
+if [ "$(dpkg --print-architecture)" != "amd64" ]; then
+	dpkg --add-architecture amd64 && extra_pkg="$extra_pkg_cross qemu-user libc6:amd64 libstdc++6:amd64"
+fi
diff --git a/build-scripts/set-mirror.sh b/build-scripts/set-mirror.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+if [ "${BUILD_ENV}" = "local" ]; then
+	if [ -n "$MIRROR_URL" ]; then
+		origin="$(cat /etc/apt/sources.list)"
+		default_mirror=http://deb.debian.org/debian
+		replaced="${origin//$default_mirror/$MIRROR_URL}"
+		printf %s "$replaced" > /etc/apt/sources.list
+	fi
+else
+	echo "Warning: The BUILD_ENV build argument has been deprecated and will be removed. Please use MIRROR_URL instead." >&2
+fi
diff --git a/doc/build.md b/doc/build.md
@@ -11,9 +11,15 @@
 ## 构建参数
 
 - `EC_URL`（仅适用于图形界面版）: EasyConnect 的 deb 包下载地址，各版本的下载地址可见于 [../ec\_urls/](../ec_urls/)。
+- `ELECTRON_URL`（仅适用于图形界面版）: [electron](https://github.com/electron/electron/releases) 的下载地址，用于在非 amd64 架构中将 EasyConnect 前端自带的 electron 替换成可原生执行的 electron（但亦可用于构建 amd64 镜像），有一些注意事项：
+
+    - `armel`、`armhf`、`arm64`、`mips64el` 架构无需设定该参数，构建脚本中已经预设（有特殊需要可以使用该参数覆盖预设值），`amd64`（`x86_64`）架构可直接使用自带的 electron，也无需设定
+    - EasyConnect 自带的 electron 为 v1.6.7 版，为确保兼容性应只使用 v1.x.xx 的镜像
+
 - `EC_763_URL`（仅适用于命令行版）: `7.6.3` 版 EasyConnect 的 deb 包下载地址，默认为 `http://download.sangfor.com.cn/download/product/sslvpn/pkg/linux_01/EasyConnect_x64.deb`，将其设为空值时构建的镜像不包含 `7.6.3` 版的配置文件
 - `EC_767_URL`（仅适用于命令行版）: `7.6.7` 版 EasyConnect 的 deb 包下载地址，默认为 `http://download.sangfor.com.cn/download/product/sslvpn/pkg/linux_767/EasyConnect_x64_7_6_7_3.deb`，将其设为空值时构建的镜像不包含 `7.6.7` 版的配置文件
 - `EC_CLI_URL`（仅适用于命令行版）: [@shmilee](https://github.com/shmilee) 提供的命令行 `7.6.8` 版 deb 包的下载地址，默认为 `https://github.com/shmilee/scripts/releases/download/v0.0.1/easyconn_7.6.8.2-ubuntu_amd64.deb`
+- `MIRROR_URL`: Debian 镜像站，默认为 <http://mirrors.aliyun.com/debian/>，设为空则不使用镜像站
 
 ## 从 Dockerfile 构建
 

diff --git a/docker-root/usr/local/bin/start-sangfor.sh b/docker-root/usr/local/bin/start-sangfor.sh
@@ -1,6 +1,13 @@
 #!/bin/bash
 fake-hwaddr-run() { "$@" ; }
-[ -n "$FAKE_HWADDR" ] && fake-hwaddr-run() { LD_PRELOAD=/usr/local/lib/fake-hwaddr.so "$@" ; }
+qemu_args=""
+if [ -n "$FAKE_HWADDR" ]; then
+	if [ "$(dpkg --print-architecture)" = "amd64" ]; then
+		fake-hwaddr-run() { LD_PRELOAD=/usr/local/lib/fake-hwaddr.so "$@" ; }
+	else
+		fake-hwaddr-run() { qemu_args="-E LD_PRELOAD=/usr/local/lib/fake-hwaddr.so" "$@" ; }
+	fi
+fi
 [ -z "$_EC_CLI" ] && /usr/share/sangfor/EasyConnect/resources/bin/EasyMonitor
 sleep 1
 while true
@@ -10,7 +17,7 @@ do
 		# 参考了 https://blog.51cto.com/13226459/2476193 ，在此对作者表示感谢。
 		{
 			tail -n 0 -f /usr/share/sangfor/EasyConnect/resources/logs/ECAgent.log | grep "\\[Register\\]cms client connect failed" -m 1
-			fake-hwaddr-run /usr/share/sangfor/EasyConnect/resources/shell/sslservice.sh
+			/usr/share/sangfor/EasyConnect/resources/shell/sslservice.sh
 		} &
 
 		# 下面这行代码启动 EasyConnect 的前端。

diff --git a/fake-hwaddr/Makefile b/fake-hwaddr/Makefile
@@ -1,4 +1,3 @@
 fake-hwaddr.so: fake-hwaddr.c
-	gcc --shared -o fake-hwaddr.so fake-hwaddr.c -ldl -fPIC
-	strip fake-hwaddr.so
+	x86_64-linux-gnu-gcc --shared -o fake-hwaddr.so fake-hwaddr.c -ldl -fPIC