diff --git a/pkg/kamailio/alpine/0002-remove-spurious-execinfo.patch b/pkg/kamailio/alpine/0002-remove-spurious-execinfo.patch deleted file mode 100644 index d9403bb4c48..00000000000 --- a/pkg/kamailio/alpine/0002-remove-spurious-execinfo.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/src/modules/ims_dialog/dlg_hash.c b/src/modules/ims_dialog/dlg_hash.c -index 999ae01..4fe4aae 100644 ---- a/src/modules/ims_dialog/dlg_hash.c -+++ b/src/modules/ims_dialog/dlg_hash.c -@@ -17,7 +17,8 @@ - #include "dlg_profile.h" - #include "dlg_handlers.h" - #include "dlg_db_handler.h" --#include -+ -+// #include - - #define MAX_LDG_LOCKS 2048 - #define MIN_LDG_LOCKS 2 -@@ -70,6 +71,7 @@ static int dlg_hash_size_out = 4096; - }\ - }while(0) - -+#ifdef ALPINE_SUPPORTS_BACKTRACE - inline static int backtrace2str(char* buf, int size) - { - void* bt[32]; -@@ -87,6 +89,7 @@ inline static int backtrace2str(char* buf, int size) - } - return 0; - } -+#endif - - /*! - * \brief Initialize the global dialog table diff --git a/pkg/kamailio/alpine/0003-src_modules_tls_tls_init_c.patch b/pkg/kamailio/alpine/0003-src_modules_tls_tls_init_c.patch deleted file mode 100644 index 9b70c21c2eb..00000000000 --- a/pkg/kamailio/alpine/0003-src_modules_tls_tls_init_c.patch +++ /dev/null @@ -1,131 +0,0 @@ -$OpenBSD: patch-src_modules_tls_tls_init_c,v 1.1 2017/07/03 22:14:20 sthen Exp $ - -Index: a/src/modules/tls/tls_init.c ---- a/src/modules/tls/tls_locking.c -+++ b/src/modules/tls/tls_locking.c -@@ -33,7 +33,7 @@ - static gen_lock_set_t* static_locks=0; - - /* OpenSSL is thread-safe since 1.1.0 */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - - /* "dynamic" locks */ - -@@ -118,7 +118,7 @@ - } - } - --#endif /* openssl < 0x10100000L (1.1.0) */ -+#endif /* openssl < 0x10100000L (1.1.0) or LibreSSL */ - - - void tls_destroy_locks() ---- a/src/modules/tls/tls_init.c -+++ b/src/modules/tls/tls_init.c -@@ -139,7 +139,7 @@ const SSL_METHOD* ssl_methods[TLS_METHOD_MAX]; - */ - - -- -+#ifndef LIBRESSL_VERSION_NUMBER - inline static char* buf_append(char* buf, char* end, char* str, int str_len) - { - if ( (buf+str_len)= 0x1000100fL -+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER) - ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method(); - ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method(); - ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method(); - #endif - --#if OPENSSL_VERSION_NUMBER >= 0x1000105fL -+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER) - ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method(); - ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method(); - ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method(); -@@ -393,11 +394,11 @@ static void init_ssl_methods(void) - /* ranges of TLS versions (require a minimum TLS version) */ - ssl_methods[TLS_USE_TLSv1_PLUS - 1] = (void*)TLS_OP_TLSv1_PLUS; - --#if OPENSSL_VERSION_NUMBER >= 0x1000100fL -+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER) - ssl_methods[TLS_USE_TLSv1_1_PLUS - 1] = (void*)TLS_OP_TLSv1_1_PLUS; - #endif - --#if OPENSSL_VERSION_NUMBER >= 0x1000105fL -+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER) - ssl_methods[TLS_USE_TLSv1_2_PLUS - 1] = (void*)TLS_OP_TLSv1_2_PLUS; - #endif - } -@@ -408,6 +409,7 @@ static void init_ssl_methods(void) - */ - static int init_tls_compression(void) - { -+#ifndef LIBRESSL_VERSION_NUMBER - #if OPENSSL_VERSION_NUMBER < 0x010100000L - #if OPENSSL_VERSION_NUMBER >= 0x00908000L - int n, r; -@@ -494,6 +496,7 @@ static int init_tls_compression(void) - end: - #endif /* OPENSSL_VERSION_NUMBER >= 0.9.8 */ - #endif /* OPENSSL_VERSION_NUMBER < 1.1.0 */ -+#endif /* LIBRESSL_VERSION_NUMBER */ - return 0; - } - -@@ -504,6 +507,7 @@ end: - */ - int tls_pre_init(void) - { -+#ifndef LIBRESSL_VERSION_NUMBER - #if OPENSSL_VERSION_NUMBER < 0x010100000L - void *(*mf)(size_t) = NULL; - void *(*rf)(void *, size_t) = NULL; -@@ -530,6 +534,7 @@ int tls_pre_init(void) - " (can be loaded first to be safe)\n"); - return -1; - } -+#endif /* LIBRESSL_VERSION_NUMBER */ - - if (tls_init_locks()<0) - return -1; -@@ -563,7 +568,7 @@ int init_tls_h(void) - { - /*struct socket_info* si;*/ - long ssl_version; --#if OPENSSL_VERSION_NUMBER < 0x010100000L -+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER) - int lib_kerberos; - int lib_zlib; - int kerberos_support; -@@ -607,7 +612,7 @@ int init_tls_h(void) - } - - /* check kerberos support using compile flags only for version < 1.1.0 */ --#if OPENSSL_VERSION_NUMBER < 0x010100000L -+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER) - - #ifdef TLS_KERBEROS_SUPPORT - kerberos_support=1; diff --git a/pkg/kamailio/alpine/APKBUILD b/pkg/kamailio/alpine/APKBUILD index a687c8fd9fc..44e67b3b325 100644 --- a/pkg/kamailio/alpine/APKBUILD +++ b/pkg/kamailio/alpine/APKBUILD @@ -8,7 +8,7 @@ pkgrel=0 # If building from a git snapshot, specify the gitcommit # If building a proper release, leave gitcommit blank -#_gitcommit=65ed9b065c497266a4ecd9760e7c168c69b4c6e8 +_gitcommit=1fe5970917f21e9d69127635e04ba8ae585e2da4 [ ! -z "${_gitcommit}" ] && pkgver="${pkgver}.$(date +%Y%m%d)" [ ! -z "${_gitcommit}" ] && _suffix="-${_gitcommit:0:7}" @@ -23,7 +23,7 @@ pkggroups="kamailio" arch="all" license="GPL2+" depends="" -makedepends="bison flex expat-dev postgresql-dev pcre-dev mariadb-dev +makedepends="bison db-dev flex freeradius-client-dev expat-dev lksctp-tools-dev perl-dev postgresql-dev python2-dev pcre-dev mariadb-dev libxml2-dev curl-dev unixodbc-dev confuse-dev ncurses-dev sqlite-dev lua-dev openldap-dev libressl-dev net-snmp-dev libuuid libev-dev jansson-dev json-c-dev libevent-dev linux-headers libmemcached-dev @@ -57,7 +57,7 @@ _mod_list_extras="auth_diameter call_control cnxcc dmq domainpolicy log_custom \ auth_xkeys" # - common modules depending on database -_mod_list_db="acc alias_db auth_db avpops cfg_db db_flatstore \ +_mod_list_db="acc alias_db auth_db avpops cfg_db db_berkeley db_flatstore \ db_cluster dialog dispatcher domain drouting group \ htable imc matrix mohqueue msilo mtree p_usrloc pdt permissions \ pipelimit prefix_route registrar sipcapture siptrace speeddial \ @@ -172,7 +172,7 @@ _mod_list_oracle="db_oracle" _mod_list_json="json jsonrpcc jsonrpcs" # - modules depending on redis library -_mod_list_redis="ndb_redis" +_mod_list_redis="ndb_redis topos_redis" # - modules depending on mono library _mod_list_mono="app_mono" @@ -228,7 +228,7 @@ for _i in db postgres sqlite dbtext mysql \ ldap utils tls presence lua ims outbound debugger \ extras json websocket authephemeral \ uuid ev memcached redis geoip2 jansson \ - jsdt http_async kazoo; do + jsdt http_async kazoo rabbitmq sctp radius perl python; do subpackages="$subpackages $pkgname-$_i" eval "_modules=\"\$_modules \$_mod_list_$_i\"" @@ -236,7 +236,6 @@ done source="${pkgname}-${pkgver}${_suffix}.tar.gz::https://github.com/kamailio/$pkgname/archive/$_gitcommit.tar.gz 0001-kamdbctl.base.patch - 0003-src_modules_tls_tls_init_c.patch 0004-src_core_tcp_read_c.patch kamailio.cfg kamailio.initd @@ -274,13 +273,13 @@ build() { DESTDIR="$pkgdir" \ cfg_prefix="$pkgdir" \ cfg - make EMBEDDED_UTF8_DECODE=1 STUN=1 \ + make EMBEDDED_UTF8_DECODE=1 STUN=1 FREERADIUS=1 \ all || return 1 } package() { cd "$builddir" - make -j1 install || return 1 + make FREERADIUS=1 -j1 install || return 1 # move default config to -doc package and use our own default config @@ -497,10 +496,29 @@ kazoo() { "$_mod_list_kazoo" } +radius() { + _generic_pkg "RADIUS modules for Kamailio" \ + "$_mod_list_radius" +} + +sctp() { + _generic_pkg "SCTP transport for Kamailio" \ + "$_mod_list_sctp" +} + +perl() { + _generic_pkg "Perl extensions and database driver for Kamailio" \ + "$_mod_list_perl" +} + +python() { + _generic_pkg "Python extensions for Kamailio" \ + "$_mod_list_python" +} + -sha512sums="e31c99c4300c2db6d324ca4253161bd55d634ec854809e75c3058bdea91caea789ff4b7022bfc60c1c38212d359d960b00908c6e257ce3de379082bc430d7794 kamailio-5.1.0.20170920-65ed9b0.tar.gz +sha512sums="6b4c58fe628270f8927721813607ce080b5e257cca8ace8c7b286c77c7880be258c07f1c7fb5711449cfc1f8841468e6ca647cf2e28be7a8d3dbb316527b7198 kamailio-5.1.0.20170922-1fe5970.tar.gz 6badfb611c02ffcb4c2e9937731162ea1a4b737f042ed52120e2f96ebb80b5b7d240b5612c9ca565e693eec9b8c52c1ee5db04dfc47d204501021f984b4b11db 0001-kamdbctl.base.patch -384216758a9c95f019cbf9b548533ae88e2069a9f1f1730c51a36d1b8fe6b7c41ec51196eccaaaf8a70fcb74443a5cf94ee62cfe39772d7b4cda2aecce25e128 0003-src_modules_tls_tls_init_c.patch af8362201957eae6b66baf7368c9ca884024209a396d77c5c52180c9aabe13772e9c6513e59721d39503e5bb7a8c1030f5c10301ea9055bddafb7f01ee2f3076 0004-src_core_tcp_read_c.patch c1abf69b48847dc8c7ab0d11ef9adb531aa4635f9d44db6933981edc5a47df374664fb24867b19aa64abbcc9777bf1cd0360d9aea54e27b081065928c61e0f0b kamailio.cfg cd6e3b677d803cd78561ad14d9b2589fd35ad0096f48047fdcb4ddc7d9103871357efba3b350946844cb53dbb081210746421fc420c22ac845b90251168a628e kamailio.initd" diff --git a/pkg/kamailio/alpine_docker/Dockerfile b/pkg/kamailio/alpine_docker/Dockerfile new file mode 100644 index 00000000000..7b55b404ffa --- /dev/null +++ b/pkg/kamailio/alpine_docker/Dockerfile @@ -0,0 +1,6 @@ +FROM scratch + +ADD kamailio_img.tar.gz / +COPY entrypoint.sh / + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/pkg/kamailio/alpine_docker/README.md b/pkg/kamailio/alpine_docker/README.md new file mode 100644 index 00000000000..c5c7e074e08 --- /dev/null +++ b/pkg/kamailio/alpine_docker/README.md @@ -0,0 +1,91 @@ +About +----- + +Container designed to run on host, bridge and swarm network. +Size of container decreased to 50MB (23MB compressed) +Significantly increased security - removed all libs except libc, busybox, tcpdump, dumpcap, kamailio and dependent libs. +Docker container is created useing Alpine linux packaging + +Used environment variables +-------------------------- + +1. ```SHM_MEMORY``` - amount of shared memory to allocate for the running Kamailio server (in Mb), default value 64Mb; +2. ```PKG_MEMORY``` - amount of per-process (package) memory to allocate for Kamailio (in Mb), default value 8Mb + +Usage container +--------------- + +```sh +docker run --net=host --name kamailio \ + -v /etc/kamailio/:/etc/kamailio \ + kamailio/kamailio +``` + +systemd unit file +----------------- + +You can use this systemd unit files on your docker host. +Unit file can be placed to ```/etc/systemd/system/kamailio-docker.service``` and enabled by commands +```sh +systemd start kamailio-docker.service +systemd enable kamailio-docker.service +``` + +host network +============ + +```sh +$ cat /etc/systemd/system/kamailio-docker.service +[Unit] +Description=kamailio Container +After=docker.service network-online.target +Requires=docker.service + + +[Service] +Restart=always +TimeoutStartSec=0 +#One ExecStart/ExecStop line to prevent hitting bugs in certain systemd versions +ExecStart=/bin/sh -c 'docker rm -f kamailio; \ + docker run -t --net=host --name kamailio \ + -v /etc/kamailio/:/etc/kamailio \ + kamailio/kamailio' +ExecStop=-/bin/sh -c '/usr/bin/docker stop kamailio; \ + /usr/bin/docker rm -f kamailio;' + +[Install] +WantedBy=multi-user.target +``` + +default bridge network +====================== +```sh +[Unit] +Description=kamailio Container +After=docker.service network-online.target +Requires=docker.service + + +[Service] +Restart=always +TimeoutStartSec=0 +#One ExecStart/ExecStop line to prevent hitting bugs in certain systemd versions +ExecStart=/bin/sh -c 'docker rm -f kamailio; \ + docker run -t --network bridge --name kamailio \ + -p 5060:5060/udp -p 5060:5060 \ + -v /etc/kamailio/:/etc/kamailio \ + kamailio/kamailio' + +ExecStop=-/bin/sh -c '/usr/bin/docker stop kamailio; \ + /usr/bin/docker rm -f kamailio;' + +[Install] +WantedBy=multi-user.target +``` + +.bashrc file +------------ +To simplify kamailio managment you can add alias for ```kamctl``` to ```.bashrc``` file as example bellow. +```sh +alias kamctl='docker exec -i -t kamailio /usr/sbin/kamctl' +``` diff --git a/pkg/kamailio/alpine_docker/build.sh b/pkg/kamailio/alpine_docker/build.sh new file mode 100755 index 00000000000..3d9c52a2c0b --- /dev/null +++ b/pkg/kamailio/alpine_docker/build.sh @@ -0,0 +1,137 @@ +#!/bin/sh -e + +# This script is wrote by Sergey Safarov + +BUILD_ROOT=/tmp/kamailio +FILELIST=/tmp/filelist +FILELIST_BINARY=/tmp/filelist_binary +TMP_TAR=/tmp/kamailio_min.tar.gz +IMG_TAR=kamailio_img.tar.gz + +prepare_build() { +apk add --no-cache abuild git gcc build-base bison db-dev flex expat-dev perl-dev postgresql-dev python2-dev pcre-dev mariadb-dev \ + libxml2-dev curl-dev unixodbc-dev confuse-dev ncurses-dev sqlite-dev lua-dev openldap-dev \ + libressl-dev net-snmp-dev libuuid libev-dev jansson-dev json-c-dev libevent-dev linux-headers \ + libmemcached-dev rabbitmq-c-dev hiredis-dev libmaxminddb-dev libunistring-dev freeradius-client-dev lksctp-tools-dev + + adduser -D build && addgroup build abuild + echo "%abuild ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/abuild + su - build -c "git config --global user.name 'Your Full Name'" + su - build -c "git config --global user.email 'your@email.address'" + su - build -c "abuild-keygen -a -i" +} + +build_and_install(){ + if [ ! -z "$GIT_TAG" ]; then + sed -i -e "s/^_gitcommit=.*/_gitcommit=$GIT_TAG/" /usr/src/kamailio/pkg/kamailio/alpine/APKBUILD + fi + chown -R build /usr/src/kamailio + su - build -c "cd /usr/src/kamailio/pkg/kamailio/alpine; abuild snapshot" + su - build -c "cd /usr/src/kamailio/pkg/kamailio/alpine; abuild -r" + cd /home/build/packages/kamailio/x86_64 + ls -1 kamailio-*.apk | xargs apk --no-cache --allow-untrusted add +} + +list_installed_kamailio_packages() { + apk info | grep kamailio +} + +kamailio_files() { + local PACKAGES + PACKAGES=$(apk info | grep kamailio) + PACKAGES="musl $PACKAGES" + for pkg in $PACKAGES + do + # list package files and filter package name + apk info --contents $pkg 2> /dev/null | sed -e '/\S\+ contains:/d' -e '/^$/d' -e 's/^/\//' + done +} + +extra_files() { + cat << EOF +/etc +/bin +/bin/busybox +/usr/bin +/usr/bin/dumpcap +/usr/lib +/usr/sbin +/usr/sbin/tcpdump +/var +/var/run +/run +EOF +} + +sort_filelist() { + sort $FILELIST | uniq > $FILELIST.new + mv -f $FILELIST.new $FILELIST +} + +filter_unnecessary_files() { +# excluded following files and directories recursive +# /usr/lib/debug/usr/lib/kamailio/ +# /usr/share/doc/kamailio +# /usr/share/man +# /usr/share/snmp + + sed -i \ + -e '\|^/usr/lib/debug/|d' \ + -e '\|^/usr/share/doc/kamailio/|d' \ + -e '\|^/usr/share/man/|d' \ + -e '\|^/usr/share/snmp/|d' \ + $FILELIST +} + +ldd_helper() { + TESTFILE=$1 + LD_PRELOAD=/usr/sbin/kamailio ldd $TESTFILE 2> /dev/null > /dev/null || return + + LD_PRELOAD=/usr/sbin/kamailio ldd $TESTFILE | sed -e 's/^.* => //' -e 's/ (.*)//' -e 's/\s\+//' -e '/^ldd$/d' +} + +find_binaries() { + rm -f $FILELIST_BINARY + set +e + for f in $(cat $FILELIST) + do + ldd_helper /$f >> $FILELIST_BINARY + done + set -e + sort $FILELIST_BINARY | sort | uniq > $FILELIST_BINARY.new + mv -f $FILELIST_BINARY.new $FILELIST_BINARY + + # Resolving simbolic links + cat $FILELIST_BINARY | xargs realpath > $FILELIST_BINARY.new + mv -f $FILELIST_BINARY.new $FILELIST_BINARY +} + +tar_files() { + local TARLIST=/tmp/tarlist + cat $FILELIST > $TARLIST + cat $FILELIST_BINARY >> $TARLIST + tar -czf $TMP_TAR --no-recursion -T $TARLIST + rm -f $TARLIST +} + +make_image_tar() { + mkdir -p $BUILD_ROOT + cd $BUILD_ROOT + tar xzf $TMP_TAR + /bin/busybox --install -s bin + sed -i -e '/mi_fifo/d' etc/kamailio/kamailio.cfg + tar czf /usr/src/kamailio/pkg/kamailio/alpine_docker/$IMG_TAR * +} + +prepare_build +build_and_install +#install PCAP tools +apk add --no-cache wireshark-common tcpdump + +kamailio_files > $FILELIST +extra_files >> $FILELIST +sort_filelist +filter_unnecessary_files +find_binaries +tar_files +make_image_tar diff --git a/pkg/kamailio/alpine_docker/entrypoint.sh b/pkg/kamailio/alpine_docker/entrypoint.sh new file mode 100755 index 00000000000..3720d06984b --- /dev/null +++ b/pkg/kamailio/alpine_docker/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# Created by Sergey Safarov +# + +SHM_MEMORY=${SHM_MEMORY:-64} +PKG_MEMORY=${PKG_MEMORY:-8} +trap 'kill -SIGTERM "$pid"' SIGTERM + +/usr/sbin/kamailio -DD -E -m $SHM_MEMORY -M $PKG_MEMORY & +pid="$!" + +wait $pid +exit 0 diff --git a/pkg/kamailio/alpine_docker/hooks/pre_build b/pkg/kamailio/alpine_docker/hooks/pre_build new file mode 100755 index 00000000000..88be0662c68 --- /dev/null +++ b/pkg/kamailio/alpine_docker/hooks/pre_build @@ -0,0 +1,14 @@ +#!/bin/bash -e + +echo "=> Build Kamailio source code" + +if [ ! -z "$SOURCE_BRANCH" ];then + ENV_OPT="-e SOURCE_BRANCH=$SOURCE_BRANCH" +fi + +if [ ! -z "$GIT_TAG" ];then + ENV_OPT="$ENV_OPT -e GIT_TAG=$GIT_TAG" +fi + +docker run --volume=`pwd`/../../..:/usr/src/kamailio --volume=`pwd`/build.sh:/build.sh --entrypoint=/build.sh $ENV_OPT alpine:edge +exit $?