Merge pull request #1245 from sergey-safarov/alpine

pkg/kamailio/alpine: Packaged rabbitmq, sctp, radius modules and created docker scripts

pkg/kamailio/alpine/0002-remove-spurious-execinfo.patch

@@ -1,30 +0,0 @@
-diff --git a/src/modules/ims_dialog/dlg_hash.c b/src/modules/ims_dialog/dlg_hash.c
-index 999ae01..4fe4aae 100644
---- a/src/modules/ims_dialog/dlg_hash.c
-+++ b/src/modules/ims_dialog/dlg_hash.c
-@@ -17,7 +17,8 @@
- #include "dlg_profile.h"
- #include "dlg_handlers.h"
- #include "dlg_db_handler.h"
--#include <execinfo.h>
-+
-+// #include <execinfo.h>
- 
- #define MAX_LDG_LOCKS  2048
- #define MIN_LDG_LOCKS  2
-@@ -70,6 +71,7 @@ static int dlg_hash_size_out = 4096;
- 		}\
- 	}while(0)
- 
-+#ifdef ALPINE_SUPPORTS_BACKTRACE
- inline static int backtrace2str(char* buf, int size)
- {
-         void* bt[32];
-@@ -87,6 +89,7 @@ inline static int backtrace2str(char* buf, int size)
-         }
-         return 0;
- }
-+#endif
- 
- /*!
-  * \brief Initialize the global dialog table

pkg/kamailio/alpine/0003-src_modules_tls_tls_init_c.patch

@@ -1,131 +0,0 @@
-$OpenBSD: patch-src_modules_tls_tls_init_c,v 1.1 2017/07/03 22:14:20 sthen Exp $
-
-Index: a/src/modules/tls/tls_init.c
---- a/src/modules/tls/tls_locking.c
-+++ b/src/modules/tls/tls_locking.c
-@@ -33,7 +33,7 @@
- static gen_lock_set_t* static_locks=0;
- 
- /* OpenSSL is thread-safe since 1.1.0 */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
- /* "dynamic" locks */
- 
-@@ -118,7 +118,7 @@
- 	}
- }
- 
--#endif /* openssl < 0x10100000L (1.1.0) */
-+#endif /* openssl < 0x10100000L (1.1.0) or LibreSSL */
- 
- 
- void tls_destroy_locks()
---- a/src/modules/tls/tls_init.c
-+++ b/src/modules/tls/tls_init.c
-@@ -139,7 +139,7 @@ const SSL_METHOD* ssl_methods[TLS_METHOD_MAX];
- */
- 
- 
--
-+#ifndef LIBRESSL_VERSION_NUMBER
- inline static char* buf_append(char* buf, char* end, char* str, int str_len)
- {
- 	if ( (buf+str_len)<end){
-@@ -317,6 +317,7 @@ static void ser_free(void *ptr, const char *fname, int
- }
- #endif
- 
-+#endif /* LIBRESSL_VERSION_NUMBER */
- 
- /*
-  * Initialize TLS socket
-@@ -360,7 +361,7 @@ static void init_ssl_methods(void)
- 	ssl_methods[TLS_USE_SSLv23 - 1] = SSLv23_method();
- 
- 	/* only specific SSL or TLS version */
--#if OPENSSL_VERSION_NUMBER < 0x010100000L
-+#if OPENSSL_VERSION_NUMBER < 0x010100000L || defined(LIBRESSL_VERSION_NUMBER)
- #ifndef OPENSSL_NO_SSL2
- 	ssl_methods[TLS_USE_SSLv2_cli - 1] = SSLv2_client_method();
- 	ssl_methods[TLS_USE_SSLv2_srv - 1] = SSLv2_server_method();
-@@ -378,13 +379,13 @@ static void init_ssl_methods(void)
- 	ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
- 	ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
- 
--#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
-+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
- 	ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
- 	ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
- 	ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
- #endif
- 
--#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
-+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
- 	ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
- 	ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
- 	ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
-@@ -393,11 +394,11 @@ static void init_ssl_methods(void)
- 	/* ranges of TLS versions (require a minimum TLS version) */
- 	ssl_methods[TLS_USE_TLSv1_PLUS - 1] = (void*)TLS_OP_TLSv1_PLUS;
- 
--#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
-+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(LIBRESSL_VERSION_NUMBER)
- 	ssl_methods[TLS_USE_TLSv1_1_PLUS - 1] = (void*)TLS_OP_TLSv1_1_PLUS;
- #endif
- 
--#if OPENSSL_VERSION_NUMBER >= 0x1000105fL
-+#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(LIBRESSL_VERSION_NUMBER)
- 	ssl_methods[TLS_USE_TLSv1_2_PLUS - 1] = (void*)TLS_OP_TLSv1_2_PLUS;
- #endif
- }
-@@ -408,6 +409,7 @@ static void init_ssl_methods(void)
-  */
- static int init_tls_compression(void)
- {
-+#ifndef LIBRESSL_VERSION_NUMBER
- #if OPENSSL_VERSION_NUMBER < 0x010100000L
- #if OPENSSL_VERSION_NUMBER >= 0x00908000L
- 	int n, r;
-@@ -494,6 +496,7 @@ static int init_tls_compression(void)
- end:
- #endif /* OPENSSL_VERSION_NUMBER >= 0.9.8 */
- #endif /* OPENSSL_VERSION_NUMBER < 1.1.0 */
-+#endif /* LIBRESSL_VERSION_NUMBER */
- 	return 0;
- }
- 
-@@ -504,6 +507,7 @@ end:
-  */
- int tls_pre_init(void)
- {
-+#ifndef LIBRESSL_VERSION_NUMBER
- #if OPENSSL_VERSION_NUMBER < 0x010100000L
- 	void *(*mf)(size_t) = NULL;
- 	void *(*rf)(void *, size_t) = NULL;
-@@ -530,6 +534,7 @@ int tls_pre_init(void)
- 				" (can be loaded first to be safe)\n");
- 		return -1;
- 	}
-+#endif /* LIBRESSL_VERSION_NUMBER */
- 
- 	if (tls_init_locks()<0)
- 		return -1;
-@@ -563,7 +568,7 @@ int init_tls_h(void)
- {
- 	/*struct socket_info* si;*/
- 	long ssl_version;
--#if OPENSSL_VERSION_NUMBER < 0x010100000L
-+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	int lib_kerberos;
- 	int lib_zlib;
- 	int kerberos_support;
-@@ -607,7 +612,7 @@ int init_tls_h(void)
- 	}
- 
- 	/* check kerberos support using compile flags only for version < 1.1.0 */
--#if OPENSSL_VERSION_NUMBER < 0x010100000L
-+#if OPENSSL_VERSION_NUMBER < 0x010100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 
- #ifdef TLS_KERBEROS_SUPPORT
- 	kerberos_support=1;

pkg/kamailio/alpine/APKBUILD

@@ -8,7 +8,7 @@ pkgrel=0
 
 # If building from a git snapshot, specify the gitcommit
 # If building a proper release, leave gitcommit blank
-#_gitcommit=65ed9b065c497266a4ecd9760e7c168c69b4c6e8
+_gitcommit=1fe5970917f21e9d69127635e04ba8ae585e2da4
 
 [ ! -z "${_gitcommit}" ] && pkgver="${pkgver}.$(date +%Y%m%d)"
 [ ! -z "${_gitcommit}" ] && _suffix="-${_gitcommit:0:7}"
@@ -23,7 +23,7 @@ pkggroups="kamailio"
 arch="all"
 license="GPL2+"
 depends=""
-makedepends="bison flex expat-dev postgresql-dev pcre-dev mariadb-dev
+makedepends="bison db-dev flex freeradius-client-dev expat-dev lksctp-tools-dev perl-dev postgresql-dev python2-dev pcre-dev mariadb-dev
 	libxml2-dev curl-dev unixodbc-dev confuse-dev ncurses-dev sqlite-dev
 	lua-dev openldap-dev libressl-dev net-snmp-dev libuuid libev-dev
 	jansson-dev json-c-dev libevent-dev linux-headers libmemcached-dev
@@ -57,7 +57,7 @@ _mod_list_extras="auth_diameter call_control cnxcc dmq domainpolicy log_custom \
 		auth_xkeys"
 
 # - common modules depending on database
-_mod_list_db="acc alias_db auth_db avpops cfg_db db_flatstore \
+_mod_list_db="acc alias_db auth_db avpops cfg_db db_berkeley db_flatstore \
 		db_cluster dialog dispatcher domain drouting group \
 		htable imc matrix mohqueue msilo mtree p_usrloc pdt permissions \
 		pipelimit prefix_route registrar sipcapture siptrace speeddial \
@@ -172,7 +172,7 @@ _mod_list_oracle="db_oracle"
 _mod_list_json="json jsonrpcc jsonrpcs"
 
 # - modules depending on redis library
-_mod_list_redis="ndb_redis"
+_mod_list_redis="ndb_redis topos_redis"
 
 # - modules depending on mono library
 _mod_list_mono="app_mono"
@@ -228,7 +228,7 @@ for _i in db postgres sqlite dbtext mysql \
 	ldap utils tls presence lua ims outbound debugger \
 	extras json websocket authephemeral \
 	uuid ev memcached redis geoip2 jansson \
-	jsdt http_async kazoo; do
+	jsdt http_async kazoo rabbitmq sctp radius perl python; do
 
    subpackages="$subpackages $pkgname-$_i"
    eval "_modules=\"\$_modules \$_mod_list_$_i\""
@@ -236,7 +236,6 @@ done
 
 source="${pkgname}-${pkgver}${_suffix}.tar.gz::https://github.com/kamailio/$pkgname/archive/$_gitcommit.tar.gz
 	0001-kamdbctl.base.patch
-	0003-src_modules_tls_tls_init_c.patch
 	0004-src_core_tcp_read_c.patch
 	kamailio.cfg
 	kamailio.initd
@@ -274,13 +273,13 @@ build() {
 		DESTDIR="$pkgdir" \
 		cfg_prefix="$pkgdir" \
 		cfg
-	make EMBEDDED_UTF8_DECODE=1 STUN=1 \
+	make EMBEDDED_UTF8_DECODE=1 STUN=1 FREERADIUS=1 \
 		all || return 1
 }
 
 package() {
 	cd "$builddir"
-	make -j1 install || return 1
+	make  FREERADIUS=1 -j1 install || return 1
 
 	# move default config to -doc package and use our own default config
 
@@ -497,10 +496,29 @@ kazoo() {
 		"$_mod_list_kazoo"
 }
 
+radius() {
+	_generic_pkg "RADIUS modules for Kamailio" \
+		"$_mod_list_radius"
+}
+
+sctp() {
+	_generic_pkg "SCTP transport for Kamailio" \
+		"$_mod_list_sctp"
+}
+
+perl() {
+	_generic_pkg "Perl extensions and database driver for Kamailio" \
+		"$_mod_list_perl"
+}
+
+python() {
+	_generic_pkg "Python extensions for Kamailio" \
+		"$_mod_list_python"
+}
+
 
-sha512sums="e31c99c4300c2db6d324ca4253161bd55d634ec854809e75c3058bdea91caea789ff4b7022bfc60c1c38212d359d960b00908c6e257ce3de379082bc430d7794  kamailio-5.1.0.20170920-65ed9b0.tar.gz
+sha512sums="6b4c58fe628270f8927721813607ce080b5e257cca8ace8c7b286c77c7880be258c07f1c7fb5711449cfc1f8841468e6ca647cf2e28be7a8d3dbb316527b7198  kamailio-5.1.0.20170922-1fe5970.tar.gz
 6badfb611c02ffcb4c2e9937731162ea1a4b737f042ed52120e2f96ebb80b5b7d240b5612c9ca565e693eec9b8c52c1ee5db04dfc47d204501021f984b4b11db  0001-kamdbctl.base.patch
-384216758a9c95f019cbf9b548533ae88e2069a9f1f1730c51a36d1b8fe6b7c41ec51196eccaaaf8a70fcb74443a5cf94ee62cfe39772d7b4cda2aecce25e128  0003-src_modules_tls_tls_init_c.patch
 af8362201957eae6b66baf7368c9ca884024209a396d77c5c52180c9aabe13772e9c6513e59721d39503e5bb7a8c1030f5c10301ea9055bddafb7f01ee2f3076  0004-src_core_tcp_read_c.patch
 c1abf69b48847dc8c7ab0d11ef9adb531aa4635f9d44db6933981edc5a47df374664fb24867b19aa64abbcc9777bf1cd0360d9aea54e27b081065928c61e0f0b  kamailio.cfg
 cd6e3b677d803cd78561ad14d9b2589fd35ad0096f48047fdcb4ddc7d9103871357efba3b350946844cb53dbb081210746421fc420c22ac845b90251168a628e  kamailio.initd"

pkg/kamailio/alpine_docker/Dockerfile

@@ -0,0 +1,6 @@
+FROM scratch
+
+ADD kamailio_img.tar.gz /
+COPY entrypoint.sh /
+
+ENTRYPOINT ["/entrypoint.sh"]

pkg/kamailio/alpine_docker/README.md

@@ -0,0 +1,91 @@
+About
+-----
+
+Container designed to run on host, bridge and swarm network.
+Size of container decreased to 50MB (23MB compressed)
+Significantly increased security - removed all libs except libc, busybox, tcpdump, dumpcap, kamailio and dependent libs.
+Docker container is created useing Alpine linux packaging
+
+Used environment variables
+--------------------------
+
+1. ```SHM_MEMORY``` - amount of shared memory to allocate for the running Kamailio server (in Mb), default value 64Mb;
+2. ```PKG_MEMORY``` - amount of per-process (package) memory to allocate for Kamailio (in Mb), default value 8Mb
+
+Usage container
+---------------
+
+```sh
+docker run --net=host --name kamailio \
+           -v /etc/kamailio/:/etc/kamailio \
+           kamailio/kamailio
+```
+
+systemd unit file
+-----------------
+
+You can use this systemd unit files on your docker host.
+Unit file can be placed to ```/etc/systemd/system/kamailio-docker.service``` and enabled by commands
+```sh
+systemd start kamailio-docker.service
+systemd enable kamailio-docker.service
+```
+
+host network
+============
+
+```sh
+$ cat /etc/systemd/system/kamailio-docker.service
+[Unit]
+Description=kamailio Container
+After=docker.service network-online.target
+Requires=docker.service
+
+
+[Service]
+Restart=always
+TimeoutStartSec=0
+#One ExecStart/ExecStop line to prevent hitting bugs in certain systemd versions
+ExecStart=/bin/sh -c 'docker rm -f kamailio; \
+          docker run -t --net=host --name kamailio \
+                 -v /etc/kamailio/:/etc/kamailio \
+                 kamailio/kamailio'
+ExecStop=-/bin/sh -c '/usr/bin/docker stop kamailio; \
+          /usr/bin/docker rm -f kamailio;'
+
+[Install]
+WantedBy=multi-user.target
+```
+
+default bridge network
+======================
+```sh
+[Unit]
+Description=kamailio Container
+After=docker.service network-online.target
+Requires=docker.service
+
+
+[Service]
+Restart=always
+TimeoutStartSec=0
+#One ExecStart/ExecStop line to prevent hitting bugs in certain systemd versions
+ExecStart=/bin/sh -c 'docker rm -f kamailio; \
+          docker run -t --network bridge --name kamailio \
+                 -p 5060:5060/udp -p 5060:5060 \
+                 -v /etc/kamailio/:/etc/kamailio \
+                 kamailio/kamailio'
+
+ExecStop=-/bin/sh -c '/usr/bin/docker stop kamailio; \
+          /usr/bin/docker rm -f kamailio;'
+
+[Install]
+WantedBy=multi-user.target
+```
+
+.bashrc file
+------------
+To simplify kamailio managment you can add alias for ```kamctl``` to ```.bashrc``` file as example bellow.
+```sh
+alias kamctl='docker exec -i -t kamailio /usr/sbin/kamctl'
+```

pkg/kamailio/alpine_docker/build.sh

@@ -0,0 +1,137 @@
+#!/bin/sh -e
+
+# This script is wrote by Sergey Safarov <[email protected]>
+
+BUILD_ROOT=/tmp/kamailio
+FILELIST=/tmp/filelist
+FILELIST_BINARY=/tmp/filelist_binary
+TMP_TAR=/tmp/kamailio_min.tar.gz
+IMG_TAR=kamailio_img.tar.gz
+
+prepare_build() {
+apk add --no-cache abuild git gcc build-base bison db-dev flex expat-dev perl-dev postgresql-dev python2-dev pcre-dev mariadb-dev \
+    libxml2-dev curl-dev unixodbc-dev confuse-dev ncurses-dev sqlite-dev lua-dev openldap-dev \
+    libressl-dev net-snmp-dev libuuid libev-dev jansson-dev json-c-dev libevent-dev linux-headers \
+    libmemcached-dev rabbitmq-c-dev hiredis-dev libmaxminddb-dev libunistring-dev freeradius-client-dev lksctp-tools-dev
+
+    adduser -D build && addgroup build abuild
+    echo "%abuild ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/abuild
+    su - build -c "git config --global user.name 'Your Full Name'"
+    su - build -c "git config --global user.email '[email protected]'"
+    su - build -c "abuild-keygen -a -i"
+}
+
+build_and_install(){
+    if [ ! -z "$GIT_TAG" ]; then
+        sed -i -e "s/^_gitcommit=.*/_gitcommit=$GIT_TAG/" /usr/src/kamailio/pkg/kamailio/alpine/APKBUILD
+    fi
+    chown -R build /usr/src/kamailio
+    su - build -c "cd /usr/src/kamailio/pkg/kamailio/alpine; abuild snapshot"
+    su - build -c "cd /usr/src/kamailio/pkg/kamailio/alpine; abuild -r"
+    cd /home/build/packages/kamailio/x86_64
+    ls -1 kamailio-*.apk |  xargs apk --no-cache --allow-untrusted add
+}
+
+list_installed_kamailio_packages() {
+	apk info | grep kamailio
+}
+
+kamailio_files() {
+    local PACKAGES
+    PACKAGES=$(apk info | grep kamailio)
+    PACKAGES="musl $PACKAGES"
+    for pkg in $PACKAGES
+    do
+        # list package files and filter package name
+        apk info --contents $pkg 2> /dev/null | sed -e '/\S\+ contains:/d'  -e '/^$/d' -e 's/^/\//'
+    done
+}
+
+extra_files() {
+    cat << EOF
+/etc
+/bin
+/bin/busybox
+/usr/bin
+/usr/bin/dumpcap
+/usr/lib
+/usr/sbin
+/usr/sbin/tcpdump
+/var
+/var/run
+/run
+EOF
+}
+
+sort_filelist() {
+    sort $FILELIST | uniq > $FILELIST.new
+    mv -f $FILELIST.new $FILELIST
+}
+
+filter_unnecessary_files() {
+# excluded following files and directories recursive
+# /usr/lib/debug/usr/lib/kamailio/
+# /usr/share/doc/kamailio
+# /usr/share/man
+# /usr/share/snmp
+
+    sed -i \
+        -e '\|^/usr/lib/debug/|d' \
+        -e '\|^/usr/share/doc/kamailio/|d' \
+        -e '\|^/usr/share/man/|d' \
+        -e '\|^/usr/share/snmp/|d' \
+        $FILELIST
+}
+
+ldd_helper() {
+    TESTFILE=$1
+    LD_PRELOAD=/usr/sbin/kamailio ldd $TESTFILE 2> /dev/null > /dev/null || return
+
+    LD_PRELOAD=/usr/sbin/kamailio ldd $TESTFILE | sed -e 's/^.* => //' -e 's/ (.*)//' -e 's/\s\+//' -e '/^ldd$/d'
+}
+
+find_binaries() {
+    rm -f $FILELIST_BINARY
+    set +e
+    for f in $(cat $FILELIST)
+    do
+        ldd_helper /$f >> $FILELIST_BINARY
+    done
+    set -e
+    sort $FILELIST_BINARY | sort | uniq > $FILELIST_BINARY.new
+    mv -f $FILELIST_BINARY.new $FILELIST_BINARY
+
+    # Resolving simbolic links
+    cat $FILELIST_BINARY | xargs realpath > $FILELIST_BINARY.new
+    mv -f $FILELIST_BINARY.new $FILELIST_BINARY
+}
+
+tar_files() {
+    local TARLIST=/tmp/tarlist
+    cat $FILELIST > $TARLIST
+    cat $FILELIST_BINARY >> $TARLIST
+    tar -czf $TMP_TAR --no-recursion -T $TARLIST
+    rm -f $TARLIST
+}
+
+make_image_tar() {
+    mkdir -p $BUILD_ROOT
+    cd $BUILD_ROOT
+    tar xzf $TMP_TAR
+    /bin/busybox --install -s bin
+    sed -i -e '/mi_fifo/d' etc/kamailio/kamailio.cfg
+    tar czf /usr/src/kamailio/pkg/kamailio/alpine_docker/$IMG_TAR *
+}
+
+prepare_build
+build_and_install
+#install PCAP tools
+apk add --no-cache wireshark-common tcpdump
+
+kamailio_files > $FILELIST
+extra_files >> $FILELIST
+sort_filelist
+filter_unnecessary_files
+find_binaries
+tar_files
+make_image_tar

pkg/kamailio/alpine_docker/entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+#  Created by Sergey Safarov <[email protected]>
+#
+
+SHM_MEMORY=${SHM_MEMORY:-64}
+PKG_MEMORY=${PKG_MEMORY:-8}
+trap 'kill -SIGTERM "$pid"' SIGTERM
+
+/usr/sbin/kamailio -DD -E -m $SHM_MEMORY -M $PKG_MEMORY &
+pid="$!"
+
+wait $pid
+exit 0

pkg/kamailio/alpine_docker/hooks/pre_build

@@ -0,0 +1,14 @@
+#!/bin/bash -e
+
+echo "=> Build Kamailio source code"
+
+if [ ! -z "$SOURCE_BRANCH" ];then
+    ENV_OPT="-e SOURCE_BRANCH=$SOURCE_BRANCH"
+fi
+
+if [ ! -z "$GIT_TAG" ];then
+    ENV_OPT="$ENV_OPT -e GIT_TAG=$GIT_TAG"
+fi
+
+docker run --volume=`pwd`/../../..:/usr/src/kamailio --volume=`pwd`/build.sh:/build.sh --entrypoint=/build.sh $ENV_OPT alpine:edge
+exit $?