Merge branch 'dev' into edge

README.md

@@ -32,7 +32,6 @@ The base path contains the ZeroTier One service main entry point (`one.cpp`), se
  - `controller/`: the reference network controller implementation, which is built and included by default on desktop and server build targets.
  - `debian/`: files for building Debian packages on Linux.
  - `doc/`: manual pages and other documentation.
- - `docker/`: Dockerfile to build as a container for containerized Linux systems and Kubernetes clusters.
  - `ext/`: third party libraries, binaries that we ship for convenience on some platforms (Mac and Windows), and installation support files.
  - `include/`: include files for the ZeroTier core.
  - `java/`: a JNI wrapper used with our Android mobile app. (The whole Android app is not open source but may be made so in the future.)

attic/make-linux.mk

@@ -332,8 +332,7 @@ official:	FORCE
 	make -j4 ZT_OFFICIAL=1 all
 
 docker:	FORCE
-	make clean ; make -j4 one
-	docker build -f docker/Dockerfile .
+	docker build -f ext/installfiles/linux/zerotier-containerized/Dockerfile -t zerotier-containerized .
 
 central-controller:	FORCE
 	make -j4 LDLIBS="-L/usr/pgsql-10/lib/ -lpq -Lext/librabbitmq/centos_x64/lib/ -lrabbitmq" CXXFLAGS="-I/usr/pgsql-10/include -I./ext/librabbitmq/centos_x64/include -fPIC" DEFS="-DZT_CONTROLLER_USE_LIBPQ -DZT_CONTROLLER" ZT_OFFICIAL=1 ZT_USE_X64_ASM_ED25519=1 one

docker/Dockerfile

@@ -1,19 +0,0 @@
-# Dockerfile for ZeroTier Central Controllers
-FROM centos:7
-MAINTAINER Adam Ierymekno <[email protected]>, Grant Limberg <[email protected]>
-
-RUN yum update -y
-RUN yum install -y https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm
-RUN yum install -y bash postgresql10 libpqxx-devel librabbitmq
-RUN yum clean all
-
-#RUN yum -y install epel-release && yum -y update && yum clean all
-#RUN yum -y install clang jemalloc jemalloc-devel
-
-ADD zerotier-one /usr/local/bin/zerotier-one
-RUN chmod a+x /usr/local/bin/zerotier-one
-
-ADD docker/main.sh /
-RUN chmod a+x /main.sh
-
-ENTRYPOINT /main.sh 

docker/main.sh

@@ -1,80 +0,0 @@
-#!/bin/bash
-
-if [ -z "$ZT_IDENTITY_PATH" ]; then
-    echo '*** FAILED: ZT_IDENTITY_PATH environment variable is not defined'
-    exit 1
-fi
-if [ -z "$ZT_DB_HOST" ]; then
-    echo '*** FAILED: ZT_DB_HOST environment variable not defined'
-    exit 1
-fi
-if [ -z "$ZT_DB_PORT" ]; then
-    echo '*** FAILED: ZT_DB_PORT environment variable not defined'
-    exit 1
-fi
-if [ -z "$ZT_DB_NAME" ]; then
-    echo '*** FAILED: ZT_DB_NAME environment variable not defined'
-    exit 1
-fi
-if [ -z "$ZT_DB_USER" ]; then
-    echo '*** FAILED: ZT_DB_USER environment variable not defined'
-    exit 1
-fi
-if [ -z "$ZT_DB_PASSWORD" ]; then
-    echo '*** FAILED: ZT_DB_PASSWORD environment variable not defined'
-    exit 1
-fi
-
-RMQ=""
-if [ "$ZT_USE_RABBITMQ" == "true" ]; then
-    if [ -z "$RABBITMQ_HOST" ]; then
-        echo '*** FAILED: RABBITMQ_HOST environment variable not defined'
-        exit 1
-    fi
-    if [ -z "$RABBITMQ_PORT" ]; then
-        echo '*** FAILED: RABBITMQ_PORT environment variable not defined'
-        exit 1
-    fi
-    if [ -z "$RABBITMQ_USERNAME" ]; then
-        echo '*** FAILED: RABBITMQ_USERNAME environment variable not defined'
-        exit 1
-    fi
-    if [ -z "$RABBITMQ_PASSWORD" ]; then
-        echo '*** FAILED: RABBITMQ_PASSWORD environment variable not defined'
-        exit 1
-    fi
-    RMQ=", \"rabbitmq\": {
-        \"host\": \"${RABBITMQ_HOST}\",
-        \"port\": ${RABBITMQ_PORT},
-        \"username\": \"${RABBITMQ_USERNAME}\",
-        \"password\": \"${RABBITMQ_PASSWORD}\"
-    }"
-fi
-
-mkdir -p /var/lib/zerotier-one
-
-pushd /var/lib/zerotier-one
-ln -s $ZT_IDENTITY_PATH/identity.public identity.public
-ln -s $ZT_IDENTITY_PATH/identity.secret identity.secret
-popd
-
-DEFAULT_PORT=9993
-
-echo "{
-    \"settings\": {
-        \"portMappingEnabled\": true,
-        \"softwareUpdate\": \"disable\",
-        \"interfacePrefixBlacklist\": [
-            \"inot\",
-            \"nat64\"
-        ],
-        \"controllerDbPath\": \"postgres:host=${ZT_DB_HOST} port=${ZT_DB_PORT} dbname=${ZT_DB_NAME} user=${ZT_DB_USER} password=${ZT_DB_PASSWORD} sslmode=prefer sslcert=${DB_CLIENT_CERT} sslkey=${DB_CLIENT_KEY} sslrootcert=${DB_SERVER_CA}\"
-        ${RMQ}
-    }
-}    
-" > /var/lib/zerotier-one/local.conf
-
-export GLIBCXX_FORCE_NEW=1
-export GLIBCPP_FORCE_NEW=1
-export LD_PRELOAD="/usr/lib64/libjemalloc.so"
-exec /usr/local/bin/zerotier-one -p${ZT_CONTROLLER_PORT:-$DEFAULT_PORT} /var/lib/zerotier-one

ext/central-controller-docker/README.md

@@ -0,0 +1,3 @@
+# ZeroTier Central Controller Docker Image
+
+Dockerfile & startup script for use with [ZeroTier Central](https://my.zerotier.com).  Not intended for public use.

ext/installfiles/linux/zerotier-containerized/Dockerfile

@@ -7,17 +7,13 @@ FROM debian:buster-slim as builder
 RUN apt-get update && apt-get install -y curl gnupg
 RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 0x1657198823e52a61  && \
     echo "deb http://download.zerotier.com/debian/buster buster main" > /etc/apt/sources.list.d/zerotier.list
-RUN apt-get update && apt-get install -y zerotier-one=1.2.12
-RUN curl https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/ext/installfiles/linux/zerotier-containerized/main.sh > /var/lib/zerotier-one/main.sh
+RUN apt-get update && apt-get install -y zerotier-one=1.4.4
+COPY ext/installfiles/linux/zerotier-containerized/main.sh /var/lib/zerotier-one/main.sh
 
-FROM alpine:latest
-LABEL version="1.2.12"
+FROM debian:buster-slim
+LABEL version="1.4.4"
 LABEL description="Containerized ZeroTier One for use on CoreOS or other Docker-only Linux hosts."
 
-# Uncomment to build in container
-# RUN apk add --update alpine-sdk linux-headers
-RUN apk add --update libgcc libstdc++
-
 # ZeroTier relies on UDP port 9993
 EXPOSE 9993/udp
 

osdep/EthernetTap.hpp

@@ -45,6 +45,7 @@ public:
 	virtual void setEnabled(bool en) = 0;
 	virtual bool enabled() const = 0;
 	virtual bool addIp(const InetAddress &ip) = 0;
+	virtual bool addIps(std::vector<InetAddress> ips) = 0;
 	virtual bool removeIp(const InetAddress &ip) = 0;
 	virtual std::vector<InetAddress> ips() const = 0;
 	virtual void put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len) = 0;

osdep/LinuxEthernetTap.cpp

@@ -261,10 +261,9 @@ static bool ___removeIp(const std::string &_dev,const InetAddress &ip)
 	return true;
 }
 
-#ifdef __SYNOLOGY__
-bool LinuxEthernetTap::addIpSyn(std::vector<InetAddress> ips)
+bool LinuxEthernetTap::addIps(std::vector<InetAddress> ips)
 {
-	// Here we fill out interface config (ifcfg-dev) to prevent it from being killed
+#ifdef __SYNOLOGY__
 	std::string filepath = "/etc/sysconfig/network-scripts/ifcfg-"+_dev;
 	std::string cfg_contents = "DEVICE="+_dev+"\nBOOTPROTO=static";
 	int ip4=0,ip6=0,ip4_tot=0,ip6_tot=0;
@@ -292,13 +291,14 @@ bool LinuxEthernetTap::addIpSyn(std::vector<InetAddress> ips)
 		}
 	}
 	OSUtils::writeFile(filepath.c_str(), cfg_contents.c_str(), cfg_contents.length());
-	// Finaly, add IPs
+	// Finally, add IPs
 	for(int i=0; i<(int)ips.size(); i++){
 		LinuxNetLink::getInstance().addAddress(ips[i], _dev.c_str());
 	}
 	return true;
-}
 #endif // __SYNOLOGY__
+	return false;
+}
 
 bool LinuxEthernetTap::addIp(const InetAddress &ip)
 {

osdep/LinuxEthernetTap.hpp

@@ -46,9 +46,7 @@ public:
 	virtual void setEnabled(bool en);
 	virtual bool enabled() const;
 	virtual bool addIp(const InetAddress &ip);
-#ifdef __SYNOLOGY__
-	bool addIpSyn(std::vector<InetAddress> ips);
-#endif
+	virtual bool addIps(std::vector<InetAddress> ips);
 	virtual bool removeIp(const InetAddress &ip);
 	virtual std::vector<InetAddress> ips() const;
 	virtual void put(const MAC &from,const MAC &to,unsigned int etherType,const void *data,unsigned int len);

service/OneService.cpp

@@ -1409,8 +1409,9 @@ public:
 				}
 			}
 #ifdef __SYNOLOGY__
-			if (!n.tap->addIpSyn(newManagedIps))
+			if (!n.tap->addIps(newManagedIps)) {
 				fprintf(stderr,"ERROR: unable to add ip addresses to ifcfg" ZT_EOL_S);
+			}
 #else
 			for(std::vector<InetAddress>::iterator ip(newManagedIps.begin());ip!=newManagedIps.end();++ip) {
 				if (std::find(n.managedIps.begin(),n.managedIps.end(),*ip) == n.managedIps.end()) {