Certificates, and it builds again.

CMakeLists.txt

@@ -104,6 +104,27 @@ else(WIN32)
 			$<$<CONFIG:RELWITHDEBINFO>:-fPIE>
 			$<$<CONFIG:RELWITHDEBINFO>:-g>
 		)
+		option(BUILD_32BIT "Force building as 32-bit binary" OFF)
+		option(BUILD_STATIC "Build statically linked executable" OFF)
+		if(BUILD_32BIT)
+			set(CMAKE_SYSTEM_PROCESSOR "x86" CACHE STRING "system processor")
+			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32" CACHE STRING "c++ flags")
+			set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS} -m32" CACHE STRING "c flags")
+			set(GOARCH "GOARCH=386" CACHE STRING "go architecture")
+			add_compile_options(
+				-m32
+			)
+		endif(BUILD_32BIT)
+		if(BUILD_STATIC)
+			add_link_options(
+				-static
+			)
+			set(CMAKE_EXE_LINKER_FLAGS "-static ${CMAKE_EXE_LINKER_FLAGS}")
+			set(GOFLAGS 
+				-a 
+				-tags netgo 
+				-ldflags '-w -extldflags \"-static\"')
+		endif(BUILD_STATIC)
 	endif(APPLE)
 endif(WIN32)
 
@@ -133,7 +154,7 @@ file(GLOB go_src
 
 add_custom_command(
 	OUTPUT ${CMAKE_BINARY_DIR}/zerotier_cgo.h ${CMAKE_BINARY_DIR}/zerotier_cgo.a
-	COMMAND ${GO} build -buildmode=c-archive -o ${CMAKE_BINARY_DIR}/zerotier_cgo.a ${CMAKE_SOURCE_DIR}/cmd/zerotier/zerotier.go
+	COMMAND ${GOARCH} CGO_ENABLED=1 ${GO} build -buildmode=c-archive ${GOFLAGS} -o ${CMAKE_BINARY_DIR}/zerotier_cgo.a ${CMAKE_SOURCE_DIR}/cmd/zerotier/zerotier.go
 	IMPLICIT_DEPENDS ${go_src}
 	COMMENT "Compiling Go Code..."
 )

Jenkinsfile

@@ -18,7 +18,7 @@ pipeline {
             steps {
                 script {
                     def tasks = [:]
-                    // tasks << buildStaticBinaries()
+                    tasks << buildStaticBinaries()
                     tasks << buildDebianNative()
                     tasks << buildCentosNative()
                     
@@ -55,9 +55,16 @@ def buildStaticBinaries() {
                 def runtime = docker.image("ztbuild/${distro}-${platform}:latest")
                 runtime.inside {
                     dir("build") {
-                        sh 'make -j8 ZT_STATIC=1 all'
-                        sh "mv zerotier zerotier-static-${platform}"
-                        stash includes: 'zerotier-static-*', name: "static-${platform}"
+                        def cmakeFlags = 'CMAKE_ARGS="-DBUILD_STATIC=1"'
+                        if (platform == "i386") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_32BIT=1 -DBUILD_STATIC=1"'
+                         }
+                   
+                        sh "${cmakeFlags} make"
+                        dir("build") {
+                            sh "mv zerotier zerotier-static-${platform}"
+                            stash includes: 'zerotier-static-*', name: "static-${platform}"
+                        }
                     }
                     cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
                 }
@@ -282,8 +289,14 @@ def buildDebianNative() {
                 }
                 def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
                 runtime.inside {
+                    def cmakeFlags = ""
+                    if (arch == "i386") {
+                        cmakeFlags = 'CMAKE_ARGS="-DBUILD_32BIT=1"'
+                    }
+                   
+                    sh 'whoami'
                     dir("build") {
-                        sh 'make -j4'
+                        sh "${cmakeFlags} make -j4"
                     }
                     // sh "mkdir -p ${distro}"
                     // sh "mv *.deb ${distro}"

Makefile

@@ -4,22 +4,22 @@ TIMESTAMP=$(shell date +"%Y%m%d%H%M")
 .PHONY: all
 
 all:	setup
-	cd ${BUILDDIR} && $(MAKE) -j$(shell getconf _NPROCESSORS_ONLN)
+	cd ${BUILDDIR} && $(MAKE) -j$(shell getconf _NPROCESSORS_ONLN) VERBOSE=1
 
 setup:
-	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Release
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Release ${CMAKE_ARGS}
 
 setup-debug:
-	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug ${CMAKE_ARGS}
 
 debug:
-	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug  && $(MAKE)
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug ${CMAKE_ARGS} && $(MAKE)
 
 central-controller:
-	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_CENTRAL_CONTROLLER=1 && $(MAKE) -j4
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_CENTRAL_CONTROLLER=1 ${CMAKE_ARGS} && $(MAKE) -j4
 
 central-controller-debug:
-	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug -DBUILD_CENTRAL_CONTROLLER=1 && $(MAKE) -j4
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug -DBUILD_CENTRAL_CONTROLLER=1 ${CMAKE_ARGS}  && $(MAKE) -j4
 
 central-controller-docker:
 	docker build -t registry.zerotier.com/zerotier-central/ztcentral-controller:${TIMESTAMP} -f controller/central-docker/Dockerfile .

core/CMakeLists.txt

@@ -105,4 +105,9 @@ endif(WIN32)
 
 add_executable(zt_core_tests Tests.h Tests.cpp)
 target_compile_definitions(zt_core_tests PRIVATE ZT_ENABLE_TESTS=1 ZT_STANDALONE_TESTS=1)
+target_include_directories(
+	${PROJECT_NAME}
+	PUBLIC
+	${CMAKE_BINARY_DIR}/core
+)
 target_link_libraries(zt_core_tests zt_core ${libs})

core/Constants.hpp

@@ -17,14 +17,7 @@
 #include "zerotier.h"
 #include "OS.hpp"
 
-#if __has_include("version.h")
 #include "version.h"
-#else /* dummy values for use inside IDEs, etc. */
-#define ZEROTIER_VERSION_MAJOR 255
-#define ZEROTIER_VERSION_MINOR 255
-#define ZEROTIER_VERSION_REVISION 255
-#define ZEROTIER_VERSION_BUILD 255
-#endif
 
 /**
  * Version bit packed into four 16-bit fields in a 64-bit unsigned integer.

core/IdentificationCertificate.cpp

@@ -16,24 +16,25 @@
 
 namespace ZeroTier {
 
-IdentificationCertificate &IdentificationCertificate::operator=(const ZT_IdentificationCertificate &apiCert)
+void IdentificationCertificate::clear()
 {
-	Utils::copy< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this, &apiCert);
+	Utils::zero< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this);
 	m_identities.clear();
 	m_locators.clear();
 	m_nodes.clear();
 	m_networks.clear();
+}
+
+IdentificationCertificate &IdentificationCertificate::operator=(const ZT_IdentificationCertificate &apiCert)
+{
+	clear();
+	Utils::copy< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this, &apiCert);
 	return *this;
 }
 
 IdentificationCertificate &IdentificationCertificate::operator=(const IdentificationCertificate &cert)
 {
-	Utils::copy< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this, (const ZT_IdentificationCertificate *)(&cert));
-
-	m_identities.clear();
-	m_locators.clear();
-	m_nodes.clear();
-	m_networks.clear();
+	*this = *((const ZT_IdentificationCertificate *)(&cert));
 
 	this->subject.nodeCount = 0;
 	this->subject.networkCount = 0;
@@ -147,11 +148,7 @@ bool IdentificationCertificate::decode(const Vector< uint8_t > &data)
 {
 	char tmp[256];
 
-	Utils::zero< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this);
-	m_identities.clear();
-	m_locators.clear();
-	m_nodes.clear();
-	m_networks.clear();
+	clear();
 
 	Dictionary d;
 	if (!d.decode(data.data(), (unsigned int)data.size()))

core/IdentificationCertificate.hpp

@@ -31,31 +31,37 @@ namespace ZeroTier {
  * Certificate identifying the real world owner of an identity or network.
  *
  * This is a wrapper around the straight C ZT_IdentificationCertificate and
- * handles allocating memory for objects and disposing of it on GC. If filling
- * out a ZT_IdentificationCertificate structure, identities and other objects
- * should be attached via the addXXX() methods rather than by directly setting
- * the pointers in the C structure.
- *
- * If identities and similar objects are NOT added via the addXXX() methods,
- * this will not take care of de-allocating them when destroyed.
+ * handles allocating memory for objects added via addXXX() and disposing of
+ * them on delete. If pointers in the underlying C struct are set manually,
+ * their memory is not freed on delete. Use the addXXX() methods to fill
+ * out this structure in C++ code.
  *
  * The serialNo field is filled in automatically by sign() and decode(), so
- * it can be left undefined when building certificates.
+ * it can be left undefined when building certificates. It contains a SHA384
+ * hash of the certificate marshalled without the signature field.
+ *
+ * The hashCode() method and comparison operators compare the serial number
+ * field, so these will not work correctly before sign() or decode() is
+ * called.
  */
 class IdentificationCertificate : public ZT_IdentificationCertificate
 {
 public:
 	ZT_INLINE IdentificationCertificate() noexcept
-	{ Utils::zero< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this); }
+	{ this->clear(); }
 
 	ZT_INLINE IdentificationCertificate(const ZT_IdentificationCertificate &apiCert)
-	{ Utils::copy< sizeof(ZT_IdentificationCertificate) >((ZT_IdentificationCertificate *)this, &apiCert); }
+	{ *this = apiCert; }
 
 	ZT_INLINE IdentificationCertificate(const IdentificationCertificate &cert)
 	{ *this = cert; }
 
-	IdentificationCertificate &operator=(const ZT_IdentificationCertificate &apiCert);
+	/**
+	 * Zero all fields and release all extra memory
+	 */
+	void clear();
 
+	IdentificationCertificate &operator=(const ZT_IdentificationCertificate &apiCert);
 	IdentificationCertificate &operator=(const IdentificationCertificate &cert);
 
 	/**
@@ -118,6 +124,21 @@ public:
 	 */
 	bool verify() const;
 
+	ZT_INLINE unsigned long hashCode() const noexcept { return (unsigned long)Utils::loadAsIsEndian<uint32_t>(this->serialNo); }
+
+	ZT_INLINE bool operator==(const ZT_IdentificationCertificate &c) const noexcept
+	{	return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) == 0; }
+	ZT_INLINE bool operator!=(const ZT_IdentificationCertificate &c) const noexcept
+	{	return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) != 0; }
+	ZT_INLINE bool operator<(const ZT_IdentificationCertificate &c) const noexcept
+	{	return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) < 0; }
+	ZT_INLINE bool operator<=(const ZT_IdentificationCertificate &c) const noexcept
+	{	return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) <= 0; }
+	ZT_INLINE bool operator>(const ZT_IdentificationCertificate &c) const noexcept
+	{	return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) > 0; }
+	ZT_INLINE bool operator>=(const ZT_IdentificationCertificate &c) const noexcept
+	{	return memcmp(this->serialNo, c.serialNo, ZT_SHA384_DIGEST_SIZE) >= 0; }
+
 private:
 	// These hold any identity or locator objects that are owned by and should
 	// be deleted with this certificate. Lists are used so the pointers never

core/NetworkConfig.cpp

@@ -35,9 +35,9 @@ bool NetworkConfig::toDictionary(Dictionary &d) const
 		d.add(ZT_NETWORKCONFIG_DICT_KEY_ISSUED_TO_IDENTITY_HASH,this->issuedToFingerprintHash,ZT_FINGERPRINT_HASH_SIZE);
 		d.add(ZT_NETWORKCONFIG_DICT_KEY_FLAGS,this->flags);
 		d.add(ZT_NETWORKCONFIG_DICT_KEY_MULTICAST_LIMIT,(uint64_t)this->multicastLimit);
-		d.add(ZT_NETWORKCONFIG_DICT_KEY_TYPE,(uint16_t)this->type);
+		d.add(ZT_NETWORKCONFIG_DICT_KEY_TYPE,(uint64_t)this->type);
 		d.add(ZT_NETWORKCONFIG_DICT_KEY_NAME,this->name);
-		d.add(ZT_NETWORKCONFIG_DICT_KEY_MTU,this->mtu);
+		d.add(ZT_NETWORKCONFIG_DICT_KEY_MTU,(uint64_t)this->mtu);
 
 		if (this->com) {
 			d.add(ZT_NETWORKCONFIG_DICT_KEY_COM,tmp,this->com.marshal(tmp));

core/Salsa20.cpp

@@ -39,6 +39,7 @@ static ZT_INLINE void U32TO8_LITTLE(uint8_t *const c,const uint32_t v) { c[0] =
 #endif // !ZT_SALSA20_SSE
 
 #ifdef ZT_SALSA20_SSE
+
 class _s20sseconsts
 {
 public:
@@ -47,8 +48,10 @@ public:
 		maskLo32 = _mm_shuffle_epi32(_mm_cvtsi32_si128(-1), _MM_SHUFFLE(1, 0, 1, 0));
 		maskHi32 = _mm_slli_epi64(maskLo32, 32);
 	}
+
 	__m128i maskLo32, maskHi32;
 };
+
 static const _s20sseconsts s_S20SSECONSTANTS;
 #endif
 
@@ -57,7 +60,7 @@ namespace ZeroTier {
 void Salsa20::init(const void *key, const void *iv) noexcept
 {
 #ifdef ZT_SALSA20_SSE
-	const uint32_t *const k = (const uint32_t *) key;
+	const uint32_t *const k = (const uint32_t *)key;
 	_state.i[0] = 0x61707865;
 	_state.i[1] = 0x3320646e;
 	_state.i[2] = 0x79622d32;
@@ -69,10 +72,10 @@ void Salsa20::init(const void *key, const void *iv) noexcept
 	_state.i[8] = 0;
 	_state.i[9] = k[6];
 	_state.i[10] = k[1];
-	_state.i[11] = ((const uint32_t *) iv)[1];
+	_state.i[11] = ((const uint32_t *)iv)[1];
 	_state.i[12] = k[5];
 	_state.i[13] = k[0];
-	_state.i[14] = ((const uint32_t *) iv)[0];
+	_state.i[14] = ((const uint32_t *)iv)[0];
 	_state.i[15] = k[4];
 #else
 	const char *const constants = "expand 32-byte k";
@@ -96,14 +99,15 @@ void Salsa20::init(const void *key, const void *iv) noexcept
 #endif
 }
 
-union p_SalsaState {
+union p_SalsaState
+{
 #ifdef ZT_SALSA20_SSE
 	__m128i v[4];
 #endif // ZT_SALSA20_SSE
 	uint32_t i[16];
 };
 
-template<unsigned int R>
+template< unsigned int R >
 static ZT_INLINE void p_salsaCrypt(p_SalsaState *const state, const uint8_t *m, uint8_t *c, unsigned int bytes) noexcept
 {
 	if (unlikely(bytes == 0))
@@ -144,17 +148,18 @@ static ZT_INLINE void p_salsaCrypt(p_SalsaState *const state, const uint8_t *m,
 #endif
 
 	for (;;) {
-		if (likely(bytes >= 64)) {
-#ifdef ZT_SALSA20_SSE
-			_mm_prefetch(m + 128, _MM_HINT_T0);
-#endif
-		} else {
-			for (unsigned int i = 0;i < bytes;++i)
+		if (unlikely(bytes < 64)) {
+			for (unsigned int i = 0; i < bytes; ++i)
 				tmp[i] = m[i];
 			m = tmp;
 			ctarget = c;
 			c = tmp;
 		}
+#ifdef ZT_SALSA20_SSE
+		else {
+			_mm_prefetch(m + 128, _MM_HINT_T0);
+		}
+#endif
 
 #ifdef ZT_SALSA20_SSE
 		__m128i X0s = X0;
@@ -163,7 +168,7 @@ static ZT_INLINE void p_salsaCrypt(p_SalsaState *const state, const uint8_t *m,
 		__m128i X3s = X3;
 		__m128i T;
 
-		for(unsigned int rr=0; rr<(R/2); ++rr) {
+		for (unsigned int rr = 0; rr < (R / 2); ++rr) {
 			T = _mm_add_epi32(X0, X3);
 			X1 = _mm_xor_si128(_mm_xor_si128(X1, _mm_slli_epi32(T, 7)), _mm_srli_epi32(T, 25));
 			T = _mm_add_epi32(X1, X0);
@@ -308,7 +313,7 @@ static ZT_INLINE void p_salsaCrypt(p_SalsaState *const state, const uint8_t *m,
 			m += 64;
 		} else {
 			if (bytes < 64) {
-				for (unsigned int i = 0;i < bytes;++i)
+				for (unsigned int i = 0; i < bytes; ++i)
 					ctarget[i] = c[i];
 			}
 #ifdef ZT_SALSA20_SSE
@@ -323,12 +328,12 @@ static ZT_INLINE void p_salsaCrypt(p_SalsaState *const state, const uint8_t *m,
 
 void Salsa20::crypt12(const void *in, void *out, unsigned int bytes) noexcept
 {
-	p_salsaCrypt<12>(reinterpret_cast<p_SalsaState *>(&_state), reinterpret_cast<const uint8_t *>(in), reinterpret_cast<uint8_t *>(out), bytes);
+	p_salsaCrypt< 12 >(reinterpret_cast<p_SalsaState *>(&_state), reinterpret_cast<const uint8_t *>(in), reinterpret_cast<uint8_t *>(out), bytes);
 }
 
 void Salsa20::crypt20(const void *in, void *out, unsigned int bytes) noexcept
 {
-	p_salsaCrypt<20>(reinterpret_cast<p_SalsaState *>(&_state), reinterpret_cast<const uint8_t *>(in), reinterpret_cast<uint8_t *>(out), bytes);
+	p_salsaCrypt< 20 >(reinterpret_cast<p_SalsaState *>(&_state), reinterpret_cast<const uint8_t *>(in), reinterpret_cast<uint8_t *>(out), bytes);
 }
 
 } // namespace ZeroTier

core/Topology.cpp

@@ -22,19 +22,7 @@ Topology::Topology(const RuntimeEnvironment *renv, void *tPtr) :
 	idtmp[0] = 0;
 	idtmp[1] = 0;
 	Vector< uint8_t > data(RR->node->stateObjectGet(tPtr, ZT_STATE_OBJECT_ROOTS, idtmp));
-	if (!data.empty()) {
-		uint8_t *dptr = data.data();
-		int drem = (int)data.size();
-		for (;;) {
-			Identity id;
-			int l = id.unmarshal(dptr, drem);
-			if ((l > 0) && (id)) {
-				ZT_SPEW("restored root %s", id.address().toString().c_str());
-				if ((drem -= l) <= 0)
-					break;
-			} else break;
-		}
-	}
+	// TODO
 	m_updateRootPeers(tPtr);
 }
 
@@ -67,7 +55,8 @@ SharedPtr< Peer > Topology::addRoot(void *const tPtr, const Identity &id)
 {
 	if ((id != RR->identity) && id.locallyValidate()) {
 		RWMutex::Lock l1(m_peers_l);
-		m_roots.insert(id);
+		// TODO
+		//m_roots.insert(id);
 
 		m_updateRootPeers(tPtr);
 		m_writeRootList(tPtr);
@@ -83,18 +72,8 @@ SharedPtr< Peer > Topology::addRoot(void *const tPtr, const Identity &id)
 bool Topology::removeRoot(void *const tPtr, Address address)
 {
 	RWMutex::Lock l1(m_peers_l);
-	for (Vector< SharedPtr< Peer > >::const_iterator r(m_rootPeers.begin()); r != m_rootPeers.end(); ++r) {
-		if ((*r)->address() == address) {
-			Set< Identity >::iterator rr(m_roots.find((*r)->identity()));
-			if (rr != m_roots.end()) {
-				m_roots.erase(rr);
-				m_updateRootPeers(tPtr);
-				m_writeRootList(tPtr);
-				return true;
-			}
-		}
-	}
-	return false;
+	// TODO
+	return true;
 }
 
 void Topology::rankRoots()
@@ -168,6 +147,8 @@ void Topology::m_loadCached(void *tPtr, const Address &zta, SharedPtr< Peer > &p
 void Topology::m_writeRootList(void *tPtr)
 {
 	// assumes m_peers_l is locked for read or write
+	// TODO
+#if 0
 	uint8_t *const roots = (uint8_t *)malloc((ZT_IDENTITY_MARSHAL_SIZE_MAX + ZT_LOCATOR_MARSHAL_SIZE_MAX + 2) * m_roots.size());
 	if (roots) { // sanity check
 		int p = 0;
@@ -182,11 +163,14 @@ void Topology::m_writeRootList(void *tPtr)
 		RR->node->stateObjectPut(tPtr, ZT_STATE_OBJECT_ROOTS, id, roots, (unsigned int)p);
 		free(roots);
 	}
+#endif
 }
 
 void Topology::m_updateRootPeers(void *tPtr)
 {
 	// assumes m_peers_l is locked for write
+	// TODO
+#if 0
 	Vector< SharedPtr< Peer > > rp;
 	for (Map< Identity, Set< SubscriptionKeyHash > >::iterator r(m_roots.begin()); r != m_roots.end(); ++r) {
 		Map< Address, SharedPtr< Peer > >::iterator pp(m_peers.find(r->first.address()));
@@ -207,6 +191,7 @@ void Topology::m_updateRootPeers(void *tPtr)
 	}
 	std::sort(rp.begin(), rp.end(), p_RootSortComparisonOperator());
 	m_rootPeers.swap(rp);
+#endif
 }
 
 } // namespace ZeroTier

core/Topology.hpp

@@ -24,8 +24,9 @@
 #include "SharedPtr.hpp"
 #include "ScopedPtr.hpp"
 #include "Fingerprint.hpp"
-#include "Containers.hpp"
 #include "Blob.hpp"
+#include "IdentificationCertificate.hpp"
+#include "Containers.hpp"
 
 namespace ZeroTier {
 
@@ -37,11 +38,6 @@ class RuntimeEnvironment;
 class Topology
 {
 public:
-	/**
-	 * Hash of public keys for signing a root set definition
-	 */
-	typedef Blob<ZT_SHA384_DIGEST_SIZE> RootSetId;
-
 	Topology(const RuntimeEnvironment *renv, void *tPtr);
 
 	/**
@@ -243,7 +239,7 @@ private:
 	RWMutex m_peers_l; // locks m_peers, m_roots, and m_rootPeers
 	Map< uint64_t, SharedPtr< Path > > m_paths;
 	Map< Address, SharedPtr< Peer > > m_peers;
-	Map< Identity, Set< SubscriptionKeyHash > > m_roots;
+	Map< Identity, Set< IdentificationCertificate > > m_roots;
 	Vector< SharedPtr< Peer > > m_rootPeers;
 };
 

dockerbuild/Dockerfile.alpine

@@ -2,7 +2,7 @@ FROM alpine:3.11.3
 
 ARG go_pkg_url
 
-RUN apk add --update alpine-sdk linux-headers cmake openssh curl
+RUN apk add --update alpine-sdk linux-headers cmake openssh curl musl-dev go
 
 
 RUN adduser -D -s /bin/ash jenkins && \
@@ -11,9 +11,6 @@ RUN adduser -D -s /bin/ash jenkins && \
     mkdir /home/jenkins/.ssh && \
     chown -R jenkins:jenkins /home/jenkins
 
-RUN curl -s $go_pkg_url -o go.tar.gz && \
-    tar -C /usr/local -xzf go.tar.gz
-
 COPY authorized_keys /home/jenkins/.ssh/authorized_keys
 RUN chown -R jenkins:jenkins /home/jenkins/.ssh && \
     chmod 600 /home/jenkins/.ssh/authorized_keys

dockerbuild/Dockerfile.centos8

@@ -16,8 +16,7 @@ RUN useradd jenkins-build
 
 RUN echo $'\n\
   export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin\n\
-  source scl_source enable devtoolset-8 llvm-toolset-7\n'\
-  >> ~/.bash_profile
+  ' >> /etc/profile
 
 RUN mkdir /rpmbuild && chmod 777 /rpmbuild
 

dockerbuild/Dockerfile.debian-stretch

@@ -2,11 +2,15 @@ FROM debian:stretch-20191224
 
 ARG go_pkg_url
 
-RUN apt-get update && apt-get -y install build-essential curl cmake ca-certificates devscripts dh-systemd
+RUN apt-get update && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd
 
 RUN curl -s -k $go_pkg_url -o go.tar.gz && \
     tar -C /usr/local -xzf go.tar.gz && \
     rm go.tar.gz
+RUN curl -s -L https://github.com/Kitware/CMake/releases/download/v3.17.3/cmake-3.17.3-Linux-x86_64.sh -o cmake.sh && \
+    chmod +x cmake.sh && \
+    ./cmake.sh --skip-license --exclude-subdir && \
+    rm cmake.sh
 
 RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
 RUN chmod 777 /home && mkdir -p /home/jenkins-build && chown jenkins-build:jenkins-build /home/jenkins-build && chmod 777 /home/jenkins-build

dockerbuild/Dockerfile.ubuntu-xenial

@@ -2,11 +2,16 @@ FROM ubuntu:xenial-20200114
 
 ARG go_pkg_url
 
-RUN apt-get update && apt-get -y install build-essential curl cmake ca-certificates devscripts dh-systemd
+RUN apt-get update && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd
 
 RUN curl -s -k $go_pkg_url -o go.tar.gz && \
     tar -C /usr/local -xzf go.tar.gz && \
     rm go.tar.gz
+RUN curl -s -L https://github.com/Kitware/CMake/releases/download/v3.17.3/cmake-3.17.3-Linux-x86_64.sh -o cmake.sh && \
+    chmod +x cmake.sh && \
+    ./cmake.sh --skip-license --exclude-subdir && \
+    rm cmake.sh
+
 
 RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
 RUN chmod 777 /home && mkdir -p /home/jenkins-build && chown jenkins-build:jenkins-build /home/jenkins-build && chmod 777 /home/jenkins-build

dockerbuild/Makefile

@@ -128,6 +128,7 @@ x86:
 	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-amd64 --load
 	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go${GO_VERSION}.linux-386.tar.gz" --platform linux/386 -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-i386 --load
 	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.debian-sid . -t ztbuild/debian-sid-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go${GO_VERSION}.linux-386.tar.gz" --platform linux/386 -f Dockerfile.debian-sid . -t ztbuild/debian-sid-i386 --load
 	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.ubuntu-trusty . -t ztbuild/ubuntu-trusty-amd64 --load
 	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go${GO_VERSION}.linux-386.tar.gz" --platform linux/386 -f Dockerfile.ubuntu-trusty . -t ztbuild/ubuntu-trusty-i386 --load
 	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.ubuntu-xenial . -t ztbuild/ubuntu-xenial-amd64 --load

osdep/CMakeLists.txt

@@ -43,8 +43,18 @@ endif(WIN32)
 
 add_library(${PROJECT_NAME} STATIC ${src} ${headers})
 target_compile_features(${PROJECT_NAME} PUBLIC cxx_std_11)
+target_include_directories(
+	${PROJECT_NAME}
+	PUBLIC
+	${CMAKE_BINARY_DIR}/core
+)
 
 if(APPLE)
 	add_executable(MacEthernetTapAgent MacEthernetTapAgent.c MacEthernetTapAgent.h)
 	target_include_directories(MacEthernetTapAgent PRIVATE ${CMAKE_BINARY_DIR})
+	target_include_directories(
+		MacEthernetTapAgent
+		PUBLIC
+		${CMAKE_BINARY_DIR}/core
+	)
 endif(APPLE)

pkg/zerotier/node.go

@@ -13,7 +13,7 @@
 
 package zerotier
 
-// #cgo CFLAGS: -O3
+// #cgo CFLAGS: -O3 -I${SRCDIR}/../../build/core
 // #cgo darwin LDFLAGS: -Wl,-undefined -Wl,dynamic_lookup
 // #cgo !darwin LDFLAGS: -Wl,-unresolved-symbols=ignore-all
 // #include "../../serviceiocore/GoGlue.h"

serviceiocore/CMakeLists.txt

@@ -11,3 +11,8 @@ set(headers
 
 add_library(${PROJECT_NAME} STATIC ${src} ${headers})
 target_compile_features(${PROJECT_NAME} PUBLIC cxx_std_11)
+target_include_directories(
+	${PROJECT_NAME}
+	PUBLIC
+	${CMAKE_BINARY_DIR}/core
+)