From 9e0b83a26b9c55c8de38615084de7f3c9df18ee7 Mon Sep 17 00:00:00 2001
From: Leonardo Amaral <contato@leonardoamaral.com.br>
Date: Sun, 8 Dec 2024 17:55:49 -0300
Subject: [PATCH] Armv6 support

Signed-off-by: Leonardo Amaral <contato@leonardoamaral.com.br>
---
 .../workflows/build-stable-debian-rpi1.yml    |  89 ++++++++++++++++
 Dockerfile.rpi1                               | 100 ++++++++++++++++++
 2 files changed, 189 insertions(+)
 create mode 100644 .github/workflows/build-stable-debian-rpi1.yml
 create mode 100644 Dockerfile.rpi1

diff --git a/.github/workflows/build-stable-debian-rpi1.yml b/.github/workflows/build-stable-debian-rpi1.yml
new file mode 100644
index 0000000..2d65cc2
--- /dev/null
+++ b/.github/workflows/build-stable-debian-rpi1.yml
@@ -0,0 +1,89 @@
+name: Build Zerotier Stable - Debian version for rpi1
+on:
+  push:
+    paths:
+      - .github/workflows/build-stable-debian-armv6-rpi1.yml
+      - Dockerfile.rpi1
+      - /patches/*.patch
+    branches:
+      - main
+  schedule:
+    - cron: '0 0 */7 * *'
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build and push to registry
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install qemu dependency
+        uses: docker/setup-qemu-action@v3
+
+      - name: Clone the repository
+        uses: actions/checkout@v4
+
+      - name: Environment Vars setup
+        run: |
+          echo "zt_version=$(git ls-remote --quiet --refs --tags https://github.com/zerotier/ZeroTierOne.git | cut --delimiter='/' --fields=3 | grep -Eo '^[[:digit:]]+.[[:digit:]]+.[[:digit:]]+$' | sort --version-sort | tail -n1)" >> "$GITHUB_ENV"
+
+      - name: Tar as root
+        run: |
+          sudo mv -fv /usr/bin/tar /usr/bin/tar.orig
+          echo -e '#!/bin/sh\n\nsudo /usr/bin/tar.orig "$@"' | sudo tee -a /usr/bin/tar
+          sudo chmod +x /usr/bin/tar
+
+      - name: Enable caching for podman
+        id: cache-podman
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.local/share/containers
+          key: ${{ runner.os }}-${{ runner.arch }}-zerotier-docker-debian-stable
+
+      - name: Podman Socket
+        run: |
+          podman system service  --time=0 unix:///tmp/podman.sock &
+
+      - name: Log in to Quay
+        uses: redhat-actions/podman-login@v1
+        with:
+          registry: "quay.io"
+          username: ${{ secrets.ZENITH_QUAY_USER }}
+          password: ${{ secrets.ZENITH_QUAY_TOKEN }}
+
+      - name: Build container - origin branch latest release
+        id: build-stable-debian-armv6
+        uses: redhat-actions/buildah-build@v2
+        with:
+          image: zerotier-docker
+          tags: latest-armv6 stable-armv6 ${{ env.zt_version }}-armv6
+          layers: true
+          platforms: linux/arm/v6
+          containerfiles: |
+            ./Dockerfile.rpi1
+          build-args: |
+            zt_version=${{ env.zt_version }}
+
+
+      - name: Push to Quay - origin branch latest release
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          image: ${{ steps.build-stable-debian-armv6.outputs.image }}
+          tags: ${{ steps.build-stable-debian-armv6.outputs.tags }}
+          registry: quay.io/zenithtecnologia
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.27.0
+        with:
+          image-ref: '${{ steps.build-stable-debian-armv6.outputs.image }}'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+          format: 'sarif'
+          output: zerotier-docker-debian-stable-armv6.sarif
+          limit-severities-for-sarif: true
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'zerotier-docker-debian-stable-armv6.sarif'
diff --git a/Dockerfile.rpi1 b/Dockerfile.rpi1
new file mode 100644
index 0000000..bad8788
--- /dev/null
+++ b/Dockerfile.rpi1
@@ -0,0 +1,100 @@
+# vim: ft=dockerfile
+
+# Layer 1 - Updated Debian
+FROM --platform=$TARGETPLATFORM docker.io/tianon/raspbian:bookworm-slim as debian-updated
+
+RUN apt -y update \
+    && apt -y dist-upgrade \
+    && apt -y --no-install-recommends install libssl3 ca-certificates \
+    && apt -y clean
+
+# Layer 2 - From updated, build
+FROM --platform=$TARGETPLATFORM scratch as build
+COPY --from=debian-updated / /
+
+ARG zt_version
+
+WORKDIR /tmp
+
+ADD patches /patches
+
+# Since this image will be discarded in the end, nobody cares about tons of RUN statement except build cache :)
+
+RUN apt -y update \
+    && apt -y -o APT::Install-Suggests=0 -o APT::Install-Recommends=0 install build-essential pkg-config autoconf automake libtool git clang curl libssl-dev linux-libc-dev ca-certificates
+
+RUN curl -sSL https://raw.githubusercontent.com/zerotier/ZeroTierOne/dev/entrypoint.sh.release | sed 's,echo "$content" > "/var/lib/zerotier-one/$file",echo -n "$content" > "/var/lib/zerotier-one/$file",g' > /entrypoint.sh \
+    && chmod 0755 /entrypoint.sh
+
+RUN mkdir /zt-root
+
+RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --quiet --profile minimal --default-host=arm-unknown-linux-gnueabihf --target=arm-unknown-linux-gnueabihf  --default-toolchain=stable #debian
+
+RUN git clone --depth=1 --branch ${zt_version} https://github.com/zerotier/ZeroTierOne.git 2>&1 > /dev/null \
+    && cd ZeroTierOne \
+    && git log --pretty=oneline -n1 \
+    && rm -rf .git \
+    && patchlist=$(ls -1 /patches/${zt_version}-*.patch 2> /dev/null || true) \
+    && if [ -n "${patchlist}" ]; then for patch in "${patchlist}"; do echo "Applying patch ${patch}" ; patch -p1 <${patch} ; done ; fi \
+    && make LDFLAGS="-lssl -lcrypto" -j $(nproc --ignore=1) one \
+    && DESTDIR=/zt-root make install \
+    && rm -rfv /zt-root/var/lib/zerotier-one \
+    && strip /zt-root/usr/sbin/zerotier-one \
+    && cd .. \
+    && rm -rf ZeroTierOne
+
+RUN mkdir curl \
+    && cd curl \
+    && curl -sSL https://api.github.com/repos/curl/curl/releases/latest \
+    | grep .\*browser_download_url.\*tar.gz\"\$ \
+    | cut -d \" -f 4 \
+    | xargs curl -sSL \
+    | tar -xvz \
+    && cd curl-* \
+    && ./configure --without-libpsl --disable-dict --disable-gopher -disable-imap --disable-ldap \ 
+       --disable-ldaps --disable-mqtt --disable-ntlm --disable-pop3 --disable-rtsp --disable-smb \
+       --disable-smtp --disable-tftp --disable-tls-srp --disable-websockets --without-brotli --without-libssh \
+       --disable-shared --enable-ipv6 --with-openssl \
+    && make -j$(nproc --ignore=1) V=1 \ 
+    && strip src/curl \
+    && ./src/curl -V \
+    && mv -v ./src/curl /curl \
+    && cd .. \
+    && rm -rf curl
+
+RUN git clone --depth=1 --branch=v0.2.0 https://github.com/openSUSE/catatonit.git 2>&1 > /dev/null \
+    && cd catatonit \
+    && rm -rf /var/cache/yum \
+    && ./autogen.sh \
+    && ./configure \
+    && make -j$(nproc --ignore=1) \
+    && strip catatonit \
+    && cd .. \
+    && mv catatonit/catatonit /catatonit \
+    && rm -rf catatonit
+
+# --- end of build --- #
+
+# Layer 3 - From updated, final
+FROM --platform=$TARGETPLATFORM scratch as final
+COPY --from=debian-updated / /
+
+ARG quay_expiration=never
+
+LABEL io.k8s.description "This container runs Zerotier - a smart programmable Ethernet switch for planet Earth."
+LABEL io.k8s.display-name "zerotier"
+LABEL maintainer "Zenith Tecnologia <dev@zenithtecnologia.com.br>"
+LABEL name "zerotier"
+LABEL summary "ZeroTier - a smart programmable Ethernet switch for planet Earth."
+LABEL url "https://github.com/ZenithTecnologia/zerotier-docker"
+LABEL org.zerotier.version ${zt_version}
+LABEL quay.expires-after ${quay_expiration}
+
+COPY --from=build /zt-root /
+COPY --from=build --chmod=0755 /curl /usr/bin/curl
+COPY --from=build --chmod=0755 /entrypoint.sh /entrypoint.sh
+COPY --from=build --chmod=0755 /catatonit /catatonit
+
+HEALTHCHECK --interval=1s CMD bash /healthcheck.sh
+
+ENTRYPOINT ["/catatonit", "--", "/entrypoint.sh"]