diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d474aafe..26ec2915 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,6 +52,8 @@ jobs: tool: i586-unknown-linux-musl - arch: x86_64 tool: x86_64-unknown-linux-musl + - arch: riscv64 + tool: riscv64-unknown-linux-musl - arch: lexra tool: mips-linux dir: rsdk-4.6.4-5281-EB-3.10-0.9.33-m32ub-20141001 @@ -69,7 +71,7 @@ jobs: env: ARCH: ${{ matrix.arch }} TOOL: ${{ matrix.tool }} - REPO: ${{ matrix.arch == 'lexra' && matrix.repo || 'spvkgn/musl-cross' }} + REPO: ${{ matrix.arch == 'lexra' && matrix.repo || 'bol-van/musl-cross' }} DIR: ${{ matrix.arch == 'lexra' && matrix.dir || matrix.tool }} run: | if [[ "$ARCH" == lexra ]]; then @@ -93,6 +95,8 @@ jobs: CFLAGS: ${{ matrix.env.CFLAGS != '' && matrix.env.CFLAGS || null }} LDFLAGS: ${{ matrix.env.LDFLAGS != '' && matrix.env.LDFLAGS || null }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + MINSIZE: -ffunction-sections -fdata-sections -fno-unwind-tables -fno-asynchronous-unwind-tables + LDMINSIZE: -Wl,--gc-sections run: | DEPS_DIR=$GITHUB_WORKSPACE/deps export CC="$TARGET-gcc" @@ -111,7 +115,8 @@ jobs: for i in libmnl libnfnetlink libnetfilter_queue ; do ( cd $i-* - CFLAGS="-Os -flto=auto $CFLAGS" \ + CFLAGS="-Os -flto=auto $MINSIZE $CFLAGS" \ + LDFLAGS="$LDMINSIZE $LDFLAGS" \ ./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking make install -j$(nproc) DESTDIR=$DEPS_DIR ) @@ -123,7 +128,8 @@ jobs: xargs -I{} wget -qO- https://github.com/madler/zlib/archive/refs/tags/{}.tar.gz | tar -xz ( cd zlib-* - CFLAGS="-Os -flto=auto $CFLAGS" \ + CFLAGS="-Os -flto=auto $MINSIZE $CFLAGS" \ + LDFLAGS="$LDMINSIZE $LDFLAGS" \ ./configure --prefix= --static make install -j$(nproc) DESTDIR=$DEPS_DIR ) @@ -134,8 +140,8 @@ jobs: install -Dm644 -t $DEPS_DIR/include/sys /usr/include/x86_64-linux-gnu/sys/queue.h /usr/include/sys/capability.h # zapret - CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }} -static-libgcc -static -I$DEPS_DIR/include $CFLAGS" \ - LDFLAGS="-L$DEPS_DIR/lib $LDFLAGS" \ + CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }} -static-libgcc -static -I$DEPS_DIR/include $MINSIZE $CFLAGS" \ + LDFLAGS="-L$DEPS_DIR/lib $LDMINSIZE $LDFLAGS" \ make -C zapret -j$(nproc) tar -C zapret/binaries/my -cJf zapret-linux-$ARCH.tar.xz . @@ -419,7 +425,7 @@ jobs: if [[ $dir == *-linux-x86_64 ]]; then tar -C $dir -czvf $dir/tpws_wsl.tgz tpws run_upx $dir/* - elif [[ $dir =~ linux ]] && [[ $dir != *-linux-mips64 ]] && [[ $dir != *-linux-lexra ]]; then + elif [[ $dir =~ linux ]] && [[ $dir != *-linux-mips64 ]] && [[ $dir != *-linux-lexra ]] && [[ $dir != *-linux-riscv64 ]]; then run_upx $dir/* fi ;; @@ -448,6 +454,7 @@ jobs: *-linux-mipselsf ) run_dir linux-mipsel ;; *-linux-mipssf ) run_dir linux-mips ;; *-linux-ppc ) run_dir linux-ppc ;; + *-linux-riscv64 ) run_dir linux-riscv64 ;; *-linux-x86 ) run_dir linux-x86 ;; *-linux-x86_64 ) run_dir linux-x86_64 ;; *-linux-lexra ) run_dir linux-lexra ;; diff --git a/install_bin.sh b/install_bin.sh index 4afa50bd..5b9d86e7 100755 --- a/install_bin.sh +++ b/install_bin.sh @@ -165,7 +165,7 @@ fi unset PKTWS case $UNAME in Linux) - ARCHLIST="my linux-x86_64 linux-x86 linux-arm64 linux-arm linux-mips64 linux-mipsel linux-mips linux-lexra linux-ppc" + ARCHLIST="my linux-x86_64 linux-x86 linux-arm64 linux-arm linux-mips64 linux-mipsel linux-mips linux-lexra linux-ppc linux-riscv64" PKTWS=nfqws ;; Darwin) diff --git a/nfq/BSDmakefile b/nfq/BSDmakefile index f21d1180..b65d0a64 100644 --- a/nfq/BSDmakefile +++ b/nfq/BSDmakefile @@ -1,6 +1,8 @@ CC ?= cc OPTIMIZE ?= -Os -CFLAGS += -std=gnu99 -s $(OPTIMIZE) -flto=auto -Wno-address-of-packed-member +MINSIZE ?= -flto=auto -ffunction-sections -fdata-sections -fno-unwind-tables -fno-asynchronous-unwind-tables +CFLAGS += -std=gnu99 -s $(OPTIMIZE) $(MINSIZE) -Wno-address-of-packed-member +LDFLAGS += -Wl,--gc-sections LIBS = -lz SRC_FILES = *.c crypto/*.c diff --git a/nfq/Makefile b/nfq/Makefile index 97cf6bba..f3ec3338 100644 --- a/nfq/Makefile +++ b/nfq/Makefile @@ -1,9 +1,11 @@ CC ?= cc OPTIMIZE ?= -Os -CFLAGS += -std=gnu99 $(OPTIMIZE) -flto=auto +MINSIZE ?= -flto=auto -ffunction-sections -fdata-sections -fno-unwind-tables -fno-asynchronous-unwind-tables +CFLAGS += -std=gnu99 $(OPTIMIZE) $(MINSIZE) CFLAGS_SYSTEMD = -DUSE_SYSTEMD CFLAGS_BSD = -Wno-address-of-packed-member CFLAGS_CYGWIN = -Wno-address-of-packed-member -static +LDFLAGS += -Wl,--gc-sections LDFLAGS_ANDROID = -llog LIBS_LINUX = -lz -lnetfilter_queue -lnfnetlink -lmnl LIBS_SYSTEMD = -lsystemd diff --git a/nfq/sec.h b/nfq/sec.h index 621eaddc..27b09dd2 100644 --- a/nfq/sec.h +++ b/nfq/sec.h @@ -18,6 +18,13 @@ bool dropcaps(void); #define arch_nr (offsetof(struct seccomp_data, arch)) #define syscall_arg(x) (offsetof(struct seccomp_data, args[x])) +#ifndef EM_RISCV +#define EM_RISCV 243 +#endif +#ifndef AUDIT_ARCH_RISCV64 +#define AUDIT_ARCH_RISCV64 (EM_RISCV | __AUDIT_ARCH_64BIT | __AUDIT_ARCH_LE) +#endif + #if defined(__aarch64__) # define ARCH_NR AUDIT_ARCH_AARCH64 diff --git a/tpws/sec.h b/tpws/sec.h index c75ad4bb..77d7fd29 100644 --- a/tpws/sec.h +++ b/tpws/sec.h @@ -20,6 +20,13 @@ bool dropcaps(void); #define arch_nr (offsetof(struct seccomp_data, arch)) #define syscall_arg(x) (offsetof(struct seccomp_data, args[x])) +#ifndef EM_RISCV +#define EM_RISCV 243 +#endif +#ifndef AUDIT_ARCH_RISCV64 +#define AUDIT_ARCH_RISCV64 (EM_RISCV | __AUDIT_ARCH_64BIT | __AUDIT_ARCH_LE) +#endif + #if defined(__aarch64__) # define ARCH_NR AUDIT_ARCH_AARCH64