Build musl release (#31)

* Add docker builds for alpine releases

* Pre1 for release

* Retry on 0.6.0-pre1

* Fix cd for fmt

* push node vars up to build script

* After getting Travis working, bump to 0.6

* Code review fixes.

* Add musl to readme.

* Comment about what sleep does with detach

Author: skeet70

.travis.yml

@@ -2,6 +2,9 @@ language: rust
 rust:
     - 1.36.0
 
+services:
+    - docker
+
 # all unlabeled jobs run at test. Only if all "test" jobs finish, will the publish job run
 stages:
     - test
@@ -11,36 +14,57 @@ jobs:
     include:
         # PRs, pushes to master, and tags build on all target arches
         # if this is release tag, the resultant binary will be uploaded to github
-        - name: "Linux - Node 8"
+        - name: "Linux - Node 8 - glibc"
           os: linux
           env:
               - TRAVIS_NODE_VERSION="8"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
+        - name: "Linux - Node 8 - musl"
+          os: linux
+          env:
+              - SKIP_DEPLOY=0
+              - IMAGE=8-alpine
+              - INDOCKER="docker exec target"
+          if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
         - name: "OSX - Node 8"
           os: osx
           env:
               - TRAVIS_NODE_VERSION="8"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
-        - name: "Linux - Node 10"
+        - name: "Linux - Node 10 - glibc"
           os: linux
           env:
               - TRAVIS_NODE_VERSION="10"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
+        - name: "Linux - Node 10 - musl"
+          os: linux
+          env:
+              - SKIP_DEPLOY=0
+              - IMAGE=10-alpine
+              - INDOCKER="docker exec target"
+          if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
         - name: "OSX - Node 10"
           os: osx
           env:
               - TRAVIS_NODE_VERSION="10"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
-        - name: "Linux - Node 12"
+        - name: "Linux - Node 12 - glibc"
           os: linux
           env:
               - TRAVIS_NODE_VERSION="12"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
+        - name: "Linux - Node 12 - musl"
+          os: linux
+          env:
+              - SKIP_DEPLOY=0
+              - IMAGE=12-alpine
+              - INDOCKER="docker exec target"
+          if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
         - name: "OSX - Node 12"
           os: osx
           env:
@@ -65,13 +89,11 @@ jobs:
               - echo "Deploying to NPM..."
               - node publish.js --publish
 
-install:
-    # install our own yarn to make things work on osx
-    - curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.10.1
-    - export PATH=$HOME/.yarn/bin:$PATH
+before_install:
+    - ./.travis_scripts/maybe-start-docker.sh
 
-    # install our own nodejs to get a reasonable version
-    - rm -rf ~/.nvm && git clone https://github.com/creationix/nvm.git ~/.nvm && (cd ~/.nvm && git checkout `git describe --abbrev=0 --tags`) && source ~/.nvm/nvm.sh && nvm install $TRAVIS_NODE_VERSION
+install:
+    - source .travis_scripts/maybe-install-node.sh
 
 notifications:
     email:
@@ -83,11 +105,11 @@ cache:
     directories:
         - node_modules
 before_script:
-    - rustup component add rustfmt-preview
-    - yarn install --ignore-scripts
+    - ${INDOCKER} rustup component add rustfmt-preview
+    - ${INDOCKER} yarn --ignore-scripts
 script:
-    - pushd native/ && cargo fmt -- --check && popd
-    - node publish.js
+    - ${INDOCKER} /bin/sh -c "cd native/ && cargo fmt -- --check"
+    - ${INDOCKER} node publish.js
 
 # deploy the node-pre-gyp binary to github releases so it's there when the npm package is installed
 deploy:

.travis_scripts/Dockerfile

@@ -0,0 +1,11 @@
+ARG IMAGE
+FROM node:${IMAGE}
+
+RUN wget https://sh.rustup.rs -O - | sh -s -- -y
+RUN ln -s "${HOME}"/.cargo/bin/* /usr/local/bin
+# hack to get dynlibs working with musl
+# https://github.com/rust-lang/rust/pull/55163#issuecomment-436631090
+ENV RUSTFLAGS="-C target-feature=-crt-static"
+RUN apk add --no-cache build-base musl-dev python2
+
+CMD ["sh"]

.travis_scripts/maybe-install-node.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Installs correct node and yarn versions if we aren't doing a docker build.
+
+if [ -z "${IMAGE}" ] ; then
+    # install our own yarn to make things work on osx
+    curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.10.1
+    export PATH=$HOME/.yarn/bin:$PATH
+
+    # install our own nodejs to get a reasonable version if outside docker
+    rm -rf ~/.nvm && git clone https://github.com/creationix/nvm.git ~/.nvm && (cd ~/.nvm && git checkout `git describe --abbrev=0 --tags`) && source ~/.nvm/nvm.sh && nvm install $TRAVIS_NODE_VERSION
+fi

.travis_scripts/maybe-start-docker.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Starts our build image inside docker, if we're doing a docker build.
+
+set -ex
+
+if [ -z "${IMAGE}" ] ; then
+    exit 0
+fi
+
+docker build -t node-rust:"${IMAGE}" -f ".travis_scripts/Dockerfile" --build-arg IMAGE="$IMAGE" .
+
+# sleep so our detached container with no long running process sits around to accept commands for a bit
+docker run --detach --name target -v "$(pwd)":/src -w /src node-rust:"${IMAGE}" sleep 999999999

CHANGELOG.md

@@ -1,18 +1,32 @@
+## 0.6.0
+
+### Added
+
+-   Added binaries dynamically linked to musl-libc to support Alpine Linux
+
+### Breaking Changes
+
+None
+
+### Changed
+
+None
+
 ## 0.5.2
 
-+ Depend on official release of Neon 0.3.
+-   Depend on official release of Neon 0.3.
 
 ## 0.5.1
 
 ### Breaking Changes
 
-+ Added support for Node 12
-+ Removed support for Node 9 and 11
-+ Removed the `hash256` method from the API. Use the `deriveSymmetricKey` method instead.
+-   Added support for Node 12
+-   Removed support for Node 9 and 11
+-   Removed the `hash256` method from the API. Use the `deriveSymmetricKey` method instead.
 
 ### Changed
 
-+ Updated all dependencies to their latest versions, including Recrypt to 0.8.
+-   Updated all dependencies to their latest versions, including Recrypt to 0.8.
 
 ## 0.4.2
 
@@ -26,41 +40,42 @@ None
 
 ### Changed
 
-+ Added support to build artifacts for Node 9 and Node 11.
+-   Added support to build artifacts for Node 9 and Node 11.
 
 ## 0.4.1
 
 ### Added
-+ `Api256.hash256(hashable_buffer: Buffer): Buffer;` Note that the returned `Buffer` will always be _exactly_ 32 bytes.
+
+-   `Api256.hash256(hashable_buffer: Buffer): Buffer;` Note that the returned `Buffer` will always be _exactly_ 32 bytes.
 
 ## 0.4.0
 
 ### Breaking Changes
 
-+ Renamed the `transformKeyToBytes` method to `transformKeyToBytes256` to specify that it only works with 256 bit TransformKeys.
-+ Removed incorrect empty array from TransformKey objects.
+-   Renamed the `transformKeyToBytes` method to `transformKeyToBytes256` to specify that it only works with 256 bit TransformKeys.
+-   Removed incorrect empty array from TransformKey objects.
 
 ### Added
 
 None
 
 ### Changed
 
-+ Added `engines`, `os`, and `cpu` keys to `package.json` to specify which Node version and architectures this library will work on.
+-   Added `engines`, `os`, and `cpu` keys to `package.json` to specify which Node version and architectures this library will work on.
 
 ## 0.3.0
 
 ### Breaking Changes
 
-+ The `Api256.encrypt`, `Api256.generateTransformKey`, `Api256.transform` functions now only take a private signing key and no longer need to provide a public signing key.
+-   The `Api256.encrypt`, `Api256.generateTransformKey`, `Api256.transform` functions now only take a private signing key and no longer need to provide a public signing key.
 
 ### Added
 
-+ Added new `transformKeyToBytes` top level method to convert a `TransformKey` object into a Buffer in a consistent order. Useful for being able to sign over the bytes of a `TransformKey`.
+-   Added new `transformKeyToBytes` top level method to convert a `TransformKey` object into a Buffer in a consistent order. Useful for being able to sign over the bytes of a `TransformKey`.
 
 ### Changed
 
-+ Updated to `recrypt-rs` 0.3.0.
+-   Updated to `recrypt-rs` 0.3.0.
 
 ## 0.2.0
 
@@ -70,19 +85,18 @@ None
 
 ### Added
 
-* Added methods for [Schnorr signing](https://en.wikipedia.org/wiki/Schnorr_signature).
-    + `Api256::schnorrSign(privateKey: Buffer, publicKey: PublicKey, message: Buffer): Signature;`
-    + `Api256::schnorrVerify(publicKey: PublicKey, augmentedPrivateKey: Buffer | undefined, message: Buffer, signature: Signature): boolean;`
-* Exposed methods to perform ed25519 signing and verification as well as method to compute an ed25519 public key given it's matching private key.
-    + `Api256::ed25519Sign(privateKey: PrivateSigningKey, message: Buffer): Signature;`
-    + `Api256::ed25519Verify(publicKey: PublicSigningKey, message: Buffer, signature: Signature): boolean;`
-    + `Api256::computeEd25519PublicKey(privateKey: PrivateSigningKey): PublicSigningKey;`
+-   Added methods for [Schnorr signing](https://en.wikipedia.org/wiki/Schnorr_signature).
+    -   `Api256::schnorrSign(privateKey: Buffer, publicKey: PublicKey, message: Buffer): Signature;`
+    -   `Api256::schnorrVerify(publicKey: PublicKey, augmentedPrivateKey: Buffer | undefined, message: Buffer, signature: Signature): boolean;`
+-   Exposed methods to perform ed25519 signing and verification as well as method to compute an ed25519 public key given it's matching private key.
+    -   `Api256::ed25519Sign(privateKey: PrivateSigningKey, message: Buffer): Signature;`
+    -   `Api256::ed25519Verify(publicKey: PublicSigningKey, message: Buffer, signature: Signature): boolean;`
+    -   `Api256::computeEd25519PublicKey(privateKey: PrivateSigningKey): PublicSigningKey;`
 
 ### Changed
 
-* Consumed changes from [`recrypt-rs`](https://github.com/IronCoreLabs/recrypt-rs)([#1](https://github.com/IronCoreLabs/recrypt-rs/issues/1)) to zero secret bytes after use
-* Moved `benchmark` and `test` repos to the root of the repo
-
+-   Consumed changes from [`recrypt-rs`](https://github.com/IronCoreLabs/recrypt-rs)([#1](https://github.com/IronCoreLabs/recrypt-rs/issues/1)) to zero secret bytes after use
+-   Moved `benchmark` and `test` repos to the root of the repo
 
 ## 0.1.0
 

README.md

@@ -9,10 +9,11 @@ This library uses the [Neon Bindings](https://www.neon-bindings.com) toolchain t
 
 ## Supported Platforms
 
-|           | Node 8 | Node 10 | Node 12 |
-| --------- | ------ | ------- | ------  |
-| Linux x64 |    ✓   |    ✓    |    ✓    |
-| OSX x64   |    ✓   |    ✓    |    ✓    |
+|                       | Node 8 | Node 10 | Node 12 |
+| --------------------- | ------ | ------- | ------- |
+| Linux x64 - glibc     | ✓      | ✓       | ✓       |
+| Linux x64 - musl-libc | ✓      | ✓       | ✓       |
+| OSX x64               | ✓      | ✓       | ✓       |
 
 ## Install
 
@@ -35,6 +36,7 @@ This library contains a [TypeScript definitions](index.d.ts) file which shows th
 The following examples show how to use this library from a NodeJS application
 
 #### Basic Encrypt/Decrypt Example
+
 ```js
 const assert = require("assert");
 const Recrypt = require("@ironcorelabs/recrypt-node-binding");
@@ -57,6 +59,7 @@ assert.equal(decryptedValue, plaintext);
 ```
 
 #### Single-hop Transform Encryption Example
+
 ```js
 const assert = require("assert");
 const Recrypt = require("@ironcorelabs/recrypt-node-binding");
@@ -99,7 +102,9 @@ Once all of those dependencies are installed, the following can be run.
 ```
 npm run compile
 ```
+
 or
+
 ```
 yarn run compile
 ```
@@ -112,15 +117,15 @@ const recrypt = require('index.node');
 
 ### Benchmarks
 
-+ From this repos root, run `npm i` or `yarn`.
-+ Run `npm/yarn run compile` to compile the Rust source into a `native/index.node` module.
-+ Run `npm/yarn run benchmark`.
+-   From this repos root, run `npm i` or `yarn`.
+-   Run `npm/yarn run compile` to compile the Rust source into a `native/index.node` module.
+-   Run `npm/yarn run benchmark`.
 
 ### Unit Tests
 
-+ From this repos root, run `npm i` or `yarn`.
-+ Run `npm/yarn run compile` to compile the Rust source into a `native/index.node` module.
-+ Run `npm/yarn run test`.
+-   From this repos root, run `npm i` or `yarn`.
+-   Run `npm/yarn run compile` to compile the Rust source into a `native/index.node` module.
+-   Run `npm/yarn run test`.
 
-Copyright (c)  2018-present  IronCore Labs, Inc.
+Copyright (c) 2018-present IronCore Labs, Inc.
 All rights reserved.

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@ironcorelabs/recrypt-node-binding",
-    "version": "0.5.2",
+    "version": "0.6.0",
     "description": "Bindings to allow the recrypt-rs library to work via NodeJS.",
     "repository": {
         "type": "git",
@@ -56,6 +56,7 @@
         "module_name": "index",
         "module_path": "./bin-package",
         "host": "https://github.com/IronCoreLabs/recrypt-node-binding/releases/download/",
+        "package_name": "{module_name}-v{version}-{node_abi}-{platform}-{arch}-{libc}.tar.gz",
         "remote_path": "{version}"
     }
 }