From 6b68c5922e56b2cd519b2fbb54398cf9f91ab9cb Mon Sep 17 00:00:00 2001
From: Tomohisa Kusano <siomiz@gmail.com>
Date: Thu, 5 Sep 2024 18:16:48 -0700
Subject: [PATCH] 5.02.5185 (#123)

* update alpine-based image to 5.02.5185

* limit buildx to linux/amd64 for now

* update various github actions

* prevent :latest and :alpine tags push
---
 .github/workflows/dockerimage.yml | 23 ++++++--------
 Dockerfile                        | 51 +++++++++++++++++++------------
 copyables/entrypoint.sh           | 18 +++++++----
 3 files changed, 53 insertions(+), 39 deletions(-)

diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
index a7bf859a..000cc151 100644
--- a/.github/workflows/dockerimage.yml
+++ b/.github/workflows/dockerimage.yml
@@ -13,8 +13,7 @@ on:
       - '!README.md'
 
 env:
-  SE_VERSION: 4.43
-  SE_REVISION: 9799
+  SE_VERSION: 5.02.5185
 
 jobs:
 
@@ -23,23 +22,23 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        tag: [alpine, debian, ubuntu, opensuse]
+        tag: [alpine]
     steps:
     - 
       name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - 
       name: Set up QEMU 
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v3
       with:
         platforms: linux/amd64,linux/arm64,linux/arm/v7
     - 
       name: Set up Docker Buildx
       id: buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v3
     - 
       name: Build Docker image for testing
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v6
       with:
         context: .
         file: Dockerfile.${{ matrix.tag }}
@@ -55,7 +54,7 @@ jobs:
     - 
       name: Login to Docker Hub
       if: github.event_name != 'pull_request'
-      uses: docker/login-action@v2
+      uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -66,20 +65,16 @@ jobs:
       with:
         images: siomiz/softethervpn
         tags: |
-          type=raw,value=${{ matrix.tag }}
           type=raw,value=${{ env.SE_VERSION }}-${{ matrix.tag }}
-          type=raw,value=${{ env.SE_REVISION }}-${{ matrix.tag }}
-          type=raw,value=latest,enable=${{ matrix.tag == 'alpine' }}
           type=raw,value=${{ env.SE_VERSION }},enable=${{ matrix.tag == 'alpine' }}
-          type=raw,value=${{ env.SE_REVISION }},enable=${{ matrix.tag == 'alpine' }}
     - 
       name: Buildx and push Docker image
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v6
       with:
         builder: ${{ steps.buildx.outputs.name }}
         context: .
         file: Dockerfile.${{ matrix.tag }}
-        platforms: linux/amd64,linux/arm64,linux/arm/v7
+        platforms: linux/amd64
         push: ${{ github.event_name != 'pull_request' }}
         tags: ${{ steps.meta.outputs.tags }}
 
diff --git a/Dockerfile b/Dockerfile
index dbdb5751..06949883 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,32 +1,45 @@
-FROM alpine:3.16 as prep
+FROM alpine:3.20 AS prep
 
 LABEL maintainer="Tomohisa Kusano <siomiz@gmail.com>" \
       contributors="See CONTRIBUTORS file <https://github.com/siomiz/SoftEtherVPN/blob/master/CONTRIBUTORS>"
 
-ENV BUILD_VERSION=4.43-9799-beta \
-    SHA256_SUM=9153a95574f2afd8259ff729e6da3a9898211b69d7d391419270935c8482888c
+ENV BUILD_VERSION=5.02.5185 \
+    GIT_VERIFY_PUBKEY=B5690EEEBB952194
 
-RUN wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/archive/v${BUILD_VERSION}.tar.gz \
-    && echo "${SHA256_SUM}  v${BUILD_VERSION}.tar.gz" | sha256sum -c \
-    && mkdir -p /usr/local/src \
-    && tar -x -C /usr/local/src/ -f v${BUILD_VERSION}.tar.gz \
-    && rm v${BUILD_VERSION}.tar.gz
+WORKDIR /usr/local/src/SoftEtherVPN
 
-FROM alpine:3.16 as build
+# RUN wget https://github.com/SoftEtherVPN/SoftEtherVPN/archive/refs/tags/${BUILD_VERSION}.tar.gz \
+#     && echo "${SHA256_SUM}  ${BUILD_VERSION}.tar.gz" | sha256sum -c \
+#     && mkdir -p /usr/local/src \
+#     && tar -x -C /usr/local/src/ -f ${BUILD_VERSION}.tar.gz \
+#     && rm ${BUILD_VERSION}.tar.gz
+
+RUN apk add -U git gnupg \
+    && git clone https://github.com/SoftEtherVPN/SoftEtherVPN.git --depth 1 --single-branch --branch=${BUILD_VERSION} . \
+    && gpg --receive-keys ${GIT_VERIFY_PUBKEY} \
+    && git verify-commit ${BUILD_VERSION} \
+    && git submodule init \
+    && git submodule update --recommend-shallow
+
+FROM alpine:3.20 AS build
 
 COPY --from=prep /usr/local/src /usr/local/src
 
-ENV LANG=en_US.UTF-8
+ENV LANG=en_US.UTF-8 \
+    USE_MUSL=YES
 
-RUN apk add -U build-base ncurses-dev openssl-dev readline-dev zip zlib-dev \
-    && cd /usr/local/src/SoftEtherVPN_Stable-* \
+RUN apk add -U build-base cmake libsodium-dev ncurses-dev openssl-dev readline-dev zip zlib-dev \
+    && cd /usr/local/src/SoftEtherVPN \
     && ./configure \
-    && make \
-    && make install \
-    && touch /usr/vpnserver/vpn_server.config \
-    && zip -r9 /artifacts.zip /usr/vpn* /usr/bin/vpn*
+    && make -C build \
+    && make -C build install \
+    && zip -r9 /artifacts.zip \
+       /usr/local/bin/vpn* /usr/local/libexec/softether/* \
+       /usr/local/lib/libcedar.so /usr/local/lib/libmayaqua.so \
+       /usr/lib/libsodium.so* \
+       /usr/local/bin/list_cpu_features
 
-FROM alpine:3.16
+FROM alpine:3.20
 
 COPY --from=build /artifacts.zip /
 
@@ -40,7 +53,7 @@ RUN apk add -U --no-cache bash iptables openssl-dev \
     && rm /artifacts.zip \
     && rm -rf /opt \
     && ln -s /usr/vpnserver /opt \
-    && find /usr/bin/vpn* -type f ! -name vpnserver \
+    && find /usr/local/bin/vpn* -type f ! -name vpnserver \
        -exec sh -c 'ln -s {} /opt/$(basename {})' \;
 
 WORKDIR /usr/vpnserver/
@@ -51,4 +64,4 @@ ENTRYPOINT ["/entrypoint.sh"]
 
 EXPOSE 500/udp 4500/udp 1701/tcp 1194/udp 5555/tcp 443/tcp
 
-CMD ["/usr/bin/vpnserver", "execsvc"]
+CMD ["/usr/local/bin/vpnserver", "execsvc"]
diff --git a/copyables/entrypoint.sh b/copyables/entrypoint.sh
index 43947ffd..b07a6ccb 100644
--- a/copyables/entrypoint.sh
+++ b/copyables/entrypoint.sh
@@ -1,6 +1,9 @@
 #!/bin/bash
 set -e
 
+VPNCMD=/usr/local/bin/vpncmd
+VPNSERVER=/usr/local/bin/vpnserver
+
 if [ "$*" == "gencert" ]; then
 
   /gencert.sh
@@ -50,14 +53,14 @@ printf '=%.0s' {1..24}
 echo
 
 vpncmd_server () {
-  /usr/bin/vpncmd localhost /SERVER /CSV /CMD "$@"
+  ${VPNCMD} localhost /SERVER /CSV /CMD "$@"
 }
 
 vpncmd_hub () {
-  /usr/bin/vpncmd localhost /SERVER /CSV /HUB:DEFAULT /CMD "$@"
+  ${VPNCMD} localhost /SERVER /CSV /HUB:DEFAULT /CMD "$@"
 }
 
-/usr/bin/vpnserver start 2>&1 > /dev/null
+${VPNSERVER} start 2>&1 > /dev/null
 
 # while-loop to wait until server comes up
 # switch cipher
@@ -71,7 +74,7 @@ done
 
 # About command to grab version number
 # /usr/bin/vpncmd localhost /SERVER /CSV /CMD About | head -2 | tail -1 | sed 's/^/# /;'
-vpncmd_server About | head -2 | tail -1 | sed 's/^/# /;'
+vpncmd_server About | head -3 | tail -1 | sed 's/^/# /;'
 
 # enable L2TP_IPsec
 vpncmd_server IPsecEnable /L2TP:yes /L2TPRAW:yes /ETHERIP:no /PSK:${PSK} /DEFAULTHUB:DEFAULT
@@ -84,7 +87,10 @@ vpncmd_hub SecureNatEnable
 vpncmd_hub NatSet /MTU:$MTU /LOG:no /TCPTIMEOUT:3600 /UDPTIMEOUT:1800
 
 # enable OpenVPN
-vpncmd_server OpenVpnEnable yes /PORTS:1194
+# vpncmd_server OpenVpnEnable yes /PORTS:1194
+# new command for 5 via https://github.com/SoftEtherVPN/SoftEtherVPN/discussions/1882
+vpncmd_server ProtoOptionsSet OpenVPN /NAME:Enabled /VALUE:True
+vpncmd_server PortsUDPSet 1194
 
 # set server certificate & key
 if [[ -f server.crt && -f server.key ]]; then
@@ -175,7 +181,7 @@ vpncmd_hub SetHubPassword ${HPW}
 : ${SPW:=$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | fold -w 20 | head -n 1)}
 vpncmd_server ServerPasswordSet ${SPW}
 
-/usr/bin/vpnserver stop 2>&1 > /dev/null
+${VPNSERVER} stop 2>&1 > /dev/null
 
 # while-loop to wait until server goes away
 set +e