bitkarrot/next.orly.dev
1
0
Fork 0
forked from mleku/next.orly.dev
Code Pull Requests Activity

fix workflow to fetch libsecp256k1.so

Browse Source
This commit is contained in:
mleku
2025-11-25 06:03:22 +00:00
parent 7fe1154391
commit 2e865c9616
12 changed files with 109 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.claude/settings.local.json
View File

@@ -130,7 +130,8 @@
"Bash(sudo journalctl:*)", "Bash(sudo journalctl:*)",
"Bash(systemctl:*)", "Bash(systemctl:*)",
"Bash(systemctl show:*)", "Bash(systemctl show:*)",
"Bash(ssh relay1:*)" "Bash(ssh relay1:*)",
"Bash(done)"
], ],
"deny": [], "deny": [],
"ask": [] "ask": []

14
.gitea/workflows/go.yml
View File

@@ -55,8 +55,12 @@ jobs:
export PATH=/usr/local/go/bin:$PATH export PATH=/usr/local/go/bin:$PATH
cd ${GITHUB_WORKSPACE} cd ${GITHUB_WORKSPACE}
echo "Running tests..." echo "Running tests..."
# Copy the libsecp256k1.so to root directory so tests can find it # Download libsecp256k1.so from nostr repository
cp pkg/crypto/p8k/libsecp256k1.so . echo "Downloading libsecp256k1.so from nostr repository..."
wget -q https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so -O libsecp256k1.so
chmod +x libsecp256k1.so
# Set LD_LIBRARY_PATH so tests can find the library
export LD_LIBRARY_PATH=${GITHUB_WORKSPACE}:${LD_LIBRARY_PATH}
CGO_ENABLED=0 go test -v $(go list ./... | grep -v '/cmd/benchmark/external/' | xargs -n1 sh -c 'ls $0/*_test.go 1>/dev/null 2>&1 && echo $0' | grep .) || true CGO_ENABLED=0 go test -v $(go list ./... | grep -v '/cmd/benchmark/external/' | xargs -n1 sh -c 'ls $0/*_test.go 1>/dev/null 2>&1 && echo $0' | grep .) || true
- name: Build Release Binaries (Pure Go + purego) - name: Build Release Binaries (Pure Go + purego)
@@ -71,8 +75,10 @@ jobs:
# Create directory for binaries # Create directory for binaries
mkdir -p release-binaries mkdir -p release-binaries
# Copy the pre-compiled libsecp256k1.so for Linux AMD64 # Download the pre-compiled libsecp256k1.so for Linux AMD64 from nostr repository
cp pkg/crypto/p8k/libsecp256k1.so release-binaries/libsecp256k1-linux-amd64.so echo "Downloading libsecp256k1.so from nostr repository..."
wget -q https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so -O release-binaries/libsecp256k1-linux-amd64.so
chmod +x release-binaries/libsecp256k1-linux-amd64.so
# Build for Linux AMD64 (pure Go + purego dynamic loading) # Build for Linux AMD64 (pure Go + purego dynamic loading)
echo "Building Linux AMD64 (pure Go + purego dynamic loading)..." echo "Building Linux AMD64 (pure Go + purego dynamic loading)..."

34
CLAUDE.md
View File

@@ -59,8 +59,10 @@ cd app/web && bun run dev
# Or manually with purego setup # Or manually with purego setup
CGO_ENABLED=0 go test ./... CGO_ENABLED=0 go test ./...
# Note: libsecp256k1.so must be available for crypto tests # Note: libsecp256k1.so is automatically downloaded by test.sh if needed
export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$(pwd)/pkg/crypto/p8k" # It can also be manually downloaded from the nostr repository:
# wget https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so
# export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$(pwd)"
``` ```
### Run Specific Package Tests ### Run Specific Package Tests
@@ -92,8 +94,8 @@ go run cmd/relay-tester/main.go -url ws://localhost:3334 -test "Basic Event"
# Run Go benchmarks in specific package # Run Go benchmarks in specific package
go test -bench=. -benchmem ./pkg/database go test -bench=. -benchmem ./pkg/database
# Crypto benchmarks # Note: Crypto benchmarks are now in the external nostr library at:
cd pkg/crypto/p8k && make bench # https://git.mleku.dev/mleku/nostr
# Run full relay benchmark suite # Run full relay benchmark suite
cd cmd/benchmark cd cmd/benchmark
@@ -203,15 +205,15 @@ export ORLY_DB_INDEX_CACHE_MB=256 # Index cache size
- `hex/` - SIMD-accelerated hex encoding using templexxx/xhex - `hex/` - SIMD-accelerated hex encoding using templexxx/xhex
- `timestamp/`, `kind/`, `tag/` - Specialized field encoders - `timestamp/`, `kind/`, `tag/` - Specialized field encoders
**`pkg/crypto/`** - Cryptographic operations **Cryptographic operations** (from `git.mleku.dev/mleku/nostr` library)
- `p8k/` - Pure Go secp256k1 using purego (no CGO) to dynamically load libsecp256k1.so - Pure Go secp256k1 using purego (no CGO) to dynamically load libsecp256k1.so
- `secp.go` - Dynamic library loading and function binding - Schnorr signature operations (NIP-01)
- `schnorr.go` - Schnorr signature operations (NIP-01) - ECDH for encrypted DMs (NIP-04, NIP-44)
- `ecdh.go` - ECDH for encrypted DMs (NIP-04, NIP-44) - Public key recovery from signatures
- `recovery.go` - Public key recovery from signatures - `libsecp256k1.so` - Downloaded from nostr repository at runtime/build time
- `libsecp256k1.so` - Pre-compiled secp256k1 library - Key derivation and conversion utilities
- `keys/` - Key derivation and conversion utilities - SIMD-accelerated SHA256 using minio/sha256-simd
- `sha256/` - SIMD-accelerated SHA256 using minio/sha256-simd - SIMD-accelerated hex encoding using templexxx/xhex
**`pkg/acl/`** - Access control systems **`pkg/acl/`** - Access control systems
- `acl.go` - ACL registry and interface - `acl.go` - ACL registry and interface
@@ -255,9 +257,11 @@ export ORLY_DB_INDEX_CACHE_MB=256 # Index cache size
**Pure Go with Purego:** **Pure Go with Purego:**
- All builds use `CGO_ENABLED=0` - All builds use `CGO_ENABLED=0`
- The p8k crypto library uses `github.com/ebitengine/purego` to dynamically load `libsecp256k1.so` at runtime - The p8k crypto library (from `git.mleku.dev/mleku/nostr`) uses `github.com/ebitengine/purego` to dynamically load `libsecp256k1.so` at runtime
- This avoids CGO complexity while maintaining C library performance - This avoids CGO complexity while maintaining C library performance
- `libsecp256k1.so` must be in `LD_LIBRARY_PATH` or same directory as binary - `libsecp256k1.so` is automatically downloaded by build/test scripts from the nostr repository
- Manual download: `wget https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so`
- Library must be in `LD_LIBRARY_PATH` or same directory as binary for runtime loading
**Database Backend Selection:** **Database Backend Selection:**
- Supports multiple backends via `ORLY_DB_TYPE` environment variable - Supports multiple backends via `ORLY_DB_TYPE` environment variable

7
Dockerfile
View File

@@ -23,7 +23,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o orly -ldflags="-w -s" .
FROM alpine:latest FROM alpine:latest
# Install runtime dependencies # Install runtime dependencies
RUN apk add --no-cache ca-certificates curl RUN apk add --no-cache ca-certificates curl wget
# Create app user # Create app user
RUN addgroup -g 1000 orly && \ RUN addgroup -g 1000 orly && \
@@ -34,7 +34,10 @@ WORKDIR /app
# Copy binary from builder # Copy binary from builder
COPY --from=builder /build/orly /app/orly COPY --from=builder /build/orly /app/orly
COPY --from=builder /build/pkg/crypto/p8k/libsecp256k1.so /app/libsecp256k1.so
# Download libsecp256k1.so from nostr repository (optional for performance)
RUN wget -q https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so \
-O /app/libsecp256k1.so || echo "Warning: libsecp256k1.so download failed (optional)"
# Set library path # Set library path
ENV LD_LIBRARY_PATH=/app ENV LD_LIBRARY_PATH=/app

10
docs/LIBSECP256K1_DEPLOYMENT.md
View File

@@ -1,6 +1,14 @@
# libsecp256k1 Deployment Guide # libsecp256k1 Deployment Guide
All build scripts have been updated to ensure libsecp256k1.so is placed next to the executable. > **NOTE (Updated 2025):** This project now uses pure Go with purego (no CGO). The crypto library is part of the external `git.mleku.dev/mleku/nostr` dependency. The `libsecp256k1.so` file is automatically downloaded from the nostr repository during build/test. See [CLAUDE.md](../CLAUDE.md) for current build instructions.
## Current Approach (Pure Go + Purego)
All build scripts download `libsecp256k1.so` from `https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so` and place it next to the executable for optimal performance.
## Legacy Information (For Reference)
The information below describes the previous CGO-based approach and is kept for historical reference.
## Updated Scripts ## Updated Scripts

7
docs/PUREGO_BUILD_SYSTEM.md
View File

@@ -31,7 +31,7 @@ ORLY relay uses **pure Go builds (`CGO_ENABLED=0`)** across all platforms. The p
### Purego Dynamic Loading ### Purego Dynamic Loading
The p8k library (`pkg/crypto/p8k`) uses purego to: The p8k library (from `git.mleku.dev/mleku/nostr`) uses purego to:
1. **At build time**: Compile pure Go code (`CGO_ENABLED=0`) 1. **At build time**: Compile pure Go code (`CGO_ENABLED=0`)
2. **At runtime**: Attempt to dynamically load `libsecp256k1` 2. **At runtime**: Attempt to dynamically load `libsecp256k1`
@@ -287,8 +287,11 @@ RUN go build -ldflags "-s -w" -o orly .
# Runtime can optionally include library # Runtime can optionally include library
FROM alpine:latest FROM alpine:latest
RUN apk add --no-cache wget ca-certificates
COPY --from=builder /build/orly /app/orly COPY --from=builder /build/orly /app/orly
COPY --from=builder /build/pkg/crypto/p8k/libsecp256k1.so /app/ || true # Download libsecp256k1.so from nostr repository (optional for performance)
RUN wget -q https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so \
-O /app/libsecp256k1.so || echo "Warning: libsecp256k1.so download failed (optional)"
ENV LD_LIBRARY_PATH=/app ENV LD_LIBRARY_PATH=/app
CMD ["/app/orly"] CMD ["/app/orly"]
``` ```

2
pkg/version/version
View File

@@ -1 +1 @@
v0.29.15 v0.29.16

9
scripts/benchmark.sh
View File

@@ -33,10 +33,11 @@ if [[ ! -x "$BENCHMARK_BIN" ]]; then
echo "Building benchmark binary (pure Go + purego)..." echo "Building benchmark binary (pure Go + purego)..."
cd "$REPO_ROOT/cmd/benchmark" cd "$REPO_ROOT/cmd/benchmark"
CGO_ENABLED=0 go build -o "$BENCHMARK_BIN" . CGO_ENABLED=0 go build -o "$BENCHMARK_BIN" .
# Copy libsecp256k1.so if available (runtime optional) # Download libsecp256k1.so from nostr repository (runtime optional)
if [[ -f "$REPO_ROOT/pkg/crypto/p8k/libsecp256k1.so" ]]; then wget -q https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so \
cp "$REPO_ROOT/pkg/crypto/p8k/libsecp256k1.so" "$(dirname "$BENCHMARK_BIN")/" -O "$(dirname "$BENCHMARK_BIN")/libsecp256k1.so" 2>/dev/null || \
fi echo "Warning: Failed to download libsecp256k1.so (optional for performance)"
chmod +x "$(dirname "$BENCHMARK_BIN")/libsecp256k1.so" 2>/dev/null || true
cd "$REPO_ROOT" cd "$REPO_ROOT"
fi fi

36
scripts/build-all-platforms.sh
View File

@@ -21,7 +21,7 @@ NC='\033[0m' # No Color
# Configuration # Configuration
VERSION=$(cat pkg/version/version) VERSION=$(cat pkg/version/version)
OUTPUT_DIR="$REPO_ROOT/build" OUTPUT_DIR="$REPO_ROOT/build"
LIB_SOURCE="$REPO_ROOT/pkg/crypto/p8k" NOSTR_REPO_BASE_URL="https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k"
echo -e "${BLUE}========================================${NC}" echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}ORLY Multi-Platform Build Script${NC}" echo -e "${BLUE}ORLY Multi-Platform Build Script${NC}"
@@ -53,30 +53,38 @@ build_platform() {
echo -e "${GREEN}✓ Built: ${output_name}${NC}" echo -e "${GREEN}✓ Built: ${output_name}${NC}"
# Copy appropriate runtime library # Download appropriate runtime library from nostr repository
case "$goos" in case "$goos" in
linux) linux)
if [ -f "${LIB_SOURCE}/libsecp256k1.so" ]; then if wget -q "${NOSTR_REPO_BASE_URL}/libsecp256k1.so" -O "${OUTPUT_DIR}/libsecp256k1-${platform_name}.so"; then
cp "${LIB_SOURCE}/libsecp256k1.so" "${OUTPUT_DIR}/libsecp256k1-${platform_name}.so" chmod +x "${OUTPUT_DIR}/libsecp256k1-${platform_name}.so"
echo -e "${GREEN}Copied libsecp256k1.so (runtime optional)${NC}" echo -e "${GREEN}Downloaded libsecp256k1.so (runtime optional)${NC}"
else
echo -e "${YELLOW} ⚠ Failed to download libsecp256k1.so (runtime optional)${NC}"
fi fi
;; ;;
darwin) darwin)
if [ -f "${LIB_SOURCE}/libsecp256k1.dylib" ]; then if wget -q "${NOSTR_REPO_BASE_URL}/libsecp256k1.dylib" -O "${OUTPUT_DIR}/libsecp256k1-${platform_name}.dylib"; then
cp "${LIB_SOURCE}/libsecp256k1.dylib" "${OUTPUT_DIR}/libsecp256k1-${platform_name}.dylib" chmod +x "${OUTPUT_DIR}/libsecp256k1-${platform_name}.dylib"
echo -e "${GREEN}Copied libsecp256k1.dylib (runtime optional)${NC}" echo -e "${GREEN}Downloaded libsecp256k1.dylib (runtime optional)${NC}"
else
echo -e "${YELLOW} ⚠ Failed to download libsecp256k1.dylib (runtime optional)${NC}"
fi fi
;; ;;
windows) windows)
if [ -f "${LIB_SOURCE}/libsecp256k1.dll" ]; then if wget -q "${NOSTR_REPO_BASE_URL}/libsecp256k1.dll" -O "${OUTPUT_DIR}/libsecp256k1-${platform_name}.dll"; then
cp "${LIB_SOURCE}/libsecp256k1.dll" "${OUTPUT_DIR}/libsecp256k1-${platform_name}.dll" chmod +x "${OUTPUT_DIR}/libsecp256k1-${platform_name}.dll"
echo -e "${GREEN}Copied libsecp256k1.dll (runtime optional)${NC}" echo -e "${GREEN}Downloaded libsecp256k1.dll (runtime optional)${NC}"
else
echo -e "${YELLOW} ⚠ Failed to download libsecp256k1.dll (runtime optional)${NC}"
fi fi
;; ;;
android) android)
if [ -f "${LIB_SOURCE}/libsecp256k1.so" ]; then if wget -q "${NOSTR_REPO_BASE_URL}/libsecp256k1.so" -O "${OUTPUT_DIR}/libsecp256k1-${platform_name}.so"; then
cp "${LIB_SOURCE}/libsecp256k1.so" "${OUTPUT_DIR}/libsecp256k1-${platform_name}.so" chmod +x "${OUTPUT_DIR}/libsecp256k1-${platform_name}.so"
echo -e "${GREEN}Copied libsecp256k1.so (runtime optional)${NC}" echo -e "${GREEN}Downloaded libsecp256k1.so (runtime optional)${NC}"
else
echo -e "${YELLOW} ⚠ Failed to download libsecp256k1.so (runtime optional)${NC}"
fi fi
;; ;;
esac esac

11
scripts/deploy.sh
View File

@@ -197,10 +197,13 @@ build_application() {
log_info "Building binary in current directory (pure Go + purego)..." log_info "Building binary in current directory (pure Go + purego)..."
CGO_ENABLED=0 go build -o "$BINARY_NAME" CGO_ENABLED=0 go build -o "$BINARY_NAME"
# Copy libsecp256k1.so next to the binary (optional, for runtime performance) # Download libsecp256k1.so from nostr repository (optional, for runtime performance)
if [[ -f "pkg/crypto/p8k/libsecp256k1.so" ]]; then log_info "Downloading libsecp256k1.so from nostr repository..."
cp pkg/crypto/p8k/libsecp256k1.so . if wget -q https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so -O libsecp256k1.so; then
log_info "Copied libsecp256k1.so next to binary (runtime optional)" chmod +x libsecp256k1.so
log_success "Downloaded libsecp256k1.so successfully (runtime optional)"
else
log_warning "Failed to download libsecp256k1.so - relay will still work but may have slower crypto"
fi fi
if [[ -f "./$BINARY_NAME" ]]; then if [[ -f "./$BINARY_NAME" ]]; then

13
scripts/runtests.sh
View File

@@ -2,7 +2,16 @@
# Pure Go build with purego - no CGO needed # Pure Go build with purego - no CGO needed
# libsecp256k1 is loaded dynamically at runtime if available # libsecp256k1 is loaded dynamically at runtime if available
export CGO_ENABLED=0 export CGO_ENABLED=0
if [ -f "pkg/crypto/p8k/libsecp256k1.so" ]; then
export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$(pwd)/pkg/crypto/p8k" # Download libsecp256k1.so from nostr repository if not present
if [ ! -f "libsecp256k1.so" ]; then
wget -q https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so -O libsecp256k1.so 2>/dev/null || true
chmod +x libsecp256k1.so 2>/dev/null || true
fi fi
# Set LD_LIBRARY_PATH if library is available
if [ -f "libsecp256k1.so" ]; then
export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$(pwd)"
fi
go test -v ./... -bench=. -run=xxx -benchmem go test -v ./... -bench=. -run=xxx -benchmem

15
scripts/test.sh
View File

@@ -2,8 +2,19 @@
# Pure Go build with purego - no CGO needed # Pure Go build with purego - no CGO needed
# libsecp256k1 is loaded dynamically at runtime if available # libsecp256k1 is loaded dynamically at runtime if available
export CGO_ENABLED=0 export CGO_ENABLED=0
if [ -f "pkg/crypto/p8k/libsecp256k1.so" ]; then
export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$(pwd)/pkg/crypto/p8k" # Download libsecp256k1.so from nostr repository if not present
if [ ! -f "libsecp256k1.so" ]; then
echo "Downloading libsecp256k1.so from nostr repository..."
wget -q https://git.mleku.dev/mleku/nostr/raw/branch/main/crypto/p8k/libsecp256k1.so -O libsecp256k1.so || {
echo "Warning: Failed to download libsecp256k1.so - tests may fail"
}
chmod +x libsecp256k1.so 2>/dev/null || true
fi
# Set LD_LIBRARY_PATH to include current directory
if [ -f "libsecp256k1.so" ]; then
export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}$(pwd)"
fi fi
go mod tidy go mod tidy