From e2ff7f65fcf83edcca3b4203bc5d22274ba795ac Mon Sep 17 00:00:00 2001
From: Lee Valentine <lvalentine@cloudflare.com>
Date: Tue, 22 Sep 2020 16:56:23 -0500
Subject: [PATCH] TRAFFIC-448: build cloudflare for junos and publish to s3

---
 .gitignore   |  2 ++
 Makefile     | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 cfsetup.yaml | 29 +++++++++++++++++++++++++++
 jet.yaml     |  9 +++++++++
 4 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 jet.yaml

diff --git a/.gitignore b/.gitignore
index d513f7ab..493893d9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@ guide/public
 /.GOPATH
 /bin
 .idea
+.build
 .vscode
 \#*\#
 cscope.*
@@ -12,6 +13,7 @@ cloudflared
 cloudflared.pkg
 cloudflared.exe
 cloudflared.msi
+cloudflared-x86-64*
 !cmd/cloudflared/
 .DS_Store
 *-session.log
diff --git a/Makefile b/Makefile
index 639658a2..4d2441f0 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ VERSION       := $(shell git describe --tags --always --dirty="-dev" --match "[0
 DATE          := $(shell date -u '+%Y-%m-%d-%H%M UTC')
 VERSION_FLAGS := -ldflags='-X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"'
 MSI_VERSION   := $(shell git tag -l --sort=v:refname | grep "w" | tail -1 | cut -c2-)
-#MSI_VERSION expects the format of the tag to be: (wX.X.X). Starts with the w character to not break cfsetup. 
+#MSI_VERSION expects the format of the tag to be: (wX.X.X). Starts with the w character to not break cfsetup.
 #e.g. w3.0.1 or w4.2.10. It trims off the w character when creating the MSI.
 
 IMPORT_PATH   := github.com/cloudflare/cloudflared
@@ -44,6 +44,8 @@ else ifeq ($(LOCAL_OS),darwin)
     TARGET_OS ?= darwin
 else ifeq ($(LOCAL_OS),windows)
     TARGET_OS ?= windows
+else ifeq ($(LOCAL_OS),freebsd)
+    TARGET_OS ?= freebsd
 else
     $(error This system's OS $(LOCAL_OS) isn't supported)
 endif
@@ -125,6 +127,58 @@ cloudflared-darwin-amd64.tgz: cloudflared
 	tar czf cloudflared-darwin-amd64.tgz cloudflared
 	rm cloudflared
 
+.PHONY: cloudflared-junos
+cloudflared-junos: cloudflared jetez-certificate.pem jetez-key.pem
+	jetez --source . \
+		  -j jet.yaml \
+		  --key jetez-key.pem \
+		  --cert jetez-certificate.pem \
+		  --version $(VERSION)
+	rm jetez-*.pem
+
+jetez-certificate.pem:
+ifndef JETEZ_CERT
+	$(error JETEZ_CERT not defined)
+endif
+	@echo "Writing JetEZ certificate"
+	@echo "$$JETEZ_CERT" > jetez-certificate.pem
+
+jetez-key.pem:
+ifndef JETEZ_KEY
+	$(error JETEZ_KEY not defined)
+endif
+	@echo "Writing JetEZ key"
+	@echo "$$JETEZ_KEY" > jetez-key.pem
+
+.PHONY: publish-cloudflared-junos
+publish-cloudflared-junos: cloudflared-junos cloudflared-x86-64.latest.s3
+ifndef S3_ENDPOINT
+	$(error S3_HOST not defined)
+endif
+ifndef S3_URI
+	$(error S3_URI not defined)
+endif
+ifndef S3_ACCESS_KEY
+	$(error S3_ACCESS_KEY not defined)
+endif
+ifndef S3_SECRET_KEY
+	$(error S3_SECRET_KEY not defined)
+endif
+	sha256sum cloudflared-x86-64-$(VERSION).tgz | awk '{printf $$1}' > cloudflared-x86-64-$(VERSION).tgz.shasum
+	s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \
+		put cloudflared-x86-64-$(VERSION).tgz $(S3_URI)/cloudflared-x86-64-$(VERSION).tgz
+	s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \
+		put cloudflared-x86-64-$(VERSION).tgz.shasum $(S3_URI)/cloudflared-x86-64-$(VERSION).tgz.shasum
+	dpkg --compare-versions "$(VERSION)" gt "$(shell cat cloudflared-x86-64.latest.s3)" && \
+		echo -n "$(VERSION)" > cloudflared-x86-64.latest && \
+		s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \
+			put cloudflared-x86-64.latest $(S3_URI)/cloudflared-x86-64.latest || \
+		echo "Latest version not updated"
+
+cloudflared-x86-64.latest.s3:
+	s4cmd --endpoint-url $(S3_ENDPOINT) --force \
+		get $(S3_URI)/cloudflared-x86-64.latest cloudflared-x86-64.latest.s3
+
 .PHONY: homebrew-upload
 homebrew-upload: cloudflared-darwin-amd64.tgz
 	aws s3 --endpoint-url $(S3_ENDPOINT) cp --acl public-read $$^ $(S3_URI)/cloudflared-$$(VERSION)-$1.tgz
diff --git a/cfsetup.yaml b/cfsetup.yaml
index cf36109e..3e8669fe 100644
--- a/cfsetup.yaml
+++ b/cfsetup.yaml
@@ -209,6 +209,35 @@ stretch: &stretch
     pre-cache: *install_pygithub
     post-cache:
       - make github-message
+  build-junos:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - build-essential
+      - python3
+      - genisoimage
+      - jetez
+    pre-cache:
+      - ln -s /usr/bin/genisoimage /usr/bin/mkisofs
+    post-cache:
+      - export GOOS=freebsd
+      - export GOARCH=amd64
+      - make cloudflared-junos
+  publish-junos:
+    build_dir: *build_dir
+    builddeps:
+      - *pinned_go
+      - build-essential
+      - python3
+      - genisoimage
+      - jetez
+      - s4cmd
+    pre-cache:
+      - ln -s /usr/bin/genisoimage /usr/bin/mkisofs
+    post-cache:
+      - export GOOS=freebsd
+      - export GOARCH=amd64
+      - make publish-cloudflared-junos
 
 jessie: *stretch
 
diff --git a/jet.yaml b/jet.yaml
new file mode 100644
index 00000000..b2cec200
--- /dev/null
+++ b/jet.yaml
@@ -0,0 +1,9 @@
+---
+basename: "cloudflared"
+comment: "Cloudflare Argo Tunnel"
+copyright: "Cloudflare, Inc"
+arch: "x86"
+abi: "64"
+files:
+    - source: cloudflared
+      destination: /var/db/scripts/jet/cloudflared