danog
diff --git a/‎.github/workflows/build-docker.yml‎
Lines changed: 81 additions & 0 deletions b/‎.github/workflows/build-docker.yml‎
Lines changed: 81 additions & 0 deletions
diff --git a/‎tests/dockerfiles/Dockerfile‎
Lines changed: 231 additions & 0 deletions b/‎tests/dockerfiles/Dockerfile‎
Lines changed: 231 additions & 0 deletions
diff --git a/‎tests/dockerfiles/Dockerfile.alpine‎
Lines changed: 0 additions & 32 deletions b/‎tests/dockerfiles/Dockerfile.alpine‎
Lines changed: 0 additions & 32 deletions
diff --git a/‎tests/dockerfiles/deepbind.patch‎
Lines changed: 51 additions & 0 deletions b/‎tests/dockerfiles/deepbind.patch‎
Lines changed: 51 additions & 0 deletions
@@ -0,0 +1,81 @@
+name: Build docker image
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - v8
+    tags:
+      - '*'
+
+permissions:
+  contents: read
+
+jobs:
+  pre_job:
+    permissions:
+      actions: write
+    runs-on: ubuntu-latest
+
+  build-docker:
+    permissions:
+      packages: write
+    needs: pre_job
+    strategy:
+      matrix:
+        image:
+          - ubuntu-latest
+          - ubuntu-24.04-arm
+        arch:
+          - amd64
+          - arm64
+        include:
+          - image: ubuntu-latest
+            arch: amd64
+          - image: ubuntu-24.04-arm
+            arch: arm64
+    runs-on: ${{ matrix.image }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # required for composer to automatically detect root package version
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Upload docker image
+        env:
+          EVENT_NAME: ${{ github.event_name }}
+          REF: ${{ github.ref }}
+          ACTOR: ${{ github.repository_owner }}
+          PLATFORM: ${{ matrix.image }}
+        run: |
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ghcr.io -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+          docker buildx build --platform linux/${{ matrix.arch }} . -f tests/dockerfiles/Dockerfile -t danog/madelineproto:next-debian-${{ matrix.arch }} --cache-from danog/madelineproto:next-debian-${{ matrix.arch }} --cache-to type=inline --push
+
+  merge-docker:
+    permissions:
+      packages: write
+    needs: build-docker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - uses: actions/checkout@v4
+
+      - name: Upload final docker image
+        env:
+          EVENT_NAME: ${{ github.event_name }}
+          REF: ${{ github.ref }}
+          ACTOR: ${{ github.repository_owner }}
+        run: |
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ghcr.io -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+          docker buildx imagetools create -t danog/madelineproto:debian danog/madelineproto:next-debian-{arm,amd}64
+          #docker buildx imagetools create -t danog/madelineproto:latest danog/madelineproto:next-debian-{arm,amd}64
@@ -0,0 +1,231 @@
+# Not alpine, due to possible performance issues of MUSL malloc.
+#
+# In theory this should not be relevant because PHP uses its own allocator,
+# but some one-time initialization logic inside PHP bypasses it,
+# which means system malloc *is* used more often especially in cases like these.
+#
+# Copied from autogenerated dockerfile in https://github.com/docker-library/php/tree/master/8.4/bookworm/cli.
+# Need to compile PHP from scratch in order to apply deepbind.patch and use jemalloc.
+
+FROM debian:bookworm-slim
+
+# prevent Debian's PHP packages from being installed
+# https://github.com/docker-library/php/pull/542
+RUN set -eux; \
+	{ \
+		echo 'Package: php*'; \
+		echo 'Pin: release *'; \
+		echo 'Pin-Priority: -1'; \
+	} > /etc/apt/preferences.d/no-debian-php
+
+# dependencies required for running "phpize"
+# (see persistent deps below)
+ENV PHPIZE_DEPS \
+		autoconf \
+		dpkg-dev \
+		file \
+		g++ \
+		gcc \
+		libc-dev \
+		make \
+		pkg-config \
+		re2c
+
+# persistent / runtime deps
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		$PHPIZE_DEPS \
+		ca-certificates git \
+		curl \
+		xz-utils \
+	; \
+	rm -rf /var/lib/apt/lists/*
+
+RUN curl -sSLf https://github.com/danog/PrimeModule-ext/archive/refs/tags/2.0.tar.gz | tar -xz && \
+    cd PrimeModule-ext-2.0 && \
+    make -j$(nproc) && \
+    make install && \
+    cd .. && \
+    rm -r PrimeModule-ext-2.0
+
+ENV PHP_INI_DIR /usr/local/etc/php
+RUN set -eux; \
+	mkdir -p "$PHP_INI_DIR/conf.d"; \
+# allow running as an arbitrary user (https://github.com/docker-library/php/issues/743)
+	[ ! -d /var/www/html ]; \
+	mkdir -p /var/www/html; \
+	chown www-data:www-data /var/www/html; \
+	chmod 1777 /var/www/html
+
+# Apply stack smash protection to functions using local buffers and alloca()
+# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
+# Enable optimization (-O2)
+# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
+# https://github.com/docker-library/php/issues/272
+# -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php)
+ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g"
+ENV PHP_CPPFLAGS="$PHP_CFLAGS"
+ENV PHP_LDFLAGS="-Wl,-O1 -pie"
+
+ENV GPG_KEYS AFD8691FDAEDF03BDF6E460563F15A9B715376CA 9D7F99A0CB8F05C8A6958D6256A97AF7600A39A6 0616E93D95AF471243E26761770426E17EBBB3DD
+
+ADD tests/dockerfiles/deepbind.patch /
+
+ADD https://github.com/php/php-src/commits/master.atom /dev/null
+
+RUN set -eux; \
+	\
+	mkdir -p /usr/src; \
+	cd /usr/src; \
+	\
+	git clone https://github.com/php/php-src.git --depth 1 --recursive -b PHP-8.4 php
+
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		libargon2-dev \
+		libcurl4-openssl-dev \
+		libonig-dev \
+		libreadline-dev \
+		libsodium-dev \
+		libsqlite3-dev pkg-config build-essential autoconf bison re2c \
+		libssl-dev \
+		libxml2-dev \
+		zlib1g-dev \
+		libcapstone-dev libffi-dev libpng-dev libgmp-dev libzip-dev \
+	; \
+	\
+	export \
+		CFLAGS="$PHP_CFLAGS" \
+		CPPFLAGS="$PHP_CPPFLAGS" \
+		LDFLAGS="$PHP_LDFLAGS" \
+# https://github.com/php/php-src/blob/d6299206dd828382753453befd1b915491b741c6/configure.ac#L1496-L1511
+		PHP_BUILD_PROVIDER='https://github.com/docker-library/php' \
+		PHP_UNAME='Linux - Docker' \
+	; \
+	cd /usr/src/php; \
+	git rev-parse HEAD > /php-src.commit; \
+	patch -p1 < /deepbind.patch; \
+	gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
+	debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
+# https://bugs.php.net/bug.php?id=74125
+	if [ ! -d /usr/include/curl ]; then \
+		ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \
+	fi; \
+	./buildconf; \
+	./configure \
+		--build="$gnuArch" \
+		--with-config-file-path="$PHP_INI_DIR" \
+		--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
+		\
+# make sure invalid --configure-flags are fatal errors instead of just warnings
+		--enable-option-checking=fatal \
+		\
+# https://github.com/docker-library/php/issues/439
+		--with-mhash \
+		\
+# https://github.com/docker-library/php/issues/822
+		--with-pic \
+		\
+# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195)
+		--enable-mbstring \
+# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself)
+		--enable-mysqlnd \
+# https://wiki.php.net/rfc/argon2_password_hash
+		--with-password-argon2 \
+# https://wiki.php.net/rfc/libsodium
+		--with-sodium \
+# always build against system sqlite3 (https://github.com/php/php-src/commit/6083a387a81dbbd66d6316a3a12a63f06d5f7109)
+		--with-pdo-sqlite=/usr \
+		--with-sqlite3=/usr \
+		\
+		--with-curl \
+		--with-iconv \
+		--with-openssl \
+		--with-readline \
+		--with-zlib --with-ffi --enable-intl --with-gmp --with-pdo-mysql --with-zip --enable-gd \
+		\
+# in PHP 7.4+, the pecl/pear installers are officially deprecated (requiring an explicit "--with-pear")
+		--with-pear \
+		\
+		--disable-cgi \
+		--disable-phpdbg \
+		--enable-pcntl \
+		--enable-mbstring \
+		--with-capstone \
+		--with-libdir="lib/$debMultiarch" \
+		\
+	; \
+	make -j "$(nproc)"; \
+	find -type f -name '*.a' -delete; \
+	make install; \
+	make clean; \
+	\
+# https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable)
+	cp -v php.ini-* "$PHP_INI_DIR/"; \
+	\
+	cd /; \
+	rm -r /usr/src/php; rm deepbind.patch; \
+	\
+# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
+	find /usr/local -type f -executable -exec ldd '{}' ';' \
+		| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+# update pecl channel definitions https://github.com/docker-library/php/issues/443
+	pecl update-channels; \
+	rm -rf /tmp/pear ~/.pearrc; \
+	\
+# smoke test
+	php --version
+
+COPY tests/dockerfiles/docker-php-* /usr/local/bin/
+ADD https://raw.githubusercontent.com/php/php-src/refs/heads/PHP-8.4/.gdbinit /root/.gdbinit
+
+RUN pecl install igbinary uv-beta pgsql memprof
+
+RUN apt-get update && apt-get -y --no-install-recommends install ssh git unzip libjemalloc2 ffmpeg nghttp2 && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+ADD tests/dockerfiles/php.ini /usr/local/etc/php/php.ini
+
+COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
+
+RUN ln -s "$(dpkg -L libjemalloc2 | grep libjemalloc.so | head -1)" /usr/lib/libjemalloc.so
+
+FROM scratch
+
+COPY --from=0 / /
+
+LABEL "repository"="http://github.com/danog/MadelineProto"
+LABEL "homepage"="http://docs.madelineproto.xyz"
+LABEL "maintainer"="Daniil Gentili <daniil@daniil.it>"
+
+LABEL "org.opencontainers.image.source"="http://github.com/danog/MadelineProto"
+LABEL "org.opencontainers.image.description"=" Async PHP client API for the telegram MTProto protocol"
+LABEL "org.opencontainers.image.licenses"=AGPL-3.0-only
+
+ENV PHP_INI_DIR /usr/local/etc/php
+ENV PATH=/composer/vendor/bin:${PATH}
+
+ENV USE_ZEND_ALLOC=0
+ENV LD_PRELOAD=/usr/lib/libjemalloc.so
+
+RUN php -v
+
+STOPSIGNAL SIGTERM
+
+WORKDIR /app
+
+CMD ["php", "/app/bot.php"]
@@ -0,0 +1,51 @@
+From e87144e1a87789dbb1b53957de1668086100e808 Mon Sep 17 00:00:00 2001
+From: Daniil Gentili <daniil@daniil.it>
+Date: Wed, 13 Nov 2024 12:24:29 +0000
+Subject: [PATCH] Add --enable-rtld-deepbind configure flag
+
+---
+ Zend/zend_portability.h |  2 +-
+ configure.ac            | 17 +++++++++++++++++
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h
+index 9ab46f9b32cfe..1efc15fb6386c 100644
+--- a/Zend/zend_portability.h
++++ b/Zend/zend_portability.h
+@@ -164,7 +164,7 @@
+ 
+ # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT)
+ #  define DL_LOAD(libname)			dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT)
+-# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer)
++# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) && !__has_feature(memory_sanitizer) && defined(PHP_USE_RTLD_DEEPBIND)
+ #  define DL_LOAD(libname)			dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL | RTLD_DEEPBIND)
+ # else
+ #  define DL_LOAD(libname)			dlopen(libname, PHP_RTLD_MODE | RTLD_GLOBAL)
+diff --git a/configure.ac b/configure.ac
+index 01d9ded69b920..137f7dae8c3a9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -868,6 +868,23 @@ AS_VAR_IF([PHP_RTLD_NOW], [yes],
+     [Define to 1 if 'dlopen()' uses the 'RTLD_NOW' mode flag instead of
+     'RTLD_LAZY'.])])
+ 
++if test "$PHP_SAPI" = "apache2handler"; then
++  PHP_RTLD_DEEPBIND_DEFAULT=yes
++else
++  PHP_RTLD_DEEPBIND_DEFAULT=no
++fi
++
++PHP_ARG_ENABLE([rtld-deepbind],
++  [whether to dlopen extensions with RTLD_DEEPBIND],
++  [AS_HELP_STRING([--enable-rtld-deepbind],
++    [Use dlopen with RTLD_DEEPBIND])],
++  [$PHP_RTLD_DEEPBIND_DEFAULT],
++  [$PHP_RTLD_DEEPBIND_DEFAULT])
++
++if test "$PHP_RTLD_DEEPBIND" = "yes"; then
++  AC_DEFINE(PHP_USE_RTLD_DEEPBIND, 1, [ Use dlopen with RTLD_DEEPBIND ])
++fi
++
+ PHP_ARG_WITH([layout],
+   [layout of installed files],
+   [AS_HELP_STRING([--with-layout=TYPE],