A bunch of little warning removal and format fix things.

This reverts commit 8f1e6a2fde.

.dockerignore

@@ -0,0 +1,3 @@
+.git/
+build/
+!build/zerotier

.gitignore

@@ -1,60 +1,23 @@
-# Main binaries created in *nix builds
-/zerotier-one
-/zerotier-idtool
-/zerotier-cli
-/zerotier-selftest
-/zerotier
-/nltest
-
-# OS-created garbage files from various platforms
+/build
+/cmake-build-debug
+/cmake-build-release
+/core/version.h
+/.idea
+/.ide-*
 .DS_Store
+.Trashes
+*.swp
+._*
+*~
+*~.nib
+*.secret
 .Apple*
 Thumbs.db
 @eaDir
-._*
-
-# Windows build droppings
-/windows/ZeroTierOne.sdf
-/windows/ZeroTierOne.v11.suo
-/windows/x64
-/windows/Win32
-/windows/*/x64
-/windows/*/Win32
-/windows/ZeroTierOne/Release
-/windows/ZeroTierOneService/obj
-/windows/ZeroTierOneService/bin
-/windows/Build
-/windows/Debug
-/windows/Release
-/windows/WebUIWrapper/bin
-/windows/WebUIWrapper/obj
-/windows/lib
-/ext/installfiles/windows/ZeroTier One-SetupFiles
-/ext/installfiles/windows/Prerequisites
-/ext/installfiles/windows/*-cache
-/ZeroTier One.msi
-/windows/.vs
-*.vcxproj.backup
-/windows/TapDriver6/Win7Debug
-/windows/TapDriver6/win7Release
-/windows/*.db
-/windows/*.opendb
-enc_temp_folder
-/windows/copyutil/bin
-/windows/copyutil/obj
-
-# *nix/Mac build droppings
-/build-*
-/ZeroTierOneInstaller-*
-/examples/docker/zerotier-one
-/examples/docker/test-*.env
-/world/mkworld
-/world/*.c25519
-zt1-src.tar.gz
-/MacEthernetTapAgent
-
-# Miscellaneous temporaries, build files, etc.
+.vscode
+__pycache__
 *.log
+*.bak
 *.opensdf
 *.user
 *.cache
@@ -63,10 +26,6 @@ zt1-src.tar.gz
 *.pid
 *.pkg
 *.o
-/*.a
-*.dylib
-*.so
-*.so.*
 *.o-*
 *.core
 *.deb
@@ -75,49 +34,6 @@ zt1-src.tar.gz
 *.tmp
 .depend
 node_modules
-zt1_update_*
-debian/files
-debian/zerotier-one
-debian/zerotier-one*.debhelper
-debian/*.log
-debian/zerotier-one.substvars
-root-watcher/config.json
-
-# Java/Android/JNI build droppings
-java/obj/
-java/libs/
-java/bin/
-java/classes/
-java/doc/
-java/build_win64/
-java/build_win32/
-/java/mac32_64/
-windows/WinUI/obj/
-windows/WinUI/bin/
-windows/ZeroTierOne/Debug/
-/ext/installfiles/windows/chocolatey/zerotier-one/*.nupkg
-
-# Miscellaneous mac/Xcode droppings
-.DS_Store
-.Trashes
-*.swp
-*~.nib
-DerivedData/
-build/
-*.pbxuser
-*.mode1v3
-*.mode2v3
-*.perspectivev3
-!default.pbxuser
-!default.mode1v3
-!default.mode2v3
-!default.perspectivev3
-*.xccheckout
-xcuserdata/
-ext/librethinkdbxx/build
-.vscode
-__pycache__
-*~
-attic/world/*.c25519
-attic/world/mkworld
-workspace/
+*.vcxproj.backup
+/*.db
+/*.opendb

AUTHORS.md

@@ -9,7 +9,7 @@
  * Java JNI Interface to enable Android application development, and Android app itself (code for that is elsewhere)<br>
    Grant Limberg / glimberg@gmail.com
 
- * ZeroTier SDK (formerly known as Network Containers)<br>
+ * ZeroTier SDK / libzt<br>
    Joseph Henry / joseph.henry@zerotier.com
 
 ## Third Party Contributors
@@ -32,44 +32,30 @@ ZeroTier includes the following third party code, either in ext/ or incorporated
 
  * LZ4 compression algorithm by Yann Collet
 
-   * Files: node/Packet.cpp (bundled within anonymous namespace)
+   * Files: node/LZ4.cpp
    * Home page: http://code.google.com/p/lz4/
-   * License grant: BSD 2-clause
-
- * http-parser by Joyent, Inc. (many authors)
-
-   * Files: ext/http-parser/*
-   * Home page: https://github.com/joyent/http-parser/
-   * License grant: MIT/Expat
+   * License: BSD 2-clause
 
  * C++11 json (nlohmann/json) by Niels Lohmann
 
    * Files: ext/json/*
    * Home page: https://github.com/nlohmann/json
-   * License grant: MIT
+   * License: MIT
 
  * tap-windows6 by the OpenVPN project
 
    * Files: windows/TapDriver6/*
    * Home page: https://github.com/OpenVPN/tap-windows6/
-   * License grant: GNU GPL v2
-   * ZeroTier Modifications: change name of driver to ZeroTier, add ioctl() to get L2 multicast memberships (source is in ext/ and modifications inherit GPL)
+   * License: GNU GPL v2
 
  * Salsa20 stream cipher, Curve25519 elliptic curve cipher, Ed25519 digital signature algorithm, and Poly1305 MAC algorithm, all by Daniel J. Bernstein
 
    * Files: node/Salsa20.* node/C25519.* node/Poly1305.*
    * Home page: http://cr.yp.to/
-   * License grant: public domain
-   * ZeroTier Modifications: slight cryptographically-irrelevant modifications for inclusion into ZeroTier core
-
- * MiniUPNPC and libnatpmp by Thomas Bernard
-
-   * Files: ext/libnatpmp/* ext/miniupnpc/*
-   * Home page: http://miniupnp.free.fr/
-   * License grant: BSD attribution no-endorsement
+   * License: public domain
 
  * cpp-httplib by yhirose
 
    * Files: ext/cpp-httplib/*
    * Home page: https://github.com/yhirose/cpp-httplib
-   * License grant: MIT
+   * License: MIT

CMakeLists.txt

@@ -1,12 +1,346 @@
-# CMake build script for libzerotiercore.a
+cmake_minimum_required (VERSION 3.8)
 
-cmake_minimum_required (VERSION 2.8)
-project (zerotiercore)
+cmake_policy(SET CMP0048 NEW)
 
-set (PROJ_DIR ${PROJECT_SOURCE_DIR})
-set (ZT_DEFS -std=c++11)
+if(${CMAKE_VERSION} VERSION_LESS 3.15)
+	cmake_policy(VERSION ${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION})
+else()
+	cmake_policy(VERSION 3.15)
+endif()
 
-file(GLOB core_src_glob ${PROJ_DIR}/node/*.cpp)
-add_library(zerotiercore STATIC ${core_src_glob})
+set(ZEROTIER_VERSION_MAJOR 1 CACHE INTERNAL "")
+set(ZEROTIER_VERSION_MINOR 9 CACHE INTERNAL "")
+set(ZEROTIER_VERSION_REVISION 0 CACHE INTERNAL "")
+set(ZEROTIER_VERSION_BUILD 0 CACHE INTERNAL "")
 
-target_compile_options(zerotiercore PRIVATE ${ZT_DEFS})
+project(zerotier
+	VERSION ${ZEROTIER_VERSION_MAJOR}.${ZEROTIER_VERSION_MINOR}.${ZEROTIER_VERSION_REVISION}.${ZEROTIER_VERSION_BUILD}
+	DESCRIPTION "ZeroTier Network Hypervisor"
+	LANGUAGES CXX C)
+
+if(NOT PACKAGE_STATIC)
+
+	find_program(
+		GO go
+		HINTS "/usr/local/go/bin" "/usr/bin" "/usr/local/bin" "C:/go/bin"
+	)
+	if(NOT GO)
+		message(FATAL_ERROR "Golang not found")
+	else(NOT GO)
+		message(STATUS "Found Golang at ${GO}")
+	endif(NOT GO)
+
+	set(default_build_type "Release")
+
+	if(WIN32)
+		set(CMAKE_CXX_STANDARD 17)
+		set(CMAKE_SYSTEM_VERSION "7" CACHE STRING INTERNAL FORCE)
+	else(WIN32)
+		if(APPLE)
+			set(CMAKE_CXX_STANDARD 17)
+		else(APPLE)
+			set(CMAKE_CXX_STANDARD 11)
+		endif(APPLE)
+	endif(WIN32)
+
+	if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
+		message(STATUS "Setting build type to '${default_build_type}' as none was specified.")
+		set(CMAKE_BUILD_TYPE "${default_build_type}" CACHE STRING "Choose the type of build." FORCE)
+		set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo")
+	endif()
+
+	option(BUILD_CENTRAL_CONTROLLER "Build ZeroTier Central Controller" OFF)
+	if(BUILD_CENTRAL_CONTROLLER)
+		find_package(PkgConfig REQUIRED)
+		if(APPLE)
+			set(CMAKE_PREFIX_PATH
+				${CMAKE_PREFIX_PATH}
+				/usr/local/opt/libpq
+				/usr/local/lib
+			)
+		endif(APPLE)
+		find_package(PostgreSQL REQUIRED)
+
+		pkg_check_modules(hiredis REQUIRED IMPORTED_TARGET hiredis)
+
+		add_subdirectory(controller/thirdparty/redis-plus-plus-1.1.1)
+		set(redispp_INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/controller/thirdparty/redis-plus-plus-1.1.1/src/sw)
+		set(redispp_STATIC_LIB redispp_static)
+	endif(BUILD_CENTRAL_CONTROLLER)
+
+	if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+		add_definitions(-DZT_DEBUG)
+	endif(CMAKE_BUILD_TYPE STREQUAL "Debug")
+
+	if(WIN32)
+
+		message("++ Setting Windows Compiler Flags ${CMAKE_BUILD_TYPE}")
+
+		add_definitions(-DNOMINMAX)
+		add_compile_options(
+			-Wall
+			-Wno-deprecated
+			-Wno-unused-function
+			-Wno-format
+			$<$<CONFIG:DEBUG>:-g>
+			$<$<CONFIG:DEBUG>:-O0>
+			$<$<CONFIG:RELEASE>:-O3>
+			$<$<CONFIG:RELEASE>:-ffast-math>
+			$<$<CONFIG:RELWITHDEBINFO>:-O3>
+			$<$<CONFIG:RELWITHDEBINFO>:-g>
+		)
+
+		set(GOFLAGS
+			-a
+			-trimpath
+		)
+
+		if(BUILD_32BIT)
+			set(CMAKE_SYSTEM_PROCESSOR "x86" CACHE STRING "system processor")
+			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32" CACHE STRING "c++ flags")
+			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m32" CACHE STRING "c flags")
+			set(GOARCH "GOARCH=386" CACHE STRING "go architecture")
+			add_compile_options(
+				-m32
+			)
+			add_link_options(
+				-m32
+			)
+		endif(BUILD_32BIT)
+
+	else(WIN32)
+
+		set(GOFLAGS
+			-trimpath
+			-buildmode=pie
+		)
+
+		if(APPLE)
+
+			message("++ Setting MacOS Compiler Flags ${CMAKE_BUILD_TYPE}")
+
+			set(MACOS_VERSION_MIN "10.12")
+
+			add_compile_options(
+				-Wall
+				-Wno-deprecated
+				-Wno-unused-function
+				-mmacosx-version-min=${MACOS_VERSION_MIN}
+				$<$<CONFIG:DEBUG>:-g>
+				$<$<CONFIG:DEBUG>:-O0>
+				$<$<CONFIG:RELEASE>:-Ofast>
+				$<$<CONFIG:RELEASE>:-ffast-math>
+				$<$<CONFIG:RELEASE>:-fPIE>
+				$<$<CONFIG:RELEASE>:-flto>
+				$<$<CONFIG:RELWITHDEBINFO>:-O1>
+				$<$<CONFIG:RELWITHDEBINFO>:-fPIE>
+				$<$<CONFIG:RELWITHDEBINFO>:-g>
+			)
+
+			add_link_options(
+				-mmacosx-version-min=${MACOS_VERSION_MIN}
+				$<$<CONFIG:RELEASE>:-flto>
+			)
+
+			set(GOFLAGS
+				${GOFLAGS}
+				-a
+				-ldflags '-w -extldflags \"-Wl,-undefined -Wl,dynamic_lookup\"'
+			)
+
+		else(APPLE)
+
+			message("++ Setting Linux/BSD/Posix Compiler Flags (${CMAKE_BUILD_TYPE})")
+
+			add_compile_options(
+				-Wall
+				-Wno-deprecated
+				-Wno-unused-function
+				-Wno-format
+				$<$<CONFIG:DEBUG>:-g>
+				$<$<CONFIG:DEBUG>:-O0>
+				$<$<CONFIG:RELEASE>:-O3>
+				$<$<CONFIG:RELEASE>:-ffast-math>
+				$<$<CONFIG:RELEASE>:-fPIE>
+				$<$<CONFIG:RELWITHDEBINFO>:-O3>
+				$<$<CONFIG:RELWITHDEBINFO>:-fPIE>
+				$<$<CONFIG:RELWITHDEBINFO>:-g>
+			)
+
+			option(BUILD_32BIT "Force building as 32-bit binary" OFF)
+			option(BUILD_STATIC "Build statically linked executable" OFF)
+			option(BUILD_ARM_V5 "Build ARMv5" OFF)
+			option(BUILD_ARM_V6 "Build ARMv6" OFF)
+
+			if(BUILD_ARM_V5 AND BUILD_ARM_V6)
+				message(FATAL_ERROR "BUILD_ARM_V5 and BUILD_ARM_V6 are mutually exclusive!")
+			endif(BUILD_ARM_V5 AND BUILD_ARM_V6)
+
+			if(BUILD_32BIT)
+				set(CMAKE_SYSTEM_PROCESSOR "x86" CACHE STRING "system processor")
+				set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32" CACHE STRING "c++ flags")
+				set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m32" CACHE STRING "c flags")
+				set(GOARCH "GOARCH=386" CACHE STRING "go architecture")
+				add_compile_options(
+					-m32
+				)
+			endif(BUILD_32BIT)
+
+			if(BUILD_STATIC)
+				add_link_options(
+					-static
+				)
+				set(CMAKE_EXE_LINKER_FLAGS "-static ${CMAKE_EXE_LINKER_FLAGS}")
+				set(GOFLAGS
+					${GOFLAGS}
+					-a
+					-tags osusergo,netgo
+					-ldflags '-w -extldflags \"-static -Wl,-unresolved-symbols=ignore-all\"'
+				)
+			else(BUILD_STATIC)
+				set(GOFLAGS
+					${GOFLAGS}
+					-a
+					-ldflags '-w -extldflags \"-Wl,-unresolved-symbols=ignore-all\"'
+				)
+			endif(BUILD_STATIC)
+
+			if(BUILD_ARM_V5)
+				set(GOARM "GOARM=5")
+			endif(BUILD_ARM_V5)
+
+			if(BUILD_ARM_V6)
+				set(GOARM "GOARM=6")
+			endif(BUILD_ARM_V6)
+
+		endif(APPLE)
+	endif(WIN32)
+
+	if (
+		CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64" OR
+		CMAKE_SYSTEM_PROCESSOR MATCHES "amd64" OR
+		CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64" OR
+		CMAKE_SYSTEM_PROCESSOR MATCHES "X86_64" OR
+		CMAKE_SYSTEM_PROCESSOR MATCHES "x64" OR
+		CMAKE_SYSTEM_PROCESSOR MATCHES "X64"
+	)
+		message("++ Adding flags for processor ${CMAKE_SYSTEM_PROCESSOR}")
+		add_compile_options(-maes -mrdrnd -mpclmul -msse -msse2)
+	endif()
+
+	if (
+		CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64" OR
+		CMAKE_SYSTEM_PROCESSOR MATCHES "arm64" OR
+		CMAKE_SYSTEM_PROCESSOR MATCHES "ARM64" OR
+		CMAKE_SYSTEM_PROCESSOR MATCHES "AARCH64"
+	)
+		message("++ Adding flags for processor ${CMAKE_SYSTEM_PROCESSOR}")
+		add_compile_options(-march=armv8-a+aes+crypto -mtune=generic -mstrict-align)
+	endif()
+
+	set(GO_BUILD_TAGS)
+
+	if(BUILD_CENTRAL_CONTROLLER)
+		add_definitions(-DZT_CONTROLLER_USE_LIBPQ=1)
+		set(GO_BUILD_TAGS -tags central)
+	endif(BUILD_CENTRAL_CONTROLLER)
+
+	add_subdirectory(core)
+	add_subdirectory(controller)
+	add_subdirectory(osdep)
+	add_subdirectory(serviceiocore)
+
+	file(GLOB go_src
+		${CMAKE_SOURCE_DIR}/cmd/*.go
+		${CMAKE_SOURCE_DIR}/cmd/cmd/*.go
+		${CMAKE_SOURCE_DIR}/pkg/zerotier/*.go
+	)
+	file(GLOB go_zt_service_tests_cmd_src
+		${CMAKE_SOURCE_DIR}/cmd/zt_service_tests/*.go
+	)
+
+	if(WIN32)
+		set(GO_EXE_NAME "zerotier.exe")
+		set(GO_SERVICE_TESTS_EXE_NAME "zt_service_tests.exe")
+		set(GO_EXTRA_LIBRARIES "-lstdc++ -lwsock32 -lws2_32 -liphlpapi -lole32 -loleaut32 -lrpcrt4 -luuid")
+	else(WIN32)
+		set(GO_EXE_NAME "zerotier")
+		set(GO_SERVICE_TESTS_EXE_NAME "zt_service_tests")
+		if(CMAKE_SYSTEM_NAME MATCHES "Linux")
+			set(GO_EXTRA_LIBRARIES "-lstdc++")
+			if(BUILD_ARM_V5)
+				set(GO_EXTRA_LIBRARIES
+					${GO_EXTRA_LIBRARIES}
+					"-latomic"
+				)
+			endif(BUILD_ARM_V5)
+		else()
+			set(GO_EXTRA_LIBRARIES "-lc++" "-lm")
+		endif()
+	endif(WIN32)
+
+	add_custom_target(
+		zt_service_tests ALL
+		BYPRODUCTS ${CMAKE_BINARY_DIR}/zt_service_tests
+		SOURCES ${go_src} ${go_zt_service_tests_cmd_src}
+		COMMAND ${CMAKE_COMMAND} -E env ${GOARCH} ${GOARM} CGO_ENABLED=1 CGO_CFLAGS=\"-O3\" CGO_LDFLAGS=\"$<TARGET_FILE:zt_core> $<TARGET_FILE:zt_controller> $<TARGET_FILE:zt_service_io_core> $<TARGET_FILE:zt_osdep> ${GO_EXTRA_LIBRARIES}\" ${GO} build -mod=vendor ${GOFLAGS} -o ${CMAKE_BINARY_DIR}/${GO_SERVICE_TESTS_EXE_NAME} ${go_zt_service_tests_cmd_src}
+		COMMENT "Compiling zt_service_tests (Go/cgo self-tests)..."
+	)
+	add_dependencies(zt_service_tests zt_osdep zt_core zt_controller zt_service_io_core)
+
+	add_custom_target(
+		zerotier ALL
+		BYPRODUCTS ${CMAKE_BINARY_DIR}/zerotier
+		SOURCES ${go_src}
+		COMMAND ${CMAKE_COMMAND} -E env ${GOARCH} ${GOARM} CGO_ENABLED=1 CGO_CFLAGS=\"-O3\" CGO_LDFLAGS=\"$<TARGET_FILE:zt_core> $<TARGET_FILE:zt_controller> $<TARGET_FILE:zt_service_io_core> $<TARGET_FILE:zt_osdep> ${GO_EXTRA_LIBRARIES}\" ${GO} build -mod=vendor ${GOFLAGS} -o ${CMAKE_BINARY_DIR}/${GO_EXE_NAME} ${CMAKE_SOURCE_DIR}/cmd/zerotier/zerotier.go
+		COMMENT "Compiling Go Code..."
+	)
+	add_dependencies(zerotier zt_osdep zt_core zt_controller zt_service_io_core)
+
+	install(PROGRAMS ${CMAKE_CURRENT_BINARY_DIR}/zerotier DESTINATION bin)
+
+else(NOT PACKAGE_STATIC)
+
+	if(BUILD_32BIT)
+		set(CMAKE_SYSTEM_PROCESSOR "x86" CACHE STRING "system processor")
+		set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32" CACHE STRING "c++ flags")
+		set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS} -m32" CACHE STRING "c flags")
+		add_compile_options(
+			-m32
+		)
+	endif(BUILD_32BIT)
+
+	set(STATIC_BINARY ${CMAKE_BINARY_DIR}/zerotier)
+	set(IMPORTED_LOCATION ${CMAKE_BINARY_DIR})
+	add_executable(zerotier IMPORTED GLOBAL)
+	install(PROGRAMS ${STATIC_BINARY} DESTINATION bin)
+
+endif(NOT PACKAGE_STATIC)
+
+# Linux packaging
+
+if("${CMAKE_SYSTEM_NAME}" EQUAL "Linux")
+	if(IS_DIRECTORY /lib/systemd/system)
+		install(
+			FILES ${CMAKE_CURRENT_SOURCE_DIR}/packaging/debian/zerotier.service
+			DESTINATION /lib/systemd/system
+		)
+	elseif(IS_DIRECTORY /usr/lib/systemd/system)
+		install(
+			FILES ${CMAKE_CURRENT_SOURCE_DIR}/packaging/debian/zerotier.service
+			DESTINATION /usr/lib/systemd/system
+		)
+	else()
+		install(
+			FILES ${CMAKE_CURRENT_SOURCE_DIR}/packaging/debian/zerotier.init
+			DESTINATION /etc/init.d
+		)
+	endif()
+endif()
+
+if("${ZT_PACKAGE_FORMAT}" MATCHES "DEB")
+	include(packaging/debian.cmake)
+elseif("${ZT_PACKAGE_FORMAT}" MATCHES "RPM")
+	include(packaging/rpm.cmake)
+else()
+endif()

COPYING

@@ -1,5 +1,5 @@
 ZeroTier One, an endpoint server for the ZeroTier virtual network layer.
-Copyright © 2011–2019 ZeroTier, Inc.
+Copyright © 2013–2020 ZeroTier, Inc.
 
 ZeroTier is released under the terms of the BSL version 1.1. See the
 file LICENSE.txt for details.

Jenkinsfile

@@ -7,6 +7,9 @@ pipeline {
     parameters {
         booleanParam(name: "BUILD_ALL", defaultValue: false, description: "Build all supported platform/architecture combos.  Defaults to x86/x64 only")
     }
+    environment {
+        PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
+    }
     
     agent none
     
@@ -18,7 +21,10 @@ pipeline {
                     tasks << buildStaticBinaries()
                     tasks << buildDebianNative()
                     tasks << buildCentosNative()
-                    
+                    tasks << buildMacOS()
+                    tasks << buildWindows()
+                    tasks << buildFreeBSD()
+
                     parallel tasks
                 }
             }
@@ -33,12 +39,81 @@ pipeline {
     }
 }
 
+def buildMacOS() {
+    def tasks = [:]
+    tasks << getTasks(['mac'],['amd64'], {unused1, unused2 ->
+        def myNode = {
+            env.PATH = env.PATH + ":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
+            node ('mac') {
+                dir("build") {
+                    checkout scm
+                    sh 'make'
+                }
+                cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+            }
+        }
+        return myNode
+    })
+    return tasks
+}
+
+def buildWindows() {
+    def tasks = [:]
+    tasks << getTasks(['windows'], ['amd64', 'i386'], { unused1, platform ->
+        def myNode = {
+            node ('windows') {
+                env.SHELL = 'C:/Windows/System32/cmd.exe'
+                dir ("build") {
+                    checkout scm
+                    
+                    dir ("build") {
+                        withEnv(["PATH=C:\\TDM-GCC-64\\bin;C:\\WINDOWS;C:\\Windows\\system32;C:\\CMake\\bin;C:\\Go\\bin"]) {
+                            def cmakeFlags = ""
+                            if (platform == "i386") {
+                                cmakeFlags = '-DBUILD_32BIT=1'
+                            }
+                            bat """
+                            cmake -G"MinGW Makefiles" -DCMAKE_BUILD_TYPE=Release ${cmakeFlags} ..
+                            mingw32-make -j8
+                            """
+                        }
+                    }
+                    cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+                }
+            }
+        }
+        return myNode
+    })
+
+    return tasks
+}
+
+def buildFreeBSD() {
+    def tasks = [:]
+    tasks << getTasks(['freebsd12'], ['amd64'], { unused1, unused2 ->
+        def myNode = {
+            node ('freebsd12') {
+                dir('build') {
+                    checkout scm
+                    sh 'make setup'
+                    dir('build') {
+                        sh 'make -j4'
+                    }
+                }
+                cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
+            }
+        }
+        return myNode
+    })
+    return tasks
+}
+
 def buildStaticBinaries() {
     def tasks = [:]
     def dist = ["alpine"]
     def archs = []
     if (params.BUILD_ALL == true) {
-        archs = ["arm64", "amd64", "i386", "armhf", "armel", "ppc64le", "s390x"]
+        archs = ["arm64", "amd64", "i386", "armhf", "ppc64le", "s390x"]
     } else {
         archs = ["amd64", "i386"]
     }
@@ -46,17 +121,26 @@ def buildStaticBinaries() {
     tasks << getTasks(dist, archs, { distro, platform -> 
         def myNode = {
             node ('linux-build') {
+                env.PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
                 dir ("build") {
                     checkout scm
                 }
-                sh "echo ${distro}-${platform}"
                 def runtime = docker.image("ztbuild/${distro}-${platform}:latest")
                 runtime.inside {
                     dir("build") {
-                        sh 'make -j8 ZT_STATIC=1 all'
-                        sh "file ./zerotier-one"
-                        sh "mv zerotier-one zerotier-one-static-${platform}"
-                        stash includes: 'zerotier-one-static-*', name: "static-${platform}"
+
+                        def cmakeFlags = 'CMAKE_ARGS="-DBUILD_STATIC=1"'
+                        if (platform == "i386") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_STATIC=1"'
+                        } else if (platform == "armhf") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_STATIC=1 -DBUILD_ARM_V6=1"'
+                        }
+                   
+                        sh "${cmakeFlags} make"
+                        dir("build") {
+                            sh "mv zerotier zerotier-static-${platform}"
+                            stash includes: 'zerotier-static-*', name: "static-${platform}"
+                        }
                     }
                     cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
                 }
@@ -82,37 +166,13 @@ def getTasks(axisDistro, axisPlatform, task) {
 
 def packageStatic() {
     def tasks = [:]
-    
-    def centos6 = ["centos6"]
-    def centos6Arch = ["i386", "amd64"]
-    tasks << getTasks(centos6, centos6Arch, { distro, arch -> 
-        def myNode = {
-            node ('linux-build') {
-                dir ("build") {
-                    checkout scm
-                }
-                def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
-                runtime.inside {
-                    dir("build") {
-                        unstash "static-${arch}"
-                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one" 
-                        sh "make redhat"
-                        sh "mkdir -p ${distro}"
-                        sh "cp -av `find ~/rpmbuild/ -type f -name \"*.rpm\"` ${distro}/"
-                        archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
-                    }
-                }
-                cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
-            }
-        }
-        return myNode
-    })
-    
+        
     def centos7 = ["centos7"]
     def centos7Arch = ["i386"]
     tasks << getTasks(centos7, centos7Arch, { distro, arch -> 
         def myNode = {
             node ('linux-build') {
+                env.PATH = env.PATH + ":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
                 dir ("build") {
                     checkout scm
                 }
@@ -120,10 +180,14 @@ def packageStatic() {
                 runtime.inside {
                     dir("build") {
                         unstash "static-${arch}"
-                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one" 
-                        sh "make redhat"
+                        sh "mkdir -p build"
+                        sh "mv zerotier-static-${arch} build/zerotier && chmod +x build/zerotier" 
+                        sh 'CMAKE_ARGS="-DBUILD_32BIT=1 -DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=RPM" make setup'
+                        dir("build") {
+                            sh 'make package -j4 VERBOSE=1'
+                        }
                         sh "mkdir -p ${distro}"
-                        sh "cp -av `find ~/rpmbuild/ -type f -name \"*.rpm\"` ${distro}/"
+                        sh "cp -av build/*.rpm ${distro}/"
                         archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
                     }
                 }
@@ -134,22 +198,31 @@ def packageStatic() {
     })
     
     if (params.BUILD_ALL == true) {
-        def clefos7 = ["clefos"]
-        def clefos7Arch = ["s390x"]
-        tasks << getTasks(clefos7, clefos7Arch, { distro, arch -> 
+        def s390xStatics = ["clefos", "debian-buster", "debian-sid", "debian-bullseye", "debian-stretch", "ubuntu-bionic", "ubuntu-eoan", "ubuntu-focal"]
+        def s390x = ["s390x"]
+        tasks << getTasks(s390xStatics, s390x , { distro, arch -> 
             def myNode = {
                 node ('linux-build') {
+                    env.PATH = env.PATH + ":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
                     dir ("build") {
                         checkout scm
                     }
                     def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
+                    def pkgFormat = "DEB"
+                    if (distro == "clefos") {
+                        pkgFormat = "RPM"
+                    }
                     runtime.inside {
                         dir("build/") {
                             unstash "static-${arch}"
-                            sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one" 
-                            sh "make redhat"
+                            sh "mkdir -p build"
+                            sh "mv zerotier-static-${arch} build/zerotier && chmod +x build/zerotier" 
+                            sh "CMAKE_ARGS=\"-DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=${pkgFormat}\" make setup"
+                            dir("build") {
+                                sh 'make package -j4 VERBOSE=1'
+                            }
                             sh "mkdir -p ${distro}"
-                            sh "cp -av `find ~/rpmbuild/ -type f -name \"*.rpm\"` ${distro}/"
+                            sh "cp -av build/*.rpm ${distro}/"
                             archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
                         }
                     }
@@ -163,30 +236,40 @@ def packageStatic() {
     def debianJessie = ["debian-jessie"]
     def debianJessieArchs = []
     if (params.BUILD_ALL == true) {
-        debianJessieArch = ["armhf", "armel", "amd64", "i386"]
+        debianJessieArch = ["armhf", "amd64", "i386"]
     } else {
         debianJessieArch = ["amd64", "i386"]
     }
     tasks << getTasks(debianJessie, debianJessieArch, { distro, arch -> 
         def myNode = {
             node ('linux-build') {
+                env.PATH = env.PATH + ":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
                 dir ("build") {
                     checkout scm
                 }
                 def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
                 runtime.inside {
-                    sh "ls -la ."
                     dir('build/') {
-                        sh "ls -la ."
+                        def cmakeFlags = 'CMAKE_ARGS="-DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB"'
+                        if (arch == "i386") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_32BIT=1 -DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB"'
+                        } else if (arch == "armel") {
+                            cmakeFlags = 'CMAKE_ARGS="-DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB -DBUILD_ARM_V5=1"'
+                        } else if (arch == "armhf") {
+                            cmakeFlags = 'CMAKE_ARGS="-DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB -DBUILD_ARM_V6=1"'
+                        }
+                   
                         unstash "static-${arch}"
-                        sh "pwd"
-                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one && file ./zerotier-one" 
-                        sh "mv -f debian/rules.static debian/rules"
-                        sh "make debian"
+                        sh "mkdir -p build"
+                        sh "mv zerotier-static-${arch} build/zerotier && chmod +x build/zerotier" 
+                        sh "${cmakeFlags} make setup"
+                        dir("build") {
+                            sh 'make package -j4 VERBOSE=1'
+                        }
+                        sh "mkdir -p ${distro}"
+                        sh "cp -av build/*.deb ${distro}/"
+                        archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
                     }
-                    sh "mkdir -p ${distro}"
-                    sh "mv *.deb ${distro}"
-                    archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
                 }
                 cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
             }
@@ -197,30 +280,40 @@ def packageStatic() {
     def ubuntuTrusty = ["ubuntu-trusty"]
     def ubuntuTrustyArch = []
     if (params.BUILD_ALL == true) {
-        ubuntuTrustyArch = ["i386", "amd64", "armhf", "arm64", "ppc64le"]
+        ubuntuTrustyArch = ["i386", "amd64", "arm64", "ppc64le"]
     } else {
         ubuntuTrustyArch = ["i386", "amd64"]
     }
     tasks << getTasks(ubuntuTrusty, ubuntuTrustyArch, { distro, arch -> 
         def myNode = {
             node ('linux-build') {
+                env.PATH = env.PATH + ":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
                 dir ("build") {
                     checkout scm
                 }
                 def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
                 runtime.inside {
-                    sh "ls -la ."
                     dir('build/') {
-                        sh "ls -la ."
+                        def cmakeFlags = 'CMAKE_ARGS="-DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB"'
+                        if (arch == "i386") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_32BIT=1 -DBUILD_STATIC=1 -DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB"'
+                        } else if (arch == "armel") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_STATIC=1 -DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB -DBUILD_ARM_V5=1"'
+                        } else if (arch == "armhf") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_STATIC=1 -DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB -DBUILD_ARM_V6=1"'
+                        }
+
                         unstash "static-${arch}"
-                        sh "pwd"
-                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one && file ./zerotier-one" 
-                        sh "mv -f debian/rules.static debian/rules"
-                        sh "make debian"
+                        sh "mkdir -p build"
+                        sh "mv zerotier-static-${arch} build/zerotier && chmod +x build/zerotier" 
+                        sh "${cmakeFlags} make setup"
+                        dir("build") {
+                            sh 'make package -j4 VERBOSE=1'
+                        }
+                        sh "mkdir -p ${distro}"
+                        sh "cp -av build/*.deb ${distro}/"
+                        archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
                     }
-                    sh "mkdir -p ${distro}"
-                    sh "mv *.deb ${distro}"
-                    archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
                 }
                 cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
             }
@@ -231,28 +324,39 @@ def packageStatic() {
     def debianWheezy = ["debian-wheezy"]
     def debianWheezyArchs = []
     if (params.BUILD_ALL == true) {
-        debianWheezyArchs = ["armhf", "armel", "amd64", "i386"]
+        debianWheezyArchs = ["armhf", "amd64", "i386"]
     } else {
         debianWheezyArchs = ["amd64", "i386"]
     }
     tasks << getTasks(debianJessie, debianJessieArch, { distro, arch -> 
         def myNode = {
             node ('linux-build') {
+                env.PATH = env.PATH + ":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
                 dir ("build") {
                     checkout scm
                 }
                 def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
                 runtime.inside {
                     dir('build/') {
+                        def cmakeFlags = 'CMAKE_ARGS="-DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB"'
+                        if (arch == "i386") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_32BIT=1 -DBUILD_STATIC=1 -DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB"'
+                        } else if (arch == "armel") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_STATIC=1 -DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB -DBUILD_ARM_V5=1"'
+                        } else if (arch == "armhf") {
+                            cmakeFlags = 'CMAKE_ARGS="-DBUILD_STATIC=1 -DPACKAGE_STATIC=1 -DZT_PACKAGE_FORMAT=DEB -DBUILD_ARM_V6=1"'
+                        }
                         unstash "static-${arch}"
-                        sh "mv zerotier-one-static-${arch} zerotier-one && chmod +x zerotier-one && file ./zerotier-one" 
-                        sh "mv -f debian/rules.wheezy.static debian/rules"
-                        sh "mv -f debian/control.wheezy debian/control"
-                        sh "make debian"
+                        sh "mkdir -p build"
+                        sh "mv zerotier-static-${arch} build/zerotier && chmod +x build/zerotier" 
+                        sh "${cmakeFlags} make setup"
+                        dir("build") {
+                            sh 'make package -j4 VERBOSE=1'
+                        }
+                        sh "mkdir -p ${distro}"
+                        sh "cp -av build/*.deb ${distro}/"
+                        archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
                     }
-                    sh "mkdir -p ${distro}"
-                    sh "mv *.deb ${distro}"
-                    archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
                 }
                 cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
             }
@@ -265,27 +369,40 @@ def packageStatic() {
 
 def buildDebianNative() {
     def tasks = [:]
-    def buster = ["debian-buster", "debian-stretch", "debian-bullseye", "debian-sid"]
-    def busterArchs = []
+    def debian = ["debian-buster" , "debian-stretch", "debian-sid", "debian-bullseye"]
+    def debianArchs = []
     if (params.BUILD_ALL) {
-        busterArchs = ["s390x", "ppc64le", "i386", "armhf", "armel", "arm64", "amd64"]
+        debianArchs = ["ppc64le", "i386", "armhf", "armel", "arm64", "amd64"]
     } else {
-        busterArchs = ["amd64", "i386"]
+        debianArchs = ["amd64", "i386"]
     }
     
     def build = { distro, arch -> 
         def myNode = {
             node ('linux-build') {
+                env.PATH = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
                 dir ("build") {
                     checkout scm
                 }
                 def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
                 runtime.inside {
+                    def cmakeFlags = 'CMAKE_ARGS="-DZT_PACKAGE_FORMAT=DEB"'
+                    if (arch == "i386") {
+                        cmakeFlags = 'CMAKE_ARGS="-DBUILD_32BIT=1 -DZT_PACKAGE_FORMAT=DEB"'
+                    } else if (arch == "armel") {
+                        cmakeFlags = 'CMAKE_ARGS="-DZT_PACKAGE_FORMAT=DEB -DBUILD_ARM_V5=1"'
+                    } else if (arch == "armhf") {
+                        cmakeFlags = 'CMAKE_ARGS="-DZT_PACKAGE_FORMAT=DEB -DBUILD_ARM_V6=1"'
+                    }
+                   
                     dir("build") {
-                        sh 'make debian'
+                        sh "${cmakeFlags} make setup"
+                        dir("build") {
+                            sh "make package -j4 VERBOSE=1"
+                        }
                     }
                     sh "mkdir -p ${distro}"
-                    sh "mv *.deb ${distro}"
+                    sh "mv build/build/*.deb ${distro}"
                     archiveArtifacts artifacts: "${distro}/*.deb", onlyIfSuccessful: true
                     cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
                 }
@@ -294,8 +411,8 @@ def buildDebianNative() {
         return myNode
     }
     
-    tasks << getTasks(buster, busterArchs, build)
-    
+    tasks << getTasks(debian, debianArchs, build)
+ 
     // bash is broken when running under QEMU-s390x on Xenial
     def xenial = ["ubuntu-xenial"]
     def xenialArchs = []
@@ -309,12 +426,21 @@ def buildDebianNative() {
     def ubuntu = ["ubuntu-bionic", "ubuntu-eoan"]
     def ubuntuArchs = []
     if (params.BUILD_ALL == true) {
-        ubuntuArchs = ["i386", "amd64", "armhf", "arm64", "ppc64le", "s390x"]
+        ubuntuArchs = ["i386", "amd64", "armhf", "arm64", "ppc64le"]
     } else {
         ubuntuArchs = ["i386", "amd64"]
     }
     tasks << getTasks(ubuntu, ubuntuArchs, build)
     
+    def ubuntuFocal = ["ubuntu-focal"]
+    def ubuntuFocalArchs = []
+    if (params.BUILD_ALL == true) {
+        ubuntuFocalArchs = ["amd64", "arm64", "ppc64le"]
+    } else {
+        ubuntuFocalArchs = ["amd64"]
+    }
+    tasks << getTasks(ubuntuFocal, ubuntuFocalArchs, build)
+
     def kali = ["kali-rolling"]
     def kaliArchs = ["amd64"]
     tasks << getTasks(kali, kaliArchs, build)
@@ -328,18 +454,29 @@ def buildCentosNative() {
     def build = { distro, arch -> 
         def myNode = {
             node ('linux-build') {
+                env.PATH = env.PATH + ":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/home/jenkins-build/go/bin"
                 dir ("build") {
                     checkout scm
                 }
                 def runtime = docker.image("ztbuild/${distro}-${arch}:latest")
                 runtime.inside {
                     dir("build") {
-                        sh 'make -j4'
-                        sh 'make redhat'
-                        sh "mkdir -p ${distro}"
-                        sh "cp -av `find ~/rpmbuild/ -type f -name \"*.rpm\"` ${distro}/"
-                        archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
+                        if (distro == 'centos7' && arch == 'amd64') {
+                            sh 'source scl_source enable devtoolset-8 llvm-toolset-7 && CMAKE_ARGS="-DZT_PACKAGE_FORMAT=RPM" make setup'
+                        } else {
+                            sh 'CMAKE_ARGS="-DZT_PACKAGE_FORMAT=RPM" make setup'
+                        }
+                        dir ("build") {
+                            if (distro == 'centos7' && arch == 'amd64') {
+                                sh 'source scl_source enable devtoolset-8 llvm-toolset-7 && make package -j4 VERBOSE=1'
+                            } else {
+                                sh 'make package -j4 VERBOSE=1'
+                            }
+                        }
                     }
+                    sh "mkdir -p ${distro}"
+                    sh "cp -av build/build/*.rpm ${distro}/"
+                    archiveArtifacts artifacts: "${distro}/*.rpm", onlyIfSuccessful: true
                     
                     cleanWs deleteDirs: true, disableDeferredWipeout: true, notFailBuild: true
                 }

LICENSE.txt

@@ -10,8 +10,8 @@ License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
 Parameters
 
 Licensor:             ZeroTier, Inc.
-Licensed Work:        ZeroTier Network Virtualization Engine 1.4.4
-                      The Licensed Work is (c)2019 ZeroTier, Inc.
+Licensed Work:        ZeroTier Network Virtualization Engine
+                      The Licensed Work is (c)2013-2020 ZeroTier, Inc.
 Additional Use Grant: You may make use of the Licensed Work, provided you
                       do not use it in any of the following ways:
 
@@ -26,7 +26,7 @@ Additional Use Grant: You may make use of the Licensed Work, provided you
                       ZeroTier behind the scenes to operate a service not
                       related to ZeroTier network administration.
 
-                      * Create Non-Open-Source Commercial Derviative Works
+                      * Create Non-Open-Source Commercial Derivative Works
 
                       (2) Link or directly include the Licensed Work in a
                       commercial or for-profit application or other product
@@ -47,7 +47,7 @@ Additional Use Grant: You may make use of the Licensed Work, provided you
                       services, social welfare, senior care, child care, and
                       the care of persons with disabilities.
 
-Change Date:          2023-01-01
+Change Date:          2025-01-01
 
 Change License:       Apache License version 2.0 as published by the Apache
                       Software Foundation

Makefile

@@ -1,28 +1,31 @@
-# Common makefile -- loads make rules for each platform
+BUILDDIR := build
+TIMESTAMP=$(shell date +"%Y%m%d%H%M")
 
-OSTYPE=$(shell uname -s)
+.PHONY: all
 
-ifeq ($(OSTYPE),Darwin)
-	include make-mac.mk
-endif
+all:	setup
+	cd ${BUILDDIR} && $(MAKE) -j4 VERBOSE=1
 
-ifeq ($(OSTYPE),Linux)
-	include make-linux.mk
-endif
+setup:
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Release ${CMAKE_ARGS}
 
-ifeq ($(OSTYPE),FreeBSD)
-	CC=clang
-	CXX=clang++
-	ZT_BUILD_PLATFORM=7
-	include make-bsd.mk
-endif
-ifeq ($(OSTYPE),OpenBSD)
-	CC=egcc
-	CXX=eg++
-	ZT_BUILD_PLATFORM=9
-	include make-bsd.mk
-endif
+setup-debug:
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug ${CMAKE_ARGS}
 
-ifeq ($(OSTYPE),NetBSD)
-	include make-netbsd.mk
-endif
+debug:
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug ${CMAKE_ARGS} && $(MAKE)
+
+central-controller:
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_CENTRAL_CONTROLLER=1 ${CMAKE_ARGS} && $(MAKE) -j4
+
+central-controller-debug:
+	mkdir -p ${BUILDDIR} && cd ${BUILDDIR} && cmake .. -DCMAKE_BUILD_TYPE=Debug -DBUILD_CENTRAL_CONTROLLER=1 ${CMAKE_ARGS}  && $(MAKE) -j4
+
+central-controller-docker:
+	docker build -t registry.zerotier.com/zerotier-central/ztcentral-controller:${TIMESTAMP} -f controller/central-docker/Dockerfile .
+
+clean:
+	rm -rf ${BUILDDIR}
+
+distclean:
+	rm -rf ${BUILDDIR}

RELEASE-NOTES.md

@@ -1,6 +1,43 @@
 ZeroTier Release Notes
 ======
 
+# Version 1.9.0 (2.0 beta)
+
+Version 2.0 is a very significant release with many changes. It remains backward compatibility to version 1.4.0 (and possibly earlier versions but this is not guaranteed) but makes numerous local and behavioral changes that should be reviewed before upgrading production systems.
+
+After this release we're going to be working to get to a more frequent, less extreme, more "agile" release cadence.
+
+Protocol changes:
+
+ * Trusted paths have been completely removed. The new AES mode is so fast on CPUs with AES acceleration that much of the rationale for this is gone, and this feature was never used much to begin with due to inconvenience and obvious security concerns. Environments using trusted paths will need to upgrade all nodes at once.
+ * The symmetric encryption algorithm and mode is now AES-GMAC-SIV, a variation of AES-GCM using the same primitives but offering superior security bounds and behavior under non-ideal conditions. It's also a lot faster than Salsa20/12 and Poly1305 on CPUs with AES acceleration (almost all desktops, laptops, and newer routers and phones). Salsa20/12 with Poly1305 is still supported for communication with older versions and small devices that lack AES acceleration.
+ * A new identity type (1) has been introduced that contains both Curve25519 and NIST P-384 public key types, but classic type 0 remains the default for new identities for now. ECDH key agreement between V1 identities uses both keys and hashes the resulting secrets to yield security equal to the best of the two, but V1 identities can also agree with V0 identities using only their Curve25519 component.
+ * Roots can now be joined and left like networks in a much more convenient way, and the old "moon" and "planet" terminology is deprecated.
+ * A new peer to peer multicast algorithm has been introduced that offers much better scalability and better performance, especially when the physical network itself is hub-and-spoke with many low latency peers connected by higher latency WAN links.
+ * Forward secrecy is finally supported via periodic re-keying using ephemeral asymmetric keys. Both Curve25519 and NIST P-384 keys are used with secrets being hashed to provide security equal to the stronger of the two curves.
+ * As part of forward secrecy implementation peers now always exchange HELLO messages even if they don't have a direct path.
+ * Compression is only enabled for control packets as almost all data packets are largely un-compressable.
+ * New NAT traversal tricks have been added, such as (ab)use of port 500.
+
+Code changes:
+
+ * Migrated from GNU make to cmake for easier cross platform builds and simplified build files.
+ * The core network hypervisor has been significantly refactored, almost amounting to a partial rewrite.
+ * Critical packet handling paths have been streamlined with unnecessary memcpy() steps removed.
+ * Host service code has been completely rewritten in Go. Packet handling code remains in C++, but Go offers superior developer productivity when it comes to implementing more complex local service and local API features. Go imposes a little bit more memory overhead but not much and has been tuned to minimize memory use.
+
+User interface:
+
+ * Command line interface has been redesigned and rewritten. Old commands names are supported but their output will be different.
+
+Other things:
+
+ * The V2 design, protocol, and cryptographic primitives (AES-GMAC-SIV) have been security audited by [Trail of Bits](https://www.trailofbits.com), and the code is being audited as well prior to full 2.0 release.
+
+---
+
+# Older version release notes
+
 # 2019-08-30 -- Version 1.4.6
 
  * Update default root list to latest

attic/PeerList.hpp

@@ -0,0 +1,119 @@
+/*
+ * Copyright (c)2013-2020 ZeroTier, Inc.
+ *
+ * Use of this software is governed by the Business Source License included
+ * in the LICENSE.TXT file in the project's root directory.
+ *
+ * Change Date: 2025-01-01
+ *
+ * On the date above, in accordance with the Business Source License, use
+ * of this software will be governed by version 2.0 of the Apache License.
+ */
+/****/
+
+#ifndef ZT_PEERLIST_HPP
+#define ZT_PEERLIST_HPP
+
+#include "Constants.hpp"
+#include "SharedPtr.hpp"
+#include "Peer.hpp"
+
+namespace ZeroTier {
+
+/**
+ * A list of peers
+ *
+ * This is a simple vector optimized for the case where there will almost always
+ * be zero or one element. In that case it doesn't allocate. If there's more than
+ * one element, it will grow to include all elements.
+ *
+ * It's used to return lookups in Topology where there will almost always be zero
+ * or one peers returned but where there technically (but very rarely) can be more.
+ */
+class PeerList
+{
+public:
+	ZT_INLINE PeerList() noexcept:
+		m_onePeer(),
+		m_peers(&m_onePeer),
+		m_peerCount(0)
+	{}
+
+	ZT_INLINE PeerList(const PeerList &pl)
+	{
+		const unsigned int pc = pl.m_peerCount;
+		if (likely(pc <= 1)) {
+			m_onePeer = pl.m_onePeer;
+			m_peers = &m_onePeer;
+		} else {
+			m_peers = new SharedPtr<Peer>[pc];
+			for (unsigned int i = 0;i < pc;++i)
+				m_peers[i] = pl.m_peers[i];
+		}
+		m_peerCount = pc;
+	}
+
+	ZT_INLINE ~PeerList()
+	{
+		if (unlikely(m_peers != &m_onePeer))
+			delete[] m_peers;
+	}
+
+	ZT_INLINE PeerList &operator=(const PeerList &pl)
+	{
+		if (&pl != this) {
+			if (unlikely(m_peers != &m_onePeer))
+				delete[] m_peers;
+			if (likely(pl.m_peerCount <= 1)) {
+				m_onePeer = pl.m_onePeer;
+				m_peers = &m_onePeer;
+			} else {
+				m_onePeer.zero();
+				m_peers = new SharedPtr<Peer>[pl.m_peerCount];
+				for (unsigned int i = 0;i < pl.m_peerCount;++i)
+					m_peers[i] = pl.m_peers[i];
+			}
+			m_peerCount = pl.m_peerCount;
+		}
+		return *this;
+	}
+
+	/**
+	 * Resize the peer list to store a given number of members
+	 *
+	 * To populate the list, this must be called first followed by each member
+	 * being set with the [] operator. List content after this call is undefined
+	 * and may contain old data if the object is being re-used.
+	 *
+	 * @param s New size of list
+	 */
+	ZT_INLINE void resize(const unsigned int s)
+	{
+		if (unlikely(m_peers != &m_onePeer))
+			delete[] m_peers;
+		m_peerCount = s;
+		if (likely(s <= 1)) {
+			m_peers = &m_onePeer;
+		} else {
+			m_peers = new SharedPtr<Peer>[s];
+		}
+	}
+
+	ZT_INLINE SharedPtr <Peer> &operator[](const unsigned int i) noexcept
+	{ return m_peers[i]; }
+
+	ZT_INLINE const SharedPtr <Peer> &operator[](const unsigned int i) const noexcept
+	{ return m_peers[i]; }
+
+	ZT_INLINE unsigned int size() const noexcept
+	{ return m_peerCount; }
+
+private:
+	SharedPtr <Peer> m_onePeer;
+	SharedPtr <Peer> *m_peers;
+	unsigned int m_peerCount;
+};
+
+} // namespace ZeroTier
+
+#endif

attic/doc/SECURITY.md

@@ -0,0 +1,149 @@
+ZeroTier security and cryptographic design
+=======
+
+(c)2020 ZeroTier, Inc.  
+Author(s): Adam Ierymenko <adam@zerotier.com>
+
+# Introduction
+
+This document describes the core components of ZeroTier's cryptographic and security architecture. It focuses primarily on version 2.0 and only briefly touches on v1.x constructions that are being phased out.
+
+The intended audience for this document is developers, auditors, and security professionals wishing to understand ZeroTier's design from a security posture point of view. It's also written to serve as the basis for professional security audits of the ZeroTier protocol and code base.
+
+## High-Level Protocol Design
+
+ZeroTier's protocol is split into two conceptual layers that we term **VL1** and **VL2**.
+
+VL1 stands for *virtual layer 1* and is a cryptographically addressed secure global peer-to-peer network responsible for moving packets between ZeroTier nodes. It's a virtual analogue of the physical wire or radio transciever in an Ethernet or WiFi network respectively. Think of it as a gigantic wire closet for planet Earth.
+
+VL2 stands for *virtual layer 2* and is a full Ethernet emulation layer incorporating cryptographic certificate and token based access control. It is similar (but not identical) to other Ethernet virtualization protocols like VXLAN. VL2 is conceptually separate from VL1 but for the sake of simplicity and ease of use leverages VL1's cryptographic infrastructure for its own authentication needs.
+
+## VL1 Asymmetric Cryptography: Identities, and Addressing
+
+VL1 peers are cryptographically addressed, meaning addresses are strongly bound to public keys. Cryptographic addressing is extremely convenient in peer-to-peer networks as it leverages authenticated (AEAD) encryption to implicity authenticate endpoint addresses.
+
+A ZeroTier identity is comprised of one or more cryptographic public keys and a short **ZeroTier address** derived from a hash of those keys. In addition to this short address there also exists a longer fingerprint in the form of a SHA-384 hash of identity public key(s).
+
+#### Identity Types and Corresponding Algorithms
+
+* **Type 0** (v1.x and v2.x): one Curve25519 key for elliptic curve Diffie-Hellman and one Ed25519 key for Ed25519 signatures, with the address and fingerprint computed from a hash of both.
+* **Type 1** (v2.x only): Curve25519, Ed25519, and NIST P-384 public keys, with the latter being used for signatures (the Ed25519 key is still there but is presently unused) and with *both* Curve25519 and NIST P-384 being used for elliptic curve Diffie-Hellman key agreement. In key agreement the resulting raw secret keys are hashed together using SHA-384 to combine them and yield a single session key.
+
+Session keys resulting from identity key exchange and agreement are *long-lived keys* that remain static for the lifetime of a particular pair of identities. A different mechanism is used for ephemeral key negotiation.
+
+#### ZeroTier Addresses and Identity Fingerprints
+
+In the simplest form of cryptographic addressing, keys are used directly as addresses throughout the system. Unfortunately even public key cryptosystems with short keys like Curve25519 still result in string representations that are prohibitively long for human beings to type. ZeroTier mitigates this usability problem by using a short hash of the public key termed a **ZeroTier address** to refer to a peer's full identity. This short address is also used at the wire level to reduce the size of the packet header. Peers may request full identities based on addresses from from root servers.
+
+ZeroTier addresses are very short: only 40 bits or 10 hexadecimal digits, e.g. `89e92ceee5.` This makes them convenient to type, but such a short hash would in a naive implementation introduce a significant risk that an attacker could create a duplicate identity with a different key pair but the same address. With 40 bits an intentional collision would require only an average of about 549,755,813,888 attempts for a 50% chance of colliding. If an attempt requires 0.5ms of CPU time on a typical contemporary desktop or server CPU, this would require about 3,000 CPU-days. Since this type of search is easy to parallelize, it would take only a few days for someone with access to a few thousand CPU cores.
+
+To provide this short hash with a larger security margin, an intentionally slow one-way "hashcash" or "proof of work" function is required during identity generation. This work function is slow to compute but fast to verify, and an address is not valid unless its work checks out. This gives identity address derivation the following costs:
+
+* Type 1 identities: an average of about 500ms per key pair per typical 2.4ghz CPU core, requiring around 3 million CPU-days to reach a 50% collision probability.
+* Type 2 identities: an average of about one second per key pair per typical 2.4ghz CPU core, requiring around 6.3 million CPU-days to reach a 50% collision probability.
+
+While too costly for the vast majority of attackers, this cost may not be prohibitive to a nation-state level attacker or to a criminal with significant funds and/or access to a very large "botnet." It's also possible that FPGA, GPU, or ASIC acceleration could be leveraged to decrease this time in a manner similar to what's been accomplished in the area of cryptocurrency mining.
+
+Fingerprints are full SHA-384 hashes of identity public keys. In base32-encoding they look like this:
+
+```
+bzg7fc3sn46fzyxcxw2ev4c4m2u5fyisb3o4wz5hfmvexbzwk6et3fsglkdcn6nnjobxi3bq7hgxqox3n4u4k
+```
+
+These are too large to type but not to copy/paste, store in databases, or use in scripts and APIs.
+
+Once a device has joined a network, network controllers will remember and check its full identity or identity fingerprint (depending on implementation) rather than just the device's ZeroTier address.
+
+## VL1 Wire Protocol
+
+ZeroTier's wire protocol is packet based with packets having the following format:
+
+```
+[0:8]    64-bit packet ID and cryptographic nonce
+[8:13]   40-bit destination ZeroTier address
+[13:18]  40-bit source ZeroTier address
+[18:19]  8-bit cleartext flags, cipher, and hop count (bits: FFCCCHHH)
+[19:27]  64-bit message authentication code (MAC)
+-- BEGIN ENCRYPTED SECTION --
+[27:28]  8-bit inner flags and 5-bit protocol verb (bits: FFFVVVVV)
+[28:...] Verb-specific packet payload
+```
+
+All fields (both those that remain cleartext and those that are encrypted) in a packet are authenticated except for the last three "hops" bits of the combined flags/cipher/hops field. These are masked to zero during MAC computation and verification. This is because the hops field is the only field that can be modified by third party peers in transit. It's incremented whenever a packet is forwarded by a root server or connectivity-assisting peer and is checked against a limit to prevent infinite forwarding loops.
+
+Packets can be up to 16,384 bytes in size. Since the most common transport is UDP and this transport does not reliably support fragmentation, ZeroTier implements its own packet fragmentation and re-assembly scheme using fragments with the following wire format:
+
+```
+[0:8]    64-bit packet ID of packet of which this is a fragment
+[8:13]   40-bit destination ZeroTier address
+[13:14]  0xff here indicates a fragment since addresses cannot start with this byte
+[14:15]  4-bit total fragments and 4-bit fragment number (bits: TTTTNNNN)
+[15:16]  5 reserved bits, 3-bit hop count (bits: rrrrrHHH)
+[16:...] Fragment data
+```
+
+A fragmented packet is indicated by the presence of the flag 0x40 in its cleartext flags field. If this flag is present the receiver must expect the receipt of one or more fragments in addition to the packet's header and first fragment. The total number of fragments expected is not contained in the header but will be contained within each subsequent fragment. If a fragment is received prior to its head, it's held in the event that its head arrives as the protocol does support out of order receipt of fragments.
+
+Fragmentation can be effectively ignored from a security point of view (with the exception of denial of service concerns, which are mitigated by way of limits and heuristics in the code) since packet message authentication codes are checked at the packet level. Any improperly fragmented packet will fail cryptographic MAC check and be discarded.
+
+*Legacy: In v1.x the packet ID and nonce field was assigned from a counter maintained to avoid duplicate nonce assignment and the MAC field was the first 64 bits of a Poly1305 MAC of the packet. The overall construction was identical in form to the NaCl Salsa20/Poly1305 "secret box" construction in which the first 32 bytes of Salsa20 output are used as a one-time Poly1305 key for each packet.*
+
+In v2.x the packet ID and MAC field are in reality a single split 128-bit encrypted nonce and MAC field. See AES-GMAC-SIV below.
+
+## Symmetric Encryption: AES-GMAC-SIV
+
+**This is a draft and may change based on peer review and feedback.**
+
+In v1.x there is a risk of nonce re-use due in part to the small size of the MAC and in part to the way ZeroTier is used. More specifically the risk arises when ZeroTier VMs are cloned or ZeroTier is used on small devices that have the potential to lack both accurate timekeeping and native strong random sources.
+
+Salsa20 was used in v1.x since at the time the protocol was initially designed AES acceleration was not available on most mobile phones, embedded chips, and small ARM processors such as those use on Raspberry Pi and similar devices. This is no longer the case.
+
+For v2.x our design has three objectives:
+
+- Make use of FIPS140-compliant cryptographic primitives that would be available in a FIPS140-ceritified library (e.g. a FIPS build of crypto++ or openssl libcrypto), and use them in a way that could pass FIPS/NIST/NSA review.
+- Use AES with hardware acceleration for extremely high performance processors with AES hardware acceleration, which is most non-trivial CPUs today.
+- Incorporate some form of nonce-reuse-resistance to reduce the risk of duplicate nonces when virtual machines are cloned or on small devices, and to mitigate the short MAC.
+
+The proposed AES-GMAC-SIV construction attempts to achieve all these objectives by using GMAC combined with AES-CTR (both FIPS140 primitives) in a way that achieves the security bounds and characteristics of AES-GCM-SIV but could be certified as FIPS compliant. The design is almost identical to another proposed mode called AES-GCM-SIV except that GMAC is used "as-is" for FIPS-certifiability reasons.
+
+#### AES-GMAC-SIV Session Setup
+
+For each new session key, derive two sub-keys **K0** and **K1** using a key derivation function such as KBKDF-HMAC-SHA384.
+
+#### AES-GMAC-SIV Encryption
+
+<img src="AES-GMAC-SIV.png">
+
+As with all other SIV (synthetic IV) modes of operation, encryption requires two passes. Since messages are small in our system it's very likely that the second pass would be operating on data already in CPU L0 cache, reducing the additional overhead of this two-pass requirement.
+
+1. Generate a new unique 64-bit packet ID in the same manner as v1.x.
+2. Expand this 64-bit ID to a 96-bit AES-GMAC nonce by padding the remainder with the size of the packet in bytes and the direction of communication (sender > recipient or recipient > sender). This adds a small amount of additional entropy taken from characteristics of the packet.
+3. Using session sub-key **K0** compute AES-GMAC(K0, plaintext) to yield a 128-bit GMAC tag.
+4. Take the first 64 bits of this 128-bit GMAC tag and append it to the 64-bit packet ID generated in step 1 to yield a 128-bit combined nonce+MAC field.
+5. Obtain a 128-bit AES-CTR nonce by encrypting this 128-bit combined nonce+MAC field as a single AES block using **K1**. This is done because GMAC alone is not a cryptographic PRF (pseudo-random function) and we want to ensure that we destroy any algebraic structure before using it with AES-CTR.
+6. Using the encrypted nonce+MAC field as a 128-bit nonce, encrypt the encrypted section of the packet with AES-CTR. This is also done using **K1**, meaning that the first block of CTR padding data is actually AES(K1,AES(K1,nonce+MAC)).
+7. Encrypt the 128-bit AES-CTR nonce again as a single AES block using **K0** to yield a final encrypted 128-bit combined nonce and MAC. *(Question for peer review: does this step have any attack-mitigating value? AES-CTR does not require that its nonce/IV be a secret.)*
+8. Split this final encrypted nonce+IV into two 64-bit chunks, replacing the packet ID with one and placing the other in the packet MAC field.
+
+#### AES-GMAC-SIV Decryption
+
+Unlike encryption, SIV decryption can be performed in a single pass if there is a performance benefit to doing so.
+
+1. Re-combine the packet ID and MAC fields into a single 128-bit block.
+2. Decrypt this block with AES using **K0** to yield the AES-CTR nonce.
+3. Decrypt the packet using AES-CTR with **K1**.
+4. Decrypt the 128-bit AES-CTR nonce field *again* as a single AES block using **K1** to obtain the original packet nonce and 64-bit truncated GMAC tag.
+5. Expand the 64-bit packet ID / nonce into a 96-bit GMAC nonce as in encryption step 2.
+6. Compute AES-GMAC(K0,plaintext) as in encryption step 3.
+7. Verify that the first 64 bytes of the resulting GMAC tag equals the tag (last 64 bits) obtained in decryption step 4 and discard the packet if they do not match.
+
+#### Discussion
+
+Most standard stream cipher modes such as AES-GCM or Salsa20/Poly1305 require that message nonce/IV values are never duplicated for the same session key. Since these stream modes generate key streams that are simply XORed with message plaintext, nonce duplication reveals the plaintext of both messages for which the nonce is duplicated due to the commutativity of the XOR operation. It may also allow the MAC (GMAC or Poly1305) itself to be attacked in such a way as to enable message forgery.
+
+SIV modes mitigate these attacks by making the actual cryptographic nonce used for stream encryption dependent on the content of the message. If a nonce is repeated when two messages differ, ciphertext will still be unique unless a MAC collision also occurs. The chance of this is quite small, only 1/2^64 in our system for any given pair of repeated nonce values. If a repeated nonce occurs and both messages are the same, the protocol will leak only the fact that a message was repeated. The actual plaintext and MAC are not compromised.
+
+Our AES-GMAC-SIV mode is almost identical to a proposed mode called [AES-GCM-SIV](https://cyber.biu.ac.il/aes-gcm-siv/). The proposed AES-GCM-SIV mode uses a variant of GMAC called POLYVAL with very minor performance improvements while ours retains standard GMAC for compatibility with existing standards and libraries. We call our mode AES-GMAC-SIV to distinguish it.
+
+*Question for peer review: both GMAC and AES-CTR are FIPS140 approved primitives, and the use of AES-CTR with an approved MAC is permitted. Is it actually feasible that this could be FIPS certified if it were documented in a correct and "strategic" way? It would be described as GMAC authenticated AES-CTR with the CTR IV being constructed via keyed hash (AES) from an initial plaintext IV and a "salt" taken from the MAC, or some similar description.*
+

attic/dockerbuild/Dockerfile.alpine

@@ -0,0 +1,23 @@
+FROM alpine:3.11.3
+
+ARG go_pkg_url
+
+RUN apk add --update alpine-sdk linux-headers cmake openssh curl
+
+
+RUN adduser -D -s /bin/ash jenkins && \
+    passwd -u jenkins && \
+    ssh-keygen -A && \
+    mkdir /home/jenkins/.ssh && \
+    chown -R jenkins:jenkins /home/jenkins
+
+RUN curl -s $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz
+
+COPY authorized_keys /home/jenkins/.ssh/authorized_keys
+RUN chown -R jenkins:jenkins /home/jenkins/.ssh && \
+    chmod 600 /home/jenkins/.ssh/authorized_keys
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.centos7

@@ -0,0 +1,32 @@
+FROM centos:7
+
+ARG go_pkg_url
+
+RUN yum install -y epel-release
+RUN yum install -y curl git wget openssh-server sudo make development-tools rpmdevtools clang gcc-c++ ruby ruby-devel centos-release-scl devtoolset-8 llvm-toolset-7 openssl-devel && yum clean all
+
+RUN curl -sL https://github.com/Kitware/CMake/releases/download/v3.16.3/cmake-3.16.3.tar.gz -o cmake.tar.gz && \
+    tar -xzf cmake.tar.gz && \
+    cd cmake-3.16.3 && \
+    ./bootstrap && \
+    make -j4 && \
+    make install
+
+RUN curl -s $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN wget -qO- "https://cmake.org/files/v3.15/cmake-3.15.1-Linux-x86_64.tar.gz" | tar --strip-components=1 -xz -C /usr/local
+
+RUN /usr/bin/ssh-keygen -A
+RUN useradd jenkins-build
+
+RUN echo $'\n\
+  export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin\n\
+  source scl_source enable devtoolset-8 llvm-toolset-7\n'\
+  >> ~/.bash_profile
+
+RUN mkdir /rpmbuild && chmod 777 /rpmbuild
+
+CMD ["/usr/sbin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.centos7-i386

@@ -0,0 +1,29 @@
+FROM centos:7
+
+ARG go_pkg_url
+
+RUN yum install -y curl git wget openssh-server sudo make development-tools rpmdevtools clang gcc-c++ ruby ruby-devel openssl-devel && yum clean all
+
+RUN curl -sL https://github.com/Kitware/CMake/releases/download/v3.16.3/cmake-3.16.3.tar.gz -o cmake.tar.gz && \
+    tar -xzf cmake.tar.gz && \
+    cd cmake-3.16.3 && \
+    ./bootstrap && \
+    make -j4 && \
+    make install
+
+RUN curl -s $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN /usr/bin/ssh-keygen -A
+
+RUN useradd jenkins-build
+
+RUN echo $'\n\
+  export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin\n'\
+  >> ~/.bash_profile
+
+RUN mkdir /rpmbuild && chmod 777 /rpmbuild
+
+CMD ["/usr/sbin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.centos8

@@ -0,0 +1,25 @@
+FROM centos:8
+
+ARG go_pkg_url
+
+RUN yum install -y epel-release
+RUN yum install -y curl git wget openssh-server sudo make rpmdevtools clang gcc-c++ ruby ruby-devel cmake && yum clean all
+
+RUN curl -s $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN wget -qO- "https://cmake.org/files/v3.15/cmake-3.15.1-Linux-x86_64.tar.gz" | tar --strip-components=1 -xz -C /usr/local
+
+RUN /usr/bin/ssh-keygen -A
+RUN useradd jenkins-build
+
+RUN echo $'\n\
+  export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin\n\
+  source scl_source enable devtoolset-8 llvm-toolset-7\n'\
+  >> ~/.bash_profile
+
+RUN mkdir /rpmbuild && chmod 777 /rpmbuild
+
+CMD ["/usr/sbin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.clefos-s390x

@@ -0,0 +1,26 @@
+FROM s390x/clefos:7
+
+ARG go_pkg_url
+
+RUN yum install -y curl git wget openssh-server sudo make development-tools rpmdevtools clang gcc-c++ ruby ruby-devel openssl-devel && yum clean all
+RUN curl -sL https://github.com/Kitware/CMake/releases/download/v3.16.3/cmake-3.16.3.tar.gz -o cmake.tar.gz && \
+    tar -xzf cmake.tar.gz && \
+    cd cmake-3.16.3 && \
+    ./bootstrap && \
+    make -j4 && \
+    make install
+
+RUN curl -s $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN /usr/bin/ssh-keygen -A
+
+RUN echo $'\n\
+  export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin\n'\
+  >> ~/.bash_profile
+
+RUN mkdir /rpmbuild && chmod 777 /rpmbuild
+
+CMD ["/usr/sbin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.debian-bullseye

@@ -0,0 +1,15 @@
+FROM debian:bullseye-20191224
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get upgrade -y && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd cmake
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.debian-buster

@@ -0,0 +1,15 @@
+FROM debian:buster-20191224
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd cmake
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.debian-jessie

@@ -0,0 +1,22 @@
+FROM debian:jessie-20191224
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd libssl-dev
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN curl -sL https://github.com/Kitware/CMake/releases/download/v3.16.3/cmake-3.16.3.tar.gz -o cmake.tar.gz && \
+    tar -xzf cmake.tar.gz && \
+    cd cmake-3.16.3 && \
+    ./bootstrap && \
+    make -j4 && \
+    make install
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.debian-sid

@@ -0,0 +1,15 @@
+FROM debian:sid-20191224
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get upgrade -y && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd cmake
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.debian-stretch

@@ -0,0 +1,22 @@
+FROM debian:stretch-20191224
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd  libssl-dev
+
+RUN curl -sL https://github.com/Kitware/CMake/releases/download/v3.16.3/cmake-3.16.3.tar.gz -o cmake.tar.gz && \
+    tar -xzf cmake.tar.gz && \
+    cd cmake-3.16.3 && \
+    ./bootstrap && \
+    make -j4 && \
+    make install
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.debian-wheezy

@@ -0,0 +1,23 @@
+FROM debian:wheezy-20190228
+
+ARG go_pkg_url
+
+RUN echo "deb http://archive.debian.org/debian/ wheezy contrib main non-free" > /etc/apt/sources.list && \
+    echo "deb-src http://archive.debian.org/debian/ wheezy contrib main non-free" >> /etc/apt/sources.list && \
+    apt-get update && apt-get install -y apt-utils && \
+    apt-get install -y --force-yes \
+    curl gcc make sudo expect gnupg fakeroot perl-base=5.14.2-21+deb7u3 perl \
+    libc-bin=2.13-38+deb7u10 libc6=2.13-38+deb7u10 libc6-dev build-essential \
+    cdbs devscripts equivs automake autoconf libtool libaudit-dev selinux-basics \
+    libdb5.1=5.1.29-5 libdb5.1-dev libssl1.0.0=1.0.1e-2+deb7u20 procps gawk libsigsegv2 \
+    curl ca-certificates devscripts
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.kali-rolling

@@ -0,0 +1,15 @@
+FROM kalilinux/kali-rolling:latest
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get upgrade -y && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd cmake
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.ubuntu-bionic

@@ -0,0 +1,15 @@
+FROM ubuntu:bionic-20200112
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get upgrade -y && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd cmake
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.ubuntu-eoan

@@ -0,0 +1,15 @@
+FROM ubuntu:eoan-20200114
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get upgrade -y && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd cmake
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.ubuntu-trusty

@@ -0,0 +1,22 @@
+FROM ubuntu:trusty-20191217
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get upgrade -y && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd libssl-dev
+
+RUN curl -sL https://github.com/Kitware/CMake/releases/download/v3.16.3/cmake-3.16.3.tar.gz -o cmake.tar.gz && \
+    tar -xzf cmake.tar.gz && \
+    cd cmake-3.16.3 && \
+    ./bootstrap && \
+    make -j4 && \
+    make install
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Dockerfile.ubuntu-xenial

@@ -0,0 +1,22 @@
+FROM ubuntu:xenial-20200114
+
+ARG go_pkg_url
+
+RUN apt-get update && apt-get -y install build-essential curl ca-certificates devscripts dh-systemd
+
+RUN curl -sL https://github.com/Kitware/CMake/releases/download/v3.16.3/cmake-3.16.3.tar.gz -o cmake.tar.gz && \
+    tar -xzf cmake.tar.gz && \
+    cd cmake-3.16.3 && \
+    ./bootstrap && \
+    make -j4 && \
+    make install
+
+RUN curl -s -k $go_pkg_url -o go.tar.gz && \
+    tar -C /usr/local -xzf go.tar.gz && \
+    rm go.tar.gz
+
+RUN groupadd -g 1000 jenkins-build && useradd -u 1000 -g 1000 jenkins-build
+RUN chmod 777 /home
+
+CMD ["/usr/bin/sshd", "-D"]
+

attic/dockerbuild/Makefile

@@ -0,0 +1,111 @@
+.PHONY: all
+
+all:	alpine centos clefos debian ubuntu kali-rolling
+
+alpine:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.alpine . -t ztbuild/alpine-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.alpine . -t ztbuild/alpine-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.alpine . -t ztbuild/alpine-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v6 -f Dockerfile.alpine . -t ztbuild/alpine-armel --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.alpine . -t ztbuild/alpine-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.alpine . -t ztbuild/alpine-ppc64le --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.alpine . -t ztbuild/alpine-s390x --load
+
+centos:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.centos7 . -t ztbuild/centos7-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.centos7-i386 . -t ztbuild/centos7-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.centos6 . -t ztbuild/centos6-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.centos6-i386 . -t ztbuild/centos6-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.centos8 . -t ztbuild/centos8-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.centos8 . -t ztbuild/centos8-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.centos8 . -t ztbuild/centos8-ppc64le --load
+
+clefos:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.clefos-s390x . -t ztbuild/clefos-s390x --load
+
+debian:	debian-wheezy debian-jessie debian-buster debian-stretch debian-bullseye debian-sid
+
+debian-wheezy:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.debian-wheezy . -t ztbuild/debian-wheezy-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.debian-wheezy . -t ztbuild/debian-wheezy-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v6 -f Dockerfile.debian-wheezy . -t ztbuild/debian-wheezy-armel --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.debian-wheezy . -t ztbuild/debian-wheezy-i386 --load
+
+debian-jessie:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.debian-jessie . -t ztbuild/debian-jessie-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.debian-jessie . -t ztbuild/debian-jessie-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v6 -f Dockerfile.debian-jessie . -t ztbuild/debian-jessie-armel --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.debian-jessie . -t ztbuild/debian-jessie-i386 --load
+
+debian-buster:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.debian-buster . -t ztbuild/debian-buster-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.debian-buster . -t ztbuild/debian-buster-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v6 -f Dockerfile.debian-buster . -t ztbuild/debian-buster-armel --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.debian-buster . -t ztbuild/debian-buster-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.debian-buster . -t ztbuild/debian-buster-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.debian-buster . -t ztbuild/debian-buster-ppc64le --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.debian-buster . -t ztbuild/debian-buster-s390x --load
+
+debian-stretch:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.debian-stretch . -t ztbuild/debian-stretch-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.debian-stretch . -t ztbuild/debian-stretch-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v6 -f Dockerfile.debian-stretch . -t ztbuild/debian-stretch-armel --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.debian-stretch . -t ztbuild/debian-stretch-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.debian-stretch . -t ztbuild/debian-stretch-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.debian-stretch . -t ztbuild/debian-stretch-ppc64le --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.debian-stretch . -t ztbuild/debian-stretch-s390x --load
+
+debian-bullseye:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v6 -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-armel --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-ppc64le --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.debian-bullseye . -t ztbuild/debian-bullseye-s390x --load
+
+debian-sid:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.debian-sid . -t ztbuild/debian-sid-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.debian-sid . -t ztbuild/debian-sid-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v6 -f Dockerfile.debian-sid . -t ztbuild/debian-sid-armel --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.debian-sid . -t ztbuild/debian-sid-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.debian-sid . -t ztbuild/debian-sid-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.debian-sid . -t ztbuild/debian-sid-ppc64le --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.debian-sid . -t ztbuild/debian-sid-s390x --load
+
+ubuntu: ubuntu-trusty ubuntu-xenial ubuntu-bionic ubuntu-eoan
+
+ubuntu-trusty:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.ubuntu-trusty . -t ztbuild/ubuntu-trusty-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.ubuntu-trusty . -t ztbuild/ubuntu-trusty-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.ubuntu-trusty . -t ztbuild/ubuntu-trusty-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.ubuntu-trusty . -t ztbuild/ubuntu-trusty-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.ubuntu-trusty . -t ztbuild/ubuntu-trusty-ppc64le --load
+
+ubuntu-xenial:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.ubuntu-xenial . -t ztbuild/ubuntu-xenial-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.ubuntu-xenial . -t ztbuild/ubuntu-xenial-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.ubuntu-xenial . -t ztbuild/ubuntu-xenial-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.ubuntu-xenial . -t ztbuild/ubuntu-xenial-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.ubuntu-xenial . -t ztbuild/ubuntu-xenial-ppc64le --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.ubuntu-xenial . -t ztbuild/ubuntu-xenial-s390x --load
+
+ubuntu-bionic:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.ubuntu-bionic . -t ztbuild/ubuntu-bionic-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.ubuntu-bionic . -t ztbuild/ubuntu-bionic-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.ubuntu-bionic . -t ztbuild/ubuntu-bionic-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.ubuntu-bionic . -t ztbuild/ubuntu-bionic-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.ubuntu-bionic . -t ztbuild/ubuntu-bionic-ppc64le --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.ubuntu-bionic . -t ztbuild/ubuntu-bionic-s390x --load
+
+ubuntu-eoan:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.ubuntu-eoan . -t ztbuild/ubuntu-eoan-amd64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-arm64.tar.gz" --platform linux/arm64 -f Dockerfile.ubuntu-eoan . -t ztbuild/ubuntu-eoan-arm64 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz" --platform linux/arm/v7 -f Dockerfile.ubuntu-eoan . -t ztbuild/ubuntu-eoan-armhf --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-386.tar.gz" --platform linux/386 -f Dockerfile.ubuntu-eoan . -t ztbuild/ubuntu-eoan-i386 --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-ppc64le.tar.gz" --platform linux/ppc64le -f Dockerfile.ubuntu-eoan . -t ztbuild/ubuntu-eoan-ppc64le --load
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-s390x.tar.gz" --platform linux/s390x -f Dockerfile.ubuntu-eoan . -t ztbuild/ubuntu-eoan-s390x --load
+
+kali-rolling:
+	@docker buildx build --build-arg go_pkg_url="https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz" --platform linux/amd64 -f Dockerfile.kali-rolling . -t ztbuild/kali-rolling-amd64 --load
+

attic/dockerbuild/authorized_keys

@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8hgysbj2Luu3aN/Ya2wr4Y9LpUGqWWfn3k+UhIwOIE/Kd7/YpLjxHpseUA1hLnj9kHFShH8eiqoY0S6EDIYrTUwbXMMu8454lX/LcJOCJ9RlSeMMf7vpkxcI7cVRgOA430a3FR7M0Q8vKlyJzxxAEjMIxMyuVyinknfanNt+sQFiDUvOXoacqgZAHBWMlO7wOPyHWHNOzy7g8N0dHiJveKZqX/UUwuqJuS6UBq7MBMSU6TcMvJwHr+AbNvfyIUWCqlTByqFL9cmviRbIvQanxoRxi/5fVUGhtVBXUYvbCdFxDw5W2Svo9fDMm4Z5xWAD7rY1J3AM15RVyRTTtYvgD
+

attic/java/jni/Android.mk

@@ -17,8 +17,8 @@ LOCAL_CFLAGS := -DZT_USE_MINIUPNPC
 LOCAL_SRC_FILES := \
     $(ZT1)/node/C25519.cpp \
 	$(ZT1)/node/Capability.cpp \
-	$(ZT1)/node/CertificateOfMembership.cpp \
-	$(ZT1)/node/CertificateOfOwnership.cpp \
+	$(ZT1)/node/MembershipCredential.cpp \
+	$(ZT1)/node/OwnershipCredential.cpp \
 	$(ZT1)/node/Identity.cpp \
 	$(ZT1)/node/IncomingPacket.cpp \
 	$(ZT1)/node/InetAddress.cpp \

attic/make-mac.mk

@@ -64,14 +64,14 @@ endif
 # Debug mode -- dump trace output, build binary with -g
 ifeq ($(ZT_DEBUG),1)
 	ZT_TRACE=1
-	CFLAGS+=-Wall -g $(INCLUDES) $(DEFS)
+	CFLAGS+=-Wall -g -maes -mpclmul $(INCLUDES) $(DEFS)
 	STRIP=echo
 	# The following line enables optimization for the crypto code, since
 	# C25519 in particular is almost UNUSABLE in heavy testing without it.
-node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o: CFLAGS = -Wall -O2 -g $(INCLUDES) $(DEFS)
+node/Salsa20.o node/SHA512.o node/C25519.o node/Poly1305.o node/AES.o: CFLAGS = -Wall -O2 -g -maes -mpclmul $(INCLUDES) $(DEFS)
 else
 	CFLAGS?=-Ofast -fstack-protector-strong
-	CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -mmacosx-version-min=10.7 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS)
+	CFLAGS+=$(ARCH_FLAGS) -Wall -flto -fPIE -maes -msse -msse2 -msse3 -mpclmul -mmacosx-version-min=10.9 -DNDEBUG -Wno-unused-private-field $(INCLUDES) $(DEFS)
 	STRIP=strip
 endif