From db09fcec31675f0a3d24d74d3d727f7630f667a5 Mon Sep 17 00:00:00 2001
From: Ross Kinder <ross@kndr.org>
Date: Sat, 3 Sep 2016 19:31:03 -0400
Subject: [PATCH] support and describe building static binaries

---
 Dockerfile.build        | 15 +++++++
 Dockerfile.build-static | 98 +++++++++++++++++++++++++++++++++++++++++
 README.md               | 44 +++++++++++++++++-
 cgo_dl.go               | 19 ++++++++
 cgo_static.go           | 24 ++++++++++
 decrypt.go              |  4 --
 encrypt.go              |  1 -
 xmldsig.go              |  1 -
 xmlsec.go               |  2 -
 9 files changed, 199 insertions(+), 9 deletions(-)
 create mode 100644 Dockerfile.build
 create mode 100644 Dockerfile.build-static
 create mode 100644 cgo_dl.go
 create mode 100644 cgo_static.go

diff --git a/Dockerfile.build b/Dockerfile.build
new file mode 100644
index 0000000..a57e789
--- /dev/null
+++ b/Dockerfile.build
@@ -0,0 +1,15 @@
+FROM ubuntu
+RUN apt-get update -yy && \
+	apt-get install -yy git make curl libxml2-dev libxmlsec1-dev pkg-config
+
+RUN curl -s https://storage.googleapis.com/golang/go1.7.linux-amd64.tar.gz | tar -C /usr/local -xzf -
+ENV GOPATH=/go
+ENV PATH=$PATH:/usr/local/go/bin:/go/bin
+RUN mkdir -p /go/bin
+
+ADD . /go/src/github.com/crewjam/go-xmlsec
+WORKDIR /go/src/github.com/crewjam/go-xmlsec
+RUN go get github.com/crewjam/errset
+RUN go build -o /bin/xmldsig ./examples/xmldsig.go
+RUN ldd /bin/xmldsig || true
+RUN /bin/xmldsig --help || true
diff --git a/Dockerfile.build-static b/Dockerfile.build-static
new file mode 100644
index 0000000..379544f
--- /dev/null
+++ b/Dockerfile.build-static
@@ -0,0 +1,98 @@
+FROM ubuntu
+RUN apt-get update -yy && \
+	apt-get install -yy git make curl pkg-config
+
+RUN curl -s https://storage.googleapis.com/golang/go1.7.linux-amd64.tar.gz | tar -C /usr/local -xzf -
+ENV GOPATH=/go
+ENV PATH=$PATH:/usr/local/go/bin:/go/bin
+RUN mkdir -p /go/bin
+
+RUN curl -sL ftp://xmlsoft.org/libxml2/libxml2-2.9.4.tar.gz | tar -xzf - && \
+  cd /libxml2-2.9.4 && \
+  ./configure \
+    --enable-static \
+    --disable-shared \
+    --without-gnu-ld \
+    --with-c14n \
+    --without-catalog \
+    --without-debug \
+    --without-docbook \
+    --without-fexceptions \
+    --without-ftp \
+    --without-history \
+    --without-html \
+    --without-http \
+    --without-iconv	\
+    --without-icu \
+    --without-iso8859x \
+    --without-legacy \
+    --without-mem-debug \
+    --without-minimum \
+    --with-output \
+    --without-pattern \
+    --with-push \
+    --without-python	\
+    --without-reader \
+    --without-readline \
+    --without-regexps \
+    --without-run-debug \
+    --with-sax1 \
+    --without-schemas \
+    --without-schematron \
+    --without-threads \
+    --without-thread-alloc \
+    --with-tree \
+    --without-valid \
+    --without-writer \
+    --without-xinclude \
+    --without-xpath \
+    --with-xptr \
+    --without-modules \
+    --without-zlib \
+    --without-lzma \
+    --without-coverage && \
+    make install
+
+RUN \
+  curl -sL ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz | tar -xzf - && \
+  cd openssl-1.0.2h && \
+  ./config \
+    no-shared \
+    no-weak-ssl-ciphers \
+    no-ssl2 \
+    no-ssl3 \
+    no-comp \
+    no-idea \
+    no-dtls \
+    no-hw \
+    no-threads \
+    no-dso && \
+  make depend install
+
+RUN curl -sL http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.22.tar.gz | tar -xzf - && \
+	cd xmlsec1-1.2.22 && \
+	./configure \
+		--enable-static \
+		--disable-shared \
+		--disable-crypto-dl \
+		--disable-apps-crypto-dl \
+		--enable-static-linking \
+		--without-gnu-ld \
+		--with-default-crypto=openssl \
+		--with-openssl=/usr/local/ssl \
+		--with-libxml=/usr/local \
+		--without-nss \
+		--without-nspr \
+		--without-gcrypt \
+		--without-gnutls \
+		--without-libxslt && \
+	make -C src install && \
+	make -C include install && \
+	make install-pkgconfigDATA
+
+ADD . /go/src/github.com/crewjam/go-xmlsec
+WORKDIR /go/src/github.com/crewjam/go-xmlsec
+RUN go get github.com/crewjam/errset
+RUN go build -tags static -ldflags '-s -extldflags "-static"' -o /bin/xmldsig ./examples/xmldsig.go
+RUN ldd /bin/xmldsig || true
+RUN /bin/xmldsig --help || true
diff --git a/README.md b/README.md
index febee6c..aa50989 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ As seems to be the case for many things in the XMLish world, the xmldsig and xml
 
 This package uses cgo to wrap libxmlsec. As such, you'll need libxmlsec headers and a C compiler to make it work. On linux, this might look like:
 
-    $ apt-get install libxml2-dev libxmlsec1-dev
+    $ apt-get install libxml2-dev libxmlsec1-dev pkg-config
     $ go get github.com/crewjam/go-xmlsec
 
 On Mac with homebrew, this might look like:
@@ -50,4 +50,46 @@ On Mac with homebrew, this might look like:
     $ brew install libxmlsec1 libxml2 pkg-config
     $ go get github.com/crewjam/go-xmlsec
 
+# Static Linking
+
+It may annoy you to grow a depenency on the shared libraries for libxmlsec, libxml2, etc. After some fighting, here is what I made work on Linux to get
+a static binary. See also `Dockerfile.build-static` which build the example
+program using this method.
+
+## Compile libxml
+
+```
+curl -sL ftp://xmlsoft.org/libxml2/libxml2-2.9.4.tar.gz | tar -xzf -
+cd /libxml2-2.9.4
+./configure --enable-static --disable-shared --without-gnu-ld --with-c14n --without-catalog --without-debug --without-docbook  --without-fexceptions  --without-ftp --without-history --without-html --without-http --without-iconv --without-icu --without-iso8859x --without-legacy --without-mem-debug --without-minimum --with-output --without-pattern --with-push --without-python --without-reader --without-readline --without-regexps --without-run-debug --with-sax1 --without-schemas --without-schematron --without-threads --without-thread-alloc --with-tree --without-valid --without-writer --without-xinclude --without-xpath --with-xptr --without-modules --without-zlib --without-lzma --without-coverage
+make install
+```
+
+## Compile openssl
+
+```
+curl -sL ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz | tar -xzf -
+cd openssl-1.0.2h
+./config no-shared no-weak-ssl-ciphers no-ssl2 no-ssl3 no-comp no-idea no-dtls no-hw no-threads no-dso
+make install
+```
+
+## Compile libxmlsec
+
+```
+curl -sL http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.22.tar.gz | tar -xzf -
+./configure --enable-static --disable-shared --disable-crypto-dl --disable-apps-crypto-dl --enable-static-linking --without-gnu-ld       --with-default-crypto=openssl --with-openssl=/usr/local/ssl --with-libxml=/usr/local --without-nss --without-nspr --without-gcrypt --without-gnutls --without-libxslt
+make -C src install
+make -C include install
+make install-pkgconfigDATA
+```
+
+## Build with static tag
+
+```
+go build -tags static -ldflags '-s -extldflags "-static"' -o /bin/xmldsig-static.bin ./examples/xmldsig.go
+```
+
+Running `ldd` on the output should produce `not a dynamic executable`.
+
 
diff --git a/cgo_dl.go b/cgo_dl.go
new file mode 100644
index 0000000..8051d8d
--- /dev/null
+++ b/cgo_dl.go
@@ -0,0 +1,19 @@
+package xmlsec
+
+// +build !static
+
+// #cgo linux CFLAGS: -w
+// #cgo darwin CFLAGS: -Wno-invalid-pp-token -Wno-header-guard
+// #cgo pkg-config: xmlsec1
+// #include <xmlsec/xmlsec.h>
+// #include <xmlsec/xmltree.h>
+// #include <xmlsec/xmlenc.h>
+// #include <xmlsec/templates.h>
+// #include <xmlsec/crypto.h>
+import "C"
+
+// #cgo pkg-config: libxml-2.0
+// #include <libxml/parser.h>
+// #include <libxml/parserInternals.h>
+// #include <libxml/xmlmemory.h>
+import "C"
diff --git a/cgo_static.go b/cgo_static.go
new file mode 100644
index 0000000..fc5aa46
--- /dev/null
+++ b/cgo_static.go
@@ -0,0 +1,24 @@
+package xmlsec
+
+// +build static
+
+// #cgo linux CFLAGS: -w
+// #cgo darwin CFLAGS: -Wno-invalid-pp-token -Wno-header-guard
+// #cgo pkg-config: --static xmlsec1
+// #include <xmlsec/xmlsec.h>
+// #include <xmlsec/xmltree.h>
+// #include <xmlsec/xmlenc.h>
+// #include <xmlsec/templates.h>
+// #include <xmlsec/crypto.h>
+import "C"
+
+// #cgo pkg-config: --static libxml-2.0
+// #include <libxml/parser.h>
+// #include <libxml/parserInternals.h>
+// #include <libxml/xmlmemory.h>
+// #include <xmlsec/xmlsec.h>
+// #include <xmlsec/xmltree.h>
+// #include <xmlsec/xmlenc.h>
+// #include <xmlsec/templates.h>
+// #include <xmlsec/crypto.h>
+import "C"
diff --git a/decrypt.go b/decrypt.go
index 2b0e11d..1590232 100644
--- a/decrypt.go
+++ b/decrypt.go
@@ -5,9 +5,6 @@ import (
 	"unsafe"
 )
 
-// #cgo linux CFLAGS: -w
-// #cgo darwin CFLAGS: -Wno-invalid-pp-token -Wno-header-guard
-// #cgo pkg-config: xmlsec1
 // #include <xmlsec/xmlsec.h>
 // #include <xmlsec/xmltree.h>
 // #include <xmlsec/xmlenc.h>
@@ -15,7 +12,6 @@ import (
 // #include <xmlsec/crypto.h>
 import "C"
 
-// #cgo pkg-config: libxml-2.0
 // #include <libxml/parser.h>
 // #include <libxml/parserInternals.h>
 // #include <libxml/xmlmemory.h>
diff --git a/encrypt.go b/encrypt.go
index bf73c81..ce1cf61 100644
--- a/encrypt.go
+++ b/encrypt.go
@@ -1,6 +1,5 @@
 package xmlsec
 
-// #cgo pkg-config: xmlsec1
 // #include <xmlsec/xmlsec.h>
 // #include <xmlsec/xmltree.h>
 // #include <xmlsec/xmlenc.h>
diff --git a/xmldsig.go b/xmldsig.go
index d593e27..0371da4 100644
--- a/xmldsig.go
+++ b/xmldsig.go
@@ -5,7 +5,6 @@ import (
 	"unsafe"
 )
 
-// #cgo pkg-config: xmlsec1
 // #include <xmlsec/xmlsec.h>
 // #include <xmlsec/xmltree.h>
 // #include <xmlsec/xmlenc.h>
diff --git a/xmlsec.go b/xmlsec.go
index f35c337..da695c9 100644
--- a/xmlsec.go
+++ b/xmlsec.go
@@ -6,7 +6,6 @@ import "unsafe"
 //   brew install libxmlsec1 libxml2
 //   brew link libxml2 --force
 
-// #cgo pkg-config: xmlsec1
 // #include <xmlsec/xmlsec.h>
 // #include <xmlsec/xmltree.h>
 // #include <xmlsec/xmlenc.h>
@@ -15,7 +14,6 @@ import "unsafe"
 // #include <xmlsec/crypto.h>
 import "C"
 
-// #cgo pkg-config: libxml-2.0
 // #include <libxml/parser.h>
 // #include <libxml/parserInternals.h>
 // #include <libxml/xmlmemory.h>