Merge branch 'main' into supported-protos

Author: garmr-ulfr

.github/workflows/release.yaml

@@ -0,0 +1,38 @@
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write
+  id-token: "write"
+
+jobs:
+  release:
+    runs-on:
+      group: large-runners
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Mandatory to use the extract version from tag
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: "go.mod"
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: getlantern
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser-pro
+          version: "~> 2"
+          args: release --clean --verbose
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          FURY_TOKEN: ${{ secrets.FURY_TOKEN }}

.gitignore

@@ -0,0 +1,2 @@
+/data/
+/dist/

.goreleaser.yaml

@@ -0,0 +1,87 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema-pro.json
+version: 2
+project_name: sing-box-extensions
+metadata:
+  maintainers:
+    - "Lantern Team <[email protected]>"
+  description: Sing Box Extensions
+  homepage: "https://github.com/getlantern/sing-box-extensions"
+  license: "GPL"
+
+builds:
+  - main: ./cmd/sing-box-extensions
+    flags:
+      - -v
+      - -trimpath
+    goos:
+      - linux
+    goarch:
+      - amd64
+    env:
+      - CGO_ENABLED=1
+    ldflags:
+      - -X github.com/sagernet/sing-box/constant.Version={{ .Version }} -s -w -buildid=
+    tags:
+      - with_gvisor
+      - with_quic
+      - with_dhcp
+      - with_wireguard
+      - with_ech
+      - with_utls
+      - with_reality_server
+      - with_clash_api
+
+    binary: sing-box-extensions
+
+archives:
+  - formats: ["tar.gz"]
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+      - "^chore:"
+
+release:
+  replace_existing_artifacts: true
+
+nfpms:
+  - package_name: "sing-box-extensions"
+    formats:
+      - deb
+      - rpm
+    section: "default"
+    maintainer: "Lantern Team <[email protected]>"
+    description: |
+      Sing Box Extensions
+    vendor: "Brave New Software"
+    homepage: "https://github.com/getlantern/sing-box-extensions"
+    license: "GPL"
+    contents:
+      - src: cmd/sing-box-extensions/release/sing-box-extensions.service
+        dst: /usr/lib/systemd/system/sing-box-extensions.service
+      - src: cmd/sing-box-extensions/release/[email protected]
+        dst: /usr/lib/systemd/system/[email protected]
+
+furies:
+  - account: getlantern
+    formats:
+      - deb
+      - rpm
+
+
+dockers:
+  - image_templates:
+      - "getlantern/sing-box-extensions:latest"
+      - "getlantern/sing-box-extensions:{{ .Tag }}"
+
+dockerhub:
+  - images:
+      - getlantern/sing-box-extensions
+    username: getlantern
+    secret_name: DOCKER_PASSWORD
+    full_description:
+      from_file:
+        path: ./README.md

Dockerfile

@@ -0,0 +1,9 @@
+FROM alpine:edge
+
+# Set the timezone and install CA certificates
+RUN apk --no-cache add ca-certificates tzdata nftables
+
+COPY sing-box-extensions /sing-box-extensions
+
+# Set the entrypoint command
+ENTRYPOINT ["/sing-box-extensions", "-d", "/data", "-c", "/config.json", "run"]

cmd/sing-box-extensions/cmd_check.go

@@ -0,0 +1,26 @@
+package main
+
+import "fmt"
+
+type CheckCmd struct {
+}
+
+func check(configFile string) error {
+	instance, cancel, err := prepare(configFile)
+
+	if err == nil {
+		_ = instance.Close()
+	}
+	cancel()
+	return err
+}
+
+func (c *CheckCmd) Run() error {
+	err := check(args.ConfigFile)
+	if err == nil {
+		fmt.Println("Configuration is valid")
+	} else {
+		return err
+	}
+	return nil
+}

cmd/sing-box-extensions/cmd_run.go

@@ -0,0 +1,116 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	C "github.com/sagernet/sing-box/constant"
+	"github.com/sagernet/sing-box/experimental/libbox"
+	"github.com/sagernet/sing-box/log"
+	E "github.com/sagernet/sing/common/exceptions"
+	"os"
+	"os/signal"
+	"path/filepath"
+	runtimeDebug "runtime/debug"
+	"syscall"
+	"time"
+)
+
+type RunCmd struct {
+}
+
+func prepare(configFile string) (*libbox.BoxService, context.CancelFunc, error) {
+	ctx, cancel := context.WithCancel(newBaseContext())
+
+	var config string
+
+	if data, err := os.ReadFile(configFile); err != nil {
+		return nil, cancel, fmt.Errorf("reading config file: %w", err)
+	} else {
+		config = string(data)
+	}
+	if err := libbox.Setup(&libbox.SetupOptions{
+		BasePath:    args.DataDir,
+		WorkingPath: filepath.Join(args.DataDir, "data"),
+		TempPath:    filepath.Join(args.DataDir, "temp"),
+	}); err != nil {
+		return nil, cancel, fmt.Errorf("setup libbox: %w", err)
+	}
+
+	instance, err := libbox.NewServiceWithContext(ctx, config, nil)
+	return instance, cancel, err
+}
+
+func create(config string) (*libbox.BoxService, context.CancelFunc, error) {
+	instance, cancel, err := prepare(config)
+	if err != nil {
+		cancel()
+		return nil, nil, fmt.Errorf("setup libbox: %w", err)
+	}
+
+	osSignals := make(chan os.Signal, 1)
+	signal.Notify(osSignals, os.Interrupt, syscall.SIGTERM, syscall.SIGHUP)
+	defer func() {
+		signal.Stop(osSignals)
+		close(osSignals)
+	}()
+	startCtx, finishStart := context.WithCancel(context.Background())
+	go func() {
+		_, loaded := <-osSignals
+		if loaded {
+			cancel()
+			closeMonitor(startCtx)
+		}
+	}()
+	err = instance.Start()
+	finishStart()
+	if err != nil {
+		cancel()
+		return nil, nil, E.Cause(err, "start service")
+	}
+	return instance, cancel, nil
+}
+
+func closeMonitor(ctx context.Context) {
+	time.Sleep(C.FatalStopTimeout)
+	select {
+	case <-ctx.Done():
+		return
+	default:
+	}
+	log.Fatal("sing-box did not close!")
+}
+
+func (c *RunCmd) Run() error {
+	osSignals := make(chan os.Signal, 1)
+	signal.Notify(osSignals, os.Interrupt, syscall.SIGTERM, syscall.SIGHUP)
+	defer signal.Stop(osSignals)
+	for {
+		instance, cancel, err := create(args.ConfigFile)
+		if err != nil {
+			return err
+		}
+		runtimeDebug.FreeOSMemory()
+		for {
+			osSignal := <-osSignals
+			if osSignal == syscall.SIGHUP {
+				err = check(args.ConfigFile)
+				if err != nil {
+					log.Error(E.Cause(err, "reload service"))
+					continue
+				}
+			}
+			cancel()
+			closeCtx, closed := context.WithCancel(context.Background())
+			go closeMonitor(closeCtx)
+			err = instance.Close()
+			closed()
+			if osSignal != syscall.SIGHUP {
+				if err != nil {
+					log.Error(E.Cause(err, "sing-box did not closed properly"))
+				}
+				return nil
+			}
+			break
+		}
+	}
+}

cmd/sing-box-extensions/main.go

@@ -0,0 +1,53 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/alexflint/go-arg"
+	box "github.com/sagernet/sing-box"
+
+	"github.com/getlantern/sing-box-extensions/protocol"
+)
+
+var args struct {
+	DataDir    string `arg:"-d,--data-dir" help:"data directory" default:"./data"`
+	ConfigFile string `arg:"-c,--config" help:"Path to JSON config file" default:"./config.json"`
+
+	Run   *RunCmd   `arg:"subcommand:run" help:"start the server"`
+	Check *CheckCmd `arg:"subcommand:check" help:"validate initial configuration"`
+}
+
+func newBaseContext() context.Context {
+	// Retrieve protocol registries
+	inboundRegistry, outboundRegistry, endpointRegistry := protocol.GetRegistries()
+	return box.Context(
+		context.Background(),
+		inboundRegistry,
+		outboundRegistry,
+		endpointRegistry,
+	)
+}
+
+func main() {
+	var err error
+	p := arg.MustParse(&args)
+	switch {
+	case args.Run != nil:
+		err = args.Run.Run()
+	case args.Check != nil:
+		err = args.Check.Run()
+	default:
+		p.WriteHelp(os.Stderr)
+	}
+	if err != nil {
+		if errors.Is(err, arg.ErrHelp) {
+			_ = p.WriteHelpForSubcommand(os.Stderr, p.SubcommandNames()...)
+		} else {
+			_, _ = fmt.Fprintln(os.Stderr, err)
+		}
+		os.Exit(1)
+	}
+}

cmd/sing-box-extensions/release/sing-box-extensions.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=sing-box-extensions service
+After=network.target nss-lookup.target network-online.target
+
+[Service]
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+ExecStart=/usr/bin/sing-box-extensions -d /var/lib/sing-box-extensions -c /etc/sing-box-extensions/config.json run
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10s
+LimitNOFILE=infinity
+
+[Install]
+WantedBy=multi-user.target

cmd/sing-box-extensions/release/[email protected]

@@ -0,0 +1,15 @@
+[Unit]
+Description=sing-box-extensions service
+After=network.target nss-lookup.target network-online.target
+
+[Service]
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH
+ExecStart=/usr/bin/sing-box-extensions -d /var/lib/sing-box-extensions-%i -c /etc/sing-box-extensions/%i.json run
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10s
+LimitNOFILE=infinity
+
+[Install]
+WantedBy=multi-user.target

go.mod

@@ -13,6 +13,7 @@ replace github.com/tetratelabs/wazero => github.com/refraction-networking/wazero
 require (
 	github.com/Jigsaw-Code/outline-sdk v0.0.19
 	github.com/Jigsaw-Code/outline-sdk/x v0.0.2
+	github.com/alexflint/go-arg v1.4.3
 	github.com/getlantern/algeneva v0.0.0-20250307163401-1824e7b54f52
 	github.com/getlantern/lantern-water v0.0.0-20250331153903-07abebe611e8
 	github.com/gobwas/ws v1.4.0
@@ -33,6 +34,7 @@ require (
 	github.com/ajg/form v1.5.1 // indirect
 	github.com/ajwerner/btree v0.0.0-20211221152037-f427b3e689c0 // indirect
 	github.com/alecthomas/atomic v0.1.0-alpha2 // indirect
+	github.com/alexflint/go-scalar v1.1.0 // indirect
 	github.com/anacrolix/chansync v0.3.0 // indirect
 	github.com/anacrolix/dht/v2 v2.19.2-0.20221121215055-066ad8494444 // indirect
 	github.com/anacrolix/envpprof v1.3.0 // indirect