statically build in openssl instead of mbedtls

.github/cpack-matrix.yml

@@ -1,12 +1,12 @@
 cpack_matrix:
   arch:
-    - cmake: ci-linux-x64  # selects cmake preset
+    - cmake: ci-linux-x64-static-libssl  # selects cmake preset
       rpm: x86_64          # yum $basearch
       deb: amd64           # dpkg --print-architecture
-    - cmake: ci-linux-arm
+    - cmake: ci-linux-arm-static-libssl
       rpm: armhfp
       deb: armhf
-    - cmake: ci-linux-arm64
+    - cmake: ci-linux-arm64-static-libssl
       rpm: aarch64
       deb: arm64
   distro:
@@ -46,22 +46,22 @@ cpack_matrix:
         name: ubuntu
         release_name: xenial
       arch:
-        cmake: ci-linux-arm
+        cmake: ci-linux-arm-static-libssl
     - distro:
         name: ubuntu
         release_name: xenial
       arch:
-        cmake: ci-linux-arm64
+        cmake: ci-linux-arm64-static-libssl
     - distro:
         name: ubuntu
         release_name: bionic
       arch:
-        cmake: ci-linux-arm
+        cmake: ci-linux-arm-static-libssl
     - distro:
         name: redhat
       arch:
-        cmake: ci-linux-arm
+        cmake: ci-linux-arm-static-libssl
     - distro:
         name: redhat
       arch:
-        cmake: ci-linux-arm64
+        cmake: ci-linux-arm64-static-libssl

BUILD.md

@@ -143,29 +143,61 @@ the number of jobs to use, which should ideally be specified to the number of
 threads your CPU has. You may also want to add that to your preset using the
 `jobs` property, see the [presets documentation][1] for more details.
 
-[1]: https://cmake.org/cmake/help/latest/manual/cmake-presets.7.html
-[2]: https://cmake.org/download/
+## Cross-compile with Docker
 
-## Docker Crossbuilder Image
+You can cross-compile the distribution-specific Linux package or the generic binary with Docker. Both approaches use an
+x86 (x86_64, amd64) container image to build the artifacts for arm64 and arm architectures.
 
-The CI job which also runs the included `ziti-builder.sh` builds the `ziti-edge-tunnel` binary inside a Docker
-container. The script will run the necessary container image if needed. The container image has the tools to
-cross-compile for target architectures arm, arm64. This script works for Linux, macOS, and WSL2 on Windows. Arm
-architecture hosts will experience slower build times due to emulation of this x86_64 container image.
+### Build the Linux Package with Docker
 
-Without any arguments, the `ziti-builder.sh` script will build the `bundle` target with the `ci-linux-x64` (amd64)
-preset, placing the resulting ZIP archive in `./build/bundle`.
+The Debian and RedHat packages are built in GitHub for the release repositories. The Debian package may be
+cross-compiled for arm64 or arm with [a few exceptions](.github/cpack-matrix.yml). Cross-compiling the RPM is not yet
+supported.
+
+1. build the x64 package builder image
+1. run the x64 builder image to build the package for the target architecture
+
+The `ziti-edge-tunnel` binary is also built for the target architecture and included in the package with appropriate
+parameters for the target distribution.
+
+#### Build the Package Builder Image
+
+Build the x64 package builder image for Ubuntu Bionic 18.04. There are builder images for several Ubuntu and RedHat
+vintages that will work with a wide variety of Debian and RPM family distros.
 
 ```bash
-./ziti-builder.sh
+cd ./.github/actions/openziti-tunnel-build-action/ubuntu-18.04/
+docker buildx build --platform linux/amd64 --tag bionic-builder . --load 
 ```
 
-To build for a specific target architecture, use the `-p` argument to specify the vcpkg preset.
+#### Run the Package Builder Container
+
+Cross-build the Debian package for arm64 in the x64 builder container. The `ci-linux-arm64` in this example is an
+architecture-specific CMake [preset][1].
 
 ```bash
-./ziti-builder.sh -p ci-linux-arm64
+docker run \
+  --rm \
+  --volume "${PWD}:/github/workspace" \
+  --workdir "/github/workspace" \
+  bionic-builder \
+    ci-linux-arm64
 ```
 
+### Build the Binary with Docker
+
+All of the Ziti projects that leverage Ziti's C-SDK are built with a shared builder image: `openziti/ziti-builder`. This
+project provides a wrapper script for cross-building the generic `ziti-edge-tunnel` binary using this builder image.
+
+Without any arguments, the `ziti-builder.sh` script will build the `bundle` target with the `ci-linux-x64` (amd64)
+preset, placing the resulting ZIP archive in `./build/bundle/`, and the bare executable in
+`./build/programs/ziti-edge-tunnel/Release/`.
+
+Build the generic binary for arm64 with the `ci-linux-arm64` preset.
+
 ```bash
-./cmake help
+./scripts/ziti-builder.sh -p ci-linux-arm64
 ```
+
+[1]: https://cmake.org/cmake/help/latest/manual/cmake-presets.7.html
+[2]: https://cmake.org/download/

CMakePresets.json

@@ -120,7 +120,7 @@
       "hidden": true,
       "cacheVariables": {
         "CMAKE_BUILD_TYPE": "Release",
-        "TLSUV_TLSLIB": "mbedtls"
+        "TLSUV_TLSLIB": "openssl"
       }
     },
     {
@@ -184,15 +184,24 @@
     },
     {
       "name": "ci-linux-x64-static-libssl",
-      "inherits": [ "ci-linux-static-libssl", "ci-linux-x64" ]
+      "inherits": [
+        "ci-linux-static-libssl",
+        "ci-linux-x64"
+      ]
     },
     {
       "name": "ci-linux-arm64-static-libssl",
-      "inherits": [ "ci-linux-static-libssl", "ci-linux-arm64" ]
+      "inherits": [
+        "ci-linux-static-libssl",
+        "ci-linux-arm64"
+      ]
     },
     {
       "name": "ci-linux-arm-static-libssl",
-      "inherits": [ "ci-linux-static-libssl", "ci-linux-arm" ]
+      "inherits": [
+        "ci-linux-static-libssl",
+        "ci-linux-arm"
+      ]
     },
     {
       "name": "ci-windows-x64",

scripts/switchtls-build.bash

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+BASENAME="$(basename "${0}")"
+BASEDIR="$(cd "$(dirname "${0}")" && pwd)"  # full path to scripts dir
+
+if ! (( $# )) || [[ $* =~ -h|(--)?help ]]; then
+    echo -e "\nUsage: ${BASENAME} [openssl|mbedtls] [x64|arm64|arm]"\
+            "\n\nConfigures build preset for OpenSSL or Mbed-TLS and"\
+            "\nbuilds the binary if ARCH is specified\n"
+    exit 0
+fi
+
+set -euo pipefail;
+
+function switch_tls(){
+    local old=$1;
+    local new=$2;
+    # munge the preset to use openssl
+    TMPFILE=$(mktemp);
+    jq --arg old $old --arg new $new '.dependencies |= map(if . == $old then $new else . end)' ./vcpkg.json > "$TMPFILE";
+    mv "$TMPFILE" ./vcpkg.json;
+
+    jq --arg old $old --arg new $new \
+    '.configurePresets |= map(
+        if .cacheVariables.TLSUV_TLSLIB == $old then
+            .cacheVariables.TLSUV_TLSLIB |= $new
+        else
+            .
+        end
+    )
+    ' ./CMakePresets.json > "$TMPFILE";
+    mv "$TMPFILE" ./CMakePresets.json;
+}
+
+TLSLIB=${1:-}
+TARGETARCH=${2:-}
+
+if [[ $TLSLIB == "mbedtls" ]]; then
+    switch_tls "openssl" "mbedtls"
+    PRESET="ci-linux-${TARGETARCH}"
+elif [[ $TLSLIB == "openssl" ]]; then
+    switch_tls "mbedtls" "openssl"
+    PRESET="ci-linux-${TARGETARCH}-static-libssl"
+else
+    echo "Unknown TLS library: $TLSLIB"
+    exit 1
+fi
+
+if [[ -z $TARGETARCH ]]; then
+    echo "No architecture specified, only switching TLS library in vcpkg.json and CMakePresets.json"
+    exit 0
+elif [[ $TARGETARCH =~ ^(x64|arm(64))$ ]]; then
+    "$BASEDIR/ziti-builder.sh" -p "$PRESET"
+else
+    echo "ERROR: Unknown architecture preset: $PRESET"
+fi

vcpkg.json

@@ -7,7 +7,7 @@
     "llhttp",
     "libsodium",
     "getopt",
-    "mbedtls"
+    "openssl"
   ],
   "features": {
     "test": {