2019-04-18 13:44:12 +00:00
|
|
|
# Use Ubuntu 18.04 LTS as our base image.
|
|
|
|
FROM ubuntu:18.04
|
2016-04-16 14:00:12 +00:00
|
|
|
|
2016-11-25 12:45:10 +00:00
|
|
|
# The Rust toolchain to use when building our image. Set by `hooks/build`.
|
|
|
|
ARG TOOLCHAIN=stable
|
|
|
|
|
2021-01-04 19:24:29 +00:00
|
|
|
# The OpenSSL version to use. Here is the place to check for new releases:
|
2020-06-05 13:22:59 +00:00
|
|
|
#
|
|
|
|
# - https://www.openssl.org/source/
|
2020-04-23 16:43:04 +00:00
|
|
|
#
|
|
|
|
# ALSO UPDATE hooks/build!
|
2021-01-04 19:24:29 +00:00
|
|
|
ARG OPENSSL_VERSION=1.1.1i
|
2020-04-23 16:43:04 +00:00
|
|
|
|
|
|
|
# Versions for other dependencies. Here are the places to check for new
|
|
|
|
# releases:
|
|
|
|
#
|
|
|
|
# - https://github.com/rust-lang/mdBook/releases
|
2020-06-05 13:22:59 +00:00
|
|
|
# - https://github.com/EmbarkStudios/cargo-about/releases
|
2020-04-23 16:43:04 +00:00
|
|
|
# - https://github.com/EmbarkStudios/cargo-deny/releases
|
|
|
|
# - http://zlib.net/
|
|
|
|
# - https://ftp.postgresql.org/pub/source/
|
2021-01-04 19:24:29 +00:00
|
|
|
#
|
|
|
|
# We're stuck on PostgreSQL 11 until we figure out
|
|
|
|
# https://github.com/emk/rust-musl-builder/issues.
|
|
|
|
ARG MDBOOK_VERSION=0.4.4
|
|
|
|
ARG CARGO_ABOUT_VERSION=0.2.3
|
|
|
|
ARG CARGO_DENY_VERSION=0.8.5
|
2020-04-23 16:43:04 +00:00
|
|
|
ARG ZLIB_VERSION=1.2.11
|
2020-08-27 16:32:12 +00:00
|
|
|
ARG POSTGRESQL_VERSION=11.9
|
2019-04-27 12:51:12 +00:00
|
|
|
|
2020-09-06 15:48:56 +00:00
|
|
|
# Make sure we have basic dev tools for building C libraries. Our goal here is
|
|
|
|
# to support the musl-libc builds and Cargo builds needed for a large selection
|
|
|
|
# of the most popular crates.
|
2016-04-16 14:00:12 +00:00
|
|
|
#
|
2020-09-06 15:48:56 +00:00
|
|
|
# We also set up a `rust` user by default. This user has sudo privileges if you
|
|
|
|
# need to install any more software.
|
2018-04-25 10:52:32 +00:00
|
|
|
#
|
|
|
|
# `mdbook` is the standard Rust tool for making searchable HTML manuals.
|
2016-04-16 14:00:12 +00:00
|
|
|
RUN apt-get update && \
|
2021-01-04 19:24:29 +00:00
|
|
|
export DEBIAN_FRONTEND=noninteractive && \
|
|
|
|
apt-get install -yq \
|
2016-04-17 11:41:55 +00:00
|
|
|
build-essential \
|
|
|
|
cmake \
|
|
|
|
curl \
|
|
|
|
file \
|
|
|
|
git \
|
2020-03-28 20:21:52 +00:00
|
|
|
graphviz \
|
2017-10-24 12:40:12 +00:00
|
|
|
musl-dev \
|
2016-11-19 13:50:23 +00:00
|
|
|
musl-tools \
|
2017-10-24 12:40:12 +00:00
|
|
|
libpq-dev \
|
2017-12-16 21:11:06 +00:00
|
|
|
libsqlite-dev \
|
2017-10-24 12:40:12 +00:00
|
|
|
libssl-dev \
|
2019-04-28 01:32:09 +00:00
|
|
|
linux-libc-dev \
|
2017-10-24 12:40:12 +00:00
|
|
|
pkgconf \
|
2016-04-17 11:41:55 +00:00
|
|
|
sudo \
|
|
|
|
xutils-dev \
|
|
|
|
&& \
|
2016-04-16 14:00:12 +00:00
|
|
|
apt-get clean && rm -rf /var/lib/apt/lists/* && \
|
2018-04-25 10:52:32 +00:00
|
|
|
useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
|
2020-04-10 13:23:08 +00:00
|
|
|
curl -fLO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
|
2020-03-28 20:21:52 +00:00
|
|
|
tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
|
2018-04-25 10:52:32 +00:00
|
|
|
mv mdbook /usr/local/bin/ && \
|
2020-03-28 20:21:52 +00:00
|
|
|
rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
|
2020-06-02 10:19:36 +00:00
|
|
|
curl -fLO https://github.com/EmbarkStudios/cargo-about/releases/download/$CARGO_ABOUT_VERSION/cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
|
|
|
tar xf cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
|
|
|
mv cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl/cargo-about /usr/local/bin/ && \
|
|
|
|
rm -rf cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl.tar.gz cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl && \
|
2020-04-23 16:43:04 +00:00
|
|
|
curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$CARGO_DENY_VERSION/cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
|
|
|
tar xf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
|
|
|
mv cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \
|
2020-09-03 20:18:59 +00:00
|
|
|
rm -rf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz
|
2016-04-17 11:41:55 +00:00
|
|
|
|
2018-10-13 19:03:53 +00:00
|
|
|
# Static linking for C++ code
|
2020-09-06 15:48:56 +00:00
|
|
|
RUN ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
|
2018-02-28 11:59:21 +00:00
|
|
|
|
2019-04-28 01:32:09 +00:00
|
|
|
# Build a static library version of OpenSSL using musl-libc. This is needed by
|
|
|
|
# the popular Rust `hyper` crate.
|
|
|
|
#
|
|
|
|
# We point /usr/local/musl/include/linux at some Linux kernel headers (not
|
|
|
|
# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine"
|
|
|
|
# component. It's possible that this will cause bizarre and terrible things to
|
|
|
|
# happen. There may be "sanitized" header
|
2017-09-26 13:26:46 +00:00
|
|
|
RUN echo "Building OpenSSL" && \
|
2019-04-28 01:32:09 +00:00
|
|
|
ls /usr/include/linux && \
|
2020-09-06 15:48:56 +00:00
|
|
|
mkdir -p /usr/local/musl/include && \
|
|
|
|
ln -s /usr/include/linux /usr/local/musl/include/linux && \
|
|
|
|
ln -s /usr/include/x86_64-linux-gnu/asm /usr/local/musl/include/asm && \
|
|
|
|
ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic && \
|
2018-02-23 10:00:01 +00:00
|
|
|
cd /tmp && \
|
2020-04-10 13:23:08 +00:00
|
|
|
short_version="$(echo "$OPENSSL_VERSION" | sed s'/[a-z]$//' )" && \
|
|
|
|
curl -fLO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" || \
|
|
|
|
curl -fLO "https://www.openssl.org/source/old/$short_version/openssl-$OPENSSL_VERSION.tar.gz" && \
|
|
|
|
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
|
2019-04-27 21:53:16 +00:00
|
|
|
env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
|
2016-04-17 11:41:55 +00:00
|
|
|
env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
|
2019-04-28 01:32:09 +00:00
|
|
|
env C_INCLUDE_PATH=/usr/local/musl/include/ make && \
|
2020-09-06 15:48:56 +00:00
|
|
|
make install && \
|
|
|
|
rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic && \
|
2019-04-18 13:44:12 +00:00
|
|
|
rm -r /tmp/*
|
|
|
|
|
|
|
|
RUN echo "Building zlib" && \
|
2018-02-23 10:00:01 +00:00
|
|
|
cd /tmp && \
|
2020-04-10 13:23:08 +00:00
|
|
|
curl -fLO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
|
2018-02-23 10:00:01 +00:00
|
|
|
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
|
2017-09-26 13:26:46 +00:00
|
|
|
CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
|
2020-09-06 15:48:56 +00:00
|
|
|
make && make install && \
|
2019-04-18 13:44:12 +00:00
|
|
|
rm -r /tmp/*
|
|
|
|
|
|
|
|
RUN echo "Building libpq" && \
|
2018-02-23 10:00:01 +00:00
|
|
|
cd /tmp && \
|
2020-04-10 13:23:08 +00:00
|
|
|
curl -fLO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
|
2018-02-23 10:00:01 +00:00
|
|
|
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
|
2017-09-26 13:26:46 +00:00
|
|
|
CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
|
2020-09-06 15:48:56 +00:00
|
|
|
cd src/interfaces/libpq && make all-static-lib && make install-lib-static && \
|
|
|
|
cd ../../bin/pg_config && make && make install && \
|
2018-02-23 10:00:01 +00:00
|
|
|
rm -r /tmp/*
|
2017-09-26 13:26:46 +00:00
|
|
|
|
2020-09-06 15:48:56 +00:00
|
|
|
# (Please feel free to submit pull requests for musl-libc builds of other C
|
|
|
|
# libraries needed by the most popular and common Rust crates, to avoid
|
|
|
|
# everybody needing to build them manually.)
|
|
|
|
|
|
|
|
# Install a `git credentials` helper for using GH_USER and GH_TOKEN to access
|
|
|
|
# private repositories if desired. We make sure this is configured for root,
|
|
|
|
# here, and for the `rust` user below.
|
|
|
|
ADD git-credential-ghtoken /usr/local/bin/ghtoken
|
|
|
|
RUN git config --global credential.https://github.com.helper ghtoken
|
|
|
|
|
|
|
|
# Set up our path with all our binary directories, including those for the
|
|
|
|
# musl-gcc toolchain and for our Rust toolchain.
|
|
|
|
#
|
|
|
|
# We use the instructions at https://github.com/rust-lang/rustup/issues/2383
|
|
|
|
# to install the rustup toolchain as root.
|
|
|
|
ENV RUSTUP_HOME=/opt/rust/rustup \
|
|
|
|
PATH=/home/rust/.cargo/bin:/opt/rust/cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
|
|
|
|
# Install our Rust toolchain and the `musl` target. We patch the
|
|
|
|
# command-line we pass to the installer so that it won't attempt to
|
|
|
|
# interact with the user or fool around with TTYs. We also set the default
|
|
|
|
# `--target` to musl so that our users don't need to keep overriding it
|
|
|
|
# manually.
|
|
|
|
RUN curl https://sh.rustup.rs -sSf | \
|
|
|
|
env CARGO_HOME=/opt/rust/cargo \
|
|
|
|
sh -s -- -y --default-toolchain $TOOLCHAIN --profile minimal --no-modify-path && \
|
|
|
|
env CARGO_HOME=/opt/rust/cargo \
|
|
|
|
rustup component add rustfmt && \
|
|
|
|
env CARGO_HOME=/opt/rust/cargo \
|
|
|
|
rustup component add clippy && \
|
|
|
|
env CARGO_HOME=/opt/rust/cargo \
|
|
|
|
rustup target add x86_64-unknown-linux-musl
|
|
|
|
ADD cargo-config.toml /opt/rust/cargo/config
|
|
|
|
|
|
|
|
# Set up our environment variables so that we cross-compile using musl-libc by
|
|
|
|
# default.
|
2020-09-03 20:18:59 +00:00
|
|
|
ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/musl/ \
|
|
|
|
X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 \
|
2017-10-24 12:40:12 +00:00
|
|
|
PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \
|
|
|
|
PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \
|
|
|
|
PKG_CONFIG_ALLOW_CROSS=true \
|
2018-03-19 18:43:43 +00:00
|
|
|
PKG_CONFIG_ALL_STATIC=true \
|
|
|
|
LIBZ_SYS_STATIC=1 \
|
|
|
|
TARGET=musl
|
2016-04-16 14:00:12 +00:00
|
|
|
|
2018-07-25 11:08:58 +00:00
|
|
|
# Install some useful Rust tools from source. This will use the static linking
|
|
|
|
# toolchain, but that should be OK.
|
2020-01-15 14:23:39 +00:00
|
|
|
#
|
|
|
|
# We include cargo-audit for compatibility with earlier versions of this image,
|
2020-09-06 15:48:56 +00:00
|
|
|
# but cargo-deny provides a superset of cargo-audit's features.
|
|
|
|
RUN env CARGO_HOME=/opt/rust/cargo cargo install -f cargo-audit && \
|
|
|
|
env CARGO_HOME=/opt/rust/cargo cargo install -f cargo-deb && \
|
|
|
|
env CARGO_HOME=/opt/rust/cargo cargo install -f mdbook-graphviz && \
|
|
|
|
rm -rf /opt/rust/cargo/registry/
|
|
|
|
|
|
|
|
# Allow sudo without a password.
|
|
|
|
ADD sudoers /etc/sudoers.d/nopasswd
|
|
|
|
|
|
|
|
# Run all further code as user `rust`, create our working directories, install
|
|
|
|
# our config file, and set up our credential helper.
|
|
|
|
#
|
|
|
|
# You should be able to switch back to `USER root` from another `Dockerfile`
|
|
|
|
# using this image if you need to do so.
|
|
|
|
USER rust
|
|
|
|
RUN mkdir -p /home/rust/libs /home/rust/src /home/rust/.cargo && \
|
|
|
|
ln -s /opt/rust/cargo/config /home/rust/.cargo/config && \
|
|
|
|
git config --global credential.https://github.com.helper ghtoken
|
2018-07-25 11:08:58 +00:00
|
|
|
|
2016-04-17 11:41:55 +00:00
|
|
|
# Expect our source code to live in /home/rust/src. We'll run the build as
|
2016-04-16 14:00:12 +00:00
|
|
|
# user `rust`, which will be uid 1000, gid 1000 outside the container.
|
|
|
|
WORKDIR /home/rust/src
|