rust-musl-builder/Dockerfile

189 lines
8.6 KiB
Docker
Raw Normal View History

# Use Ubuntu 18.04 LTS as our base image.
FROM ubuntu:18.04
# The Rust toolchain to use when building our image. Set by `hooks/build`.
ARG TOOLCHAIN=stable
# The OpenSSL version to use. Here is the place to check for new releases:
2020-06-05 13:22:59 +00:00
#
# - https://www.openssl.org/source/
#
# ALSO UPDATE hooks/build!
ARG OPENSSL_VERSION=1.1.1i
# Versions for other dependencies. Here are the places to check for new
# releases:
#
# - https://github.com/rust-lang/mdBook/releases
2020-06-05 13:22:59 +00:00
# - https://github.com/EmbarkStudios/cargo-about/releases
# - https://github.com/EmbarkStudios/cargo-deny/releases
# - http://zlib.net/
# - https://ftp.postgresql.org/pub/source/
#
# We're stuck on PostgreSQL 11 until we figure out
# https://github.com/emk/rust-musl-builder/issues.
ARG MDBOOK_VERSION=0.4.4
ARG CARGO_ABOUT_VERSION=0.2.3
ARG CARGO_DENY_VERSION=0.8.5
ARG ZLIB_VERSION=1.2.11
2020-08-27 16:32:12 +00:00
ARG POSTGRESQL_VERSION=11.9
# Make sure we have basic dev tools for building C libraries. Our goal here is
# to support the musl-libc builds and Cargo builds needed for a large selection
# of the most popular crates.
#
# We also set up a `rust` user by default. This user has sudo privileges if you
# need to install any more software.
#
# `mdbook` is the standard Rust tool for making searchable HTML manuals.
RUN apt-get update && \
export DEBIAN_FRONTEND=noninteractive && \
apt-get install -yq \
build-essential \
cmake \
curl \
file \
git \
graphviz \
musl-dev \
2016-11-19 13:50:23 +00:00
musl-tools \
libpq-dev \
libsqlite-dev \
libssl-dev \
linux-libc-dev \
pkgconf \
sudo \
xutils-dev \
&& \
apt-get clean && rm -rf /var/lib/apt/lists/* && \
useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
curl -fLO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
mv mdbook /usr/local/bin/ && \
rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
curl -fLO https://github.com/EmbarkStudios/cargo-about/releases/download/$CARGO_ABOUT_VERSION/cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl.tar.gz && \
tar xf cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl.tar.gz && \
mv cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl/cargo-about /usr/local/bin/ && \
rm -rf cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl.tar.gz cargo-about-$CARGO_ABOUT_VERSION-x86_64-unknown-linux-musl && \
curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$CARGO_DENY_VERSION/cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
tar xf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
mv cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \
rm -rf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz
2018-10-13 19:03:53 +00:00
# Static linking for C++ code
RUN ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
# Build a static library version of OpenSSL using musl-libc. This is needed by
# the popular Rust `hyper` crate.
#
# We point /usr/local/musl/include/linux at some Linux kernel headers (not
# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine"
# component. It's possible that this will cause bizarre and terrible things to
# happen. There may be "sanitized" header
2017-09-26 13:26:46 +00:00
RUN echo "Building OpenSSL" && \
ls /usr/include/linux && \
mkdir -p /usr/local/musl/include && \
ln -s /usr/include/linux /usr/local/musl/include/linux && \
ln -s /usr/include/x86_64-linux-gnu/asm /usr/local/musl/include/asm && \
ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic && \
cd /tmp && \
short_version="$(echo "$OPENSSL_VERSION" | sed s'/[a-z]$//' )" && \
curl -fLO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" || \
curl -fLO "https://www.openssl.org/source/old/$short_version/openssl-$OPENSSL_VERSION.tar.gz" && \
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
env C_INCLUDE_PATH=/usr/local/musl/include/ make && \
make install && \
rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic && \
rm -r /tmp/*
RUN echo "Building zlib" && \
cd /tmp && \
curl -fLO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
2017-09-26 13:26:46 +00:00
CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
make && make install && \
rm -r /tmp/*
RUN echo "Building libpq" && \
cd /tmp && \
curl -fLO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
2017-09-26 13:26:46 +00:00
CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
cd src/interfaces/libpq && make all-static-lib && make install-lib-static && \
cd ../../bin/pg_config && make && make install && \
rm -r /tmp/*
2017-09-26 13:26:46 +00:00
# (Please feel free to submit pull requests for musl-libc builds of other C
# libraries needed by the most popular and common Rust crates, to avoid
# everybody needing to build them manually.)
# Install a `git credentials` helper for using GH_USER and GH_TOKEN to access
# private repositories if desired. We make sure this is configured for root,
# here, and for the `rust` user below.
ADD git-credential-ghtoken /usr/local/bin/ghtoken
RUN git config --global credential.https://github.com.helper ghtoken
# Set up our path with all our binary directories, including those for the
# musl-gcc toolchain and for our Rust toolchain.
#
# We use the instructions at https://github.com/rust-lang/rustup/issues/2383
# to install the rustup toolchain as root.
ENV RUSTUP_HOME=/opt/rust/rustup \
PATH=/home/rust/.cargo/bin:/opt/rust/cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Install our Rust toolchain and the `musl` target. We patch the
# command-line we pass to the installer so that it won't attempt to
# interact with the user or fool around with TTYs. We also set the default
# `--target` to musl so that our users don't need to keep overriding it
# manually.
RUN curl https://sh.rustup.rs -sSf | \
env CARGO_HOME=/opt/rust/cargo \
sh -s -- -y --default-toolchain $TOOLCHAIN --profile minimal --no-modify-path && \
env CARGO_HOME=/opt/rust/cargo \
rustup component add rustfmt && \
env CARGO_HOME=/opt/rust/cargo \
rustup component add clippy && \
env CARGO_HOME=/opt/rust/cargo \
rustup target add x86_64-unknown-linux-musl
ADD cargo-config.toml /opt/rust/cargo/config
# Set up our environment variables so that we cross-compile using musl-libc by
# default.
ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/musl/ \
X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 \
PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \
PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \
PKG_CONFIG_ALLOW_CROSS=true \
PKG_CONFIG_ALL_STATIC=true \
LIBZ_SYS_STATIC=1 \
TARGET=musl
2018-07-25 11:08:58 +00:00
# Install some useful Rust tools from source. This will use the static linking
# toolchain, but that should be OK.
2020-01-15 14:23:39 +00:00
#
# We include cargo-audit for compatibility with earlier versions of this image,
# but cargo-deny provides a superset of cargo-audit's features.
RUN env CARGO_HOME=/opt/rust/cargo cargo install -f cargo-audit && \
env CARGO_HOME=/opt/rust/cargo cargo install -f cargo-deb && \
env CARGO_HOME=/opt/rust/cargo cargo install -f mdbook-graphviz && \
rm -rf /opt/rust/cargo/registry/
# Allow sudo without a password.
ADD sudoers /etc/sudoers.d/nopasswd
# Run all further code as user `rust`, create our working directories, install
# our config file, and set up our credential helper.
#
# You should be able to switch back to `USER root` from another `Dockerfile`
# using this image if you need to do so.
USER rust
RUN mkdir -p /home/rust/libs /home/rust/src /home/rust/.cargo && \
ln -s /opt/rust/cargo/config /home/rust/.cargo/config && \
git config --global credential.https://github.com.helper ghtoken
2018-07-25 11:08:58 +00:00
# Expect our source code to live in /home/rust/src. We'll run the build as
# user `rust`, which will be uid 1000, gid 1000 outside the container.
WORKDIR /home/rust/src